Spyware

Spyware FAQ


Introduction

Spyware is one of the Internet's most prevalent threats. A 2005 study conducted by Webroot found that 2/3 of personal computers were infected with spyware. Computer users are fighting programs that sneak onto their computers and surreptitiously monitor their online activities, disrupt their computer system's performance and stability, and make it difficult to remove or disable these behaviours.

FAQ

Contents

What is spyware?

There is an ongoing debate and confusion about the definition of spyware. The term spyware has been used broadly and narrowly.

In its broader sense, spyware refers to a variety of potentially unwanted technologies. These technologies can be defined as,

Technologies implemented in ways that impair users' control over:

  • collection, use, and distribution of their personal information.
  • material changes that affect their desktop experience, privacy, or system security; or
  • use of their system resources

These are items that users will want to be informed about, and which they should be able to easily remove or disable.

In its narrower sense, spyware is a term for executable applications, deployed without adequate notice, consent, or control for the user that track and report the user's computer or the user's activities, including collecting and disclosing personal information.

What are the kinds of technologies that spyware might use, and what do these technologies do?

Technologies that spyware might use include:

  1. Tracking Technologies that monitor user behaviour or gather personal information about the user.
  2. Advertising Display Technologies that display advertising content.
  3. Remote Control Technologies that allow remote access or control of computer systems.
  4. Dialing Technologies that make calls or access services through a modem or Internet connection.
  5. System Modifying Technologies that modify system and change user's browser and desktop experience.
  6. Security Analysis Technologies used by a computer user to analyze or circumvent security protections.
  7. Automatic Download Technologies that download and install software without user interaction.

These technologies are valid and not considered spyware if all of the following three requirements are met: adequate notice, consent, and control. Currently, there is a debate as to what these three elements should entail. However, at the minimum, adequate notice should include notice written in a clear language that describes all the software that will be installed and their functions. Consent means that the user has assented to the notice, by clicking "I agree" to the notice or through some other affirmative action. Control means that the user can start, stop, or uninstall the software when the user pleases.

What are examples of unwanted technologies that fail to obtain my consent?

  • Root kits are a type of system modification technology that fail to obtain your consent. Intruders use this program after cracking a computer system to help them hack into a system and gain administrative-level access. Once a program gains access, intruders can monitor traffic and keystrokes; alter log files; attack other machines on the network; and alter existing system tools to circumvent detection.
  • Zombies are a type of remote control technology. This occurs when intruders use your computer without your consent to send spam or attack remote servers with a large amount of traffic.
  • Screen scrapers are a type of tracking technology that record images of activity on your monitor without consent.
  • Hijackers are a type of system modifying technology. This occurs when you visit a webpage and your homepage or default search engine immediately changes without your consent.
  • When you visit a webpage and new software, such as a new toolbar, is added to your computer without your consent. This is a type of automatic download technologies.

What are examples of unwanted technologies that fail to give me proper notice?

  • Unauthorized dialers are a type of dialing technology that fail to give you proper notice. This can occur when you download a program from a website that offers games, music videos, or other forms of entertainment and a computer file accesses your modem's communications software and reconfigures it without any notice. Your computer will subsequently start making long distance or 1-900 calls for which you did not receive any notice.
  • Popup ads are a type of advertising display technology that fail to give you proper notice.
  • The narrow definition of spyware is a type of tracking technology that fails to give you proper notice. This can occur when you download peer-to-peer software that has a lengthy End User License Agreement (EULA), which mentions only at the very bottom of the EULA that the software you download will include other software.

What are examples of unwanted technologies that fail to respect my right to control my computer?

  • Tricklers are a type of automatic download technology that fail to respect your right to control your computer. This can occur when you visit a website and immediately, you have new programs installed on your computer, which you cannot uninstall. You cannot uninstall these programs because they are not located in the directory of your computer or because the programs reinstall silently even after a user has removed components of the program.
  • The narrow definition of spyware is a type of tracking technology that fails to respect your right to control your computer. This can occur when you download a game through peer-to-peer software, and then you receive new programs which you cannot start, stop, or close the program at your command.
  • Hijackers are a type of system modifying technology that fail to respect your right to control your computer. This can occur when you visit a website and subsequently, your home page, default media player, or search page is changed.

What are the differences between spyware and viruses?

There are a few differences between the broader definition of spyware and viruses. The first main difference is that viruses intentionally harm or damage the computer by corrupting the normal performance of applications, operating systems or files. Spyware does not intentionally harm or damage the computer; however, spyware unintentionally slows down the computer or causes system crashes because of all the spyware programs running. The second difference is that viruses self-replicate and ultimately infect as many computers as possible as quickly as possible. Spyware does not self-replicate. The third difference is that spyware records personal information about a user, which can ultimately cause harm to that user. This is achieved through the installation of surreptitious applications that run unnoticed in the computer's background. Viruses do not record personal information about a user.

Who uses spyware, and for what purposes do they use it?

A wide range of entities use spyware for different reasons:

  • Criminals and scammers use spyware for fraud related purposes, such as identity theft, stealing credit card numbers, bank PINs, other passwords, and accessing personal documents.
  • Advertising companies or their distributors that bundle advertisements use spyware to better target consumers with specific advertisements that reflect their profile and tastes.
  • Companies that offer free software in peer-to-peer applications use spyware because these companies are affiliated with entities that collect information from users for demographic purposes or to sell it to a third party.

How can spyware affect me?

Spyware can negatively impact you in many different ways. Spyware can compromise your privacy because your personal information may be gathered and distributed to others. You may become a victim of identity theft or fraud. Outsiders may start using your credit cards and accessing your banking information. People may know your passwords and start accessing your personal email or documents.

Spyware can cause you to pay long distance calls which you did not authorize. This is done when a dialer application is installed on your computer and it calls long distance or 1-900 hundred numbers.

Spyware can install programs you did not download, change your browser home page, reset your bookmarks, and change your wallpaper. This then affects your control over your personal computer because these programs may be not listed in the add/remove program and consequently, some of these programs are difficult to uninstall.

Furthermore, spyware can affect the available resources and proper functioning of computers by making them slower and/or causing system crashes.

How does spyware typically get on my personal computer?

Different types of spyware get into your computer in different ways. These ways include,

  • Hackers placing spyware on your computer;
  • Drive-by downloads whereby you simply visit a website and spyware is downloaded without your consent and knowledge. The spyware is written into the site's code and thus, exploits known security holes.
  • Installing freeware/shareware, such as screen savers or games, that bundles spyware applications during installation of the main program.
  • Emails where there is an attachment to an email message, a hyperlink in an email message, or in the email communication itself if it is in HTML format; and
  • Clicking on a popup ad.

How can I tell if there is spyware on my computer?

It is likely that if you have browsed the Internet for a period of time, you will have picked up some spyware. Fortunately, there are many ways you can tell if spyware is on your computer.

  • You can use anti-spyware software to scan your computer. The following companies offer anti-spyware software:
  • You start receiving constant pop-up ads.
  • Your home page or favorites list in your browser have changed.
  • The computer or the Internet connection slows appreciably.
  • The hardware is performing actions that you did not initiate (CD-tray opening or closing).
  • You have a new toolbar, which you did not consent to.
  • You have programs on your desktop which you did not download. You also cannot uninstall them.
  • Your phone bill contains long distance or 1-900 calls to places you never authorized. This might indicate that your modem or Internet connection might have been hijacked.
  • Every time you perform a search, you are redirected to the same unknown website, including a pornographic site.
  • You receive random error messages.
  • You begin to receive targeted emails, many of which know you by name.
  • You have been a victim of identity theft or credit card fraud.
  • Your keys on your keyboard do not work. For example, the "Tab" key might not work when you try to move to the next field in a Web form.
  • Look at the task manager to see what programs are running on your search.

How do I get rid of spyware on my computer?

Once you have discovered that spyware has been installed on your computer, there are three options you can pursue:

  1. Remove the program using your add/remove function
  2. Use anti-spyware tools from anti-spyware companies to remove the spyware. These applications will search your system for spyware and will inform you of any questionable programs or processes that it finds. However, anti-spyware tools do not necessarily detect all the spyware on your computer. The following companies offer anti-spyware tools including,
  3. Back up your personal files and reformat your hard drive. If you are not comfortable reformatting, seek technical assistance.

What can I do to avoid spyware?

There are many precautions you can take to avoid spyware:

  • Update your operating system and web browser software by downloading the latest "patches" available in order to close security holes.
  • Install a personal firewall to secure your Internet connection from uninvited users, such as ZoneAlarm.
  • Only download programs from websites you trust.
  • If you are using Internet Explorer, set the security and privacy setting level to at least medium to avoid unauthorized downloading. For example, on Internet Explorer, click Tools > Internet Options > then the Privacy tab and move the slider to MEDIUM or preferably HIGH.
  • When closing pop-up ads, click the ("X") icon at the top right hand side of the title bar instead of any button, link or the ad itself. Many times, popup windows are coded to install spyware even if you click "ok", "agree", "cancel", or "no" when you want to close a window. Alternately, you can press Alt and F4 simultaneously for certain browsers, such as Internet Explorer and Mozilla Firefox.
  • When downloading free software or other applications, such as file sharing programs, be sure you clearly understand all of the software packaged with those programs. Companies often bundle free software with other software including spyware.
  • Read all security warnings, license agreements, privacy statements, and "opt-in" notices with any software you download.
    • If you do not understand or agree with the license agreement and/or privacy statement, do not install the software or software feature.
    • If the notices are hard to understand, think twice before downloading.
  • Do not open unsolicited email or download anti-spyware tools advertised through spam.
  • Use and update anti spyware tools that detect and delete spyware. There are companies that offer anti-spyware tools including,
  • Choose an Internet Service Provider that offers spyware protection for a monthly fee or is already included in the Internet service itself. These providers include,
  • As a matter of precaution, backup your files regularly

Is spyware illegal in Canada?

Canada does not have legislation that specifically targets spyware. However, federal and provincial laws that protect privacy and prohibit fraud, misleading representation, and other unfair trade practices, apply to those practices when deployed in spyware.

Personal Information and Protection of Electronic Documents Act (PIPEDA)

The Personal Information Protection and Electronic Document Act (PIPEDA) is a federal statute that protects your personal information in federally regulated commercial sectors such as the airline and telecommunications sectors. It also regulates most provinces except for Quebec, Alberta and British Columbia. Those provinces each have private sector legislation that is substantially similar to PIPEDA.

Section 7 of PIPEDA forbids any organization to collect, use or disclose personal information without the user's knowledge and consent. Spyware that provides for inadequate notice or consent to the collection, use, or disclosure of personal information violates PIPEDA.

An individual can launch a complaint to the Privacy Commissioner at no cost against a company and the Privacy Commissioner will investigate the company to see if it is complying with PIPEDA. If the Privacy Commissioner finds that the company does not comply, the Privacy Commissioner will outline its recommendations for the company to follow; however, companies are not bound to follow the recommendations. Subsequently, an individual, or the Privacy Commissioner, can bring an application to the Federal Court for the enforcement of PIPEDA and to impose fines on the company.

Competition Act

There are two sections in the Competition Act that apply.

The first is s. 52(1) that forbids the use of deceptive practices to promote the supply or use of a product or business interest by knowingly or recklessly making false or misleading representations to the public. These business practices are prohibited whether they are "contained in or on anything that is sold, sent, delivered, transmitted or made available in any other manner to a member of the public."

An individual under s.36 can bring a civil cause of action in breach of s. 52 (1) to a provincial superior court or the Federal Court of Canada. A court may order the defendant to pay damages to the individual if the individual can prove on a balance of probabilities that a company breached s. 52 (1).

The second applicable section is 74.01 (1) that states that a person who makes a representation to the public for the purpose of promoting a product or business interest that is false or misleading in a material respect will be under reviewable conduct.

An individual can file a complaint to the Competition Bureau against a company who engages in reviewable conduct, and the Commissioner of Competition can investigate whether a company engages in such conduct. If the Commissioner of Competition finds that the company engages in reviewable conduct, the Commissioner may bring an application to the Federal Court, the Superior Court of a Province, or the Competition Tribunal. The Court or Tribunal may order a company found to have engaged in such conduct to stop engaging from this type of conduct or similar conduct, to pay publish or otherwise disseminate a notice to bring to the attention of the class of person likely to have been affected by the conduct, and/or or to pay an administrative monetary penalty. For corporations, the penalty is $100,000.

Alternatively, under s. 74.08, an individual can bring a civil right of action against a company for violating s. 74.01. The remedies in a civil action could include monetary damages or an order prohibiting the company from engaging in such deceptive practices.

Canadian Criminal Code

The Canadian Criminal Code does not allow an individual to bring a claim to court against a company whom he/she believe violates the Criminal Code. Instead, an individual must bring its complaints to the police who will investigate the matter. If the police find that there may be claim, the police will turn its findings to the Crown. The Crown will then decide whether to pursue this claim in court. If the Crown decides to proceed to court and the court is convinced beyond reasonable doubt that a defendant violates the Criminal Code, the court may fine or imprison the company. However, the court will never order the defendant to pay monetary damages to an individual.

There are four provisions from the Criminal Code that apply.

Section 430 on mischief focuses on the obstruction, interruption or interference with the lawful use, enjoyment or operation of property. Those found guilty of these offenses are liable to a term of imprisonment not exceeding ten years if the value of the subject-matter of the offence exceeds five thousand dollars and not exceeding two years if the subject-matter of the offence is below five thousand dollars. The commission of mischief in relation to data (section 430(5)) may make a person liable for a term not exceeding ten years.

Section 342.1(1) on unauthorized use of computers makes it an indictable offence for anyone who, fraudulently and without color or right, (a) obtains, directly or indirectly, any computer service, (b) intercepts or cause to be intercepted, directly or indirectly, any function of a computer system by means of an electro-magnetic, acoustic, mechanical, or other device, (c) uses or cause to be used, directly or indirectly, a computer system with intent to commit an offence under (a) or (b) or an offence under section 430 (relating to mischief as seen above). It also makes it an offence for those who the fraudulently use, posses, traffic or allow another person access to a computer password that would enable the person to commit offenses (a), (b) or (c). These are indictable offenses and those found guilty can be liable for a term of imprisonment not exceeding ten years.

Section 380 on fraud makes it an indictable offence for those whom defraud the public or any person of any property, money or valuable security or any service. The maximum term of imprisonment is ten years and depends on the circumstances.

Section 184 (1) on interception of communication makes it an offence for those who by means of any electro-magnetic, acoustic, mechanical or other device, willfully intercepts a private communication. Those found guilty may be liable to imprisonment for a term not exceeding five years.

Provincial Consumer Protection Laws

Different provinces have enacted legislation to control unfair business practices. These laws are similar from province to province and generally prohibit false, misleading, deceptive, or unconscionable representations to consumers. These laws generally provide two options to the consumer: 1) the consumer can bring a claim to a consumer business practice authority or 2) the consumer can bring a private action. The remedies available may vary with each province. These remedies include damages, rescission, and/or even punitive damages. Some statutes only provide compensatory remedies, without providing equitable remedies. However, since provincial laws operate within the limits of the enacting jurisdiction (except where conflict of laws rules permit otherwise), the consumer may leave empty handed and dissatisfied because of the difficulty of enforcing applicable remedies where the defendant is in another province or nation.

Applicable Provincial Statutes

* New Brunswick, Nova Scotia, and the Territories do no have applicable statutes that would prohibit vendors from making false, misleading, or deceptive representation to customers.

Trespass to Chattels

To make a successful claim for the tort of trespass to chattels, a claimant must prove on a balance of probabilities that the defendant has committed an act of direct interference with a chattel in the possession of another person without lawful justification. A court may grant damages to the plaintiff.

Minors Cannot Consent

Minors cannot legally enter into a contract or give consent. Therefore, any installation completed by a minor cannot amount to consent required to complete a contract. The age of minors varies between 21 and 18 years of age depending on the province. If a court finds a voidable contract, then a court can offer disgorgement of the benefit received by the spyware company.

If some kinds of unwanted technologies are illegal, why haven't Canadian authorities put a stop to the distribution?

There are many reasons why Canadian authorities have not put a stop to the distribution of spyware:

  • It is hard to ascertain from whom, from where, and how spyware has been disseminated. Companies involved in spyware have complicated distribution networks. The maker of the spyware is often not the party that put it on your computer.
  • Even if the distributor is found, many distributors are outside of Canada, which can complicate law enforcement efforts.
  • Law enforcement agencies have limited resources, and to date have not deemed the spyware problem sufficiently pressing to address.
  • Consumer complaints are less likely to lead directly to targets than in other law enforcement investigations, because consumers often do not know that spyware has caused the problems or, even if they do, they may not know the source of the spyware.
  • Identifying the source of spyware is especially difficult when it has been installed by "drive-by methods", given that consumers likely were not even aware that the spyware was being installed.
  • Consumers may feel that the harm they experience is not worth the time and money to spend on launching a law suit.

The U.S. has started taking action against companies and people involved in spyware.

The Federal Trade Commission sued Seismic Entertainment Productions, Inc., SmartBot.net, Inc., and Sanford Wallace for distributing spyware. The FTC later included Jared Lansky, John Martinson, OptinTrade Inc., Mailwiper, Inc., and Spy Deleter, Inc. as co-defendants to that law suit.

Recently, Eliot Spitzer, the New York Attorney General sued Intermix Media for distributing spyware. However, Intermix has decided to settle out of court by paying $7.5 million to the state of New York over a three year period.

What is the Canadian government doing to address the problem of spyware?

The Canadian government is taking action against spyware through the Electronic Commerce Branch of Industry Canada, which is examining the issue of spyware. The aim is to design a policy framework to address different issues that affect user's confidence concerning their Internet experience. However, this framework is in its initial stage. The Office of Consumer Affairs of Industry Canada has granted funds to the Public Interest Advocacy Center (PIAC) to study the spyware phenomenon in Canada.

What are other countries doing about spyware?

Countries, such as the United States and Australia, are enacting spyware specific legislation.

United States

The United States has introduced five bills to Congress:

  1. The Securely Protect Yourself Against Cyber Trespass Act or the "Spy Act" (H.R.29) passed the House on May 23, 2005.
  2. The Internet Spyware (I-SPY) Prevention Act or the "I-SPY Act" of 2005 (H. R. 744) was referred to House Committee on Judiciary on February 10, 2005.
  3. The Software Principles Yielding Better Levels of Consumer Knowledge or the "SPY BLOCK Act" (s.687) was referred to Senate Committee on March 20, 2005. It was read twice and referred to the Committee on Commerce, Science, and Transportation.
  4. Computer Software Privacy and Control Act - Rep. Jay Inslee - H.R.4255
  5. A new bill was introduced on May 2005, with no title yet, which targets profits derived from spyware.

Many state legislators have implemented spyware laws, including:

Australia

Australia introduced to the Senate Spyware Bill 2005 which is being debated.

European Union

The European Union adopted Directive 2002/58/EC of July 12, 2002 on the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector. This directive targets specific technical means that provide access to information, store hidden information or trace the activities of users without their knowledge. Article 5(3) of this Directive establishes that Member States should ensure that electronic communications networks store information or gain access to information stored in the terminal equipment of users only if they have clear and comprehensive information in accordance with Directive 95/46/EC of October 24, 1995 on the Protection of Individuals with Regards to the Processing of Personal Data and on the Free Movement of Such Data.

Asia

For the response of Asian governments to spyware see APEC Telecommunications and Information Working Group, 31st Meeting/ Questionnaire on spyware.

What is the computer industry doing about spyware?

The computer industry is responding to the threats posed by spyware with the development of anti-spyware software which scan computers to check whether there is spyware installed in them. ActiveX blockers have also been developed since ActiveX controls are one of the channels by which computers might get spyware. Some software companies and ISPs are also attempting to better educate their customers on ways to protect their computers and networks from spyware.

The computer industry, comprised of anti-spyware vendors and software companies formed the Consortium of Anti-Spyware Technology (COAST). However, this group collapsed in February 2005.

Currently, there is the Anti-Spyware Coalition (ASC) which formed in May 2005. It is comprised of anti-spyware vendors, internet service providers, technology companies, and consumer groups. The ASC will be releasing three documents in September 2005. The first document provides a definition of "spyware" combined with a glossary; the second document outlines the resolution process a software publisher can expect an anti-spyware company to follow if the publisher feels that its software has been inappropriately described or categorized; and the third document provides tips for consumers to protect themselves from spyware.

Resources

Legislation Relevant to Spyware in Canada

Personal Information Protection and Electronic documents Act (PIPEDA)

PIPEDA is the federal act that regulates the collection, use and disclosure of personal information in Canada by the private commercial sector. It applies to federally regulated commercial sectors like the airline industry, as well as to commercial activities in all provinces except for Alberta, British Columbia, and Quebec. Those provinces each have commercial sector legislation that is substantially similar to PIPEDA as recognized by the Privacy Commissioner of Canada.

Competition Act

The Canadian Competition Act forbids the use of deceptive practices to promote the supply or use of a product or business interest by knowingly or recklessly making false and misleading representations to the public in a material respect.

Canadian Criminal Code sections 380, 342.1(1), 430, 184

Canadian Criminal Code sections 380, 342.1(1), 430, 184 on fraud, unauthorized use of computers and mischief respectively apply to spyware.

Consumer Protection Laws

Different provinces have enacted legislation to control unfair business practices. These unfair business practices are similar from province to province and generally prohibit false, misleading or deceptive representation to customers. These laws generally provide two options to the consumer: 1) the consumer can bring a claim to a consumer business practice authority or 2) the consumer can bring a private action.

* New Brunswick, Nova Scotia, and the Territories do no have applicable statutes that would prohibit vendors from making false, misleading, or deceptive representation to customers.

Canadian Government Resources

Office of the Privacy Commissioner of Canada, Resource Center

The Privacy Commissioner's Resource Center links to provincial privacy legislation, oversight offices and government organizations.

Competition Bureau

The Competition Bureau is the Canadian Government's independent law enforcement agency responsible for the administration and enforcement of the Competition Act. The Competition Act prohibits making false and misleading representations about products and services to the public.

Electronic Commerce Branch of Industry Canada

The electronic commerce branch is responsible for the adoption and development of e-commerce in Canada, including the federal government's approach to spyware.

Non-profit Organizations

Center for Democracy and Technology (CDT)

CDT is a private non-profit organizations based in Washington D.C. committed to the protection of democratic values and constitutional liberties in the digital age. The site provides current information on American legislative developments and policies concerning spyware.

Electronic Frontier Foundation (EFF)

The EFF is a group of lawyers, technologists, volunteers, and visionaries located in San Francisco, California, working together to protect the rights of websurfers everywhere. The site contains a "miniLinks" archive on spyware and adware and "deepLinks" which provide noteworthy news form around the net on spyware and other issues.

Public Interest Advocacy Center (PIAC)

PIAC is a "Canadian non-profit organization that provides legal and research services on behalf of consumer interests and, in particular, vulnerable consumer interests, concerning the provision of important public services." The Office of Consumer Affairs of Industry Canada has granted PIAC funds to research and write a report on spyware and its state in Canada.

World Wide Web Consortium (W3C)

The W3C is an international consortium whose mission is to achieve "web interoperability" through the creation of web standards and guidelines that allow hardware and software to work together to access the web and avoid its fragmentation.

National Cyber Security Alliance (NCSA)

The NCSA is a public-private partnership operating in Washington D.C. focusing on promoting cyber security and safe behavior online. They sponsor the following website www.staysafeonline.info to keep home users, educators and small business updated on how to protect their computers and networks. Check the top ten cyber security tips on this site.

Internet Education Foundation (IEF)

The IEF is a non-profit organization dedicated to educating the public and policymakers about the potential of a decentralized global Internet to promote democracy, communications, and commerce. It sponsors the educational project GetNetWise which is a coalition of Internet industry corporations and public interest organizations "who want Internet users to be just one click away from the resources they need to make informed decisions about their family's use of the Internet." The GetNetWise website has a spotlight on spyware link on its page with useful information.

StopBadware.org

StopBadware.org is a "Neighborhood Watch" campaign aimed at fighting "badware" - spyware, malware, and other potentially unwanted technologies. Harvard Law's Berkman Center for Internet & Society and Oxford University's Oxford Internet Institute are leading this effort with the support of several prominent tech companies, including Google, Lenovo, and Sun Microsystems. Consumer Reports WebWatch is serving as an unpaid special advisor.

Non-Canadian Government Resources

Australia
Australian Department of Telecommunications, Information Technology and the Arts

This site contains the outcome of the legislative framework review on spyware in Australia. The result was that the "most serious and culpable uses of spyware were offenses under exisiting legislations." This site contains the coverage of particular laws in Australia to problems and threats caused by spyware.

Bill 2005 in Australia

Spyware Bill 2005 was introduced by Democrat technology spokesman Senator Brian Greig in Australia. It is being pushed forward and is currently being debated in the Senate (May 12, 2005).

United States
FTC Consumer Alert: Spyware

This link provides useful hints and tips on how to identify spyware installed in your machine and how to prevent it.

FTC's Information Security Website

This page contains general information on computer security and the safeguarding of personal information. It is a good source to check regularly for updates on spyware and other issues.

Federal Trade Commission Staff Report Spyware Workshop: Monitoring Software on your PC: Spyware, Adware and other Software, March 2005.

This report provides a comprehensive overview of different aspects of spyware in the United States such as definitions, effects, industry and government responses to the spyware phenomenon.

International Resources

Organization for Economic Co-operation and Development (OECD) - The OECD is an international organization with thirty member countries and active relationships with seventy other countries. The OECD is promoting a "culture of security" where awareness, education, information sharing and training are the principles behind the guidelines to secure information systems and networks. The governments play a key role in the implementation of these guidelines. A search on the OECD's website for "spyware" will poduce a number of relevant documents.

Spyware Removal Tools

Software vendors offer anti-spyware tools to permit users to scan their computers for recognized spyware and remove it.

Canadian ISPs offer spyware protection for a monthly fee and others included it in the Internet service itself.

For spyware removal tools provided by American ISPs, visit the NetGetWise website.

Other Resources

AOL/NCSA Online Safety Study, Conducted by America Online and the National Cyber Security Alliance, October 2004

This survey was carried out in 329 homes that use Internet services and it focused on "Security Perceptions and Risks." The key areas covered were virus protection, spyware, file sharing programs, firewalls, wireless access and parental controls.

Sunbelt Spyware Research Center

This site contains a "Spyware Library Browser" where you can check under different categories for specific threats or search the complete listing for one category of security threats such as spyware, adware, key-loggers and others categories.

Spyware Workshop: Monitoring Software on your PC: Spyware, Adware and other Software

The Federal Trade Commission sponsored this one day workshop in the United States and on April 19, 2004. The following link provides information on presentations that took place and other important links.

"Spyware": Research, Testing, Legislation, and Suits at Benjamin Edelman's website

Benjamin Edelman is a PHD candidate at the Department of Economics at Harvard University and a student at the Harvard Law School. His research agenda includes methods and effects of spyware and installation methods.

Further Reading