Spyware on One in Twenty Computers?
SpaceDonkey writes "New Scientist reports that researchers at the University of Washington carried out a scan of the campus network for signs of spyware. They found spyware lurking on more than one in 20 machines and also discovered a serious vulnerability in two of the four spyware programs they looked for."
But isn't the spyware in and of itself the vulnerability?
Damn, people need to get tough on this shit.
I'm amazing. You aren't. SUCK IT
No mention of the computer OS or archs.
Nice.
Funny, but makes you wonder how much was there that they didn't detect. And as much as I love Spybot S&D and to a lesser extent Ad-Aware, I wonder how much they miss.
Going by my former help desk experience at a college, and by experience with friends and families computers I'd expect three in twenty would be more accurate.
Though I tell people when I fix their computers from spyware, that I will do it once, put Spybot on their computers, along with Mozilla Phoe^H^H Fireb^H^H Firefox on their computers.
If they get more spyware from using IE over Firefox, then I'll charge them to take it out next time.
Most spyware remains undetected because it makes copies and backups of itself that are near to invisible. Although spyware is easily visible on 1 in 20, it is probably present in some form on almost every computer with an internet connection.
------- "A true friend stabs you in the front." -Eliot
If you run windows there are registry keys used to track your usage of windows media player (unless you remove them) thus, the ratio is a lot closer to 1 : 1 of every windows computer out there, more so with more recent windows OSes.
It's not the only program either, use a firewall and don't install software that you don't need.
- Dan
That's why I believe this 1-20 number. This is a relatively closed system monitored by an administrator and most likely governed by a usage policy. Perform the same study on machines found in copy shops or in homes and I'm sure the results would be quite different.
Support the First Amendment. Read at -1
I'd think the number would probably remain about the same (at least relatively). Pretty much every computer I look at now has been slowed down by Spyware/Adware, so it seemed low to me initially, but these are also all computers for people who are using Kazaa and other programs they download on the Internet. Virtually all of those people will be infected (except for the few who know better), but also considering business users and people who use the Internet little or not at all (or don't download programs) the number is lowered. Not to mention people that don't run Windows. The number's probably higher in college environments but relatively similar all things considered.
I don't try to be right, I just try to make people think
When they say "defective", they mean that the spyware is crap programming. Which is hardly suprising. People who distributespyware are the same kind of idiots who are responsible for most spam. It's a kind of spam, really, since it's a way of indiscriminately spreading information. The information itself, whether it's a blurb for some penis enlargment nostrum or a piece of buggy code that generates useless statistics about what sites you visit, is basically useless. How do make money distributing something that's useless? You distribute a lot!
At least in terms of the conclusion drawn: "One in twenty computers with an internet connection may be harbouring unwanted "spyware" programs..."
Their sample was computers at a college. You've got a highly wired place with people using them for all sorts of things, and comparatively little training on what and what not to do. Plus you've got younger users, many of which aren't old enough yet to not know everything, and feel free to ignore the warnings and admonishments (mark it flamebait if you like; I've taught such people and run a computerized lab. I know what they do and how they think, and so did I back then). Plus, you've got installs and re-installs (the common fix for everything Windozish) often being done by student workers with as comprehensive training in system security as they have in nuclear reactor operations.
How about a major ISP asking customers to allow them to scan for them? How about running a similar study on a large corporate system where downloading and installing external software is far more likely to be noticed, and results in far more than "Geez, we told you not to".
Biased sample, bad result. It may be right, but without better data, it's still bad.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Why do you allow your users to install software?
--
the strongest word is still the word "free"
Way more than one in twenty. I would conceder my parents to be typical home users. I visit them every couple months, and when I do I give their computers a check up, part of this is running ad aware, and every time I do I find something. Last time I checked my mom's pc I found over 200 items, from almost a dozen pieces of spyware. She had so much crap that she had actually stopped using her computer because of all the pop ups. I'm usually pretty cautious, but will occasionally find spyware on my system, even though I have an antivirus that supposedly block's it.
If I were to guess at a number I would say that at any given moment that more than half of home computers running windows have some kind of spyware/adware running. This comes from helping out many friends with spyware related problems.
UW found so few instances because I'm sure that they limit users? ability to install software on their lab computers. As for dorm computers, many types of spyware can't be detected by a port scan, the only way to pick them up would be through a carnivore type system, even then not all of them would be found.
The only way to stop spyware is to start prosecuting the companies who make it; it should be pretty easy under one of the laws for protecting children on the internet. After all if opening popup windows advertising porn with every page load isn?t illegal under these laws what is?
Well art is art isn't it, but then again water is water; and east is east; and west is west; and if you take cranberries
The truly scary thing is they don't care. The also have about 40 programs running on their systray, so it takes 15 minutes for their insanely fast computer to boot up, and its swapping out to disk constantly despite the fact they have 512 meg of ram!
I've noticed certain people will complain and tinker with their computer all the time, no matter how well it is currently running. Most others will just *ACCEPT* popups, spam, spyware, crashing, viruses, and so forth. I have called people to let them know they have a worm (but i call it a virus for them, so they dont get confused), their computer is constantly spamming everybody with virus laden email, blah blah blah. Sometimes they say "So?" These people should not own computers. Hell, they should not be allowed to reproduce
I gotta agree with this. I'm an admin and have to clean up this kind of crap both in the office and at customer sites.
Often times there are odd, often random errors in applications, and it begins to get worse. Or the system even if it's fast begins to crawl. I would say that 8 out of 10 times, it's spyware. In one case I found, according to SpyBot Search and Destroy (excellent tool by the way), 311 spybots and adware shits. This particular system went from the mouse barely moving on a 2.4GHz P4 with DDR ram to what it should have been.
User education is key here. But that is a depressing role to try to be educator, because it's almost all completely ignored.
-- Note: If you don't agree with me, don't bother replying. I won't read it.
Educating users and fighting windmills feel about the same to me...
Oh, wait... windmills at least do not say "but i didn't *do* anything! really!"...
I have discovered a truly remarkable sig which this 120 chars is too small to contain.