Slashdot Mirror
Spyware Masquerading as Spyware Removal Software
Cocooner writes "News.com is reporting that some of the anti-spyware/adware software out there is doing more harm than good by acting as double agents. One example is a software package named SpyBan (google cache since the original site has been removed), which happened to be hosted by download.com, accused of installing Look2Me, which monitors and reports web surfing habits. SpyBan was downloaded over 44000 times before it was pulled. How 'low' can they go?"
I wonder if I can get a patent on "Invention that does completely the opposite of what it claims to do"
So was it on Download.com after they started charging for hosting? Was this shareware or freeware? Geek minds want to know!
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
If you run a Windows system then I heartily recommend Spybot Seek & Destroy to keep it clean and immunized. Support the author too, donate a few bucks for good work.
not related in any way, just a satisfied user
Trolling is a art,
The problem here was this program claimed to be so amazingly user friendly that it was hard for anyone to turn down. I know a couple people that swore by it due to its ease of use. Granted that other solutions out there aren't difficult to use either, but we are talking about the masses of non-techies out there.
They should try to spend their time on programs that are more usefull, like those thingies that prevent your IP adress from being visible on the net, or keep your computer clock accurate....
10 ?"Hello World" life was simple then
Worst thing is that they have started advertising on TV as a virus removal/firewall package.
One user on my network install it, basically shut down all network connections. And loaded the computer full of crap.
Also known as eAnthology.
Spybot
Ad-Aware
There are others, but these pretty much have it covered i think.
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
I spend a large portion of my day using Altiris's Notification Server product to identify and remove spyware on computers at work. Believe me, this isn't new and there are *lots* of "spyware removal" apps that come bundled with spyware of their own--I see this crap every day.
Step 1: Format Hard Drive
Step 2: Turn Computer off
Step 3: Never use Computer Again
-Certified TechnoWeinie
Avantslash - View Slashdot cleanly on your mobile phone.
I think there is some really nice irony here. I'll get a good laugh out of it. What it really comes down to, to me, is that users blindly install things (ha, even anti-spyware/adware) and don't listen to what people say about it.
"Gator cursors?! Rad. I love little annoying cursors." Install spyware.
If people would be more informed about their computing habits, spyware would be avoided, as would viruses.
Adware, on the other hand, may have some legitamate uses. For example, Opera had a free version of it's browser that shows ads. AIM shows ads. Even Slashdot shows ads.
But if you don't like it, don't run it. Research is the key. It's time we stop letting people use computers until they understand HOW to use them.
This is similar to credit card scam that Bruce Schneier pointed out in his latest cryptogram. Fooling people into eating poison wrapped up as a remedy. Bastards.
New Credit Card Scam
This one is clever.
You receive a telephone call from someone purporting to be from your credit card company. They claim to be from something like the security and fraud department, and question you about a fake purchase for some amount close to $500.
When you say that the purchase wasn't yours, they tell you that they're tracking the fraudsters and that you will receive a credit. They tell you that the fraudsters are making fake purchases on cards for amounts just under $500, and that they're on the case.
They know your account number. They know your name and address. They continue to spin the story, and eventually get you to reveal the three extra numbers on the back of your card.
That's all they need. They then start charging your card for amounts just under $500. When you get your bill, you're unlikely to call the credit card company because you already know that they're on the case and that you'll receive a credit.
It's a really clever social engineering attack. They have to hit a lot of cards fast and then disappear, because otherwise they can be tracked, but I bet they've made a lot of money so far.
Free XBox, PS2
"How 'low' can they go?"
As low as they need to in order to make a buck.
Does this really suprise anyone? We've continuously seen spammers/telemarketers/advertisers/etc. sink lower and lower over the years as their tactics are countered. First there was telemarketing then the Telezapper gave us all a little hope that the incessant calls would stop. Then the telemarkters came up with a new tool that beat the telezapper. We responded with the Do Not Call Registry and now the telemarketers are suing on the basis of free speech. They will stop at nothing, not even the breaking the law, to make money.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.
and I'll say it again, Ad-Aware (www.lavasoftusa.com) is the only spyware removal program that's worth a damn.
Some of the others that I have seen/tried, are too zealous and end up removing bits that are *required* by proper programs, and end up wrecking things.
Ad-Aware, good as gold.
In addition, IIRC they offer a corporate-based version, much like Norton-Antivirus corporate, and that's a slick idea.
So rise up, all ye lost ones, as one, we'll claw the clouds.
I particularly like this bit of their page:
Need SpyBan?: Your computer and your privacy are at risk if you: - surf the internet more than 1 hour a week - share your computer with another person - make purchases online - use file-sha
hmm, that's me! sign me up! classic scamster stuff, sad that it got 44,000+ people.
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
Spam advertising anti-spam software
Viruses claiming to be security updates
SCO pretending to be a software company
although I agree with you on that, there needs to be a ton of changes when it comes to scanning for spyware before I'd recommend any AV app to get rid of spyware.
For example, We're forcing all the students on campus to install F-Secure. At this point I have had 300 of them call or bring in their PC because it keeps telling them their infected with a Virus. What is happening is that it detects one of the spyware files as a virus but leaves the rest of the spyware there. Then the Rest of the spyware happily reinstalles the file that F-secure Deleted, and Repeats the process over and over and over until adaware is run on it.
Until virus scanners get into the act of completely removing a spyware/adware infection (IE Scan the Registry and remove viral entries, Clean all traces of a known Virus, ETC) its not helping out much other then pestering the user until they run spybot on it.
In Soviet Russia, Trojan exploits YOU!
Most spyware is a result of the lax security of IE. Instead of installing anti-spyware programs (many of which are trojan horses for nasty malware), why not try a browser that doesn't allow the spyware on your system in the first place.
These are marketers. Was that a trick question?
If I were in a room with a lawyer and a marketer, and I only had one bullet... I'd kill myself.
.sigs are for post^Hers.
Yep! I've been praising SpyBot and recommending it to practically everyone running a PC on the Inet for months now. (As I said in a previous /. thread, I work doing on-site PC service, and this program, alone, cures more PC issues I run into than anything else we use.)
I'll tell you another little tip, though. If SpyBot already claims it's cleaned everything up, but your PC is *still* spontaneously generating pop-up ads on the screen, or running abnormally slow (perhaps you still see odd processes listed as running in the process list?), here's the way to fix it.
Run regedit, and search the entire registry for "run once". There are several "run once" registry keys, with plain old "run" keys directly above each of them. (You're mainly interested in what's in the "run" keys, but searching for "run" will find hundreds of things we're not interested in.) If they're starting up some kind of trojan horse or spyware/adware program on your Windows PC (and assuming it's not simply in the "Startup" program group!), they've got to be doing it in one of these "run" keys. Look for sneaky files in there with names like "windowsupdater.exe" (MS doesn't ever run a file by this name to do the real Windows updates), or just gibberish names like 0br003445l.exe and delete them from the "value" line of the "run" key. I've even seen files in there I wasn't sure about, until I looked in the folder under "Program Files" where it was running from; Then I saw a *documentation* file in the program's folder explaining that the utility was "designed to automatically present advertisements to the computer user at random intervals"!
The more paranoid out there will probably have more more [sic] packages in the loop, but this is definitely one instance where is doesn't do any harm to use multiple packages in parallel.
Oh, it's simpler than that.
Install the Spy-ware Remover. Remove the spy-ware. Remove the remover.
For the more paranoid^H^H^H^H^H less trusting, take a snap-shot of the system, consisting of a list of all files with md5sums for each.
As above, Install the remover, remove the spy-ware, remove the remover. In most cases the spyware will be stand-alone, except for crap like MS-Windows registry entries. Ensure that other than such system-wide repositories like that, after the removal of both spy-ware and spy-ware remover, than no files have been added to your system, and the md5sums of existing files haven't changed.
Finally, spy-ware is only a problem if it can transmit the information it gathers out of your system to its masters. Here MS-Windows users actually have an advantage over linux, because most MS-Windows firewalls can block both incoming and outgoing connections, and can block or allow specific applications using specific protocols on specific ports.
First, as a standard practice, block everything (I even block localhost to localhost connections), then allow only what you actually require (most MS-Windows firewalls allow you to do this interactively and some support single-time-only allowances, so it's not nearly the burden it seems to someone used to IP tables).
Then watch to see if the firewall reports that an application is making outbound connections. If one does, ask yourself why it needs to connect out, and whether you did something to initiate its connecting out.
The one Achilles's heel here is the multitude of applications that use HTTP connections for one thing or another, and the browser in general. To minimize (but not totally control) this, I route all browsers through two HTML transforming proxies, so many cookies and javascripts never even reach the browsers. Other applications get direct connections, but obly if they need them. My mail client, for example, does not need to connect to port 80 for any reason, so I never worry about web bugs in HTML mail. Browsers (well, the proxy at the end of the chain) can connect only to ports 80 and 8080, minimizing risks a little; connections to non-standard ports must be authorized interactively.
I highly recommend Kerio firewall, by the way; it's free as in beer and quite full-featured. Proxomitron is excellent for transforming HTML. Get an md5sum implementation, or better yet, get Cygwin and have a linux-like environment too.
Opinions on the Twiddler2 hand-held keyboard?
The FAQ from alt.privacy.spyware lists the more popular and trusted anti-spyware/anti-adware tools. Lots of good information and advice in that group.
Yes, I know the programs listed in the faq are a bit windows-centric. But guess which platform most posts on that newsgroup are about.
Please don't confuse "geek" with "nerd".
Your rant highlights the typical behaviors of a nerd.
A geek is very social. While a geek may have several traits of a nerd, they are not condescending or selfish. I know many geeks who have social lives. I know many nerds who do not.
I am a geek. I am not a nerd. There is a difference.
Not true at all. In fact, I couldn't care less about spyware transmitting information. When I start to care is when I get a call because someone's machine is malfunctioning.
I've seen numerous spyware hijack IE, replace the startup page, install IE extensions to randomly popup advertisements, change how DNS resolution works, etc. I've seen machines where it takes minutes to start up a browser.
I highly recommend Kerio firewall, by the way; it's free as in beer and quite full-featured.
Kerio is trivial to bypass if you bypass the winsock API and program directly to NDIS. I've done this as a demonstration only, but seeing how spyware is so pernicious, I bet you'll soon see spyware doing the same things.
Application-level firewalls are useless if the user has full access to the machine. If the user has the ability to bypass the firewall, a program can do so just as easily and there is no way in Windows to differentiate between messages coming from keyboard/mouse and messages coming from other applications. Similarly, these are useless if the user has the ability to choose whether a program is put in the firewall's "allowed applications" list, as a malicious program can simply fake the user input and put itself there; on the other hand, taking away this ability from the user is not something I'd like to do, as my users should be free to use Mozilla, Opera or any other browser they choose without going through me.
I think we're talking about different things: I'm not concerned about keeping spyware off of my personal workstations, as these machines never get spyware in the first place due to me being careful about what I run. What I care about is keeping employee machines spyware-free while at the same time allowing users to install their own applications without going through me.
Actually, the situation is exactly the same as with viruses: I don't worry about viruses on my personal machines, but I know my users aren't sophisticated enough to differentiate between an attachment called "file.doc" and "file.doc [fifty spaces] .exe", so I install antivirus software on their machines. Similarly, I know they're going to download and execute spyware, so I'd like some tool that runs in the background recognizing spyware and preventing it from running. The paid version of adaware does this, and I consider it a virus scanner that stops viruses written by questionably-legitimate companies instead of individuals.
So there is a place for anti-spyware tools: if you're a sophisticated user on your own machine, you can do without antispyware software, but if you're in a situation where antivirus software is warranted, antispyware software is also a good idea. I just wish McAfee would stop pandering to these spyware "companies" so we wouldn't have to get two site licenses for similar software.