Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware on One in Twenty Computers?

Posted by michael on from the PEBKAC dept.

SpaceDonkey writes "New Scientist reports that researchers at the University of Washington carried out a scan of the campus network for signs of spyware. They found spyware lurking on more than one in 20 machines and also discovered a serious vulnerability in two of the four spyware programs they looked for."

32 of 400 comments (clear)

  1. Ad-Aware by amembleton · · Score: 5, Informative

    Download yourself a free copy of Ad-Aware from here. I ran it on my computer the other day and it found 22 infected files, that it cleaned up for me :)

    1. Re:Ad-Aware by Anonymous Coward · · Score: 3, Informative

      On top of Ad-Aware, I recommend using Spybot S&D as well. It can be grabbed from download.com (careful, there are a lot of software packages that have a name very close to Spybot Search & Destroy). It's best to use both, I always like to have a second opinion before I actually tell either program to start deleting.

      Anyway, both of these programs have their downsides. Neither is perfect, and often removing 'spyware' from apps cripples the apps. Spybot S&D has a bad habit of finding spyware in some computer OEM default installs.

      Always be wary, and remember that carving pieces of software out of your system can have adverse effects!

    2. Re:Ad-Aware by BigForbis · · Score: 2, Informative

      Personally, I have found Spybot to be a much better program to remove spyware. Spybot's Website But personally, nothing can beat knowing what you install and reading those license agreements carefully. Or install Linux where people arent as likely to embed spyware in the program.

      --
      Remember, 50% of people are below average...
    3. Re:Ad-Aware by StrawberryFrog · · Score: 2, Informative

      it found 22 infected files

      Ad-Aware finds tracking cookies as well. While this is good, and I am glad to let Ad-aware remove them, a statement of "22 files" can be misleading as this program will show both spyware .exe's and cookies in one list.

      --

      My Karma: ran over your Dogma
      StrawberryFrog

    4. Re:Ad-Aware by timbit · · Score: 2, Informative

      Ad-Aware is great, especially when run along with Spybot Search and Destroy. (Also Here - Spybot's site is a little slow already...) Run both, and they cover for each other's misses.

    5. Re:Ad-Aware by amembleton · · Score: 3, Informative

      Yes, it is high but this also included a lot of cookies. There was one actuall program, which was a bit worrying. I've never ran it before though, I always felt that I was sensible enough not to get infected, but obviously I was wrong. Its been over a year since I last re-formatted my HDD so one dodgy app isn't too bad.

    6. Re:Ad-Aware by ethx1 · · Score: 3, Informative

      I believe that windows media player 9 series comes with spyware that Ad-Aware detects. This is after specifically telling WMP not to send any data back to Microsoft.

      I know WMP 9 is not part of a freshly installed XP, but I just thought I'd point it out. ;)

    7. Re:Ad-Aware by swb · · Score: 3, Informative

      I ran into a spyware application on a colleague's computer that:

      1) Wasn't detected by the newest AdAware+Definitions
      2) Had a randomly named .exe process listed in task manager that, when terminated, caused ANOTHER one to be launched.
      3) Had a start\run\ registry key that when deleted, got re-created automatically.

      I think what I did to fix it was to rename the registry key instead of deleting it, reboot, and then the app wasn't active. It was a challenge, though -- whoever wrote it did an excellent job of avoiding spyware detection and even manual deletion by randomizing the .EXE and monitoring the registry and process list.

    8. Re:Ad-Aware by GigsVT · · Score: 2, Informative

      My wife, who is pretty savvy, she's a computer tech, told me that last night Spybot found several spywares on her computer. She said she thinks they came from Ameritrade, but I think it must have been an unscrupulous affiliate (spammer type). She had immediately noticed her computer acting funny after she went to the site

      It was an offer for a free Palm Tungsten C with a new $10,000 deposit in an Ameritrade account. She didn't get it via spam either.

      She keeps up on IE patches, and she knows better to click "yes" to trust some site to execute active X...

      There must be some unpatched bug in IE that's letting this shit get installed.

      As for her running Mozilla... that's a lost cause. I don't use Windows, but I can't convince her to switch.

      --
      I've had enough abrasive sigs. Kittens are cute and fuzzy.
    9. Re:Ad-Aware by Shadwhawk · · Score: 3, Informative

      My dad had something like that on his computer.
      Pain in the ass to get rid of. W2k was so unstable it wouldn't even boot in safe mode.
      I finally wound up booting off a Knoppix CD and removing the executables.

    10. Re:Ad-Aware by gad_zuki! · · Score: 2, Informative

      I tell people to always shut off activeX, block pop-ups, run Ad Aware, and install an ad-blocking hosts file. Anything less and you're probably compromised in at least one way.

    11. Re:Ad-Aware by Wolfrider · · Score: 2, Informative

      --I googled for "spybot search destroy" and found it:

      http://www.safer-networking.org/
      http://www.saf er-networking.org/index.php?page=dow nload

      --
      .
      == WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
  2. That seems like a low percentage by Lotek · · Score: 5, Informative

    I'm a tech for a medium sized publishing company, and I find that the first thing I do when I get complaints of slowness and random unexplained crashes is to run spybot. In roughly half of the systems I check, I can find some kind of spyware.

  3. Re:Type by gid13 · · Score: 4, Informative

    Upon reading the article, it says that they only tested for 4 specific programs: Gator, Cydoor, SaveNow, and eZula. And got 5.1% positives. So yeah, you're probably right.

  4. Re:1 in 20? Thats all? by 00420 · · Score: 2, Informative

    I think someone has a spyware detector that is not detecting some of the spyware...

    That's absolutely correct. According to the article they only scanned for Gator, Cydoor, SaveNow and eZula.

    --
    Have you tried Linux yet?
  5. Suggestions by Anonymous Coward · · Score: 4, Informative
    Windows can be secure. Some suggestions:
    • Use Firefox. No need to worry about ActiveX spybars.

    • Get AVG Anti-virus. Keeps out the trojans and viruses.

    • Use Ad-aware. Say goodbye to malware.

    • Above all else, use a personal firewall. You won't have to worry about programs calling home without your permission.
  6. I manage a 50-user corporate network. by daviddennis · · Score: 4, Informative

    Spyware makes it on to 100% of the computers in my network. I have taught my users to put in, use and update ad-aware, but I think even with that there is spyware it's not recognizing. I come to this conclusion thanks to erratic behaviour in many of my machines that is not due to viruses.

    Some of my users like spyware. Hotbar is a good example of a program that's actually liked by a number of people. But the programs that seem to do the most harm are the ones that try to stay invisible.

    There are two computers on my network that never have spyware problems. One of them is the Mac I do all my web surfing on, and the other is the PC I do no web surfing on at all.

    Any company I found is going to be Mac-only. There's little point in tolerating the huge overhead associated with running a Windows network.

    D

    1. Re:I manage a 50-user corporate network. by daviddennis · · Score: 4, Informative

      Two points:

      * Spyware is created for purely commercial reasons. It is not commercially viable to create this kind of software for a platform with a 5% market share. I don't expect spyware to become a problem under MacOS X unless something happens that pushes its market share radically higher.

      if 99.99% of virii and spyware are writen for Windows, the Mac and Linux are far, far safer. That's not "security through obscurity"; it's pure, hard-headed commercial reality.

      * Most of the tricks used for "drive-by installs" of Spyware work because Internet Explorer is integrated with the operating system. In other words, you use Internet Explorer + an ActiveX DLL to install updates to Windows. Therefore, you can use the same combination to do Bad Things.

      On the Mac, there is no such integration, so the only way to install software is to, well, install it. Period.

      You pointed me to a spyware removal tool for the Mac, but I have yet to hear of any Mac spyware. Until proven otherwise, I consider that program bogus.

      D

  7. Installing a local firewall is a good idea. by LemonFire · · Score: 3, Informative

    Installing a local firewall is one way to deal with spyware. I recently discovered that some freeware that all my co-workers had installed tried to dial out. Since I was running Sygate Personal Firewall (there are others) I was notified that the application wanted to dial home. After some research regarding this software I discovered that it was only trying to send out my registry file and my IP address. :-\
    There's a lot of software out there that tries to dial home and any local firewall that is application aware is helpful when it comes to notify you about what's going on on your computer.

  8. Spybot by The+Tyro · · Score: 2, Informative

    is the absolute bomb...

    Note the paypal link... throw the author a few bones; it's a great program.

    --
    Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
  9. I'm not surprised. by Bistronaut · · Score: 4, Informative
    I would say that the 20% number is way lower than what you'd find on cross-section of average home users' computers. I'll bet that they only came up with 20% because:
    • University students and staff are probably more computer-savvy than the general population.
    • They were only searching for four of the who-knows-how-many spyware programs out there.
    If you're running Windows, you should have Spybot Search and Destroy and Ad-Aware. Not to mention a virus scanner and firewall. And run Windows Update for goodness' sake! Just more proof that Windows isn't ready for the average user yet. (Sorry, had to get a cheap jibe in there. :-)
  10. Re:Only one in twenty? by Fnkmaster · · Score: 3, Informative
    Three in twenty? Are you nuts? It's a heck of a lot higher than that. I'm away from home for a few weeks, I come back and discover my roommate's girlfriend used my computer - guess what? Spyware. Roommmate complains IE is behaving strangely - what do ya know, spyware. Mom's computer is running slow again a few weeks ago - spyware (strike two, now she has been taught to use AdAware for herself).


    In business environments where people's computers are locked down or there are policies against installing software yourself, the rates are much lower. But in the general university/home/small business user community, I'm more surprised when I find that somebody is aware enough to NOT have spyware than when they do.

  11. Re:1 : 1 by LostCluster · · Score: 2, Informative

    Yeah, but that's like saying that IE's history file creates an unsecured log of where you've been unless you clear it or disable it. It's not spyware until something tries to send that log outward...

  12. Federal Trade Commission by enforcer999 · · Score: 3, Informative

    Speaking of spyware, the Federal Trade Commission is offering a workshop on spyware that needs comments. I think it would be highly appreciated if some of you guys would comment.

  13. Re:That's likely and understatement by Disabuser · · Score: 3, Informative

    I have always thought of spyware as a virus. Perhaps not as destructive but, a virus none the less.

    A large portion of my work is field service on home PCs. Spyware has actually become a more destructive problem than viruses for most of my residential clients who already have adequate virus protection.

    Most people will have one or two spyware apps like Gator on their machines, which won't impact performance enough for them to notice. But if they have kids it's a different story. Kids download and install EVERYTHING until all the competing spyware renders the internet connection too slow to be usable. DNS requests are often hijacked and when that stops working they are dead in the water.

    I get over 600 hits in an Ad-aware scan on a regular basis on machines where kids have access. I also return again and again to the same clients for the same problem. My favorites are the ones who download and install multiple "free" spyware-supported popup blockers, which just add fuel to the fire.

  14. Everyone ready to make a "1 in 20?" comment.. RTFA by BillX · · Score: 3, Informative

    Ah....for all of you who are going to continue jumping in with "1 in 20? more like 1 in 1..." without reading the article...

    The "1 in 20" figure the researchers got was not from scanning the HDDs with Spybot/AdAware/etc....they sniffed for known packets from FOUR of the significantly more than four known malwares.

    So, to be detected at all, the machines had to be running and the spyware loaded and actively broadcasting packets during the sampling period. Given this lack of an exhaustive check, the 1 in 20 figure doesn't surprise me. (We all know it is 1 in 1... :-)

    --
    Caveat Emptor is not a business model.
  15. The actual article by El+Volio · · Score: 4, Informative

    New Scientist is just carrying their little summary; one of the authors has the paper available on his site in HTML, PDF, and PostScript forms. It's to be presented at NSDI '04.

    --

    "You can never have too many elephants on your team."

  16. More like 80-90% by Zoc_All_Alone · · Score: 2, Informative

    I work in a campus Student Computing Helpdesk, and with the scans we run on most of the computers brought in, about 80-90% have a virus, trojan, or downloader (as found by AVG). I *never* see a computer where Spybot cannot find spyware, though to be fair, it will also find cookies and shortcuts. The computers that really worry me are the 25% that have a browser hijacker, such as CoolWeb. I've seen ones where every page request will redirect you to incredifind.com. We use CWShredder to clear up those. Side note: If you remove spyware from your computer and suddenly all your internet applications stop working, you possibly removed a spyware program that had rooted itself into Winsock. Try WinsockFix to clear that up.

  17. Tracking Cookies and Firefox by monster811 · · Score: 2, Informative
    Most of these tests don't count the endless flood of tracking cookies, as those seem to work across browsers (the mere use of mozilla blocks most malware, but not these). Whenever I upgrade someone's system, I always scan for spyware and remove stuff like those weatherbug, gator, etc. programs that clueless people install. When I run Ad-Aware, I generally find a few nasty apps and a few hundred tracking cookies. These definately should be looked for by tests, as nearly every system has some on it.

    Using mozilla firefox with the adblock plugin, I have been almost completely spyware-free. If you use wildcards properly (like *.doubleclick.net/*) you can block all ads, cookies and scripts from adservers or directories. Once you have a sizeable list, you won't get anymore nasties invading your system, and pages will load much faster.

  18. Effective combination... by Fez · · Score: 5, Informative
    I work at a computer repair shop, and nearly every single computer I work on has some degree of spyware. The best combination of tactics to kill spyware that I've found is as follows (All in Safe Mode, of course):

    There's not a lot to be missed after that. Process Explorer is also good for finding processes running that might not be of obvious origin.
  19. Some rough stats from a call center by Anonymous Coward · · Score: 1, Informative
    I work at a call center for one of the largest ISPs in the country. (it's a bad economy, ok...) As a test, I sacrificed my "call time" stats for a day and had the callers with problems connecting, slowness, secure sights blocked, etc... run spybot S&D. more than half had severe spyware problems, a large majority had "small" spyware problems. It only takes one! The procedure that helped to kill the spyware best was to first kill ALL UNNECCESSARY TASKS running, regardless of OS version (Windows only, of course) and the run Spybot. This killed off the replication "Feature" of the spyware long enough for Spybot to remove the hard copies and end the problem. Some of the more nasty ones would intentionally crash explorer when a "request" to end task from windows was received so that they could not be killed. The only fix, at this point is a clean boot or a system reinstall. If only windows had a "kill" command that didn't "ask" the virus/trojan/worm/spyware to shutdown gracefully, this would not be a problem!


    Also, Spybot S&D works much better than Ad aware, but the user interface stinks. It's also "donation ware" so some of you guys may offer some help here. Don't use Google to find it, though. There are some nasty fakes that have tried to take over the Spybot name on searches. use the link provided.

  20. Re:Spyware? You mean data collection? by Phroggy · · Score: 2, Informative

    Reference

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;