Spyware solutions: Technology and leadership
Microsoft's strategy for addressing spyware and other potentially unwanted software
The spyware challenge
Spyware has risen to the top of many PC users' lists as one of the most vexing challenges they face today. Microsoft customers echo analysts, partners, government leaders, and consumer advocacy groups in identifying spyware as a serious problem for the entire PC industry.
Equal parts security threat, privacy threat, and nuisance, this emerging class of software has risen quickly from obscurity to near ubiquity. Recent research underscores the point: A November 2004 study by analyst firm IDC estimates that 67 percent of consumer PCs are infected with some form of spyware1. The seemingly phantom nature of the problem combined with its increasingly hazardous impact threatens to undermine trust in computing as significantly as better known challenges such as viruses and worms. Customers have made it clear that they look to Microsoft to deliver powerful solutions in response to the threat.
The effects of spyware on the individual PC user range from minor annoyances to serious impacts on PC performance, security, and privacy. More often than not, spyware-related issues reported by users come in the form of one or more of these common symptoms:
? Unauthorized pop-up advertisements, even when not browsing the Web
? A change to the browser home page or default search engine without user consent, which often resists attempts to change it back
? A new and unwanted toolbar on the browser, which often resists attempts to remove it
? A sudden and dramatic slowdown in PC performance
? Increased crashing of operating systems, Web browsers, and other common applications
Microsoft and its Original Equipment Manufacturer (OEM) and Internet Service Provider (ISP) partners are witnessing an increasing number of support calls related to spyware, which is further evidence that customers are being negatively affected.
Spyware and other potentially unwanted software refers to a wide range of programs that perform actions such as displaying advertising, tracking Web sites visited, or changing the configuration of a PC. Though these are the most common forms of spyware, attention is often focused on less common but more potentially harmful forms, such as programs that record keystrokes, collect personal information and send it to a third party, or remotely control a PC's resources. The key in all cases is whether users understand what the software will do and have agreed to install the software on their PCs.
As an industry leader, Microsoft is focused on relieving customers of the problems caused by spyware and other potentially unwanted software, and is committed to effectively answering this challenge.
The Microsoft strategy
PC users around the world increasingly rely on software to perform an ever-widening array of tasks, from home entertainment to mission-critical business operations, and much more. Microsoft's approach to software is distinguished by its vision of an open and extensible platform. The powerful core components and open Application Programming Interfaces (APIs) of the Microsoft Windows? platform offer unbridled opportunities for software development, innovation, and learning.
As the platform of choice for millions of customers and developers around the world, Windows continues to provide a foundation for new stages of growth and opportunity. Unfortunately, the popularity of the Windows platform has also been accompanied by a rise in activity by hackers, criminals, and others who seek to exploit its capabilities. The challenge for Microsoft and other responsible technology providers is to enable the increasingly powerful benefits of the PC platform while also protecting the integrity of the computing experience. In the case of spyware, this means helping to ensure user security and privacy and keeping the PC free of unwanted software.
Microsoft's vision for anti-spyware solutions is that customers should be empowered to make informed decisions about the software that installs and runs on their PCs. Microsoft will take steps toward this vision by making it easier for customers to gain insight into what's running on the system, to better discern good software from bad software, and to block and remove spyware from a PC. To accomplish this, Microsoft is specifically focusing on the following areas:
Protect Windows users with technology to block, find, and remove spyware and other potentially unwanted software
Consumer Guidance & Engagement
Offer resources to help inform and educate customers on how to prevent spyware and other potentially unwanted software from impacting their PCs
Collaborate with industry leaders to identify and address spyware
Legislation & Law Enforcement
Work to help discourage the development and distribution of spyware and other unwanted software
Technical anti-spyware solutions that effectively block, detect, and remove spyware are still emerging. Microsoft believes that Windows users should know:
? The software installed on their PC
? Where that software came from
? What that software does
? How that software was installed
? How that software can be disabled or removed
The December 2004 acquisition of the anti-spyware technology created by GIANT Company Software, Inc. has accelerated Microsoft's capability to provide customers with solutions that will empower them to help keep spyware off of their PCs, while also helping to protect user privacy.
Microsoft Windows AntiSpyware is a security technology that helps protect Windows users from spyware and other potentially unwanted software. A beta version of the software is now available to users of Windows 2000, Windows XP, and Windows Server? 2003. Details on timing and terms of availability for new anti-spyware offerings beyond the beta version are yet to be determined.
For the best anti-spyware solution from Microsoft, the security enhancements in Windows XP Service Pack 2 will combine with the capabilities of Windows AntiSpyware to:
? Detect and remove spyware. This will help customers identify and then disable or remove known spyware and other potentially unwanted software from their PCs. Customers experiencing the common symptoms mentioned above can use this solution to help rid their PCs of existing spyware and help keep their PCs in working order.
Windows AntiSpyware provides fast, comprehensive scanning of your PC's memory, files, and registry for spyware. Users can learn more about spyware that is discovered on their PC using the online spyware library, a Web database that contains descriptions of known spyware. The Windows AntiSpyware Scan Scheduler enables the scheduling of regular spyware scans to help maintain your PC.
It is also important to enable customers to stay in control of what is running on their PC. The Internet Explorer Add-on Manager in Windows XP Service Pack 2 provides advanced users and support professionals with a way to see which Internet Explorer browser add-ons are installed and running. Using this new feature, add-ons installed without user consent can be easily removed.
Expanding on this concept, Windows AntiSpyware includes System Explorers, which enable users to quickly discover and remove hidden or potentially unwanted programs that may have been installed without their consent. System Explorers provide comprehensive views of the following areas:
? Applications. The user is informed of programs that are running, communicating on the Internet, starting automatically when the PC is turned on, and add-ons that are being used for Internet Explorer.
? Internet Explorer. The user is informed of the current Internet Explorer browser settings (such as home page or search page), what toolbars are loaded, and what browser helper objects (such as integrated file viewers or music players) are being used.
? Networking. The user is informed of software that may automatically redirect the PC to unwanted Internet sites or change information coming to the PC over the Internet.
? System. The user is informed of programs running that listen to all commands executed on a PC.
Known good programs are identified, making it easier to find and remove those that are potentially unwanted.
Improve Internet browsing safety. In addition to detecting and removing known threats, both Windows XP Service Pack 2 and Windows AntiSpyware provide features to improve the safety of Internet browsing.
Windows XP Service Pack 2 already provides protection against two common ways that spyware installs itself on a PC. The Pop-up Blocker in Internet Explorer helps prevent installation via pop-up ads, and the Internet Explorer Information Bar also helps suppress unsolicited downloads.
Windows AntiSpyware provides continuous protection by guarding more than 50 ways Web sites and programs can put spyware on a PC. If known spyware is detected at these security "checkpoints," it will be blocked. If an unknown program is detected at a checkpoint, intelligent notifications ask the user to determine whether to let the program continue. The following types of agents monitor the security checkpoints:
? Internet agents. These agents help protect against spyware that makes unauthorized connections to the Internet or changes a PC's Internet settings such as dial-up or wireless connectivity.
? System agents. These agents help protect against spyware that makes unauthorized changes to the PC, such as changing password settings, security permissions, or other critical system settings.
? Application agents. These agents help protect against spyware that makes changes to applications, such as modifying Internet Explorer by adding an unwanted toolbar, automatically downloading Internet Explorer add-ons from the Internet, or starting potentially unwanted programs when the PC is turned on.
In addition, some types of spyware aggressively change some Internet Explorer browser settings, such as the home page or search page, and resist your attempts to change them back. The Browser Hijack Restore feature allows users to quickly restore more than 15 Internet Explorer settings that are persistently changed by spyware.
Stop the latest threats. Because new instances of spyware are constantly emerging, anti-spyware software needs to be updated with new signatures, which are countermeasures for the latest spyware. Microsoft will provide regular signature updates, which the Windows AntiSpyware AutoUpdater can automatically download and install, helping to protect customers from the latest threats.
SpyNet? is a voluntary worldwide community of Windows AntiSpyware users that plays a key role in determining which suspicious programs are classified as spyware. Any user can choose to join SpyNet? and report potential spyware to Microsoft. Users participating in the global SpyNet? network help to discover new threats quickly so everyone is better protected. Signatures are created for programs that are identified as spyware and made available to all users.
A dedicated team of spyware researchers at Microsoft will also discover new spyware and other potentially unwanted software. When a new threat is identified, researchers will create signatures to counteract it. These signatures will be made available to all Windows AntiSpyware users.
Windows 2000, Windows XP, and Windows Server 2003 users are encouraged to evaluate the beta of Windows AntiSpyware which provides the benefits discussed above.
Consumer guidance and engagement
Consumers tell Microsoft they are often confused by deceptive advertisements or alerts that result in downloading spyware. They are also often unaware of spyware that comes bundled with "free" programs they download. To address this confusion, Microsoft will provide trusted resources for customers to remove and avoid spyware. To date, Microsoft has launched a Web site at http://www.microsoft.com/spyware. Public newsgroups for spyware have also been created, accessible from the spyware site. Security-focused "Most Valuable Professionals" (MVPs) monitor these newsgroups to assist the online community with spyware-related issues.
Today, industry leaders utilize different approaches for addressing spyware, which limits their ability to have a broad, coordinated impact in addressing the problem. Microsoft will collaborate with industry players to share best practices and create common ways of identifying and addressing spyware issues. Industry-wide best practices will create an incentive for legitimate software publishers to distinguish themselves from less scrupulous publishers and minimize the risk of being classified with those who engage in unwanted behavior. For example, Microsoft is committed to working with other companies to evolve definitions and common understandings of unwanted software. Microsoft is also actively engaged with other industry groups such as the Center for Democracy & Technology and its Consumer Software Working Group to help focus regulatory and enforcement efforts on truly deceptive practices. Finally, Microsoft also works with top OEM and ISP partners to share best practices for identifying new instances of spyware and supporting customers.
Legislation and law enforcement
Few laws currently apply to the development or distribution of spyware. Consequently, law enforcement agencies are limited in their ability to identify and pursue those that develop and distribute spyware. Microsoft will continue to discourage the development of spyware and other unwanted software by working with the appropriate government leaders and law enforcement agencies to ensure that perpetrators of spyware are forced to cease such practices. Microsoft will cooperate with law enforcement and regulatory agencies to assist them in their efforts to enforce existing laws regarding unwanted practices (such as the PC Fraud and Abuse Act in the United States and similar international consumer protection laws). Such enforcement could put some of the most insidious violators out of business, which would have a significant impact on the amount and type of spyware produced and distributed. Microsoft will continue to work with legislators on solutions as needed for those practices not already considered illegal under existing laws. It is also important to note that Microsoft believes any legislation should be carefully crafted to avoid unnecessary regulation on legitimate programs that enhance a PC user's experience.
Vision for the future
The threat of spyware and other unwanted software, like all security threats, is unlikely to be eradicated. Hackers, criminals, and others with ill intent will always attempt to circumvent the intentions and protections of users in an effort to exploit PCs and networks for vandalism or profit. However, Microsoft is deeply committed to continuing its increasingly intensive efforts to counter security threats, and spyware will remain an issue that is central to the company's work.
The Microsoft anti-spyware vision is that PC users should be able to see and understand the software that is running on their PCs and have the power to prevent or remove software they do not want. This vision drove the acquisition of GIANT Company Software, and it will inform Microsoft's efforts in future versions of its products.
Microsoft's long-term goal is that spyware and other potentially unwanted software will cease to be a major issue for customers. Microsoft understands the concerns of the right for privacy and fully supports a person's right to be left alone. Customers should be free to have access to any of their personal information and have control over how it is used. They must be able to trust that their personal information is being used appropriately. Microsoft regards the protection of customer information as a vital element of trust, and it regards customer trust as vital to the success of its business.
What customers can do
Microsoft invites customers to evaluate the beta of Windows AntiSpyware. Microsoft also strongly recommends that customers follow the three steps outlined at http://www.microsoft.com/protect, which are to: (1) use an Internet firewall on all PCs, (2) update all PCs with the latest security updates, and (3) use up-to-date antivirus software. Additionally, Windows XP users should install Windows XP Service Pack 2 with advanced security technologies to help you protect against viruses, hackers, and worms.