The experts made their stark and often startling remarks about spyware in submissions to a discussion paper on the subject released in May by the Minister for Communications, Information Technology and Arts, Senator Helen Coonan. The paper sought to define spyware and identify ways in which it could be controlled.
In its submission, anti-virus firm Symantec demonstrated the extent of the problem by revealing that in a test conducted earlier this year, one hour spent surfing "child-focused" Web sites with an unprotected PC resulted in the computer picking up 359 pieces of spyware and adware.
The Australian Taxation Office (ATO) filed a submission claiming that spyware could be used to "steal" sensitive information from tax agents, and compromise the system that allows tax agents to access and change taxpayer data.
"Spyware can be used to harvest Tax File Numbers and other personal details from fake jobsites or from legitimate organisations whose security has been compromised," said Ray Berry from the ATO's e-commerce team. "Identities stolen by the use of spyware may be used to cover the trail of people that try to defraud the ATO, such as false returns and BAS refund applications."
Whose fault?
Placing much of the blame for spyware on vulnerabilities in Microsoft's applications, Electronic Frontiers Australia's submission suggested the adoption of "alternative" software packages such as Mozilla, Firefox or Opera for Internet browsers, Thunderbird or Eudora for e-mail.
For its part, Microsoft's Julie Inman Grant, director of Internet safety and security in Asia Pacific, said spyware was responsible for around half of all application crashes. She called for legislation to specify the malicious activities and intent rather than proscribe the technology.
"Spyware is seriously impacting the business of Microsoft... we estimate that spyware accounts for as much as half of the total application crashes our customers report to us. Microsoft is strongly of the view that any [anti-spyware] legislation should target the deceptive behaviour of spyware publishers/distributors -- and not features or functionalities that have substantial legitimate uses," said Inman.
"This distinction is critical to avoid imposing unworkable requirements on legitimate applications and adversely affecting legions of computer users," she added.
Dr Adrian McCullagh and Professor William Caelli of the Information Security Institute in Queensland's University of Technology, places some blame at the feet of financial institutions -- such as banks -- for failing to reinvest their not-unsubstantial profits into better online security and customer education.
"The banking industry has re-engineered its business model substantially around the use of Internet banking so as to drive transaction costs down and maximise profits," claimed the bi-authored paper. "The banking industry is particularly concerned that, if there was a substantial loss of confidence in electronic business and in particular in electronic banking, then this could result in systemic failure in electronic banking as a whole."
Combating the spyware threat
According to the ATO's submission, one of the most effective methods of combating the problem would be for the government to create an official Web site containing links to trusted information sites and anti-spyware applications.
"A well designed site with the contributions of industry experts and links to the best downloadable software solutions and the best advice would act as a trusted focus point for the Spyware issue," said Berry in the ATO's submission.
Emphasising the importance of the reseller channel in the prevention of spyware, Tony Burke, director of the Australian Banking Association (ABA), called for legislative controls to focus on the act of secretly gathering information -- rather than the technology itself.
"As the vast majority of users buy PCs to access the Internet and associated services, consideration needs to be given by manufacturers, OEMs and retailers to supplying a suitable level of spyware protection at the initial point of purchase of the PC or other device, as part of the package," Burke said in ABA's submission.
With consumer groups blaming Microsoft, intellectuals blaming the banks, and the banks blaming the retail channel, Coonan's department has gone to ground to examine the submissions in an attempt to develop a "practical response to spyware".
A timetable for the publication of such a response has yet to be released. The discussion paper and submissions have been published on the DCITA Web site.
Look over there, there is nothing happening here. Oh, hang on, there is, but we'll go figure it out, and let you know later. Online banking continues, keyloggers are intentionally rarely found by anti-virus software vendors who cliamed there was no need for something else called "anti-spyware". If Big Brother can't spy on us, he'll let criminals do it instead...interesting that.