Programmer’s Challenge: Reversing the Spyware Model

There is such thing as spyware, despite the news reports. No, really. I’ve been saying that since last year. But to review: Spyware is software that sends personally-identifiable information back to its publisher. But the software publishers involved all claim to send NON-personally-identifiable information back, and to be adware publishers. Therefore, there is no such thing as spyware, and no spyware problem. And if you say there is, expect warning letters from the attorneys of those not-spyware

All this is part of the general security environment we have now. Windows, by cause of its evolution from DOS and Windows 3.1 through to 32-bit code, has had a long-standing tradition of no code left behind. All the old stuff runs, if it doesn’t involve graphics or peripherals. But the result is patch recalls on patches to patches. And the spyware issue is just a commercial method of doing what big business always does: it waits until a new industry gets big enough to be profitable, and then it finds a way to monetize it. Right, monetize was not a word until recently, but now that’s what we do to make money on information web sites–we add ads to it. So that’s what is happening now–spyware is the venture capital approach to making money from computer viruses and trojans, by using them to distribute and display advertising. Some of you have already seen my earlier post on the definition of startupware, but I’ll review the main one here:

stÃrt’-up-wÃre, noun, any software that configures portions of itself to automatically start with the operating system of a computer, or to start with other previously-installed software. Startupware isn’t automatically good or evil, useful, or destructive. The definition is based on easily-verifiable action, mostly during installation, and never on the contents of license agreements, external documents, or off-site servers. It autoloads, or it doesn’t.

So startupware is a bigger category than spyware. It includes everything that autoplays. That means spyware, adware, viruses, trojans, toolbar accessories, system tray utilities, application software pre-loaders, application software phonehome-for-any-reason applets, and hardware drivers that substitute software for chips. Everything that autoplays that is not part of a default operating system configuration. Every program, process, or browser trigger. Everything in that category slows down our computers, most of it is installed by silent default, and most of it should be removed. I don’t need five autostart entries to run a color inkjet, thanks, anyway. No, I don’t want an autostart program to upload my photographs to the web. No, I don’t want a daily update check on checkbook software that’s five years and six versions out of date.

The problem is that even retail boxed software is getting into adware behavior in a big way, and if you buy a notebook computer, expect to spend hours unweaving a web of autoplaying software, all of which was installed without permission, where most does nothing for you–it just loads and tries to sell you wireless access subscriptions, or web photo service, or online this, and more of that. It’s a mess, and messes need management.

And of course, there is always the free antivirus software that doesn’t detect spyware, because the adware publisher has threatened legal action if the antivirus vendor dares to label it with such an evil label. The result is that on any one computer, we need to have antivirus software, antispyware software, popup blocker software, patches, more patches, and so on. And on. This model is too profitable for the publishers, and for me, too. I clean this stuff up, and charge by the hour. I and my clients would rather that I be paid for setting up new computers and new productivity tools, and not all this cleanup. But the tools are scattered.

OK, so what’s the programming challenge? Simple enough: create a startupware management and cleanup tool. Such a program would include these features:

    Record all currently-running programs and processes for comparison on next run, including full file paths, where applicable.
    Record user comments for all entries, such as “camera software–“only needed for cable sync”
    Report all startupware currently set to run on the system.
    Report all startupware that’ new since the last run, with options to remove it, add it to a commented ‘OK’ list, or add it to an ‘unknown, pending identification’ list.
    Must be usable in safe mode.

Optional features:

    Scan for viruses, trojans, and other malware based on a list of known bad products.
    Block installation of startupware, with an option to add a new entry and comment to the ‘OK’ list.

Now, chunks of these programs exist. There are startup managers–that’s the closest category. But the programs currently out there can’ be used by anyone with less training than a system tech. You have to already know what every program is before you can do much of anything. Surprisingly, the closest program I’ve seen to a startupware manager is Microsoft’s MSconfig.exe. It doesn’t uninstall startupware, but it lists settings, and can temporarily block programs. There’s no record of previous settings, or commenting features.

A startupware manager is not antistartupware. Remember, startupware is neither good nor evil. Some users want popups of weather alerts. Some need reminders to get up and stretch. Some may need their software to be no more than 1 hour out of date. Well, very few, but some.

I’ll give a free mention here to at least the first five startupware managers that I find about that match the definition above, and that are usable by average computer end-users.