Spyware is loosely defined as any program that monitors a user's activities on a computer, that then sends that information to a company so that they may then re-use, or re-sell, that information to try and advertise to the user (usually through spam email).
Spyware is almost universally reviled. Many people consider it an invasion of privacy, and I agree with them. To me what is on my computer, and to what degree I use my computer for my own uses, is no one else's business.
Many popular P2P programs, such as Kazaa, contain spyware, unbeknownst to many naive users. Many 'download accelerator' programs contain spyware as well. Even Microsoft's Windows Media Player contains spyware within it.
Unfortunately, installing the programs that contain the spyware installs the spyware itself. And, by agreeing to the licensing terms within these programs, many people have agreed to let the spyware programs be installed. Even uninstalling the offending program that a user originally downloaded often does not remove the spyware from the user's machine.
Adware is a form of spyware that afflicts the user with enormous amounts of pop-up and pop-under ads while the user surfs the web, or uses the program that contains it. These ads become tailored to the types of web sites that the user visits/uses of the program originally downloaded.
For example: if a user likes to visit porn sites, they will get ads for penis enlargement, or viagra-type sexual enhancers, or even porn sites themselves. If a user likes to visit computer hardware pages, they will get ads for computer upgrades and monitors. Etc.
Like normal spyware, many users do not realize that the 'free' program they have downloaded contains the adware. And, like normal spyware, the clickable license that the user agrees to states they agree to have this software installed. Again, uninstalling the program that contained the adware often does not remove the adware itself.
Kazaa is a program that actually uses normal spyware, as well as adware. The ads become tailored to the type of files the user downloads the most, as well as the types of web sites the user visits. Even web pages that don't have pop-up/pop-under ads will begin having them for users with Kazaa installed.
Many vendors defend the use of spyware and adware as a source of potential revenue. Some also say that in order to release the programs for free, they must allow the makers of the spy/adware to add these programs to their software; since the makers of the spy/adware programs often help to cover costs by contributing (sometimes large) sums of money to the development of the programs.
While spyware and adware are bad enough, there is actually a worse problem to worry about. Back doors left in programs that allow the software vendor complete access, if not complete control of a user's computer.
Microsoft is at the forefront of this movement.
When a user installs Windows XP on their system, upgrades their Windows 2000 to Service Pack 3, or even just upgrades their Windows Media Player to version 9, they all agree-- through a clickable license-- to let Microsoft have unrestricted access to their computer's hard drive. This isn't just for seeing what is on the drives, either; Microsoft has every right to change the user's hard drive contents as it sees fit, and with no liability to themselves for any damages this may cause to an end user's computer.
Part of the license agreement reads, emphasis mine: "You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer." Source.
Many businesses are refusing to upgrade to Service Pack 3 precisely for this reason. Businesses, however, are really the only users that read software licenses, especially clickable ones. They fear that Microsoft may use this ability to harm their business in some way, especially if they put forth a possibly competing product to one Microsoft makes (such as web browsers, email clients, user authentication software, media players, etc.)
Some businesses are actively looking for alternative networking solutions to Microsoft's products. They do not want Microsoft to have access to their networks, and as a result, their IP, customer database, and financial records. Others are just going to stay at Service Pack 2, even though SP3 fixes many possible security threats in Windows 2000.
General consumer end users, however, normally don't read these clickable licenses. It is the general consumer end user who is at most risk from Microsoft, and any other company that decides to add such a term to their license (as well as a back door into their programs).
At this point, we've all seen them. Generally from downloads of updates from Microsoft, but also upon the instillation of many types of software from office suites to games.
Most of the consumers, however, don't read them. They simply click the "I Agree", or whatever term is used for the license in question (varies from publisher to publisher). However, this is why consumers stand to lose the most freedom and personal privacy.
So far, clickable licenses have held up in court as valid. No signature is required, but the licenses stand as long as you click the appropriate agreeing choice. Most software with such licenses will not install itself if the licenses are refused.
Even console games have similar licenses, but they are printed in the back of the instruction manual. These are considered binding as soon as you open the package.
Because most consumers don't read the licenses they are legally agreeing to, software vendors can put many things within these licenses that the consumer would most likely object to if they had read them. Back doors in programs (Windows XP, Windows 2000 SP3, Windows Media Player 9 for all versions of Windows), spyware (Kazaa, download accelerators, etc.), and adware (Kazaa, download accelerators, etc.) would normally not be agreed upon should these licenses be read.
Of course, being as the licenses are often written in legal terms, they may be somewhat hard for the average user to understand, even if they did read them.
Microsoft has stated that these wordings are purely to comply with future DRM agreements and to protect the IP of whoever owns it. The possibilities, however, are far more onerous.
Digital Rights Management
DRM is the new buzzword around corporate headquarters around the world. With the popularity of file sharing not dwindling down, content owners are ever increasing their desire to strictly control their property. And end user be damned if necessary.
The Recording Industry Association of America, or the RIAA for short, recently tried to get a proposal passed that would allow them to do almost anything short of sending computer viruses to users computers, to try and stop the use of file sharing programs. The proposal asked for the right to send Denial of Service attacks against file sharing networks (DoS); posting false MP3 files with no sound, or corrupted data, with the hopes that people would end up downloading them instead of the real MP3s of the songs; or even programs that would allow the RIAA access to people's computers to erase the traded MP3s.
Microsoft has been another leader in arguing that DRM protocols must be put in place in order to allow copyright holders the ability to control who uses their copyrighted content, where, and when.
The Windows Media Player has, since version 7, stored a file that it periodically sends to Microsoft's servers informing Microsoft of what DVDs, and CDs an end user uses with the program. It also uses an early form of DRM protocols which disable the use of WMA files ripped with the player to work on another computer (files may be re-burned onto CD for use in audio CD players, however).
With the release of Windows XP, Microsoft went a few steps further.
Using the new Product Activation feature in Windows XP, Microsoft has the ability to deny users the right to even boot up their own computer. Should you make a certain amount of hardware changes to your computer (for the purpose of upgrades, for example), then Windows XP will simply not boot up. Instead, you must contact Microsoft and get a new product activation code to allow the software to work. The stated reason for this is to keep users bound to the 1 machine per license Microsoft strongly enforces; if you make too many hardware changes, Windows XP assumes you have tried to put it on a second computer without buying a new license.
If you are connected to the Internet while using Windows XP, the OS tries to contact Microsoft's servers whenever you open a file or program. The purpose of this is to allow Microsoft to see what files or programs you are opening. It doesn't send a copy of the file, but it informs Microsoft of the file name and extension (.exe, .jpg, .mov, .mp3, etc.).
Adding this to their back door, and Microsoft now has the ability to enforce DRM upon consumers. Whether the consumer wants it or not.
Using their proprietary DRM protocol, Palladium, Microsoft hopes to entrench all users in the use of DRM signed media. This has content holders overjoyed, while privacy and fair use rights, and other civil rights activists outraged.
Part of the problem comes from the potential for Palladium to be used to further Microsoft's own agenda. Through the use of Palladium, it has been theorized that Microsoft could lock users out of their own created content. And Microsoft wouldn't be the only ones doing so.
Possible harmful uses for Palladium include:
Locking of all office suite documents so that only a Microsoft made office suite program will open them.
Allowing remote deletion of files deemed 'inappropriate' by corporations and/or the government.
Censorship of the public through remote deleting of files criticizing the government, Microsoft, or any other company that wishes to do so.
Locking out of third party programs so that only Microsoft, or their partners' versions will work.
Disabling of firewalls and other network protection resources to allow Microsoft, its partners, or the government access to the computer in order to check for Palladium compliance and to check for offensive files/material.
And many others.
Some people have theorized that Palladium may be one reason the Bush Administration Department of Justice backed off of the anti-trust case. It is, according to the theory, entirely possible that Microsoft has given the federal government the full use of the features of Palladium in order for Department of Homeland Security to effectively work.
In other words, the theory is that Microsoft has basically sold the federal government the ability to spy on its citizenry whenever it wishes, and in a way they might not have easily been able to do before.
Other countries have also theorized this, hence the apparent large undertaking by many foreign governments to remove all versions of Windows from their official computers and networks. These governments include Peru, China, Germany, and France. They figure that if the US government can use Windows to spy on its own citizens, then surely the US government could do the same to them? They also aren't exactly excited at the prospect of Microsoft also having free access to their governments' official computers.
Microsoft's next operating system, currently code named Longhorn, will be a fully Palladium compliant OS. In order to utilize this OS, businesses and consumers must purchase Palladium compliant motherboards, which contain an extra chip to utilize Palladium, currently called "Fritz".
Microsoft is also heavily lobbying for a bill called the UCITA (The Uniform Computer Information Transactions Act), which would make software licenses binding, even if the end user is not allowed to see them. The UCITA could then be used to allow program vendors to insert clauses in the license making it a violation of the license to even criticize the program or company in print or in public; allow vendors to change the terms of the license and make it retroactively take effect; or install backdoors into programs that would allow the vendor to be able to seize control of the end users computer whenever they wish. See links at the bottom of this article for more information on the UCITA.
It should be noted, however, that many groups oppose the UCITA, including the American Bar Association, The American Library Association, and the Computer Professionals for Social Responsibility. The bill has also failed to pass in many states; only Virginia and Maryland have passed versions of it. 26 State Attourney Generals also oppose the bill.
Install a firewall, and not the one found in Windows XP, on your computer or network. Zone Alarm offers free simple firewalls to use, as well as more robust ones for purchase, as do other vendors. A Google search will find you more vendors.
A firewall can be configured to alert you every time something tries to transmit data from your computer or network to something on the Internet. This can be used to block spyware, adware, and Windows XP's attempts to contact Microsoft. You may also set a firewall to ask your permission when something does want to transmit to an outside source. Deny this permission if you do not know what the program is, or do not want it to send the information even if you do know what it is.
Run an older version of Windows (95, 98, Me, 2000 up to SP2), do not download any security patches, and do not upgrade to Windows Media Player 9.
If you do not upgrade your OS, download any security patches for the OS, nor install WMP9, then the new EULA found with these upgrades is not in effect for you.
Change computer's operating system.
Switch to Apple Computer's Macintosh platform. As far as is known, Apple does currently not have these licensing terms in effect, nor has any plans to add them.
Switch to a Sun Microsostems solution.
Switch to an open source operating system. Linux, FreeBSD (and other BSD variants) and other open source operating systems do not have such infringing licenses upon them. Their source code is freely available, and able to be checked at will, as well as free to be modified to suit end users needs (provided the user has adequate knowledge to do so). These operating systems, however, do not carry a warranty. If switching, try and find a distribution house that will offer technical support for free or a small fee if problems arise.
Switch business servers over to Macintosh, UNIX, or an open source operating system for the same reasons listed above.
Contact your representatives.
Contact your representatives, and demand, in a tact manner, that they oppose any action taken by a company to infringe upon your rights to privacy, and free speech. Inform them that should they not do so, that you will organize voter rallies to support a candidate that will support your rights.
Politicians want votes. If enough people are informed that representative X is supporting corporate or government agendas to limit voter's rights, then that representative will not become re-elected.
More links on the subject of backdoors in programs:
www.lugod.org (Multiple links within)
Google can also find many more articles.
More info on the UCITA:
InfoWorld (Multiple links within)
Affect Americans for Fair Electronic Commerce Transations
ALA The American Library Association
CPSR Computer Professionals for Social Responsibility
Google Links to multiple references of the UTICA and articles about it.