I can't see the difference.... can you see the difference?

**baraucs** · 13 May 2003, 12:05 pm

Ok, I touched on this before - but either people didn't think it was a great idea or perhaps it just didn't catch people's attention. I'll try one more time here in case it was just the latter.

I believe, as many others do - scumware is a virus.

I also believe, that while it's catchy - the use of the term 'scumware' might not be a great idea.

I live in Canada, so excuse my ignorance of US laws, but it would appear at least that each state has it's own definitions of what constitutes a 'virus'; and it's own penalties for those that distribute them.

I've looked at a few exerpts from state penal codes, and I firmly believe that the vast majority of 'scumware' applications fit perfectly into the definition of a virus. A couple of snippits from California for example;

https://www.csupomona.edu/~iit/policy...code_502.shtml

"Computer contaminant" means any set of computer instructions that are designed to modify, damage, destroy, record, or transmit information within a computer, computer system, or computer network without the intent or permission of the owner of the information. They include, but are not limited to, a group of computer instructions commonly called viruses or worms, which are self-replicating or self-propagating and are designed to contaminate other computer programs or computer data, consume computer resources, modify, destroy, record, or transmit data, or in some other fashion usurp the normal operation of the computer, computer system, or computer network.

You'll notice the reference to transmitting information without intent/permission, as well as these penalities applying not only to those that would transmit what may fall under a traditional definition of a 'virus' (if indeed there is a formal definition); but those that transmit any 'computer contaminant' used for something.... 'bad'.

What's 'bad'?

Well, California says a computer contaminant is unlawful if it:

Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data.

I won't beat this to death, I think you can see where I'm going with this. From my limited sampling of state penal codes they are for the most part very similar.

So what?

Only webmasters promoting affiliate programs have issues with 'scumware'. Who's going to empathize? If we continue to differentiate between virii and scumware, whether intentionally or not WE are making a distinction that prevents us from (or at least doesn't help us):

- Using EXISTING legal avenues to have this virus distribution handled. There are laws in place regarding virii, try calling your local authorities and filing a 'scumware' complaint.

There's fines, possible jail time and the hilarious possibility of scumware CEO's being banned from computer use a'la bad hacker movies. Why can't we use these 'scumware' detection scripts/etc to alert our visitors that they have a VIRUS on their computer, show them exactly how to remove it and who to contact about filing a complaint with the law for the intrusion.

- Pressuring AV companies to include these virii in their AV definitions. Why should they now? It's not a virus - it's 'scumware'.

This shouldn't be as hard as it sounds - if a few scumware purveyors go through criminal proceedings rather than civil court and lose, how can any Anti-Virus company deny it's a virus?

I'd go so far as to suggest a huge show of support for the first decent AV tool that includes 'scumware' removal. I'll give them some space, wouldn't you? It'd be like ad-aware but less confusing and on-going. Maybe Norton of McAffee won't have time for us - but there's a lot of smaller companies with good tools that would probably love the opportunity for the free exposure.

These laws were designed to protect you and are already in place, you've got the evidence and the right to demand enforcement so long as you're paying your taxes

**Dominique** · 13 May 2003, 12:08 pm

Thank you for this, baraucs.

I am going to send this on to the right lawyers.

**VPJunkie** · 13 May 2003, 12:12 pm

These are all very good points, Baraucs - perhaps we can get some more input in this thread from other sources, also.

**Proper** · 13 May 2003, 12:25 pm

Originally Posted by baraucs

I also believe, that while it's catchy - the use of the term 'scumware' might not be a great idea.

I refer to it initially as 'spyware' to the users, they are more aware of that term.

I would be suprised if the likes of 'gator' haven't gotten round the general legal implications by refering to their product as a 'web browser aid'. The bigger they get the more careful they will be.

It would be interesting to see if a case could be built tho, If we could prove a particular product did more harm than good. At the end of the day if they mislead users that could be an issue. We could possibly create grief on that angle. Bad publicity would be damaging alone.

.... hehe could be fun

ps. What is meant by 'AV tool' I thought 'ad aware' was the one to use. I could possibly get into writing a sever side equivelent. I'd need to know what I was looking for tho. I can code but I know nothing about 'Active X' (yet). If this was for the GPWA I could certainly look into it with the help of a few others.

**baraucs** · 13 May 2003, 12:26 pm

Just to add one thing:

I believe these legal definitions are intentionally left vague in the penal codes as to leave enforcement up to some discretion. I do believe that once the intent of most 'scumware' was proven to the proper authorities - no defense of 'it was in the terms and conditions' would hold any ground unless the terms specifically referenced all the nasty things it did very clearly. I can't get off a murder charge by having the victim agree to it beforehand, it's still against the law. Likewise, I do not think any legalese could totally protect a scumware distributor provided the actual intent of the program was masked and could be categorized as 'bad'. (see above)

**Breakfastman** · 13 May 2003, 2:11 pm

Knowingly accesses and without permission alters....

And that's the trick: without permission all this scumware would qualify as a virus and thus be illegal.

However.... the scumware we're fighting mostly asks nicely if we want to install this.
Gator offers you to remember your password, or tell the correct world-time or I don't know what they are offering , but they ask you if you want to install it.

It's only in their terms and conditions (which of course nobody reads) that they say that they will also serve you a shitload of advertising and blah blah...

The problem with 'scumware' is that users actually click 'yes' before it installs, andf therefore way harder to attack on legal grounds. (as far as I know you can even install KazAa without the scumware if you 'tick-off' some options during installation..)

**baraucs** · 13 May 2003, 3:37 pm

I hear you BM, and that's the general perception I believe - but without infecting the hell out of my computer to check for myself, I don't think most disclose the actual intent of the program being installed.

An analogy; let's say you installed quicktime to watch movies. It's free, there was a T&C you agreed to upon installation, but it's understood that the intent of the program is to watch movies.

A few months later, Apple decides they could make more money by using Quicktime users computers as a giant P2P network instead, and silently changes the software to do just that next time you're online.

You may have agreed to the terms at the time when you installed it, and if they read like most they probably had lingo in there designed to let them do what they want more or less as far as changes to the software.

But there has to be a line somewhere, what if a few months later, Microsoft put them out of business and their last act was to vindictively update the sofware to format all MS operating systems next time it ran? Would users have agreed to that because they installed the software with terms that said 'we can update the terms whenever we want'?

So... why does my precision date and time manager make something pop up ads when I'm surfing, when it's not even a browser application?

Ok that's a stretch, but what I'm trying to say is these laws appear to be written to allow interpretation, and I would interpret most scumware as both causing damage and not disclosing their intent to end users. I'm sure that 95%+ of people of people that have installed it - whether intentionally or not - would want the sofware OFF once they knew all it did, and ould agree that it did much more (in a bad way) than disclosed when they installed it in the first place. This sentiment properly collarborated could carry weight in court when there's discretion involved.

Many of these software companies also use technology that re-installs the software on your computer over time or on some event after it's been uninstalled from what people are saying. I don't know if there's legalities behind it, but every piece of legitimate software I've installed seems to let me end my part of the bargain by uninstalling it. If I uninstall a scumware host or scumware application and it re-installs without prompting the T&C's again, I would argue they did not have my permission to do anything at that point, and are now officially a virus in every sense.

This is all debateable, I know - but I think if you read the penal codes for most states you'd agree there's a very good chance many scumware companies could be prosecuted at least based on the discretion the wording seems to allow. The definitions of 'computer containment' and the penalties associated with it do NOT seem to exclude scumware because they have T&C's on installation, however they DO seem to include them based on language like 'deceive' and 'wrongfully control or obtain money, property, or data'.

If the law itself prevents the actual activity - they can't get around that by having terms that say you agree to let them break the law, no?

I would appreciate it if people could perhaps take a run through their own state/provincial/federal laws surrounding this sort of thing, and tell me how most of this scumware would NOT be categorized as a 'virus' (remember, it doesn't have to be a 'virus' in the traditional sense to be unlawful). I say this not to be a smartass, but I'd like to see it ruled out as a possible option based on reviews of actual penal codes rather than assumptions, of which I'm making quite a few myself.

**baraucs** · 13 May 2003, 3:48 pm

ps. What is meant by 'AV tool' I thought 'ad aware' was the one to use. I could possibly get into writing a sever side equivelent. I'd need to know what I was looking for tho. I can code but I know nothing about 'Active X' (yet). If this was for the GPWA I could certainly look into it with the help of a few others.

Sorry proper, I didn't catch that edit at first.

I meant Anti-Virus programs, such as McAffee and Norton Antivirus SHOULD have scumware classified as a virus and build into their virus definitions. If they did, these scumware applications wouldn't be nearly the problem they are now, as I'd imagine the number of internet users who run some sort of AV software is the majority these days. Compare that to ad-aware, which 99% of Internet users probably haven't heard of.

Why they don't I'm not sure, but I'd imagine until there's some sort of outcry they're rather avoid potential legalities and leave it alone.

I'm glad there's an ad-aware, but it's one more thing that your average user won't care about or bother with. If we could get just one AV company to include scumware for removal, they could get a lot of support from webmasters and use it to market their product ('removes ALL virii including scumware!'). Of course, if that becomes a good selling point, everyone will follow suit shortly after; and we'd have something people use already working for us.

**Ace Fun** · 13 May 2003, 4:50 pm

The whole situation is fairly complex as there are so many different forms of computer threat. There are a few definitions that seem to be accepted by a number of people.

Malware - a collective term for any malicious item that is installed on your computer.
Virus - a self propagating routine that may or may not be malicious.
Trojan- a program that is down loaded secretly or installed by mistake.
Spyware - a type of trojan that is used to report information on a surfer.
Scumware - I've picked this up from your board, but I understand it to be a type of trojan that changes specific url when a surfer calls them.

There is a problem with adding trojan detection to anti-virus software. Programs like Norton (which is not very good - that's why they keep spamming) check files, but more advanced systems like the free version of AVG from www.grisoft.com pick up viruses when the trigger is activated. This doesn't slow down the computer as much and also detects polymorphic and composite viruses.

To protect yourself you should run one good av program (more than one is worse than one). A firewall like Zonealarm from zonelabs, and keep your security updates up to date. Don't install software for the sake of it, but research it first. Also it's best to keep active-x on prompt and only OK it if you really want the item.

SpyBot is better than adaware. It picks up the residual stuff from Alexa for example.

**LineResearch** · 14 May 2003, 3:46 am

These are some great points, baraucs. You are definitely on the right track. Scumware companies have had two primary weaknesses in their case which are the central points of most lawsuits against them (1) the trademark/copyright issues, and (2) the consumer permission issue.

This anti-virus statute line of attack focuses on the second point and it's a good attack. The scumware companies know they are weak in defending this attack which is why they spend so much PR money promoting the theme that they get people's permission for the downloads. We know its not true, but sometimes if you repeat something often enough you get people to believe black is white. To counter this, it would be nice to get even one AV company to include scumware for removal as that would re-shape public opinion into recognizing this for what it is.

The key to any case is going to be compiling evidence of (i) actual downloads without permission and (ii) showing that when people do click to "give permission" that the scumware company has not fully disclosed everything and disclosed in a way that is realistically going to inform the consumer of what is being disclosed. Do that, and you have the potential to take the attack to the criminal level using the anti-virus statutes, fraud statutes, and destruction of property statutes. Then, all you need is a state Attorney General who wants to make a name for himself.

**Ace Fun** · 14 May 2003, 4:06 am

There is a massive difference between self replicating malware (viruses) and programs that a user elects to install such as the Alexa toolbar. I think it would do anti-virus protection a great deal of harm if non-viral threats were thought of as viruses. Would you include as viruses server based programs that search for open ports on your computer and enter that way when they find one.

There are already people that remove anti-virus software because they think it slows down their computer. This sort of attitude helps the spread of viruses.

**baraucs** · 14 May 2003, 8:00 am

There are already people that remove anti-virus software because they think it slows down their computer. This sort of attitude helps the spread of viruses.

Were it up to me - I would include in my virus definitions any items installed without permission that were generally accepted as having no benefit to the end user; provided most end users agreed said programs were 'virus-like'. It would seem that appeasing the majority of my customers in that case would make good business sense, no?

I don't see how this relates to Alexa.

The key to any case is going to be compiling evidence of (i) actual downloads without permission and (ii) showing that when people do click to "give permission" that Gator has not fully disclosed everything and disclosed in a way that is realistically going to inform the consumer of what is being disclosed. Do that, and you have the potential to take the attack to the criminal level using the anti-virus statutes, fraud statutes, and destruction of property statutes. Then, all you need is a state Attorney General who wants to make a name for himself.

Ok then Ed, you're the law guy - is this really a stretch, or in your opinion are these 'scumware' providers already violating the statutes? I'm guessing there's got to be a bored Attorney General or two.

**Ace Fun** · 14 May 2003, 8:55 am

First off an apology. I've arrived on your boards as a newbie, and already I'm giving forth on one of my pet hates.

My position on this is that I hate all methods of changing computer settings or software without the surfers knowledge. This includes everything from the notorious back orifice (and Microsofts eyedog trapdoor) to javascript that changes a users homepage. I've even set up a few sites to try to alert/help users, but most don't seem to care until their files get deleted by a virus.

The term "virus" refers to malware that is distributed in a particular fashion, and sophisticated AV software doesn't look for specific files but looks for viral behaviour in the computer. This helps to detect viruses that have not been reported yet. It also detects polymorphic viruses which are able to slip past some other detection systems. To give an idea of the symbiotic relationships between viruses, the installation of the infamous Klez virus is first preceeded by the installation of the ElKern virus to disable anti-virus software.

My Alexa reference was to a routine that was left in my computer after I had run the Alexa removal program. It tried to establish an internet connection on power up and was not detected by adaware. It was removed by spybot however.

I think what I am trying to say is that you can't fix a broken leg by using anti-biotics, but you may want to use anti-biotics to prevent an infection setting in.

**techwoman** · 14 May 2003, 9:17 am

Ace,
I understand how you feel

most of my side jobs are removing these viruses and explaining to people how their home pages get changed. My biggest hate is AOL, I always try so hard to get people to get rid of it. Most of the viruses I have removed were from people who had aol. The AV tools can't scan the incomming or out going emails. I have to warn about opening emails with attachments if they are not expecting them. As well as when they say, how come my computer keeps trying to access the internet? And why is my computer running so slowly? Then when I check their system, they have spyware, as well as some usual slow downs, startup progs, defrag files and sometimes only 500mb of disk space left

It truly is hard to educate people who have no tech expertise or savy at all so I hope that Kevin is on to something. I call it a virus too because I have seen it in action myself. My children are very tech savy, I taught them everything. They know what not to download or open and even with that, Gator got onto my computer and my daughter told me there was never even a popup asking for permission. I totaly believe her, she knows her stuff

**LineResearch** · 14 May 2003, 9:27 am

It's not a stretch. It's all in the evidence. Everyone that runs into this stuff needs to document as much as possible even if it is just making a memo to yourself about what happend and what you saw. ID the sucmware if you can, and see if you can figure out when and how it was downloaded. Take screenshots of as much as possible. If enough people do this, patterns emerge and legal cases are made.

**Ace Fun** · 14 May 2003, 9:34 am

Most people seem to think that viruses and trojans just come via email. A lot do still and modern viruses have their own SMTP servers. There are a lot of other transports though. ICQ, Winamp, Kazaa, Flash are just a few ot them.

Have you tried deep deletion of temp files by the way (using deltree). I've freed off massive amounts of space like this - over 600Mb in a couple of cases and this is after windows has deleted all the files. I always wonder why Bill Gates wants to save all that stuff.

**VPJunkie** · 14 May 2003, 10:33 am

Originally Posted by LineResearch

It's not a stretch. It's all in the evidence. Everyone that runs into this stuff needs to document as much as possible even if it is just making a memo to yourself about what happend and what you saw. ID the sucmware if you can, and see if you can figure out when and how it was downloaded. Take screenshots of as much as possible. If enough people do this, patterns emerge and legal cases are made.

Thank you, Ed!

k:

**Proper** · 14 May 2003, 12:11 pm

baraucs: cheers for clearing that up.

Truely if norton/Mcafee was involved, 'gator' would need surgery to remove the boot!

**universal4** · 16 July 2003, 12:25 pm

If any anti-virus companies are approached....also please consider F-Prot by Frisk Software.

I'm not sure if they would be interested in any way,, but I can vouch for their product. I run it on some of my machines, and am moving almost all of my servers to it. (They have really attractive licensing- I can license 10 boxes for less than $50- Norton for a Sever is over $800)

**Mary** · 16 July 2003, 2:55 pm

I ran across this and thought you guys might find this interesting.

Mary

https://www.acts-consulting.com/spyware.pdf

Thread: I can't see the difference.... can you see the difference?

LinkBack

Thread Tools

Search Thread

Display

I can't see the difference.... can you see the difference?

Re: I can't see the difference.... can you see the differenc

Posting Permissions