Slashdot Mirror


The Average PC is Infested with Spyware

WoodenRobot writes "This article claims that Earthlink have discovered that the average user's PC has 28 spyware programs on it. More details can be found on Earthlink's spyware auditing page." Compare to a university study. The FTC is hosting a Spyware Workshop.

21 of 556 comments (clear)

  1. slightly misleading... by David+E.+Smith · · Score: 5, Informative
    Note that of those 30 pieces of spyware per PC, 24 of them are labeled as "cookies."

    There's still a LOT of junkware/spyware/adware/malware/whatever out there, far more than there should be IMO, but it's not quite as bad as they let on. :-)

    1. Re:slightly misleading... by Valdrax · · Score: 3, Informative

      Typically, the kinds of cookies that spyware programs identify are cookies used by advertising companies that have multiple sites as customers and which are used to track you as a unique user from site to site, building an demographic profile. There have been efforts before to weld information from your logins at these sites to your browsing habits for a more personal marketing profile.

      I've never, for example, seen Ad-Aware tag a Slashdot cookie as a privacy risk, but I have seen it tag Doubleclick and other crap from when I have to use Explorer (which I use for really uncompromising, cookie-laden sites).

      --
      If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
  2. I've seen pretty bad ones by nightsweat · · Score: 4, Informative

    Went to a party a couple weeks ago and cleaned 550+ bits of spyware off the hosts' machine. Took me a couple more days to find and send them the fixes for two IE parasites AdAware and SpyBot S&D didn't see.

    It really should be a violation of the wiretap laws to put this crap on someone's machine. These poor non-technical users' machine was an Athlon 2200 that ran like a 486. Once we took the crap off, it zoomed.

    --

    the major advances in civilization are processes which all but wreck the societies in which they occur - A.N. White
  3. Re:Earthlink? How ironic. by maxbang · · Score: 5, Informative

    I used to be on Earthlink, until I became disgusted with their "support." The only spam I ever get now is from my old address with them. I don't know what their spyware removal is based on, but I know it didn't catch gator running on a friend's PC. Between that and the spam, I don't see myself going back to them in the future, or recommending them to anyone I know.

    --
    I also reply below your current threshold.
  4. 3 programs.. by naelurec · · Score: 4, Informative

    Spybot S&D
    SpywareBlaster
    SpywareGuard

    I use these three programs (in the above order) on lots of spyware infected machines and so far, haveh a LOT of success removing and keeping spyware off those systems. Infact, earlier today, I ran that combo on a system and reduced RAM usage by 100MB, not to mention a huge speed increase (of course, I did some other housecleaning such as disabling startup items & removing some other non-spyware search bars & annoyances).

  5. I just tell my friends one word ... by ninewands · · Score: 3, Informative

    Ad-Aware

    It just works ...

    On one machine on which I installed it, it found and removed more than 256 spyware components (bad cookies, spyware registry keys, etc.). That friend installed it on her brother's PC (according to her, he's a <sarcasm>"Really Bright Guy"</sarcasm>) and it cleaned out more than 1,000 Bad Things(TM).

  6. I always recommend by pretzel_logic · · Score: 4, Informative

    using a web site http://www.doxdesk.com/parasite for spyware detection and removal instructions. Its pretty good!. Post some more links that may be useful

    --

    pretzel_logic
  7. No need to RTFA... by retro128 · · Score: 5, Informative

    ...because a lot of my work is cleaning up those systems infested with spyware. And that's just my parents, co-workers, and friends' systems. My co-worker has a laptop that she telecommutes with, and her sister got a hold of that thing and loaded just about every cute freeware app she could grab on the 'Net. This thing was so loaded down with spyware that they were wrestling each other for control over Internet Explorer, and it wouldn't even browse. I don't remember exactly how many hits Ad Aware picked up, but it was several hundred.

    I also had a bad run in with new.net. My thoughts about those people would land me in jail if put into action. Read about these scumbags along with removal instructions here. I spent an hour trying to extricate it out of my mom's computer before finding this link. This thing has a DLL that literally ties itself into the TCP/IP stack of Windows, so removing it will disable TCP/IP. Just a slight problem, don't you think? Nothing like an untrusted third party app intercepting your TCP/IP calls and doing god knows what with them.

    I should mention that a different co-worker picked up CoolWebSearch, a particularly evil spyware app that resurrects itself even after you try to remove it with Ad-Aware. An awesome app called CWSShredder is available at http://www.spywareinfo.com/~merijn/downloads.html.
    Also located there is a HiJackThis, which scans regkeys commonly used by spyware and allows you to remove them. Be very careful with this app though, as legit keys are listed too.

    In light my experience, I shudder to think what Joe Sixpack must have on his system....

    Last thought: What gets my goat is how everyone's going after virus writers, but no one's touching these asshole spyware programmers. These programs DO interfere with system operations, are difficult to remove (some even actively interfere with ad-removal software), and run without the user's knowledge. I'm probably preaching to the choir here, but I simply must vent.

    --
    -R
  8. Re:Illegal by KingRobot · · Score: 4, Informative

    Usually, you agreed to having it installed on your computer at some point or another; especially Ad-Ware. Often it can be hidden in the fine print of some other programs installation, or a "plug-in" on a website.

  9. Re:Small Issues by pla · · Score: 4, Informative

    And even so (I'm ashamed to admit) there's a bit of spyware that I can't seem to track down.

    Do a Google search for "sted380.zip" (you don't want the ones after that, they disable themselves after a while). It lets you see exactly what programs your computer loads via the numerous startup methods, and delete them. Short of your particular problem somehow running as an actual device-driver, this would let you kill it.

    Also, you might want to make sure you don't have any strange-looking services running - I've seen a number of difficult-to-remove programs that work by letting you kill them easily, but they don't remove an associated service that just reinstalls them at the next reboot.

  10. Do what I do... by Anonymous Coward · · Score: 4, Informative

    I teach a basic computing class (basic & intermediate internet use).

    The primary topics are:
    * Cutting & pasting (get them out of the habit of typing URLs manually)
    * The browser is just a program, the internet is out there *points* all the browser program does is talk to the other computers.
    * This is a URL, this is what the bits of it mean. These are TLDs, these have their registration controlled (mil, gov, etc.), these don't (com, org, etc.).
    * You CANNOT trust everything you read online! (*uses google to find conspiracy theories, instructions on making tinfoil hats*)
    * This is Google. Don't bother with the other search engines. Here is how we use its features...
    * You should NEVER use the following programs unless you HAVE to, due to their insecurity:
    - Internet Explorer
    - Outlook [Express]
    * You SHOULD use the following, free programs:
    - Mozilla (replaces IE + OL, I don't want to confuse them by telling them to try Firefox, it's name might change before they could get it).
    - Adaware
    - Spybot Search & Destroy (NB: we use Google to find these; I warn them to beware the impostor programs)
    - AVG Antivirus (Out-of-date AV programs are nearly useless. I know that you don't want to pay $$$ for constant updates. This is free for personal use [but not business use!], here is where you go to install it).

    As you can see, I have it pretty well down pat by now. If any of you have free time, talk with your local library about setting up free classes like this for the community. We reserve one of our computer labs for this one, and I teach a class every week.

    Most computer users aren't as stupid as they are uneducated. We cannot fix stupidity, but we can fix ignorance. Teach them and the messages will spread; hopefully they will also share their knowledge, mitigating the problems caused by poorly educated computer users.

  11. Lies, damn lies, and statistics. by dtfinch · · Score: 3, Informative

    Their figure of 28 pieces of spyware per computer considers identifying cookies to be spyware. When counting just spyware programs, the number drops to about 5 per computer. That's still quite high. They didn't need to redefine spyware to include things undeserving of the "-ware" suffix to get their point across.

  12. Re:Average this, average that by Anonymous Coward · · Score: 4, Informative
    You are using the wrong statistics terms:

    Mean: The sum of the value of every item divided by the number_of_items in the sample.

    Mode: The item in a sample that has the highest value.
    No, you are.

    You defined the arithmetic mean, which is commonly known as the average.

    Mode is the item in the sample that occurs the most frequently. The item with the higest value is called the maximum.

    The median is the value that occurs midpoint in the list of values when they are sorted in ascending (or descending) order. If the list has an even number of values, the median is the average of the two middle values.

    Dork.
  13. Not only the average PC... by master_p · · Score: 4, Informative

    And this is the case not only for home users, but for intranets also. I recently did a research in my company, and ALL Windows PCs (I mean all, 100%) were infected with at least one registry hack or spyware.

    Most PCs had 100s of registry key compromises (Alexa being the most usual), and lots of spyware...some even had trojans and worms, even if Norton Antivirus is installed to all PCs as a company policy.

    I recently changed my boss' internet explorer with Firefox, and replaced all desktop IE links with firefox.

    I have made the habit of running Spybot - S&D and Lavasoft's Ad-Ware at least once a week, as well as having Antivirus on at all times.

    Has anybody calculated the cost of malware ? it could be thousands of billions of dollars. So much time spend cleaning Windows installations, doing system scans, reboots, registry restores and cleanups...not to mention compromized servers and server downtime.

    How much, if Microsoft was charged, would they have to pay society for the damage ?

  14. Re:Earthlink? How ironic. by Jeremy+Erwin · · Score: 4, Informative

    Earthlink scanned 1,062,756 times, finding 29,540,618 instances of spyware. 23,826,785 of those were "Adware Cookies, which store personal information (like your surfing habits, usernames and passwords, and areas of interest) and share the information with other Web sites." Earthink SpyAudit

    Now, if you eliminate the "adware cookies" as dubious, you're still left with the headline "The average PC contains 5.4 instances of "Adware, System Monitors, and Trojan Horses." Still tabloidish enough to get a rise out of most slashdotters.

  15. Re:Not far from truth by brandonY · · Score: 5, Informative

    I recommend Mozilla or Firefox. They block pop-ups, pop-unders, all potentially bad ActiveX controls, and just about every other form of spyware. If you act now, you can even get standards compliance thrown in for free!

  16. The cookies they do nothing... by Ayanami+Rei · · Score: 4, Informative

    At it's simplest a cookie is a just a mapping from a string to a value that your computer stores on the behalf of some webserver. It looks like this:

    slashdot.org / 31 Apr 2004 user 621112::jrLk8rfhJlszg7DMS6cI83

    Your webbrowser will provide that information to the server (slashdot.org) at a later time (before the expiration, 31 Apr in this case). In this way the server can "remember" who you are by storing whatever it would have otherwise forgotten as that cookie which is saved to your hard drive. In this case it's remembering that "user" equals 621112...blah blah blah. When slashdot sees me trying to load the front page, it gets that cookie, which it looks up and figures out maps to "Ayanami Rei" and shows me my Slashdot homepage as opposed to the generic one.

    Here's the thing. Your web browser justs sends ALL the cookies that the webserver ever left everytime you fetch a URL from that server since it can't tell which one it might want... the server ignores the ones it's not intereseted in.

    So whenever you see an ad banner coming from some site like doubleclick.net, you can be sure that it's setting and checking a doubleclick cookie. The thing that makes it dangerous is that it can also tell (from Referer headers also graciously provided by your browser) what page that ad was referenced from (and hence what page you were browsing!) So doubleclick.net can track you between sites that use their ad banners.

    Etc. Some websites concerned about tracking traffic insert invisible images that fetch and set cookies from centralized webservers to get statistics. While cookies only get and set themselves to servers with the same name, that doesn't mean a bunch of websites can't subscribe to one tracking service. (And they often do...)

    So while I wouldn't call it spyware, you need to be aware of the potential privacy implications and you need to carefully inspect your cookie files or cookie permissions. Mozilla lets you block access to cookies by originating sites, so you can control who can and can't use your cookie storage.

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
  17. Re:whoa! by FryGuy1013 · · Score: 3, Informative

    http://www.musicsonglyrics.com/T/Thursday/Thursday %20-%20Division%20St%20lyrics.htm

    http://forums.mozillazine.org/viewtopic.php?t=68 86 9&highlight=xpi
    for more detail + links to other posts.

    --
    bananas like monkeys.
  18. Bullshit by burbilog · · Score: 4, Informative
    Ditch IE for Firefox. I just did 2 clients' computers today (running slow, yadayada) and guess what? One had 18 spyware trojans installed, the other had 64 (as well as a couple of viruses). Firefox (any Gecko-based browser) is not vulnerable to the crap that IE is. I always tell my clients to not use IE anymore. When they listen, they always have a better overall experience.

    Firefox is not MUCH more secure than IE. Wanna proof? What's the fucking difference between IE's box asking about installation and Firefox's one? Yes, I'm talking about .xpi files. How long it would take before spyware will distribute itself as .xpi files and users will happily click "yes" in these boxes?.... I love mozilla. It's a very good browser. But don't think that it's a magic cure for all spyware.

  19. Analysis of the tool... by ChrisPaget · · Score: 4, Informative

    The Register carried this story earlier - I posted this to John Leyden, and might as well repost here....

    Being somewhat bored on a Friday afternoon, I decided to take a quick peek at
    this software from Earthlink, and found some rather disturbing results. In
    fact, it's ill-represented, borderline illegal, and about as intrusive as
    RealPlayer (and that's saying a lot).

    I ran my machine through their quick'n'dirty scan, which reported
    1 Trojan,
    5 Adware programs,
    65 Adware cookies

    Given that the combined might of one internet security expert, Ad-Aware,
    HijackThis, Spybot Search-and-destroy, and Network Associates Antivirus (all
    with the latest updates - me included!) found nothing, I got somewhat intrigued
    and looked a little deeper. My (american) fiancee has an Earthlink account, so
    I borrowed, that, downloaded the software, and (several reboots and updates
    later), ran their proper spyware detector.

    This showed up that it had found 123search, Alexa Toolbar, Bonzi Buddy,
    OpenSite, and Netbus(!!) on my system. Every one of those apps would be found
    by at least three of the apps which I regularly run, and every one of them would
    have been found in the manual checks which I periodically run as well. So I
    went a little deeper...

    Once the checks had been run, I paused a little before allowing the tool to fix
    the items it had found. In the meantime, I fired up regmon and filemon,
    allowing me to see *everything* that the tool was doing.

    This turned out to be not a whole lot. No files outside of either the Earthlink
    install folder or the system registry were modified in any way. The only
    registry keys which were deleted we for Netbus settings (OK, I fiddled with it
    for a project about a year ago, but a registry key isn't exactly the same as
    having it installed!) and a few random CLSID's that could have been anything.
    Not exactly convincing evidence - especially considering that I know none of
    those other apps have ever been anywhere near this machine...

    So, having "fixed" everything, I ran the quick'n'dirty scan again. Surprise!
    My machine was clean. So, I uninstalled the proper software (its ONLY saving
    grace - it uninstalls cleanly), rebooted, ran the quick scan again, and was not
    entirely surprised to find that it now listed no trojans or adware, but 18
    tracking cookies. Despite only accessing the Earthlink site (and El Reg) since
    it reported that I was clean. And still, Ad-Aware and Spybot report nothing...

    Essentially, it looks like this is reporting large numbers of problems in order
    to convince you to pay Earthlink for their software, which then magically
    "fixes" all the problems (which never existed in the first place). They're
    trading off the FUD associated with Spyware, and it's ethically and (probably
    legally) wrong. Their product may be of benefit to people who know no better,
    but I'd stick with Spybot S&D and Ad-Aware - two very good (and free) apps
    which, when combined with a decent AV scanner (and maybe a personal firewall, to
    boot) give you all the protection you need from spyware, and a whole lot else.

    I have screenshots, logfiles, etc...

  20. Re:Not far from truth by KrisHolland · · Score: 3, Informative

    You are mistaken, Spybot Search and Destroy *IS NOT* spyware.

    Here is a list of *SAFE* Adaware and Spyware removal tools.

    *Free*

    Spybot Search and Destroy
    Adaware

    *Not Free but Good*

    Pest Patrol