Slashdot Mirror
Spyware on One in Twenty Computers?
SpaceDonkey writes "New Scientist reports that researchers at the University of Washington carried out a scan of the campus network for signs of spyware. They found spyware lurking on more than one in 20 machines and also discovered a serious vulnerability in two of the four spyware programs they looked for."
If i scanned all the machines at my school the computer center would shut off my internet
Snowden and Manning are heroes.
Joe User just does not know and/or just don't care what happens inside their computer.
A few un-ethical, a few security holes and there you have it.
Scientia est Potentia
I'm sorry, but that number is way too low.... I'm in a bit of a hospital/nursing town, and I'd say that at least half of the nurses-in-training I know have experimented with Kazaa and other music piracy services, and are usually loaded down with 5 to 10 bad (at least gator-level) spyware installs.
The only thing that has infected that "community" around here worse would be smoking habits.
As a fiel technician working for a University, i run into a lot of machines. When i did ResNet work about 85% of the computers would be fixxd and on the network after i ran SpyBot or AdAware (i prefer spybot). And on the normal faculty machines about 50% have some type of serious spyware problem. This number quoted in the rticle is way too low.
-Psy
You can't extrapolate from a University network to the general community. Half the computers out there are in businesses, and most don't run any software not installed by the business. Oh, and if the spyware can be detected by scanning, it can be blocked by a firewall. Want to bet most competent IT departments have already configured their firewalls to do this? So really this is only a problem for naive home users. Even then, if there are ISPs out there that will automatically filter porn for customers, shouldn't there be ISPs that will automatically filter spyware connections?
"Freedom means freedom for everybody" -- Dick Cheney
I work as a support technician in the residence halls of a major university, and whenever I go to a room to try to repair a machine, I always scan for malware, and I NEVER find machines that are free of the scourge. Half the time, it's the cause of whatever problem they had in the first place.
Not sure if this is the norm, but a fresh XP SP1 install followed by installing Spybot S&D from CD normally yields at least 10 problems. This is before the computer has been online.
What do they count as spyware?
I don't see these as functionally any different than viruses and think that the a/v s/w vendors are ignoring their responsibilities. Like I need yet another f*cking piece of defensive s/w.
If you read the article you'd see that they only looked for 4 common spyware programs. That's the reason there are only 1 in 20.
They also mentioned that college students are more computer literate, and therefore less likely to install spyware. I call bullshit. I've seen enough college students to know they are just as dumb as everybody else out there.
Having worked at a PC repair store. I would say that 50% of the systems we seehave spyware of one sort or another installed. The real problem are one such as new.net and browser hijack spyware that requires a reinstall of TCP/IP including recreating the winsock files in the registry.
:) We explain and explain but apparently they like comet cursor and bargin buddy more.
It amazes me that the same people comback again and again. We have one customer who every six to eight weeks comes in complaining that her system is slow. Volia! 500 or more spyware items. Apparently she does not mind paying 50 bucks.
We also do work for a mortgage house that get this installed and wonders why their customers get so much spam for competing mortgage companies after they email the customer.
Oh well, spyware and virii are keeping us in business.
Eeeeeh, maybe.
While no one wants spyware on their computer, the worse case is where the spyware is buggy to the point where there is a remotly-exploitable root bug; i.e. the program that you may have intentionally installed made your computer vulnerable to attack.
Well, there was one on the page with the article. They wouldn't be hypocrites, now would they?
"...Gribble says. "We do expect that companies can and should use tools to scan their networks...."
Would't it be much simpler if companies just dissallowed their employees to install applications on their machines?Allowing users to download & install 'anything' poses problems way beyond spyware.
The Bigger The Headache The Bigger the Pill
We use the Altiris Notification Server product to track spyware at my job. I compiled a list of about 100 "worst offenders" from sites like doxdesk.com, and cast the net out to see where we stand.
.EXE or .DLL or Add/Remove Programs entry.
Out of ~3,000 computers, ~750 of them came back with at least one positive. And that's just looking for about 100 known spyware apps based on the presence of a known-bad
That's a lot of fucking spyware.
I routinely see over 10% of windows users show up with spyware on my anti-spyware page, and that's just what can be detected with a simple javascript utility over the web, so the actual total must be even higher than that.
The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
No kidding. People are dumb. Every time I format someone's computer and start them off fresh, I install basically what anyone would need. They still wind up clicking on pop-ups and clicking links in e-mails from people they don't know. Or when they install their own programs they blindly click yes, okay, next, okay, yes, yes without reading about the 3rd party software about to be installed. Its a shame that these programs are out there and that they are disguised as 'ad removers' or 'virus detectors'. But honestly....if you get a pop-up about blocking pop-ups....and you trust it....you deserve it.
I cannot believe how many new programs are coming with spyware now. Worst yet, the spywares are not just cookie trackers, but keyloggers and much worse. Even some games install a scanner to scan your hd for any "virtual drives" and will not load the game if any are detected.
"Jeremy, you need to get to an internet cafe and cut and paste some appropriate sentiments about me from the world wide
I live on campus at Brigham Young University. Between me and the 40 other guys on my floor, I'd say about everyone has experienced Spyware, but everyone has removed it just with a little help from someone mentioning Ad Aware to them.
/.ers will admit that tons of people don't know about Spyware and what not, showing their ignorance towards computers, but are still angered by things like Clippy the MS icon who helps people with Office and with the simplicity of Windows XP.)
Really, Spyware is like the 8th deadly sin, spread the word and help people get Ad-Aware on their computer.
(As an aftertroll thougt, I should say this. I find it funny that
Here's a quick test. Ask the user if they've ever heard of SpyBot or AdAware. If the answer is unsatisfactory, they've got spyware. That includes your mom.
5% is WAY low. Even I got infected (an app on tucows was listed as freeware, but turned out to be ad/spyware), even if you don't coun't cookies and GUIDs..
Did I mention that AOL Instant Messenger now comes with spyware? That re-installs itself? And adds "free.aol.com" to IE's "trusted zone" so new stuff installs *without a prompt or warning*.
SCO employee? Check out the bounty
Mirrors my experience with my neighbors (most of whom are highly-educated... some terminally-degreed).
I've rooted out more copies of Gator, Cydoor, etc from neighbors, friends, and family members... I can't even count the infections.
I typically recommend/setup the following bare minimum set of tools to avoid spyware, hax0rs, etc.
Firewall (I like smoothwall on an old PC)
Current anti-virus, set to auto-scan.
Spybot Search and Destroy run periodically.
I don't think I've ever had to look twice at a home computer setup that took those measures... and the users invariably learn what to look out for (particularly after Norton keeps flagging all those MyDoom, Klez, etc emails).
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
That may be a little on the high side but, 1 in 20 is way too low. Spyware is as out of control as spam is but, most people aren't aware of it, as they are with spam, so it doesn't get as much mention.
I have always thought of spyware as a virus. Perhaps not as destructive but, a virus none the less. Thus, I have always felt that the commercial anti-virus companies should make their software to detect and remove spyware just as they do viruses. As yet they do not but, there is a major need for it.
Now, many people will start rattling off the plethora of spyware detectors and adware look alikes but, the fact is that none of these programs is capable of detecting all of the various spyware in the wild. Additionally, since they are all small companies or free projects they aren't and will not be able to keep up with the flood of new spyware as it comes out. Only the major players like the present anti-virus companies will be able to do it effectively with frequent updates to catch the latest bugs.
Of course, the immediate solution is to not use Windows but, that is not going to happen and even if it did, there would be spyware for Mac and Linux after a while. It's getting to the point that the little voice in my head keeps screaming at me to block off all port 80 traffic.
I work for a small ISP in the middle of nowhere. Often, we will offer our customers the oppritunity to bring their towers into our office if they so choose to fix a problem. For every computer that comes into our office, both Spybot and Adaware is run, and in almost every computer, I'd say about 90%, there is spyware. It really is completely out of control, as there have been computers with upwards of 500 items found between the two programs. 1 in 20 is a major understatement IMHO. I would have to say that out of the people I talk to, it's probably more like 4 out of 5. And then when the problem is Spyware, I say "Looks like you have spyware." And then they go, "What's spyware?"
Microsoft needs to fix their ActiveX problems. I usually tell people to run Firefox now days.
That's interesting ... I've got a PC in our lab, which recently had a new graphics card installed. The bizarre thing was that everytime any user logged in onto this machine, it would briefly ftp and http to their web site under the guise of the "idle process". I only found this out after running "netstat -a -o" as soon as I logged in, in order to check out what ports were open. Virus/trojan scanners didn't find anything. Neither did the local or department firewall.
After sending an E-mail to the company inquestion, this stopped happening. (I would like to know what the system was downloading/uploading however, but still haven't received a reply).
Are you kidding? I work troubleshooting computers on a major college campus and I'd say there's some form of spy/adware on at least 90% of the machines I see. Dorms are by far the worst. Even people who are more adept than the average user seem to get it. Usually they call because their "computer is slow." I can't imagine how many people buy new computers because their old computer has "gotten slower."
Also, no one seems to realize they have to update adaware or spybot. They're using definitions from August and wonder why they're still getting popups. They usually conclude "the program just isn't very good." The same thing goes for virus scanners too.
Anybody who's designing a new system, whether security or UI, should spend a day looking at how most people use their computers. If you haven't, you might be surprised.
10% seems very low, since your script can only diagnose users who allow ActiveX and scripting from the public internet I'd expect 50%+ of such users to be infected.
[Set Cain on fire and steal his lute.]
The article makes no mention of the operating systems profiled, just the spyware programs that were listened for (Gator, Cydoor, SaveNow, eZula). AFAIK, all of these are Windows native and would not be found on machines that are not running Windows and IE.
Windows itself is not fully to blame for the abundance of spyware and viruses on the internet, but it's generally the people who use Windows that allow viruses to propagate and make spyware feasible due to their ignorance of their own working environment.
If operating systems are to become more transparent, user friendly and powerful, the problems of spyware and viruses will have to be dealt with decisively.
The average Windows user has no idea that there are malicious TSRs lurking in the corners, doing whatever they please. They don't have fine grained control or access to processes, because Windows assumes (correctly) they would not know what to do with that level of control. Operating systems are complex enough without badly implemented security policies, threading models, filesystems and applications, the cruft of years of application and user backwards compatibility making them worse. I don't know if Windows will get a re-write on the level that Mac OS did. It was very important for Apple to move forward and leave the old OS behind, it's way past time for Windows to follow suit. Spyware and viruses could be eliminated if the user was aware of EVERYTHING the machine was doing. Don't give applications a way to hide, and they won't be able to.
TallGreen CMS hosting
I used to work at the University of Washington. Everywhere I went (Health Sciences Building - a building that is 1/4 of a mile long) there are Macs. This might account for what I think is the low prevelance of spyware. There are tons and tons af Macs at the UW.
Two points against it:
* Microsoft Office is in many ways an excellent product, for all the criticism it gets here, and the Mac version works great. I tried installing OpenOffice on a couple of machines, and it made a complete hash out of their Word documents.
* It's a huge aesthetic step backwards, and everyone, including me, wants their computers to be nice to look at. I don't think this is frivolous, considering all the time we spend on our machines.
The reason I can't switch to another desktop OS at my current job is that we unfortunately have a phone system reliant on Windows. (For the grim details look at my posts and read the one 2-3 behind this one).
D
"Isn't this like saying that two out of four strains of ebola have been found to be susceptible to anthrax?"
:-)
Nope, RTFA; Using a variant of your own example, it's like saying two out of four types of pinworms enable anyone, anywhere, to place anthrax directly into your system just by telling the pinworms that "food" is coming along.
If you have cookies you have spyware, windows or not, cross domain cookies track useage on tons of sites and record that info when you visit another that uses the cookie.
Just use ghost. Clean the machine, repartition the drive, and ghost an image to the second partition (to an image file, of course). If it windows XP/2k you'll actually be able to remove the drive completely from view, and when the come by:
"Managed to infect your computer and not follow my instructions, again, eh? No problem, I'll ghost it back to last year. Sorry, you'll lose absolutely everything you haven't backed up. Yup, that sucks. Sorry, if you don't want to protect yourself, you'll run into these problems. Yup, spyware can infect your new documents*. Nope, can't disinfect them. That's life. Will you run FireFox next time? Good."
* - You and I know it doesn't, but they don't. And it makes a great excuse.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
But isn't the spyware in and of itself the vulnerability?
Nah, AFAIK spyware only runs on Windows and its no big deal to run arbitrary code or programs on those systems.
The funny thing is that if the system came with yet another little program that hangs out by the clock (the tray or something like that) that showed CPU utilization, maybe, just maybe the user might have a clue that _something_ is going on.
My first experience with spyware was the other day when a friend came over with his (windows) laptop and I wanted to scp a file from it to my Mac. He didn't have scp so I typed in google: "putty scp", and assumed that google would do the rest. Well, I noticed a popunder (Internet Exploder still does that) the results were sleezy sounding results like: YEAH DOWNOAD SCP HERE! Or whatever. None of the results looked like normal web sites.
I could not click on a single link, I was freaked out that this was on my network, he didn't seem to concerned though. He thought it was time to reinstall windows anyway.
Only 203? I've cleaned more viruses from computers than that!
:-)
I've easily seen spyware counts in the thousands... I usually tell those users I'll format their machine if they want it done right, or I can clean it (but no warranty on the work).
Oh well.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
Something too many seem to find too easy to forget: there's a big world out there outside that Microsoft window...
A. Most Unix systems won't get infected and cannot be infected. Not only is it more difficult, the spyware perps write this stuff specifically for Windows.
B. There would seem to be an assumption here that 'all computers (in the world) run Microsoft Windows'.
C. Ad-aware does as well as an automated tool can do (hopefully), but it cannot kill the latest spyware variant, the automatic cloning program. These programs are scheduled to make multiple copies of themselves with different names and be deposited in different directories and then look out for each other. Should any one of them disappear, the others will quickly clone and replace the missing file and launch it again. Further, they incessantly monitor Windows Registry activity, and as soon as their 'autostart' (in one of the 'Run' keys) is removed, they will immediately replace it. As Ad-aware cannot deal with spyware that fights back like this, Ad-aware cannot defeat them.
D. A better estimate is not that one in ten Microsoft Windows computers is infected, but that a greater number are infected perhaps tens of times with thirty - forty spyware programs all competing for CPU. We recently had a customer completely oblivious to the issue until his XP idled at 100% CPU - that's how bad it becomes, through Windows being so easily exploitable, and through the average Windows Joe being so clueless.
yeah, it's a really strange phenomenon. it's like, when i dial someone and get a busy signal, is it actually busy, or is the phone company just trying to raise revenue by charging my friends to use their fee-based auto-callback option? and how about my spyware detector: was it coded by a renegade spyware programmer? is microsoft funding the effort through some investment company front, perhaps? and how about my antivirus software? who is that 'peter norton' guy, anyway? it's just more proof certain forces in society are targeting me in a very negative way, especially those pesky /. moderators.
At my schools help desk we always run adaware on finished machines. I have yet to see one without spyware. Our office record was just bumped up to 8084 pieces of spyware. 1 in 20 does not do justice to the growing problem of this malicious software.
C. Ad-aware does as well as an automated tool can do (hopefully), but it cannot kill the latest spyware variant, the automatic cloning program. These programs are scheduled to make multiple copies of themselves with different names and be deposited in different directories and then look out for each other. Should any one of them disappear, the others will quickly clone and replace the missing file and launch it again. Further, they incessantly monitor Windows Registry activity, and as soon as their 'autostart' (in one of the 'Run' keys) is removed, they will immediately replace it. As Ad-aware cannot deal with spyware that fights back like this, Ad-aware cannot defeat them.
Dear god, I came across this a month ago, last time I cleaned out my parent's computer. I have never seen anything fight back like that in my life. Also, windows programs like msconfig, and notepad were over-written by some program (couldn't determinei what it was) that seemed to reinfect the computer. Really nasty stuff. I did manage to get it all off, but of course I check a week later and theres tons of spyware back on it *sigh*. Luckily not the same stuff though.
You can configure a firewall to block the outgoing communication that spyware clients attempt to establish with their servers. You CANNOT configure a firewall to prevent users from clicking the shiny pop-up and infecting themselves with the spyware in the first place, and blocking the spyware communication does NOT mitigate the damage to the OS that the spyware generally does - in fact, it often makes it considerably worse, since many instances of spyware go absolutely bugfuck nuts when they can't contact home and may hold up vital processes waiting for that connection to be made, or send the computer into a semi-race condition trying over and over and over again to make that connection.
Coming soon to Slashdot: meta-meta-moderation!
Of course this wasn't home users. This was computers on their network. I'm sure some of these computers could be classified as 'home computer', but most are probably much more business like and under strict suppervision. There are probably 100 computers at my company and non have spy ware.
Jack Valenti and Orrin Hatch will be first up against the wall when the revolution comes.
My family went nuts about kazaa when it came out... and everyone of them has called me because they can't even use their computer anymore.
All I can say is thank god for Spybot S+D
-Adam C. Greenfield
22 Infected files is pretty low in my opinion. You run a pretty tight ship on your box.
We have to clean spyware off of student PC's on campus since it screws up internet connections and F-Secure goes nuts to the point where it wont talk to the server anymore.
So far, the Ad-Aware record is 17039 from a student that had a spyware app that put 19000 internet shortcuts in her favorites directory. Number two is 1973 and number Three is 1058.
In Soviet Russia, Trojan exploits YOU!
Why do you allow your users to install software?
So how would you like it if YOU couldn't install software? You'd go nuts. Every person i've ever met who says things like this would collapse into a spasmodic claustrophic seizure if they had to work on a system without root access.
I forgot to mention that my dad runs spy sweeper on his system, he bought it from a pop up add from a piece of adware, I just couldn't believe that. The software as far as I can tell doesn't do a thing.
Well art is art isn't it, but then again water is water; and east is east; and west is west; and if you take cranberries
I started working as a computer teacher for a Catholic middle school in September. When I got there every computer had spyware. On one computer Ad-Aware identified almost 400 items! Needless to say, every class got a lecture about internet security. Most of them took it to heart, and now mostly we just get unwanted cookies.
Long live the Speaker Bracelet
Rolo D. Monkey
Seriously, I'm not trolling, but has Bill Gates or Steve Balmer made any kind of statement of what the Microsoft Way of dealing with spam might be?
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
I'm a resident here in the dorms at the University of Washington.
I think the reason that the findings were 1 out of 20 is they included all the machines on campus. Those in the labs usually get some type of re-imaging done everytime someone logs out, wiping out all changes and thus getting rid of spyware.
But in the dorms where the students manage their own computers, I would say that the numbers are closer to 19 out of 20 computers have some type of spyware. I probably get someone knocking on my door at least once a day wanting me to help them figure out why their computer is slower than dirt and show random popups all the time. Face it, if you use Internet Explorer for web browsing, you're going to get infected!
I have a small computer business and every system I have checked in the last year is infested to one degree or another. I do my best to educate folks, but they're all calling me back out to help them get rid of the popups or speed up their slow internet connections in about 4-5 months. It's a very bad situation and getting worse.
I would have to agree with you, it sucks that I have to have 5 different programs scanning for things all the time, instead of one... On the other hand, At least I get the peace of mind that one program hasn't been tripped up. On my parents machine, I would also like to note that every Anti-virus/spyware program was disabled, and either would not run or would not update... so go figure (had to boot into safe mode and remove it all myself, took way too long)
So the ten out of eleven machines belonging to friends and relatives that I've installed Ad-aware on over the last couple of months imply the existance of 190 well-maintained, popup-free, efficient machines that aren't presenting somebody's grandmother the chance to enlarge her penis? One-in-twenty says to me that nineteen out of twenty aren't nitwits. Hell, my commute shows that one out of maybe six should be allowed to use a car, let alone something requiring thought.
This is not my sandwich.
Most Unix systems won't get infected and cannot be infected.
It's rare, but there is such a thing as spyware for Unix. It's produced by Evenbalance.com, and distributed by the Pentagon; it's included free when you install America's Army (for Windows or Linux)
Punkbuster might have somewhat different goals and methods than the majority of spyware, but it still deserves that name. A program which allows a stranger across the internet to scan your RAM for patterns or download periodic screenshots can't be called anything but spyware.
The difference with Punkbuster, of course, is that the developer is quite open about the purpose of the spyware, and it's something the users will agree with. But still, anyone with sensitive files on a PC should be aware there are whole categories of spyware which Ad-Aware will never flag, but which might be subverted to look for passwords and usernames rather than just wallhacks and aimbots.
(Someday the FBI might visit evenbalance.com with a wiretap warrant to inspect the players of those violent, kill-trainer games for hints of terrorist-tendencies...)