Sunday, February 1, 2009

A view from the dark side

Via Bruce Schneier, we have a fascinating interview with an adware author. From a technical perspective, it's fascinating - he gives a programmer's eye view of the various mechanisms he used to make sure his adware couldn't be uninstalled or stopped. From a privacy standpoint it's disturbing. When asked the question of whether people had any security or privacy at all, his answer was (essentially) no, but it doesn't matter because most people aren't criminals so you're probably ok.

From a legal standpoint, it had two interesting takeaways. First: End User License Agreements are trouble. The interviewee's opinion was that people don't read EULAs, so you can put anything in them, including agreements by the user that the adware company can install whatever software they want on the user's computer. In the coming years, I would expect to see some limits placed on this (e.g., by the FTC under its authority to police unfair or deceptive trade practices). Second, the legal system can work to curb bad practices, but only once the bad practices are known. The company the interviewee worked for, Direct Revenue, was sued by Elliot Spitzer. The problem is, the suit only happened after the company made the poor business decision to start branding their adware. If they hadn't done that, it's anyone's guess as to whether they even would have shown up on the (now disgraced) attorney general's radar screen.

Also, one final takeaway from the interview: if you want to reduce your susceptibility to adware (or various forms of viruses or other malware) switch off Microsoft products. The interviewee was openly contemptuous of Microsoft products. The money quote: "If you’re using IE [Internet Explorer], then either you don’t care or you don’t know about all the vulnerabilities that IE has." I'm not sure I agree with him, but it's interesting to see how an insider views the world at large.

No comments: