Slashdot Mirror
Spyware Masquerading as Spyware Removal Software
Cocooner writes "News.com is reporting that some of the anti-spyware/adware software out there is doing more harm than good by acting as double agents. One example is a software package named SpyBan (google cache since the original site has been removed), which happened to be hosted by download.com, accused of installing Look2Me, which monitors and reports web surfing habits. SpyBan was downloaded over 44000 times before it was pulled. How 'low' can they go?"
So was it on Download.com after they started charging for hosting? Was this shareware or freeware? Geek minds want to know!
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
How low ? Don't go there ...
/. adverts...) On a commercial site, you've got about a 25% chance (empirical estimate) of getting a popup saying that XXX has been blocked...
I've got Spybot on my Windows box at work, and the number of times it triggers is just amazing (yes, even on
Simon
Physicists get Hadrons!
It is the people that would download and install these items that are the ones that would have originally downloaded the spyware.
I have a client that has to have me clean his computer every 3 months of spyware since he and his children click on the banners on websites.
It is time that websites stop showing banner ads for these types of websites. Afterall, if the uneducated people on the web only make it to portals and news sites, then it is unlikely they are going to find the spyware.
I fear that the best solution is integrating process management/API hooking into the OS to stop the ability to monitor computers.
BTW, Researching companies should take blame for helping buy the information the spyware companies produce. If there is no market, I am sure they would stop developing the software for their own entertainment.
I spend a large portion of my day using Altiris's Notification Server product to identify and remove spyware on computers at work. Believe me, this isn't new and there are *lots* of "spyware removal" apps that come bundled with spyware of their own--I see this crap every day.
Program authors who set up this kind of trojan horse (think about it, it is like a trojan horse), should be publicly flogged and hung from the gallows at dawn.
I have lost hours cleaning up spyware messes. It would totally piss me off to have the tool I use be spyware-infested. That's akin to using a vaccine that is full of contaminants.
Be excellent to each other. And... PARTY ON, DUDES!
I seriously wonder what other kind unknown spyware that are used to monitor us? I can even imagine information being collected and stored locally on the computer by various programs and that this information is later picked up and shared through a spyware program. Then spyware programs really only need to submit the information that has already been collected.
Has anyone any statistics on the cost to end users of spyware/trojans as compared to viruses? Yesterday I cleaned-up a Windows PC that was being used by a visitor to the company, ad-aware found something like 10 different trojans and spywares on it. Nothing worked anymore: MSIE always went to some advertising site, Mozilla died (was killed, actually), installing ad-aware took ages because one of the trojans was deliberately killing the install program...
My solution was to wipe the PC and stick on Xandros. But this is not feasible for everyone. So how much time and money do spywares actually cost, and is there no way these creeps can be persecuted for theft of computing resources or interference in operations? I know that the EU cybercrime laws prohibit at least some aspects of spyware (such as interference in normal system operations and interception of private communications).
Ceci n'est pas une signature
Maybe Dell was smarter than we gave them credit for a few months ago when they refused to recommend any one spyware removal product. Just imagine if they had and it turned out to be this debacle. Ouch. The PR would be horrid.
Ok, well WHOIS tells us that www.spyban.net was registered to NicTech Networks, Inc. Which is a 'desktop media' corporation based in Minneapolis, Minnesota. Site has a similar design to www.spyban.net, and they claim to 'offer highly-targeted online advertising solutions' with 'a reach of over ten million monthly Internet users'. Sounds right, and they are a domestic US company. I'm presuming something like SpyBan must break one or two laws? (At the very least deceptive advertising?)
although I agree with you on that, there needs to be a ton of changes when it comes to scanning for spyware before I'd recommend any AV app to get rid of spyware.
For example, We're forcing all the students on campus to install F-Secure. At this point I have had 300 of them call or bring in their PC because it keeps telling them their infected with a Virus. What is happening is that it detects one of the spyware files as a virus but leaves the rest of the spyware there. Then the Rest of the spyware happily reinstalles the file that F-secure Deleted, and Repeats the process over and over and over until adaware is run on it.
Until virus scanners get into the act of completely removing a spyware/adware infection (IE Scan the Registry and remove viral entries, Clean all traces of a known Virus, ETC) its not helping out much other then pestering the user until they run spybot on it.
In Soviet Russia, Trojan exploits YOU!
Remove spyware which log stuff for other businesses while installing your own. Business-wise very good move, granted you have no ethics and are morally bankrupt. Kind of like McAfee AV marking Symantec products are virusses and then installing trail versions of it's own competeting software.
Hate me!
No offense, but I think you've got it all wrong.
Ever wondered why there are laws and courts of law out there? Because the "ha ha, if you're not informed, it sucks to be you" approach just doesn't work.
You're no less than asking that everyone spends inordinate hours of their life doing research about every single piece of software. Maybe for you it's fun. For most of the rest of the world it isn't.
And even if you enjoy that for software... how about imagining a world where some other product might be affected. Would you like to check every single pencil or roll of toilet paper or disposable razor blade for hidden spyware equipment? It's exactly the non-computer equivalent of spyware: something which masquerades as a useful everyday item, but which in reality exists only to rape your privacy.
Would you even have time to do that? Would you enjoy doing that? Would you actually learn everything about mechanical watches just to be able to tell if there's a little extra in your watch? What about your new cell phone? How do you know it's not transmitting a little extra to a third party? Etc.
If you didn't answer a wholehearted "Yes!" to each of the above, well, then you probably get my drift. Just as you probably have better stuff to do than becoming an expert in mechanical watches, other people have better stuff to do than to become an expert in computers.
Either way, multiplied by the number of computer users, the "so get informed" solution would mean tens or hundreds of billions of hours wasted per year. A murderer can be sentenced to death for, basically, shortening someone's life by 20-30 years. This "so inform yourself" solution ammounts in the long run to stealing years off everyone's life.
There has to be a better solution than that.
A polar bear is a cartesian bear after a coordinate transform.
...got bit by this. She paid something like $30 for a piece of software called spyware nuker. She coplained of pop-ups and general slowness so I took a look around and found out about the questionable activities of this program. Apparently it loads its own pop-ups.
She finally caved in and allowed me to install Linux on her PC, thankfully!
I converted my 70 year old grandmother to Linux last year and she loves it...hopefully my mom will stick with it as I usually have to remove viruses and trojans once every couple months.
======== In the future, everything will be artificial. ========
That was my exerience. I have been a faithful Spybot fan, and I figured what the heck, so I gave Ad-aware, and it picked up a program that happened to find its way on my machine.
I'll tell you what needs to happen -- is Congress needs to crack down on those pages that try to force you to install a program, aka viewer, in order to look at the web page. I have made quite a bit of money cleaning such things from people who got dupped into downloading and installing programs because it was the only choice they were faced with. The other day I visited a seemingly innocent site and it would not let me close the browser, so I had to CTL-ALT-DEL and then end the task. Spammers and spy/ad-ware people are destined for the same eternal destination.
The views expressed are mine own and do not express the views of my employer.
While what you said was a joke, it made me think of something that might be a good idea.
How about we (geeks, slashdotters, etc) start pattenting all the evil ideas we can come up with? Think if we had the pattents to algorithms used in worms and viruses, or in spyware, etc. Of course, I don't mean we build anything with these evil ideas, but then we could sue the pants off anyone who did.
I know a guy at Microsoft who says they have people to develop worm/virus algorithms just so if someone ever uses it, they can take them down atleast financially, if not legally.
no comment
Although both packages ARE clean (I use both) there is a potential problem using both at the same time.
Adaware by default "quarantines" any dodgy stuff it finds, rather than immeadiately deleting them. These are stored away so that they dont cause harm. you can delete the quarantined items, or restore them. This just gives a usefull way to undo changes, incase something stops working.
Spybot S&D may find these quarantined objects and flag them as spybots, when in fact they are safely "immobilised" by Adaware.
SO make it a point of deleting the quarantined objects.
Otherwise both programmes are very good.. and i woudl consider donating to the Maker of SpybotS&D, or purchasing the pro version of adaware, just to support them.
Unlike creating normal software, the authors ARE playing a race with the creaters of spyware, and the cash would do a lot of good.
Have a nice day!
At this office we have several machines with Norton AV pre-installed, what a pain in the ass! I wonder if just letting virii run amock through the office would be less annoying than dealing with Norton's constant nagging for attention. Every-frickin-day at least several times a day a Norton dialog pops up out of nowhere on your screen while you are trying work, simply to remind you of the number of days left in your Norton subscription and do you want to renew now? ... and of course the only two buttons you can click to make the dialog go away are a classic Hobson's choice: "yes, I have my credit ready so please take take more money from me now" or "remind me later, like say in an hour or two when I get even busier" ... then later an complete full-cavity virus scan starts up unannounced no matter how busy your machine is ... and of course the constant demand for you to ineract with Norton
while virus updates are being downloaded and then after updates are downloaded it of course will say "click OK now to reboot" not even giving you the option to reboot later.
Now of course if I'd bother to RTFM and spend my time reconfiguring Norton I suppose I could figure out how to make it less annoying, and then take up more of my time doing the same to every machine in the office... but I was just wondering if the people working for Norton might consider making their products less godamn annoying then the virii they aspire to prevent.
Ashcroft has this, Ashcroft has that...it took congress and various state governments to bring much of what you claim to fruition. Don't focus on Ashcroft. If you hate him, hate him only for what he's done. There are more individuals involved in what you claim than you would have us believe, and those include your elected officials. Don't like 'em? Vote 'em out next time.
Also, according to the 60 Minutes II report, Canadian intelligence officials knew and approved of Arar's deportation to Syria. So, all they had was a foreign national that they didn't want, BUT when they asked Canadian officials if they wanted him back the Canadian officials said "naaah, send him back to Syria, we don't want him." Now who's at fault in this case? The worst part is that Arar's American lawyers are using him as a puppet in a case he has no chance to win in order to propagate their political cause when in reality Arar should be suing the Canadian government.
At least your reporters don't get their homes raided for reporting the news. I don't know of a single case where a US reporter has had their source of information seized by the police and potentially face criminal charges for what they said.