Abstract
Privacy-invasive software, loosely labelled spyware, is an increasingly common problem for today’s computer users, one to which there is no absolute cure. Most privacy-invasive software is positioned in a legal grey zone, as the user accepts the malicious behaviour when agreeing to the End User License Agreement. This paper proposes the use of a specialized reputation system to gather and share information regarding software behaviour between community users. A client application helps guide the user at the point of executing software on the local computer, displaying other users’ feedback about the expected behaviour of the software. We discuss important aspects to consider when constructing such a system, and propose possible solutions. Based on the observations made, we implemented a client/server based proof-of-concept tool, which allowed us to demonstrate how such a system would work. We also compare this solution to other, more conventional, protection methods such as anti-virus and anti-spyware software.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ames, W.: Understanding spyware: risk and response. IEEE IT Professional 6(5) (2004)
Arnett, K.P.: Busting the Ghost in the Machine. Communications of the ACM 48(8) (2005)
Aura, T.: DOS-Resistant Authentication with Client Puzzles. LNCS, vol. 2133. Springer, Heidelberg (2000)
Boldt, M.: Privacy-Invasive Software - Exploring Effects and Countermeasures, Licentiate Thesis Series No. 2007:01, School of Engineering, Blekinge Institute of Technology, Sweden (2007)
Boldt, M., Carlsson, B.: Privacy-Invasive Software and Preventive Mechanisms. In: The proceedings of the IEEE International Conference on Systems and Networks Communications (ICSNC 2006), Papeete Tahiti, IEEE Computer Society Press, Los Alamitos (2006)
Boldt, M., Carlsson, B., Martinsson, R.: Software Vulnerability Assessment - Version Extraction and Verification. In: The proceedings of the Second International Conference on Software Engineering Advances (ICSEA 2007), Cap Esterel France (2007)
Bruce, J.: Defining Rules for Acceptable Adware. In: The Proceedings of the 15th Virus Bulletin Conference. Dublin Ireland (2005)
Christodorescu, M., Jha, S.: Testing Malware Detectors. In: The proceedings of the ACM International Symposium on Software Testing and Analysis (2004)
Dellarocas, C.: Immunizing Online Reputation Reporting Systems Against Unfair Ratings and Discriminatory Behaviour. In: The proceedings of the 2nd ACM Conference on Electronic Commerce (2000)
Douceur, J.: The Sybil Attack. In: The proceedings for the 1st International Workshop on Peer-to-Peer Systems (2002)
Fischer-Hübner, S.: IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Springer, Heidelberg (2001)
Flixster (September 13, 2006), http://www.flixster.com
Good, N., et al.: Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware. In: The proceedings of the Symposium on Usable Privacy and Security, Pittsburgh, USA (2005)
Good, N., et al.: User Choices and Regret: Understanding Users’ Decision Process about Consentually Acquired Spyware. I/S: A Journal of Law and Policy for the Information Society 2(2) (2006)
Greenfield, A.: Everyware - The Dawning Age of Ubiquitous Computing. New Riders, Berkeley CA (2006)
Hooking the native API and controlling process creation on a system-wide basis (November 23, 2006), http://www.codeproject.com/system/soviet_protector.asp
Idemix: pseudonymity for e-transactions (June 28, 2006), http://www.zurich.ibm.com/security/idemix/
Internet Movie Database (February 23, 2007), http://www.imdb.com
Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-Based Spyware Detection. In: The proceedings of the 15th USENIX Security Symposium (2006)
Landmark Document in American History, Pure Food and Drug Act of 1906 (October 16, 2006), http://coursesa.matrix.msu.edu/~hst203/documents/pure.html
Larsson, T., Lindén, N.: Blocking Privacy-Invasive Software Using a Specialized Reputation System, Masters Thesis No. 2006:14, School of Engineering, Blekinge Institute of Technology, Sweden (2006)
LavaSoft Ad-Aware (September 19, 2006), http://www.lavasoftusa.com/software/adaware
Microsoft Technet, Using Software Restriction Policies to Protect Against Unauthorized Software (May 13, 2007)
Moshchuk, T., Bragin, S.D., Gribble, H.M.: A Crawler-based Study of Spyware on the Web. In: The proceedings of the Network and Distributed System Security Symposium Conference Proceedings, Virginia USA (2006)
Norton Internet Security (September 19, 2006), http://www.symantec.se/region/se/product/nisindex.html
Pricerunner (September 19, 2006), http://www.pricerunner.com
Resnick, P., Kuwabara, K., Zeckhauser, R., Friedman, E.: Reputation Systems. Communications of the ACM 42(12) (2000)
Rosenberg, R.S.: The Social Impact of Computers, 3rd edn., San Diego CA. Elsevier Academic Press, Amsterdam (2004)
See you later - anti-Gators, CNET News.com (September 19, 2006), http://news.com.com/2100-10323-5095051.html
Schultz, K.: Sticking It to Spyware. InfoWorld 27(38) (2005)
Sipior, J.C.: A United States Perspective on the Ethical and Legal Issues of Spyware. In: Proceedings of 7th International Conference on Electronic Commerce, Xi’an China (2005)
Spyaudit (September 12, 2006), http://www.earthlink.net/spyaudit/press/
Spybot -Search & Destroy (September 19, 2006), http://www.safernetworking.org
“Spyware”: Research, Testing, Legislation, and Suits (March 01 2006), http://www.benedelman.org/spyware/
Technology Review, The Pure Software Act of 2006 (October 16, 2006), http://www.simson.net/clips/2004/2004.TR.04.PureSoftware.pdf
Tor: anonymity online (February 24, 2007), http://tor.eff.org
Webroot Software, —.: Internet Spyware and statistics about infection rate (September 12, 2006), http://www.webroot.com/resources/stateofspyware/excerpt.html
Zacharia, G., Moukas, A., Maes, P.: Collaborative Reputation Mechanisms in Electronic Marketplaces. In: the proceedings of the 32nd Hawaii International Conference on System Sciences (1999)
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Boldt, M., Carlsson, B., Larsson, T., Lindén, N. (2007). Preventing Privacy-Invasive Software Using Collaborative Reputation Systems. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2007. Lecture Notes in Computer Science, vol 4721. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75248-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-75248-6_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75247-9
Online ISBN: 978-3-540-75248-6
eBook Packages: Computer ScienceComputer Science (R0)