Attached Link: http://my.aol.com/news/news_story.psp?type=1&cat=0700&id=2005052320230002845169

I wonder who was the one lone congressman to vote against the bill that all 395 other congressmen voted for? And what the people who elected this person think about it.

Must likely some ol' fossil that's been around since Truman.

"The bill gives the Justice Department an additional $10 million per year through 2009 to fight spyware." Money well spent I hope. I'dlike to see them all get busted. Tom

I wonder who was the one lone congressman to vote against the bill that all 395 other congressmen voted for? I wonder, too, but possibly the bill has some poorly written clause in it that s/he felt was inappropriate. It may not have been the idea of the thing, but the execution that they were objecting to. Just a thought. bonni

Attached Link: Kinda of ironic that is

hmmm Ive got a bad feeling about this. Gotta watch out for this stuff -- its often not as it appears on the surface, and the aspects touted in the press usually emphasize the flashy part, yet neglect to elaborate on the real intent and consequences of the legislation. Note the article highlights that the bill would increase penalties for CRIMES committed with spyware. Well and good, however this does nothing to address the real use of most spyware, which is not to commit crimes, but merely to lurk on your computer and develop a profile of you that is then marketed to advertisers. Most of the data from those hidden apps does not end up with some cabal of credit card thieves, but rather with folks like WallMart, or Sprint. Establishing what is illegal is also tantamount to pronouncing any excluded behavior as permissible. I suspect that the Direct Marketing industry, the primary users of spyware data, is strongly in support of this bill as it tends to differentiate their endevors from the criminal behavior committed with spyware and thereby legitimize and eliminate potential barriers to their commercial activities. And that does not bode well for the rest of us. That means more spyware, not less. Perhaps too cynical here, but come-on, doesnt 395 to 1 just smell a bit like another knee-jerk, jump-on-the-bandwagon, vote by congress, with only one guy who took the time to actually read the fine print and consider the real motivation behind, and broader implications of the act?

"Most of the data from those hidden apps does not end up with some cabal of credit card thieves, but rather with folks like WallMart, or Sprint" But then again most folks would object to have Wallmart or Sprint marketing people peeping through the livingroom windows so they can observe your habits hmmm, so why allow them to peek into your PC? The fact that Big Money does it, doesn't make it right, even though they have an easier time buying, I mean influencing politicians.

"so why allow them to peek into your PC?" This bill does NOT outlaw the use of spyware, just increases penalties for a few, already illegal, uses of the data collected. You seem to have missed my point. I am suggesting that, under the guise of protecting the poor stupid public from identity theft, this act would appear to actually promote and further the legal uses of spyware, which is far & away the largest current application of the stuff. This legislation is a smoke-screen for legitimate advertisers and marketers who wanted a definition, a line drawn between legal and illegal, so that they could relax and safely continue their legal use of more of the junk with indemnity. Congress has obliged them. By giving a red light to just a few, they have in effect given a green light to all the rest. Again, this act will result in more spyware, not less.

The only way to kill spyware is to never use IE and run ad-aware after a new software install. It only depend on you, you have the power, if you will depend on them, then every 5 seconds you will have a new pop-up selling you something.

Message edited on: 05/24/2005 05:14

Personally I think Spyware is a crime no matter what the purpose the data is used for. Spyware is theft plain and simple. It steals your bandwidth, your processor, your hard drive space, often completely without any form of permission and sometimes in defiance of a stated refusal to download the spyware. I've seen Spyware circumvent firewalls, opening holes that any hacker could easily exploit. If the DMCA makes it possible to prosecute anyone who makes tools to circumvent copy protection, why can we not have a law that makes circumventing spyware and popup blockers illegal? Their tricker is making systems vulnerable to malicious exploitation. I've seen one spyware program that lurks on your system for no other purpose than to allow those that control it free access to download their crap onto your system. And if they can, it's a short step before anyone can download and run whatever virus they want to spread. If I had my way spyware would be a capital offense. Or at least good for some time getting a good solid caning.

"The only way to kill spyware is to never use IE and run ad-aware after a new software install."<<< Or be on MAC OSX. >>>>"If I had my way spyware would be a capital offense"<<<< Really now??? a bit melodramatic dont you think?? I tend too agree with Nance in that, that many votes for a bill usually means the congressmen barely read the legislation and staff members and pollsters told them this was a "consumer issue" that will be very popular etc.

Guys and gals, there were actually 2 bills passed. The other one got 3 votes against. One I cannot recall, but one was a rep based in California, near a tech center, and one is a liberal from Texas (how did that happen?) Both said however, that they voted against because they felt the bill violates some form of free speech. Now I love my freedom and all, but I think this freedom of speech/press has gone too far. The press has the right to state anything they please as factual, as long as they don't outright lie. And the civil liberties groups fight to keep speech free, even to the detriment of the public. In reality, if we had total freedom, we would have anarchy. Now I don't agree with giving up my rights, but to use my right to an opinion to support an argument against the fight on spyware is distasteful, at best. It seems the few who voted against the bill are the ones who need to be looked at more critically. Granted, I agree these measures will help out "legit" spyware organizations. However, if it prevents even a fraction of crapware from invading my system, then it has helped in leaps and bounds. As for those who argue not to use IE, or MS, etc. Let's give up the argument. In the recent tech news it has been documented that ALL popular operating systems and browsers have vulnerabilities. The same is true of any software. If one person makes it, another can surely break it. The reason you don't hear about the issues with Macs or Linux systems, or Firefox, Opera, etc. is because the majority of the users of those products are rabid fans. Script kiddies hate Microsoft and enjoy attacking it at every opportunity. It doesn't make MS good or bad (other issues do that.) In the end yes, vigilance by the public is key , and the passing of laws should be seen as just help. But every little step counts.

" In the recent tech news it has been documented that ALL popular operating systems and browsers have vulnerabilities. The same is true of any software. "

This is not true, for a well designed operational system is impossible to happen things as virus, trojans or spyware.
Look at the mainframes, it never happens, the only cases of fraud are where employees or members of the directory were involved, had physical accesss to the computer and have robbed or payed for the required priviledge codes.
On the other side Microsoft had incorporated inside their Windows resources that are never allowed to be used in secure operational systems, this resources are back doors to be used by Microsoft itself, by his business partners (spyware) and of course the same resources can be used by hackers and virus makers. The only problem that Microsoft has, a problem without solution, is that Microsoft and his partners want that they are the only ones that can use these resources and not other people. Any patch released is not for closing the door is only an atempt to try to restrict the door to only them, but once a door is created it can be used by anyone!
Linux and Mac are secure by the only one reason, they have not these back doors!

Message edited on: 05/24/2005 13:56

Apple's got a pretty decent solution to this as well, you have to supply a password everytime you try to install something. Thus nothing can be installed behind your back. I'm sure someone will find an error in the implementation, but it should be fixable when it happens. I think this should be mandatory on consumer level OS's at this point.

Legislation like this is generally a bad thing, we don't need more toothless/unenforceable laws. It will be difficult to prosecute, cost taxpayers money and in the end those who wish to engage in such activities will find another way to do so. Anyone receive zero spam after the spam legislation happened? Didn't think so. Trying to legislate application of technology is dicey at best, pointless and costly at worst. I think this legislation was grandstanding - thus legislation at its worst.

I've been running some combination of Mozilla/Firefox, avast, zone alarm, spybot and adaware for a few years now. I also don't mindlessly install every "free super widget" that comes down the pike. I've gotten zero popup windows, trojans, virii, worms and no successfully executed spyware in all that time. The solution to technological problems usually isn't legislation - it's better technology. Currently, legislation just opens up a new avenue for misuse of law, a new source of funds, and an additional expansion of power for government. It's left to the taxpaying citizens to bear the costs both financially and in terms of reduction of freedom. Bad deal.

As long as we're totally off topic in a crummy government kind of way, I find it funny no one mentioned the more egregious "RealID" backstab that got slipped into the Iraq spending increase a couple of weeks ago. I'd like to think that's a bit more "interesting" than a spyware law.

Unzipped

PS. Apologies to all non U.S. citizens to which this post does not apply

Unzipped

Message edited on: 05/24/2005 14:16

Mac and Linux are not targeted because there are not enough of them to make it worth while. The biggest security problem is the ignorant user. Spyware does not need backdoors, there are enough people letting it in throught the front door. The only "secure" system is an isolated system. everything else is some degree of insecure.

Actually, these systems have had documented vulnerabilities in the recent past. But that is really here nor there. It doesn't make sense to hack a Linux box, 9 of 10 times it's a seasoned pro at the keyboard. It doesn't make sense to hack a Mac, it's still a niche society. Windows is ubiquitous. Just in a numbers game alone, if you want to phish, go for Windows boxes. It's like going to Vegas with ten thousand bucks and just playing slots, eventually you will hit. All software can be hacked. Don't be fooled by hype purveyed by Open Sourcers, radicals, etc. Heck, Apple's own song site had a huge leak a few weeks ago. Can't blame Windows for that. In reality, if someone wants to get to you, they will. All you can do is be vigilant on your own end. I have run IE for ages now. I get the patches when they are released. I run Spybot in TSR mode. I run AVG antivirus once a week. I get no popups, the only adds I see are banners, and I don't get infected. The two times I did get infected were because I specifically went to sites that dealt in cracking and such. That was my own fault. I know the law you are talking about Unzipped. Here is my thing though. Why does everyone think it is such a bad idea to have a national ID card? I mean, by law, in every state of the Union, you must have a legal ID by the age of 18. This really just makes it a national requirement. I think it hillarious that people can make a stink that somehow their freedoms are being violated just because the governement wants you to be able to prove who you are, in an effort to combat terror. I watched the towers fall on 9/11, literally. I happened to be blessed enough to be just outside Manhattan, but I was there. If something as simple as an ID card will help prevent that ever happening again, where do I sign? I absolutely will not give up liberty. However, I don't see where this law changes anything, rather it seems to only reinforce what is already in place so that illegal immigrants, with intentions of destruction, can be found. Maybe I am way off base, and if so, please tell me so, but I don't see what the real problem is. (Pssst, the government already knows who you are, if you paid your taxes this year...and if you didn't...)

How exactly does a ID stop terrorism? If I recall correctly most (if not all) of the 9/11 hijackers were in the country legaly and had valid drivers licences in their real names. I guess it makes it easier to identify the bodies. Second problem. IDs on forgeners are only as good as the documents they are based on. If they want to fake an ID they can just fake an ID from another country then get a "valid" ID when they arrive.

"Spyware does not need backdoors, there are enough people letting it in throught the front door." If you visit some site with IE you will get a spyware installed in your computer without your knowledge, visiting the same site with Netscape/Firefox/Mozilla nothing is installed in your computer. It looks more a back door that IE is using than a front door. ------- "If something as simple as an ID card will help prevent that ever happening again, where do I sign? " Where I live I allways had ID cards, but the ID hadn't any effect on terrorism or guerrilla, they always have fake IDs and identities!!!, or do you believe the faerie tale of the 9/11 hijackers?

"I know the law you are talking about Unzipped. Here is my thing though. Why does everyone think it is such a bad idea to have a national ID card? I mean, by law, in every state of the Union, you must have a legal ID by the age of 18. This really just makes it a national requirement. I think it hillarious that people can make a stink that somehow their freedoms are being violated just because the governement wants you to be able to prove who you are, in an effort to combat terror. I watched the towers fall on 9/11, literally. I happened to be blessed enough to be just outside Manhattan, but I was there. If something as simple as an ID card will help prevent that ever happening again, where do I sign? I absolutely will not give up liberty. However, I don't see where this law changes anything, rather it seems to only reinforce what is already in place so that illegal immigrants, with intentions of destruction, can be found. Maybe I am way off base, and if so, please tell me so, but I don't see what the real problem is. (Pssst, the government already knows who you are, if you paid your taxes this year...and if you didn't...)" Please to be supporting your claim of every state requiring ID. I'm not aware of any such law, I don't think there is one. As Tyger says, a national ID will not prevent terrorism in any way. In fact it may make it easier, they don't have to fake it - steal some peoples' ID's and you've got everything you need to take their identity, do your thing, no fuss no muss. Also let's not forget about people who live in this country and commit mass violence. A national ID would have done nothing to stop a unibomber, Timothy McVeigh etc. "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety"- Benjamin Franklin If as you say the national ID card would not change anything, I say there's no reason to have one. I can think of many possible abuses, and no benefits. That you are so willing to trade my rights away for phantom security makes me think you aren't qualified to participate in this discussion. I'm sad that you live in fear, but don't screw up what this country was founded on to assuage it.

As far as I know I'm not required anywhere in the US to carry any form of picture ID. Yes I have to have a Drivers License to drive, but that isn't official 'ID' though it is used as such. That is why when you perform certain tasks, go to court or airports they have signs informing you that you must have picture ID to proceed further. It's also why when a cop stops you if you are walking down the street they ask, "Do you have any ID?" and not "Vhere are your papers, comrade?" Yes they can detain you until your identity is confirmed but it isn't against the law to not have ID. So screw a national ID system, that frankly would be flawed from the get go.

Whoa, take it easy. I never said I was willing to sacrifice freedom, quite the contrary. And to tell me I have somehow lost my right to participate in this discussion directly violates the rights you so passionately defend. Look as far as the ID issue, yes, it is law that you must have an ID. I know of no state where an officer cannot issue you a summons if he/she stops you and you do not have a valid ID on hand. (Granted, it is a blue law, like having at least a dollar in your pocket at all times, but it is still a law.) You know, I will give it to you though. Now that I think about the national ID, from your point of view, you make sense. It really is a simple matter of faking an ID if need be. Though I still don't think it violates my right to privacy to have one. In reality, you can be tracked via your driver's license throughout the country. You can be tracked in the NY metro area via EZ-Pass (a toll-paying RFID device.) You can be tracked via bank/credit card. If you think about it, you can be tracked in so many ways you never even think about, that the media hyping this law really makes it worse than it really is. No, I do not want big brother telling me I cannot go where I please, when I please to do so. Am I in favor of sacrificing liberty for the assurance of safety? Not at all, since safety is not garunteed anyway. Now please, why don't we bring this back to a discussion level. I see no reason to argue. I think this is a very intelligent conversation, and some really great points have been raised. I would really appreciate not being directly attacked though. That's what the people in Washington are for ;-)

Detaining you for not having the ability to validate your ID is only legal because it is the law to have picture ID. I probably should have been more clear on that point. It must be a valid ID, that proves your identity. Now it is not a capital crime or anything. As I said, it is simply a blue law. And agreed. At this point, I will admit I was wrong to think a national ID is a "good" idea. I still don't believe it is such a great violation of my civil rights. However, the argument that it doesn't help is perfectly valid. And thinking further about it, how about national healthcare before a national ID?

"it is law that you must have an ID. I know of no state where an officer cannot issue you a summons if he/she stops you and you do not have a valid ID on hand. (Granted, it is a blue law, like having at least a dollar in your pocket at all times, but it is still a law.)" I'm pretty sure there is no such law. Regardless, currently, a law officer has to have a reason to ask for your ID, he can't do it just to see if you have one or not. I'm sorry for sounding so harsh, I'm glad to see you're reconsidering things. "you can be tracked in so many ways you never even think about, that the media hyping this law really makes it worse than it really is" All of those ways involve a voluntary identifier, not a mandatory one. If I want to opt out I can. Not so with this. That's the difference. I wish the media had hyped this more so that more people were aware of it - it is not the sort of thing that should have been attached surreptitiously on the back end of a bill that it would have been political suicide to vote against. Apart from the numerous possibilities for abuse without real benefit, just the fact that it will increase our tax burden and make our government larger than it already is represents a serious negative, at least to me. There certainly are much better things we could be doing with the time, energy and resources supporting this mistake will cost. Unzipped

Unzipped, tis the story of the US government. Waste, waste, waste. I thought the media did make a big deal about it. I saw it all over the news for a week. As for attaching things to the back of bills, that is pretty much a daily occurrance. Yes you are right you can technically "opt-out" of the other things. However, how many people use none of the things I mentioned? It doesn't really matter though, we have no control over the passing of this bill. All we can do as citizens is try to assure that it doesn't interfere with our rights. I still don't really fear the national ID, though I have heard there is talk of making IDs with RFID included. Now that I am fully against, and was in the first place. An ID to me is no big deal. But if there is a chip inside that can be tracked at any time, then I have to start letting the conspiracy theorist out. Anyway, glad to see this came back to a good discussion. Thanks for being patient.

"I have heard there is talk of making IDs with RFID included. Now that I am fully against, and was in the first place. An ID to me is no big deal. But if there is a chip inside that can be tracked at any time, then I have to start letting the conspiracy theorist out." Exactly and the text of the bill as passed allows for this. This is why something like this needed more exposure than it got, we needed things like this clearly and explicitly delineated, and they haven't been. Just because they've always done things a certain way doesn't make it o.k. I'm not ready to admit we don't have control over these things - it is somewhat naive but I still operate under the hope that we do still have a representative form of government, so I do still write my congresscritters on things I deem of importance. Sometimes they even write back! I also try and tell anyone who will listen about what's going on. Glad to see other people are paying attention too. Unzipped

On the topic of Macs being hacked less because it is not worthwhile due to the lesser numbers of machines. A while back there was a challenge to the hackers to hack a Website running on a stock Mac. No special software or unusual security implemented on the Mac sever. They offered prize money and the challenge ran 2 months, The challenge logged over 650,000 hits with over 100,000 unique Ip address's. The results, no one was able to hack the site:-) This offers some testament to the security of the Mac system, a well designed Unix operating system is an extremely tough nut to crack. Food for thought, Ps, i hate the concept of spyware and its implementers, worst scum on the planet, just glad to be on a Mac. Ron

The challenge logged over 650,000 hits with over 100,000 unique Ip address's unfortunatly it does not indicate the level of hacking skill that atttempted to get in. Is it better than stock windows....most likly...but dont get too cocky. ;-)

Yeah im sure the really good Hackers wouldn't want the money or the prestige of being the one to crack the Mac. LOL. Seriously though i am glad to see someone starting to take action against the internet parasites ;-) There are enough hassles in life without malicious spyware.. Now if we can get rid of telemarketers, that would be a major public service as well LOL Ron

the software was Star 9 server software and the prize for the last challenge they ran was 100k, it ran for 3 months and had the same results as the last one, zero sucessful hacks

For hacking a site or computer there are needed two or three elements: 1) To upload some code. 2) Change the code file to executable mode (Only Unix style OS), for Windows this doesn't exist at all. 3) Execute the code. Step 1: Can be done by a hacker. Step 2: Only can be done by a person with supervisor priviledges access to the computer, a hacker haven't these priviledges. Of course that this step on security doesn't exist in Microsoft universe. Step 3: You must execute the code, for executing the code you must have access to the computer, a hacker has not the access, he need to execute the code first to obtain access. Of course that Microsoft solved this problem for the hacker and IE, Outlook, Messenger can execute a code remotely in your computer without your knowledge, but this only happens in Microsoft's world, in secure systems this is never allowed.