Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware on One in Twenty Computers?

Posted by michael on from the PEBKAC dept.

SpaceDonkey writes "New Scientist reports that researchers at the University of Washington carried out a scan of the campus network for signs of spyware. They found spyware lurking on more than one in 20 machines and also discovered a serious vulnerability in two of the four spyware programs they looked for."

19 of 400 comments (clear)

  1. Ad-Aware by amembleton · · Score: 5, Informative

    Download yourself a free copy of Ad-Aware from here. I ran it on my computer the other day and it found 22 infected files, that it cleaned up for me :)

    1. Re:Ad-Aware by Anonymous Coward · · Score: 3, Informative

      On top of Ad-Aware, I recommend using Spybot S&D as well. It can be grabbed from download.com (careful, there are a lot of software packages that have a name very close to Spybot Search & Destroy). It's best to use both, I always like to have a second opinion before I actually tell either program to start deleting.

      Anyway, both of these programs have their downsides. Neither is perfect, and often removing 'spyware' from apps cripples the apps. Spybot S&D has a bad habit of finding spyware in some computer OEM default installs.

      Always be wary, and remember that carving pieces of software out of your system can have adverse effects!

    2. Re:Ad-Aware by amembleton · · Score: 3, Informative

      Yes, it is high but this also included a lot of cookies. There was one actuall program, which was a bit worrying. I've never ran it before though, I always felt that I was sensible enough not to get infected, but obviously I was wrong. Its been over a year since I last re-formatted my HDD so one dodgy app isn't too bad.

    3. Re:Ad-Aware by ethx1 · · Score: 3, Informative

      I believe that windows media player 9 series comes with spyware that Ad-Aware detects. This is after specifically telling WMP not to send any data back to Microsoft.

      I know WMP 9 is not part of a freshly installed XP, but I just thought I'd point it out. ;)

    4. Re:Ad-Aware by swb · · Score: 3, Informative

      I ran into a spyware application on a colleague's computer that:

      1) Wasn't detected by the newest AdAware+Definitions
      2) Had a randomly named .exe process listed in task manager that, when terminated, caused ANOTHER one to be launched.
      3) Had a start\run\ registry key that when deleted, got re-created automatically.

      I think what I did to fix it was to rename the registry key instead of deleting it, reboot, and then the app wasn't active. It was a challenge, though -- whoever wrote it did an excellent job of avoiding spyware detection and even manual deletion by randomizing the .EXE and monitoring the registry and process list.

    5. Re:Ad-Aware by Shadwhawk · · Score: 3, Informative

      My dad had something like that on his computer.
      Pain in the ass to get rid of. W2k was so unstable it wouldn't even boot in safe mode.
      I finally wound up booting off a Knoppix CD and removing the executables.

  2. That seems like a low percentage by Lotek · · Score: 5, Informative

    I'm a tech for a medium sized publishing company, and I find that the first thing I do when I get complaints of slowness and random unexplained crashes is to run spybot. In roughly half of the systems I check, I can find some kind of spyware.

  3. Re:Type by gid13 · · Score: 4, Informative

    Upon reading the article, it says that they only tested for 4 specific programs: Gator, Cydoor, SaveNow, and eZula. And got 5.1% positives. So yeah, you're probably right.

  4. Suggestions by Anonymous Coward · · Score: 4, Informative
    Windows can be secure. Some suggestions:
    • Use Firefox. No need to worry about ActiveX spybars.

    • Get AVG Anti-virus. Keeps out the trojans and viruses.

    • Use Ad-aware. Say goodbye to malware.

    • Above all else, use a personal firewall. You won't have to worry about programs calling home without your permission.
  5. I manage a 50-user corporate network. by daviddennis · · Score: 4, Informative

    Spyware makes it on to 100% of the computers in my network. I have taught my users to put in, use and update ad-aware, but I think even with that there is spyware it's not recognizing. I come to this conclusion thanks to erratic behaviour in many of my machines that is not due to viruses.

    Some of my users like spyware. Hotbar is a good example of a program that's actually liked by a number of people. But the programs that seem to do the most harm are the ones that try to stay invisible.

    There are two computers on my network that never have spyware problems. One of them is the Mac I do all my web surfing on, and the other is the PC I do no web surfing on at all.

    Any company I found is going to be Mac-only. There's little point in tolerating the huge overhead associated with running a Windows network.

    D

    1. Re:I manage a 50-user corporate network. by daviddennis · · Score: 4, Informative

      Two points:

      * Spyware is created for purely commercial reasons. It is not commercially viable to create this kind of software for a platform with a 5% market share. I don't expect spyware to become a problem under MacOS X unless something happens that pushes its market share radically higher.

      if 99.99% of virii and spyware are writen for Windows, the Mac and Linux are far, far safer. That's not "security through obscurity"; it's pure, hard-headed commercial reality.

      * Most of the tricks used for "drive-by installs" of Spyware work because Internet Explorer is integrated with the operating system. In other words, you use Internet Explorer + an ActiveX DLL to install updates to Windows. Therefore, you can use the same combination to do Bad Things.

      On the Mac, there is no such integration, so the only way to install software is to, well, install it. Period.

      You pointed me to a spyware removal tool for the Mac, but I have yet to hear of any Mac spyware. Until proven otherwise, I consider that program bogus.

      D

  6. Installing a local firewall is a good idea. by LemonFire · · Score: 3, Informative

    Installing a local firewall is one way to deal with spyware. I recently discovered that some freeware that all my co-workers had installed tried to dial out. Since I was running Sygate Personal Firewall (there are others) I was notified that the application wanted to dial home. After some research regarding this software I discovered that it was only trying to send out my registry file and my IP address. :-\
    There's a lot of software out there that tries to dial home and any local firewall that is application aware is helpful when it comes to notify you about what's going on on your computer.

  7. I'm not surprised. by Bistronaut · · Score: 4, Informative
    I would say that the 20% number is way lower than what you'd find on cross-section of average home users' computers. I'll bet that they only came up with 20% because:
    • University students and staff are probably more computer-savvy than the general population.
    • They were only searching for four of the who-knows-how-many spyware programs out there.
    If you're running Windows, you should have Spybot Search and Destroy and Ad-Aware. Not to mention a virus scanner and firewall. And run Windows Update for goodness' sake! Just more proof that Windows isn't ready for the average user yet. (Sorry, had to get a cheap jibe in there. :-)
  8. Re:Only one in twenty? by Fnkmaster · · Score: 3, Informative
    Three in twenty? Are you nuts? It's a heck of a lot higher than that. I'm away from home for a few weeks, I come back and discover my roommate's girlfriend used my computer - guess what? Spyware. Roommmate complains IE is behaving strangely - what do ya know, spyware. Mom's computer is running slow again a few weeks ago - spyware (strike two, now she has been taught to use AdAware for herself).


    In business environments where people's computers are locked down or there are policies against installing software yourself, the rates are much lower. But in the general university/home/small business user community, I'm more surprised when I find that somebody is aware enough to NOT have spyware than when they do.

  9. Federal Trade Commission by enforcer999 · · Score: 3, Informative

    Speaking of spyware, the Federal Trade Commission is offering a workshop on spyware that needs comments. I think it would be highly appreciated if some of you guys would comment.

  10. Re:That's likely and understatement by Disabuser · · Score: 3, Informative

    I have always thought of spyware as a virus. Perhaps not as destructive but, a virus none the less.

    A large portion of my work is field service on home PCs. Spyware has actually become a more destructive problem than viruses for most of my residential clients who already have adequate virus protection.

    Most people will have one or two spyware apps like Gator on their machines, which won't impact performance enough for them to notice. But if they have kids it's a different story. Kids download and install EVERYTHING until all the competing spyware renders the internet connection too slow to be usable. DNS requests are often hijacked and when that stops working they are dead in the water.

    I get over 600 hits in an Ad-aware scan on a regular basis on machines where kids have access. I also return again and again to the same clients for the same problem. My favorites are the ones who download and install multiple "free" spyware-supported popup blockers, which just add fuel to the fire.

  11. Everyone ready to make a "1 in 20?" comment.. RTFA by BillX · · Score: 3, Informative

    Ah....for all of you who are going to continue jumping in with "1 in 20? more like 1 in 1..." without reading the article...

    The "1 in 20" figure the researchers got was not from scanning the HDDs with Spybot/AdAware/etc....they sniffed for known packets from FOUR of the significantly more than four known malwares.

    So, to be detected at all, the machines had to be running and the spyware loaded and actively broadcasting packets during the sampling period. Given this lack of an exhaustive check, the 1 in 20 figure doesn't surprise me. (We all know it is 1 in 1... :-)

    --
    Caveat Emptor is not a business model.
  12. The actual article by El+Volio · · Score: 4, Informative

    New Scientist is just carrying their little summary; one of the authors has the paper available on his site in HTML, PDF, and PostScript forms. It's to be presented at NSDI '04.

    --

    "You can never have too many elephants on your team."

  13. Effective combination... by Fez · · Score: 5, Informative
    I work at a computer repair shop, and nearly every single computer I work on has some degree of spyware. The best combination of tactics to kill spyware that I've found is as follows (All in Safe Mode, of course):

    There's not a lot to be missed after that. Process Explorer is also good for finding processes running that might not be of obvious origin.