I recently reviewed an excellent manuscript addressing the future of online security. One of the author’s main points was that the web was likely to become more and more unmanageable as spammers proliferated. Little did I know how soon the problem would hit home!
It turns out that my mother’s computer was infected with spyware called “SpyShredder.” When she tries to uninstall the misleadingly named product, it shamelessly replies “the uninstall feature is not available.” Although I’m diagnosing the problem remotely, I thought I had an answer for her: I searched StopBadware for information, and then looked for a site that would uninstall SpyShredder.
That search turned up a site called Uninstall Spyshredder, which offered to scan and remove the program for $30. But then I thought: isn’t this the perfect phishing scheme? Put out a virus, then put out another program that will get rid of it in exchange for cash and a credit card number?
I’m a little scared to bring up the possibility, since I’d hate to defame a good site. (On the other hand, a case like Howard v. Antilla offers some comfort to those who simply want to bring up a dark prospect.) But I’m just wondering as a practical matter–how to I figure out who’s a “good guy” out in the ‘net’s wild west?
On a more theoretical level, here’s one idea from Jonathan Zittrain:
Precisely because the lines separating viruses, spyware, poorly written software, and flat rent extraction by software authors are so blurry, they are best adjudicated using the sorts of quasi-public mechanisms that have served Internet development in the past.
I like this idea of distributed enforcement in the abstract, but it strikes me that some program features are beyond the pale and best subject to classic criminal liability. Why should any program be un-uninstallable, unless it belongs to the basic complement of features necessary to the operation of the computer?