In-Depth

In Brief

Prosecuting Spyware Makers, A New Endpoint Security Standard

• By Mathew Schwartz
• 05/18/2005

Prosecuting Spyware Disseminators

Want to create and distribute spyware? Then get ready to be prosecuted.

That’s the message after a six-month investigation by the New York Attorney General’s office, which filed suit against Los Angeles-based Intermix Media Inc., alleging the company installed spyware and adware on millions of PCs without giving users proper notice. Intermix offers so-called “free” software on Web sites it owns and operates, including mycoolscreen.com and cursorzone.com.

“Spyware and adware are more than an annoyance,” says New York attorney general Eliot Spitzer. “These fraudulent programs foul machines, undermine productivity, and in many cases frustrate consumers’ efforts to remove them from their computers. These issues can serve to be a hindrance to the growth of e-commerce.”

The AG’s office documented at least 10 different Web sites used by Intermix to disseminate spyware and adware in the guise of free software. When users installed proffered software, the AG’s office alleges Intermix also downloaded ad-delivering software without telling users. Such programs—with names such as KeenValue and IncrediFind—would then launch pop-up advertising, redirect users’ searches to other Web sites, or install new advertising-related toolbars in users’ Web browsers.

“Intermix and its agents downloaded more than 3.7 million programs to New Yorkers alone, and tens of millions more to users across the nation,” says the AG’s office. Once installed on a PC, the software also hid itself, frustrating attempts to remove it.

The AG’s suit seeks a court injunction against Intermix secretly installing software, monetary penalties, and an accounting of all of Intermix’s related revenues.

Note the suit was filed not under anti-spyware laws—none is on the books in New York—but rather under the state’s General Business Law, which prohibits false advertising and deceptive business practices. Notably, many security experts have recommended this approach to stopping spyware and spam. The thinking: rather than trying to craft new laws that must define the threats they seek to counter (a difficult task), just use (or strengthen) existing, already-proven laws.

“Companies have gotten away with unethical and illegal software download practices for too long, says Ari Schwartz, the associate director of the Center for Democracy and Technology in Washington. “The practices alleged in this case are widespread on the Internet and we hope that both federal and state authorities follow Attorney General Spitzer’s lead in making this a priority.”

- - -

New Endpoint Security Architecture Detailed

The Trusted Computing Group (TCG) released details of its new endpoint security initiative. To facilitate product development, it’s introducing two interfaces to its Trusted Network Connect (TNC) architecture.

Over 60 companies in the networking and technology industry participated in TNC’s design. The goal: to provide “a common framework for the collection and exchange of endpoint integrity data in heterogeneous networking environments,” says TCG.

According to the organization, “products based on the architecture will determine the security and compliance of clients attempting to connect to a network, and provide a level of network access based on the configuration and integrity of the client.”

For example, clients can be interrogated and evaluated by discrete products for adherence to security policies, such as presence of a personal firewall or up-to-date antivirus signatures. These findings can then pass results to other products, which can then decide whether to give the device access, or quarantine and remediate it.

Ideally, TNC will increase security and decrease the time security and network administrators have to spend on troubleshooting PCs with misconfigurations or virus infections. Compatible technology should include “client and network security; switches, routers and hubs; systems and systems management; and operating systems.”

Related Articles:

Q&A: Endpoint Security for Unknown Devices
http://www.esj.com/Security/article.aspx?EditorialsID=1315

Untangling Endpoint Security Initiatives
http://www.esj.com/Security/article.aspx?EditorialsID=1230