Slashdot Mirror
Spyware on One in Twenty Computers?
SpaceDonkey writes "New Scientist reports that researchers at the University of Washington carried out a scan of the campus network for signs of spyware. They found spyware lurking on more than one in 20 machines and also discovered a serious vulnerability in two of the four spyware programs they looked for."
But isn't the spyware in and of itself the vulnerability?
Damn, people need to get tough on this shit.
I'm amazing. You aren't. SUCK IT
No mention of the computer OS or archs.
Nice.
I don't what their definition of spyware is, but I'd be amazed if it was fewer than one in three.
I would have guessed one in two.
Funny, but makes you wonder how much was there that they didn't detect. And as much as I love Spybot S&D and to a lesser extent Ad-Aware, I wonder how much they miss.
Going by my former help desk experience at a college, and by experience with friends and families computers I'd expect three in twenty would be more accurate.
Though I tell people when I fix their computers from spyware, that I will do it once, put Spybot on their computers, along with Mozilla Phoe^H^H Fireb^H^H Firefox on their computers.
If they get more spyware from using IE over Firefox, then I'll charge them to take it out next time.
If that really is an accurate figure, then things are really improving. I, for one, hope so.
"I may not have morals, but I have standards."
Most spyware remains undetected because it makes copies and backups of itself that are near to invisible. Although spyware is easily visible on 1 in 20, it is probably present in some form on almost every computer with an internet connection.
------- "A true friend stabs you in the front." -Eliot
If you run windows there are registry keys used to track your usage of windows media player (unless you remove them) thus, the ratio is a lot closer to 1 : 1 of every windows computer out there, more so with more recent windows OSes.
It's not the only program either, use a firewall and don't install software that you don't need.
- Dan
I wish the guys at NYU would re-ghost their machines every two weeks. I was working on one this week that probably hadn't been done since last summer. The virus definitions hadn't been updated since November, and there were about 20 spyware programs on it. Working on a machine like that is kind of like using the Men's room at the Port Authority bus station. Icky.
That's why I believe this 1-20 number. This is a relatively closed system monitored by an administrator and most likely governed by a usage policy. Perform the same study on machines found in copy shops or in homes and I'm sure the results would be quite different.
Support the First Amendment. Read at -1
run Linux.
That's "Mr. Soulless Automaton" to you, Bub.
It's not that Joe Average doesn't care, he/she doesn't know he/she should care! They trust their computer. The idea that malware can hijack their systems is alien to them. The fault is not the end user. The fault is with MicroSoft's default security settings leaving thier PCs as wide open as Goaste.Cx's bunghole, along with sinking Internet Explorer's tenticles deep into the core of the OS.
Simply setting IE to not autoinstall software over the net, or REQUIRING an Administrator password to install said software (a-la Mac OSX and some modern Linux distros) would reduce this crap by a large extent.
Don't blame the user for what is the fault of the creator. Is a car driver at fault if the car he/she is driving was shipped with defective brakes?
Boobies never hurt anyone. - Sherry Glaser.
Becauese they're afraid people will click that for MS software.
I still have more fans than freaks. WTF is wrong with you people?
AllAdvantage.com discovered this back in the late 90s. College students gladly downloaded a program that provides them no function, displays an ad bar, and has a TOS that says that their unused clock cycles can be sold to distributed computing projects, in exchange for a promise of a small payment.
Kazza is proving that you don't even need to promise the small payment to bundle the spyware, just free access to a P2P network which has a lot of copyrighted content (that it doesn't have license to have) on it.
The average college student is not majoring in tech. They don't understand what they're giving up when they run a service without understanding what it does. User education is not as good as it needs to be.
I'd think the number would probably remain about the same (at least relatively). Pretty much every computer I look at now has been slowed down by Spyware/Adware, so it seemed low to me initially, but these are also all computers for people who are using Kazaa and other programs they download on the Internet. Virtually all of those people will be infected (except for the few who know better), but also considering business users and people who use the Internet little or not at all (or don't download programs) the number is lowered. Not to mention people that don't run Windows. The number's probably higher in college environments but relatively similar all things considered.
I don't try to be right, I just try to make people think
When they say "defective", they mean that the spyware is crap programming. Which is hardly suprising. People who distributespyware are the same kind of idiots who are responsible for most spam. It's a kind of spam, really, since it's a way of indiscriminately spreading information. The information itself, whether it's a blurb for some penis enlargment nostrum or a piece of buggy code that generates useless statistics about what sites you visit, is basically useless. How do make money distributing something that's useless? You distribute a lot!
At least in terms of the conclusion drawn: "One in twenty computers with an internet connection may be harbouring unwanted "spyware" programs..."
Their sample was computers at a college. You've got a highly wired place with people using them for all sorts of things, and comparatively little training on what and what not to do. Plus you've got younger users, many of which aren't old enough yet to not know everything, and feel free to ignore the warnings and admonishments (mark it flamebait if you like; I've taught such people and run a computerized lab. I know what they do and how they think, and so did I back then). Plus, you've got installs and re-installs (the common fix for everything Windozish) often being done by student workers with as comprehensive training in system security as they have in nuclear reactor operations.
How about a major ISP asking customers to allow them to scan for them? How about running a similar study on a large corporate system where downloading and installing external software is far more likely to be noticed, and results in far more than "Geez, we told you not to".
Biased sample, bad result. It may be right, but without better data, it's still bad.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Why do you allow your users to install software?
--
the strongest word is still the word "free"
I'm sure of it. I contend that almost every single user that users IE has fell victim to a drive by spyware install. I cleansed a Win98 box back around New Years for a friend of the family. That machine had more pieces of spyware than you could shake a digital stick at. Adaware detected 873 items to remove (bad cookies, binaries, etc). I shit you not. 873. Their machine was running slower than a 486 I once had that had Win95 loaded on it (oh my god it was awful). Spyware was stepping on the feet of other pieces of spyware. Xupiter, Gator, you name it, it was there. Their machine was only a couple years old and had been freshly reloaded (HD crash) less than a year before. This is a fairly educated family of two teachers, a high school-aged son (doesn't use the computer much), and a very small daughter (not old enough to use the computer). They can't stand a better chance of getting infiltrated any more than any other typical Windows user. If they had it that bad imagine what other people have on their machines. 1:20 seems extremely low to me. I'd rather believe 19:20 are infected/infiltrated.
No, they're not ignoring their responsiblities, but they both subscribe to a tight definition of "virus" that requires self replication. Malware distributed by a voluntary download or a tricky question posed by a website doesn't count, so you have to buy another product from them to get their anti-spyware solution.
We really should have one bad program scanner to rule them all, and I'm starting to notice that AdAware is starting to define the major worms and viruses as something their program can clean up. If AdAware just catches up with having a virus list as deep as their spyware list, I just might shell out the money and lay off Norton as redundant.
Way more than one in twenty. I would conceder my parents to be typical home users. I visit them every couple months, and when I do I give their computers a check up, part of this is running ad aware, and every time I do I find something. Last time I checked my mom's pc I found over 200 items, from almost a dozen pieces of spyware. She had so much crap that she had actually stopped using her computer because of all the pop ups. I'm usually pretty cautious, but will occasionally find spyware on my system, even though I have an antivirus that supposedly block's it.
If I were to guess at a number I would say that at any given moment that more than half of home computers running windows have some kind of spyware/adware running. This comes from helping out many friends with spyware related problems.
UW found so few instances because I'm sure that they limit users? ability to install software on their lab computers. As for dorm computers, many types of spyware can't be detected by a port scan, the only way to pick them up would be through a carnivore type system, even then not all of them would be found.
The only way to stop spyware is to start prosecuting the companies who make it; it should be pretty easy under one of the laws for protecting children on the internet. After all if opening popup windows advertising porn with every page load isn?t illegal under these laws what is?
Well art is art isn't it, but then again water is water; and east is east; and west is west; and if you take cranberries
That's simply not done here at the UW. A number of the larger computer labs here on campus do have automatic re-distribution on a weekly or bi-weekly schedule, particularly in the CS department. The vast majority of faculty and staff computers sit relatively untouched (and in many cases probably unpatched!) year after year. If they spectacularly fail, then they get the full reinstall treatment. Almost certainly they don't get this preventatively.
The reason for this? Look at the actual paper - 31,000 hosts monitored over 1 week in August. That means a token number of those were actually student computers in the Res. Halls, since they are mostly closed for the summer. It's primarily staff machines. Ghosting them weekly would be a ridiculous amount of work, given the small size of most IT groups here.
Consider, for the moment, the department of Psychology. They have two full-time staff that manage on the order of ~500 machines spread across six or more buildings. Most of the other departments are in a similar boat - competent IT staff are too expensive and funding for infrastructure is too low. The large computer labs, the CSE/EE department, and the hospital have IT pretty well under control. The general feel is that the rest of the folks, particularly in Arts & Sciences really ought to work together better to centralize administration. Of course no one is willing to give up local control over their systems. So it's a big mess. The actual important systems are in general locked away running on big servers, and everything else is treated as a fully untrusted system.
I'd wager that we're not too far off the mark for most other large public Universities. On the ground, the beauracracy starts mattering alot more than the tech. (Unfortunately)
The truly scary thing is they don't care. The also have about 40 programs running on their systray, so it takes 15 minutes for their insanely fast computer to boot up, and its swapping out to disk constantly despite the fact they have 512 meg of ram!
I've noticed certain people will complain and tinker with their computer all the time, no matter how well it is currently running. Most others will just *ACCEPT* popups, spam, spyware, crashing, viruses, and so forth. I have called people to let them know they have a worm (but i call it a virus for them, so they dont get confused), their computer is constantly spamming everybody with virus laden email, blah blah blah. Sometimes they say "So?" These people should not own computers. Hell, they should not be allowed to reproduce
for mentioning that. I find that OE is a tool of the devil. So many people use that preview pane....
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
I gotta agree with this. I'm an admin and have to clean up this kind of crap both in the office and at customer sites.
Often times there are odd, often random errors in applications, and it begins to get worse. Or the system even if it's fast begins to crawl. I would say that 8 out of 10 times, it's spyware. In one case I found, according to SpyBot Search and Destroy (excellent tool by the way), 311 spybots and adware shits. This particular system went from the mouse barely moving on a 2.4GHz P4 with DDR ram to what it should have been.
User education is key here. But that is a depressing role to try to be educator, because it's almost all completely ignored.
-- Note: If you don't agree with me, don't bother replying. I won't read it.
I know for a fact a large majority of computers not only have spyware/adware installed on them, look at how many DMCA complaints are filed on networks that install that shit with their junkware, but the source of it is not addressed. Look for instance at AOL's little bit about PopUp blocking and Earthlink's attempt. That software might stop the visible effect of a compromised machine, but does it shut the ports it may open and stop the sending of data/spam still or local harvesting of email addresses?
As long as Ma and Pa kettle think things are fine because the pop-ups are blocked they are not going to accept responsibility for their computer. Some may try to fault the scientific background of this study but I think it shows a pretty conservative number actually. Of those with compromised machines, how many knew about it? How many cared about it? How many tried to take responsibility for their compuer and fix it? This article shows a true lack of responsibility when it comes to ownership and maintenance of a computer. This same mentality affords the script kiddies what they need to send out their generated packages they wouldn't be able to read the code for and understand to save their lives. So Ma and Pa kettle blindly infect and install the most horrible crap on their machine connected to a global network and share their personal information/habits as well as the malicious love.
Accountability and education needs to stop being replaced by flashy eye candy ads and ignorance as an excuse.
-1 Overrated (Too many big words for me to comprehend)
Not anymore. Internet Explorer removed the parsing of the @ sign in URLs because of their heavy use by fraudulent e-mails (since it's not *required* by the HTTP RFC, just a *feature*). Well you know what happens when only 5% of the web browsers out there can support something...
Educating users and fighting windmills feel about the same to me...
Oh, wait... windmills at least do not say "but i didn't *do* anything! really!"...
I have discovered a truly remarkable sig which this 120 chars is too small to contain.
Seriously though, I installed WinXP Pro on my GF's machine less than two weeks ago, after a few days of her kids using the machine Ad Aware and Spybot S & D found all kinds of shit that they downloaded onto it without thinking.
That's why no one but me uses my machine.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano