I wanted to talk a bit about spyware. This is not a new topic in itself. Spyware has been around for some years now. Really ever since web browsers allowed the use of cookies that allowed someone else to watch where you have been surfing I there has been a threat to our online privacy.
But although privacy is important that is not the real threat. There is a real danger that spyware has already found its way onto your computer. Over the last three years there has been a very dangerous convergence between organized crime and the writers and creators of these online nasties.
This past year I have been working with a bank to help them find a solution to help their customers to protect themselves when they bank online. This has been an exciting job, but ultimately disappointing. Disappointing because there is an ongoing denial of the inability of customers, who are just general computer users , to reasonably be able to protect their home computers.
I recently experienced this for myself. when out of the blue i started to get my homepage redirected, and popup began to harass my browsing experience. More than anything, this passed me off. How dare someone compromise my machine! This happed despite a security update regime that borders on the obsessive, with OS patches, antivirus updates, firewalls, and multiple anti spyware applications running and regularly updated. And still it got through, and even after running separate spyware & virus scans I couldn’t get it off.
Now I did get rid of it eventually by going through every running process and looking it up via the omnipresent Google, then killing off the nasty manually, but this is beyond the reasonable expectations of the majority of computer users.
To add insult to injury I noticed today that Westpac have updated their terms of use for internet banking. The amazing (to me anyway) addition is a clause on spyware:
“Part 3, page 11 – Spyware
If you knowingly use a computer that contains software, such as Spyware, that has the ability to compromise access codes and/or customer information, you will be infringing our rules for access code security referred to above and we will not be liable for any losses that you may suffer as a result.”
For all of the reasons above it is unreasonable to expect that mass market pc users are going to comply with this clause .simply because even with the best intentions they are defending against a determined and financially motivated foe. Actually that probably describes the bank as well.
Nick,
You filled in my details for me, or was it spyware. That was a bit nifty.
I read you discourse with interest. I find the concept of someone looking in on my computer as repugnant. I am sure this is happening as outgoing data volumes are sometimes large relative to what I am doing. But what to do?
That Westpac clause just confirms that online banking is not for me.
Check ‘www.flickr.com/photos/tomc’ for some photos. I need some help with flickr.
Love Dad
I didn’t fill in any details for you but your browser probably did. This is just a helpful feature that Internet explorer and Firefox both use. This is not a sign of spyware.
Use an anti-spyware application. I like the Microsoft one, but I also like the Lavasoft Adaware one too.
Ironically the people who are likely to be worst effected by a fraudulent attack are non-internet bankers. This is because of the possible reaction time between the actual attack and the discovery of the incident. An internet banker may notice a discrepancy the same days while someone who waits for their statements will not find out for a month (if they check them at all).
So despite my belief that the banks can offer more security, knowledge is still the very best defense and access to internet banking helps provide that knowledge.
–nick