acm-header
Sign In

Communications of the ACM

Spyware

Introduction


Anyone who has ever dealt with spyware knows the irritation of lost bandwidth, the frustration of commandeered machine processor cycles, the innumerable pop-up ads and spam trails that result from an infestation. It is indeed a threat to computer security, and yet the sort of maladaptive software application spyware represents is supported by just the sort of wink-and-a-nod online barter economy that seems to nourish the emerging business functions of the Internet worldwide. You "pay for free" by sacrificing (knowingly or not) some personal information or some loss of personal privacy in exchange for great "free" features in software functionality that you can download without paying for or as a "piggybacked" part of some other free applications you might wish to use.


Remote monitoring and ad-serving software is just the latest demonstration of how the commercial costs of Internet development are covered in clever and disingenuous marketing arrangements designed to entice users with "free" software functionality.


Who cares that your P2P free desktop application includes a snoopy resource monitor or key logger? So what about all those pop-up ads? You're getting music for free! Right?

Wrong. There is no free lunch, and free software is just as illusory. Everything costs something, and it is just a matter of how each person pays their share. Remote monitoring and ad-serving software is just the latest demonstration of how the commercial costs of Internet development are covered in clever and disingenuous marketing arrangements designed to entice users with "free" software functionality.

This is the spyware threat that is difficult to understand. Users are more than a little apathetic about the threat spyware represents to their personal privacy and data security, as I've noticed in my work with online service providers. Legitimate licensed remote monitoring applications can also operate just like spyware, stealing machine cycles and telecommunications resources to "report home," such as the case with Kodak digital camera software and its update agent provided by "BackWeb" (www.backweb.com/index.cfm). Such applications are benign, but hog computer resources in noticeable ways (www.iamnotageek.com/a/359-p1.php). These are legitimate applications, part of commercial software packages installed by users, but the intrusive nature of remote monitoring agents in support of software updating might well teach users to tolerate intrusive and resource-hungry applications that monitor their computer usage. Indeed, our very own automatic update agents could be teaching us to tolerate spyware.

Monitoring applications that are as necessary to safe computing serve much the same purpose, I think. We are trained as users to accept remote monitoring, updating, even modification of our computers, by outside agents. Perhaps this makes illegitimate remote monitoring spyware seem almost a natural component of computing. This is what my research leads me to believe, and this is an issue that users must be made aware of as less and less privacy is afforded in the online experience, going forward.

This special section of Communications presents the thinking and investigations of informed scholars and leaders in the industry about spyware perceptions, effects, and causes, along with some of the latest methods for cleaning up after and protecting ourselves against it. Steve Gibson, the man who originally coined the term "spyware," opens the section with an insightful essay that argues spyware was an inevitable consequence of the worldwide connectivity the Internet offers us. His remarks are followed by a commentary from the most frequently appearing expert witness before the U.S. Congress, Roger Thompson, the director of malicious content research at Computer Associates. A rich assortment of research reports and essays rounds out the section.

It is certain you will have a better informed, more accurate perception of the spyware threat as an outcome of reading this collection of articles. I look forward to hearing your thoughts and experiences on the matter.

Back to Top

Author

Thomas F. Stafford (tstaffor@memphis.edu) is an assistant professor of MIS in the Fogelman College of Business and Economics at the University of Memphis, TN.


©2005 ACM  0001-0782/05/0800  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2005 ACM, Inc.


 

No entries found