CNET también está disponible en español.

Ir a español

Don't show this again

Security

Deploying the wisdom of the crowds against badware

Professors John Palfrey and Jonathan Zittrain say this might be the best chance to create a more accountable Internet.

    Anyone who has ever had a weekend ruined by trying to get rid of an endless stream of pop-ups knows what "badware" means.

    There's a feeling of frustration, helplessness and anger that's hit millions of Americans--59 million, by one count--as they wonder what happened to their computers and why they can't just hit the "back" button to make the problem go away.

    The problem can arise from the simple act of clicking to download a computer program or game or video clip, perhaps referred by a friend. That code is largely impenetrable, and it may give you more than you asked for. Sometimes, these "gifts" are a nuisance, like a barrage of annoying pop-up ads that you definitely didn't ask for. Others are more dangerous. They monitor your Internet usage, and illegally steal your passwords and financial information.

    At StopBadware.org, consumers can report about programs that they have a problem with and check to see if we've found an issue with something they're about to download. It's a kind of neighborhood watch for the Internet.

    The Internet's astonishing growth--now connecting a billion people--is due in large measure to the extraordinary range of things that we can do online today and the capacity for us to instantly reprogram our PCs to perform new tasks defined by others.

    This very "generativity" can make us powerless to stop unscrupulous people from sneaking in and infecting our computer with programs we didn't ask for. Much of the time, we're not even aware of it at all. It goes by many names: spyware, adware, malware. But it's all really one thing: badware. It's malicious software that subverts your computer's operations for the benefit of a third party.

    One of the big risks that badware poses is that we'll lose confidence in using the Internet in general. Our worries about badware may cause us to hesitate before we download or run new and legitimate software from the Internet on our computers, as Consumer Reports WebWatch has shown through its surveys.

    The Internet allows anyone anywhere to develop program code and software, and to distribute it without cost instantly throughout the world. That is now at risk from badware. A backlash would reduce the Internet's openness and stifle innovation, driving consumers to information appliances that work more reliably but that are much more limited in their ability to do new and unanticipated things--like running Skype for free Internet telephony.

    Governments are trying to rid the Internet of these practices, but there's a limit to what traditional legal mechanisms can accomplish. For example, several pieces of legislation are floating through both houses of the U.S. Congress that would impose criminal penalties on those who use spyware maliciously. But as we all know, the Internet expands well beyond any one nation's borders, making enforcement of laws of this sort tricky, especially when these sorts of interventions are unlikely to be a very high priority.

    It's also very hard to get the definitions right, separating legitimate advertising practices from deceptive or harmful practices of badware providers. Without careful consideration, broad legislation aimed at curbing badware could also inhibit the openness of the Internet.

    It's our view that the best solution to badware is to draw upon the wisdom and behavior of the Internet community. We believe that tens of millions of computer users, facilitated to collective action by some of the very tools found within spyware, can create a more accountable Internet.

    Earlier this year, Harvard Law School's Berkman Center for Internet and Society, Oxford University's Internet Institute, Consumer Reports' WebWatch and companies such as Google, Sun Microsystems and Lenovo banded together on an initiative to enable consumers to fight back against badware.

    At StopBadware.org, consumers can report about programs that they have a problem with and check to see if we've found an issue with something they're about to download. It's a kind of neighborhood watch for the Internet.

    As a first phase of data rolls in from the online community we are building, our researchers carefully test the worst of the applications that the community calls to our attention. Then we publicize the results of the testing, naming the applications that we think consumers should be reluctant to download. We've published several reports that call out these purveyors, such as Kazaa, SpyAxe, UnSpyPC and Winfixer.

    Several of them, much to their credit, have written to us afterward to say they are changing their ways--a possible sign that a neighborhood watch can make a real difference. Our second phase will include mechanisms to automatically collect, process and make available the wisdom and folly of Internet users as their PCs react to the installation of various pieces of software--telling us in a scalable fashion what works and what doesn't.

    Badware is big business, generating $2 billion per year, according to Webroot Software. By banding together, we are putting a spotlight on the companies that peddle badware. With the help of the Internet community, we can inform consumers about applications before it's too late.