Reuters

Published on ZDNet News: Oct 2, 2007 5:32:00 AM

 

Most Americans believe their computers are protected against viruses and spyware, but scans found that a large number had outdated or disabled security software, according to a poll buy cialis generic released on Monday.

 

Fully 87 percent of Americans polled said they had antivirus software, 73 percent said they had a firewall and 70 percent said they had antispyware software, according to the survey by security software maker McAfee and the National Cyber Security Alliance.

 

But when pollsters asked to remotely scan the respondents' computers, the story turned out to be very different.

 

While 94 percent of those polled had antivirus software, just half had updated it in the past month, the survey showed. Eighty-one percent had a firewall protecting private information, but just 64 percent had enabled it. And 70 percent said they had antispyware software, but only 55 percent had enabled it.

 

Spyware not only monitors what a computer user does, but can also install software without the user's consent and interfere with the computer in other ways.

 

Bari Abdul, a McAfee vice president, said most viruses were not written by attention-seeking hackers looking to pull a prank.

 

"Most of the action has gone to stealing identity," he said after speaking at a cybersecurity conference sponsored by the National Cyber Security Alliance.

 

Nine percent of those polled reported having had their identity stolen, he said.

 

The survey questioned 378 people between August 2 and September 10 about security on their home computers. The Cyber Security Industry Alliance is seeking U.S. legislation to set standards for the government and private industry to prevent data breaches and tougher criminal penalties against spyware.

 

The Federal Trade Commission, which is one of several government agencies investigating cyber fraud, said on Monday it had stopped a scam that had infected 15 million computers.

 

Three men, who gave up the $330,000 they made from the scam, collected various forms of spyware and adware and used them to infect computers, the FTC said. They made money by putting adult ads on the computers and advertisements for Internet-based businesses or travel.

The unwanted software was hidden in free screen-savers and video files that users downloaded.

"Every time they infect a consumer, they're getting paid," said Ethan Arenson, one of the FTC lawyers who worked on the case.

 

FTC Chairman Deborah Majoras urged computer users to protect themselves against malicious software.

 

"I can tell you we have two dozen open investigations into data security," said Majoras told attendees at the first National Cybersecurity Awareness Summit, held this week in Washington, D.C. "We can't round up all the bad guys."

 

Majoras said she wanted to computer users to hit "delete" instead of "reply" when they get spam or e-mail that is "phishing" for personal information that could be used for identity theft.

 

"Phishing absolutely drives me insane," she added.

 

Pasted from <http://news.zdnet.com/2100-1009_22-6211093.html?tag=nl.e550>

 

By Declan McCullagh, News.com

Published on ZDNet News: Oct 3, 2007 6:20:00 AM

 

Police Blotter is a weekly News.com report on the intersection of technology and the law.

 

What: Hospital respiratory therapist files lawsuit against hospital for unlawful termination, blaming malicious software for bookmarking pornographic Web sites.

 

When: U.S. District Judge Sarah Evans Barker rules on September 26.

 

Outcome: Hospital wins motion to dismiss.

 

What happened, according to court documents and other sources:

 

David Farr was once employed as a respiratory therapist at St. Francis Hospital in Indianapolis, Ind. He started there in October 2000 and was the only male respiratory therapist.

 

All of the seven respiratory therapists share a small office divided into individual cubicles with one computer in the center of the room. Each therapist is assigned a password, though it's unclear whether logs are kept of each user's individual activities.

 

In July 2005, Farr's supervisor informed him he was suspended from work because pornographic entries were found in his "Favorites" file, apparently a reference to Web sites bookmarked. Farr denied being responsible and said he was rebuffed when he asked for details about the allegations.

 

Farr was fired in August 2005. An e-mail message from the hospital's lawyer at the time claims to "have evidence that provides us with reasonable belief that he was accessing pornographic Web sites on his work computer."

 

After losing his job, Farr went through the formal grievance process listed in the hospital handbook and met with no success. He filed a lawsuit after the grievance committee upheld his termination in December 2005.

 

What makes this case relevant to Police Blotter is that Farr claims that "St. Francis failed to install and update effective antivirus protection on its computers" and that any pornographic bookmarks were inserted by malicious software. He also claims that antivirus software was required by Health Insurance Portability and Accountability Act.

 

Farr even retained a computer forensics specialist who concluded: "No one had intentionally loaded the list of Web sites on the computer. Rather, the list was placed on the respiratory therapists' computer by a common and well-known Internet virus that promotes fee-generating pornographic sites."

 

buy cialis doctor online 0in; font-family: Verdana” align=”justify”>That is plausible. One of the malicious programs known to inject porn bookmarks is CoolWebSearch, also called CWS or CoolWWWSearch, and it's been around since 2003. Some reports have estimated that 5 million sites are infected with it and that more than 60 strains of it exist.

 

Probably the most famous example of someone seemingly ensnared by malware is the criminal prosecution of substitute teacher Julie Amero, who was arrested after the computer (which had been in use by the students) began displaying porn ads. Amero's conviction was overturned and she was granted a new trial in June.

 

In Farr's case, though, the courts weren't as willing to listen. The district judge granted St. Francis' request to dismiss four counts in Farr's complaint: allegations of unfair dealing, negligence, defamation, and wrongful discharge. (He has also alleged gender discrimination, saying he was singled out because he was male.)

 

The thing is, though, that it should have been relatively easy to figure out if Farr had actually been a customer of those pay-to-play porn sites. A cursory examination of the browser's cache and other log files would have showed whether just the home pages were visited (probably malware) or whether pages requiring payment were visited (probably a human). In addition, antispyware tools would have detected the presence of malicious software. However, there is no evidence that the hospital did either type of analysis.

 

Excerpts from the judge's opinion:

 

Farr argues that St. Francis breached two duties owed to him: 1) a duty imposed by the St. Francis Handbook to conduct a "thorough and fair investigation of allegations of wrongdoing that can result in termination of employments," and 2) a duty imposed by HIPAA, to install and maintain antivirus software on the computer used by the respiratory therapists in the course of their employment.

 

Although artfully phrased, Plaintiff's first claim is nothing more than a general claim of negligent performance of an employment at-will contract on the part of St. Francis. As such, Plaintiff has failed to state a claim as Indiana has heretofore refused to acknowledge a cause of action in negligence based upon an employer's defective performance of an employment contract.

Plaintiff's second allegation of negligence also fails to state a claim as HIPAA does not create a duty on the part of employers to protect employees from computer-virus-related injuries; instead, HIPAA creates a duty owed by St. Francis to its patients to maintain the confidentiality of their protected health information…

 

The Indiana Supreme Court currently recognizes only three exceptions to the presumption that employment without a defined or ascertainable duration, or without a specific job security agreement, is terminable at-will: 1) when the employee supplies adequate independent consideration in return for permanent employment; 2) when termination contravenes a clear statutory right or duty; and 3) when the employee establishes promissory estoppel. (The complaint) implicates only the second of these exceptions, the public policy exception. In this count, Farr asserts that the termination of his employment constitutes wrongful discharge because St. Francis terminated him in order to cover up its violation of HIPAA.

 

The public policy exception to the at-will doctrine can be "generalized to the proposition that an employee who has been fired for exercising a statutory right or refusing to violate the law has a claim for wrongful discharge." This is a narrow exception to the at-will doctrine, and the Indiana Supreme Court has expressed its reluctance to broaden it absent direction from the state legislature.

 

Despite the reiteration of the narrowness of the public policy exception by the Indiana Supreme Court, Plaintiff implores us to extend the public policy exception to allow a claim for wrongful discharge when an employee is fired out of expediency to cover up an alleged violation of law by the employer. To bolster his argument, Plaintiff claims that his termination contravenes Plaintiff's "right to live his life free of specious and knowingly false accusations that were designed to hide his employer's wrongs." Although it is likely that most people would like to live a life free from specious and false accusations, Plaintiff fails to indicate how such a freedom is clearly secured by statute (specifically, HIPAA).

 

Pasted from <http://news.zdnet.com/2100-9588_22-6211377.html?tag=nl.e550>

 

By Ari Schwartz, News.com

Published on ZDNet News: Oct 3, 2007 4:00:00 AM

 

In a case that threatened to undermine the effectiveness of antispyware technology, a federal court last month sided with consumers when it ruled that companies can't be sued for providing Internet users with effective tools to protect themselves against online threats.

 

The case pitted Kaspersky Lab–which offers a range of antispyware and antivirus tools–against notorious adware distributor Zango.

 

A ruling in favor of Zango would have had wide-ranging negative impact, not just for Kaspersky, but for all antispyware developers, and, in turn, for the millions of consumers who rely on those companies to keep their computers free of unwanted, often malicious programs.

 

Thankfully, U.S. District Court Judge John Coughenour sided with Kaspersky, holding that the Communications Decency Act immunized the company against Zango's claims and giving users of antispyware software the comfort of knowing that their antispyware software can alert them about the potential risks of all questionable software.

 

Although the law protects consumers' rights to determine what goes on their own computers, it is antispyware and antivirus technologies that allow consumers to enforce those rights.

buy cialis brand 0in; font-family: Verdana” align=”justify”> 

It's difficult to overstate the importance of this ruling. A Consumer Reports study suggests that spyware will cost consumers $1.7 billion this year alone. At its best, unwanted adware/spyware is a persistent nuisance that saps vital computer resources, and at its worst it is a debilitating threat that can crash systems, open security holes and rob victims of their identities.

 

The good news is that the damage from spyware is down from $2.6 billion in 2006 due mostly to the growth of the antispyware industry and law enforcement action–including the Federal Trade Commission's recent $4 million settlement with Zango.

 

The global antispyware community–a group that includes security companies, consumer advocates, legislators and government agencies–has mounted a multipronged attack that includes lawsuits, novel legislative approaches and the aggressive enforcement of consumer protection laws. But the single most important factor in getting the spyware threat under control has been the profusion of powerful, effective technologies designed to help users protect themselves against online threats.

 

Although the law protects consumers' rights to determine what goes on their own computers, it is antispyware and antivirus technologies that allow consumers to enforce those rights.

 

Zango's lawsuit was a gambit intended to strike at the very heart of that essential resource.

The danger of the Zango suit and others like it is that deep-pocketed adware distributors (in 2004 Zango was named to Inc. magazine's list of the 500 fastest-growing private companies) will be able to use legal intimidation to bully antispyware distributors into hobbling the tools they provide for consumers. Judge Coughenour's ruling is an important step toward putting a stop to that approach by making it clear that antispyware software makers

 

• Qualify for liability protections as interactive computer service providers under law because they allow users to choose to connect to a remote server to retrieve new definitions files

• May subjectively and according to their own criteria label material objectionable

• Do not have to follow a "good faith" standard when labeling software objectionable

 

While this ruling suggests that antispyware companies have a lot of latitude in flagging software, the industry has recognized that users expect that antispyware companies must do due diligence in their decision-making. In fact, under the auspices of the Anti-Spyware Coalition, the antispyware industry has developed its own set of voluntary self-regulatory working reports that define spyware; set out objective criteria for flagging unwanted software, and lay out an approach that lets antispyware companies quickly and equitably resolve disputes with other software makers.

 

User empowerment is the best response we have to emerging Internet threats. The more control consumers have over their own computers, the less likely they are to fall victim to the unceasing flood of scams and exploits that menace the global Internet.

 

If we are going to continue to win the battle against spyware, legislators and the courts must continue to defend a robust, competitive marketplace for user empowerment tools.

 

Pasted from <http://news.zdnet.com/2010-1009_22-6211302.html?tag=nl.e550>

 

September 20, 2007

 

Personal data is a hot commodity. All sorts of businesses trade in data concerning what we buy, how much credit we have, where we live, what our interests are. This information is sold to advertisers, who then eagerly use it to more precisely target people that they hope will branded cialis drugstore be interested in their products — leading to all those annoying catalogs that litter your doorstep, for example, or the junk emails that choke your inbox every day.

 

Luckily for the advertising industry, modern web users have begun voluntarily providing all their personal details on social networking sites like Facebook and MySpace. Users of these sites happily upload all sorts of personal information about what books and music they like, where they shop, who their friends are, and where they live. While users of these sites may imagine that they control the information on their profile pages, advertisers are salivating at the thought of all that personal data just waiting to be processed, analyzed, and turned into profit.

 

Recently, both Facebook and MySpace have announced plans to do just that. The president of Fox Interactive Media, which owns MySpace, tells potential clients that “We have an opportunity to provide advertisers with a completely new paradigm.” The personal data of MySpace users will be used to generate “targeted advertising” that is tailored to each individual account, using algorithms that assign members to one of 10 main consumer categories.

 

Not one to be left behind, Facebook has a similar program. They now slip targeted ads into the “news feed,” along with updates about the user’s friends on Facebook, where they are sure not to miss them.

 

Google, which has access to some of the most coveted personal data on the Internet — your search logs — has recently acquired DoubleClick, a company that uses browser cookies to track what sites Internet users visit and what commercial advertisements they click while browsing. Google’s senior policy counsel finds it all quite innocent: “Simply put, advertising is information,” he said.

 

While none of this may be illegal, it does have ominous implications, as Cory Doctorow humorously points out in his recent short story, Scroogled. The personal data we now use to keep in touch with friends will soon help corporations target us more effectively. What’s to stop this wealth of data from creeping into law enforcement activities?

 

While it may seem odd to object to potential privacy violations of people who voluntarily share their own info, the bottom line is that users need to know what is being done with their information, and should have the opportunity to opt out of marketing schemes if they choose. Last year, when changes to Facebook's interface made it easier for users to track each other's changes, protests were loud and angry, leading to some changes in policy. Let’s hope a similar uproar greets social networking sites’ latest decisions to treat their users like products on the open market.

 

Pasted from <http://www.eff.org/deeplinks/archives/005454.php>

 

 

Two-tier internet could damage future growth

 

 

Neon Kelly, Computing 13 Sep 2007

 

 

A ‘two-tier’ internet where content providers pay a premium to guarantee a speedy web site will damage the future growth of the web, according to search giant Google.

 

The net neutrality principle ­ which argues that everyone should have equal access to data on the internet ­ is the key to ensuring fair competition online, Google director of research Peter Norvig told Computing.

 

‘The net has grown far beyond the original perception bounds because it is open and because services can be launched without being fettered by higher-level control,’ said Norvig.

‘At Google, best price cialis we think it is good for competition to try to keep services this way, and that is what we are going to push for,’ he said.

 

The net neutrality debate is taking off in the US. Google is asking the communications regulator to ensure the winner of the current wireless spectrum auctions will act as a wholesaler, guaranteeing competition.

 

And last week the US Department of Justice entered the dispute with claims that network operators such as AT&T and Verizon should be allowed to charge contact providers for access to high-bandwidth services.

 

Increased regulation of internet traffic may be inevitable because of technological rather than regulatory limitations, according to the ISP Association (ISPA).

 

‘If there is not some form of traffic management by internet companies, then services such as video and voice could be degraded to a point where they are unusable,’ said an ISPA spokesman.

 

But while Google is concerned that restrictions could eat into its profits, developments are unlikely to infringe on the freedom of individuals surfing the web.

 

Norvig spoke at last week’s annual conference of the Association for Learning Technology.

 

Pasted from <http://www.vnunet.com/computing/news/2198563/two-tier-internet-damage-future-3467157>