Slashdot Mirror

← Back to Stories (view on slashdot.org)

On the Prevalence and Removal of Spyware?

Posted by Cliff on from the removal-of-those-pesky-spytraps dept.

oo7tushar asks: "There's a lot of spyware out there these days. As a Windows/Linux user I'm concerned about what spyware is installed on my machines and I'm very concerned about this issue when it comes to Windows. A few questions for the masses: What are the most common spying applications that are installed? How do I get rid of them without getting rid of the parent application? Have you encountered spyware on Linux?"

21 of 38 comments (clear)

  1. Removing Spyware by Innomi · · Score: 5, Informative

    There is a program called AdAware which will automaticly remove spyware from your system. Some programs though, refuse to run if thier spyware is missing. Adware: http://www.winsite.com/bin/Info?5000000038314

    1. Re:Removing Spyware by |_uke · · Score: 3, Informative

      This is good software. I have used it for about a year now. There are a few things that it wont detect but it generally does a good job.

      Ad Aware does the following, plus more:

      * Removes registery settings belonging to Ad software.

      * Removes Ad software

      * Removes cookies from ad sites

      etc

      it works pretty well

      --
      Luke
    2. Re:Removing Spyware by Hard_Code · · Score: 2, Insightful

      Yes. End of story. Move along people.

      --

      It's 10 PM. Do you know if you're un-American?
    3. Re:Removing Spyware by OctaneZ · · Score: 3, Informative

      I can't say enough good things about AdAware, I have recommeneded it or installed it on all of my friends machines (who for all intents and purposes I support). NEarly every "average" user has installed something that came with spyware. Some people noticed marked improvements in their systems speed after having 20-30 spyware aps removed. AdAware is developed by Lava Soft.
      -OZ

  2. Watching for Spyware by jayers · · Score: 5, Informative

    Spyware needs to communicate what it is spying. A personal firewall on your machine and some understanding of what your machine should be sending out to others and receiving in can be surprisingly effective in telling you about things happening on your machine. A good one lets you set up default acceptance for your normal stuff and so you see only exceptions.

    1. Re:Watching for Spyware by dschuetz · · Score: 4, Insightful

      and most of everything that tries to connect over non standard port will be stoped

      Yeah, but if you were writing a spy-ware program, would you use a non-standard port to send it out?

      I'd just send it over HTTP on port 80. Or better yet, HTTPS on 443, so no content-sniffing could be done on it. Would you be willing to stop all web browsing traffic leaving your home/site/corporation?

      The only way, then, to stop this would be to block traffic to particular sites, but if the traffic goes to microsoft.com, you're hosed 'cause you *need* to go there at least monthly to fix whatever's currently broken. :) Plus, now you need a community-contributed and -distributed blackout list (of known spyware URLs), and at that point, you might just as well be using AdAware.

      If these programs aren't already doing this, then they're even dumber than I thought. Unless *I* am dumber than I thought (and I admit I can be pretty stupid at times) and I've missed something obvious here.

    2. Re:Watching for Spyware by tuanjim_2001 · · Score: 2, Interesting

      I was specifically speaking about if the maching in question with the spyware is a *inx, or *BSD machine, for the reference to ipchains, etc. But you have an excellent point. Sending spyware data out over https/443 would be the way to go. Thinking about it even further they could use any high numbered port that isn't reserved, or if this is a windows world grab a low numbered port on boot, and send data over this encrypted and the server that the spys are listening on decrypt there. This would be an waste of CPU cycles but if you are writing sypware you really don't care about who's cycles you are wasting, as long as they aren't yours.

      --
      "If a quarter is two bits, then a dollar's a byte." -R Deric Miller
    3. Re:Watching for Spyware by Anonymous Coward · · Score: 2, Informative
      Yeah, but if you were writing a spy-ware program, would you use a non-standard port to send it out? I'd just send it over HTTP on port 80. Or better yet, HTTPS on 443, so no content-sniffing could be done on it. Would you be willing to stop all web browsing traffic leaving your home/site/corporation?


      Your malware still won't work. The better Windows firewalls (ZoneAlarm and Tiny Personal Firewall) do an MD5 check on the executable before allowing traffic. If you patch the executable or try to access a port which is allowed to only one process, the activity will be blocked and/or logged, depending on your firewall rules.

      This is one added layer of security that an external firewall cannot have. Only client-native software can authoritatively check the process generating the network activity. External firewalls block only behaviour, not process-owners. Ideally, you want both, but for a Windows client, both ZA and TPF work well.
  3. A psychological consideration by ringbarer · · Score: 2, Interesting

    "Spyware" is too feeble a word for the nastiness these hidden programs get up to. We should start referring to them as "Cancerware". Essentially, they act like cancer, destroying the productivity and aecurity of your machine by infesting it with backdoor software.

    And the harsh connotations this name conjures up shall help to remind the layperson of the seriousness of this problem.

    --
    "Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
  4. Try Who's Watching Me by YoshiR · · Score: 4, Informative

    Spyware detection software. www.trapware.com

  5. PCMagazine... by Eagle7 · · Score: 2

    ...just did a story about this. Can't find it online, but it's in libraries now.

    --
    _sig_ is away
    1. Re:PCMagazine... by Eagle7 · · Score: 3, Informative

      Just remembered, one of the products they recommended was Evidence Eliminator by Robin Hood software.

      --
      _sig_ is away
    2. Re:PCMagazine... by Anonynnous+Coward · · Score: 3, Insightful

      Dude, I don't know about you, but the last thing I would want to have on my machine when the Feds came and served a no-knock warrant at 3 AM is a program listed in Add/Remove programs called "Evidence Eliminator"--that alone would be enough to intimidate someone into copping a plea. Imagine the prosecutor telling about it to the jury: "The defendant, an obvious hacker|child molestor|software pirate|cracker, covered his tracks using this program (insert description of what it does." Instant conviction.

    3. Re:PCMagazine... by daviddennis · · Score: 3, Informative

      Read this before you buy or use the program:

      http://www.radsoft.net/resources/software/review s/ ee/

      They're notorious spammers, and tests showed it's not all that effective.

      D

  6. Yeah whatever by TRACK-YOUR-POSITION · · Score: 3, Funny

    Guys, you just need to follow these seven steps to secure your windoze machine!!!

  7. AdAware is cool, but... by fm6 · · Score: 4, Informative
    Some programs though, refuse to run if thier spyware is missing.
    Not the clever ones. Gator just goes ahead and re-installs the spyware. Which is why I'm back to filling in my own forms.

    I'm actually pretty sloppy about privacy. But a lot of spyware -- including Gator's -- hooks into Explorer and other shell programs at a very basic level. Results range from an irritating loss of response to maddening crashes and lockups.

    AdAware is quite good. But you also need Ref-Update (to keep your AdAware signature file current) and Ad-Search (to help avoid downloading spyware in the first place). All three available here.

  8. A Website for SpyWare by VegeBrain · · Score: 2, Informative
    This website has an excellent information on SpyWare. It tells what SpyWare is, gives examples of SpyWare they've found so far and how to remove it manually. If you don't want to remove it manually there are linkts to commercial software to remove it.

    I used this website to kill several SpyWare programs on my Windows machine at work. So far they don't mention any SpyWare software for Linux.

  9. Label them as a VIRUS... by MadCow42 · · Score: 2

    I think that companies like Symantec and McAfee should include these types of programs in their Virus definitions, because after-all, they're a type of Trojan. This is the most logical way to rid the earth of these applications.

    At the very least, they should be identified to the user during a virus scan.

    Just because the user "agreed" to some insignificant and cryptic blurb in a 14-page EULA, it doesn't mean that this type of software is legitimate. I'd guess that less than 0.1% of users actually READ the EULA anyways. Some of the less legitimate ones don't even have an EULA or "spyware" clause.

    MadCow.

    --
    I used to have a sig, but I set it free and it never came back.
    1. Re:Label them as a VIRUS... by Firefly1 · · Score: 2, Informative

      Good call... in fact, the cexx.org folks say that this is already happening in some cases. To complement this, I would also suggest a campaign for concise and comprehensible EULAs that explicitly list any and all of these 'extras'. These 'extras' should, of course, then be readily and entirely uninstallable, and not a requisite for the functioning of whatever program the user has downloaded.

      --
      - White Knight of the Order of Mihoshi Enthusiasts
  10. Flood 'em by raju1kabir · · Score: 3, Insightful

    Someone needs to reverse-engineer the protocols used by these programs and start shoving gigabytes of bogus data down their throats.

    In short order they'll either cut your IP range off, in which case you've done a fine service for your ISP's fellow customers, or they'll start aggregating clearly bogus data which will decrease its marketability to their clients.

    Are they going to take you to court and say "Your honor, we were secretly spying on this person and he's started lying to us about what he was doing online..."?

    --
    "Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
  11. Re:Another fucking moron turns to "ask slashdot" by Yottabyte84 · · Score: 2

    There is certianlt adware for linux (opera)....