Sick of scams, spam and scumware

By Mark Gibbs

Devious. Duplicitous. Dissembling. Disingenuous. These are not words that anyone wants to have others use about their behaviour. Yet that’s exactly the description for people on the Net who seem willing to do anything to make a buck.

The people who regularly tick me off are the spammers, those low-life imbeciles who will do anything to get your attention. What really gets me going are the subject lines they use like: “Re: your refinance application.”

Like I wouldn’t know that I didn’t apply to refinance my house.

Spam is without doubt our biggest communications problem and will remain so for a long time, but my latest accumulation of venom is for those companies who push scumware.

Scumware has been on my mind since I got hold of a copy of SpySweeper, published by WebRoot Software. Scumware is software that either displays advertisements (this is called adware), or goes further and tracks and reports on your Web browsing, your keystrokes or anything else the author has some interest in knowing (this is spyware).

Adware is the most common form of scumware. Shareware or freeware authors often use it to generate revenue from their software. The authors build third-party adware components into their programs to display ads and get a cut of the ad revenue. Ads are displayed when the software is running and, in some cases, also when it isn’t.

Adware can be very devious. The notorious Gator from Gator Corp. actually hijacks Web banners when they are displayed in your browser and shows its own banners! At best, that is ethically dubious.

Scumware can be responsible for all sorts of nasty things. It can make your system unstable, degrade system performance, create scores of copies of itself to make removal difficult, force your browser’s default home page to point to a site the scumware is promoting, add advertising links to Web pages, make your modem call premium-rate phone numbers and create major security holes in your system.

I thought I was careful about what I allowed onto my PC, but the first time I used SpySweeper I found 14 traces of scumware code (rather than cookies), which included five copies of Bonzi Buddy, six copies of Liveperson and one Webhancer.

Whether you agree that these particular products are scumware, the fact that there are multiple copies of many of these programs is very suspicious – are the programmers so pathetic that they can’t detect a previous installation or are they trying to do something else, such as ensure that getting rid of the scumware is as difficult as possible?

As for Webhancer, it collects the URLs of visited Web sites, records how fast they load and sends that data to Webhancer’s servers. Webhancer can execute code loaded silently from the company’s servers, and if you try to remove Webhancer, you’ll often find that networking stops working (Webhancer messes with registry entries).

In a corporate environment that isn’t locked down, scumware can be found on most PCs because users don’t read their end user license agreement (EULA), and even if they did, they probably wouldn’t understand the implications.

But what I find reprehensible is that a lot of scumware is installed by trickery. Gator offers users a utility that “synchronizes your computer’s clock to the U.S. Atomic clock ensuring you have the correct time,” but unless you read the entire EULA, you won’t know that you also are installing Gator’s ad-serving software. Worse still, that EULA can be buried under a EULA for another product or service.

In a corporate environment, the implications of scumware are huge when you consider the PC stability and security issues involved.

Explanations to