Slashdot Mirror

← Back to Stories (view on slashdot.org)

On the Prevalence and Removal of Spyware?

Posted by Cliff on from the removal-of-those-pesky-spytraps dept.

oo7tushar asks: "There's a lot of spyware out there these days. As a Windows/Linux user I'm concerned about what spyware is installed on my machines and I'm very concerned about this issue when it comes to Windows. A few questions for the masses: What are the most common spying applications that are installed? How do I get rid of them without getting rid of the parent application? Have you encountered spyware on Linux?"

38 comments

  1. Removing Spyware by Innomi · · Score: 5, Informative

    There is a program called AdAware which will automaticly remove spyware from your system. Some programs though, refuse to run if thier spyware is missing. Adware: http://www.winsite.com/bin/Info?5000000038314

    1. Re:Removing Spyware by |_uke · · Score: 3, Informative

      This is good software. I have used it for about a year now. There are a few things that it wont detect but it generally does a good job.

      Ad Aware does the following, plus more:

      * Removes registery settings belonging to Ad software.

      * Removes Ad software

      * Removes cookies from ad sites

      etc

      it works pretty well

      --
      Luke
    2. Re:Removing Spyware by Hard_Code · · Score: 2, Insightful

      Yes. End of story. Move along people.

      --

      It's 10 PM. Do you know if you're un-American?
    3. Re:Removing Spyware by lw54 · · Score: 1

      Here's the link to AdAware for the lazy and cut & paste impaired.

    4. Re:Removing Spyware by OctaneZ · · Score: 3, Informative

      I can't say enough good things about AdAware, I have recommeneded it or installed it on all of my friends machines (who for all intents and purposes I support). NEarly every "average" user has installed something that came with spyware. Some people noticed marked improvements in their systems speed after having 20-30 spyware aps removed. AdAware is developed by Lava Soft.
      -OZ

  2. Watching for Spyware by jayers · · Score: 5, Informative

    Spyware needs to communicate what it is spying. A personal firewall on your machine and some understanding of what your machine should be sending out to others and receiving in can be surprisingly effective in telling you about things happening on your machine. A good one lets you set up default acceptance for your normal stuff and so you see only exceptions.

    1. Re:Watching for Spyware by tuanjim_2001 · · Score: 1

      jayers has and excellent point here. I'm running zonealarm . One of the free personal editions, and it has worked wonders on letting me know who is trying to get out of my system. And we'll just say that this is a good thing(tm). I sure don't want MS to know what I really use media player for :). Also you could set up ipchains or whatever the *BSD variant is, it slips my mind at the moment, and only allow through what you allow through, and most of everything that tries to connect over no standard port will be stoped. If you set it up that way.

      --
      "If a quarter is two bits, then a dollar's a byte." -R Deric Miller
    2. Re:Watching for Spyware by dschuetz · · Score: 4, Insightful

      and most of everything that tries to connect over non standard port will be stoped

      Yeah, but if you were writing a spy-ware program, would you use a non-standard port to send it out?

      I'd just send it over HTTP on port 80. Or better yet, HTTPS on 443, so no content-sniffing could be done on it. Would you be willing to stop all web browsing traffic leaving your home/site/corporation?

      The only way, then, to stop this would be to block traffic to particular sites, but if the traffic goes to microsoft.com, you're hosed 'cause you *need* to go there at least monthly to fix whatever's currently broken. :) Plus, now you need a community-contributed and -distributed blackout list (of known spyware URLs), and at that point, you might just as well be using AdAware.

      If these programs aren't already doing this, then they're even dumber than I thought. Unless *I* am dumber than I thought (and I admit I can be pretty stupid at times) and I've missed something obvious here.

    3. Re:Watching for Spyware by tuanjim_2001 · · Score: 2, Interesting

      I was specifically speaking about if the maching in question with the spyware is a *inx, or *BSD machine, for the reference to ipchains, etc. But you have an excellent point. Sending spyware data out over https/443 would be the way to go. Thinking about it even further they could use any high numbered port that isn't reserved, or if this is a windows world grab a low numbered port on boot, and send data over this encrypted and the server that the spys are listening on decrypt there. This would be an waste of CPU cycles but if you are writing sypware you really don't care about who's cycles you are wasting, as long as they aren't yours.

      --
      "If a quarter is two bits, then a dollar's a byte." -R Deric Miller
    4. Re:Watching for Spyware by Anonymous Coward · · Score: 2, Informative
      Yeah, but if you were writing a spy-ware program, would you use a non-standard port to send it out? I'd just send it over HTTP on port 80. Or better yet, HTTPS on 443, so no content-sniffing could be done on it. Would you be willing to stop all web browsing traffic leaving your home/site/corporation?


      Your malware still won't work. The better Windows firewalls (ZoneAlarm and Tiny Personal Firewall) do an MD5 check on the executable before allowing traffic. If you patch the executable or try to access a port which is allowed to only one process, the activity will be blocked and/or logged, depending on your firewall rules.

      This is one added layer of security that an external firewall cannot have. Only client-native software can authoritatively check the process generating the network activity. External firewalls block only behaviour, not process-owners. Ideally, you want both, but for a Windows client, both ZA and TPF work well.
  3. A psychological consideration by ringbarer · · Score: 2, Interesting

    "Spyware" is too feeble a word for the nastiness these hidden programs get up to. We should start referring to them as "Cancerware". Essentially, they act like cancer, destroying the productivity and aecurity of your machine by infesting it with backdoor software.

    And the harsh connotations this name conjures up shall help to remind the layperson of the seriousness of this problem.

    --
    "Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
    1. Re:A psychological consideration by TRACK-YOUR-POSITION · · Score: 1

      I think we should call it "Naziware", because it hides in free_as_in_beer software, then it leeches your system resources. Just like the Nazis.

  4. Try Who's Watching Me by YoshiR · · Score: 4, Informative

    Spyware detection software. www.trapware.com

  5. PCMagazine... by Eagle7 · · Score: 2

    ...just did a story about this. Can't find it online, but it's in libraries now.

    --
    _sig_ is away
    1. Re:PCMagazine... by Eagle7 · · Score: 3, Informative

      Just remembered, one of the products they recommended was Evidence Eliminator by Robin Hood software.

      --
      _sig_ is away
    2. Re:PCMagazine... by DrSkwid · · Score: 1

      my ISP hosts that site, talk about traffic!

      --
      There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
    3. Re:PCMagazine... by Anonynnous+Coward · · Score: 3, Insightful

      Dude, I don't know about you, but the last thing I would want to have on my machine when the Feds came and served a no-knock warrant at 3 AM is a program listed in Add/Remove programs called "Evidence Eliminator"--that alone would be enough to intimidate someone into copping a plea. Imagine the prosecutor telling about it to the jury: "The defendant, an obvious hacker|child molestor|software pirate|cracker, covered his tracks using this program (insert description of what it does." Instant conviction.

    4. Re:PCMagazine... by epodrevol · · Score: 0

      It frees up a lot of space on some drives, I salvaged a gig out of free space on my drives.

      --
      "I am a warrior, and information is my weapon..."
    5. Re:PCMagazine... by daviddennis · · Score: 3, Informative

      Read this before you buy or use the program:

      http://www.radsoft.net/resources/software/review s/ ee/

      They're notorious spammers, and tests showed it's not all that effective.

      D

  6. Re:Another fucking moron turns to "ask slashdot" by spacecowboy420 · · Score: 1, Flamebait

    I think a question this "fucking moron" has asked that is viable is about linux spyware. I have been concerned about this for a while, but there is not any software listed in a simple google search that suggests that they can detect and remove linux spyware. I have also not seen a mention of linux spyware being found anywhere - so you should turn your hostilities to the posters who do nothing but suggest programs for countering windows spyware (geez, how many those posts do we need) and miss the rest of the post.

    --
    ymmv
  7. Yeah whatever by TRACK-YOUR-POSITION · · Score: 3, Funny

    Guys, you just need to follow these seven steps to secure your windoze machine!!!

    1. Re:Yeah whatever by pisdtal · · Score: 1

      Im so glad you pointed out that page. I really needed a good laugh today.

      --
      We admit all this to insure disbelief
    2. Re:Yeah whatever by BerserkDog · · Score: 1

      Guys, you just need to follow these seven steps [microsoft.com] to secure your windoze machine!!!
      Seven steps...hmmm..
      Windows Anonymous....
      Step One: Admit you have a problem.
      Step Two:....

  8. AdAware is cool, but... by fm6 · · Score: 4, Informative
    Some programs though, refuse to run if thier spyware is missing.
    Not the clever ones. Gator just goes ahead and re-installs the spyware. Which is why I'm back to filling in my own forms.

    I'm actually pretty sloppy about privacy. But a lot of spyware -- including Gator's -- hooks into Explorer and other shell programs at a very basic level. Results range from an irritating loss of response to maddening crashes and lockups.

    AdAware is quite good. But you also need Ref-Update (to keep your AdAware signature file current) and Ad-Search (to help avoid downloading spyware in the first place). All three available here.

  9. A Website for SpyWare by VegeBrain · · Score: 2, Informative
    This website has an excellent information on SpyWare. It tells what SpyWare is, gives examples of SpyWare they've found so far and how to remove it manually. If you don't want to remove it manually there are linkts to commercial software to remove it.

    I used this website to kill several SpyWare programs on my Windows machine at work. So far they don't mention any SpyWare software for Linux.

  10. Label them as a VIRUS... by MadCow42 · · Score: 2

    I think that companies like Symantec and McAfee should include these types of programs in their Virus definitions, because after-all, they're a type of Trojan. This is the most logical way to rid the earth of these applications.

    At the very least, they should be identified to the user during a virus scan.

    Just because the user "agreed" to some insignificant and cryptic blurb in a 14-page EULA, it doesn't mean that this type of software is legitimate. I'd guess that less than 0.1% of users actually READ the EULA anyways. Some of the less legitimate ones don't even have an EULA or "spyware" clause.

    MadCow.

    --
    I used to have a sig, but I set it free and it never came back.
    1. Re:Label them as a VIRUS... by Firefly1 · · Score: 2, Informative

      Good call... in fact, the cexx.org folks say that this is already happening in some cases. To complement this, I would also suggest a campaign for concise and comprehensible EULAs that explicitly list any and all of these 'extras'. These 'extras' should, of course, then be readily and entirely uninstallable, and not a requisite for the functioning of whatever program the user has downloaded.

      --
      - White Knight of the Order of Mihoshi Enthusiasts
  11. Ummm by pisdtal · · Score: 1

    Get a Mac?

    --
    We admit all this to insure disbelief
    1. Re:Ummm by jo42 · · Score: 1

      Then the wankers will start adding spyware to Mac software. Duh.

  12. Re:Another fucking moron turns to "ask slashdot" by cavemanf16 · · Score: 1

    The reason there isn't spyware for Linux (that I know of) is because no one is being paid to put out software for it (in general). Most of the programs downloadable for Linux are all OpenSource, and not shareware. The corporate mentality of Linux is different, because companies selling Linux products are usually selling to businesses, not individual consumers. Thus, the "hard sell" is needed more often than not, and not some crappy spyware program.

  13. Flood 'em by raju1kabir · · Score: 3, Insightful

    Someone needs to reverse-engineer the protocols used by these programs and start shoving gigabytes of bogus data down their throats.

    In short order they'll either cut your IP range off, in which case you've done a fine service for your ISP's fellow customers, or they'll start aggregating clearly bogus data which will decrease its marketability to their clients.

    Are they going to take you to court and say "Your honor, we were secretly spying on this person and he's started lying to us about what he was doing online..."?

    --
    "Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
  14. Linux Spyware by Anonymous Coward · · Score: 0

    I'm posting as anoncow because I'm about to violate some NDAs, and possibly some draconian IP laws as well.

    Linux spyware exists. Some scientific and engineering related software (typically closed source + proprietary) beam back substantial amounts of information. Sometimes they're rather subtle (data in checksum fields and sequence numbers in TCP packets).

    Firewalls won't do because the programs will refuse to run if they can't act as spyware. Best methods I know of is to either reverse engineer the executable and bypass the offending subroutines or spoof the server(s) the program is trying to contact. Both of these techniques are highly illegal in many jurisdictions

  15. Re:Another fucking moron turns to "ask slashdot" by Yottabyte84 · · Score: 2

    There is certianlt adware for linux (opera)....

  16. Re:Another fucking moron turns to "ask slashdot" by Anonymous Coward · · Score: 0

    There was an instance of a shopping cart perl script that when first run would send out an e-mail to the script's author. Not a problem, if the documentation clearly stated that this would happen which it did not.

  17. spyware list sites. by zteknofreak · · Score: 1

    a google search for 'spyware list' turns up some relevent results. http://www.google.com/search?hl=en&ie=UTF8&oe=UTF8 &q=spyware+list&btnG=Google+Search some are better than others. almost all that i have been in contact with are responsive to input as well if you find some new spyware. what i'm not sure about is if there is a master repository that has all spyware on it.

    --
    --------- unix, because rebooting is for adding new hardware.