Malware

Universities Crack Down on Alleged Spyware Program

Universities have begun thwarting the operation of software that promises to accelerate Internet performance and protect its users from malware infections because they feel the program is actually spyware.

A number of schools, including Columbia University, Cornell, Indiana State and Penn State, have advised their students to avoid using, or have blocked access to addresses used by, a program called Marketscore, a product deployed by ComScore Networks, a consumer marketing firm in Reston, Virginia.

In a warning posted online on October 13, Columbia notified students that its IT department had “started blocking Internet traffic to and from a set of Internet addresses belonging to marketscore.com. These addresses were being used to hijack browsers to display ads and possibly perform other actions.”

Not-So-Secure Socket

“[A] number of systems on campus running Microsoft Windows have been infected with spyware distributed by a company called MarketScore,” Cornell IT Security warned its students on October 12. “This malicious software directs all your Web traffic through the marketing company’s servers, allowing them to potentially view any information you send or receive through your Web browser. This includes any data that would normally be protected during an HTTPS session using SSL (Secure Sockets Layer) encryption.”

According to ComScore Senior Vice President Dan Hess, however, Marketscore isn’t spyware and users who choose to install it on their computers do so with open eyes.

“When software evaluators looked at our very complete disclosures at the Marketscore site, they determined that, in fact, this is not a spyware application,” he told TechNewsWorld.

Change in Behavior

Security experts have mixed views on the offering.

“We used to characterize Marketscore as spyware,” observed Sam Curry, vice president for product management of eTrust Security Management at Computer Associates International in Islandia, New York. “We no longer do.”

Curry explained that from January to June of this year, the program, under its former name, Netsetter, was classified as spyware. “But they changed their behavior,” he said. “However, we have recently received some more complaints, so we will be reexamining them in the weeks to come to determine if they are spyware or not.”

The complaints, he noted, center on Marketscore claims that it will enhance Internet performance.

“People have so many different kinds of Internet connections today that I don’t know how they could speed up all the different variations out there,” said Richard M. Smith, a software consultant in Boston.

Security Risk

The perception of the performance enhancements claimed by Marketscore can vary, conceded ComScore’s Hess. “It works with all connections,” he said, “but the perception of improvement will vary with connection type.”

“If you’re on a broadband connection, because you’re already on a very fast line, the perceived improvement may not be as great,” he explained.

Whether Marketscore is spyware or not, it does pose a security risk to its users, maintained eTrust’s Curry.

“If you and I were to have an encrypted conversation,” he told a reporter, “then I can be reasonably assured that anything I deliver is only openable by you.”

“What this does,” he continued, “is inserts a point into the process where your traffic is decrypted by this company then re-encrypted and sent to the person you want to have your conversation with.”

Dangerous Proposition

That can be a hairy proposition, especially when the person you’re conversing with is your bank, a credit card company, an online brokerage or a health care provider. “Can you trust Marketscore’s employees?” Curry asked rhetorically. “Can you trust everyone that has access to their networks? Can you trust the people who come in and do the services there?”

“You have to trust Marketscore to have their physical security right and to have their networks secure because they’re a very attractive target to capture hundreds of pieces of personal information about a person in one place,” he said.

“That’s a single point of failure and that’s a very dangerous thing from a security perspective,” he contended.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Malware

Technewsworld Channels