Re: Linux and spyware?

From: Nico Kadel-Garcia (nkadel_at_verizon.net)
Date: 06/30/03 

Date: Mon, 30 Jun 2003 13:02:08 GMT

Christopher Browne wrote:
> Quoth haynes@alumni.uark.edu (Jim Haynes):
>
>>An article in today's paper alleges that Linux and MacOS are just as
>>vulnerable to spyware as is Windows. Is this true? and if so what is
>>the mechanism of action? And how can spyware be detected and eliminated
>>in Linux?
>
>
> Most of the "client side spyware" has tended to be embedded either in
> web browser extensions or in stuff like JavaScript. The former tend
> not to be available for Linux, but the latter ought to be able to
> work.
>
> And in any case, the usual _real_ form of "spyware" will mostly be on
> the server side of web accesses, so that the platform you are using to
> browse the web is totally irrelevant.
>
> Consider: You get an email that points you to "Hot Young Teens."
>
> It has a URL that points the sender to who they sent it to. That may
> be as unobvious as:
>
> ID # Email Address
> -------------------------------------
> 1021 a@b.com
> 1022 your_address@wherever.com
> 1023 my_add@mysite.com
> .. and so forth ...
>
> which turns into a URL like:
> <http://www.hotteens.com/stuff+1022+intro/>
>
> Note that there is _no_ reason for you to consider the "1022" part to be
> associated in any way with your identity.
>
> But an interesting linkage then takes place: if the web site does
> basic URL access logging, they can know that someone whose email
> address was <your_address@wherever.com> accessed the URL from some IP
> address at some moment in time.
>
> If your web browser quietly stores cookies, remote web sites can link
> things up further, so that if you visit that web site again, they can
> identify that it was you before, and you now.
>
> They may not know much about you beyond the email address, but they'll
> get to know a few things.
>
> And note that the only thing about this that you can forcibly do
> anything about is to choose not to follow the web links.

Don't forget web bugs: 1 pixel by 1 pixel transparent gifs on web pages
that may be pulled from any *other* web site in the world, allowing
sites that have nothing to do with your visible web page to determine
what the calling site was, what host, and all sorts of other interesting
information. Can you say "ad.doubleclick.net collects data on people"?

Note also that it's esier, in many ways, to get the client's machine to
generate the data and send it in with the Javascript/etc. than to try to
maintain the server with a consistent database, back end communication,
etc., so the first forms of spyware are still popular. Their use partly
results from the *committees* that decide on things like Java,
Javascript, HTTP, etc. accomodating the desires of commercial web
designers to enable such "features". The continuing difficulty in simply
turning them off with a button on the top of the browser is the fault
of, you guessed it, the web browser authors who know full well who is
paying their bills and don't dare turn the !@#$ off.

Loading