The Average PC is Infested with Spyware
WoodenRobot writes "This article claims that Earthlink have discovered that the average user's PC has 28 spyware programs on it. More details can be found on Earthlink's spyware auditing page." Compare to a university study. The FTC is hosting a Spyware Workshop.
That's because I use the average Mac. Much safer than the average PC, even safer than the Average Penguin Box.
Strange women lying in ponds distributing swords is no basis for a system of government.
Is anyone really surprised?
Most people see a certificate pop up, even if security features are turned on, and accept it as a matter of course. Most people don't even comprehend the concept of Spyware, the idea that clicking links in spam is a Bad Idea or that wearing a tinfoil hat won't protect you from the alien mind control rays.
There is a news bit on Ars Technica that the claims are overhyped and the spyware scanning tool returns a lot of false positives.
This confirms what I think most of us have known for a while. The average surfer using Internet Explorer or Kazaa (Overnet as well) is likely to be loaded with spyware. Kazaa alone can be held responsible for almost half of those infections I think. As one of the few knowledgable "computer guys" in my dorm, I spend a lot of time cleaning out mucked up computers. I see on average 10 or 15 nasty spyware programs, but I did see 1,500 programs and ActiveX goodies (I'd say maybe 200 of those were cookie warnings though) in this one computer I cleaned. The was apparently, an avid p0rn viewer with no popup protection or the like. Ugly... very ugly...
Comment removed based on user account deletion
I don't think I have scanned a machine that didn't have spyware on it lately. I work at an ISP and our customers have so many spyware issues it's pathetic. We have tried to help them out by putting some good information in our newsletters about spyware and how to remove it (spybot/adaware) but it just doesn't seem to matter. People just don't know how to update windows/scan for spyware/viruses. It is pathetic. Windows really needs to be more demanding on the user to run security updates. And people really need to be careful when downloading programs. But, sadly this is very unlikely.
Any given time I run Adaware after a day of surfing, I'll typically have 20+ adware cookies. And that's with IE6 set to ignore 3rd-party cookies. It's not something I fret about, 'cuz I've never gotten anything more serious than the cookies. So probably it isn't an average of 24 cookies and 4 spyware programs per PC, it's probably most people with 30+ cookies, and a few people with 10+ spyware programs.
Really, I don't consider tracking cookies to be much worse than, say, RFID tags in all my $100 bills or Walmart purchases. It's a public network, people are going to watch.
That reminds me... time to run Adaware again.
Design for Use, not Construction!
Try working for an ISP.
I do. We're a small shop, we'll fix your PC even if you're the one who f'd it up by installing Kazaa. Our current record, as reported by Ad-Aware 6.181 with a then-current reference file, is 1354. It's on a whiteboard near our workbench. This record has held for over a month now; the previous record was "merely" 950-something.
This was on a university PC, running Windows 98 SE.
Using Ad-Aware, it found, and I kid you not: 22,485 units of spyware.
The machine was so infested, it couldn't connect to the Internet (throough the university T-1 lines) because of all the pop-ups, redirects and what not.
In defense of the machine, 11 users had profiles on it, which under Win98, merely copied everything (spyware and all) to the new user. But it was astounding all the same.
part Two
Same university, brand spanking new P4 3.0 Ghz Dell for a big-shot professor.
8,000 units. The professor would click "yes" to every pop-up that came her way, not knowing/caring/reading, what it did. Then complained why the brand new machine was slow and needed a new one.
After removing the spyware, and explaining what had occured, she nodded sagely, and went about her business.
Next day I get a call from her...same issue, tons of popups.
She hadn't listened after all.
It's times like these I wish people like that would be given a Mac or BeOS machine.
So rise up, all ye lost ones, as one, we'll claw the clouds.
There's no doubt the survey is accurate - as an independant consultant, I deal with this all the time. I run Ad-Aware on badly behaving Windows boxes and show their 'owners' just what a mess they have. Record so far is 500+ items tagged by AdAware. Unreal.
This problem is on par with SPAM and viruses, and consumes serious IT cycles to manage. My usual couse of action for any new client is: SOPHOS AntiVirus, pop-up blocker, AdAware, alternative browser (eg Netscape, Firebird), alternative email client (eg. thunderbird). Not to mention religious use of Windows Update, a strong permiter firewall and replacing NT/2000 servers with Linux boxes running SAMBA, themselves fully hardened agaisnt attack. Of course, SpamAssassin is a must on the mail server.
It's a war. And I fight to win.
Plus some spyware scanners flag any kind of push technology as spyware. The theory is that vendors can use push software to force you to download stuff. Well duh -- any network-aware software runs that risk.
Spyware has gotten so bad I never download closed-source software except from certain extremely reputable sources. And even so (I'm ashamed to admit) there's a bit of spyware that I can't seem to track down. Fortunately it only runs when I reboot (no it's not in any startup lists) and all it does is re-install a program called "readme shim.exe" (yes, that's a blank in the name) which itself is just a stealth spyware downloader. Fortunately, I can simply terminate "readme shim.exe", and not worry about it until I have to reboot (I hibernate when I'm not using the machine). No point in deleting the file -- it'll just come back. Scary that spyware vendors can get that clever!
Ad-Aware
Ad-Aware is great stuff, however you need to be careful recommending in beacause of the low life scum at Ada-Ware. I had one of my friends install that by mistake.
Something strange I noticed last night looking for lyrics on a popular site, is that I was prompted to install a "Free Access Plugin" firefox extension.
I tried searching google to find it again, but the only thing I'm finding is a page in german, which I'm not entirely sure is what I'm talking about.
If I were one of my users, I would have clicked Install, because I'd be jawdroppingly retarded.
The XPInstall functionality is a tradeoff between security and convenience, but just like IE's install feature, it's going to be abused.
Hopefully standard unix security stems the tide.
The problem with Outlook has always been the number of holes that allowed a maliciously crafted email to run the attachment automatically or hide its true file type (for example making a exe look like a jpeg or wav file).
:-)
Even so, no matter what the email client is, there's no good way to stop a determined user from running an attachment. Heck, some viruses even send themselves in *encrypted* zip files (to avoid email scanners I guess), yet plenty of users are foolish enough to actually type in the password (from the body of the email), unzip the file, and run the program!
Unless it just flatly deleted all attachments, no email client, even under unix, can totally prevent that kind of willful cluelessness.
Not sure about Earthlink, but recently I've learned that the Pop-ads blocking software I had installed on my machine was in fact spyware.
So I've removed it and installed Google. At least in Google you can explicitly set the option so it does not collect any information (hopefully, Google is more trustworthy in this respect).
Oh yeah, I was there just last weekend. A relative calls up and says his Dell 2.8Ghz is acting slow. Like slower than his old Pentium 90. I'm two states away, so I had to talk him through everything. It was so bad that he couldn't even get the start button to respond, or use the task manager to kill processes. We download adaware, and run it in safe mode. It cleans 850+ off the machine. Reboot, and the thing is still extremely slow. Back to safe mode, download the current reflist (I didn't think it was worth it at first to give him a half hour lesson over the phone on how to use winzip). Adaware with the current reference's then proceeds to find another 300 or so. Update Mcafee to current virus dat, and scan entire harddrive - finding nothing. Reboot again, and it's still insanely slow although better than before. So I give another lesson on how to edit the registry and he removed two more programs that were being run through rundll32 in startup. After 3 hours, 25+ process, hundreds of cookies and registry entries later, it was finally back and running. It would've been quicker to pop in the recovery disk and rebuild. Unfortunately, since I did all of it over the phone, so I wasn't able to backup copies of the adaware logs to get exact numbers. Damn junior high kids installing everything and its mother.
The first result is Lavasoft (makers of AdAware) and the third is Spybot-S+D. What's the problem?
Well, duh! You don't need to tell slashdotters that, you need to tell the technically illiterate clowns who don't read slashdot, and can't find any website that doesn't end in .com. They used to get quite a shock trying to find the White House!
How ya like dat?
I'm not sure about Earthlink, but I worked for BellSouth and our install CD basically included spyware. It didnt have ads or anything like that and its main purpose (which it failed at, miserably) was simply to collect customer settings so that when they messed something up they could simply "revert" to their last known good settings. It collected no marketing or advertising info. At any rate, it was classified as spyware by Ad-Aware. So i suppose it all depends on your definition...
Matt
You have 1 Moderator Point! Use it or lose it! Is that a threat? -vapid
Pop-ups - Google Toolbar
Pop-unders - Google Toolbar
ActiveX - Can be disabled in Internet Options
As for "just about every other form of spyware", I call bullshit. Other than ActiveX components that either install automatically (if IE is improperly configured) or if the user clicks "Yes" (more likely), other spyware is delivered through executables. How does Mozilla protect a user from installing Kazaa with Gator?
The only true way to be 100% safe on the Internet is to install Gentoo on your G5 laptop and dump hot grits on it.
Of course this solution won't help those techies who's friends always call them or those with family that do not want to learn because "it's too complicated" or "I'm not the technichal type".
The ace in your sleeve: a Mac. Any non-tech type comes up to me and asks me what computer to get, I tell them to get a Mac. If they ask for help on a PC they already own, I tell them to ask the person who recommended it how to fix it; I may end up fixing it anyway, but then I recommend a Mac. Anyone who has not followed my recommendation the next time they ask for help is cut off, cold. Anyone who has followed my recommendation either won't bug me with stupid problems so much, or they'll be so stupid that fixing them won't be such a chore like it is on Windows boxes.
I once had a friend I recommended a Mac to and he ignored me and got sold on some $2000 Windows setup at CompUSA. Then he tried to brag about his new $2000 PC, and I had to say, "Dude, if I thought you should have gotten a PC I would have said to get one, and if I thought this was the setup you needed I could have gotten you it for under a grand." Still he called me when he was having trouble connecting it to the net! My understanding is that CompUSA was willing to help him out for another $80 . . . moron!
I run Ad-Aware on badly behaving Windows boxes and show their 'owners' just what a mess they have. Record so far is 500+ items tagged by AdAware. Unreal.
Only 500? I've watched the PC techs at our shop place at least three machines into the "1000-club". The amazing thing is about 15% of the machines we clean come back within a week, infested again, despite the fact that every PC that leaves our service department leaves with spybot and ad-aware on the desktop, with instructions on how to run them weekly.
"Your internet connection isn't optimized. Click 'yes' to optimize"
"Click 'yes' to enter this web site"
"You must click 'Yes' to view this web page"
Don't people ever learn? I certainly hope not - they keep people like us in business.
(now watch me destroy my karma... "and this is yet another reason why I am soooo glad I own a mac.")
I work for the Department of Redundancy Department.
I briefly ran their "TotalAccess" software (not recommended, btw) which included some sort of spyware detection. It decided that VNC was spyware and removed some of its settings (I forget what exactly) from the Windows registry. It did not find anything else on my system, but I wonder how many other false positives it yields.
Did anyone else notice the Javascript in the second link using https to report home ever 10 seconds or so?
I didn't bother to go to far into disecting it, but I do find it amusing that it's obviously up to something on the page with an article about spyware.
That's funny, because Sprint's residential DSL, which partners with Earthlink under an arrangement whose terms are not known to me...
wait for it...
HAS SPYWARE BUILT INTO THE SETUP SOFTWARE!
Or at least it did when my parents subscribed. Nothing that a disk crash and a reinstall with RASPPPOE couldn't solve, but wow.
I guess that's not quite as bad as their new Compaq desktop that came with spyware PREINSTALLED.
There's a general philosophy amount consumer software and hardware distributors that people don't want to know what goes on underneath, and give their tacit permission for them to put whatever the hell they want on there. We keep blaming code bloat for making computers run slower than they used to, but maybe the fact that people have a couple dozen completely unnecessary processes running, each using just a few megs of RAM that nobody would notice missing by itself, has something to do with it.
Granted, I could probably cut down on a few things running on my fairly stock Debian/KDE workstation, but they use about 1/100 the resources as the useless crap on my parents' machine. Of course, none of the things on my machine that I'm not entirely sure I need are designed to scan web pages I read for key words and deliver pop-up ads for competitors.
WARNING: there is a trojan on your
you would say come up with a virus. a good virus not a nasty one. the type of virus that as soon as it detects another virus or spy-ware it would flood the offender with goatse.cx pictures until their servers blew up, better yet a virus that does that t spam to. if you really were geeks there would be a posting in the next week or too of a really good app that was an awesome counter strike to spam/spy-ware/ad-ware kinda like a seti at home dedicated to destroying the aforementioned banes to the computer world.
I ran Ad-aware on my brother's computer last weekend and it tagged the Wizards of the Coast cookie. I'm guessing it just looks at the expiry date.
Not to mention religious use of Windows Update...
The scary part is that there are IE/Windows exploits for which no patches currently exist, so Windows Update can't possibly protect you in those cases. What's even worse is that those exploits are being used NOW.
During the time when I naively thought IE would be perfectly safe with all patches, I came across an ad popup that downloaded and ran an executable. Yes, I was fully patched, I even checked afterwards. Turns out the popup got through using an exploit that currently lacks a patch. Luckily, file permissions saved my ass that time, but I'm switching to Firefox to be safe.
Earthlink isn't far from being AOL. I had major trouble with them several times when I first went on-line. The capper was, after I cancelled my account, they billed me for a full year's service ONE YEAR LATER (rather than motnhly, as I was paying it.)
I'm a fairly saavy (hate that term) computer user, 20 years experience, professional web developer.. I know what to avoid, I know what to click no on, I have stop-the-pop on my win box.. I still have on average 40 different spyware apps installed on my box every week (between spybot and adaware) .. When ever I go over to someones house and run a scan for the first time, there are generally over 400... its getting outrageous.
So true and so funny. However, if it had been something more sensational and catchy, like "Spyware is Taking Over the World" you - or someone like you - would have complained that it was sensational. Lets face it, most headlines one of the following:
- Boring
- Dull
- Sensational
Just an observation.Question everything
Doing the same thing as spyware on your own can get you some years in jail. But if you act as beeing a company doing profit with this stuff then it's perfectly legal.
Oh, please. Why is anybody who wanders outside of the Microsoft cage a "zealot"? What we really need is a pithy word for people who willingly wallow in the same cesspool year after year, especially when it's so easy now to climb out...