Slashdot Mirror

A firewall doesn't protect everything. A firewall with a clueless user at the helm won't protect you from quite a lot. It won't protect you from buffer overflows, system exploits, or a lot of other automated exploits. It won't protect you from a lot of spoof attacks. It will make you non-pingable, which helps, but anything you have enabled might still be a way in. Saying that having the built-in XP firewall running gives you a 100% chance of not being compromised is like saying that having antilock breaks gives you 100% chance of surviving a crash. It helps, but if it's your only line of defense, you're screwed. Quite frankly it's grossly inappropriate to tell people to not worry anymore. Everyone should pick up a free firewall (of the kind that can detect outgoing traffic, as opposed to SP2), a free AV software package, and a free spyware detector or two.

We just had a bug fly around my work, owning the network. This was with a hardware firewall and AV. Both were working, it was just a bug that was too new and the AV vendor hadn't discovered it yet.

pop-up ads?

Good grief, they still do those?
Cure Part-1 - Cure Part-2 - Cure Part-3

There are a handful of other people I can think of who've done a similar amount of work. Merijin Bellekom, Patrick Kolla and Andrew Clover spring to mind, although there are others.

The internet experience doesn't have to be this way, but when the powers that be (Microsoft, mostly) sit on their laurels and allow the situation to degenerate, what hope is there?

At least that's how I see it. And I'm not even a file trader.

Consider: The industry has been utterly unable to stop P2P to date, and a whacked-out move like this will probably be countered in a matter of days as the authors of SpyBot and AdAware catch on and release updated signature files.

Why go to the trouble of doing something that at least some in the industry know will be easily counteracted unless they're so flustered that they're not thinking straight?

The other indicator that makes me think this is sheer desperation are the comments from Marc Morgenstern. "Just deserts?" Criminys... He sounds like a grumpy kid who got his favorite marbles taken away or something.

Remember that at least one legislator, under pressure from the RIAA, once floated the idea of hiring system crackers to do their level best to try to sabotage P2P networks. The idea withered at the time, mainly because it would have run afoul of the federal Computer Fraud and Abuse Act.

However, it is evident that the RIAA was not so easily dissuaded. They've found a sneaky way to deliver what they, in their deluded way, think is going to be a knockout punch. Adware and spyware are not (yet) illegal that I know of. What better loophole to try and pull the stunts the industry's been wanting to pull all along?

How's it all going to end? Well, this kind of move will make all the file sharers and sharing networks even more mad at the industry than they were before (assuming that's possible). It will serve as yet another wedge driven between an industry that is clearly too greedy to see past the end of its collective noses, and God knows how many people who might have been customers under different conditions.

The biggest irony to me is that they STILL haven't gotten it through their thick skulls that their music sales are down mainly because they're putting out slop that no one really wants to buy.

Example: I used to buy at least a dozen CD's a month in the early-to-mid 90's. However, in the last six years, I've bought maybe half a dozen. If that. I'm just not hearing the raw talent that I used to.

Seems to me that the industry is a victim of their own delusions. I think a line from Adam Savage, found in the opening credits for Mythbusters, hits the issue spot on: "I reject your reality, and substitute my own!"

I predict an entertainment industry implosion, due primarily to pissed-off customers and a consequent reduction in sales, within the next decade.

Keep the peace(es).

• Firefox
• Thunderbird
• Outpost Firewall
• Cygwin
• The GIMP
• Spybot
• adAware
• Trillian
• Google Desktop Search
• SETI@home
• iTunes

Spybot
Adaware

Oh, and Linux.

• Spybot - Search and Destroy
• Ad-Aware SE Personal
• SpywareBlaster

No need to limit yourself to just one, either - run all three!

CDEX
IRFanView
Winamp
iTunes
FireFox w/AdBlock and various other extensions
Some music
Assorted pictures
Spybot & AdAware
XP SP2
DefilerPak
Novell VPN client
Citrix client
Farbrausch demos
PuTTY
and the all-important XEvil

If he had kazaa installed, then that's where the popups were coming from. The windows xp built-in firewall can stop messenger ads just fine. You should have told him to download spybot, adaware, and spywareblaster.

• For a better antivirus, use NOD32 instead (they never missed a single virus in 6 consecutive years).
  
• For better anti-spam software, use POPfile instead (and it's free)
  
• For anti-spyware, use Spybot instead (and it's free)
  
• For firewall, use ZoneAlarm instead (and it can be free)
  

Spybot Search & Destroy (best and most up-to-date IMHO)
AdAware (the original big one, not as up-to-date as Spybot S&D, but it still catches stuff Spybot doesn't)
HijackThis (for the really nasty stuff that the others don't get, though this can mess up your computer if it isn't used properly)
SpywareBlaster (it isn't as good as the others mentioned, but it still couldn't hurt)

Repost of this comment, with fixed links. (Mod the other one down!)

* * *

Ad-Aware with Ad-Watch is my personal choice, which requires either the "Plus" ($26.95) or "Professional" ($39.95) edition. You'll have to go through the "Tweak" options to set Ad-Watch to run win Windows starts and start in blocking mode, but once its up -- you don't have to worry about ad/spy-ware much anymore. Just run a comprehensive Ad-Aware scan every week or two, and check the results list to make sure nothing useful is being flagged as spyware! Oh, and Ad-Aware's free version (that does not come with Ad-Watch) is a very effective scanner/cleaner, but it will not stop ad/spy-ware from infiltrating your system -- it can only remove it after the fact, which often requires several minutes (or even hours?) of tweaking after their removal.

Spybot Search & Destroy is my second choice, and except for its tendency to treat files quarantined by Ad-Aware as spyware (well, they are, but they're quarantined!) and to miss a few items that Ad-Aware finds, Spybot is very capable of keeping your PC (mostly) clean. But here's the catch: Spybot is freeware, so it is much more cost-effective than Ad-Aware, but remember the old addage: "You get what you pay for."

I've used both Ad-Aware (more extensively) and Spybot (somewhat extensively) for several months, and here's my suggestion: use Spybot or Ad-Aware's free version at home if your files aren't "top secret" or otherwise crucial to anyone's survival; use Ad-Aware Plus or Professional on business computers (where the company will pay for the license) or if you want to protect your computer from gathering ad/spy-ware in the first place.

There are other options out there, and remember that nothing is perfect... Some legitimate things will be deleted if you're not careful, and some illegitimate things will sneak through no matter how careful you are. The ad/spy-ware-war only marks our attempts to stay ahead of the game.

Spybot S&D seems to know most of the spy stuff out there, and you can also lock your IE preferences (like your home page) and changes to your host file (to prevent the hijacking). Works for me, anyway.

Here is what gets installed after Windows XP Home SP1a and all the patches:

1. ZoneAlarm Personal Firewall
2. Norton SystemWorks 2004
3. Lavasoft Ad-Aware
4. Spybot Search & Destroy
5. BigFix
6. Adobe Acrobat Reader
7. Mozilla Internet Suite
8. JGSoft EditPad Lite
9. WinZip
10. Yahoo! Messenger

It's not privacy people are yelling about; it's the PERCEPTION of privacy. Lots of folks have known all along that these little spies have been getting installed on people's computers. Some of them have actually done something about it; they install and run software like Spybot Search and Destroy. A few will even switch to an alternate browser like Mozilla to help keep spyware off their machines. But largely they don't care unless it jumps up and bites them on the backside. GMail was planning to do just that, by targeting ads based on message content. Never mind the information would never be audited by a human, it's just the reminder that it's not private that's rankling.

"Symbolism over substance", as Rush Limbaugh pointed out; to most people, it doesn't matter if they have privacy so long as they can pretend they have it. Just like they can vote for people who lie their asses off (and I'm not even going to draw a distinction between either Republicrat party), just so long as they can PRETEND they're electing people who have their best interests at heart.

For adware/spyware, use Spybot and Ad-Aware for this.

For the average program, Windows XP comes with a very nice utility that allows you to restore your setup to a previous day. I've found it to be very useful. Don't know about more generic utilities for older Microsoft OSes.

spybot is my favourite and seems to find more than adaware

http://security.kolla.de/
(downish..)

or get it here:

http://download.com.com/3000-2144-10194058.html?ta g=lst-0-1

is the absolute bomb...

Note the paypal link... throw the author a few bones; it's a great program.

Personally, I have found Spybot to be a much better program to remove spyware. Spybot's Website But personally, nothing can beat knowing what you install and reading those license agreements carefully. Or install Linux where people arent as likely to embed spyware in the program.

They only scanned for four spyware programs. I would say over half of all Windows machines connected to the Internet are infected. The other half that aren't infected are people who know how to avoid being infected, or don't surf the web. If they would have scanned for every spyware program included with Spybot instead of just those four, they would have come up with a much higher number.

Oh, please. Can you actually name any of this "shackle-ware," "spyware," and "gagware?" Why are you blaming this on Windows?

Download Spybot Search & Destroy, and look at the list of stuff it scans for. It's massive. Pick a random Windows machine from an average user, then run Spybot S&D on it. You'll be amazed.

"Third-party applications bundled with this download may record your surfing habits, deliver advertising, collect private information, or modify your system settings."

Who cares?

Adaware seems to not be maintained anymore.

Personally, i use spybot.

Spybot Search & Destroy at http://security.kolla.de

What are parasites?

'Parasite' is a shorthand term for "unsolicited commercial software" -- that is, a program that gets installed on your computer which you never asked for, and which does something you probably don't want it to, for someone else's profit.

"I'm buying a new mid-grade laptop computer, which I plan to dual-boot between Windows XP Home and Mandrake 9.x. Before its arrival in a few weeks I'm trying to think of what 'essential' software I'll need to make a usable home system. In general I'd like to spend as little money as possible (free is good). As far as my needs, think 'typical family PC' without an emphasis on gaming. I know I can get something like Open Office for word processing, presentation, etc. needs, but is there such a good thing as a good free virus checker? A good free email client? A handy web browser? What would you consider the top 10 (or so) pieces of software for a new home system, bearing in mind that I need software for both the Windows and Linux side of things?""

These are the files I keep on my "Esential CDs" that I bring around to help out other non-techs (Windows users) people. (Of course because they are financially broke after paying $200 for their Operating System, they want everything else to be free.) ;-)

Anti-Virus: The best free antivirus program I have found AVG Anti-Virus 6.0

Office Suite: (Word Processing, SpreadsThe quick brown fox jumped over the lazy dog.
The quick brown fox jumped off the edge. The quick brown fox ran off with all his toysheet, Slideshows, etc.)
Open Office 1.1

CD/DVD data/audio Burner: (and doubles as a CD image creator .ISO and .CUE)
BurnAtOnce 0.99a

CD/DVD image loader/emulator (perfect for people who often misplace their CDs): (loads .ISO, .CUE, .CCD, .CDI etc. files without burning them)
DAEMON Tools 3.41

MultiMedia Player (Mpeg, Mp3, AVI, etc.)Winamp Classic 2.91

or for audio only Foobar 2000 0.7

Zip Extractor:Ultimate Zip or7 Zip 3.11

Download Accelerator:Star Downloader v1.42

Internet Browser: (other than IE) Mozilla 1.4 or Opera 6.20

System Statistics: (Motherboard, Memory, BIOS, Video, Software info, etc)AIDA32 3.80

E-mail (other than Outlook Express)Thunderbird 0.2 or Pegasus Mail 4.12

Spyware/Adware killer:Ad-aware 6 or Spybot Search & Destroy 1.2

Pop-up Killer/Browser Enhancer (for IE)Google Toolbar 2.0.102

PDF document reader:Adobe Acrobat 6.0

FTP program (other than IE and the command line FTP)Winsock FTP LE 5.08 or FileZilla 2.2.1

Internet Chat Programs (other than Windows Messenger)Gaim 0.70or Trillian Basic 0.74E

Firewall Software:ZoneAlarm 3.7.211

or if you have Highspeed Internet, a spare 200mhz PC, and two network cards laying around...ClarkConnect 2.0

CD Ripper / MP3 Creator CDex 1.51

Graphics Editor (other than Paint) The Gimp

Graphics viewer (other

Here are my most favorite windows apps. Some are free. All at least have trials. They are in no particular order.

Firewall: BlackIce
Virus Scanner: AVG Anti-Virus
Instant Messaging: Trillian
Movie Player: BSPlayer
Web Browser: Slim Browser
Mail Client: The Bat!
Taskbar Improvement: True Launcher Bar
SpyWare Protection: Spybot Search & Destroy
File Compression: Win Rar
Hex Editor: Hex Workshop
Audio Player: Winamp
Ternimal Emulator (telnet/ssh/etc): SecureCRT

Link.

The boss got pointed to spybot S&D at Spybot-S&D by microsoft tech support! Works good for me, the Wife's Windows XP machine sure boots a lot faster after cleaning out 148 spyware programs trying to boot.

The only disadvantage is having to explain why the cute screensaver she downloaded won't intall because it's full of spyware. Same goes for KaZaa et. al. It's free as in beer but they'll take donations.

Then use spybot s&d. I like it a bit better than AdAware and some spyware checks for and disables AdAware.

I believe you would of found more with SpybotSD. Or maybe they use a different counting system. Or maybe I caught extra spyware whilst rebooting...

Anyway, it seems more suited to a site like this than Ad-aware does.

You should check out Spybot Search and Destroy. I prefer it to Ad-Aware.

Excellent research! I need to go through and patch the holes that my pre-teen kids, spouse, in-laws, and mom have probably left with their game downloads.

Meanwhile, I just ran over to the SpybotSD site to check them out, and got a reminder of how easy it is to get focused on one technical aspect, only to get wallopped by another. In this case, it's the domain name game.

According to this news item, the Spybot folks failed to check to see if spybot.com was available. It wasn't -- looks like it's been registered since '98. I haven't gone to the spybot.com site (don't want to give them the hits), but a company called InBox Inc. is going to try to trademark "Spybot" -- or at least, get "our" Spybot company to cough up some dough.

Similar problem with another project -- they didn't grab safer-networking.com or safernetworking.com, either. This time, it's a matter of not checking your back: both domains were just registered on April 1 (appropriately enough).

That's the problem with being a one-man show (as this appears to be)... there's only so much one person can do, especially when you're already juggling 10 balls while pedaling your unicycle across the tightrope.

Of course, I've added all three domains to my whois.sc watch list! Don't worry... I'm a white hat domain squatter.

Of the bad ones, Lop (which you have) is far and away the most difficult to get rid of. It has many separate components, a Browser Helper Object, an executable launched at startup via an entry that's in your registry's HKLM/Software/Microsoft/Windows/CurrentVersion/Run key, (and possibly in RunOnce and/or RunServices, plus in the same path under each user as well), and others. I think it may even replace your WSOCK32.DLL but I don't remember if Lop is that one. If it is, it certainly would explain why your DNS went haywire. The deal with Lop is that all these components watch over each other. If you delete or disable one component, the others silently patch the hole next chance they get.

To answer your question, I've never heard of it affecting a firewall/router. (I kind of assume you're running a Linksys, but regardless of the make & model make sure you don't still have the default password on it.) If Lop patched your winsock layer, the Windows box would be completely unable to tell you the truth about DHCP or DNS.

It's not quite as bad as kudzu, but it's definitely not something you want.

Anyway, I've found Spybot S&D to be a most excellent tool with frequent and current updates. It's the first thing I run every time I visit friends or family and they want me to look at their computers. It's also free, (but donations are welcome.) I switched from the paid version of AdAware+ after they failed to release V 6.0 on time. I do wish that the anti-virus vendors would block some of this crap.

Other things I run to defend my Microsoft equipment from this stuff?

• I run BHOCop occasionally, which lets me manage "Browser Helper Objects". The only BHO I allow is Acrobat.
• I use StartupMonitor which watches all the startup registry keys, the "Startup" folders, the system services, and the Autoexec and Config files for changes and it pops up a confirmation message box before allowing any changes that would allow a new program to run on startup. If something wants to run at startup, I think I should know about it. It used to be freeware, but I think the magazine that sponsored it now wants $20.00 for it. I suppose I'll just have to get off my butt and write one (it's about a dozen Win32 API calls.) And while I'm at it, I think I'll have it watching for BHOs at the same time, and try to kill two birds with one stone. I don't like how it doesn't play nice with multiple users under XP anyway.
• I run Mozilla as my primary browser. None of the spyware fiends seem to have targetted it. And it doesn't run stupid objects. But, I still have IE as the default browser because on Windows, there are some things that just have to have IE.
• I run the Proxomitron as an ad-filtering proxy, so I added certain anti-spyware checks into it.
• My son likes running Zone Alarm to keep an eye on what's leaving his box, but I found it kind of annoying so I removed it from mine. It doesn't really prevent much, per se, but it does let you know you're infected.
• I tried creating directories for the default paths of Xupiter, Kontiki and others, and used CACLS to have NTFS remove all access. That was kind of a mistake, because even I couldn't get rid of them after that.
• Finally, I had entries in my hosts file for the sites of the known worst offenders (lop, xupiter, bonzi buddy, gator, kontiki) so that even if something slipped thru, I wouldn't be accidentally talking to them. But I ended up with over 1600 lines in my hosts file, though, and name resolution started taking way too

Check out Spybot Search and Destroy. It's the best spyware remover i've ever used. Updates itself often and can lock down your computer against future attacks.

just be sure to run something to remove the key logger it installs along with itself. Try this after you install it and you'll see what I'm talking about

As Kazaa comes bundled with multiple spyware programs this also gives you an idea of how many computers are infected with its programs, mind boggling really

remember Kazaa is just a vehicle for this software as their revenue model is based on the user installing it, i feel sorry for all the support desks that are going to have to deal with all the problems it brings and the security implications when someone/thing exploits it, imagine how many corporate systems are infected and the implications that could bring for security in the workplace now that other private companies have direct access to their data bypassing firewalls etc (by using http port 80 to communicate) i mean Windows isnt exactly the most secure system around but these applications have made this so much worse and it can only be a matter of time until someone develops a *nix port of spyware.

The sooner they are out of buisness the better for the user, but these numbers prove that it isnt going to happen unless virus companies decide to pull their fingers out and target these applications which are probably more destructive and intrusive than most viruses.

According to the virus scanner companies stance , if you release a worm,virus etc with an EULA you are exempt from detection and are free to extract any information you like from the users/hosts system for financial gain
(regardless of what laws exist to protect the users data in his/her country)

luckily a few good people have addressed this problem but as their software isn't as widely known as the big boys (Symantec,Mcafee,Sophos etc) and doesn't come bundled as standard by pc manufacters (as a lot of virus protection does) i fear this situation can only get worse until the users computer becomes an un-usable device

First off I don't take advice from some newspaper flunky. Second it never ceases to amaze me just how freaking stupid a lot of people are when it comes to computers.

They get spyware because they don't read freaking license agreements or EULA's, or get it because they are too dumb to tighten up browser security so your browser (often Internet Explorer) WONT auto download and install it for you like a good little bitch. If people would actually use software like Proxomitron and JD5000 (Add-in for Proxomitron), then you would not have problems with drive by spyware or other HTML/Java/Javascript/Exploits/Nasties while browsing the web. It's called UNIVERSEL WEB FILTER for a reason!!!.

Not to mention of course the biggest things like ACTUALLY VIRUS SCANNING everything that comes into your computer and doing system maintenance by de-fragmenting your hard drive or even getting something like Norton Utils 2002 or later to keep the system, registry, and hard drive(s) maintained properly.

Just this week I talked to two people I see online often in IRC. One was stupid enough to have 330 ITEMS OF SPYWARE detected in Ad-Aware and another is too dumb to actually tighten up his mIRC settings to avoid automatically downloading IRC viruses/worms.

I'm sorry but I have no sympathy for morons who can't keep virus scanners updated and virus scan everything that comes into the computer, cant keep up to date with software like AD-Aware 6 and Spybot: Search and Destroy, or actually uses Internet Explorer or other browsers with default settings on a windows box and wonders why the hell crap like Xupiter and viruses get through the holes in their browser(s).

And if you follow the "steps" laid out by that lame assed newspaper article, it's a big mess of crap for nothing when if you actually have a freaking clue how everything works on your computer (both software and hardware) then you will VERY RARELY if EVER need to re-install. I laugh at thee who re-installs a OS every 3 months or every year because of their stupidity. Sell your computer if you are too dumb to do the most basic of steps. *Rolls eyes*

there are lots of programs that remove spyware and its ilk, but few can actually block them.
the best one i've found is SpybotSD, which has a database of "bots" - things like Gator, Precision time, usage-tracking cookies, dialers, keyloggers, and several other types of evil software than no one in their right mind would want on their (nor anyone else's) computer. every time i've used it, SpybotSD has caught things that Adaware (which i love and used for a loooong time) missed. but the coolest thing about SpybotSD is that it actually blocks malicious ActiveX controls, tracking cookies and file downloads. that means you just don't see things like "would you like to download and install 'SupaFree53x0rDialer!!!11.exe' ?" anymore.
i don't know what it does to block these things; i don't care, and i don't have to. they just don't exist anymore.

Or download spybot search & destroy - its really quite good at getting rid of GAIN and other nasty crap

Spybot seems a bit more comprehensive and user friendly than Adaware, but to be sure I run both. :-)

• A Win98 Boot Disk with
• CD of Windows 98SE
• Burned CD with Win98SE service packs/patches
• AVG Free Anti Virus (Free - as good as Norton IMHO)
• Winrar (Shareware - handles most archive formats)
• Ranish Partition Manager (Free - runs from bootable floppy)
• Pc Inspector File Recovery software (Free)
• Spybot search & destroy (Free - removes spy ware / Trojans ,ect)
• SpywareBlaster (Free - prevents most spyware, trojan, and "browser help objects(I.E. Gator and Lop.com) from ever being installed in the first place)

Antivirus software just cannot detect it.
That's because you gave permission to install it via some sneaky click-wrap license. You know, those ones you never read? AV companies have the technology, but they would probably get their pants sued off if they called another company's product malicious when it was merely annoying or nosy--and when the user supposedly consented to it being there.

The wintel world (win9x) needs something that can get Gator and friends out the door.
There are plenty of them already, like Pest Patrol, Spybot S&D, and Ad Aware.

There's a lot of good information on spyware at Doxdesk and Spyware Info.

I installed SpyBot-Search & Destroy 1.1 and I hardly get ANY pop-ups or doublclick ads anymore... I don't know what the software did, but I actually don't see 75% of the crap ads out there... and I DO see only ads that are relevant to my interests. I hardly get pop-ups either, though I haven't blocked all of them yet.

Check out this program... its great for killing spyware too!

untested by me, but: Ad-Aware should be able to handle CnsMin as of reffile 042-24-09-2002. Also, SpyBot - Search & Destroy should handle it.

After an ordeal like that, I would also do a sweep with Spybot Search & Destroy. It is more 'evidence-eliminator' oriented but it caught some stuff (spyware registry keys and the like) on my machine that ad-aware missed. The only way your windows installation will be totally clean, though, is clean it out and do a clean install. If you have the time, I would highly recommend you do that.

...or spybot

Some claim it to be better than Ad-Aware, it seems to remove a lot of spy/adbots

...or spybot

Some claim it to be better than Ad-Aware, it seems to remove a lot of spy/adbots

Well, not a virus, but I'd certainly call it a trojan. So did Trend and McAfee when they came across the 'dlder' spyware that crept into many P2P apps last year, since it wasn't mentioned in the licence agreement, and some of the apps' companies claimed to have been unaware of it.

In the end, they backed down. McAfee still detects it, but only if you ask it to look for 'other programs' as well as viruses/trojans. There are a few other parasites in this category. But mostly, it's a case of "if it isn't used by 'hackers', it's not a proper trojan".

Luckily, there are others working on anti-spyware software. Ad-Aware and Spybot S&D are the most popular. more info + online check...