Consensual Acts

Canadian legislators have been working on new anti-spam regulations, enforced by CRTC (http://www.crtc.gc.ca) that will also include restrictions on software that installs without consent.

These new Canada’s Anti-Spam Legislation (CASL) are designed to prevent you visiting websites and having software installed without consent or for software updates you do not request or have previously authorised being installed.

Whether this unilateral action will have much effect is yet to be seen, as the violator would need to be in Canada, or their business have a Canadian office for the law to have any effect. It does pose the interesting possibility though that if other countries follow similar actions, software vendors and website owners might take the hint.

While primarily designed to protect against unauthorised installs, the legislation also covers side-by-side or bundled installs, where for example you download a game (authorised install) and get a search engine “helper” (read: crappy redirector and stealer of information) installed on the side.

CASL also covers updates that install silently – i.e. where you are not asked first if you’d like them. Fortunately “bug” and “security vulnerability” fixes are exempt, which helps ensure users will stay safe.

I’m concerned by one exception in the legislation – that “Any other program that is executable through another program that was already consented to” is allowed. I can see why it’s included, but no doubt this may lead to a test case and precedent in law – when someone downloads unauthorised, data-stealing java code that was executed by the previously approved and authorised Java runtime. We shall see.

However, until more than one country follows Canada’s lead, this may be one of the most ineffective pieces of tech-legislation around.

Keeping yourself safe

While the new Canadian laws may not protect you, you can do a lot to help yourself.

• Be cautious of the websites you visit
• When typing the address of a site and check you’ve not made a typo in the address before proceeding
• When searching for a site, use the organic (natural) search results returned to find the genuine site, not necessarily the paid ads at the top of the page (which probably won’t be the genuine site)
• When you download, use great care. For example: Some download sites surround the download you want with ads for unwanted downloads – often with really big green “DOWNLOAD NOW” buttons. These are fakes. Examine the page carefully to find the genuine link and if unsure, don’t proceed.
• If downloading a document/video/music file, you DO NOT need an executable to play/view it. Your computer should already be fine with that. If you are being forced to download an executable to “play” what you are downloading, it’s likely that at best it contains crap/adware, at worst malware.
• Finally, Keep your anti-virus/anti-malware up to date.

For more advice on cybersecurity, drop me a line or visit https://www.cyberstreetwise.com