Slashdot Mirror
Spyware on One in Twenty Computers?
SpaceDonkey writes "New Scientist reports that researchers at the University of Washington carried out a scan of the campus network for signs of spyware. They found spyware lurking on more than one in 20 machines and also discovered a serious vulnerability in two of the four spyware programs they looked for."
The flaw that they detected was undoubtedly that the spyware could be detected. Duh.
Lots of petrified grits
But isn't the spyware in and of itself the vulnerability?
Damn, people need to get tough on this shit.
I'm amazing. You aren't. SUCK IT
Isn't that supposed to be 1 in 20 WITHOUT spyware?
[sig] 10 + 10 = 100 [/sig]
Joe User just does not know and/or just don't care what happens inside their computer.
A few un-ethical, a few security holes and there you have it.
Scientia est Potentia
Download yourself a free copy of Ad-Aware from here. I ran it on my computer the other day and it found 22 infected files, that it cleaned up for me :)
No mention of the computer OS or archs.
Nice.
I'm a tech for a medium sized publishing company, and I find that the first thing I do when I get complaints of slowness and random unexplained crashes is to run spybot. In roughly half of the systems I check, I can find some kind of spyware.
Going by my former help desk experience at a college, and by experience with friends and families computers I'd expect three in twenty would be more accurate.
Though I tell people when I fix their computers from spyware, that I will do it once, put Spybot on their computers, along with Mozilla Phoe^H^H Fireb^H^H Firefox on their computers.
If they get more spyware from using IE over Firefox, then I'll charge them to take it out next time.
Most spyware remains undetected because it makes copies and backups of itself that are near to invisible. Although spyware is easily visible on 1 in 20, it is probably present in some form on almost every computer with an internet connection.
------- "A true friend stabs you in the front." -Eliot
In a totally unrelated story, it appears that at least 4 out of every 50 computer users surveyed have had an encounter with "spam" emails in the last two years.
Stay tuned for the next ground-breaking story about the near 100% mortality rate suffered by humans and animals exposed to di-hydrogen monoxide!
Any generalization is a stupid one.
We here at Spyware Inc are deeply troubled that
nearly 95% of all computers DON'T have Spyware!
To help capture a greater market, our newest
service will automatically install Perl(tm) spyware on any host posting to Slashdot, and even make it open source
We think OSS spyware is the future!
(Yes... this IS a joke)
AntiFA: An abbreviation for Anti First Amendment.
Cookies are spyware.
Dont accept cookies. Ever.
That is all.
I'm sorry, but that number is way too low.... I'm in a bit of a hospital/nursing town, and I'd say that at least half of the nurses-in-training I know have experimented with Kazaa and other music piracy services, and are usually loaded down with 5 to 10 bad (at least gator-level) spyware installs.
The only thing that has infected that "community" around here worse would be smoking habits.
You can't extrapolate from a University network to the general community. Half the computers out there are in businesses, and most don't run any software not installed by the business. Oh, and if the spyware can be detected by scanning, it can be blocked by a firewall. Want to bet most competent IT departments have already configured their firewalls to do this? So really this is only a problem for naive home users. Even then, if there are ISPs out there that will automatically filter porn for customers, shouldn't there be ISPs that will automatically filter spyware connections?
"Freedom means freedom for everybody" -- Dick Cheney
If you run windows there are registry keys used to track your usage of windows media player (unless you remove them) thus, the ratio is a lot closer to 1 : 1 of every windows computer out there, more so with more recent windows OSes.
It's not the only program either, use a firewall and don't install software that you don't need.
- Dan
I don't see these as functionally any different than viruses and think that the a/v s/w vendors are ignoring their responsibilities. Like I need yet another f*cking piece of defensive s/w.
Spyware makes it on to 100% of the computers in my network. I have taught my users to put in, use and update ad-aware, but I think even with that there is spyware it's not recognizing. I come to this conclusion thanks to erratic behaviour in many of my machines that is not due to viruses.
Some of my users like spyware. Hotbar is a good example of a program that's actually liked by a number of people. But the programs that seem to do the most harm are the ones that try to stay invisible.
There are two computers on my network that never have spyware problems. One of them is the Mac I do all my web surfing on, and the other is the PC I do no web surfing on at all.
Any company I found is going to be Mac-only. There's little point in tolerating the huge overhead associated with running a Windows network.
D
If you read the article you'd see that they only looked for 4 common spyware programs. That's the reason there are only 1 in 20.
They also mentioned that college students are more computer literate, and therefore less likely to install spyware. I call bullshit. I've seen enough college students to know they are just as dumb as everybody else out there.
Having worked at a PC repair store. I would say that 50% of the systems we seehave spyware of one sort or another installed. The real problem are one such as new.net and browser hijack spyware that requires a reinstall of TCP/IP including recreating the winsock files in the registry.
:) We explain and explain but apparently they like comet cursor and bargin buddy more.
It amazes me that the same people comback again and again. We have one customer who every six to eight weeks comes in complaining that her system is slow. Volia! 500 or more spyware items. Apparently she does not mind paying 50 bucks.
We also do work for a mortgage house that get this installed and wonders why their customers get so much spam for competing mortgage companies after they email the customer.
Oh well, spyware and virii are keeping us in business.
Installing a local firewall is one way to deal with spyware. I recently discovered that some freeware that all my co-workers had installed tried to dial out. Since I was running Sygate Personal Firewall (there are others) I was notified that the application wanted to dial home. After some research regarding this software I discovered that it was only trying to send out my registry file and my IP address. :-\
There's a lot of software out there that tries to dial home and any local firewall that is application aware is helpful when it comes to notify you about what's going on on your computer.
- University students and staff are probably more computer-savvy than the general population.
- They were only searching for four of the who-knows-how-many spyware programs out there.
If you're running Windows, you should have Spybot Search and Destroy and Ad-Aware. Not to mention a virus scanner and firewall. And run Windows Update for goodness' sake! Just more proof that Windows isn't ready for the average user yet. (Sorry, had to get a cheap jibe in there.Well, there was one on the page with the article. They wouldn't be hypocrites, now would they?
I've never scanned a network with a ratio of less than 3/4 infected with some form of spyware. But I guess it all depends on your definition of spyware. I personally consider any program that does something other than what it's advertised intended purpose is. Please hold the Microsoft jokes, I don't consider flaws in design as spyware, only intentionally deceitful programs.
Jamon
I can count to 1023 on my hands. Ask me about #132.
"...Gribble says. "We do expect that companies can and should use tools to scan their networks...."
Would't it be much simpler if companies just dissallowed their employees to install applications on their machines?Allowing users to download & install 'anything' poses problems way beyond spyware.
The Bigger The Headache The Bigger the Pill
We use the Altiris Notification Server product to track spyware at my job. I compiled a list of about 100 "worst offenders" from sites like doxdesk.com, and cast the net out to see where we stand.
.EXE or .DLL or Add/Remove Programs entry.
Out of ~3,000 computers, ~750 of them came back with at least one positive. And that's just looking for about 100 known spyware apps based on the presence of a known-bad
That's a lot of fucking spyware.
No kidding. People are dumb. Every time I format someone's computer and start them off fresh, I install basically what anyone would need. They still wind up clicking on pop-ups and clicking links in e-mails from people they don't know. Or when they install their own programs they blindly click yes, okay, next, okay, yes, yes without reading about the 3rd party software about to be installed. Its a shame that these programs are out there and that they are disguised as 'ad removers' or 'virus detectors'. But honestly....if you get a pop-up about blocking pop-ups....and you trust it....you deserve it.
I cannot believe how many new programs are coming with spyware now. Worst yet, the spywares are not just cookie trackers, but keyloggers and much worse. Even some games install a scanner to scan your hd for any "virtual drives" and will not load the game if any are detected.
"Jeremy, you need to get to an internet cafe and cut and paste some appropriate sentiments about me from the world wide
I live on campus at Brigham Young University. Between me and the 40 other guys on my floor, I'd say about everyone has experienced Spyware, but everyone has removed it just with a little help from someone mentioning Ad Aware to them.
/.ers will admit that tons of people don't know about Spyware and what not, showing their ignorance towards computers, but are still angered by things like Clippy the MS icon who helps people with Office and with the simplicity of Windows XP.)
Really, Spyware is like the 8th deadly sin, spread the word and help people get Ad-Aware on their computer.
(As an aftertroll thougt, I should say this. I find it funny that
That may be a little on the high side but, 1 in 20 is way too low. Spyware is as out of control as spam is but, most people aren't aware of it, as they are with spam, so it doesn't get as much mention.
I have always thought of spyware as a virus. Perhaps not as destructive but, a virus none the less. Thus, I have always felt that the commercial anti-virus companies should make their software to detect and remove spyware just as they do viruses. As yet they do not but, there is a major need for it.
Now, many people will start rattling off the plethora of spyware detectors and adware look alikes but, the fact is that none of these programs is capable of detecting all of the various spyware in the wild. Additionally, since they are all small companies or free projects they aren't and will not be able to keep up with the flood of new spyware as it comes out. Only the major players like the present anti-virus companies will be able to do it effectively with frequent updates to catch the latest bugs.
Of course, the immediate solution is to not use Windows but, that is not going to happen and even if it did, there would be spyware for Mac and Linux after a while. It's getting to the point that the little voice in my head keeps screaming at me to block off all port 80 traffic.
I work for a small ISP in the middle of nowhere. Often, we will offer our customers the oppritunity to bring their towers into our office if they so choose to fix a problem. For every computer that comes into our office, both Spybot and Adaware is run, and in almost every computer, I'd say about 90%, there is spyware. It really is completely out of control, as there have been computers with upwards of 500 items found between the two programs. 1 in 20 is a major understatement IMHO. I would have to say that out of the people I talk to, it's probably more like 4 out of 5. And then when the problem is Spyware, I say "Looks like you have spyware." And then they go, "What's spyware?"
Microsoft needs to fix their ActiveX problems. I usually tell people to run Firefox now days.
When they say "defective", they mean that the spyware is crap programming. Which is hardly suprising. People who distributespyware are the same kind of idiots who are responsible for most spam. It's a kind of spam, really, since it's a way of indiscriminately spreading information. The information itself, whether it's a blurb for some penis enlargment nostrum or a piece of buggy code that generates useless statistics about what sites you visit, is basically useless. How do make money distributing something that's useless? You distribute a lot!
Are you kidding? I work troubleshooting computers on a major college campus and I'd say there's some form of spy/adware on at least 90% of the machines I see. Dorms are by far the worst. Even people who are more adept than the average user seem to get it. Usually they call because their "computer is slow." I can't imagine how many people buy new computers because their old computer has "gotten slower."
Also, no one seems to realize they have to update adaware or spybot. They're using definitions from August and wonder why they're still getting popups. They usually conclude "the program just isn't very good." The same thing goes for virus scanners too.
Anybody who's designing a new system, whether security or UI, should spend a day looking at how most people use their computers. If you haven't, you might be surprised.
At least in terms of the conclusion drawn: "One in twenty computers with an internet connection may be harbouring unwanted "spyware" programs..."
Their sample was computers at a college. You've got a highly wired place with people using them for all sorts of things, and comparatively little training on what and what not to do. Plus you've got younger users, many of which aren't old enough yet to not know everything, and feel free to ignore the warnings and admonishments (mark it flamebait if you like; I've taught such people and run a computerized lab. I know what they do and how they think, and so did I back then). Plus, you've got installs and re-installs (the common fix for everything Windozish) often being done by student workers with as comprehensive training in system security as they have in nuclear reactor operations.
How about a major ISP asking customers to allow them to scan for them? How about running a similar study on a large corporate system where downloading and installing external software is far more likely to be noticed, and results in far more than "Geez, we told you not to".
Biased sample, bad result. It may be right, but without better data, it's still bad.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Speaking of spyware, the Federal Trade Commission is offering a workshop on spyware that needs comments. I think it would be highly appreciated if some of you guys would comment.
Why do you allow your users to install software?
--
the strongest word is still the word "free"
I have always thought of spyware as a virus. Perhaps not as destructive but, a virus none the less.
A large portion of my work is field service on home PCs. Spyware has actually become a more destructive problem than viruses for most of my residential clients who already have adequate virus protection.
Most people will have one or two spyware apps like Gator on their machines, which won't impact performance enough for them to notice. But if they have kids it's a different story. Kids download and install EVERYTHING until all the competing spyware renders the internet connection too slow to be usable. DNS requests are often hijacked and when that stops working they are dead in the water.
I get over 600 hits in an Ad-aware scan on a regular basis on machines where kids have access. I also return again and again to the same clients for the same problem. My favorites are the ones who download and install multiple "free" spyware-supported popup blockers, which just add fuel to the fire.
Ah....for all of you who are going to continue jumping in with "1 in 20? more like 1 in 1..." without reading the article...
:-)
The "1 in 20" figure the researchers got was not from scanning the HDDs with Spybot/AdAware/etc....they sniffed for known packets from FOUR of the significantly more than four known malwares.
So, to be detected at all, the machines had to be running and the spyware loaded and actively broadcasting packets during the sampling period. Given this lack of an exhaustive check, the 1 in 20 figure doesn't surprise me. (We all know it is 1 in 1...
Caveat Emptor is not a business model.
New Scientist is just carrying their little summary; one of the authors has the paper available on his site in HTML, PDF, and PostScript forms. It's to be presented at NSDI '04.
"You can never have too many elephants on your team."
One in twenty? More like one in five or worse. Of course, UW only looked for four pieces of spyware. IIRC, the latest Spybot definition file has over 12,000 entries (not all of which are covered by the strict definition of "spyware", but still...).
My current job is doing graphics and web work for a small computer services company, but at least once per week I go out on service and maintenance calls for our clients. At one place, the spyware infection rate was closer to 80%: Gator/Claria, Bonzi Buddy, Vomit Cursor, HiWire, IGetNet, BestWeb, Bargain Buddy, etc. One machine had 477 separate pieces of spyware and browser hijackers. Another had 25 instances of the same pr0n dialer. Even the ones that were relatively "clean" still had crapware like Webshots or WeatherBug that brought these commodity PCs to their knees. And don't get me started on Kazaa...
When I started doing this, I'd cut the users a lot of slack, letting them keep their Webshots or Benadryl Desktop Allergy Alerts. But after a month, the BOFH-nature possessed me. I have become an IT fascist: NO WEATHERBUG FOR YOU! NEXT!!!
Gah. Now I'm pissed. I think I'll go in tomorrow and schedule scandisks and defrags for 9AM Monday morning. That'll learn 'em.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
I gotta agree with this. I'm an admin and have to clean up this kind of crap both in the office and at customer sites.
Often times there are odd, often random errors in applications, and it begins to get worse. Or the system even if it's fast begins to crawl. I would say that 8 out of 10 times, it's spyware. In one case I found, according to SpyBot Search and Destroy (excellent tool by the way), 311 spybots and adware shits. This particular system went from the mouse barely moving on a 2.4GHz P4 with DDR ram to what it should have been.
User education is key here. But that is a depressing role to try to be educator, because it's almost all completely ignored.
-- Note: If you don't agree with me, don't bother replying. I won't read it.
Educating users and fighting windmills feel about the same to me...
Oh, wait... windmills at least do not say "but i didn't *do* anything! really!"...
I have discovered a truly remarkable sig which this 120 chars is too small to contain.
There's not a lot to be missed after that. Process Explorer is also good for finding processes running that might not be of obvious origin.
I started working as a computer teacher for a Catholic middle school in September. When I got there every computer had spyware. On one computer Ad-Aware identified almost 400 items! Needless to say, every class got a lecture about internet security. Most of them took it to heart, and now mostly we just get unwanted cookies.
Long live the Speaker Bracelet
Rolo D. Monkey