United States
Web App Attacks: Sneaking in the Front Door
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

You call it spyware, I call it lieware ...

Early in September, I posted about security consultant Dave Piscitello's admirable new anti-spyware page. Dave has taken the time not only to round up resources that help us all understand, identify, and remove spyware; he has also installed, sniffed, and inspected a lot of anti-spyware packages to find which are most effective. It turns out the range of deceptive practices from spyware reach farther than most people realize. Dave sent us these candid reflections on what his investigation discovered:

The difficulty with describing spyware is that what you can do once you "own" someone's browser is pretty much a green field. If your intention is to embarrass the user, as some CoolWebSearch variants do, you can throw pesky porn popups at a user until he surrenders and closes the browser. If your objective is to attract attention, as many rogue spyware removal tools choose, you can pop up the warning, "Your PC is infected!!!" and direct users to an "anti-spyware software" site for a scan. These scans often report long but entirely bogus lists of "dangerous software on your PC," hoping this deceptive practice will induce the poor user into buying the removal software. The other deceptive practice I have seen and read about is used to disparage or put a competitor's product into question. The popup sends the user to a "Spyware removal tool review" site, where the quality anti-spyware software receives low marks in an "independent review" while the anti-spyware practicing this deceptive advertising receives the highest marks.

In fact, one of the harder aspects of maintaining my spyware resources page is that I am constantly trying to filter out the rogue anti-spyware companies from my Google Adsense advertisements, since I don't want my visitors to fall prey to deceptive advertising practices!

LiveSecurity Service and LiveSecurity Informer subscribers will receive Dave's full report on the risks of spyware, and effective countermeasures, in two articles scheduled for your Inbox on October 1 and October 8. Whether you're a subscriber or not, you can benefit from Dave's anti-spyware page. Spyware, lieware, adware, badware ... let's call the whole thing off! --Scott Pinzon

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.