Slashdot Mirror
The Average PC is Infested with Spyware
WoodenRobot writes "This article claims that Earthlink have discovered that the average user's PC has 28 spyware programs on it. More details can be found on Earthlink's spyware auditing page." Compare to a university study. The FTC is hosting a Spyware Workshop.
In related news, a recent study found that the average computer user is an idiot. Film at 11.
That's not fair, of course. For example, try searching for spyware removal software like "Spybot Search and Destroy." Almost all the links you'll find are for imposters that are themselves spyware. Evil.
Earthlink has their own spyware removal sofware, but I'm amazed it doesn't get caught in an infinite loop installing and removing itself, since Earthlink's software includes spyware.
--- JRJ
jrjBlog
That's a pretty in-depth study, with over 1,000,000 scans, makes the results fairly strong. It's good to see all this combatting of spyware.
It really doesn't surprise me to hear that the average computer has 27.8 instances of spyware on it. Most users have no idea what they're doing; I constantly remove that kind of junk from my family's computers.
Earthlink has been doing a good job of fighting spam and spyware on the internet. I think it's a valiant effort.
Wireless News www.DailyWireless
There's still a LOT of junkware/spyware/adware/malware/whatever out there, far more than there should be IMO, but it's not quite as bad as they let on. :-)
While most spyware is adware-related and relatively benign, it's disturbing that over 300,000 of the more serious system monitors and Trojans were uncovered
I don't think most adware is benign since it eats into available RAM. Some adware also affects application performance, or, worse yet, prevents applications from running. Anyway, I am, again, preaching to the choir.....
Happy Trails!
Erick
http://www.busyweather.com/
Like, Duh!
Joe_User: Why is my computer running so slow?
Me: Maybe it's all the fucking programs you download and install!
That's because I use the average Mac. Much safer than the average PC, even safer than the Average Penguin Box.
Strange women lying in ponds distributing swords is no basis for a system of government.
The average computer or 1 in 20?
Is anyone really surprised?
Most people see a certificate pop up, even if security features are turned on, and accept it as a matter of course. Most people don't even comprehend the concept of Spyware, the idea that clicking links in spam is a Bad Idea or that wearing a tinfoil hat won't protect you from the alien mind control rays.
Did they install spyware on people's computers to go in and report how much spyware they had?
Rank Presidents by th
...is ten million sysadmins and deskside support people all saying "NO SHIT, SHERLOCK!" in unison.
There is a news bit on Ars Technica that the claims are overhyped and the spyware scanning tool returns a lot of false positives.
Does this include cookies? When I run Ad-aware, it usually finds several "tracking" cookies. Maybe this is artificially inflating the number.
Next on slashdot: 1 in 20 slashdot stories infected with SCO$699FeeTroll first posts.
This confirms what I think most of us have known for a while. The average surfer using Internet Explorer or Kazaa (Overnet as well) is likely to be loaded with spyware. Kazaa alone can be held responsible for almost half of those infections I think. As one of the few knowledgable "computer guys" in my dorm, I spend a lot of time cleaning out mucked up computers. I see on average 10 or 15 nasty spyware programs, but I did see 1,500 programs and ActiveX goodies (I'd say maybe 200 of those were cookie warnings though) in this one computer I cleaned. The was apparently, an avid p0rn viewer with no popup protection or the like. Ugly... very ugly...
Ask anybody who services PCs...there's not a machine around that isn't riddled with the stuff, but making a headline out of it is like shrieking about the existence of viruses.
No matter how hard you lock a PC down, a sufficiently determined and stupid user will figure out a way to install that really cool "desktop enhancer" he heard about from a friend.
Ditch IE for Firefox. I just did 2 clients' computers today (running slow, yadayada) and guess what? One had 18 spyware trojans installed, the other had 64 (as well as a couple of viruses). Firefox (any Gecko-based browser) is not vulnerable to the crap that IE is. I always tell my clients to not use IE anymore. When they listen, they always have a better overall experience.
bash: rtfm: command not found
Went to a party a couple weeks ago and cleaned 550+ bits of spyware off the hosts' machine. Took me a couple more days to find and send them the fixes for two IE parasites AdAware and SpyBot S&D didn't see.
It really should be a violation of the wiretap laws to put this crap on someone's machine. These poor non-technical users' machine was an Athlon 2200 that ran like a 486. Once we took the crap off, it zoomed.
the major advances in civilization are processes which all but wreck the societies in which they occur - A.N. White
The most spyware i've ever cleaned off of a box was 877, as reported by adaware. :p
The unfortunate soul was a windows ME box, so it wasnt destined for greatness even without the spyware.
By the time i got there, opening a browser would cause the machine to reboot, and there was no "System" icon in the control panel. Oh yea, he was running AOL too...
Beat that
Comment removed based on user account deletion
I guess we need to make the words "Ad-Aware" as ubiquitous as Google.
"What do you think?" "I think 'What, do you think?!'"
Whilst out-of-the-box, Windows 2000 is a fairly stable OS, it's frighteningly insecure.
Ph-nglui mglw'nafh Gates M'dna wgah'nagl fhtagn.
The average EarthLink user's machine is infested with spyware.
You can guess what the average AOL user's machine has.
I don't think I have scanned a machine that didn't have spyware on it lately. I work at an ISP and our customers have so many spyware issues it's pathetic. We have tried to help them out by putting some good information in our newsletters about spyware and how to remove it (spybot/adaware) but it just doesn't seem to matter. People just don't know how to update windows/scan for spyware/viruses. It is pathetic. Windows really needs to be more demanding on the user to run security updates. And people really need to be careful when downloading programs. But, sadly this is very unlikely.
216.194.67.61
Now the rate of spyware/adware requests is down from 2 per second to only 0.3 per second over the last few days :)
Bwhahaha, doing my part in teaching the public :)
Spyware, Pop-up, and pop-unders haven't been much of a problem for me since I started using Mozilla. I did the same for my parents.
The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes, little bits of data.
Any given time I run Adaware after a day of surfing, I'll typically have 20+ adware cookies. And that's with IE6 set to ignore 3rd-party cookies. It's not something I fret about, 'cuz I've never gotten anything more serious than the cookies. So probably it isn't an average of 24 cookies and 4 spyware programs per PC, it's probably most people with 30+ cookies, and a few people with 10+ spyware programs.
Really, I don't consider tracking cookies to be much worse than, say, RFID tags in all my $100 bills or Walmart purchases. It's a public network, people are going to watch.
That reminds me... time to run Adaware again.
Design for Use, not Construction!
From the article:
"[Spyware] has become so pervasive that lawmakers in the US are looking into ways to prevent or regulate it."
-G
Average Mac User is happy:-)
Sorry, but this just doesn't happen on OSX(or linux:-)
I'm a Sysadmin for a tiny little k12 School District, and even with the meager amount of computers, it's nearly IMPOSSIBLE to keep a handle on this.
I run Ad-Aware every chance I get on most of these computers, but if I took the time to sit down at each of these computers and clean them up, I'd have no time left to attend to actual problems.
What I'd really like is if I could block these with SquidGuard or something, just pinch em from incoming traffic or something, because people are too stupid to know what they're installing, or if they're installing it.
Every week when I run ad aware, it usually detects around 100 pieces of spyware on my computer! The google toolbar with popup blocker helps though.
My system has tons of spyware crap on it. Good thing all the spyware is limited to a single vmware configuration (Win98-spyinfested). Let's see those spyware companies break out of a vmware virtual machine, and if they do I bet the NSA would like to talk to them.
This was on a university PC, running Windows 98 SE.
Using Ad-Aware, it found, and I kid you not: 22,485 units of spyware.
The machine was so infested, it couldn't connect to the Internet (throough the university T-1 lines) because of all the pop-ups, redirects and what not.
In defense of the machine, 11 users had profiles on it, which under Win98, merely copied everything (spyware and all) to the new user. But it was astounding all the same.
part Two
Same university, brand spanking new P4 3.0 Ghz Dell for a big-shot professor.
8,000 units. The professor would click "yes" to every pop-up that came her way, not knowing/caring/reading, what it did. Then complained why the brand new machine was slow and needed a new one.
After removing the spyware, and explaining what had occured, she nodded sagely, and went about her business.
Next day I get a call from her...same issue, tons of popups.
She hadn't listened after all.
It's times like these I wish people like that would be given a Mac or BeOS machine.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Ars Technica has a pretty even handed take on this situation. Basically the Spy Audit stuff that Earthlink has comes up with quite a few false positives. A fresh out-of-the-box Dell system even showed alot of "spyware" hits. Makes you wonder if it's at least some marketing hype for Earthlink?
Have a Happy.
Internet Explorer
Outlook or Outlook Express
Microsoft, when contacted, insisted there was no relationship
It's good that a national mainstreem ISP like earthlink is taking measures to make their users aware of the Ad-ware problem, but what steps are they willing to take? They have been blocking outbound port 25 for years for example. Would they be willing to actually block sites that are reported to be adware, or at least provide Earthlink Software (TM) that automaticly firewalls sites they deem to be spyware related?
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Spybot S&D
SpywareBlaster
SpywareGuard
I use these three programs (in the above order) on lots of spyware infected machines and so far, haveh a LOT of success removing and keeping spyware off those systems. Infact, earlier today, I ran that combo on a system and reduced RAM usage by 100MB, not to mention a huge speed increase (of course, I did some other housecleaning such as disabling startup items & removing some other non-spyware search bars & annoyances).
Even if _their_ particular method is flawed, all other sysadmins (etc) can tell you that 24 (or 3 - cookies) is low, low, LOW! One poster here cites a number of 800+ removed, and I've cleaned systems in the high-400s myself. At least 30+ (excluding cookies) pieces of spyware is considered "not too high" these days.
Yeah, Spybot and AdAware work great, but I want to centrally manage and scan/clean my 250 workstations.
Anybody know of a tool that will let me do this?
Guys I was just wondering: I'm not a Windows PC expert - I live mostly in the UNIX world anyway, but the vulnerabilities that Outlook and Outlook Express have with email worms and viruses, are they also present in Eudora, or Thunderbird etc.? For example, can you still infect a Windows PC -running Thunderbird- with an attachment labelled picture.zip, which turns out to be a Windows binary?
Anyone?
Ad-Aware
...
It just works
On one machine on which I installed it, it found and removed more than 256 spyware components (bad cookies, spyware registry keys, etc.). That friend installed it on her brother's PC (according to her, he's a <sarcasm>"Really Bright Guy"</sarcasm>) and it cleaned out more than 1,000 Bad Things(TM).
utter rubbish
Says a lot about the average PC user...
But don't programs like SpyBot S&D install "fake" cookies and such, and then lock them down to prevent the real cookies from being installed?
If that's the case, how many of these cookies (or actual programs) are variations on that theme? Would Earthlinks audit utility see a Spybot S&D cookie and count it as spyware, when it's really not?
If that's the case, then if you've Immunized your computer with S&D, you have every known spyware cookie on your computer according to the audit. This would inflate those numbers dramatically.
agree. my friend has average mac (orignal ibook), and it doesn't have a single sharp edge to poke you around whilen walking carrying it. A lot safer than my boxy average win/tux notebook :-)
Spybot rather
Help fight continental drift.
Isn't this illegal on several levels? How are these companies not being sued left and right? I can't believe this has become an acceptible standard.
using a web site http://www.doxdesk.com/parasite for spyware detection and removal instructions. Its pretty good!. Post some more links that may be useful
pretzel_logic
What did they consider spyware? I recently did a scan on my system using Ad-Aware, just out of curiousity - it found about 7 objects, all of them cookies. Like I (or anyone else) didn't know they were there anyways.
The same thing happened to me the other day. After I was done doing my keg stand (34 seconds, a new personal best!) I went over to the computer and ran AdAware. Let me well you, clicking on all of the little boxes is a lot harder when you've had a bit of beer in you.
Comment removed based on user account deletion
Plus some spyware scanners flag any kind of push technology as spyware. The theory is that vendors can use push software to force you to download stuff. Well duh -- any network-aware software runs that risk.
Spyware has gotten so bad I never download closed-source software except from certain extremely reputable sources. And even so (I'm ashamed to admit) there's a bit of spyware that I can't seem to track down. Fortunately it only runs when I reboot (no it's not in any startup lists) and all it does is re-install a program called "readme shim.exe" (yes, that's a blank in the name) which itself is just a stealth spyware downloader. Fortunately, I can simply terminate "readme shim.exe", and not worry about it until I have to reboot (I hibernate when I'm not using the machine). No point in deleting the file -- it'll just come back. Scary that spyware vendors can get that clever!
According to the RDF New Math(tm) used by Mac zealots, zero is less than zero.
This is how, even though Macs and Linux both have zero problems with viruses and spyware, Macs are still superior to Linux--because the Mac zero is better than the Linux zero!
Coincidentally, this same math is used to prove that Macs have a larger share of the desktop market than Linux
I've had PestPatrol recommended to me to remove spyware, does anyone have any experince of it? Is it any good?
small numbers of grealty anomalous behavior can really skew averages, like the guy who buys a 2 million dollar house in a 100K town.
I'd like to know how many instances of spyware are on the median computer.
Dogma - "let's just say we'd like to avoid any empirical entanglements."
...because a lot of my work is cleaning up those systems infested with spyware. And that's just my parents, co-workers, and friends' systems. My co-worker has a laptop that she telecommutes with, and her sister got a hold of that thing and loaded just about every cute freeware app she could grab on the 'Net. This thing was so loaded down with spyware that they were wrestling each other for control over Internet Explorer, and it wouldn't even browse. I don't remember exactly how many hits Ad Aware picked up, but it was several hundred.
.
I also had a bad run in with new.net. My thoughts about those people would land me in jail if put into action. Read about these scumbags along with removal instructions here. I spent an hour trying to extricate it out of my mom's computer before finding this link. This thing has a DLL that literally ties itself into the TCP/IP stack of Windows, so removing it will disable TCP/IP. Just a slight problem, don't you think? Nothing like an untrusted third party app intercepting your TCP/IP calls and doing god knows what with them.
I should mention that a different co-worker picked up CoolWebSearch, a particularly evil spyware app that resurrects itself even after you try to remove it with Ad-Aware. An awesome app called CWSShredder is available at http://www.spywareinfo.com/~merijn/downloads.html
Also located there is a HiJackThis, which scans regkeys commonly used by spyware and allows you to remove them. Be very careful with this app though, as legit keys are listed too.
In light my experience, I shudder to think what Joe Sixpack must have on his system....
Last thought: What gets my goat is how everyone's going after virus writers, but no one's touching these asshole spyware programmers. These programs DO interfere with system operations, are difficult to remove (some even actively interfere with ad-removal software), and run without the user's knowledge. I'm probably preaching to the choir here, but I simply must vent.
-R
I use Opera and do not have a problem with spyware. The Mozilla products also seem to prevent this crap.
IE by far has the greatest problems by far. It is also the most useless browser out. Pop up blocking and tabbed browsing from the other browsers make IE feel like a horse-and-buggy (emphasis on "buggy") era browser whilst the others are years ahead.
Maybe that little shop called, what is it? Yeah, Microsoft, will get its act together one day and make something of themselves.
Name: taxyourself.ca
5 -Hostname:e taddress:
IP Address: 216.194.67.61
Location: Unknown
Network: TERA-BYTE-3
Registrant-no: 665549
Domaine-no: 665549
Subdomain: taxyourself.ca
Renewal-Date: 2004/06/06
Date-Approved: 2003/06/06
Date-Modified: 2003/12/16
Organization: Adam Majer
Description:
Admin-Name: Adam Majer
Admin-Title:
Admin-Postal: 77 University Crescent
Suite Suite 1528
Winnipeg MB R3T3N8 Canada
Admin-Phone: (204)275-8279
Admin-Fax:
Admin-Mailbox: adamm@galacticasoftware.com
Tech-Name: Adam Majer
Tech-Title:
Tech-Postal: 77 University Crescent
Suite Suite 1528
Winnipeg MB R3T3N8 Canada
Tech-Phone: (204)275-8279
Tech-Fax:
Tech-Mailbox: adamm@galacticasoftware.com
NS1-Hostname: bb.taxyourself.ca
NS1-Netaddress: 216.194.67.61
NS2-Hostname: snotty.zombino.net
NS2-Netaddress: 206.45.64.3
NS3-Hostname: polaris.galacticasoftware.com
NS3-Netaddress: 206.45.95.222
NS4-Hostname:
NS4-Netaddress:
NS
NS5-Netaddress:
NS6-Hostname:
NS6-N
Why isnt there a list of the ones found most often to least often? Isnt that the kind of info that could bring these things to light? Simply mentioning that X number of people died doesnt tell anyone how to avoid death...
I teach a basic computing class (basic & intermediate internet use).
The primary topics are:
* Cutting & pasting (get them out of the habit of typing URLs manually)
* The browser is just a program, the internet is out there *points* all the browser program does is talk to the other computers.
* This is a URL, this is what the bits of it mean. These are TLDs, these have their registration controlled (mil, gov, etc.), these don't (com, org, etc.).
* You CANNOT trust everything you read online! (*uses google to find conspiracy theories, instructions on making tinfoil hats*)
* This is Google. Don't bother with the other search engines. Here is how we use its features...
* You should NEVER use the following programs unless you HAVE to, due to their insecurity:
- Internet Explorer
- Outlook [Express]
* You SHOULD use the following, free programs:
- Mozilla (replaces IE + OL, I don't want to confuse them by telling them to try Firefox, it's name might change before they could get it).
- Adaware
- Spybot Search & Destroy (NB: we use Google to find these; I warn them to beware the impostor programs)
- AVG Antivirus (Out-of-date AV programs are nearly useless. I know that you don't want to pay $$$ for constant updates. This is free for personal use [but not business use!], here is where you go to install it).
As you can see, I have it pretty well down pat by now. If any of you have free time, talk with your local library about setting up free classes like this for the community. We reserve one of our computer labs for this one, and I teach a class every week.
Most computer users aren't as stupid as they are uneducated. We cannot fix stupidity, but we can fix ignorance. Teach them and the messages will spread; hopefully they will also share their knowledge, mitigating the problems caused by poorly educated computer users.
not from the originating site. They are usually associated with 1x1 pixel images from centralized servers, allowing cross site tracking of end-users as they travel around the net. Yes, they're not actively passing along information. They are passively recording your travels. But they allow the companies to assign you an indentity, which if they can associate it with actual personal information passed along at any site along the way, allows them to track you specifically.
It doesn't happen to smart win users either ;)
Most PC users are oblivious to spyware, even the annoying pop-up adds and even the nice prompts that ask you politely to steal your personal information. (I curse at thee, Gator!)
In addition to all of the personal PC's I have disinfected, I worked for a Univ IT deptartment for 4+ years. It's amazing how fast a machine can be infected with spyware after a fresh ghost, especially when it involves your average student user. *smirk*
Considering how much *crap* I have cleaned off of PC's over the years, I am honestly surprised that the suck-factor isn't ALOT higher.
Computers are useless. They can only give answers. --Pablo Picasso
Did this list include Microsoft products like Windows XP and Windows Media PLayer? Surely that is just as much spyware as any of the stuff that people download off the net.
they needed to identify WHAT computers had all these infections on them, ya know, name the devil, and we all know what that is. I am more usually presented with a better written BBC piece, this one was a cop-out and a fluff piece. It's what I expected, but until this "the masses" get it hammered into their heads that it's MS that is the problem and their "computar" maybe we'll see a bit more variety in the market place in the desktop/home user arena. People say "wah, whine, kvetch, MY COMPUTER IS BROKEN!" when what they mean in most cases is MS IS BROKEN ON THEIR COMPUTER. I would have rather seen a factual breakdown by OS and architecture mentioned. People just have to have it hammered at them again and again and again until they get it that "Microsoft" is NOT the computer, just like AOL is NOT the internet. I've seen too many people who think like that out in meatworld. They don't know any better, because no one tells them, and the media constantly reinforces that. It's like politics, how long in a western nation would they put up with only mentioning a single political party? That wouldn't fly, and it's way past time they - the media- stop insisiting that MS ="all things computer and internet", which is the obvious allusion you see time and again. If people don't see the choices all the time, of course they'll think that's the only thing on the menu.
Tell ya something else, too, MS being on all these machines and being borked all the time is going to result in some draconian "internet security" laws being passed unless the stranglehold mindshare can be broken.
Is there a firewall-level IDS type system that could monitor for these things trying to come in? I could see some serious cash in it for someone who can do it. I know many companies that would love to buy something like this.
-m
http://www.invisik.com
I have never seen that. Do you have some URLs? I would love to be able to write a "blacklist" extension that would prevent XPI dialogs from sites on the blacklist.
bash: rtfm: command not found
is that a sufficiently small segment of their users did NOT figure out how to remove the Earthlink spyware. This surprised no one until some genius figured out they could turn it into a sort of expose for good press.
heh.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
In other news scientists made the shocking discovery that the sky is blue :P
Most common computer users run AOL's Instant Messenger and it comes bundled with spyware.
Even users who don't use AOL as an ISP will run AIM so they can chat with their friends and family.
-i
It would have an next to it.
And "still no cure for cancer" afterwards
Their figure of 28 pieces of spyware per computer considers identifying cookies to be spyware. When counting just spyware programs, the number drops to about 5 per computer. That's still quite high. They didn't need to redefine spyware to include things undeserving of the "-ware" suffix to get their point across.
...but that George shit is fucking hilarious. Me and my son hit the floor on a more than a couple tickets. I had to stop after page 7.
(tig)
Ignorance and prejudice and fear
Walk hand in hand
Not sure about Earthlink, but recently I've learned that the Pop-ads blocking software I had installed on my machine was in fact spyware.
So I've removed it and installed Google. At least in Google you can explicitly set the option so it does not collect any information (hopefully, Google is more trustworthy in this respect).
stupid slashcode. http://img.fark.com/images/topics/obvious.gif would be between "an" and "next"
s/the same as/analogous to/
Since these sorts of analogies are a significant part of the reason that fora like slashdot turn to shit.
the stuff that deletes ad-aware... I love that stuff. I've seen it on several machines when I had to re-clean it, (shared machines on our network... so people don't care, I try to get out and clean them every 2 weeks or so usually get 300-500 items each time) many times I find ad-aware deleted. gotta love it...
Thank god my parents have a Mac. I'm reading these horror stories and I am cringing thinking if I had to support a PC for the P's... I do support one for a friend, and my god what a clusterf**k. The're going to Mozilla for good.
That might have biased the results somewhat...
And this is the case not only for home users, but for intranets also. I recently did a research in my company, and ALL Windows PCs (I mean all, 100%) were infected with at least one registry hack or spyware.
Most PCs had 100s of registry key compromises (Alexa being the most usual), and lots of spyware...some even had trojans and worms, even if Norton Antivirus is installed to all PCs as a company policy.
I recently changed my boss' internet explorer with Firefox, and replaced all desktop IE links with firefox.
I have made the habit of running Spybot - S&D and Lavasoft's Ad-Ware at least once a week, as well as having Antivirus on at all times.
Has anybody calculated the cost of malware ? it could be thousands of billions of dollars. So much time spend cleaning Windows installations, doing system scans, reboots, registry restores and cleanups...not to mention compromized servers and server downtime.
How much, if Microsoft was charged, would they have to pay society for the damage ?
I work for an information security company. My boss, with a 5 year Master's degree (Major economics, minor IT) had over 200 pieces of spyware when I convinced him to install Ad-Aware.
Fortunately, he's very good at what he does (talk) and leave the actual technical stuff we do to me. I run an airtight ship of anti-virus, firewall and anti-spyware (plus I personally have some good sense, heh).
I'd love to see the day where Linux was common, and I could really restrict root access. It can be done under Windows but not nearly as easily... Already converted my dad, I remote admin his computer, should he need anything.
It's 100x better for him to call me up and say "I need a _____ program" and I ssh in as root, and do apt-get install [package]. Of course, he's hardly the most advanced user in the world, and doesn't mind me having full access and control over the box.
Come on people, use a little common sense. This point has been made jokingly several times before, but never taken seriously.
The people who participated in the survey are the ones most likely to download unnecessary software, such as an Earthlink Spyware Audit tool.
I'm sure that most computers do have spyware on them, but this is ridiculous. The study was not done as thoughtfully as it should have.
--My computer was slowing down, with increasing popups until I realized the problem. Now I check every week. I NEVER click inside and a web advertisement. Some had fake window frames that executed code.
At it's simplest a cookie is a just a mapping from a string to a value that your computer stores on the behalf of some webserver. It looks like this:
slashdot.org / 31 Apr 2004 user 621112::jrLk8rfhJlszg7DMS6cI83
Your webbrowser will provide that information to the server (slashdot.org) at a later time (before the expiration, 31 Apr in this case). In this way the server can "remember" who you are by storing whatever it would have otherwise forgotten as that cookie which is saved to your hard drive. In this case it's remembering that "user" equals 621112...blah blah blah. When slashdot sees me trying to load the front page, it gets that cookie, which it looks up and figures out maps to "Ayanami Rei" and shows me my Slashdot homepage as opposed to the generic one.
Here's the thing. Your web browser justs sends ALL the cookies that the webserver ever left everytime you fetch a URL from that server since it can't tell which one it might want... the server ignores the ones it's not intereseted in.
So whenever you see an ad banner coming from some site like doubleclick.net, you can be sure that it's setting and checking a doubleclick cookie. The thing that makes it dangerous is that it can also tell (from Referer headers also graciously provided by your browser) what page that ad was referenced from (and hence what page you were browsing!) So doubleclick.net can track you between sites that use their ad banners.
Etc. Some websites concerned about tracking traffic insert invisible images that fetch and set cookies from centralized webservers to get statistics. While cookies only get and set themselves to servers with the same name, that doesn't mean a bunch of websites can't subscribe to one tracking service. (And they often do...)
So while I wouldn't call it spyware, you need to be aware of the potential privacy implications and you need to carefully inspect your cookie files or cookie permissions. Mozilla lets you block access to cookies by originating sites, so you can control who can and can't use your cookie storage.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Well, duh! You don't need to tell slashdotters that, you need to tell the technically illiterate clowns who don't read slashdot, and can't find any website that doesn't end in .com. They used to get quite a shock trying to find the White House!
How ya like dat?
Pop-ups - Google Toolbar
Pop-unders - Google Toolbar
ActiveX - Can be disabled in Internet Options
As for "just about every other form of spyware", I call bullshit. Other than ActiveX components that either install automatically (if IE is improperly configured) or if the user clicks "Yes" (more likely), other spyware is delivered through executables. How does Mozilla protect a user from installing Kazaa with Gator?
The only true way to be 100% safe on the Internet is to install Gentoo on your G5 laptop and dump hot grits on it.
did I mention that it's free (for non-commercial use)? http://www.lavasoftusa.com/ And a virus program called AVG. http://www.grisoft.com/us/us_index.php It's hard to get updates sometimes, but did I mention that it's free, too? Anybody else heard of AVG?
Insanity: doing the same thing over and over again and expecting different results. Albert Einstein
r00tkits are the linux equivalent of spyware/trojans. They are very small utilities, of which the most successful hook themselves into the running kernel using module loading, then intercept your system calls. They do things like hide files that names match certain patterns when you open directories or search the output of ps for program names.
Then the r00tkit launches backdoor programs that have names that match the hiding string. So as long as you don't notice the drain on resources (CPU, network) while the kit is being used, you may never know you were compromised. The machine can then be used remotely for any purpose.
Of course, the more sophisticated here have many countermeasures and tricks to find these inconsistencies. Tripwire is a commonly cited one.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Here at work when 'interweb thingee' access is granted, I put the fear of death into the user: "If I catch any spyware, adware, or virus on their machine then I'm reimaging the PC without making any attempt to backing up their files. I go on to tell them that doing such software is a violation of network security, that they could potentially lose their job ... " blah blah blah.
It makes me happy inside.
m.mmm..myyy
- Install an OS that has privilege separation by uid: NT-class (NT4, 2000, XP), Mac OS X, *NIX
- Ensure the disk volume respects user permissions: this means NTFS, not FAT!!!
- Put users in regular user accounts, not admin accounts
- Apply security updates and shut off unnecessary services.
Keeping users separated is incredibly important. In our student computer lab, there used to be a Windows 98 machine that was just a wreck due to all the shit running on it, no user separation. On the other hand, the NT4 machine we installed still runs great to this day -- even though it's not really up to date security wise, it's still nearly impossible for software to leak from one user account to another.According to this thread and thread, 9,200 objects was the record. Now, I don't know if that is possible to get that many. At least the screen shot with 2,022 items looks legit.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
To-do List: Receive telemarketing call during a tornado warning. Check.
You simply must vent. Anything else would be uncivilized.
Autoruns from sysinternals is about all you need to find and track down most viruses and spyware. When launched it shows every registry entry and folder that a program can use to launch itself at boot or login. If it's not in this list, and you didn't launch it yourself, it's not running on your computer. You can use autoruns to launch regedit and remove the offending entries.
It does take a bit of general widnows knowledge to know what entries should be in there, and what shouldn't, but any idiot can tell that c:\4545$5-ee.exe shouldn't be running at login.
The only thing autoruns can't see is all the crap that get's installed as IE browser extensions. You can either disable extensions in IE, or use firefox.
is that much of this "spyware" is being marketed as anti-virus utilities... *cough* Symantec *cough*
Symantec's Norton Antivirus actually has the audacity to reconfigure a user's e-mail program to route mail through their network first. This is unbelievable. You think you're checking your mailbox, but you're really sending your id and password to Symantec, they're going through your mail and then sending it to you. An amazing breach of trust and privacy.
Most spyware are in the form of resident old cookies. So really, rather unharmfull, just a couple of tiny files in a trash directory. Imagine that everyone on his PC has indeed say more as 10 Spyware vendor relates cookies on his windows XP machine. The information inside these cookies are mostly, your name, email address, basicly _your_ identity.
Why would it be interesting for certain organisations to have cookies on all PC's world-wide? No single person is able to monitor all those PC's at the same time! Well they certainly don't want to. All they want is survaillance when needed. FBI says "We want to track this person on the Internet, what is his current ip-number, and thus where is that person currently located?" The SpyWare cookies on your desktop allow Spyware companies to track your current ip-number down within 2 or 3 minutes. Once they _have_ your ip-number, they have permission (thats what a cookie apparently is for) to upload their real Spyware monitor module, and can start watching _your_ desktop real-time while you are behind your PC.
It all makes sense, the ADSL 24/7 connection almost for free, the PC with windows doesn't cost that much anymore. Besides, no-one doing banking from at home can do that without a PC.
Robert
You could put up a web page that says in H1 type, "click here to erase your hard drive" and some people would click it. What do you expect?
Sometimes I think some of these people collect system tray icons like they were Elvis collector plates from the Franklin Mint.
Now mod me down, editors. Show us how you censor those who disagree.
/. editors, or mods (not usu. the same thing, btw)?
He has a point about the cookies. WTF does that have to do with
That's why we can discuss the articles - because every issue is more complicated than it seems in the headline. Ever notice those "RTFA" comments? That's because the comments are often more informative (and interesting) than the story itself.
Great, chip in and share when you can. But don't expect the editors to only post stories that are perfectly balanced and fact-checked... there'd be nothing to talk about.
Besides, mod-baiting is a cheap and transparent trick. "Oh, he dared me to mod him down... now I have to mod him UP or I'm a tool!". Ugh. If I had mod points today I'd mod you troll.
And that's 5.5 too many.
I'm just going to do the predicatable thing and blame Microsoft. Afterall, none of their "setup wizards" mention anything about user levels and its very difficult to run a lot of software when you only have user privs. Windows coders seem to care to write stuff that works with windows built in permissions systems.
Apple should really be using spyware to its advantage, at least OSX can easily be setup to ask for the admin password when installing software. Compare that to who knows how many people have IE set to 'automagically install any activex crap that any page loads.'
Even worse is the apathy from the antivirus companies. I'm sure they would love to eliminate this stuff, but so far we haven't had that one court case that has equated "stealth installs" or unreadable EULA with viruses. Yet.
Firefox is not MUCH more secure than IE. Wanna proof? What's the fucking difference between IE's box asking about installation and Firefox's one? Yes, I'm talking about .xpi files. How long it would take before spyware will distribute itself as .xpi files and users will happily click "yes" in these boxes?....
I love mozilla. It's a very good browser. But don't think that it's a magic cure for all spyware.
I briefly ran their "TotalAccess" software (not recommended, btw) which included some sort of spyware detection. It decided that VNC was spyware and removed some of its settings (I forget what exactly) from the Windows registry. It did not find anything else on my system, but I wonder how many other false positives it yields.
I'm really confused.
How on earth is this "more convenient" than mozilla's built-in cookie management? Go to Tools->Options->Privacy in FireWhatever. Block them all or use "Enable cookies for current session only" (which seems to be what your script is trying to accomplish, throwing out bad cookies after a day or whenever the job runs) and add Slashdot, NYT, Yahoo! etc. to the convenient "exceptions" menu. Done.
Also, I'm not sure, because I don't write shell scripts often, but:
(1) it looks like this script is going to fill up ".mozilla/old" with copies of old, unfiltered cookie files. So there's a giant record of your browing history hanging around. That seems like a privacy (or embarassment) risk.
(2) if your script starts running at e.g. 11:59:59pm and takes too long, some of the `date` calls will produce different results, and you'll end up trying to operate on non-existant files. You might want to call date just once and store it in a variable or something.
Did anyone else notice the Javascript in the second link using https to report home ever 10 seconds or so?
I didn't bother to go to far into disecting it, but I do find it amusing that it's obviously up to something on the page with an article about spyware.
No one's toching them because they bring profit! Inderectly, but they do. Some of my clients asked me "my computer is too slow, should I buy new one?". All of them were infected with loads of spyware. And one of these poor guys bought new computer. Result: 1. manufacturers got their profit, 2. Microsoft got their profit too and 3. seller got his proft as well. Heh. Why they should kill the goose that lays goled eggs? And that computer got bogged down by spyware in two months and that guy was considering buying another computer!
I think Microsoft understands the situation and likes it.
The Register carried this story earlier - I posted this to John Leyden, and might as well repost here....
Being somewhat bored on a Friday afternoon, I decided to take a quick peek at
this software from Earthlink, and found some rather disturbing results. In
fact, it's ill-represented, borderline illegal, and about as intrusive as
RealPlayer (and that's saying a lot).
I ran my machine through their quick'n'dirty scan, which reported
1 Trojan,
5 Adware programs,
65 Adware cookies
Given that the combined might of one internet security expert, Ad-Aware,
HijackThis, Spybot Search-and-destroy, and Network Associates Antivirus (all
with the latest updates - me included!) found nothing, I got somewhat intrigued
and looked a little deeper. My (american) fiancee has an Earthlink account, so
I borrowed, that, downloaded the software, and (several reboots and updates
later), ran their proper spyware detector.
This showed up that it had found 123search, Alexa Toolbar, Bonzi Buddy,
OpenSite, and Netbus(!!) on my system. Every one of those apps would be found
by at least three of the apps which I regularly run, and every one of them would
have been found in the manual checks which I periodically run as well. So I
went a little deeper...
Once the checks had been run, I paused a little before allowing the tool to fix
the items it had found. In the meantime, I fired up regmon and filemon,
allowing me to see *everything* that the tool was doing.
This turned out to be not a whole lot. No files outside of either the Earthlink
install folder or the system registry were modified in any way. The only
registry keys which were deleted we for Netbus settings (OK, I fiddled with it
for a project about a year ago, but a registry key isn't exactly the same as
having it installed!) and a few random CLSID's that could have been anything.
Not exactly convincing evidence - especially considering that I know none of
those other apps have ever been anywhere near this machine...
So, having "fixed" everything, I ran the quick'n'dirty scan again. Surprise!
My machine was clean. So, I uninstalled the proper software (its ONLY saving
grace - it uninstalls cleanly), rebooted, ran the quick scan again, and was not
entirely surprised to find that it now listed no trojans or adware, but 18
tracking cookies. Despite only accessing the Earthlink site (and El Reg) since
it reported that I was clean. And still, Ad-Aware and Spybot report nothing...
Essentially, it looks like this is reporting large numbers of problems in order
to convince you to pay Earthlink for their software, which then magically
"fixes" all the problems (which never existed in the first place). They're
trading off the FUD associated with Spyware, and it's ethically and (probably
legally) wrong. Their product may be of benefit to people who know no better,
but I'd stick with Spybot S&D and Ad-Aware - two very good (and free) apps
which, when combined with a decent AV scanner (and maybe a personal firewall, to
boot) give you all the protection you need from spyware, and a whole lot else.
I have screenshots, logfiles, etc...
Geeze I don't know why adware is such a huge problem. I always tell my family not to click "yes" whenever IE asks you to install something and they don't because I've already installed everything you need. Plus we get the latest windows updates whenever they come out. That alone will keep you safe 99% of times. Unfortunately I suppose there's folks out there that hit "yes" to anything. I wonder if someone put a pay me $100 pop-up (yes/no) if they'd learn faster.
Or, just click Start, click Run, type "msconfig," hit Enter, click the Startup tab, and uncheck anything that you don't want to run at startup. There are numerous guides online that can help you sort the wheat from the chaff, and just doing this once will probably be enough, especially if you have a name-brand PC that you bought from Best Buy (since manufacturers and places like BB tend to pile on a bunch of unnecessary startup modules).
Somebody else mentioned searching google for spybot and coming up with a lot of spoofs. This brings up a very good point - it is hard for an average user, even one who wants to learn more and protect his computer, to find out what software is 100% free of spyware, adware, etc.
There are an awful lot of average users who don't know what spyware and adware is. There are an equally awful number who know what it is, but don't believe they could get infected. But worst of all, there are an awful lot of knowledgeable computer users out there tricking others into getting infected.
On a side note, I wonder what the maximum number of instances on a single computer is (assuming that computer is still managing to function).
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
That's funny, because Sprint's residential DSL, which partners with Earthlink under an arrangement whose terms are not known to me...
wait for it...
HAS SPYWARE BUILT INTO THE SETUP SOFTWARE!
Or at least it did when my parents subscribed. Nothing that a disk crash and a reinstall with RASPPPOE couldn't solve, but wow.
I guess that's not quite as bad as their new Compaq desktop that came with spyware PREINSTALLED.
There's a general philosophy amount consumer software and hardware distributors that people don't want to know what goes on underneath, and give their tacit permission for them to put whatever the hell they want on there. We keep blaming code bloat for making computers run slower than they used to, but maybe the fact that people have a couple dozen completely unnecessary processes running, each using just a few megs of RAM that nobody would notice missing by itself, has something to do with it.
Granted, I could probably cut down on a few things running on my fairly stock Debian/KDE workstation, but they use about 1/100 the resources as the useless crap on my parents' machine. Of course, none of the things on my machine that I'm not entirely sure I need are designed to scan web pages I read for key words and deliver pop-up ads for competitors.
WARNING: there is a trojan on your
I'm at the point where I refuse to explain it anymore. Every possible explanation I've come up with results in more questions.
I usually end up telling psople to just 'quit clicking on shit' when I leave...
So Browser cookies count as spyware?
I work in a call center right now, and I routinely get calls from folks with NIS and ZA on their fucked up spyware laden systems.
you would say come up with a virus. a good virus not a nasty one. the type of virus that as soon as it detects another virus or spy-ware it would flood the offender with goatse.cx pictures until their servers blew up, better yet a virus that does that t spam to. if you really were geeks there would be a posting in the next week or too of a really good app that was an awesome counter strike to spam/spy-ware/ad-ware kinda like a seti at home dedicated to destroying the aforementioned banes to the computer world.
*Click*
-=BANG=-
Yeah, right.
"no shit sherlock" is heard emanating from many slashdot readers as they read the title of this discussion and scroll down to the next one.
Whenever a friend or a relative of mine has a PC problem, they always come to me. About 95% of the time the problem is related to some spyware or an unwanted program that was unknowingly installed. Some people would ask me how to upgrade their PCs because they complain about it being slow and unresponsive. You wouldn't believe how many memory hogging programs / spyware msconfig reports. I wouldn't even bother running spybot on it. I them back-up their data and re-install Windows.
I use S&D, and it don't tell nobody what I found.. so how come earthlink knows?
the proof is in the subject, THEY KNOW HOW MANY THEY FOUND....
every day http://en.wikipedia.org/wiki/Special:Random
It seems that my grandmother's computer is infected with some kind of spyware or virus. I don't understand exactly what it is, but it keeps popping up this blue screen with a bunch of gibbering and numbers on it. When that happens, the only way to get it going again is to power-cycle the computer. Can anyone here help?
Wh47 d1d j00 541, 31337 15n't t3h r0xor5 ne m0r3???
If you don't dump her now, you could end up
:-(
with the in-laws from Hell.
Seriously... like my in-laws.
Spyware removal software typically counts the number of files + the number of cookies + the number of registry keys related to spyware it finds. So it's not uncommon to get a report with over 150 items when the user has only installed Gator.
A badly-spyware-ridden machine could have thousands of those items.
Now, if only one computer out of 10 has Gator, you'll still find that on average, each computer has 15 items. Most typically - specially in corporate environments - you'll find a few machines with thousands of spyware items and a lot of computers with no spyware - since employees aren't _all_ fucking around with company time.
So, um, another ignorant Slashdot story. Grr.
This is exaclty why I can't stand Windows. Every little program has spyware and leaves crap all over your system. It's either that or god-awful adware that makes a desktop look like a carnival. A Linux desktop is quite refreshing to look at.
Time makes more converts than reason
I randomly swapped and modified a few letters. Please, by all means, try using it.
I wanted an example that would look familiar to a curious user who examined her own cookie file after having visited slashdot.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Purple Monkey says you are lying!!!!
Odd. I have no spyware on my PC, but then my PC runs Linux.
Perhaps the article should read more like:
"The average Microsoft system is packed with hidden software..."
"The US net provider EarthLink said it uncovered an average of 28 spyware programs on each Microsoft PC scanned..."
This type of scare-mongering pseduo-journalism is appauling. Its like saying
"Cars produces over 500 cubic litres of toxic gases capable of killing a baby in moments"
These things need to be quantified.
What morons modded that up informative? Spybot REMOVES fucking spyware.
Please!
fiendish laugh
Silly slashdotters... here you all, all underemployed and wondering what the next big thing will be and here this article comes along and you all post pithy comments getting the cheap +5 mod but letting something sneak right past you.
Not me. I understand that most geeks actually agree with the parent poster who thinks that somehow a 200 page manual is the answer. Ha. Have you ever read your car manual? Or your cordless phone manual? Or even the insert that comes with your medicine, something you take internally for heaven's sake! If you answered yes, understand that you are in the substantial minority and there is wonderful money to be made -- and a service to be provided to your fellow neighbrs who were too busy playing baseball and drinking to be bothered with the excitement that came from Mountain Dew fueled nights getting the C-1541 increase its data transfer rate.
A few of you reading this are nodding at me. I'll see you at the top.
I would have to say that explosives are the most abused technology in all of history.
I had been using both Lavasoft's Ad-Aware and Kolla's SpyBot Search and Destroy to keep my box free of crapware, before my boss turned me onto Webroot's Spy Sweeper.
I've been SpySweeper as my primary spyware scanning tool ever since, with Ad-Aware as a 2nd-scan chaser. On the rare occasion that Spy Sweeper misses something, Ad-Aware always gets it, with a 0% margin of error (when using Spybot S&D as a 3rd-round scanner). Conversely, there were a few occasions that Spy Sweeper missed something in Round #1, but Spybot S&D also missed a few in Round #2, so that it was necessary to run a 3rd scan at all using Ad-Aware.
To summarize: Spy Sweeper rocks. If you want even more security, run periodic Ad-Aware scans, and you should be spyware-free (assuming you keep your product definitions updated).
I really doubt I'm in the minority here or there would be a crap load of Linux users with no files left on the hard drive (I wonder how I'm supposed to use this rm command. I know, I'll try rm -rf / just for the hell of it!).
But a huge part of the problem is that users allow this stuff on their machines. They read the licenses and click "Install".
Anything they allow on their computer is quite probably legal. Most of this crap also has a clause in the EULA saying they can install other software, and that you agree to the EULAs of those other software products.
Now anything that exploits a vulnerability to get installed is clearly illegal, not just for the wiretapping aspects (which someone could probably sue over) but also the various computer misuse and abuse acts that are floating around. Same laws that make viruses and other trojans illegal. Just good luck finding someone to sue.
I'm a fairly saavy (hate that term) computer user, 20 years experience, professional web developer.. I know what to avoid, I know what to click no on, I have stop-the-pop on my win box.. I still have on average 40 different spyware apps installed on my box every week (between spybot and adaware) .. When ever I go over to someones house and run a scan for the first time, there are generally over 400... its getting outrageous.
i reset the entire system on my sisters' computer about a week ago. I was using it for some random stuff the other day and they already have installed several adware and spyware programs.
It's a telling freudian slip that people automatically assume that PC == Windows. When my clueless friends & relatives complain that their "damn computer is broken.. again" what they mean is their "damn Windows OS is broken.. again" OK zealots mod me into the ground now.
I'm not a huge fan of the FSF, the GPL, or Stallman, but I am a fan of accessing the source code to a program you pay for. And, its really the only logical solution to a number of problems. I must be informed what is in my food, how well my car fares in a crash test, etc. Why shouldn't I know what my software does?
Question
http://www.ironfroggy.com/
One of the clients I mentioned in my reply to this article was sayin sumthin about getting popups like that... I dunno if it was yours but he said " ... and this one said dont fucking use spyware"
Too funny.
bash: rtfm: command not found
Did that 28 include theirs?
Gamingmuseum.com: Give your 3D accelerator a rest.
Create a slipstreamed windows without Internet Explorer and be done with it.
My GF's best friend asked me to take a look at her computer earlier this week. The first thing I did was download and install Ad Aware. It found over 300 objects.
All of thost cutesy little cursors and searchbars and tons of other stupid bullshit that newbies install is teaming with spyware.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Jesus Christ, here's a few hints:
n tegration.netw w.lavasoft.dew .tomcoyote.orgn
http://www.spywareinfo.com
http://forums.net-i
http://security.kolla.de
http://w
http://www.subratam.org
http://ww
http://www.spywareinfo.com/~merij
if those aren't dead giveaways, what is?
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
Medicine is complicated, but most people know enough that if they have a headache, aspirin will make it go away. They don't need to know exactly what aspirin does at the molecular-biology level.
Almost every complex thing breaks down into simpler parts, or concepts.
This can be applied to cars - you've got a seat, an engine, wheels. The engine is connected to the wheels by something (we could call it the drivetrain if we so wished). The front wheels are connected to the steering wheel, and can turn left and right.
Using just this basic information you can start to diagnose problems - if the engine is going, but the car's not moving, the problem must be either a lack of wheels or something's wrong with the drivetrain. That kind of thing.
Same thing works for computers - except because it's mostly software (where the problems lie) it's a bit harder to grasp. People just need to be told the basic steps computers go through (after all, that's all they do, just step through instructions).
If my mother was to ask me how Internet Explorer works, I wouldn't start by telling her the names of API calls (not that I know them). I would tell her you type in a URL (which includes the name of a server), it asks another computer where that server lives and then goes to that server and asks for a document.
My point is that just because something's complicated isn't an excuse, or an invitation, to be ignorant. Almost everything can be abstracted to high enough a level for anyone to understand, at a basic level.
The earthlink audit is not accurate. I've run Earthlink's free spyware scans on two computers and gotten 4 "hits," all definitely incorrect. It claims I have Alexa Toolbar and Bonzi Buddy on both systems, and I definitely do not files from those applications, nor do they attempt to communicate over my network. Allowing some false positives in the scan encourages people to use the Earthlink software, and it makes for a more sensational press release.
So I take a look. In my experience, most people have about 3 programs they use most of the time. For most people using Windows, that would be Explorer, Outlook, and then something else, like Word or something. But, and this NEVER EVER fails, they ALWAYS have about 175 programs installed that take up tons of space, many of which have all kinds of daemons that run in the background, causing the hard drive to grind around all the time, causing all kinds of weird and questionable messages and popups to appear, and best of all, make the whole thing run so damn slow that it's a wonder they can get any work done.
Unfortunately, no matter how hard you try to explain it, 99% of the users DON'T understand: Use this computer for its intended purpose, and DON'T download or install all kinds of shit! Don't go to all kinds of web sites that you aren't familiar with! Don't run or open something when you don't know 100% for sure what it is!
But do they listen? NO!!! Of course not!
The solution is to develop a finely grained security model where not only is the user and his files protected, but so are processes, pipes, and just about any other "object", as it were. And these damn things should ship, by default, to do what most users need to do, but under extremely limiting circumstances, so that their computer will refuse even to download some attachment to an email unless some really complicated process is first carried out. Something requiring commands to be entered into a terminal window. Because even if you ask, "Are you ABSOLUTELY POSITIVELY SURE you want to open this attachment, which will MOST LIKELY **D**E**L**E**T**E your files, beginning with those that are most important to you??? Push any key to answer "no" or type, "I, [your name here], do hereby solemnly swear, under penalty of deletion of all of my files, that I am absolutely positively sure that I WANT TO OPEN THIS ATTACHMENT, which will most likely delete my files, beginning with those that are most important to me," you can rest assured that MOST users will simply punch all of that in to answer "yes" and then wonder why in the hell their computer doesn't work properly.
But the best part is when they don't understand that the malfunction is all in software, which should, at that point, be blown off and reinstalled, and instead think that replacing the entire computer will solve their problem. And then they download all of the same **S**H**I**T** into it and end up in the same situation.
according this. YIKES.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Adware companies are a legitimate business. When you hit Yes, you say they can install/download their software and show you ads. The issue here isn't that they are spying, but that adware slows down computers, often pops too much stuff up, and sometimes tricks you with installation.
1. Educate home users on the existence and potential for damage that spyware holds.
2. Collect spyware tools in one place and keep them on a usb pen or CF drive.
3. PROFIT!
Yours,
PC Technical support
I use IE on Windows, more due to apathy than anything else. I have also not had to remove ANY spyware AT ALL from my PC (other than cookies) in the last four years.
The secret to my success is to lock down ActiveX and restrict scripting. Most of these spyware apps do drive-by installations through ActiveX applets, so if ActiveX is disabled then spyware cannot be installed.
I have included many websites in the Restricted zone, where scripting and ActiveX are both disabled. The default setting for new websites is to prompt for ActiveX, and I always say No unless I know in advance what the ActiveX control is.
I have to say No several times a day, but this is no more onerous than closing a popup, and if it annoys me I could always disable ActiveX.
I also scan with Adaware and Spybot Search and Destroy periodically, and I use a popup blocker and Zonealarm. Not much gets through all of that.
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Your analogy is wrong. You've just described a limited-function appliance (your car), and compared it to a computer.
But a computer (at least an MS Windows computer) is not a limited function appliance. And the spyware that increasingly draws CPU cycles, increases disk IO, and sucks up network bandwidth makes the computer less and less usable over time.
By your analogy, each trip to the grocery store your car would have to develop a new problem - one which would lower your top speed, randomly kill the engine, and otherwise make your car less usable each trip.
.sigs are for post^Hers.
Two problems:
1 - people often aren't taught anything about safe computer use and computer maintenance (much less general use of the OS and software)
2 - the lucky people who do get taught often ignore (intentionally) the education (how many times have stupid (yes, STUPID!) users opened fucking attachments that made no sense, came from someone they had never heard of, and naturally contained a virus?)... all after being told numerous times to NEVER open an attachment you aren't specifically expecting.
So often people want to compare a car to a computer. I think in one respect that's a good idea. One must learn and officially demonstrate (barring people from a certain populous country who get a drivers license with no skills, then magically turn that into a US license) that they know what traffic signs mean, what yellow dashes and lines mean, etc.
People should have to have a license to operate a computer. No this isn't some elitist joke, I'm serious. Then users could be held accountable for asking the same questions over and over. I could lecture for days about this. Suffice to say that if training and testing were not required and enforced, many people will try and fail to correctly use a computer, and that will result in support requests.
At some point in most people's lives they were taught how to tie their shoes. At first it was too difficult, so they needed assistance. Eventually, through practice and effort, they became self-sufficient. Most computer users should be expected to learn over time. Most won't.
.sigs are for post^Hers.
Most of the spyware they found was of the type "Spyware Cookie", which is non-executable.
When I saw the headline saying how these spyware programs could be picked up just by surfing the net I wondered how IE could have such a gaping security hole for so long - to allow arbitrary code to be loaded just by reading a page. The explanation came when I read further and found that this "spyware" isn't software at all, but cookies from places like doubleclick.net.
These cookies are insidous, but not anywhere near as bad as spyware. The problem is not as bad as the website makes out.
The average PC is a Windows box run by an idiot with 28 malwares on it.
Makes sense to me.
</slackwareuser>
Doing the same thing as spyware on your own can get you some years in jail. But if you act as beeing a company doing profit with this stuff then it's perfectly legal.
In America your employer has the right to monitor each and every transmission that's made to and from each and every PC on their network. Additionally they have the right to scan each and every hard drive on each and every PC on their network; They also have the right to take any action, disciplinary, remedial, or otherwise, based upon information that they gather from this monitoring and scanning. The driving force of logic behind this is "because they bought the hardware and they pay for the network."
Why can't we, as home users, enforce this same Gestapo level remedial and disciplinary action based upon results of our monitoring and scanning at home? It's _our_ hardware and _our_ network and _they're_ using it in a fashion which we haven't approved and we don't deem suitable.
Every troll out there will say,"You can. You are free to install firewalls and packet logs." To this I answer,"Where's the enforcement?" Why am I not allowed to put these cookie serving sites on a 30-day performance improvement plan until they quit loading _my_ hardware and _my_ network with their junk? Why can't I take disciplinary action against the company which puts the "15% off printer cartridges" splash screen ad on my desktop? I watch real-time packet monitors every evening and see scans for port forwarders, bouncers, and "remote administration tools" on a continuous basis. The implications are horrifying. If my network would have even one of these remote adminstration tools or virii on it then any information, professional, legal, financial, or otherwise, would be instantly available to an entire world of script kiddies.
It's like standing in line, anywhere, and being hassled every five minutes by a different patron reaching into your pocket. "Sorry, just checking to see if you were watching your wallet", is all they say as they walk away every time you catch a hand digging towards your jewels. Why do I have no right opportunity to sue the EVER LOVING BEEJEEZUS out of these would-be thieves, pranksters, and hijackers?
The answer my friends is exactly as the trolls say,"You can". But unless you have ridiculous sums of money to feed to attorneys the courts will tell you to bugger off because you're not a big enough fish to have your rights protected in the same way that we give the Nazi power to employers.
Your rights online? This is America's double standard. You only have the rights which you can afford with the almighty dollar.
+++ATHZ 99:5:80
You can configure Firefox to use Macromedia Flash.
Refer to http://plugindoc.mozdev.org/faqs/flash.html
It works for me anyway. There were security issues relating to older versions of Flash Player. The new one seems to be ok.
My hyperlinks aren't worth the paper they're printed on.
"Take the car in for an oil change once every few thousand miles, make sure it gets its 10k/15k/20k/whatever k service, and keep the gas tank full, and 95% of the time it will run good for years"
That's true today, but the PC has been around about 30 years. How easy to maintain was a 1935 car?
And you can also install a Firefox extension that disables Flash scripts (or whatever they are called) by default and only runs them if you click them. http://texturizer.net/firefox/extensions/#flashblo ck
I can proudly say that I've only ever found one piece of spyware on my machine. It was something called photoshop...
Earthlink spyware claims overhyped?
Oh, please. Why is anybody who wanders outside of the Microsoft cage a "zealot"? What we really need is a pithy word for people who willingly wallow in the same cesspool year after year, especially when it's so easy now to climb out...
Why would you run an executable that you had no idea what it did?
No offense, but to expect your computer to protect you against any possible thing you do is naive at best, and blindingly stupid for someone who is familiar with PC's.
Its like you got a car, put the accelerator down to the floor and then refused to steer because "it meets all the safety standards". Seriously.
"Your web browser justs sends ALL the cookies that the webserver ever left everytime you fetch a URL from that server since it can't tell which one it might want..."
This is more false by omission.
A web server can't get a cookie except one it already left.
In other words, if www.msn.com left a cookie, www.aol.com can't pick it up, no matter what. Even with different machines within a domain won't work unless you do some javascript programming.
So cookies are very benign.
The breeding ground for spyware is download.com
This so called "Spyware Detection" program is a fraud. It is nothing more than a marketing ploy to get people to join Earthlink.
First, it claims that I have several spyware programs on my machine that I know for a fact I do not. Alexa and Wild Tangent are no where near this machine. Spybot and AdAware confirm, as well as manual checks. Seems they are possibly scanning registry keys, and finding SpywareBlaster's kill bit - either that or it is flat out lying.
Second, it uses generic names for non existent "trackers" - "Spy #5c5f4 -- Research In Progress" - sorry, if it's real, then it should have a name.
Finally, and this is the most aggravating one - this program identifies a cookie that Earthlink itself places on your machine when you visit this page as a adware cookie. They also list one cookie that I do have that I need - from TV Guide - to keep track of my channel listings on the TV Guide site. This I'll simply ignore, even though it's still wrong.
This means they are intentionally placing files on your machine so they can identify stuff to make you, the supposed ignorant user, paranoid and lead you to believe that joining their service and using their tools (which are freely available anyway) will keep these things off your machine.
~~Iggy~~
The gene pool needs a lifeguard....
Can we change this from the "gaaaaaaah dept" to the "well no shit sherlock dept"?
That's only if there's no data worth money on the computer. I see people all the time with thousands of dollars worth of data (measured in man hours it takes to create it, not to mention the intangible costs of going to all your customers and saying you've lost all thier personal data to a virus) who won't spend a $200 on a DVD burner let alone a grand on data recovery. And we haven't even discussed the cost of down time. Computer's have become so integral to our life that their value transends purchase price. Plus, if my car breaks down I can get a rental no problem. If my computer breaks down, I could get a rental (i.e. an expensive lease), but I'm still out my data.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Your web browser sends ALL the cookies that the webserver ever left.
Note the singular 'the'. Which means the same webserver that we've contacted. Such that aol.com gets all the unexpired aol.com cookies that IT LEFT, but not other ones.
The less benign cookies are those that belong to domains like doubleclick which many sites subscribe; those are the ones you should be aware of.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
I'd have to disagree with you. I know lots of people who aren't ignorant, they're just dumb as shit. Haven't you ever met a dumb mechanic? He's not ignorant about cars, he's just stupid as a person. Anyways, i don't think you do because, as you said "if i bought a car, i would..."
[Fuck Beta]
o0t!
It's not free, but it works better than anything else I've tried, including AdAware and SpyBot. Too bad the interface sucks.
SpySweeper
The roots of education are bitter, but the fruit is sweet.
--Aristotle
Well, we're talking about spyware here. The only thing that comes close to "spying" what you are doing in your car are the infamous black boxes, which record events for the last few seconds. Other than that, there are no constant malicious people wanting to hijack your car (well, maybe there are...), but a computer gets far more attempts from software trying to collect information about the user. Car security is like securing a lot of other things. Lock up your car, put an alarm and pray that nothing bad happens. Thieves distinguish between nice and bad cars. Spyware programmers don't, for them, every computer is a potential target. You can certainly notice when something bad happens to your car, but it's not so easy in a computer. In these times, it is sad to see that it should be now a standard part of user education to teach them how to detect malicious attemps to do something bad in their computer. Virus scanners, spyware removal tools, spam, scams, who knows what will be next? :(
Ow. Since there is no G5 laptop, I guess that would mean you now have hot grits on your lap
Heh... I'm laid off and making extra money helping friends and relatives clean their computers up. This is only another good reason to promote Linux over Microsoft's insecure swiss cheese food product.
"Here you give your troll away. Any Linux app he knew about he could recompile for the Mac, if a fink port didn't already exist. You again fail to mention specifics, too, which almost always means a claim is exaggerated."
:-p
No, I am not trolling. I just had no interest in trying to remember the many different apps he's had me help him look for. You can check out his blog at http://sonic.net/mustang/zathras and see for yourself a couple of the apps he's reviewed.
We've also had no luck setting up video chat via the various protocols, finding any online multiplayer RPGs that both our computers can connect to, getting file transfers to function properly...it just seems like every time I turn around, he's telling me his Mac can't do stuff. If I'm not a troll, I'm a frustrated girlfriend in a long-distance relationship with somebody whose computer isn't being terribly friendly about connecting us.
Comment removed based on user account deletion
Please feel free to use my handle. I am fairly well-known over at the OS X FAQ forums.
Gods don't kill people, people with gods kill people.