Slashdot Mirror

← Back to Stories (view on slashdot.org)

Which Adware and Spyware are the Most Insidious?

Posted by Cliff on from the sneaking-on-to-a-machine-near-you dept.

the_dreadnought asks: "I was just asked today which adware and spyware are the most insidious by an acquaintance. He asked me if this stuff was really legal, or was it just not important enough for law enforcement to deal with? I know the porn stuff (not from experience,,,ok, from experience) that dials out to foreign countries is one of the more extreme examples, and Gator is well known, but if Slashdot readers could describe what adware and spyware they think is the sneakiest I would appreciate it. Also, any thoughts on whether some of this stuff is even legal, as it is almost certainly not ethical."

19 of 840 comments (clear)

  1. New.Net by TheSpoom · · Score: 5, Interesting
    I do tech support, and one of the worst things I've seen is a piece of software called New.Net. While not technically spyware (though that's arguable), it actually overwrites parts of the user's TCP/IP stack so that any time they access the internet (not just their browser), it gets pushed through the (usually fairly buggy) New.Net DLLs.

    And the fun part is, if you (or the user) uncheck the New.Net software in MSCONFIG, it doesn't just stop New.Net from working... They simply stop being able to use the internet. At all. So then we have to pray that their version of New.Net has a working uninstaller, or we have to go through a huge manual uninstall that involves removing multiple registry keys. BTW, if anyone here gets this or other spyware that is difficult to remove, try using a program called HijackThis and "Fix" anything that looks out of the ordinary (use common sense... don't delete everything).

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
    1. Re:New.Net by shawnywany · · Score: 5, Informative

      I agree, that HijackThis program did wonders for my parents' messed up computer. Not only did the search page mysteriously get changed after every reboot, we had the misfortune of answering questions from my little sister about the porn popups the BHO caused when she accessed Neopets. However, one or two clicks with HijackThis and all was right again. Adaware and S&D don't catch everything, looks like I had to add ANOTHER program to my arsenal.

    2. Re:New.Net by caseih · · Score: 5, Informative

      The easiest way to delete New.Net is to do the following:
      1. remove it using "Add/remove" programs
      2. if still not working, remove the WinSock and WinSock2 registry keys from CurrentControlSet
      3. Go to network settings on win98 or on 2000/XP, just go into the properties of your network connection and if possible, remove tcp/ip. On XP this is impossible, so ignore this step
      4. Add new service. If you're not on XP, just reinstall tcp/ip. On XP, select "have disk" and point it at C:\windows\inf. Then select tcp/ip and install it
      5. clean up any newdotnet files lying around.
      6. Join a class-action lawsuit against the company that makes this piece of crapware.

      Be aware that these steps can cause problems with programs like cyber-sitter or firewalling programs that modify the networking stack. Do this at your own risk.

      This is very prolific. I've cleaned it on on laptop twice! I have a supsicion the user is downloading crap all the time, but I do wonder in what form it come in.

      Michael

    3. Re:New.Net by Anonymous Coward · · Score: 5, Informative

      Or you can just reset Windows XP's TCP/IP stack

      from command prompt:

      netsh [enter]
      int ip [enter]
      reset [enter]

      then reboot

    4. Re:New.Net by TaoJones · · Score: 5, Funny
      The easiest way to delete New.Net is to do the following:
      1. remove it using "Add/remove" programs
      2. if still not working, remove the WinSock and WinSock2 registry keys from CurrentControlSet


      This is the "easiest" way? Slow down there Turbo... Now, over the phone, YOU try to talk my mother through this "easy" way. Believe me, I'll Make Money Fast selling you a couple of Valium when (and if) you ever get the job done ;)

      --
      "Fear is the rootkit of democracy.." Blarkon
  2. RealOne by JanusFury · · Score: 5, Interesting

    I'm sure there aren't many people who agree with me, but I personally consider RealOne to be spyware. It's intrusive and has lots of 'features' that are extremely difficult to turn off if you can turn them off at all, and it installs things without telling you. (For example, its 'message center' in the system tray that tells you to Buy RealNetworks Products(tm)(r)!0

    Other than that, I don't really run into spyware much, but I find gator and its kin to be the most intrusive and common on the web.

    --
    using namespace slashdot;
    troll::post();
    1. Re:RealOne by CaptBubba · · Score: 5, Informative
      "unfortuantly there is no other player which plays their media"

      There is Real Alternative. I'm not sure how legal it is, but it plays the files and I don't have to install the RealOne crap. Until I found it I simply didn't use any sites that relied upon realplayer files. I was so happy when Amazon.com added WMP samples.

  3. One word...GATOR by bluethundr · · Score: 5, Insightful



    Without any doubt in my mind, the most evil form of spyware I am personally aware of is the infamous insidious Gator. Booo, hisss!!!! I am sure there are others, but I'm sure of this: there is a special place in hell for these folks.

    --
    Quod scripsi, scripsi.
  4. Windows Spyware Removal by Davak · · Score: 5, Informative

    Here are the removal programs...
    Spybot
    Adware

    However, this begs the more interesting questions....

    Is there *nix spyware?
    Why not?

    Davak

  5. Lop.com by DJ+Rubbie · · Score: 5, Informative

    Lop is by far the worse one ever... recently I convinced my cousin to switch over to Mozilla Firebird, but this article (http://www.spywareinfo.com/articles/lop/) suggested that Mozilla isn't 100% safe, but is much easier to cure than hacking the registry (apparently it's just one line in the user_prefs). One sources said that it changes 47 registry keys... I also found that it randomly mutates into new filenames (actually it downloads newer versions), making it much harder for programs like Adaware to hunt it down.

    Also, Lop disguises itself as a mp3 search toolbar. It also comes with newer versions of MSN Plus.

    One more thing, some people are willing to profit from lop uninstaller, such as this one - http://www.onlinepcfix.com/spyware/Lop.htm - it contains some more information related to lop.

    --
    Please direct all bug reports to /dev/null
  6. hotbar by a.koepke · · Score: 5, Interesting

    One program that really annoys me is hotbar. The main reason so, it adjusts your MS Outlook settings all the time turning off using Word as your HTML editor. It also requires about 2 hours to remove the stupid program.

    You remove it using AdAware and it will remove it for that user profile. Then login as another user it will actually install itself again. I logged on as each user to remove it and finally managed to get rid of it, so I thought. It has now appeared back and I know it wasnt the (l)users installing it again since I gave them a lecture about adware and installing crap on machines that I am in charge of.

    If a program comes with a valid uninstall feature then I can tolerate it. When its a program thats a biatch to get rid of and keeps coming back I get really ticked off.

    --


    (\(\
    (^.^)
    (")")
    *This is the cute bunny virus, please copy this into your sig so it can spread
  7. a musical analogy by Savatte · · Score: 5, Funny

    which Creed album is the worst?

  8. Pre-Installed Dell Software by Jouster · · Score: 5, Interesting

    How about Dell's SupportLink, which (and I have the TCPdumps to prove this) broadcasts your system's S/N, your MS Windows S/N, and several other tantalyzing bits of data back to Dell every 30 minutes or so?

    Mind you, I love my Dell, but this pissed me off.

    Jouster

  9. Business plan by Chuck+Chunder · · Score: 5, Funny

    1. Ask Slashdot what sort of spyware is the worst. 2. Make this sort of spyware. 3. Profit!

    --
    Boffoonery - downloadable Comedy Benefit for Bletchley Park
  10. I'll never know the name. by Elwood+P+Dowd · · Score: 5, Interesting

    I didn't think that spyware existed on MacOS X, but... my girlfriend came home from school last winter with something really odd. Internet Explorer would, no matter your user preferences, always go to a certain internet shopping site as a homepage. And would give you a barrage of popups constantly. I forget what shopping site, and back then I only had inbound firewalling, so I had no logs to check.

    No toolbars installed. No plugins. I created a new user account for her, and that worked, so apparently it hadn't messed with the internals of the Internet Explorer.app (which seems like a vector they'll soon exploit). Crappy, though.

    --

    There are no trails. There are no trees out here.
  11. Obviously by lurker412 · · Score: 5, Insightful

    The most insidious are the ones we don't even know about.

  12. Shocking disrepect for consumer choice by StefanJ · · Score: 5, Funny
    You should be ashamed, ashamed!

    All these companies want to do is let you know about exciting new products and services that could entertain you, improve your life, and lengthen you genitalia.

    Shutting out these innovators . . . well, it smacks of Communism, doesn't it? First TiVO, screening out the ads that broadcasters, our public servants, need to survive. Now this ungrateful attack on champions entreneurship and freedom of choice. Just a bunch of surly, consumer-choice hating Reds is what you all are.

    I'm going to tell John Ashcroft what you've been up to so these SpyBot removers can be banned!

    Stefan "scared to hell that someone out there might actually be thinking like this" Jones

  13. Mostly Ethics, Seldom Legality by billstewart · · Score: 5, Interesting
    Most of this software, while some of it is Ethically Challenged, doesn't have legal problems, at least in the US. The stuff claims to be free or cheap, and usually tells you that you'll get advertising, and even though it doesn't always tell you how much data it's collecting, it's usually not breaking any laws by doing it. Even the annoying features like popups or making your machine dog-slow aren't illegal, they're just misfeatures. Often you even have to press a "Pretended to read the fine print of the license" button for it to install.

    Some of it's not even broken ethically - if all they're doing with it is deciding which ads to show you, rather than tracking your every move online, especially if they didn't collect personal information about you, and if they didn't lie to you about what they were doing, and if they have a privacy policy that actually reflects what they're doing, that's ok. Not necessarily something you want to run, but ok. Some particular examples are the adware versions of Eudora and Opera.

    European data collection laws may have terms that popular spyware violates, but usually the spyware companies aren't based in Europe so there's no legal jurisdiction. The data collection laws themselves are often effectively spyware - in return for "protecting" you, they're also subjecting you to possible audits of your machines because you *might* have personal information about other people on your computer or your PDA or your cell phone. (Sure, they mostly pretend they wouldn't do that to regular citizens, only businesses, but it's pretty much a selective enforcement thing. And you are registering all your computers with the data protection bureau, aren't you?) But at least it doesn't slow your machine down when they're not auditing you.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  14. How to stop it on XP and above by friday2k · · Score: 5, Informative

    In Windows XP there is a feature called Software Restriction Policies (SRP, see here). This feature allows you to deny software to run based on Certificates (and Path, and Hash, and Zone for MSI). Since all the Spyware installers use signed Active-X "drive-by" installers this is an effective way to kill them. This, however, is an arms race. You need to collect the certs you want to invalidate first (upon first encounter of a spyware safe their cert into a file and disallow it). You can find the feature in Control Panel->Administrative Tools->Local Security Policy. Have fun!