Privacy-Invasive Software: Exploring Effects and Countermeasures
Blekinge Institute of Technology, School of Engineering, Department of Systems and Software Engineering2007 (English)Licentiate thesis, comprehensive summary (Other academic)Alternative title
Illasinnad Programvara : Effekter och Motmedel (Swedish)
As computers are increasingly more integrated into our daily lives, we need aiding mechanisms for separating legitimate software from their unwanted counterparts. We use the term Privacy-Invasive Software (PIS) to refer to such illegitimate software, sometimes loosely labelled as spyware. In this thesis, we include an introduction to PIS, and how it differs from both legitimate and traditionally malicious software. We also present empirical measurements indicating the effects that PIS have on infected computers and networks. An important contribution of this work is a classification of PIS in which we target both the level of user consent, as well as the degree of user consequences associated with PIS. These consequences, affecting both users and their computers, form a global problem that deteriorates a vast number of users’ computer experiences today. As a way to hinder, or at least mitigate, this development we argue for more user-oriented countermeasures that focus on informing users about the behaviour and consequences associated with using a particular software. In addition to current reactive countermeasures, we also need preventive tools dealing with the threat of PIS before it enters users’ computers. Collaborative reputation systems present an interesting way forward towards such preventive and user-oriented countermeasures against PIS. Moving the software reputations from old channels (such as computer magazines or friends’ recommendations) into an instantly fast reputation system would be beneficial for the users when distinguishing unwanted software from legitimate. It is important that such a reputation system is designed to address antagonistic intentions from both individual users and groups thereof, so that users could depend on the reputations. This would allow users to reach more informed decisions by taking the reported consequences into account when deciding whether they want a specific software to enter their computer or not.
Place, publisher, year, edition, pages
Ronneby: Blekinge Institute of Technology , 2007. , 114 p.
Blekinge Institute of Technology Licentiate Dissertation Series, ISSN 1650-2140 ; 1
Information security, privacy, malware, spyware
IdentifiersURN: urn:nbn:se:bth-00350Local ID: oai:bth.se:forskinfo35D8186A42FD14C1C125728800344746ISBN: 978-91-7295-100-6OAI: oai:DiVA.org:bth-00350DiVA: diva2:837092
Copyright © 19xx/20xx IEEE. Reprinted from (all relevant publication info). This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of BTH's products or services Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by sending a blank email message to email@example.com. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.2012-09-182007-02-202015-06-30Bibliographically approved