Q&A: Taking Action to Stem Spyware and Other Unwanted Software

REDMOND, Wash., Jan. 6, 2005 — Microsoft has responded to customer concerns around deceptive and malicious software by announcing two new efforts in the companys ongoing focus on Trustworthy Computing generally, and security and privacy in particular. The beta version of Microsoft Windows AntiSpyware, a new solution designed to help protect Windows users from spyware and other potentially unwanted software, is now available as a free download, and the Microsoft Windows Malicious Software Removal Tool, which will help rid PCs of prevalent worms and viruses, will be made available as part of Microsofts monthly update cycle beginning on January 11th.

Of these two vexing issues, spyware is generally the more unfamiliar because it has emerged relatively recently. To understand the nature of spyware and help explain why its a growing industry concern, PressPass sought out Ari Schwartz , associate director of the Center for Democracy and Technology (CDT) in Washington, D.C. And to shed light on what Microsofts doing to tackle the spyware issue, PressPass turned to Mike Nash , corporate vice president of the Security Business and Technology Unit at Microsoft.

PressPass: Ari, can you explain what spyware is and what it does?

Schwartz: Its difficult to provide a simple definition because spyware means different things to different people. At the Center for Democracy and Technology, weve come up with a three-part definition. Spyware is:

  • Software that consumers dont want and is installed without their consent

  • Software that does something consumers dont want it to do, for example, tracking their Web browsing without their consent

  • Downloaded consumer applications that are purposely designed so that they are difficult for consumers to remove [for more detail, see http://www.cdt.org/privacy/spyware/20040419cswg.pdf ].

The most common type of spyware we see is advertising software, or “adware,” that is put on consumers computers without their consent. Adware often comes with other software programs that consumers download, but some adware takes over your PC and pops up ads constantly, even when the program it came with isnt running. Another type of spyware thats becoming more common is a program that changes the results of a search and purposely sends you to the wrong place. Recently weve also seen an upsurge in malicious spyware, such as keystroke loggers. These programs can be scary and dangerous because they take your personal information, including your passwords. That raises concerns about privacy and identify theft.

PressPass: Identity theft is clearly dangerous, but what is it about the less obviously malicious forms of spyware that bothers people?

Schwartz: People worry about their movements being tracked, and they dont like the idea of something that they didnt want in the first place running on their computer. Spyware is the virtual equivalent of someone coming into your home uninvited and setting up shop there. People get upset by that idea.

PressPass: Whats the scope of the spyware problem? Is it becoming as pervasive as, say, spam?

Schwartz: Its a major problem that affects a lot of people who dont even know that its happening to them, and its growing quickly. Spam has been growing quickly, too, but in some ways spyware is more of a concern because it actually runs on your computer.

PressPass: Mike, does Microsoft also think the spyware problem is widespread?

Mike Nash, Corporate Vice President, Security Business & Technology Unit, Microsoft.

Nash: Yes, and industry-analyst reports confirm what Ari said. As recently as November, IDC estimated that 67 percent of consumers PCs are infected with some form of spyware. Other industry observers suggest that the number may be even higher. Our own data also underscore the widespread nature of the spyware problem. We believe that spyware is directly responsible for more than a third of the application crashes on Windows XP reported to Microsoft. In short, we see plenty of evidence that customers are being negatively affected and they have made it clear that they consider spyware and other deceptive software a major concern in their environments; theyre looking to Microsoft to help.

PressPass: Ari, in your mind, what can be done about spyware?

Schwartz: Action is needed in several areas. In terms of legislation, in the United States most spyware already violates existing consumer protection laws, computer-fraud laws or privacy laws. The trouble is, the cases are really hard to document, and we feel that some of the laws are weak. Theres been a move to increase the penalties for spyware, and weve joined a lot of companies and other consumer groups in supporting that. Some anti-spyware legislation moved on Capitol Hill last year, and were likely to see it introduced again in the next few weeks. In any event, more work needs to be done to try to follow the bad guys and help law enforcement do its job, both in the civil and criminal sense. We also see a need for industry self-regulation. If software companies can make the process of downloading and using software more transparent and less confusing for their customers, they will limit a point of entry that spyware purveyors commonly exploit. Then, on a more practical level, anti-spyware technology has become a necessity for people online. Were pleased to see that ISPs are promoting it, and that its getting built into anti-virus programs.

PressPass: Mike, how is Microsoft addressing the spyware issue from a technology standpoint?

Nash: Our acquisition of GIANT Companys anti-spyware technology in December has allowed us to provide customers with a near-term solution that helps them keep spyware off their computers and at the same time helps safeguard their privacy. Customers can use the beta spyware solution that we released today to help protect themselves from spyware, respond quickly to new threats, and gain better visibility and control of all the programs running on their PC. One reason we chose to acquire GIANTs solution is the SpyNet(TM) Anti-Spyware Community, which lets users play a key role in helping to find and report spyware on an ongoing basis. The beta version of Windows AntiSpyware is available to users of Microsoft Windows 2000, Windows XP and Windows Server 2003 at http://www.microsoft.com/spyware . We encourage customers to install it on their machines as soon as possible and get involved with the SpyNet community.

PressPass: Do you see this solution as a foundation for Microsofts long-term anti-spyware approach?

Nash: One pillar of Microsofts security strategy is focused on isolation and resiliency – in other words, isolating malicious software from being able to do damage, and making systems more resilient so they are able to identify and stop suspicious or bad behavior in its tracks. As part of that effort, Microsoft is committed to working on technology advancements to minimize or mitigate the impact of spyware. Weve made great progress there with Windows XP Service Pack 2 (SP2). If you consider the advanced security technologies that we made available in SP2, that work was about helping people identify ActiveX controls installing on their machines, helping customers control whats happening on their browsers, locking down the points at which where malicious software can be installed on their machines, and so forth. In many ways, the Windows AntiSpyware solution is an extension of that work weve already started. Today, the security enhancements in Windows XP SP2, coupled with the capabilities of the anti-spyware technology acquired from GIANT, provide our customers with sound protection. However, as Ari alluded to, beyond technology innovation, combating spyware will involve continued consumer guidance and engagement, industry collaboration, and cooperation with legislators and law enforcement.

PressPass: Can you explain how Microsofts solution provides spyware protection?

Nash: The spyware removal engine uses a constantly updated database of thousands of signatures – definitions of known potential threats – to automatically scan a computers memory, files and registry for spyware and other potentially unwanted software. Besides detecting and removing known threats, Windows AntiSpyware also provides always-on protection to actively prevent spyware from being installed on a PC. Windows XP SP 2 already provides protection against two common ways that a lot of spyware installs itself. The new pop-up blocker in Internet Explorer helps thwart installation by means of pop-up ads, and the Internet Explorer Information Bar helps suppress unsolicited downloads. Windows AntiSpyware helps provide protection against a number of other vectors that spyware can use to infiltrate a system. For example, it includes real-time protection agents that constantly monitor more than 50 security checkpoints for changes made by spyware and other unwanted software. If known spyware is detected at these checkpoints, the user will get a warning. If an unknown program is detected at a checkpoint, intelligent alerts ask the user to determine whether to let the program continue.

To keep the solution current, were particularly excited about SpyNet, a large community of anti-spyware solution users who voluntarily participate in helping to fight spyware by identifying suspicious or potentially unwanted software on their machines. Our customers can choose to automatically report any unknown or suspicious software that they discover to the SpyNet community. If that software is found to be spyware, Microsoft can quickly turn around signatures that can then be added to the constant stream of updates. That means that everyone who uses Windows AntiSpyware, and who chooses to participate in the SpyNet community, can help make the solution more robust and more current, so we all benefit.

PressPass: Ari mentioned earlier that combating spyware will take more than just new anti-spyware technologies. Does Microsoft agree with that assessment?

Nash: We strongly agree, and we have repeatedly said that there is no “silver-bullet” solution to the spyware problem or to any security issue. At Microsoft, were tackling the issue with a comprehensive approach that includes technology innovation, consumer guidance and engagement, industry collaboration and cooperation with legislators and law enforcement. And as threats evolve, our efforts to address those threats will need to continue to evolve, too, to stay ahead of the bad guys.

PressPass: Whats Microsoft doing in the area of consumer guidance and engagement?

Nash: Our customers tell us theyre often confused by deceptive ads or alerts that result in downloading spyware, and that theyre often unaware of spyware that comes with the free programs they download. Were addressing this concern by providing trusted resources for customers to learn about spyware and how to deal with it. These resources are posted at our www.microsoft.com/spyware website. Were also hosting newsgroups in which we call on the security expertise of our MVPs (Most Valuable Professionals) to provide assistance to the online community relative to spyware issues, and these can be found at our website as well.

PressPass: Whats Microsoft doing in terms of industry collaboration?

Nash: We share best practices with other industry players, and were working to create common ways of identifying and addressing spyware issues. For example, were committed to taking our learnings from SpyNet, work with the industry to define spyware appropriately and reach common understandings of its nature. Were also actively engaged with industry groups like the Center for Democracy and Technology and its Consumer Software Working Group to help focus regulatory and enforcement efforts on deceptive practices. And we work closely with OEMs, ISVs and ISPs to identify issues of concern and solutions regarding spyware and other unwanted software.

PressPass: Have you seen any sort of government reaction to Microsofts anti-spyware efforts to date?

Nash: Several weeks ago, shortly after we announced our acquisition of GIANT Company Software and our plans to provide spyware protection, U.S. Representative Ed Towns (D-NY) issued a statement in strong support of our actions. U.S. Rep. Jay Inslee (D-WA) also issued a release applauding our efforts. Both officials have taken an active stance against spyware and said they will work toward passage of strong anti-spyware legislation in the next Congress. We look forward to working with them in that regard.

PressPass: What should consumers do to protect themselves against the threat of spyware and other deceptive software?

Nash: Along with installing an anti-spyware solution, we strongly recommend that users follow three simple steps:

  • One, use an Internet firewall on all PCs

  • Two, regularly install the latest security updates on all PCs

  • Three, use up-to-date anti-virus software

To really root out spyware, we also advise users to run system scans on a regular basis, either manually or on an automatic schedule. Finally, joining the SpyNet AntiSpyware community to report new instances of spyware will potentially help everyone using the Windows Anti-Spyware solution.

PressPass: Ari, any tips on what consumers can do to minimize the risk of spyware programs being installed on their PCs?

Schwartz: You should start by installing an anti-spyware program and make sure its scanning regularly. When you download programs from the Internet, always read what comes with them. Often, spyware programs sneak onto your computer when youre clicking “Yes” to something but you dont realize what youre clicking “Yes” to. Be careful whenever you see confusing prompt boxes. If the company hasnt done an adequate job explaining what youre downloading, maybe you should hold off, because you could be wrecking your computer down the road. Be especially careful with programs that have a reputation for being problematic. For example, we see this spyware issue a lot with gaming programs offered by disreputable vendors. Its common on some adult sites as well. Also, recently weve seen a lot more spyware purveyors trying to tie in to legitimate sites by setting up shop at Web addresses where people commonly misspell the URL. For example, www.eminem.com is a legitimate Web site, but www.emninem.com until recently pointed people to a fake site that purported to give them an anti-spyware program but actually gave them spyware.

Related Posts