Skip to main content
SpringerLink
Log in

Preventing Privacy-Invasive Software Using Collaborative Reputation Systems

  • Conference paper
Secure Data Management (SDM 2007)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4721))

Included in the following conference series:

Abstract

Privacy-invasive software, loosely labelled spyware, is an increasingly common problem for today’s computer users, one to which there is no absolute cure. Most privacy-invasive software is positioned in a legal grey zone, as the user accepts the malicious behaviour when agreeing to the End User License Agreement. This paper proposes the use of a specialized reputation system to gather and share information regarding software behaviour between community users. A client application helps guide the user at the point of executing software on the local computer, displaying other users’ feedback about the expected behaviour of the software. We discuss important aspects to consider when constructing such a system, and propose possible solutions. Based on the observations made, we implemented a client/server based proof-of-concept tool, which allowed us to demonstrate how such a system would work. We also compare this solution to other, more conventional, protection methods such as anti-virus and anti-spyware software.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ames, W.: Understanding spyware: risk and response. IEEE IT Professional 6(5) (2004)

    Google Scholar 

  2. Arnett, K.P.: Busting the Ghost in the Machine. Communications of the ACM 48(8) (2005)

    Google Scholar 

  3. Aura, T.: DOS-Resistant Authentication with Client Puzzles. LNCS, vol. 2133. Springer, Heidelberg (2000)

    Google Scholar 

  4. Boldt, M.: Privacy-Invasive Software - Exploring Effects and Countermeasures, Licentiate Thesis Series No. 2007:01, School of Engineering, Blekinge Institute of Technology, Sweden (2007)

    Google Scholar 

  5. Boldt, M., Carlsson, B.: Privacy-Invasive Software and Preventive Mechanisms. In: The proceedings of the IEEE International Conference on Systems and Networks Communications (ICSNC 2006), Papeete Tahiti, IEEE Computer Society Press, Los Alamitos (2006)

    Google Scholar 

  6. Boldt, M., Carlsson, B., Martinsson, R.: Software Vulnerability Assessment - Version Extraction and Verification. In: The proceedings of the Second International Conference on Software Engineering Advances (ICSEA 2007), Cap Esterel France (2007)

    Google Scholar 

  7. Bruce, J.: Defining Rules for Acceptable Adware. In: The Proceedings of the 15th Virus Bulletin Conference. Dublin Ireland (2005)

    Google Scholar 

  8. Christodorescu, M., Jha, S.: Testing Malware Detectors. In: The proceedings of the ACM International Symposium on Software Testing and Analysis (2004)

    Google Scholar 

  9. Dellarocas, C.: Immunizing Online Reputation Reporting Systems Against Unfair Ratings and Discriminatory Behaviour. In: The proceedings of the 2nd ACM Conference on Electronic Commerce (2000)

    Google Scholar 

  10. Douceur, J.: The Sybil Attack. In: The proceedings for the 1st International Workshop on Peer-to-Peer Systems (2002)

    Google Scholar 

  11. Fischer-Hübner, S.: IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Springer, Heidelberg (2001)

    MATH  Google Scholar 

  12. Flixster (September 13, 2006), http://www.flixster.com

  13. Good, N., et al.: Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware. In: The proceedings of the Symposium on Usable Privacy and Security, Pittsburgh, USA (2005)

    Google Scholar 

  14. Good, N., et al.: User Choices and Regret: Understanding Users’ Decision Process about Consentually Acquired Spyware. I/S: A Journal of Law and Policy for the Information Society 2(2) (2006)

    Google Scholar 

  15. Greenfield, A.: Everyware - The Dawning Age of Ubiquitous Computing. New Riders, Berkeley CA (2006)

    Google Scholar 

  16. Hooking the native API and controlling process creation on a system-wide basis (November 23, 2006), http://www.codeproject.com/system/soviet_protector.asp

  17. Idemix: pseudonymity for e-transactions (June 28, 2006), http://www.zurich.ibm.com/security/idemix/

  18. Internet Movie Database (February 23, 2007), http://www.imdb.com

  19. Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-Based Spyware Detection. In: The proceedings of the 15th USENIX Security Symposium (2006)

    Google Scholar 

  20. Landmark Document in American History, Pure Food and Drug Act of 1906 (October 16, 2006), http://coursesa.matrix.msu.edu/~hst203/documents/pure.html

  21. Larsson, T., Lindén, N.: Blocking Privacy-Invasive Software Using a Specialized Reputation System, Masters Thesis No. 2006:14, School of Engineering, Blekinge Institute of Technology, Sweden (2006)

    Google Scholar 

  22. LavaSoft Ad-Aware (September 19, 2006), http://www.lavasoftusa.com/software/adaware

  23. Microsoft Technet, Using Software Restriction Policies to Protect Against Unauthorized Software (May 13, 2007)

    Google Scholar 

  24. Moshchuk, T., Bragin, S.D., Gribble, H.M.: A Crawler-based Study of Spyware on the Web. In: The proceedings of the Network and Distributed System Security Symposium Conference Proceedings, Virginia USA (2006)

    Google Scholar 

  25. Norton Internet Security (September 19, 2006), http://www.symantec.se/region/se/product/nisindex.html

  26. Pricerunner (September 19, 2006), http://www.pricerunner.com

  27. Resnick, P., Kuwabara, K., Zeckhauser, R., Friedman, E.: Reputation Systems. Communications of the ACM 42(12) (2000)

    Google Scholar 

  28. Rosenberg, R.S.: The Social Impact of Computers, 3rd edn., San Diego CA. Elsevier Academic Press, Amsterdam (2004)

    Google Scholar 

  29. See you later - anti-Gators, CNET News.com (September 19, 2006), http://news.com.com/2100-10323-5095051.html

  30. Schultz, K.: Sticking It to Spyware. InfoWorld 27(38) (2005)

    Google Scholar 

  31. Sipior, J.C.: A United States Perspective on the Ethical and Legal Issues of Spyware. In: Proceedings of 7th International Conference on Electronic Commerce, Xi’an China (2005)

    Google Scholar 

  32. Spyaudit (September 12, 2006), http://www.earthlink.net/spyaudit/press/

  33. Spybot -Search & Destroy (September 19, 2006), http://www.safernetworking.org

  34. “Spyware”: Research, Testing, Legislation, and Suits (March 01 2006), http://www.benedelman.org/spyware/

  35. Technology Review, The Pure Software Act of 2006 (October 16, 2006), http://www.simson.net/clips/2004/2004.TR.04.PureSoftware.pdf

  36. Tor: anonymity online (February 24, 2007), http://tor.eff.org

  37. Webroot Software, —.: Internet Spyware and statistics about infection rate (September 12, 2006), http://www.webroot.com/resources/stateofspyware/excerpt.html

  38. Zacharia, G., Moukas, A., Maes, P.: Collaborative Reputation Mechanisms in Electronic Marketplaces. In: the proceedings of the 32nd Hawaii International Conference on System Sciences (1999)

    Google Scholar 

Download references

Authors
  1. Martin Boldt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bengt Carlsson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tobias Larsson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Niklas Lindén
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Willem Jonker Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Boldt, M., Carlsson, B., Larsson, T., Lindén, N. (2007). Preventing Privacy-Invasive Software Using Collaborative Reputation Systems. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2007. Lecture Notes in Computer Science, vol 4721. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75248-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75248-6_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75247-9

  • Online ISBN: 978-3-540-75248-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation