Slashdot Mirror
Spyware on One in Twenty Computers?
SpaceDonkey writes "New Scientist reports that researchers at the University of Washington carried out a scan of the campus network for signs of spyware. They found spyware lurking on more than one in 20 machines and also discovered a serious vulnerability in two of the four spyware programs they looked for."
The flaw that they detected was undoubtedly that the spyware could be detected. Duh.
Lots of petrified grits
Probably more like 20 in 21
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
But isn't the spyware in and of itself the vulnerability?
Damn, people need to get tough on this shit.
I'm amazing. You aren't. SUCK IT
Isn't that supposed to be 1 in 20 WITHOUT spyware?
[sig] 10 + 10 = 100 [/sig]
If i scanned all the machines at my school the computer center would shut off my internet
Snowden and Manning are heroes.
From my own personal experience with family members, I'd say that number should be much higher.
Joe User just does not know and/or just don't care what happens inside their computer.
A few un-ethical, a few security holes and there you have it.
Scientia est Potentia
LOL! That's an understatement. I see spyware on everyone's computer
Calling atheism and agnosticism a religion is like calling bald a hair color.
Download yourself a free copy of Ad-Aware from here. I ran it on my computer the other day and it found 22 infected files, that it cleaned up for me :)
Comment removed based on user account deletion
I think someone has a spyware detector that is not detecting some of the spyware...
No mention of the computer OS or archs.
Nice.
I don't what their definition of spyware is, but I'd be amazed if it was fewer than one in three.
I would have guessed one in two.
I'm a tech for a medium sized publishing company, and I find that the first thing I do when I get complaints of slowness and random unexplained crashes is to run spybot. In roughly half of the systems I check, I can find some kind of spyware.
So the same people who make the world's most vulnerable OS must also be making these vulnerable spywares eh?
Even if I knew that tomorrow the world would go to pieces, I would still plant my apple tree. -Martin Luther
Going by my former help desk experience at a college, and by experience with friends and families computers I'd expect three in twenty would be more accurate.
Though I tell people when I fix their computers from spyware, that I will do it once, put Spybot on their computers, along with Mozilla Phoe^H^H Fireb^H^H Firefox on their computers.
If they get more spyware from using IE over Firefox, then I'll charge them to take it out next time.
If that really is an accurate figure, then things are really improving. I, for one, hope so.
"I may not have morals, but I have standards."
Most spyware remains undetected because it makes copies and backups of itself that are near to invisible. Although spyware is easily visible on 1 in 20, it is probably present in some form on almost every computer with an internet connection.
------- "A true friend stabs you in the front." -Eliot
In a totally unrelated story, it appears that at least 4 out of every 50 computer users surveyed have had an encounter with "spam" emails in the last two years.
Stay tuned for the next ground-breaking story about the near 100% mortality rate suffered by humans and animals exposed to di-hydrogen monoxide!
Any generalization is a stupid one.
We here at Spyware Inc are deeply troubled that
nearly 95% of all computers DON'T have Spyware!
To help capture a greater market, our newest
service will automatically install Perl(tm) spyware on any host posting to Slashdot, and even make it open source
We think OSS spyware is the future!
(Yes... this IS a joke)
AntiFA: An abbreviation for Anti First Amendment.
"discovered a serious vulnerability"
GPL SPYWARE NOW! Many eyes make bugs shallow!
The IT dept all major universities usually re-ghost the machines every 2 week, if not every week. Spyware is not the only problem on computers at university campuses. There are other serious issues (keystroke capture, homework assignment theft etc) that force the IT dept to re-ghost the machines.
Consensus is good, but informed dictatorship is better
Cookies are spyware.
Dont accept cookies. Ever.
That is all.
I'm sorry, but that number is way too low.... I'm in a bit of a hospital/nursing town, and I'd say that at least half of the nurses-in-training I know have experimented with Kazaa and other music piracy services, and are usually loaded down with 5 to 10 bad (at least gator-level) spyware installs.
The only thing that has infected that "community" around here worse would be smoking habits.
They only scanned for four spyware programs. I would say over half of all Windows machines connected to the Internet are infected. The other half that aren't infected are people who know how to avoid being infected, or don't surf the web. If they would have scanned for every spyware program included with Spybot instead of just those four, they would have come up with a much higher number.
Discovering "serious" problems in 2 of 4 programs that quickly sounds high.
But I would have thought the 1 in 20 figure would be higher. I would have guessed from 10%-20% at least instead of teh 5% they got.
I guess not running windows distorts how bad it is for you. I gave up on that platform a few years back and have been happy and spyware free with Debian since.
As a fiel technician working for a University, i run into a lot of machines. When i did ResNet work about 85% of the computers would be fixxd and on the network after i ran SpyBot or AdAware (i prefer spybot). And on the normal faculty machines about 50% have some type of serious spyware problem. This number quoted in the rticle is way too low.
-Psy
You can't extrapolate from a University network to the general community. Half the computers out there are in businesses, and most don't run any software not installed by the business. Oh, and if the spyware can be detected by scanning, it can be blocked by a firewall. Want to bet most competent IT departments have already configured their firewalls to do this? So really this is only a problem for naive home users. Even then, if there are ISPs out there that will automatically filter porn for customers, shouldn't there be ISPs that will automatically filter spyware connections?
"Freedom means freedom for everybody" -- Dick Cheney
If you run windows there are registry keys used to track your usage of windows media player (unless you remove them) thus, the ratio is a lot closer to 1 : 1 of every windows computer out there, more so with more recent windows OSes.
It's not the only program either, use a firewall and don't install software that you don't need.
- Dan
Anonymizer and Spy Sweeper do a pretty good job. Adaware ain't bad either.
Ugh! So not only are spyware creators trying to slip their junk onto unsuspecting users' computers without their knowledge, they're also making the machines more vulnerable to other malware in the process. And, as the author of the article points out, if a user doesn't even know that the spyware is on his machine- and the spyware author doesn't want to alert him to that fact- there's no real chance of patching the hole. It's just one more example of why it's evil to keep users in the dark about what's going on with their computers.
There's no point in questioning authority if you aren't going to listen to the answers.
Why exactly is it that when those "install spyware (under some other name)" windows pop up, there's an option to
1: install it (sadly, the defauly option)
2: not install it and
3: automatically trust the company and install every bit of spyware ever sent your way again.....
Why on earth don't they include the option to "Never Trust content from this manufacturer" It would make things alot easier, and alot less frusterating to those of us who feel obligated to provide tech support "why am I getting all these popup windows?" to our less educated friends and family.
With all the lawsuits against the people that create spam, you'd think that there would be more against those like Gator and Gain.
"Operating systems suck: you're better off using only the BIOS" --trainsaw.com
I know tons of people that think random pop-ups and such are a normal part of the web. It's like a newsflash to them that there's another way of doing things (ie using Mozilla/Firefox after a spyware cleaning.)
I work as a support technician in the residence halls of a major university, and whenever I go to a room to try to repair a machine, I always scan for malware, and I NEVER find machines that are free of the scourge. Half the time, it's the cause of whatever problem they had in the first place.
I don't see these as functionally any different than viruses and think that the a/v s/w vendors are ignoring their responsibilities. Like I need yet another f*cking piece of defensive s/w.
Spyware makes it on to 100% of the computers in my network. I have taught my users to put in, use and update ad-aware, but I think even with that there is spyware it's not recognizing. I come to this conclusion thanks to erratic behaviour in many of my machines that is not due to viruses.
Some of my users like spyware. Hotbar is a good example of a program that's actually liked by a number of people. But the programs that seem to do the most harm are the ones that try to stay invisible.
There are two computers on my network that never have spyware problems. One of them is the Mac I do all my web surfing on, and the other is the PC I do no web surfing on at all.
Any company I found is going to be Mac-only. There's little point in tolerating the huge overhead associated with running a Windows network.
D
Having worked at a PC repair store. I would say that 50% of the systems we seehave spyware of one sort or another installed. The real problem are one such as new.net and browser hijack spyware that requires a reinstall of TCP/IP including recreating the winsock files in the registry.
:) We explain and explain but apparently they like comet cursor and bargin buddy more.
It amazes me that the same people comback again and again. We have one customer who every six to eight weeks comes in complaining that her system is slow. Volia! 500 or more spyware items. Apparently she does not mind paying 50 bucks.
We also do work for a mortgage house that get this installed and wonders why their customers get so much spam for competing mortgage companies after they email the customer.
Oh well, spyware and virii are keeping us in business.
Installing a local firewall is one way to deal with spyware. I recently discovered that some freeware that all my co-workers had installed tried to dial out. Since I was running Sygate Personal Firewall (there are others) I was notified that the application wanted to dial home. After some research regarding this software I discovered that it was only trying to send out my registry file and my IP address. :-\
There's a lot of software out there that tries to dial home and any local firewall that is application aware is helpful when it comes to notify you about what's going on on your computer.
I do a lot of computer repair work and every computer I have ever scanned for spyware had spyware on it.
is the absolute bomb...
Note the paypal link... throw the author a few bones; it's a great program.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
- University students and staff are probably more computer-savvy than the general population.
- They were only searching for four of the who-knows-how-many spyware programs out there.
If you're running Windows, you should have Spybot Search and Destroy and Ad-Aware. Not to mention a virus scanner and firewall. And run Windows Update for goodness' sake! Just more proof that Windows isn't ready for the average user yet. (Sorry, had to get a cheap jibe in there.Well, there was one on the page with the article. They wouldn't be hypocrites, now would they?
"...Gribble says. "We do expect that companies can and should use tools to scan their networks...."
Would't it be much simpler if companies just dissallowed their employees to install applications on their machines?Allowing users to download & install 'anything' poses problems way beyond spyware.
The Bigger The Headache The Bigger the Pill
We use the Altiris Notification Server product to track spyware at my job. I compiled a list of about 100 "worst offenders" from sites like doxdesk.com, and cast the net out to see where we stand.
.EXE or .DLL or Add/Remove Programs entry.
Out of ~3,000 computers, ~750 of them came back with at least one positive. And that's just looking for about 100 known spyware apps based on the presence of a known-bad
That's a lot of fucking spyware.
I would be seriously amazed if only 1 in 20 computers had spyware on it , I think 50% is a more accurate number from what Ive seem in a mix of non-technical business users and home users. I have to say all this gator like crap has become the bane of my support existence. I am glad I support very few users and those I support actually listen to me (I think they aare afraid :) One computer owned by my aunt was running slow, bring it over I said Ill look at it, it has no less than 15 seperate spyware apps installed, I about had a heart attack. So I installed a popup killer and its been 6 months still clean as a whistle, It seems like 90% of spyware installed by a user (not bundled like with Bear Share , etc) Comes from those damm windows copy pop-up windows
1 in 20 ? Maybe for technical users, but globally I am certain the average is MUCH higher.
I cannot believe how many new programs are coming with spyware now. Worst yet, the spywares are not just cookie trackers, but keyloggers and much worse. Even some games install a scanner to scan your hd for any "virtual drives" and will not load the game if any are detected.
"Jeremy, you need to get to an internet cafe and cut and paste some appropriate sentiments about me from the world wide
I live on campus at Brigham Young University. Between me and the 40 other guys on my floor, I'd say about everyone has experienced Spyware, but everyone has removed it just with a little help from someone mentioning Ad Aware to them.
/.ers will admit that tons of people don't know about Spyware and what not, showing their ignorance towards computers, but are still angered by things like Clippy the MS icon who helps people with Office and with the simplicity of Windows XP.)
Really, Spyware is like the 8th deadly sin, spread the word and help people get Ad-Aware on their computer.
(As an aftertroll thougt, I should say this. I find it funny that
Mirrors my experience with my neighbors (most of whom are highly-educated... some terminally-degreed).
I've rooted out more copies of Gator, Cydoor, etc from neighbors, friends, and family members... I can't even count the infections.
I typically recommend/setup the following bare minimum set of tools to avoid spyware, hax0rs, etc.
Firewall (I like smoothwall on an old PC)
Current anti-virus, set to auto-scan.
Spybot Search and Destroy run periodically.
I don't think I've ever had to look twice at a home computer setup that took those measures... and the users invariably learn what to look out for (particularly after Norton keeps flagging all those MyDoom, Klez, etc emails).
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
run Linux.
That's "Mr. Soulless Automaton" to you, Bub.
I find that nearly all PC's contain spyware of some sort. I think my current Ad-Aware record holding customer had something like 1,300 detected objects. IE wouldn't even open any more.
One of the Windows labs in our CS department has Comet Cursor installed on every machine - from the hard drive mirror image the lab assistants used to install from!
It's not that Joe Average doesn't care, he/she doesn't know he/she should care! They trust their computer. The idea that malware can hijack their systems is alien to them. The fault is not the end user. The fault is with MicroSoft's default security settings leaving thier PCs as wide open as Goaste.Cx's bunghole, along with sinking Internet Explorer's tenticles deep into the core of the OS.
Simply setting IE to not autoinstall software over the net, or REQUIRING an Administrator password to install said software (a-la Mac OSX and some modern Linux distros) would reduce this crap by a large extent.
Don't blame the user for what is the fault of the creator. Is a car driver at fault if the car he/she is driving was shipped with defective brakes?
Boobies never hurt anyone. - Sherry Glaser.
...is that 100% of these machines are broadcasting their internet address TO THE WORLD and no one is doing a damn thing about it.
don't believe me? punch in your dial in number in Google (xxx-xxx-xxxx) and find out who your ISP REALLY IS!
I see lots of spyware removal recommendations. This one, SpyBot Search and Destroy , is fantastic and free. I carry CDs of it around and give it to everyone I work with.
Those who can do. Those who can't sue.
I work for a small ISP in the middle of nowhere. Often, we will offer our customers the oppritunity to bring their towers into our office if they so choose to fix a problem. For every computer that comes into our office, both Spybot and Adaware is run, and in almost every computer, I'd say about 90%, there is spyware. It really is completely out of control, as there have been computers with upwards of 500 items found between the two programs. 1 in 20 is a major understatement IMHO. I would have to say that out of the people I talk to, it's probably more like 4 out of 5. And then when the problem is Spyware, I say "Looks like you have spyware." And then they go, "What's spyware?"
Microsoft needs to fix their ActiveX problems. I usually tell people to run Firefox now days.
The numbers are wrong, because Windows IS Spy-Ware. So that's 100% infected.
This is a test. This is a test of the emergency sig system. This has been only a test.
No Cookies == No Login == No Karma Whoring.
Just imagine what you're missing
Some people have a way with words, and some people, um, thingy.
1) Does the university allow anyone to plug any computer into their network?
2) If the PCs in question are only owned by the university, why are the users allowed to install anything?
Either way, the Network Admins might as well have asked the spyware companies to come on in and flood their network.
yes... what is it with nurses who smoke? I also know vascular surgeons and respiratory therapists(!) who smoke... boggles the mind.
But you're right... I'm a computer-geek physician, and I've rescued more colleagues laptops and desktops from viruses, spyware, and other assorted nasties. It's scary, because if there's one person whose identity you might like to steal, it would probably be a doctor... they tend to have great credit ratings. If the physician had the necessary docs in their computer, you could perhaps steal their professional identity too, which would be far, far worse.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
AllAdvantage.com discovered this back in the late 90s. College students gladly downloaded a program that provides them no function, displays an ad bar, and has a TOS that says that their unused clock cycles can be sold to distributed computing projects, in exchange for a promise of a small payment.
Kazza is proving that you don't even need to promise the small payment to bundle the spyware, just free access to a P2P network which has a lot of copyrighted content (that it doesn't have license to have) on it.
The average college student is not majoring in tech. They don't understand what they're giving up when they run a service without understanding what it does. User education is not as good as it needs to be.
Asuuming that you don't use an asset management package that inventories the programs on a PC, I'm curious how you scan the network for spyware programs. Would you care to share your techniques and tools with the rest of us?
The software doing the "spyware running" survey is itself spyware, so any computer it scans is, ipso facto, running spyware.
"Where am I, or where am I going?" - Heisenberg
--
make install -not war
I don't get it. Isn't this like saying that two out of four strains of ebola have been found to be susceptible to anthrax? At the point that you have foreign code surreptitiously executing on your machine (aka spyware), you are compromised.
- First they ignore you, then they laugh at you, then ???, then profit.
Hot Young Nurses seduced by P2P.
(by J.Valenti)
Mandy (21) "Well my boyfriend and I started experimenting with Kazaa, and it went on from there"
Mandy now requires five Gigs of LimeWire downloads per day. She is in fear of losing her job if her dirty secret gets out. She's turned to prostitution to cover bandwith costs
Mandy: "I couldn't afford the bandwith so Jane hooked me up with some mates of hers they had me performing for a webcam..."
Mandy's story is not unique. Yesterday she found out she was Gator positive.
It's too late for Mandy, but you can be saved. Stop piracy now!
When they say "defective", they mean that the spyware is crap programming. Which is hardly suprising. People who distributespyware are the same kind of idiots who are responsible for most spam. It's a kind of spam, really, since it's a way of indiscriminately spreading information. The information itself, whether it's a blurb for some penis enlargment nostrum or a piece of buggy code that generates useless statistics about what sites you visit, is basically useless. How do make money distributing something that's useless? You distribute a lot!
Spyware? Pshaw. I use a Mac. I am at college and have a friend who, if she leaves her [WinXP] computer for 20 minutes, will come back to 20-30 popup ads. I let her borrow my Powerbook for a day, and she wants a Mac now... she (obviously) didn't get a single popup while on my computer.
Are you kidding? I work troubleshooting computers on a major college campus and I'd say there's some form of spy/adware on at least 90% of the machines I see. Dorms are by far the worst. Even people who are more adept than the average user seem to get it. Usually they call because their "computer is slow." I can't imagine how many people buy new computers because their old computer has "gotten slower."
Also, no one seems to realize they have to update adaware or spybot. They're using definitions from August and wonder why they're still getting popups. They usually conclude "the program just isn't very good." The same thing goes for virus scanners too.
Anybody who's designing a new system, whether security or UI, should spend a day looking at how most people use their computers. If you haven't, you might be surprised.
Funny Enough, I was removing some spyware from my some of my school's computers (running Win 98) and every one in the studyhalls had spyware! One particularly bad offender had 223 spyware registry keys, programs etc. It was shocking how loaded up these boxes were!
Microsoft proposes that their own customer data collection layer (CDCL) be installed automatically with every copy of Windows. Then any software firm that wants to collect user data will have to pay a fee for it. There. Problem solved.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
At least in terms of the conclusion drawn: "One in twenty computers with an internet connection may be harbouring unwanted "spyware" programs..."
Their sample was computers at a college. You've got a highly wired place with people using them for all sorts of things, and comparatively little training on what and what not to do. Plus you've got younger users, many of which aren't old enough yet to not know everything, and feel free to ignore the warnings and admonishments (mark it flamebait if you like; I've taught such people and run a computerized lab. I know what they do and how they think, and so did I back then). Plus, you've got installs and re-installs (the common fix for everything Windozish) often being done by student workers with as comprehensive training in system security as they have in nuclear reactor operations.
How about a major ISP asking customers to allow them to scan for them? How about running a similar study on a large corporate system where downloading and installing external software is far more likely to be noticed, and results in far more than "Geez, we told you not to".
Biased sample, bad result. It may be right, but without better data, it's still bad.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
The article makes no mention of the operating systems profiled, just the spyware programs that were listened for (Gator, Cydoor, SaveNow, eZula). AFAIK, all of these are Windows native and would not be found on machines that are not running Windows and IE.
Windows itself is not fully to blame for the abundance of spyware and viruses on the internet, but it's generally the people who use Windows that allow viruses to propagate and make spyware feasible due to their ignorance of their own working environment.
If operating systems are to become more transparent, user friendly and powerful, the problems of spyware and viruses will have to be dealt with decisively.
The average Windows user has no idea that there are malicious TSRs lurking in the corners, doing whatever they please. They don't have fine grained control or access to processes, because Windows assumes (correctly) they would not know what to do with that level of control. Operating systems are complex enough without badly implemented security policies, threading models, filesystems and applications, the cruft of years of application and user backwards compatibility making them worse. I don't know if Windows will get a re-write on the level that Mac OS did. It was very important for Apple to move forward and leave the old OS behind, it's way past time for Windows to follow suit. Spyware and viruses could be eliminated if the user was aware of EVERYTHING the machine was doing. Don't give applications a way to hide, and they won't be able to.
TallGreen CMS hosting
Speaking of spyware, the Federal Trade Commission is offering a workshop on spyware that needs comments. I think it would be highly appreciated if some of you guys would comment.
Why do you allow your users to install software?
--
the strongest word is still the word "free"
I've seen an University which the system image they made, and use to install in all computers, was infected with a spyware (from a file archiver I think).
So, the whole labs (120 computers) were running spyware in the background. Nice.
I'm sure of it. I contend that almost every single user that users IE has fell victim to a drive by spyware install. I cleansed a Win98 box back around New Years for a friend of the family. That machine had more pieces of spyware than you could shake a digital stick at. Adaware detected 873 items to remove (bad cookies, binaries, etc). I shit you not. 873. Their machine was running slower than a 486 I once had that had Win95 loaded on it (oh my god it was awful). Spyware was stepping on the feet of other pieces of spyware. Xupiter, Gator, you name it, it was there. Their machine was only a couple years old and had been freshly reloaded (HD crash) less than a year before. This is a fairly educated family of two teachers, a high school-aged son (doesn't use the computer much), and a very small daughter (not old enough to use the computer). They can't stand a better chance of getting infiltrated any more than any other typical Windows user. If they had it that bad imagine what other people have on their machines. 1:20 seems extremely low to me. I'd rather believe 19:20 are infected/infiltrated.
One in twenty Windows computers.
Vote in November. You won't regret it.
The article lacks some information to judge the number too high or too low. What OS was being used by the university? The college I attended tried to nail down most NT systems to not allow software installing new software. There would also be a lower number if the schools uses Macs and Un*x like systems.
They bought up that they found Gator, Cydoor, SaveNow and eZula by examing the traffic and not by looking at each computer. If they had, I am sure the number be a tad larger with all the evil cookies that rest on the computers.
Lacking details isn't actually helping the fight against spyware if only 1 in 20 are effected.
I've just downloaded, installed and have scanned with spybot.
It found loads of Internet Explorer Security Holes and gave the following explination:
There's a security hole in IE allowing websites to execute code without asking you first. You can find more information at http://security.greymagic.com/adv/gm001-ie/
Luckily I use Mozilla, but its intresting that, that is what it picked up on.
Before anyone starts debating the legitimacy of the study, perhaps they should read the actual study:
a tions/nsdi/2004/
http://www.cs.washington.edu/homes/tzoompy/public
*make sure to remove that space in the word publications
If you have windows you should install iespyads, its a free program that will block most spyware/adds via the web. It cant help if you download it but it will keep tracking cookies and java off your system. Then scan with ad-aware once a week and you should be fine, i have had any spyware since installing iespyads over 3 weeks ago, at least none that can be found with ad-aware 6 and pestpatrol
The best spyware utility will get frustrated and end up uninstalling windows.
But seriously, windows still hasn't done a good job of separating the applications from the operating system, that is why some of those spyware programs are so hard to get out specially if its something to do with the networking stack.
The other 19 were running Linux ;-)
== No concept of secure online sessions (URL based session IDs are a disaster waiting to happen... yes, I'm talking to YOU, PHP) == No e-Commerce
Ah....for all of you who are going to continue jumping in with "1 in 20? more like 1 in 1..." without reading the article...
:-)
The "1 in 20" figure the researchers got was not from scanning the HDDs with Spybot/AdAware/etc....they sniffed for known packets from FOUR of the significantly more than four known malwares.
So, to be detected at all, the machines had to be running and the spyware loaded and actively broadcasting packets during the sampling period. Given this lack of an exhaustive check, the 1 in 20 figure doesn't surprise me. (We all know it is 1 in 1...
Caveat Emptor is not a business model.
In addition to the scan & remove capabilities of Spybot, I have found that the Immunize feature is very handy. It blocks many unsafe ActiveX downloads, cookies, as well as some regular downloads. I believe the number of "immunizable" items is over 500 now.
There is also a great Hosts file updater that works wonders with users that only browse a few work-related sites. It has hundreds of spyware and adware domain names and adds 127.0.0.1 entries to the hosts file. It also has an undo feature in case the blocking of ad-related sites interferes with legitimate sites. (rare)
Very worth the time to look into the "other" features of spybot.
I'm on a chair.
New Scientist is just carrying their little summary; one of the authors has the paper available on his site in HTML, PDF, and PostScript forms. It's to be presented at NSDI '04.
"You can never have too many elephants on your team."
We turn IE off in the "Program Access & Preferences" window. Install Mozilla, turn on its built-in pop-up blocker and you're 100X less likely to get spyware.
I want to create a custom data recovery, virus scanning and hopefully spyware detection CD using SystemRescueCd and Sophos AV for Linux. The only thing missing in this equation is anti-spyware software that runs on Linux but scans Win2k/XP partitions. My alternative to this solution is using a DOS boot disk then use something like Winternals NTFSDOS Pro and finally run Sophos AV for DOS - which would still not give me an anti-spyware tool unless the host OS is used. The Linux CD would make use of the Captive project to access the NTFS partitions with R/W capabilities. Obviously I would prefer using the Linux solution, I guess I could scan for viruses first and then boot into Windows to run Ad-Aware but I'm curious if there's an opensource or commercial project that deals with this on Linux.
not Di-hydrogen monoxide.
I bought an Apple Powerbook, and it is like, totally awesome. Seriously... you guys... I have like NOOOO spyware. Apple kicks ass.
Best Regards,
-Eric Cartman
I work in a campus Student Computing Helpdesk, and with the scans we run on most of the computers brought in, about 80-90% have a virus, trojan, or downloader (as found by AVG). I *never* see a computer where Spybot cannot find spyware, though to be fair, it will also find cookies and shortcuts. The computers that really worry me are the 25% that have a browser hijacker, such as CoolWeb. I've seen ones where every page request will redirect you to incredifind.com. We use CWShredder to clear up those. Side note: If you remove spyware from your computer and suddenly all your internet applications stop working, you possibly removed a spyware program that had rooted itself into Winsock. Try WinsockFix to clear that up.
thats funny, I did cable modem installs for a while and I would have said on 60-70% of pc's had some variant or other...
weatherbug, kazaa, hotbar, etc
One in twenty? More like one in five or worse. Of course, UW only looked for four pieces of spyware. IIRC, the latest Spybot definition file has over 12,000 entries (not all of which are covered by the strict definition of "spyware", but still...).
My current job is doing graphics and web work for a small computer services company, but at least once per week I go out on service and maintenance calls for our clients. At one place, the spyware infection rate was closer to 80%: Gator/Claria, Bonzi Buddy, Vomit Cursor, HiWire, IGetNet, BestWeb, Bargain Buddy, etc. One machine had 477 separate pieces of spyware and browser hijackers. Another had 25 instances of the same pr0n dialer. Even the ones that were relatively "clean" still had crapware like Webshots or WeatherBug that brought these commodity PCs to their knees. And don't get me started on Kazaa...
When I started doing this, I'd cut the users a lot of slack, letting them keep their Webshots or Benadryl Desktop Allergy Alerts. But after a month, the BOFH-nature possessed me. I have become an IT fascist: NO WEATHERBUG FOR YOU! NEXT!!!
Gah. Now I'm pissed. I think I'll go in tomorrow and schedule scandisks and defrags for 9AM Monday morning. That'll learn 'em.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
At my schools help desk we always run adaware on finished machines. I have yet to see one without spyware. Our office record was just bumped up to 8084 pieces of spyware. 1 in 20 does not do justice to the growing problem of this malicious software.
Granted, many of the more savvy users could be logging on with hacked clients such as kazaa lite, but I would imagine they number in the thousands, not the millions.
Just helps put a perspective on things...
"To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking
You can configure a firewall to block the outgoing communication that spyware clients attempt to establish with their servers. You CANNOT configure a firewall to prevent users from clicking the shiny pop-up and infecting themselves with the spyware in the first place, and blocking the spyware communication does NOT mitigate the damage to the OS that the spyware generally does - in fact, it often makes it considerably worse, since many instances of spyware go absolutely bugfuck nuts when they can't contact home and may hold up vital processes waiting for that connection to be made, or send the computer into a semi-race condition trying over and over and over again to make that connection.
Coming soon to Slashdot: meta-meta-moderation!
My family went nuts about kazaa when it came out... and everyone of them has called me because they can't even use their computer anymore.
All I can say is thank god for Spybot S+D
-Adam C. Greenfield
22 Infected files is pretty low in my opinion. You run a pretty tight ship on your box.
We have to clean spyware off of student PC's on campus since it screws up internet connections and F-Secure goes nuts to the point where it wont talk to the server anymore.
So far, the Ad-Aware record is 17039 from a student that had a spyware app that put 19000 internet shortcuts in her favorites directory. Number two is 1973 and number Three is 1058.
In Soviet Russia, Trojan exploits YOU!
for mentioning that. I find that OE is a tool of the devil. So many people use that preview pane....
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
but you don't have to use macs to avoid Windows.
Aside from being my address... 3133 virus files on that machine constitutes 13.8% of all files tested on that system....
Who was running that box - and what were they doing with it?
what operating systems did the 19 out of every 20 run? and or who ran them?
I can bet the ones not infected have unix or linux based stuff, or users who dont use IE.
most spyware comes from using internet explorer or windows.. have I yet been infected by spyware in linux or using a mozilla based browser, and goes to shows how many people deserve to be in the college for wisely thinking how to keep their computer spyware free.
http authentication can be used
you can even use time limited urls
http://anonymous:$hash@yourdomain.com
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Just look closely at the nessus Plugin page. You may have to give nessus the remote registry access password but it can scan an entire network quickly with no special software on client machines. Please, try it on your own machines only or be sure you are permitted to conduct that kind of scan.
I do the same job at my University, where every student is leased an official IBM thinkpad (tm).
Our current record is 2111. My personal record for viruses is 7 unique (that is counting varients unique.)
The snow doesn't give a soft white damn whom it touches. -- ee cummings
Hi, I would like to sell you Norton Antivirus software for your Mac. Please buy it. Who cares there are no known viruses that can be retrieved if you have all the latest update, thats not important. Purchase Norton Antivirus Software.
I gotta agree with this. I'm an admin and have to clean up this kind of crap both in the office and at customer sites.
Often times there are odd, often random errors in applications, and it begins to get worse. Or the system even if it's fast begins to crawl. I would say that 8 out of 10 times, it's spyware. In one case I found, according to SpyBot Search and Destroy (excellent tool by the way), 311 spybots and adware shits. This particular system went from the mouse barely moving on a 2.4GHz P4 with DDR ram to what it should have been.
User education is key here. But that is a depressing role to try to be educator, because it's almost all completely ignored.
-- Note: If you don't agree with me, don't bother replying. I won't read it.
"four spyware programs they looked for" What a crappy experiment... 19 out 20 of my friends computers that I have looked at or used have OBVIOUS AND VISIBLE spyware and that 1 missing is a programmer as well. Clearly this was a poorly conducted experiment and these stats are very off.
http://brandonbloom.name
I know for a fact a large majority of computers not only have spyware/adware installed on them, look at how many DMCA complaints are filed on networks that install that shit with their junkware, but the source of it is not addressed. Look for instance at AOL's little bit about PopUp blocking and Earthlink's attempt. That software might stop the visible effect of a compromised machine, but does it shut the ports it may open and stop the sending of data/spam still or local harvesting of email addresses?
As long as Ma and Pa kettle think things are fine because the pop-ups are blocked they are not going to accept responsibility for their computer. Some may try to fault the scientific background of this study but I think it shows a pretty conservative number actually. Of those with compromised machines, how many knew about it? How many cared about it? How many tried to take responsibility for their compuer and fix it? This article shows a true lack of responsibility when it comes to ownership and maintenance of a computer. This same mentality affords the script kiddies what they need to send out their generated packages they wouldn't be able to read the code for and understand to save their lives. So Ma and Pa kettle blindly infect and install the most horrible crap on their machine connected to a global network and share their personal information/habits as well as the malicious love.
Accountability and education needs to stop being replaced by flashy eye candy ads and ignorance as an excuse.
-1 Overrated (Too many big words for me to comprehend)
Not anymore. Internet Explorer removed the parsing of the @ sign in URLs because of their heavy use by fraudulent e-mails (since it's not *required* by the HTTP RFC, just a *feature*). Well you know what happens when only 5% of the web browsers out there can support something...
Educating users and fighting windmills feel about the same to me...
Oh, wait... windmills at least do not say "but i didn't *do* anything! really!"...
I have discovered a truly remarkable sig which this 120 chars is too small to contain.
Using mozilla firefox with the adblock plugin, I have been almost completely spyware-free. If you use wildcards properly (like *.doubleclick.net/*) you can block all ads, cookies and scripts from adservers or directories. Once you have a sizeable list, you won't get anymore nasties invading your system, and pages will load much faster.
Actually, that's a very good serious question.
A lot of accounting can be done through a custom web-based system that I'd develop for the company (similar to the one I already deploy), but there are some very boring programming tasks associated with accounting that are best left to commercial vendors.
Aren't there accounting programs nowadays that have web interfaces and could work with any clients?
I know there are at least some accounting packages for MacOS X, but I know there is maybe 1 for every thousand that exists on Windows.
Anyone have good perspective on this?
D
There's not a lot to be missed after that. Process Explorer is also good for finding processes running that might not be of obvious origin.
Only 1 out of 20 computers at the University of Washington is running Windows?? Good for them!
boycott slashdot February 10th - 17th check out: altSlashdot.org
Dont accept cookies. Ever.
That is all.
No wonder I always feel watched when Grandma bakes me cookies!
I expected Windows' marketshare to be much more prominent.
Seriously though, I installed WinXP Pro on my GF's machine less than two weeks ago, after a few days of her kids using the machine Ad Aware and Spybot S & D found all kinds of shit that they downloaded onto it without thinking.
That's why no one but me uses my machine.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
One of my friends has a Mac, is running Norton (He got a copy with a 100% rebate, if you catch my drift) and has occoasionally prevented a virus from reaching our school's Windows network. Conclusion: Use (Linux || (Unix || OSX)) on a proxy server, scan internet traffic in one place, and relax!
There should be a law requiring/prohibiting that (Please circle one)
AMEN brother!
A long time ago, in a neighbourhood not far removed, Dwelt I, in a little two room apartment.
My old, used Macintosh II, sitting on a box, upgraded to 7.0 was learning that one k is 1024 bytes because that's how slow AOL was then.
only 1 in 20?
I've not seen a single windows workstation that runs IE that isn't infected by a worm, spyware, or some other thing, in years. I just don't think it's possible.
They should redo their study.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Well I tried logging in for FP and it kept saying to enable cookies! Maybe slashdot is spyware?
Installing any software without the users express consent should be illegal, period. All installs should clearly explain what is being installed and what it does. Anything 'extra' would then be illegal.
I wish Spyware was getting as much attention as Spam.
Also, Spybot S&D works much better than Ad aware, but the user interface stinks. It's also "donation ware" so some of you guys may offer some help here. Don't use Google to find it, though. There are some nasty fakes that have tried to take over the Spybot name on searches. use the link provided.
Actually it is explicitly NOT allowed by the HTTP URL RFC but the general URL RFC which supercedes that one says it is an optional but not recommended field for HTTP.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I guess my point is I'm surprised they only found stuff on 1 in 20 in a campus enviornment..I'd have bet on it being more like 18 in 20 myself, based on experience.
From my perspective, a sysadmin whining about clueless non-techie users is like a doctor complaining about all the damn sick people that keep bothering him. Isn't it their job to, you know, office service and tech expertise (or diagnosis and medicine in the doctor case) to those people?
If there weren't so many tech-clueless people in the world, sysadmins would have no jobs... Cry me a fucking river, guys (and girls).
In my experience, looking at computers at my campus, 1 out of every 1 computers with Windows on them had spyware.
-- I was raised on the command line, bitch
I started working as a computer teacher for a Catholic middle school in September. When I got there every computer had spyware. On one computer Ad-Aware identified almost 400 items! Needless to say, every class got a lecture about internet security. Most of them took it to heart, and now mostly we just get unwanted cookies.
Long live the Speaker Bracelet
Rolo D. Monkey
Reference
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Seriously, I'm not trolling, but has Bill Gates or Steve Balmer made any kind of statement of what the Microsoft Way of dealing with spam might be?
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
I'm a resident here in the dorms at the University of Washington.
I think the reason that the findings were 1 out of 20 is they included all the machines on campus. Those in the labs usually get some type of re-imaging done everytime someone logs out, wiping out all changes and thus getting rid of spyware.
But in the dorms where the students manage their own computers, I would say that the numbers are closer to 19 out of 20 computers have some type of spyware. I probably get someone knocking on my door at least once a day wanting me to help them figure out why their computer is slower than dirt and show random popups all the time. Face it, if you use Internet Explorer for web browsing, you're going to get infected!
I have a small computer business and every system I have checked in the last year is infested to one degree or another. I do my best to educate folks, but they're all calling me back out to help them get rid of the popups or speed up their slow internet connections in about 4-5 months. It's a very bad situation and getting worse.
Repeating mantras like "no cookies! no cookies!" may make you feel more private. But it actually has no known effect.
Damn that game was funny.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
Vomit Cursor? That's a new one for me. Does it show a vomit animation when you click on something? Of course, if it doesn't, you'll probably end up making your own vomit animation after it drives you insane. :(
Ah am not a crook! (\(-__-)/)
Stay tuned for the next ground-breaking story about the near 100% mortality rate suffered by humans and animals exposed to di-hydrogen monoxide!
Near 100% mortality rate? I guarantee you that everybody who is exposed to di-hydrogen monoxide will die.
spyware is out of controle it should be outlawd for the simply fact its so simler to a virs infection. but it only proves the fact on how weak widows securty is. you will never see spyware for linux or mac osx for 2 reasions thers not enough users and how the user system is it would be inpossable for the program to simply install isself unless the user was stupid enough to be root all the time. in user mode the programs dont have right acess outside the home dir so it couldent run rampent on the system even if it tryed.
So the ten out of eleven machines belonging to friends and relatives that I've installed Ad-aware on over the last couple of months imply the existance of 190 well-maintained, popup-free, efficient machines that aren't presenting somebody's grandmother the chance to enlarge her penis? One-in-twenty says to me that nineteen out of twenty aren't nitwits. Hell, my commute shows that one out of maybe six should be allowed to use a car, let alone something requiring thought.
This is not my sandwich.
ok, here's the question, I run spybot and adaware on a regular basis, for one, but I use google a lot. So I was wondering if the google search bar has any spyware in it. I know stuff like this is known to have spyware oozing out of it, but i dont know, since its google, and google can do no wrong. Has anyone ripped that thing apart yet? Tellll me....
The official site for the real Spybot Search & Destroy (linkified here):
http://www.safer-networking.org/
except it doesn't take into account the other risks of surgery (anesthesia reactions are ugly). Also, we already operate to fix previous operations, whether for functional or cosmetic reasons. Plastic surgeons often do scar revisions to cosmetically improve on prior surgeries, for example.
Also, there are some types of wounds/injuries that are almost scarless, at least in the long term. Mucosa doesn't scar much... neither does bone (although bone may take years to remodel). For instance, look for scars on the inside of your lip and think about how many times you've bitten it over the course of your life.
Gene therapy is really in its infancy, but it holds tremendous promise, since many many of the big killers (excepting smoking, drinking, trauma, et al) are genetic in origin. If all you have to do is fix a single protein, you could cure familial hypercholesterolemia (bad ones die of heart attacks by their teens or twenties), all the hemoglobinopathies, cystic fibrosis... the list is endless. The challenge would come in targeting multi-gene problems like syndrome X.
I don't know if "good enough" would truly cut it with gene therapy. All it takes is one big lawsuit to wipe out an entire company, and it seems to be uniquely american to sue for simple bad luck. While people seem able to accept that "sh*t happens," when it happens to somebody else, they immediately attempt to assign blame when it happens to them... because somebody has to be at fault...
It's pretty tough to fight human nature.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Okay, it is a fact that spyware is a problem. I personally would guess that the 1-in-20 estimate is (among Winoze computers) actually an incorrect estimate, I have seen computers where there were over 200 issues reported in Ad-Aware, Pest-Patrol, and so on. So, my question basically is, how you protect yourself best. I know most of you would say something such as "don't use Windows", but that would make it easy, so the constraint is keeping Windows. I would be glad to hear opinions.
The faculty i'm studying at had a hit-rate of 100% spyware.
;)
That is what happens if you have spyware in the main image
Privacy is terrorism.
In my experience as an in-home pc technician, in the residential sector it's more like four out of five. Especially if it's a household with children.
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
Gator?! How the fark did that get there?
I'm still not sure what it piggybacked onto. Luckily we killed it before it went out. We're more careful now.
"Seven Deadly Sins? I thought it was a to-do list!"
The shortest route to the human brain is through the butt cheek. I get about 3 spyware laden PCs a day in my shop. The average tab for disinfecting a PC and installing Pest Patrol is about $100-$125.
A little education reinforced by a dose of financial pain makes users a lot more careful about how they use their PC's and the internet. It has also led to some very profitable security gigs at businesses.
I have found freeware scanners lacking when it comes to spyware detection and removal. Ad-Aware is ok but Spy Bot misses a lot of stuff.
That or upgrade to a better browser like Konqueror that lets you treat all cookies as session cookies and lets you accept and decline cookies on a site-by-site basis. That way I can block cookies from any site that doesn't absolutely require them and the sites that do require them only get a cookie for a few hours, so it's quite useless for tracking purposes.
I agree. Didn't your mom tell you not to take candy from strangers?
I downloaded it after reading this thread, I came back with 10 hits: 7 global cookies, a program called "Alexa" which somehow was installed in IE's extentions folder, and wmp9's spyware.
As the admin for my home network, I'd considered that I had kept a fairly tidy ship, not once having been hit by a virus, however, on reading this thread in depth and getting the results back from ad-aware I know that I have to do better. Hopefully now between Norton and Ad-Aware, I'll not be having this kind of problem again. I also know for sure that I've had to reinstall win2k pro on this machine at least once due to spyware on reading closely what you described. NEVER AGAIN!!!!!!!!!