The Average PC is Infested with Spyware
WoodenRobot writes "This article claims that Earthlink have discovered that the average user's PC has 28 spyware programs on it. More details can be found on Earthlink's spyware auditing page." Compare to a university study. The FTC is hosting a Spyware Workshop.
In related news, a recent study found that the average computer user is an idiot. Film at 11.
That's not fair, of course. For example, try searching for spyware removal software like "Spybot Search and Destroy." Almost all the links you'll find are for imposters that are themselves spyware. Evil.
Earthlink has their own spyware removal sofware, but I'm amazed it doesn't get caught in an infinite loop installing and removing itself, since Earthlink's software includes spyware.
--- JRJ
jrjBlog
That's a pretty in-depth study, with over 1,000,000 scans, makes the results fairly strong. It's good to see all this combatting of spyware.
It really doesn't surprise me to hear that the average computer has 27.8 instances of spyware on it. Most users have no idea what they're doing; I constantly remove that kind of junk from my family's computers.
Earthlink has been doing a good job of fighting spam and spyware on the internet. I think it's a valiant effort.
Wireless News www.DailyWireless
There's still a LOT of junkware/spyware/adware/malware/whatever out there, far more than there should be IMO, but it's not quite as bad as they let on. :-)
While most spyware is adware-related and relatively benign, it's disturbing that over 300,000 of the more serious system monitors and Trojans were uncovered
I don't think most adware is benign since it eats into available RAM. Some adware also affects application performance, or, worse yet, prevents applications from running. Anyway, I am, again, preaching to the choir.....
Happy Trails!
Erick
http://www.busyweather.com/
That's because I use the average Mac. Much safer than the average PC, even safer than the Average Penguin Box.
Strange women lying in ponds distributing swords is no basis for a system of government.
The average computer or 1 in 20?
Is anyone really surprised?
Most people see a certificate pop up, even if security features are turned on, and accept it as a matter of course. Most people don't even comprehend the concept of Spyware, the idea that clicking links in spam is a Bad Idea or that wearing a tinfoil hat won't protect you from the alien mind control rays.
Did they install spyware on people's computers to go in and report how much spyware they had?
Rank Presidents by th
...is ten million sysadmins and deskside support people all saying "NO SHIT, SHERLOCK!" in unison.
There is a news bit on Ars Technica that the claims are overhyped and the spyware scanning tool returns a lot of false positives.
Does this include cookies? When I run Ad-aware, it usually finds several "tracking" cookies. Maybe this is artificially inflating the number.
Next on slashdot: 1 in 20 slashdot stories infected with SCO$699FeeTroll first posts.
This confirms what I think most of us have known for a while. The average surfer using Internet Explorer or Kazaa (Overnet as well) is likely to be loaded with spyware. Kazaa alone can be held responsible for almost half of those infections I think. As one of the few knowledgable "computer guys" in my dorm, I spend a lot of time cleaning out mucked up computers. I see on average 10 or 15 nasty spyware programs, but I did see 1,500 programs and ActiveX goodies (I'd say maybe 200 of those were cookie warnings though) in this one computer I cleaned. The was apparently, an avid p0rn viewer with no popup protection or the like. Ugly... very ugly...
Ask anybody who services PCs...there's not a machine around that isn't riddled with the stuff, but making a headline out of it is like shrieking about the existence of viruses.
No matter how hard you lock a PC down, a sufficiently determined and stupid user will figure out a way to install that really cool "desktop enhancer" he heard about from a friend.
Ditch IE for Firefox. I just did 2 clients' computers today (running slow, yadayada) and guess what? One had 18 spyware trojans installed, the other had 64 (as well as a couple of viruses). Firefox (any Gecko-based browser) is not vulnerable to the crap that IE is. I always tell my clients to not use IE anymore. When they listen, they always have a better overall experience.
bash: rtfm: command not found
Went to a party a couple weeks ago and cleaned 550+ bits of spyware off the hosts' machine. Took me a couple more days to find and send them the fixes for two IE parasites AdAware and SpyBot S&D didn't see.
It really should be a violation of the wiretap laws to put this crap on someone's machine. These poor non-technical users' machine was an Athlon 2200 that ran like a 486. Once we took the crap off, it zoomed.
the major advances in civilization are processes which all but wreck the societies in which they occur - A.N. White
The most spyware i've ever cleaned off of a box was 877, as reported by adaware. :p
The unfortunate soul was a windows ME box, so it wasnt destined for greatness even without the spyware.
By the time i got there, opening a browser would cause the machine to reboot, and there was no "System" icon in the control panel. Oh yea, he was running AOL too...
Beat that
Comment removed based on user account deletion
I guess we need to make the words "Ad-Aware" as ubiquitous as Google.
"What do you think?" "I think 'What, do you think?!'"
The average EarthLink user's machine is infested with spyware.
You can guess what the average AOL user's machine has.
I don't think I have scanned a machine that didn't have spyware on it lately. I work at an ISP and our customers have so many spyware issues it's pathetic. We have tried to help them out by putting some good information in our newsletters about spyware and how to remove it (spybot/adaware) but it just doesn't seem to matter. People just don't know how to update windows/scan for spyware/viruses. It is pathetic. Windows really needs to be more demanding on the user to run security updates. And people really need to be careful when downloading programs. But, sadly this is very unlikely.
216.194.67.61
Now the rate of spyware/adware requests is down from 2 per second to only 0.3 per second over the last few days :)
Bwhahaha, doing my part in teaching the public :)
Any given time I run Adaware after a day of surfing, I'll typically have 20+ adware cookies. And that's with IE6 set to ignore 3rd-party cookies. It's not something I fret about, 'cuz I've never gotten anything more serious than the cookies. So probably it isn't an average of 24 cookies and 4 spyware programs per PC, it's probably most people with 30+ cookies, and a few people with 10+ spyware programs.
Really, I don't consider tracking cookies to be much worse than, say, RFID tags in all my $100 bills or Walmart purchases. It's a public network, people are going to watch.
That reminds me... time to run Adaware again.
Design for Use, not Construction!
This was on a university PC, running Windows 98 SE.
Using Ad-Aware, it found, and I kid you not: 22,485 units of spyware.
The machine was so infested, it couldn't connect to the Internet (throough the university T-1 lines) because of all the pop-ups, redirects and what not.
In defense of the machine, 11 users had profiles on it, which under Win98, merely copied everything (spyware and all) to the new user. But it was astounding all the same.
part Two
Same university, brand spanking new P4 3.0 Ghz Dell for a big-shot professor.
8,000 units. The professor would click "yes" to every pop-up that came her way, not knowing/caring/reading, what it did. Then complained why the brand new machine was slow and needed a new one.
After removing the spyware, and explaining what had occured, she nodded sagely, and went about her business.
Next day I get a call from her...same issue, tons of popups.
She hadn't listened after all.
It's times like these I wish people like that would be given a Mac or BeOS machine.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Internet Explorer
Outlook or Outlook Express
Microsoft, when contacted, insisted there was no relationship
Spybot S&D
SpywareBlaster
SpywareGuard
I use these three programs (in the above order) on lots of spyware infected machines and so far, haveh a LOT of success removing and keeping spyware off those systems. Infact, earlier today, I ran that combo on a system and reduced RAM usage by 100MB, not to mention a huge speed increase (of course, I did some other housecleaning such as disabling startup items & removing some other non-spyware search bars & annoyances).
Guys I was just wondering: I'm not a Windows PC expert - I live mostly in the UNIX world anyway, but the vulnerabilities that Outlook and Outlook Express have with email worms and viruses, are they also present in Eudora, or Thunderbird etc.? For example, can you still infect a Windows PC -running Thunderbird- with an attachment labelled picture.zip, which turns out to be a Windows binary?
Anyone?
Ad-Aware
...
It just works
On one machine on which I installed it, it found and removed more than 256 spyware components (bad cookies, spyware registry keys, etc.). That friend installed it on her brother's PC (according to her, he's a <sarcasm>"Really Bright Guy"</sarcasm>) and it cleaned out more than 1,000 Bad Things(TM).
utter rubbish
But don't programs like SpyBot S&D install "fake" cookies and such, and then lock them down to prevent the real cookies from being installed?
If that's the case, how many of these cookies (or actual programs) are variations on that theme? Would Earthlinks audit utility see a Spybot S&D cookie and count it as spyware, when it's really not?
If that's the case, then if you've Immunized your computer with S&D, you have every known spyware cookie on your computer according to the audit. This would inflate those numbers dramatically.
Isn't this illegal on several levels? How are these companies not being sued left and right? I can't believe this has become an acceptible standard.
using a web site http://www.doxdesk.com/parasite for spyware detection and removal instructions. Its pretty good!. Post some more links that may be useful
pretzel_logic
Plus some spyware scanners flag any kind of push technology as spyware. The theory is that vendors can use push software to force you to download stuff. Well duh -- any network-aware software runs that risk.
Spyware has gotten so bad I never download closed-source software except from certain extremely reputable sources. And even so (I'm ashamed to admit) there's a bit of spyware that I can't seem to track down. Fortunately it only runs when I reboot (no it's not in any startup lists) and all it does is re-install a program called "readme shim.exe" (yes, that's a blank in the name) which itself is just a stealth spyware downloader. Fortunately, I can simply terminate "readme shim.exe", and not worry about it until I have to reboot (I hibernate when I'm not using the machine). No point in deleting the file -- it'll just come back. Scary that spyware vendors can get that clever!
...because a lot of my work is cleaning up those systems infested with spyware. And that's just my parents, co-workers, and friends' systems. My co-worker has a laptop that she telecommutes with, and her sister got a hold of that thing and loaded just about every cute freeware app she could grab on the 'Net. This thing was so loaded down with spyware that they were wrestling each other for control over Internet Explorer, and it wouldn't even browse. I don't remember exactly how many hits Ad Aware picked up, but it was several hundred.
.
I also had a bad run in with new.net. My thoughts about those people would land me in jail if put into action. Read about these scumbags along with removal instructions here. I spent an hour trying to extricate it out of my mom's computer before finding this link. This thing has a DLL that literally ties itself into the TCP/IP stack of Windows, so removing it will disable TCP/IP. Just a slight problem, don't you think? Nothing like an untrusted third party app intercepting your TCP/IP calls and doing god knows what with them.
I should mention that a different co-worker picked up CoolWebSearch, a particularly evil spyware app that resurrects itself even after you try to remove it with Ad-Aware. An awesome app called CWSShredder is available at http://www.spywareinfo.com/~merijn/downloads.html
Also located there is a HiJackThis, which scans regkeys commonly used by spyware and allows you to remove them. Be very careful with this app though, as legit keys are listed too.
In light my experience, I shudder to think what Joe Sixpack must have on his system....
Last thought: What gets my goat is how everyone's going after virus writers, but no one's touching these asshole spyware programmers. These programs DO interfere with system operations, are difficult to remove (some even actively interfere with ad-removal software), and run without the user's knowledge. I'm probably preaching to the choir here, but I simply must vent.
-R
Why isnt there a list of the ones found most often to least often? Isnt that the kind of info that could bring these things to light? Simply mentioning that X number of people died doesnt tell anyone how to avoid death...
I teach a basic computing class (basic & intermediate internet use).
The primary topics are:
* Cutting & pasting (get them out of the habit of typing URLs manually)
* The browser is just a program, the internet is out there *points* all the browser program does is talk to the other computers.
* This is a URL, this is what the bits of it mean. These are TLDs, these have their registration controlled (mil, gov, etc.), these don't (com, org, etc.).
* You CANNOT trust everything you read online! (*uses google to find conspiracy theories, instructions on making tinfoil hats*)
* This is Google. Don't bother with the other search engines. Here is how we use its features...
* You should NEVER use the following programs unless you HAVE to, due to their insecurity:
- Internet Explorer
- Outlook [Express]
* You SHOULD use the following, free programs:
- Mozilla (replaces IE + OL, I don't want to confuse them by telling them to try Firefox, it's name might change before they could get it).
- Adaware
- Spybot Search & Destroy (NB: we use Google to find these; I warn them to beware the impostor programs)
- AVG Antivirus (Out-of-date AV programs are nearly useless. I know that you don't want to pay $$$ for constant updates. This is free for personal use [but not business use!], here is where you go to install it).
As you can see, I have it pretty well down pat by now. If any of you have free time, talk with your local library about setting up free classes like this for the community. We reserve one of our computer labs for this one, and I teach a class every week.
Most computer users aren't as stupid as they are uneducated. We cannot fix stupidity, but we can fix ignorance. Teach them and the messages will spread; hopefully they will also share their knowledge, mitigating the problems caused by poorly educated computer users.
Have you looked into using a product like Deep Freeze? It locks the HDD down in such a manner that you can install whatever you want to but upon rebooting it returns to the state it was in when Deep Freeze was installed. Just have everybody save to removable media, a network share, or make DF ignore a particular directory and the problem is solved. I've used this as a solution in a couple of small private schools and it works like a charm.
Dok
"You can't screw the system, but you can give it a good fondling." -- Too lazy to look it up
Did this list include Microsoft products like Windows XP and Windows Media PLayer? Surely that is just as much spyware as any of the stuff that people download off the net.
That's because a fresh, out-of-the-box, consumer-grade machine from Dell (or HP or Compaq) DOES come with Spyware/Adware installed. For example: WildTangent games, RealOne Player, MusicMatch, et cetera. The manufacturers get PAID to put these on customer PC's and get COMMISSIONS for each conversion to the full-featured product. If you think I'm making this up, then go out to Best Buy, Circuit City, Staples or CompUSA and look at any of the systems they sell. Dell's consumer-level stuff is no better or worse in this regard.
--- A man with a briefcase can steal more money, than any man with a gun. [Don Henley]
Anyway, the Earthlink sample size was over 1 million. A single outlier or small group of outliers will not significantly affect that average, unless they had a couple of hundred thousand instances on his computer, and everyone else had 3.
There is a reason for everything. Sometimes that reason just sucks.
Their figure of 28 pieces of spyware per computer considers identifying cookies to be spyware. When counting just spyware programs, the number drops to about 5 per computer. That's still quite high. They didn't need to redefine spyware to include things undeserving of the "-ware" suffix to get their point across.
Not sure about Earthlink, but recently I've learned that the Pop-ads blocking software I had installed on my machine was in fact spyware.
So I've removed it and installed Google. At least in Google you can explicitly set the option so it does not collect any information (hopefully, Google is more trustworthy in this respect).
You defined the arithmetic mean, which is commonly known as the average.
Mode is the item in the sample that occurs the most frequently. The item with the higest value is called the maximum.
The median is the value that occurs midpoint in the list of values when they are sorted in ascending (or descending) order. If the list has an even number of values, the median is the average of the two middle values.
Dork.
Thank god my parents have a Mac. I'm reading these horror stories and I am cringing thinking if I had to support a PC for the P's... I do support one for a friend, and my god what a clusterf**k. The're going to Mozilla for good.
And this is the case not only for home users, but for intranets also. I recently did a research in my company, and ALL Windows PCs (I mean all, 100%) were infected with at least one registry hack or spyware.
Most PCs had 100s of registry key compromises (Alexa being the most usual), and lots of spyware...some even had trojans and worms, even if Norton Antivirus is installed to all PCs as a company policy.
I recently changed my boss' internet explorer with Firefox, and replaced all desktop IE links with firefox.
I have made the habit of running Spybot - S&D and Lavasoft's Ad-Ware at least once a week, as well as having Antivirus on at all times.
Has anybody calculated the cost of malware ? it could be thousands of billions of dollars. So much time spend cleaning Windows installations, doing system scans, reboots, registry restores and cleanups...not to mention compromized servers and server downtime.
How much, if Microsoft was charged, would they have to pay society for the damage ?
At it's simplest a cookie is a just a mapping from a string to a value that your computer stores on the behalf of some webserver. It looks like this:
slashdot.org / 31 Apr 2004 user 621112::jrLk8rfhJlszg7DMS6cI83
Your webbrowser will provide that information to the server (slashdot.org) at a later time (before the expiration, 31 Apr in this case). In this way the server can "remember" who you are by storing whatever it would have otherwise forgotten as that cookie which is saved to your hard drive. In this case it's remembering that "user" equals 621112...blah blah blah. When slashdot sees me trying to load the front page, it gets that cookie, which it looks up and figures out maps to "Ayanami Rei" and shows me my Slashdot homepage as opposed to the generic one.
Here's the thing. Your web browser justs sends ALL the cookies that the webserver ever left everytime you fetch a URL from that server since it can't tell which one it might want... the server ignores the ones it's not intereseted in.
So whenever you see an ad banner coming from some site like doubleclick.net, you can be sure that it's setting and checking a doubleclick cookie. The thing that makes it dangerous is that it can also tell (from Referer headers also graciously provided by your browser) what page that ad was referenced from (and hence what page you were browsing!) So doubleclick.net can track you between sites that use their ad banners.
Etc. Some websites concerned about tracking traffic insert invisible images that fetch and set cookies from centralized webservers to get statistics. While cookies only get and set themselves to servers with the same name, that doesn't mean a bunch of websites can't subscribe to one tracking service. (And they often do...)
So while I wouldn't call it spyware, you need to be aware of the potential privacy implications and you need to carefully inspect your cookie files or cookie permissions. Mozilla lets you block access to cookies by originating sites, so you can control who can and can't use your cookie storage.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Well, duh! You don't need to tell slashdotters that, you need to tell the technically illiterate clowns who don't read slashdot, and can't find any website that doesn't end in .com. They used to get quite a shock trying to find the White House!
How ya like dat?
I doubt anyone will actually see this besides you so I will post the meat of my squid.conf file. It doesn't block ALL garbage, as for it only blocks the garbage that I have encountered. In a way it is only as good as the person that *trained* it.
What I have done essentially is enabled the real time URL filtering access control list abilities of squid. It isn't clean but instead of plastering it with crazy regular expressions, I have attempted to keep the list in alphabetical order (well I need to sort it yet again...).
I also have a fairly massive host file that cover some sites that I am not blocking. Though I could technically incorporate the host file into the squid file but I haven't done that either... lol!
I also have installed a lame little web counter that gets updated (works >50%) when redirected from the deny info tags.
you can see the configuration snippet here.
http://www.musicsonglyrics.com/T/Thursday/Thursday %20-%20Division%20St%20lyrics.htm
8 86 9&highlight=xpi
http://forums.mozillazine.org/viewtopic.php?t=6
for more detail + links to other posts.
bananas like monkeys.
Firefox is not MUCH more secure than IE. Wanna proof? What's the fucking difference between IE's box asking about installation and Firefox's one? Yes, I'm talking about .xpi files. How long it would take before spyware will distribute itself as .xpi files and users will happily click "yes" in these boxes?....
I love mozilla. It's a very good browser. But don't think that it's a magic cure for all spyware.
I briefly ran their "TotalAccess" software (not recommended, btw) which included some sort of spyware detection. It decided that VNC was spyware and removed some of its settings (I forget what exactly) from the Windows registry. It did not find anything else on my system, but I wonder how many other false positives it yields.
OMG! That makes me angry. The plugin that comes from the first URL is from www2.flingstone.com which redirects to the following URL: http://www.blazefind.com/license.html which is a clear slyware eula. I suspect that this would install and run beautifully on my Linux box with Mozilla 1.6... I feel like a child who has just had his innocence stolen.
bash: rtfm: command not found
Did anyone else notice the Javascript in the second link using https to report home ever 10 seconds or so?
I didn't bother to go to far into disecting it, but I do find it amusing that it's obviously up to something on the page with an article about spyware.
The Register carried this story earlier - I posted this to John Leyden, and might as well repost here....
Being somewhat bored on a Friday afternoon, I decided to take a quick peek at
this software from Earthlink, and found some rather disturbing results. In
fact, it's ill-represented, borderline illegal, and about as intrusive as
RealPlayer (and that's saying a lot).
I ran my machine through their quick'n'dirty scan, which reported
1 Trojan,
5 Adware programs,
65 Adware cookies
Given that the combined might of one internet security expert, Ad-Aware,
HijackThis, Spybot Search-and-destroy, and Network Associates Antivirus (all
with the latest updates - me included!) found nothing, I got somewhat intrigued
and looked a little deeper. My (american) fiancee has an Earthlink account, so
I borrowed, that, downloaded the software, and (several reboots and updates
later), ran their proper spyware detector.
This showed up that it had found 123search, Alexa Toolbar, Bonzi Buddy,
OpenSite, and Netbus(!!) on my system. Every one of those apps would be found
by at least three of the apps which I regularly run, and every one of them would
have been found in the manual checks which I periodically run as well. So I
went a little deeper...
Once the checks had been run, I paused a little before allowing the tool to fix
the items it had found. In the meantime, I fired up regmon and filemon,
allowing me to see *everything* that the tool was doing.
This turned out to be not a whole lot. No files outside of either the Earthlink
install folder or the system registry were modified in any way. The only
registry keys which were deleted we for Netbus settings (OK, I fiddled with it
for a project about a year ago, but a registry key isn't exactly the same as
having it installed!) and a few random CLSID's that could have been anything.
Not exactly convincing evidence - especially considering that I know none of
those other apps have ever been anywhere near this machine...
So, having "fixed" everything, I ran the quick'n'dirty scan again. Surprise!
My machine was clean. So, I uninstalled the proper software (its ONLY saving
grace - it uninstalls cleanly), rebooted, ran the quick scan again, and was not
entirely surprised to find that it now listed no trojans or adware, but 18
tracking cookies. Despite only accessing the Earthlink site (and El Reg) since
it reported that I was clean. And still, Ad-Aware and Spybot report nothing...
Essentially, it looks like this is reporting large numbers of problems in order
to convince you to pay Earthlink for their software, which then magically
"fixes" all the problems (which never existed in the first place). They're
trading off the FUD associated with Spyware, and it's ethically and (probably
legally) wrong. Their product may be of benefit to people who know no better,
but I'd stick with Spybot S&D and Ad-Aware - two very good (and free) apps
which, when combined with a decent AV scanner (and maybe a personal firewall, to
boot) give you all the protection you need from spyware, and a whole lot else.
I have screenshots, logfiles, etc...
Geeze I don't know why adware is such a huge problem. I always tell my family not to click "yes" whenever IE asks you to install something and they don't because I've already installed everything you need. Plus we get the latest windows updates whenever they come out. That alone will keep you safe 99% of times. Unfortunately I suppose there's folks out there that hit "yes" to anything. I wonder if someone put a pay me $100 pop-up (yes/no) if they'd learn faster.
Or, just click Start, click Run, type "msconfig," hit Enter, click the Startup tab, and uncheck anything that you don't want to run at startup. There are numerous guides online that can help you sort the wheat from the chaff, and just doing this once will probably be enough, especially if you have a name-brand PC that you bought from Best Buy (since manufacturers and places like BB tend to pile on a bunch of unnecessary startup modules).
That's funny, because Sprint's residential DSL, which partners with Earthlink under an arrangement whose terms are not known to me...
wait for it...
HAS SPYWARE BUILT INTO THE SETUP SOFTWARE!
Or at least it did when my parents subscribed. Nothing that a disk crash and a reinstall with RASPPPOE couldn't solve, but wow.
I guess that's not quite as bad as their new Compaq desktop that came with spyware PREINSTALLED.
There's a general philosophy amount consumer software and hardware distributors that people don't want to know what goes on underneath, and give their tacit permission for them to put whatever the hell they want on there. We keep blaming code bloat for making computers run slower than they used to, but maybe the fact that people have a couple dozen completely unnecessary processes running, each using just a few megs of RAM that nobody would notice missing by itself, has something to do with it.
Granted, I could probably cut down on a few things running on my fairly stock Debian/KDE workstation, but they use about 1/100 the resources as the useless crap on my parents' machine. Of course, none of the things on my machine that I'm not entirely sure I need are designed to scan web pages I read for key words and deliver pop-up ads for competitors.
WARNING: there is a trojan on your
you would say come up with a virus. a good virus not a nasty one. the type of virus that as soon as it detects another virus or spy-ware it would flood the offender with goatse.cx pictures until their servers blew up, better yet a virus that does that t spam to. if you really were geeks there would be a posting in the next week or too of a really good app that was an awesome counter strike to spam/spy-ware/ad-ware kinda like a seti at home dedicated to destroying the aforementioned banes to the computer world.
I use S&D, and it don't tell nobody what I found.. so how come earthlink knows?
the proof is in the subject, THEY KNOW HOW MANY THEY FOUND....
every day http://en.wikipedia.org/wiki/Special:Random
At a friend's computer store he charges $75-150 to remove spy-ware and install ad-aware or spybot. All he does is run ad-aware and then spy-bot. The charge is for the time and the dumbass factor. He has one dumbass that pays this monthly because he's to stupid to stop clicking and run the programs himself.
Professional Politicians are not the solution, they ARE the problem.
Spyware removal software typically counts the number of files + the number of cookies + the number of registry keys related to spyware it finds. So it's not uncommon to get a report with over 150 items when the user has only installed Gator.
A badly-spyware-ridden machine could have thousands of those items.
Now, if only one computer out of 10 has Gator, you'll still find that on average, each computer has 15 items. Most typically - specially in corporate environments - you'll find a few machines with thousands of spyware items and a lot of computers with no spyware - since employees aren't _all_ fucking around with company time.
So, um, another ignorant Slashdot story. Grr.
This is exaclty why I can't stand Windows. Every little program has spyware and leaves crap all over your system. It's either that or god-awful adware that makes a desktop look like a carnival. A Linux desktop is quite refreshing to look at.
Time makes more converts than reason
I had been using both Lavasoft's Ad-Aware and Kolla's SpyBot Search and Destroy to keep my box free of crapware, before my boss turned me onto Webroot's Spy Sweeper.
I've been SpySweeper as my primary spyware scanning tool ever since, with Ad-Aware as a 2nd-scan chaser. On the rare occasion that Spy Sweeper misses something, Ad-Aware always gets it, with a 0% margin of error (when using Spybot S&D as a 3rd-round scanner). Conversely, there were a few occasions that Spy Sweeper missed something in Round #1, but Spybot S&D also missed a few in Round #2, so that it was necessary to run a 3rd scan at all using Ad-Aware.
To summarize: Spy Sweeper rocks. If you want even more security, run periodic Ad-Aware scans, and you should be spyware-free (assuming you keep your product definitions updated).
I'm a fairly saavy (hate that term) computer user, 20 years experience, professional web developer.. I know what to avoid, I know what to click no on, I have stop-the-pop on my win box.. I still have on average 40 different spyware apps installed on my box every week (between spybot and adaware) .. When ever I go over to someones house and run a scan for the first time, there are generally over 400... its getting outrageous.
Did that 28 include theirs?
Medicine is complicated, but most people know enough that if they have a headache, aspirin will make it go away. They don't need to know exactly what aspirin does at the molecular-biology level.
Almost every complex thing breaks down into simpler parts, or concepts.
This can be applied to cars - you've got a seat, an engine, wheels. The engine is connected to the wheels by something (we could call it the drivetrain if we so wished). The front wheels are connected to the steering wheel, and can turn left and right.
Using just this basic information you can start to diagnose problems - if the engine is going, but the car's not moving, the problem must be either a lack of wheels or something's wrong with the drivetrain. That kind of thing.
Same thing works for computers - except because it's mostly software (where the problems lie) it's a bit harder to grasp. People just need to be told the basic steps computers go through (after all, that's all they do, just step through instructions).
If my mother was to ask me how Internet Explorer works, I wouldn't start by telling her the names of API calls (not that I know them). I would tell her you type in a URL (which includes the name of a server), it asks another computer where that server lives and then goes to that server and asks for a document.
My point is that just because something's complicated isn't an excuse, or an invitation, to be ignorant. Almost everything can be abstracted to high enough a level for anyone to understand, at a basic level.
So I take a look. In my experience, most people have about 3 programs they use most of the time. For most people using Windows, that would be Explorer, Outlook, and then something else, like Word or something. But, and this NEVER EVER fails, they ALWAYS have about 175 programs installed that take up tons of space, many of which have all kinds of daemons that run in the background, causing the hard drive to grind around all the time, causing all kinds of weird and questionable messages and popups to appear, and best of all, make the whole thing run so damn slow that it's a wonder they can get any work done.
Unfortunately, no matter how hard you try to explain it, 99% of the users DON'T understand: Use this computer for its intended purpose, and DON'T download or install all kinds of shit! Don't go to all kinds of web sites that you aren't familiar with! Don't run or open something when you don't know 100% for sure what it is!
But do they listen? NO!!! Of course not!
The solution is to develop a finely grained security model where not only is the user and his files protected, but so are processes, pipes, and just about any other "object", as it were. And these damn things should ship, by default, to do what most users need to do, but under extremely limiting circumstances, so that their computer will refuse even to download some attachment to an email unless some really complicated process is first carried out. Something requiring commands to be entered into a terminal window. Because even if you ask, "Are you ABSOLUTELY POSITIVELY SURE you want to open this attachment, which will MOST LIKELY **D**E**L**E**T**E your files, beginning with those that are most important to you??? Push any key to answer "no" or type, "I, [your name here], do hereby solemnly swear, under penalty of deletion of all of my files, that I am absolutely positively sure that I WANT TO OPEN THIS ATTACHMENT, which will most likely delete my files, beginning with those that are most important to me," you can rest assured that MOST users will simply punch all of that in to answer "yes" and then wonder why in the hell their computer doesn't work properly.
But the best part is when they don't understand that the malfunction is all in software, which should, at that point, be blown off and reinstalled, and instead think that replacing the entire computer will solve their problem. And then they download all of the same **S**H**I**T** into it and end up in the same situation.
I use IE on Windows, more due to apathy than anything else. I have also not had to remove ANY spyware AT ALL from my PC (other than cookies) in the last four years.
The secret to my success is to lock down ActiveX and restrict scripting. Most of these spyware apps do drive-by installations through ActiveX applets, so if ActiveX is disabled then spyware cannot be installed.
I have included many websites in the Restricted zone, where scripting and ActiveX are both disabled. The default setting for new websites is to prompt for ActiveX, and I always say No unless I know in advance what the ActiveX control is.
I have to say No several times a day, but this is no more onerous than closing a popup, and if it annoys me I could always disable ActiveX.
I also scan with Adaware and Spybot Search and Destroy periodically, and I use a popup blocker and Zonealarm. Not much gets through all of that.
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
The average PC is a Windows box run by an idiot with 28 malwares on it.
Makes sense to me.
</slackwareuser>
Doing the same thing as spyware on your own can get you some years in jail. But if you act as beeing a company doing profit with this stuff then it's perfectly legal.
Oh, please. Why is anybody who wanders outside of the Microsoft cage a "zealot"? What we really need is a pithy word for people who willingly wallow in the same cesspool year after year, especially when it's so easy now to climb out...
This so called "Spyware Detection" program is a fraud. It is nothing more than a marketing ploy to get people to join Earthlink.
First, it claims that I have several spyware programs on my machine that I know for a fact I do not. Alexa and Wild Tangent are no where near this machine. Spybot and AdAware confirm, as well as manual checks. Seems they are possibly scanning registry keys, and finding SpywareBlaster's kill bit - either that or it is flat out lying.
Second, it uses generic names for non existent "trackers" - "Spy #5c5f4 -- Research In Progress" - sorry, if it's real, then it should have a name.
Finally, and this is the most aggravating one - this program identifies a cookie that Earthlink itself places on your machine when you visit this page as a adware cookie. They also list one cookie that I do have that I need - from TV Guide - to keep track of my channel listings on the TV Guide site. This I'll simply ignore, even though it's still wrong.
This means they are intentionally placing files on your machine so they can identify stuff to make you, the supposed ignorant user, paranoid and lead you to believe that joining their service and using their tools (which are freely available anyway) will keep these things off your machine.
~~Iggy~~
The gene pool needs a lifeguard....