Protecting your data
You may not want companies crawling around your system. In that case, security experts advise enterprise administrators to disable auto-updaters. By doing so, users can limit the amount of bandwidth the data exchange consumes, usually without visible notification. More importantly, disabling auto-updaters closes a potential security hole, because most updaters circumvent the system's security.
"Some auto-update applications run natively on Windows 95/98/Me machines, meaning that they run with all the permissions of the user that's currently logged in," says Neal Goldman, director of Internet Computing Strategies at the Yankee Group. "This gives them access to everything on the drive, [because] ActiveX Controls downloaded from Web sites can access forbidden resources like local hard drives."
"Vendors are understandably tempted by the opportunity to look around in a user's computer," says Bob Geiger, president of the computer security firm Info-defense.com. "In the hands of a skilled marketer, the information gathered by auto-update applets is a virtual treasure trove, a marketer's ecstasy."
Geiger views high-speed broadband adoption as a factor that increases security and privacy threats posed by auto-update applets. "I certainly do not rule out the likelihood of some update programs copying a cookie file, browsing the hard drive's directory, or reading Windows' Registry to see what other applications reside on the machine, maybe even to extract the owner's personal and business names," he says. "With cable and DSL connections, these files can be uploaded in one-tenth of a second, well below the event horizon of any user."
Good intentions, bad results
But data collection from a customer's PC by a vendor isn't always tied to some type of privacy violation conspiracy. Sometimes, such violations simply result from coding errors.
Take Macromedia, for example. The company included a feature in its Shockwave multimedia development software that would let users collect and transmit Shockwave-enhanced Web site URLs. Surprisingly, the URLs sometimes included usernames, passwords, and other private information.
Microsoft had to defend itself against similar charges that its Windows 98 operating system and Word and Excel Office programs were tracking users' actions with a stealth technology called Globally Unique Identifiers. The technology could identify the author of a document across the Internet. Microsoft says that the identifier's purpose was to facilitate the tracking of documents' authors and recipients. However, a bug in a Microsoft product registration utility combined with the identifier provided far more information about users' machines than was originally intended. Microsoft and Macromedia acted quickly to eliminate the offending processes--and avoided litigation.
Though no evidence exists that these mistakes are anything more than an irritation or inconvenience, the next incident might have more dire consequences. But according to Info-defense's Geiger, coding errors and unlimited access combined add up to shaky security. Taking this risk is up to you.
Great, now how about telling us what we can do to block the invaders out of our PC's??
It seems to me that you are full on about warning us in a sensational manner then leaving us hanging!!