Spyware security management via a public key infrastructure for client-side web communicating applications

Internet technologies continue to revolutionize the legitimate collection of information from targeted host machines and its transmission to remote servers. The term 'spyware' refers to that subset of information collection software that operates illicitly and non-consensually. Two fundamental issues continue to complicate spyware legislation development and operational control strategies. Firstly, unlike the clearly criminal distribution of virus infections, the distribution of spyware is mainly a commercial venture. Secondly, spyware utilizes the same technologies that underpin essential, legitimate information collection applications. This paper describes a security framework to manage these two issues. The security framework, at its core, requires the authentication by the host operating system of each outgoing Web session initiated by each software application running on that host machine. This authentication requires that each software application initiating Web communications be uniquely named via a Public Key Infrastructure digital certificate - and must use this name in all initiated Web communications. This framework facilitates the usermanagement of all Web communication streams emanating from the host - and this in turn supports the identification of software that engages in the deceptive, misleading, and fraudulent practices already proscribed in existing technology-focused legislation. © 2010 IEEE