Friday, December 17, 2004

You've got spyware

Biz Tech Microsoft may charge for spyware tools

Microsoft recently bought a company that makes anti-spyware software. It is important for me to say that I believe that in many ways Microsoft is responsible for spyware as it exists today. You see, in 1996, desperate to catch up with Netscape after arriving late to the Internet, Microsoft released Internet Explorer 3.0, a web browser where you did not have to deliberately install plug-ins using a cumbersome procedure, but you could install little pieces of application via an existing plumbing method that Microsoft had developed for Mac and Windows (COM/OLE.) This was called "ActiveX" and it was meant to compete with Java. ActiveX potentially was far more powerful than Java, since it integrated far more tightly with Windows' existing component architecture than Java did. Pretty soon, everyone offered up ActiveX controls - Flash, Shockwave, Acrobat... and many other lesser viewing tools, games, chatting widgets, you name it. I even developed one such widget at one point at my work.

In the late 1990s, some nefarious operators began to realize that, since people often were willing to let web pages install just about anything, that they could make ActiveX controls that would spy on your Internet activities. It got worse after Microsoft won the browser war decisively. After Internet Explorer 6.0 came out, Microsoft seemed to me to more or less abandon any real continued work on IE. After all, when you have nobody to compete against, why spend the money?

In the last two years, as Internet Explorer languished in this apparent abandonment, hackers and other Internet hooligans began to realize that there were ways of getting spyware and other things installed onto your computer via ActiveX without asking for your consent. If they posed as a trusted computer network, for example, you'd have spyware without even knowing you'd been infected. And a cottage industry has emerged to protect Internet Explorer from spyware - I had to use Ad-Aware a few weeks ago when my eldest daughter found where I'd hidden Internet Explorer, used it, and got my computer so badly infected with something called tibs3 that I could not even run Control Panel!

So I think it takes a certain degree of audacity that Microsoft would charge for spyware removal tools, considering how I feel about their culpability in causing the problem to be there in the first place!

My way of avoiding spyware has been to switch from Internet Explorer to the new Firefox web browser. And the reason for that is best summed up in this joke that computer security experts like to tell each other.

Two campers are walking around up in the mountains. Suddenly a bear comes running out of the woods only a hundred feet away. But instead of running away one of the guys throws down his pack and takes out his tennis shoes. He then changes out of his boots. "What are you doing asked his friend? You can't outrun a bear." His friend looks up at him and replies... "I don't have to outrun the bear... I only have to outrun you."


Since all the guys designing spyware are targeting the juicy targets of Internet Explorer and ActiveX, if you join the tiny minority of people using something a little better and safer, you will escape their notice.

No comments: