WASHINGTON, D.C., April 20, 2004 — At a day-long Federal Trade Commission workshop Monday to increase understanding about deceptive software, Microsoft and other industry leaders detailed for U.S. regulators how they are working to reduce the threat of so-called “spyware.”
These new and ongoing efforts to increase consumer education, develop anti-spyware technology and codify industry best-practices are more effective first responses than legislation to thwart the distributors of deceptive software, industry leaders said. In particular, Microsoft officials pointed to a new informational Website created by the company, and enhancements in the Microsoft Windows XP operating system that are designed to provide people better control of their PCs.
“The industry is pulling together to address the problem of deceptive software,” Brian Arbogast, corporate vice president of the Identity, Mobile and Partner Services Group within Microsoft’s MSN and Personal Services Division, said after the workshop. “The non-legislative solutions discussed today will provide people the tools and knowledge they need to better control their PCs and help create solid defenses against deceptive software.”
The U.S. Federal Trade Commission convened the informational workshop Monday in Washington, D.C. in reaction to growing concern among the public, as well as state and federal lawmakers, about the effects of deceptive software. The commission will use the information gathered this week to help shape consumer education and other efforts.
Often found in popular shareware software or downloaded via unsolicited junk e-mail, deceptive software has been circulating on the Internet for years. But deceptive software has become more prevalent and pernicious in recent months, said industry leaders and consumer advocates who took part in the informational workshop.
Industry leaders described how spyware can change browser and homepage settings, foul up computing and network resources, and allow others to capture information typed into a PC without the owner’s permission. Some of the most pernicious varieties can prompt computers to surreptitiously dial toll calls, racking up massive telephone bills for computer owners.
Arbogast said deceptive software causes more than 50 percent of Windows operating systems failures reported to Microsoft, though rarely do people realize the cause of their problem. Microsoft collects the data electronically from the PCs of users of Windows who agree to share data about their system problems.
Microsoft’s largest computer-manufacturing partners have told the company that spyware and other deceptive software is one of the top support issues they currently face, resulting in millions of dollars per year in support costs.
Representatives for Internet service providers (ISPs) said many of their customers are similarly unaware that deceptive software is often the cause of slow online connections or malfunctioning browsers. This software is draining the profits of ISPs, they said, because the problems it creates often take much longer than other issues to fix. Some subscribers are even questioning the value of high-speed Internet lines, over which this deceptive software is more easily conveyed, ISP representatives said.
Lawmakers Seek Legislative Solutions to Deceptive Software
The FTC issued a consumer warning last year about deceptive software, but lawmakers in three states and in the U.S. Senate want to take firmer action. Utah has already adopted a law regulating spyware and other malicious programs. Lawmakers in California and Iowa are considering doing the same.
In February, U.S. Sens. Conrad Burns, R-Mont.; Ron Wyden, D-Ore., and Barbara Boxer, D-Calif., introduced legislation that would prohibit installing software on another person’s computer without permission. The Software Principles Yielding Better Levels of Consumer Knowledge (SPYBLOCK) Act, which had its first hearing March 23, would also ban information collection, advertising, distributed computing or settings-modification features without permission.
Arbogast and other industry leaders said they are committed to working with lawmakers to stop the distribution of deceptive software. But some noted that the new and proposed laws wouldn’t affect many of the most pernicious distributors of deceptive software because they are located outside the United States.
Like many Internet-age technology threats, deceptive software is still not fully understood or defined. However well-intentioned, hastily passed legislation could create unnecessary and damaging regulation of non-invasive software applications that enhance the computer user’s experience, such as online search technologies that tailor results based on a user’s previous searches or security software that claims to protect computers, industry leaders said.
“What keeps me up at night is totally rigid legislation that might get in the way of perfectly useful Internet services,” said Andrew McLaughlin, senior policy counsel for Google.
“A legislative response is probably the worst first response,” said J. Trevor Hughes, executive director of the Network Advertising Initiative.
Civil liberties advocates such as the non-profit Center for Democracy and Technology also are reluctant to enact new laws. They support the increased enforcement of current laws, which they say are sufficient to prosecute the distributors of the most egregious spyware and other malicious programs.
Broad Solutions Include New Software Tools
Technology leaders described how ISPs, software publishers and others within the industry are developing technologies designed to thwart deceptive software. Microsoft’s MSN and other online service providers have added software to their online services that help guard against deceptive software. MSN Premium, Microsoft’s premier all-in-one online service, includes Virus Guard by McAfee Security, which detects and removes deceptive software.
Jeffrey Friedberg, director of the Windows Privacy Group at Microsoft, described how the company plans to include new features in Service Pack 2 of Windows XP designed to help thwart deceptive software, including:
A new Internet Explorer pop-up blocker to reduce unwanted ads, which sometimes include deceptive offers or instructions that trick people into downloading deceptive software.
A new Internet Explorer info-bar that suppresses unsolicited software downloads, a common vehicle used by deceptive-software distributors.
Redesigned download experience that makes it easier for consumers to identify and decline suspicious software downloads.
A new interface for viewing and controlling Internet Explorer ActiveX and “browser helper” add-on programs. Intended for expert users and computer support professionals, the interface allows unwanted add-ons to be disabled.
“These enhancements help put you in control,” Friedberg said after the workshop.
The service pack, which is planned for release by mid-year, is one indication of how Microsoft is investing in the development of technologies that help people avoid and control deceptive software.
Education, Collaboration Equally Important
Consumer education and collaboration among technology companies also shouldn’t be underestimated as tools in the fight against deceptive software, industry leaders said.
“There are lots of things we can do at the software level to make it harder for people to trip,” Arbogast said. But people are going to need to download programs from the Internet. “They need (to be able) to make a call whether they want to trust (a Web site or e-mail) when they download software.”
Microsoft recently launched a Web site that provides information on how to avoid deceptive software. Located at www.microsoft.com/spyware/ , the site also offers links to independent software vendors (ISVs) that provide tools to remove or disable unwanted software.
Arbogast and others said technology companies also need to work together to develop best practices to allow people to differentiate reputable online organizations and businesses from less reputable ones.
Friedberg said online best practices would be a “natural progression” back toward the code of ethics that used to shape actions on the Internet. “But as the doors opened up, so did the economic incentive to take advantage of people,” he said.
“I look forward to working on best practices with industry and other stakeholders,” Friedberg said. “This is definitely on the right track.”