What to do about scumware?

The Scumware Song (to the tune of “The Christmas Song”)*

Software downloading on my desktop

Picked it up free online somewhere

Looks like good stuff but what if it’s not

Could I just have got some new scumware?

PC’s slower than a dead reindeer

Got me ripping out my hair

Things aren’t quite right on my PC tonight

Could I just have got some more scumware?

I know that ads are on the way

There’s lots of pop-ups to display

And my home page has been hijacked clean away.

And so I’m offering this warning

To newbies from one to ninety-two

Altho’ it’s been said many times, many ways,

The scumware swine want to get you too.

(* with apologies to Mel Torme, who wrote the lyrics for “The Christmas Song”)

I closed last week’s missive with the question, What are we going to do about scumware? Well, the answer rather depends on what you think can be done. Like spam, scumware is tricky stuff. For example, just as you have the problem defining what spam is, how do you define what scumware is?

Rep. Mary Bono (R.-Calif.) tried to do this with H.R. 2929, the Safeguard Against Privacy Invasions Act. This bill was introduced July 25 and was referred to the Committee on Energy and Commerce, where it has gone into hibernation. The bill’s attempt at defining spyware, which is one type of scumware, is brave but a little vague:

“The term ‘spyware program’ means any computer program or software that can be used to transmit from a computer, or that has the capability of so transmitting, by means of the Internet and without any action on the part of the user of the computer to initiate such transmission, information regarding the user of the computer, regarding the use of the computer or that is stored on the computer. In issuing regulations to carry out this paragraph, the commission shall distinguish spyware programs from other commonly used computer programs used to share information among computers in an organized network of computers.”

This definition could be applied to software registration compliance systems such as, oh, say, Windows licensing “activation” mechanism.

And again, this bill can do nothing about scumware created and downloaded from overseas.

I’m afraid that in the online world, U.S. legislation for scumware and spam can only curb the potential excesses of U.S. companies. And should this bill ever see the light of day – which I believe to be very unlikely – it undoubtedly will be as pathetic and watered down as the ill-conceived and essentially pointless CAN-SPAM Act of 2003.

There are only three things you can do to fight scumware. First, use technology – there are scores of products that identify scumware and disinfect your systems effectively. Second, educate your users.Getting users to behave in “safe” ways online will reduce the problem by orders of magnitude.

Third, make sure U.S. scumware vendors know how you feel. When you find their junk on your systems, write the creators. If we all send a message for each and every installation of scumware we find they might start to understand. And make it clear that your organization will never have any business dealings with them. Ever.

You’ve got a week or so to make this a holiday they won’t forget in a hurry.

Have a fabulous Christmas! Er, Hanukkah? Kwanzaa? Oh, darn, just have a great holiday from backspin@gibbs.com.