Slashdot Mirror
Which Adware and Spyware are the Most Insidious?
the_dreadnought asks: "I was just asked today which adware and spyware are the most insidious by an acquaintance. He asked me if this stuff was really legal, or was it just not important enough for law enforcement to deal with? I know the porn stuff (not from experience,,,ok, from experience) that dials out to foreign countries is one of the more extreme examples, and Gator is well known, but if Slashdot readers could describe what adware and spyware they think is the sneakiest I would appreciate it. Also, any thoughts on whether some of this stuff is even legal, as it is almost certainly not ethical."
And the fun part is, if you (or the user) uncheck the New.Net software in MSCONFIG, it doesn't just stop New.Net from working... They simply stop being able to use the internet. At all. So then we have to pray that their version of New.Net has a working uninstaller, or we have to go through a huge manual uninstall that involves removing multiple registry keys. BTW, if anyone here gets this or other spyware that is difficult to remove, try using a program called HijackThis and "Fix" anything that looks out of the ordinary (use common sense... don't delete everything).
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
I'm sure there aren't many people who agree with me, but I personally consider RealOne to be spyware. It's intrusive and has lots of 'features' that are extremely difficult to turn off if you can turn them off at all, and it installs things without telling you. (For example, its 'message center' in the system tray that tells you to Buy RealNetworks Products(tm)(r)!0
Other than that, I don't really run into spyware much, but I find gator and its kin to be the most intrusive and common on the web.
using namespace slashdot;
troll::post();
Should the purveyors of operating systems be prosecuted for allowing software to run on their loyal customers computers, without their knowledge or permission. I have never read a Microsoft EULA in it's entirety, does it mention that this is part of the agreement?
gets my vote. Not only does it report your media files, but also any other apps you're running!
/me adjusts tinfoil hat...
One program that really annoys me is hotbar. The main reason so, it adjusts your MS Outlook settings all the time turning off using Word as your HTML editor. It also requires about 2 hours to remove the stupid program.
You remove it using AdAware and it will remove it for that user profile. Then login as another user it will actually install itself again. I logged on as each user to remove it and finally managed to get rid of it, so I thought. It has now appeared back and I know it wasnt the (l)users installing it again since I gave them a lecture about adware and installing crap on machines that I am in charge of.
If a program comes with a valid uninstall feature then I can tolerate it. When its a program thats a biatch to get rid of and keeps coming back I get really ticked off.
(\(\
(^.^)
(")")
*This is the cute bunny virus, please copy this into your sig so it can spread
DEAR GOD! My stomach turns every time that name is mentioned. I worked as a CSR at a local ISP for a year or so, and every time Xupiter was mentioned, nearly all of the employees within earshot would mutter, "Aw, jeez" or something else to that effect.
On another note, I think that Gamespot's download manager, Kontiki, is kind of sneaky.. at least sneaky in the fact that I thought it was just another humble download manager. Then again, why would anyone want you to have their download manager unless they were spying on you?
Stupid me. Oh well... thank god for Ad-aware.
Insert clever one liner here.
How about Dell's SupportLink, which (and I have the TCPdumps to prove this) broadcasts your system's S/N, your MS Windows S/N, and several other tantalyzing bits of data back to Dell every 30 minutes or so?
Mind you, I love my Dell, but this pissed me off.
Jouster
when I worked at v!v!d V1deo, the boss loved the idea of the sneaky pr0n dialers the submitter talked about. (You click on a link that says "Free hot videos!" or whatever, and you get an active-x control which then downloads and installs a windows component and puts the icon on your desktop. Then when you doubleclick that, it actually hangs up your modem and dials out to a foreign country that has INSANE rates, several dollars a minute. Your phone bill can reach into the hundreds very quickly, and the phone company doesn't give a crap, you gotta pay if you want to keep using your phone!)
Of course old steve's house is probably burning down today, as the simi valley fire has spread into the hills above chattsworth.
Endorsing pr0n dialers will lead to your house burning down. QED.
I don't use RealPlayer at all. If for some reason a website offers only RealPlayer videos I just do without. not a big deal for me. much more annoying, as you say, to remove the tentacles of Real after you've installed their "free" player.
-sweatyb
It breaks my pluginses, my precious!
I don't know the name of the specific spyware, but one of my clients had spyware that would have two processes running at a time. If you terminated one of the processes, a new one would pop up, probably created by the other one. The process names were also random characters, meaning you couldn't just stop certain processes from startup. I did end up using WinPatrol, which is a lifesaver. It's able to look at services, processes, and startup items. It gives more information than just the names and is useful is stopping active processes and startup items.
Weatherbug generates massive amounts of fragmented TCP traffic, frustrating Intrusion Detection Sensor administrators everywhere.
I didn't think that spyware existed on MacOS X, but... my girlfriend came home from school last winter with something really odd. Internet Explorer would, no matter your user preferences, always go to a certain internet shopping site as a homepage. And would give you a barrage of popups constantly. I forget what shopping site, and back then I only had inbound firewalling, so I had no logs to check.
No toolbars installed. No plugins. I created a new user account for her, and that worked, so apparently it hadn't messed with the internals of the Internet Explorer.app (which seems like a vector they'll soon exploit). Crappy, though.
There are no trails. There are no trees out here.
See The CoolWebSearch Chronicles The story of a thousand hijacks.
Quote:
The difficulty of removing CWS from a user's system has grown from slightly tricky in the first variant to virtually impossible for the latest few. Some of the variants even used methods of hiding and running themselves that had never been used before in any other spyware strains. End Quote.
15 variants so far....
Envy my 5 digit Slashdot User ID!
More and more applications are becoming intrusive, software such as Winamp, Windows Media Player and Kaaza all having annoying dialog boxes which popup each time you run them if they detect a newer version which you haven't yet downloaded. MSN actually refused to do anything until I upgraded it.
A large number of applications now have an online registration feature, they dont force you to do the registration, but they will bug the hell out of you if you choose not to.
Applications such as RealPlayer try and sign you up to email based newsletters(spam), why should I have to give my details (email address, home address and hobbies for example) to a company in exchange for using their software?
There seems to be a gradual increase in the invasiveness of software, currently most of these 'features' are still optional, but I dont think it will be long before many software companies start making things like software updates, online registration and having a valid email address mandatory.
Some of it's not even broken ethically - if all they're doing with it is deciding which ads to show you, rather than tracking your every move online, especially if they didn't collect personal information about you, and if they didn't lie to you about what they were doing, and if they have a privacy policy that actually reflects what they're doing, that's ok. Not necessarily something you want to run, but ok. Some particular examples are the adware versions of Eudora and Opera.
European data collection laws may have terms that popular spyware violates, but usually the spyware companies aren't based in Europe so there's no legal jurisdiction. The data collection laws themselves are often effectively spyware - in return for "protecting" you, they're also subjecting you to possible audits of your machines because you *might* have personal information about other people on your computer or your PDA or your cell phone. (Sure, they mostly pretend they wouldn't do that to regular citizens, only businesses, but it's pretty much a selective enforcement thing. And you are registering all your computers with the data protection bureau, aren't you?) But at least it doesn't slow your machine down when they're not auditing you.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I need help with Gator! One of my clients is hooked on it - it has, literally, hundreds of his passwords for god knows what websites, and he can't function without it. I know you can export and import the password file (as I had to do when I rebuilt his PC, god it pained me to install gator on a PC) but is there any way to extract the URL/Login/Password combinations? I spent a little time looking on Google but found nothing. Any help is welcome.
closed minded is as closed minded does
On my laptop the dns for google seems to have been overwritten. Don't know what did it, but it always redirects me to this other search engine (forgot what its name is already). I've tried resetting the DNS tables with no luck. Now, whnever I want to use google, I have to just type in the IP address. I haven't been able to fix the problem - if anyone else has come across this, I'd really appreciate it if you could post how to fix the problem.
The most insidious are the ones we don't even know about.
Mod parent up MORE!
Ding ding ding!!!
Why has AIDS killed more people than Ebola? Because it takes long enough to kill the host that many more hosts can be infected. You'd be lucky if you make it to the airport once you contract ebola, let alone fly to the States and bleed out on a Manhattan subway platform at rush hour.
We keep hearing about how horrible Blaster/SoBig/CodeRed &c &c are, but wait until the worm that's been in the wild for a year, spreading slowly & carefully so as to not alarm intrusion detection wakes up on some very large portion of Windows boxes.
Someone mentioned Magic Lantern, but even though it might not be conventionally detectable, at least the source is sort of known. It's the people clever enough not to brag, even to their spouse/sibling/friend, and to keep the conspiracy small that are more dangerous. (I just self-selected out of this group)
How many times have you loosened up a firewall's rules because it was interfering with something you were trying to do, then not tightened back up when you were done? If a worm knocked at your door once a month instead of 100 times per second, do you think you'd notice?
Yeah, I've been reading too much Brunner.
We had a worm that exploited the RPC hole running around work. We have a good firewall, so no one's ever directly compromised one of the unsecured machines inside (e.g. CVS pserver running with cleartext user list and no passwords) and Lotus Notes, though mostly execreble hasn't brought a worm inside (thanks, I think, to server-side virus checkers). However, people check their personal email accounts with Outlook. That gets a worm inside that spreads around to unpatched win2k boxes (all of 'em).
IT's response was to update virus checker definitions and run full scans more often. Kills the worm, but it's back an hour later. The only way to kill such a worm without patching the machines (which they finally did) is to turn off the switch and clean every machine.
I'm a end user admin on a small (300 machines ) network where both IE5 and Netscape4 are available ( and nothing else ) on WinNT4. I'm constantly fighting against end users that install spy/adware. I'm losing the battle and re-imaging machines on a daily basis... I'm looking for tips on reducing downtime due to this junk being installed. Any tips would be appreciated.
Yes! Nasty little purple bastard. I informed one of our directors that it was a pest when I saw it on his home computer and he just said to leave it on there because "his kid likes it"... scary social engineering...
Basicly, any time a program wants to do something like put something in startup or modify winsock settings or stick files in windows system folder or modify the hosts file or dns settings or things like that, windows should come up with a nicely worded warning about why clicking "yes" is a bad idea.
Also, it should log all these actions so that for example, you can see which programs installed what settings (so you know what to remove)
And it should have something that allows sysadmins to turn off these things completly (just like how its possible to turn off control panel and other system things)
That way, when some idiot wants to install kazza, the system detects that kazza wants to install "privacyviolatingspyware.exe" to c:\windows\system\importantmsfile.exe" and add it to startup and denies the request.
What should be done when the request is deined (either because its completly switched off or because the user clicked "no") is that it should return for file i/o calls "cant open file" and for registry calls whatever the appropriate error is.
Or better yet, pretend to write to the registry or the file but dont actually do it.
As a service tech I see New.Net, Xupiter, Gator, and Savenow all the time, but I didn't see Marketscore in there anywhere. It proxies your connection through one of Marketscore's own servers - I'm sure its for better service not actually spying on your content ... Whatever. Sometimes MArketscore adds 2 minutes (yes minutes) to a boot time and all your info is router through through their insecure proxy server. Total garbage. It wreaks havok on our customers since our email servers will not allow email to be sent from outside our domain, so any customers that have it on their home systems and try to send email get errors. The customers I talk to have no idea how it got there or why its running. Worst part is they don't understand how software doesn't show up in their add/remove programs section while running as a background process. It requires a command line uninstall process which is a bit elusive and makes many customers squirm.
Recently TVT Media has made it onto my $#!T list - go through the uninstall process and it reports that it is gone but a reboot proves otherwise. In fact, if you remove the keys and then run the uninstaller and go back into the registry all the keys are regenerated. We'll see how much more press that kind of crap will get.
Memory Blaster seems to be another growing problem on the horizon too, but its still pretty fresh to say how bad that one will be.
In all truth new.net and Xuptier are probably the worst since they have a tendancy to destroy the winsock portion of the TCP/IP stack and take people offline when DNS queries are returned unresolved. Nice products: NOT.
"Quando Omni Flunkus Moritati" -- Red Green
They had morphed since being written about even 2 weeks before(of course I googled), and combined took me 4 hours to eliminate off of a client's Win98 PC. They used every dirty trick in the book to hide and re-install themselves: hidden startup files that rename randomly at each reboot, multiple startup locations, redundancy by installing themselves disguised as several different innocuous sounding programs, including maxmem, maxspeed, ie driver, ie update, People On Page, and more. I finally had to resort to verifying the legitimacy of every single program that was installed, and then manually scan the registry for references to all of the bad stuff. Oh, and by the way, this was after running adaware with the latest updates! (Which I still of course highly recommend, it was just behind on this one.) This stuff used every underhanded trick in the book to keep from being uninstalled. Combined these were far "stickier" than even the worst viruses I have dealt with.
While this software may have been legal, it's methods IMHO should definitely NOT be. I would jump at the chance to join the butt kicking posse going after the sleaze/parasite/spy-ware vermin!
"It's scum like this in my industry that lead to my handle"
Not quite, the number reported depends on the political agenda of the reporter. The actual percentage depends on biological, and social factors, and the precise meaning of gay.
Case in point, while the ancient Spartans took male lovers, were they gay? Careful how you answer that, Leonidas is standing next to you with a (sharp) spear. They certainly would have killed someone who is effete. Useless in war you know.
Australia has National Privacy Principals which among other things forces companies that gross 3mil plus PA to inform users that data is being colledted and stored and for what purpose. it also must allow a person access to any data that is stored about them.
There is also a bill in parliment that will do more and will have hefty penalties.
I dont know exactly what XP sends to microsoft, other than SN details but the average user trusts MS and for the moeny they pay for a license they should be able to.