Slashdot Mirror
Spyware on One in Twenty Computers?
SpaceDonkey writes "New Scientist reports that researchers at the University of Washington carried out a scan of the campus network for signs of spyware. They found spyware lurking on more than one in 20 machines and also discovered a serious vulnerability in two of the four spyware programs they looked for."
The flaw that they detected was undoubtedly that the spyware could be detected. Duh.
Lots of petrified grits
Isn't that supposed to be 1 in 20 WITHOUT spyware?
[sig] 10 + 10 = 100 [/sig]
Download yourself a free copy of Ad-Aware from here. I ran it on my computer the other day and it found 22 infected files, that it cleaned up for me :)
I'm a tech for a medium sized publishing company, and I find that the first thing I do when I get complaints of slowness and random unexplained crashes is to run spybot. In roughly half of the systems I check, I can find some kind of spyware.
Going by my former help desk experience at a college, and by experience with friends and families computers I'd expect three in twenty would be more accurate.
Though I tell people when I fix their computers from spyware, that I will do it once, put Spybot on their computers, along with Mozilla Phoe^H^H Fireb^H^H Firefox on their computers.
If they get more spyware from using IE over Firefox, then I'll charge them to take it out next time.
In a totally unrelated story, it appears that at least 4 out of every 50 computer users surveyed have had an encounter with "spam" emails in the last two years.
Stay tuned for the next ground-breaking story about the near 100% mortality rate suffered by humans and animals exposed to di-hydrogen monoxide!
Any generalization is a stupid one.
Cookies are spyware.
Dont accept cookies. Ever.
That is all.
I'm sorry, but that number is way too low.... I'm in a bit of a hospital/nursing town, and I'd say that at least half of the nurses-in-training I know have experimented with Kazaa and other music piracy services, and are usually loaded down with 5 to 10 bad (at least gator-level) spyware installs.
The only thing that has infected that "community" around here worse would be smoking habits.
If you run windows there are registry keys used to track your usage of windows media player (unless you remove them) thus, the ratio is a lot closer to 1 : 1 of every windows computer out there, more so with more recent windows OSes.
It's not the only program either, use a firewall and don't install software that you don't need.
- Dan
Spyware makes it on to 100% of the computers in my network. I have taught my users to put in, use and update ad-aware, but I think even with that there is spyware it's not recognizing. I come to this conclusion thanks to erratic behaviour in many of my machines that is not due to viruses.
Some of my users like spyware. Hotbar is a good example of a program that's actually liked by a number of people. But the programs that seem to do the most harm are the ones that try to stay invisible.
There are two computers on my network that never have spyware problems. One of them is the Mac I do all my web surfing on, and the other is the PC I do no web surfing on at all.
Any company I found is going to be Mac-only. There's little point in tolerating the huge overhead associated with running a Windows network.
D
- University students and staff are probably more computer-savvy than the general population.
- They were only searching for four of the who-knows-how-many spyware programs out there.
If you're running Windows, you should have Spybot Search and Destroy and Ad-Aware. Not to mention a virus scanner and firewall. And run Windows Update for goodness' sake! Just more proof that Windows isn't ready for the average user yet. (Sorry, had to get a cheap jibe in there.I cannot believe how many new programs are coming with spyware now. Worst yet, the spywares are not just cookie trackers, but keyloggers and much worse. Even some games install a scanner to scan your hd for any "virtual drives" and will not load the game if any are detected.
"Jeremy, you need to get to an internet cafe and cut and paste some appropriate sentiments about me from the world wide
Damn, people need to get tough on this shit.
That's really it.
Why the hell are antivirus companies so reluctant to add anti-spyware functions? I mean, boo-hoo that Gator got so upset when they were accused of making spyware, but calling it anything less than a trojan is a lie.
Firewall products have been offering popup stoppers and activity reporting for a while now. It's really time for the AV publishers to step up and do their part by keeping these things from getting a foothold. It's not like they can get in any legal trouble for blocking someone's program, since it's up to the user whether they trust McAfee or HotBar more.
That may be a little on the high side but, 1 in 20 is way too low. Spyware is as out of control as spam is but, most people aren't aware of it, as they are with spam, so it doesn't get as much mention.
I have always thought of spyware as a virus. Perhaps not as destructive but, a virus none the less. Thus, I have always felt that the commercial anti-virus companies should make their software to detect and remove spyware just as they do viruses. As yet they do not but, there is a major need for it.
Now, many people will start rattling off the plethora of spyware detectors and adware look alikes but, the fact is that none of these programs is capable of detecting all of the various spyware in the wild. Additionally, since they are all small companies or free projects they aren't and will not be able to keep up with the flood of new spyware as it comes out. Only the major players like the present anti-virus companies will be able to do it effectively with frequent updates to catch the latest bugs.
Of course, the immediate solution is to not use Windows but, that is not going to happen and even if it did, there would be spyware for Mac and Linux after a while. It's getting to the point that the little voice in my head keeps screaming at me to block off all port 80 traffic.
At least in terms of the conclusion drawn: "One in twenty computers with an internet connection may be harbouring unwanted "spyware" programs..."
Their sample was computers at a college. You've got a highly wired place with people using them for all sorts of things, and comparatively little training on what and what not to do. Plus you've got younger users, many of which aren't old enough yet to not know everything, and feel free to ignore the warnings and admonishments (mark it flamebait if you like; I've taught such people and run a computerized lab. I know what they do and how they think, and so did I back then). Plus, you've got installs and re-installs (the common fix for everything Windozish) often being done by student workers with as comprehensive training in system security as they have in nuclear reactor operations.
How about a major ISP asking customers to allow them to scan for them? How about running a similar study on a large corporate system where downloading and installing external software is far more likely to be noticed, and results in far more than "Geez, we told you not to".
Biased sample, bad result. It may be right, but without better data, it's still bad.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Because for better or for worse, I'm not a corporate drone. I believe users are people, not abstractions, and so I believe in giving them as much freedom as I can.
And I really, really don't like being called every time the clock drifts on one of the PCs and someone wants me to fix it.
I have better things to do than fixing it or installing software. So I delegate the power, and as much of the responsibility as people can bear, down to the users.
And users love me, because they know I have respect and sympathy for them.
I'm never going to be a Nazi-class administrator, even though I know it would solve a lot of my problems -- by, no doubt, creating newer and more frustrating ones.
D
New Scientist is just carrying their little summary; one of the authors has the paper available on his site in HTML, PDF, and PostScript forms. It's to be presented at NSDI '04.
"You can never have too many elephants on your team."
One in twenty? More like one in five or worse. Of course, UW only looked for four pieces of spyware. IIRC, the latest Spybot definition file has over 12,000 entries (not all of which are covered by the strict definition of "spyware", but still...).
My current job is doing graphics and web work for a small computer services company, but at least once per week I go out on service and maintenance calls for our clients. At one place, the spyware infection rate was closer to 80%: Gator/Claria, Bonzi Buddy, Vomit Cursor, HiWire, IGetNet, BestWeb, Bargain Buddy, etc. One machine had 477 separate pieces of spyware and browser hijackers. Another had 25 instances of the same pr0n dialer. Even the ones that were relatively "clean" still had crapware like Webshots or WeatherBug that brought these commodity PCs to their knees. And don't get me started on Kazaa...
When I started doing this, I'd cut the users a lot of slack, letting them keep their Webshots or Benadryl Desktop Allergy Alerts. But after a month, the BOFH-nature possessed me. I have become an IT fascist: NO WEATHERBUG FOR YOU! NEXT!!!
Gah. Now I'm pissed. I think I'll go in tomorrow and schedule scandisks and defrags for 9AM Monday morning. That'll learn 'em.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
There's not a lot to be missed after that. Process Explorer is also good for finding processes running that might not be of obvious origin.