Slashdot Mirror


The Average PC is Infested with Spyware

WoodenRobot writes "This article claims that Earthlink have discovered that the average user's PC has 28 spyware programs on it. More details can be found on Earthlink's spyware auditing page." Compare to a university study. The FTC is hosting a Spyware Workshop.

142 of 556 comments (clear)

  1. Earthlink? How ironic. by jrj102 · · Score: 5, Funny

    In related news, a recent study found that the average computer user is an idiot. Film at 11.

    That's not fair, of course. For example, try searching for spyware removal software like "Spybot Search and Destroy." Almost all the links you'll find are for imposters that are themselves spyware. Evil.

    Earthlink has their own spyware removal sofware, but I'm amazed it doesn't get caught in an infinite loop installing and removing itself, since Earthlink's software includes spyware.

    --- JRJ

    1. Re:Earthlink? How ironic. by maxbang · · Score: 5, Informative

      I used to be on Earthlink, until I became disgusted with their "support." The only spam I ever get now is from my old address with them. I don't know what their spyware removal is based on, but I know it didn't catch gator running on a friend's PC. Between that and the spam, I don't see myself going back to them in the future, or recommending them to anyone I know.

      --
      I also reply below your current threshold.
    2. Re:Earthlink? How ironic. by Fnkmaster · · Score: 4, Insightful

      I'm not sure if you're serious, but you are claiming that Earthlink's spyware removal tool includes spyware? I find this quite hard to believe, if only because that's not their business model, and for a major ISP, customer trust is worth more than spyware revenues. Care to provide links to back up this accusation?

    3. Re:Earthlink? How ironic. by MoonBuggy · · Score: 4, Insightful

      Almost right, but better phrasing would be 'the average computer user is ignorant'. They're not stupid, they just don't know how it works.

      This is, in my mind, actually worse - you can't help being dumb but you can help not knowing what the hell you're doing. If I bought a car I would make a point of knowing roughly how it worked, how I should maintain it and how to fix basic faults when it goes wrong. I am not a mechanic but it seems to me common sense to understand how somthing I use often works. I would think that non-techies would have this attitude about computers (which they don't neccesarily care about but need every day) just as I have the attitude about cars (which I don't really care about but would use daily).

    4. Re:Earthlink? How ironic. by Bilestoad · · Score: 4, Insightful

      Better still to say "the average Slashdot editor is an idiot". If you had seen the Arstechnica coverage this would be apparent - what we're looking at here is a tabloid-tyle headline as a cheesy attention-getter. I see the same mind-numbing stupidity whenever I check hotmail!

      The "Spyware" reported consists of cookies. Not trojans, backdoors, browser redirectors etc - cookies. Cookies can track you but they don't exercise code, and the ones that this software reports are not even fully researched. They're "potential" spyware - which is the same as finding a kid with three marijuana seedlings and charging him with posession of "potential" street value of $3 million.

      Why would Earthlink do that? The Arstechnica article suggests it is because Earthlink advertise their Spyware-blocking service right next to the page that shows you the incredible amounts of spyware found on your system! Hmmm....

      I don't know why I bother with slashdot. It must be a reflex built into my fingers or something but it certainly has turned to shit.

      Now mod me down, editors. Show us how you censor those who disagree.

    5. Re:Earthlink? How ironic. by hchaos · · Score: 4, Insightful
      I am not a mechanic but it seems to me common sense to understand how somthing I use often works. I would think that non-techies would have this attitude about computers (which they don't neccesarily care about but need every day) just as I have the attitude about cars (which I don't really care about but would use daily).
      Non-techies don't even have this attitude about cars, and why should they? Take the car in for an oil change once every few thousand miles, make sure it gets its 10k/15k/20k/whatever k service, and keep the gas tank full, and 95% of the time it will run good for years, the other 5% there's nothing that they could do even if they knew how the thing worked.

      Most people don't think they have the time to become less ignorant, this stuff looks (and is) very complicated, and they don't know how they'd even go about it. It's really easy to overlook just how much more you know than the average person does, and it's easy to forget how much time it took you to accumulate this knowledge.
    6. Re:Earthlink? How ironic. by MikeFM · · Score: 2

      I use Spybot S&D and highly recommend it for all my clients that use Windows. It's easy to use, very effective, and absolutely free. Just to throw my vote into the pot too. :)

      --
      At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
    7. Re:Earthlink? How ironic. by BlueShad0w · · Score: 3, Funny

      See, my family don't have the internet. They install all their spyware fresh from magazine cover CDs - all the speed reduction but none of the privacy issues!

    8. Re:Earthlink? How ironic. by Jeremy+Erwin · · Score: 4, Informative

      Earthlink scanned 1,062,756 times, finding 29,540,618 instances of spyware. 23,826,785 of those were "Adware Cookies, which store personal information (like your surfing habits, usernames and passwords, and areas of interest) and share the information with other Web sites." Earthink SpyAudit

      Now, if you eliminate the "adware cookies" as dubious, you're still left with the headline "The average PC contains 5.4 instances of "Adware, System Monitors, and Trojan Horses." Still tabloidish enough to get a rise out of most slashdotters.

    9. Re:Earthlink? How ironic. by ninti · · Score: 5, Insightful

      I would mod you down if I had the points, not because you disagree, but because you are a dick about it. If the information is wrong, you should be pointing the finger at BBC news, which the headline here is entirely consistant with. Yes, the Arstechnica article has a good point that the article is perhaps wrong, but that is hardly the fault of the slashdot editor. I nice "well, arstechnica has evidence that casts doubt on the validity of this article" would have served the purpose just as well, and you would not looked like an ass doing it. And posting a link would have been nice too like Link would have been nice too.

    10. Re:Earthlink? How ironic. by rjelks · · Score: 2, Insightful

      Based on the repair costs I've seen people pay for both computers and cars, I'd guess a lot of consumers don't have that basic understanding. I hate to argue this for Microsoft, but I think that if they can improve their "firewall" to the feature set of ZoneAlarm, you could reduce the amount of spyware on people's computers. They would have a reason to do this to. The type of consumer that doesn't regularly run a firewall/antyspyware tools, won't know what is causing the massive bottlenecks on their PC's. This only give the Windows OS a bad name. I'd be all for some kind of default toolset that would provide a basic firewall and spyware removal tool for the "ignorant." I know for me, it would greatly reduce the hours I sit at friends' and family's computers removing the crap.

    11. Re:Earthlink? How ironic. by OMEGA+Power · · Score: 2, Interesting
      That's not fair, of course. For example, try searching for spyware removal software like "Spybot Search and Destroy." Almost all the links you'll find are for imposters that are themselves spyware. Evil.


      The first result is Lavasoft (makers of AdAware) and the third is Spybot-S+D. What's the problem?
    12. Re:Earthlink? How ironic. by MattyCobb · · Score: 5, Interesting

      I'm not sure about Earthlink, but I worked for BellSouth and our install CD basically included spyware. It didnt have ads or anything like that and its main purpose (which it failed at, miserably) was simply to collect customer settings so that when they messed something up they could simply "revert" to their last known good settings. It collected no marketing or advertising info. At any rate, it was classified as spyware by Ad-Aware. So i suppose it all depends on your definition...

      --

      Matt
      You have 1 Moderator Point! Use it or lose it! Is that a threat? -vapid
    13. Re:Earthlink? How ironic. by rgmoore · · Score: 5, Insightful
      Take the car in for an oil change once every few thousand miles, make sure it gets its 10k/15k/20k/whatever k service, and keep the gas tank full, and 95% of the time it will run good for years, the other 5% there's nothing that they could do even if they knew how the thing worked.

      And the same thing would probably be true if people took the same attitude toward keeping their computer running that they do toward keeping their car running. People accept that cars are complicated and require routine service. They understand that if they're not competent to do the service themselves that it makes sense to pay a professional to do it for them. They're willing to plunk down some serious coin to get the thing fixed if/when it breaks.

      The problem is that many, if not most, people don't take the same attitude toward computers. They're encouraged to believe that computers are so easy to use that anyone can use and maintain one with little or no training. When problems do come up, they tend to try to solve them by asking a friend who is supposed to know this stuff what to do rather than spending money on a professional. Combine that attitude with deliberate attacks against computers by things like worms and spyware, and it should be no surprise that the average car is much better maintained than the average computer.

      --

      There's no point in questioning authority if you aren't going to listen to the answers.

    14. Re:Earthlink? How ironic. by IthnkImParanoid · · Score: 5, Insightful

      The only reason I know how to care for my car is because it cost $15,000. The car I drove in college cost was a 15 year old POS I got for a couple hundred bucks so I could get groceries once a week, and I never changed the oil once. I drove on bald, half flat tires for a long time (I never went on the freeway, or over 45, so I didn't really care), and I let the radiator fluid (tap water) get really low on several occasions because of a slow leak.

      I didn't care. That car did what I needed it to do for as long as I needed to do it before I could afford a better one. In other words, it was exactly like a computer to most people.

      --
      It's nothing but crumpled porno and Ayn Rand.
    15. Re:Earthlink? How ironic. by kryocore · · Score: 2, Insightful

      I think you mis-interpretted him. He said Earthlink's software includes spyware. I think that he is reffering to the Earthlink software that a user would install to connect to the Internet, not the Earthlink software that is supposed to remove spyware.
      His comments do not surprise me one bit. Everything seems to come with spyware now, even divx.

    16. Re:Earthlink? How ironic. by daviddennis · · Score: 2, Insightful

      I know how to drive my car, but I don't have a clue how to maintain it. We have people called mechanics who do that. A car can still be run safely as long as you bring it to someone every few months to be checked.

      There are two things about computers, however, that really make this metaphor break down.

      If I had to understand how a car worked, I'm sure I could. A car is orders of magnitude simpler than a computer. In fact, I'll bet Internet Explorer alone has more complexity than the average car, and there are thousands of subsystems within Windows, many of comparable complexity, and most hidden and completely unknown by most users or even programmers.

      I don't think it's possible at this point for anyone to have a complete idea of how Windows works as a whole. You don't know the whole API; you know the API calls you need. Even as a programmer, it's quite unlikely that you have the big picture of how everything fits together.

      But really, you shouldn't have to. I have no clue how my electric drill works; I just switch it on and it does its job. I think most people feel computers should work in the same way - and quite honestly I think they're right.

      D

    17. Re:Earthlink? How ironic. by ultranova · · Score: 4, Insightful
      Non-techies don't even have this attitude about cars, and why should they?

      Yes, they do. They know that if smoke starts coming out from somewhere else than the exhaust pipe, they'd better stop and get out of the car, fast. They know that if lights start flashing in the dashboard with no apparent reason the car needs to be serviced. They know that they must not pour water into the gasoline tank, and that if the tires are flat they need to be reinflated, and so on. They also know that it's a good idea to lock the doors when you leave the car.

      On the other hand, people don't know that you shouldn't open strange e-mail attachments, that you should run a firewall, and that you should install updates at least weekly (which is not difficult - both Linux and Windows come with automatic tools that search, download and install the neccessary updates at your command).

      So basically, people do know what to expect from a car, and can reognize when something is wrong with it. On the other hand, people do not know what to expect from a computer, and when something is wrong with it (and thus can't have it fixed).

      Computers are not like other tools, nor will they ever be. People expect to use them without understanding any of the concepts and theory behind them, and then get angry and frustrated when they can't make the computer understand what they want. It is absurd.

      Personally, I think every computer should ship with a 200-page book explaining the basic concepts and theory behind the computers. And I mean basic theory, not "install a new printer this way". All support should be denied before this book has been both read and understood.

      Anyone who is incapable of understanding how computers work shouldn't be using them without supervision, for his sake and everyone else's. Harsh, but the only solution sort of running a truly sentient AI in every computer.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    18. Re:Earthlink? How ironic. by Safety+Cap · · Score: 3, Insightful
      Personally, I think every computer should ship with a 200-page book explaining the basic concepts and theory behind the computers.
      First rule of software development: users will not read anything, ever. This applies to manuals, on-screen instructions, and message boxes.

      This is one reason why many new cars (and lawn mowers, etc.) come with VHS tapes, but even those are ignored.

      The trick is to make everything so simple that performing tasks are easy enough for the uninformed person to figure out quickly. To do that, you have to do lots of role analysis, use cases, and user testing.

      --
      Yeah, right.
    19. Re:Earthlink? How ironic. by huchida · · Score: 2, Interesting

      Earthlink isn't far from being AOL. I had major trouble with them several times when I first went on-line. The capper was, after I cancelled my account, they billed me for a full year's service ONE YEAR LATER (rather than motnhly, as I was paying it.)

  2. Good effort to fight spam and malware by mindless4210 · · Score: 2, Informative

    That's a pretty in-depth study, with over 1,000,000 scans, makes the results fairly strong. It's good to see all this combatting of spyware.

    It really doesn't surprise me to hear that the average computer has 27.8 instances of spyware on it. Most users have no idea what they're doing; I constantly remove that kind of junk from my family's computers.

    Earthlink has been doing a good job of fighting spam and spyware on the internet. I think it's a valiant effort.

    --
    Wireless News www.DailyWireless
    1. Re:Good effort to fight spam and malware by malchus842 · · Score: 5, Interesting

      There's no doubt the survey is accurate - as an independant consultant, I deal with this all the time. I run Ad-Aware on badly behaving Windows boxes and show their 'owners' just what a mess they have. Record so far is 500+ items tagged by AdAware. Unreal.

      This problem is on par with SPAM and viruses, and consumes serious IT cycles to manage. My usual couse of action for any new client is: SOPHOS AntiVirus, pop-up blocker, AdAware, alternative browser (eg Netscape, Firebird), alternative email client (eg. thunderbird). Not to mention religious use of Windows Update, a strong permiter firewall and replacing NT/2000 servers with Linux boxes running SAMBA, themselves fully hardened agaisnt attack. Of course, SpamAssassin is a must on the mail server.

      It's a war. And I fight to win.

    2. Re:Good effort to fight spam and malware by Anonymous Coward · · Score: 4, Funny

      Well, then break Gator. Hex edit it or whatever so that it crashes from now on.

      Next, show her Mozilla. It can remember all her passwords, sans spyware.

    3. Re:Good effort to fight spam and malware by flewp · · Score: 3, Insightful

      Yeah, that's one of the most annoying things. Your friend calls you up to help with their slow computer. Turns out they've got a million and one things running in the system tray, and a million more processes they don't need. So you clean it up. It works like it should afterwords.

      A few days later, something goes wrong, and all they say is "well, it didn't do this before you touched it!" To which I usually reply: "Okay, I almost never have problems with my computers, and your computer worked well after I touched it, did it not? And who used the computer after I touched it? Oh, you did? Okay then."

      Fortunatly, that scenario doesn't really happen anymore, if ever. And from the get go, one of my friends realised he's the one screwing everything up. Now he buys me beer to fix up his computer, so I'm happy.

      --
      WWJD.... for a Klondike bar?
    4. Re:Good effort to fight spam and malware by abolith · · Score: 2, Insightful
      this is why I took another approach to the problem. I *Taught* my parents how to use the computer correctly AND how to fix the most common problems. Now they only call me when something REALLY freakin weird happens, All because I took the time to teach them what they needed to know. Of course this solution won't help those techies who's friends always call them or those with family that do not want to learn because "it's too complicated" or "I'm not the technichal type". in truth they are too lazy to want to learn.

      --
      if you want "No More Hiroshimas" then I say "You First. No More Pearl Harbors."
    5. Re:Good effort to fight spam and malware by brandonY · · Score: 2, Funny

      uh-huh, good, good, good, wait a second! One of those things you mentioned was a Microsoft solution!

    6. Re:Good effort to fight spam and malware by droleary · · Score: 2, Interesting

      Of course this solution won't help those techies who's friends always call them or those with family that do not want to learn because "it's too complicated" or "I'm not the technichal type".

      The ace in your sleeve: a Mac. Any non-tech type comes up to me and asks me what computer to get, I tell them to get a Mac. If they ask for help on a PC they already own, I tell them to ask the person who recommended it how to fix it; I may end up fixing it anyway, but then I recommend a Mac. Anyone who has not followed my recommendation the next time they ask for help is cut off, cold. Anyone who has followed my recommendation either won't bug me with stupid problems so much, or they'll be so stupid that fixing them won't be such a chore like it is on Windows boxes.

      I once had a friend I recommended a Mac to and he ignored me and got sold on some $2000 Windows setup at CompUSA. Then he tried to brag about his new $2000 PC, and I had to say, "Dude, if I thought you should have gotten a PC I would have said to get one, and if I thought this was the setup you needed I could have gotten you it for under a grand." Still he called me when he was having trouble connecting it to the net! My understanding is that CompUSA was willing to help him out for another $80 . . . moron!

    7. Re:Good effort to fight spam and malware by omicronish · · Score: 4, Interesting

      Not to mention religious use of Windows Update...

      The scary part is that there are IE/Windows exploits for which no patches currently exist, so Windows Update can't possibly protect you in those cases. What's even worse is that those exploits are being used NOW.

      During the time when I naively thought IE would be perfectly safe with all patches, I came across an ad popup that downloaded and ran an executable. Yes, I was fully patched, I even checked afterwards. Turns out the popup got through using an exploit that currently lacks a patch. Luckily, file permissions saved my ass that time, but I'm switching to Firefox to be safe.

    8. Re:Good effort to fight spam and malware by Cryptie · · Score: 2, Funny

      Sounds like a good course of action there. Just had to chime in, I work for a small repair shop, did a service call a few months back, 2002 Items tagged by AdAware, still waiting to beat that record. Had 12 viruses as well. They couldn't believe how much better there computer ran afterwards, I couldn't believe how long it had run.

  3. slightly misleading... by David+E.+Smith · · Score: 5, Informative
    Note that of those 30 pieces of spyware per PC, 24 of them are labeled as "cookies."

    There's still a LOT of junkware/spyware/adware/malware/whatever out there, far more than there should be IMO, but it's not quite as bad as they let on. :-)

    1. Re:slightly misleading... by stefanlasiewski · · Score: 4, Insightful

      Note that of those 30 pieces of spyware per PC, 24 of them are labeled as "cookies."

      That's not "slightly" misleading, that is *extremely* misleading. The BBC article makes no mention of "cookie". They do say "average of 28 spyware programs", but isn't a Cookie generally more benign then a "program"? A program is usually active; a cookie sits there.

      By the way, the BBC sets a Cookie on your system. Perhaps we should sue?

      --
      "Can of worms? The can is open... the worms are everywhere."
    2. Re:slightly misleading... by Valdrax · · Score: 3, Informative

      Typically, the kinds of cookies that spyware programs identify are cookies used by advertising companies that have multiple sites as customers and which are used to track you as a unique user from site to site, building an demographic profile. There have been efforts before to weld information from your logins at these sites to your browsing habits for a more personal marketing profile.

      I've never, for example, seen Ad-Aware tag a Slashdot cookie as a privacy risk, but I have seen it tag Doubleclick and other crap from when I have to use Explorer (which I use for really uncompromising, cookie-laden sites).

      --
      If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
    3. Re:slightly misleading... by pjt33 · · Score: 2, Interesting

      I ran Ad-aware on my brother's computer last weekend and it tagged the Wizards of the Coast cookie. I'm guessing it just looks at the expiry date.

  4. It doesn't have to be this way... by erick99 · · Score: 5, Insightful
    What can you say about adware infestations other than they can be prevented by using products such as AdAware, SpyBot, AdWatch (always running but it's not free), and other products that are free or at a nominal cost. I do disagree with this statement (sidebar in article) as I have seen PC's brought to a crawl by the adware that was using up most of their available RAM:

    While most spyware is adware-related and relatively benign, it's disturbing that over 300,000 of the more serious system monitors and Trojans were uncovered

    I don't think most adware is benign since it eats into available RAM. Some adware also affects application performance, or, worse yet, prevents applications from running. Anyway, I am, again, preaching to the choir.....

    Happy Trails!

    Erick

    --
    http://www.busyweather.com/
  5. No problem for me... by toupsie · · Score: 2, Interesting

    That's because I use the average Mac. Much safer than the average PC, even safer than the Average Penguin Box.

    --
    Strange women lying in ponds distributing swords is no basis for a system of government.
    1. Re:No problem for me... by mahdi13 · · Score: 3, Interesting

      That brings up a good question...how safe IS Linux from spyware?
      Granted more spyware is written for the Win32 systems, but with the increase usage of Linux and the way tracking cookies work...I wonder if there has really been an in depth look at if and how spyware can infect a system running Linux.

      You know it won't be able install any system services (unless your running as root), but what keeps things from making changes to ~/.Xsession or simular user level logon scripts?

      --
      "Some things have to be believed to be seen." - Ralph Hodgson
    2. Re:No problem for me... by johnnyb · · Score: 3, Insightful

      Technically, Linux is not less susceptible, but culturally it is. The Windows culture that it established for itself is one of "Don't look under the hood, we'll take care of the details". While the Linux culture is to always look under the hood at the details, or at least make sure that someone else is taking care of that.

      In addition, with Linux, you can have distributions aimed at neophytes which prevent this sort of thing, and then other distributions for experienced users who just want to be uber-productive.

    3. Re:No problem for me... by Jade+E.+2 · · Score: 4, Funny
      but what keeps things from making changes to ~/.Xsession or simular user level logon scripts?
      The spyware authors haven't figured out how to make Visual Basic do that yet.
    4. Re:No problem for me... by the+eric+conspiracy · · Score: 2, Interesting

      That brings up a good question...how safe IS Linux from spyware?

      Tracking cookies will work on Linux - however it's easy to write a shell script that runs as a cron job that will eliminate those. It's a little more convenient than using the browser to control cookie persistance. Something like this:

      #!/bin/csh

      #/home/eric/.mozilla/eric/zidis8bu.slt/cookies.t xt

      #copy yesterday's cookie file. We put it in tmp for now, because we want to
      #compare it later with the last cookie file
      cp ~/.mozilla/eric/zidis8bu.slt/cookies.txt /tmp/cookies.`date +%y.%m.%d`

      #collect what we will allow to be kept in the cookie file
      #We can trust Malda, right? ;)
      grep slashdot ~/.mozilla/eric/zidis8bu.slt/cookies.txt > /tmp/cookies.new
      #That silly free-registration stuff
      grep nytimes ~/.mozilla/eric/zidis8bu.slt/cookies.txt >> /tmp/cookies.new
      #Do you, uh, Yahoo!?
      #grep yahoo ~/.netscape/cookies >> /tmp/cookies.new
      #And whatever else you want to add. You get the idea, I think....

      #make the new cookie file
      cp /tmp/cookies.new ~/.mozilla/eric/zidis8bu.slt/cookies.txt

      #look for new stuff put in the old cookie file
      diff /tmp/cookies.`date +%y.%m.%d` `find ~/.mozilla/old/|tail -1` > ~/.mozilla/old/cookie.`date +%y.%m.%d`.diff

      #add yesterday's cookie file to the old ones
      cp /tmp/cookies.`date +%y.%m.%d` ~/.mozilla/old/cookies.`date +%y.%m.%d`

    5. Re:No problem for me... by nathanh · · Score: 4, Insightful
      That brings up a good question...how safe IS Linux from spyware? Granted more spyware is written for the Win32 systems, but with the increase usage of Linux and the way tracking cookies work...I wonder if there has really been an in depth look at if and how spyware can infect a system running Linux.

      I'm certain that Linux isn't 100% safe, but I reckon it's a lot safer than Windows for the following reasons.

      • Linux systems are a harder target to write for. Too many variations, distributions, desktop environments, architectures, etc.
      • Linux is naturally transparent so it's easier to tell when something suspicious is running. It's harder for a Windows user - even an interested, intelligent and informed user - to figure out what's spyware and what's normal.
      • Free software developers take it as a personal insult when their software is used for breaches. Do you think Microsoft cares? Perhaps individual coders care but they don't get to dictate "where they want to work today". They have to do what they're told to do by management and for the most part Microsoft seems content to allow third parties to create and sell AdAware type programs. If Evolution allows trojans to be installed, or Mozilla allows spyware to install itself, you can bet your boots that a developer somewhere will dedicate themselves to fixing the problem rather than relying on bandaids like AdAware.
      • The open-source nature of Linux means anybody can find and fix the cause of breaches. We're not dependent on the original author deciding it's worth their time and effort. This greatly increases the likelihood that mistakes will be found and fixed promptly.

      There are other reasons that will only hold true until Linux becomes more popular. So these are good reasons for now, but won't hold true forever.

      • Linux users are on-average more informed about their systems.
      • Linux has a higher percentage of developer-users vs pure-users. In other words, the people best suited to detecting and removing spyware.
      • Linux has a smaller market share so there's less interest from malicious spyware developers.
      • Linux applications so far seem to be designed better, ie with paranoia. For example, Evolution won't run executable attachments. This minimises the opportunities for spyware to be installed. I do expect this to take a turn for the worse as Linux becomes more popular and the quality of the average developer decreases. Imagine the near future when all the former VB programmers start flooding Linux with Mono programs... [shudder].
      • Greater percentage of Linux software is open source (or free software). I'm dreading the day when Linux starts to get an increased availability of proprietary non-free no-source software. I foresee the same problems occuring for Linux as we currently see on Windows, when that happens. The typical spyware intrusion is when a user downloads an anonymous "cool" utility which happens to be a carrier.
    6. Re:No problem for me... by Grishnakh · · Score: 2, Interesting

      I'd mod this up if I could.

      I think the culture is what really makes it so different. In Windows, it's very common for users to download various little closed-source applications and install them. Of course, lots of these things (like Gator) are spyware. The whole idea of open-source, community, etc. are totally alien in the Windows environment, where everything is about users being consumers and paying for most things they use. Of course, lots of open-source programs are available for Windows, such as Mozilla, OpenOffice, and many more, but it's very uncommon for typical Windows users to use these things, even when they're introduced to them. I don't really understand their mindset myself, but it seems to me like there's a lack of self-reliance in this type of computer user. They just surf around and do stuff, but with no concept of how this will affect them or others. And of course, they have absolutely no interest in learning anything about their computer, beyond what they need to know to surf, download pr0n, etc. Much like people who have no interest in learning about cars, and then happily bend over and pay for any type of service their mechanic claims they need and wondering why they have to spend so much on their car. These Windows users are the same way; when this adware totally mucks up their system, they give no thought at all to how it happened, or what they can do to prevent this type of thing in the future.

      In the Linux world, closed-source applications are already very rare, and weird little closed-source and shareware utilities are nonexistent. Why would you want some commercial utility when your typical Linux distro already has that capability (like pop-up blocking), or there's several open-source programs that do a much better job? The mindset of many Linux types is simply to avoid commercial stuff like that to begin with, so adware just never became a problem.

      However, if Linux became a common OS offering, and lots of the aforementioned Windows users started using Linux instead for whatever reason (obviously they wouldn't care about things like open-source, free as in speech, etc.), adware could certainly become a problem on Linux too. These people would still happily download Gator for Linux (tm), and follow the directions telling them to type in their root password so they can install this great program...

  6. So which is it? by Neil+Blender · · Score: 2, Insightful

    The average computer or 1 in 20?

    1. Re:So which is it? by Alsier · · Score: 5, Funny

      19 computers have no spyware, 1 computer has 560.

    2. Re:So which is it? by David+Hume · · Score: 2, Insightful

      So which is it? The average computer or 1 in 20?


      "Lurking "spyware" may be a security weak spot," the New Scientist article mentioned in the prior Slashdot post, reported on an effort to locate only four specific spyware programs:

      Computer scientists at the University of Washington in Seattle developed software to analyse network traffic and identify chunks of data associated with four known "spyware" programs - Gator, Cydoor, SaveNow and eZula.

      They examined the traffic on the university campus and found that 5.1 per cent of all connected machines had one of these four programs running.


      (emphasis added) Further, the study "examined the traffic on the university campus."

      In contrast, the Earthlink effort searched for Adaware software, Adware cookies, System monitors, and Trojan horses . In addition, the Earthlink effort presumably searched the computers connected to its network, a different population.

  7. Typical. by GearheadX · · Score: 4, Interesting

    Is anyone really surprised?

    Most people see a certificate pop up, even if security features are turned on, and accept it as a matter of course. Most people don't even comprehend the concept of Spyware, the idea that clicking links in spam is a Bad Idea or that wearing a tinfoil hat won't protect you from the alien mind control rays.

  8. How did they do this study? by Texas+Rose+on+Lava+L · · Score: 5, Funny

    Did they install spyware on people's computers to go in and report how much spyware they had?

  9. The thundering noise you hear... by willith · · Score: 5, Funny

    ...is ten million sysadmins and deskside support people all saying "NO SHIT, SHERLOCK!" in unison.

    1. Re:The thundering noise you hear... by Thaelon · · Score: 2, Interesting
      The thundering noise you hear...
      ...is ten million sysadmins and deskside support people all saying "NO SHIT, SHERLOCK!" in unison.


      So true and so funny. However, if it had been something more sensational and catchy, like "Spyware is Taking Over the World" you - or someone like you - would have complained that it was sensational. Lets face it, most headlines one of the following:
      • Boring
      • Dull
      • Sensational
      Just an observation.
      --

      Question everything

  10. Claims Overhyped? by questionlp · · Score: 4, Interesting

    There is a news bit on Ars Technica that the claims are overhyped and the spyware scanning tool returns a lot of false positives.

  11. cookies? by Anonymous Coward · · Score: 2, Insightful

    Does this include cookies? When I run Ad-aware, it usually finds several "tracking" cookies. Maybe this is artificially inflating the number.

  12. Re:Don't forget... by Anonymous Coward · · Score: 2, Funny

    Next on slashdot: 1 in 20 slashdot stories infected with SCO$699FeeTroll first posts.

  13. Confirms the obvious by lindec · · Score: 5, Interesting

    This confirms what I think most of us have known for a while. The average surfer using Internet Explorer or Kazaa (Overnet as well) is likely to be loaded with spyware. Kazaa alone can be held responsible for almost half of those infections I think. As one of the few knowledgable "computer guys" in my dorm, I spend a lot of time cleaning out mucked up computers. I see on average 10 or 15 nasty spyware programs, but I did see 1,500 programs and ActiveX goodies (I'd say maybe 200 of those were cookie warnings though) in this one computer I cleaned. The was apparently, an avid p0rn viewer with no popup protection or the like. Ugly... very ugly...

  14. This Is NEWS?! by Anonymous Coward · · Score: 5, Insightful

    Ask anybody who services PCs...there's not a machine around that isn't riddled with the stuff, but making a headline out of it is like shrieking about the existence of viruses.

  15. Not surprising by The+Bungi · · Score: 2, Insightful
    Since the average computer user has no idea how the thing works to begin with.

    No matter how hard you lock a PC down, a sufficiently determined and stupid user will figure out a way to install that really cool "desktop enhancer" he heard about from a friend.

  16. one solution is... by ErichTheWebGuy · · Score: 5, Insightful

    Ditch IE for Firefox. I just did 2 clients' computers today (running slow, yadayada) and guess what? One had 18 spyware trojans installed, the other had 64 (as well as a couple of viruses). Firefox (any Gecko-based browser) is not vulnerable to the crap that IE is. I always tell my clients to not use IE anymore. When they listen, they always have a better overall experience.

    --
    bash: rtfm: command not found
    1. Re:one solution is... by UrgleHoth · · Score: 2, Funny

      As a longtime Moz user with a poor memory, please refresh me on this software you call IE. Is it an acronym for Intruder Express?

      --

      Dogma - "let's just say we'd like to avoid any empirical entanglements."
    2. Re:one solution is... by ravenspear · · Score: 2, Funny

      Ditch IE for Firefox.

      Two months later:

      Joe User: "I can't seem to find that link. One of my geek friends recommended a little while ago that I try an IE replacement called Firefox. But I've Googled endlessly and there is no browser by that name."

    3. Re:one solution is... by sampowers · · Score: 5, Interesting

      Something strange I noticed last night looking for lyrics on a popular site, is that I was prompted to install a "Free Access Plugin" firefox extension.

      I tried searching google to find it again, but the only thing I'm finding is a page in german, which I'm not entirely sure is what I'm talking about.

      If I were one of my users, I would have clicked Install, because I'd be jawdroppingly retarded.

      The XPInstall functionality is a tradeoff between security and convenience, but just like IE's install feature, it's going to be abused.

      Hopefully standard unix security stems the tide.

    4. Re:one solution is... by itoleck · · Score: 3, Insightful

      I like to just delete the IE icon from everywhere and install FireFox and change the shortcuts to the IE icon, also change the name to Internet Explorer. They have no idea that it is even different.

    5. Re:one solution is... by caluml · · Score: 2, Funny
      last night looking for lyrics on a popular site

      "Lyrics", huh? :) Is that what it's referred to as now? :)

  17. I've seen pretty bad ones by nightsweat · · Score: 4, Informative

    Went to a party a couple weeks ago and cleaned 550+ bits of spyware off the hosts' machine. Took me a couple more days to find and send them the fixes for two IE parasites AdAware and SpyBot S&D didn't see.

    It really should be a violation of the wiretap laws to put this crap on someone's machine. These poor non-technical users' machine was an Athlon 2200 that ran like a 486. Once we took the crap off, it zoomed.

    --

    the major advances in civilization are processes which all but wreck the societies in which they occur - A.N. White
  18. Lets hear your records... by 222 · · Score: 5, Funny

    The most spyware i've ever cleaned off of a box was 877, as reported by adaware.
    The unfortunate soul was a windows ME box, so it wasnt destined for greatness even without the spyware.
    By the time i got there, opening a browser would cause the machine to reboot, and there was no "System" icon in the control panel. Oh yea, he was running AOL too...
    Beat that :p

    1. Re:Lets hear your records... by David+E.+Smith · · Score: 4, Interesting

      Try working for an ISP.

      I do. We're a small shop, we'll fix your PC even if you're the one who f'd it up by installing Kazaa. Our current record, as reported by Ad-Aware 6.181 with a then-current reference file, is 1354. It's on a whiteboard near our workbench. This record has held for over a month now; the previous record was "merely" 950-something.

    2. Re:Lets hear your records... by Zen · · Score: 2, Interesting

      Oh yeah, I was there just last weekend. A relative calls up and says his Dell 2.8Ghz is acting slow. Like slower than his old Pentium 90. I'm two states away, so I had to talk him through everything. It was so bad that he couldn't even get the start button to respond, or use the task manager to kill processes. We download adaware, and run it in safe mode. It cleans 850+ off the machine. Reboot, and the thing is still extremely slow. Back to safe mode, download the current reflist (I didn't think it was worth it at first to give him a half hour lesson over the phone on how to use winzip). Adaware with the current reference's then proceeds to find another 300 or so. Update Mcafee to current virus dat, and scan entire harddrive - finding nothing. Reboot again, and it's still insanely slow although better than before. So I give another lesson on how to edit the registry and he removed two more programs that were being run through rundll32 in startup. After 3 hours, 25+ process, hundreds of cookies and registry entries later, it was finally back and running. It would've been quicker to pop in the recovery disk and rebuild. Unfortunately, since I did all of it over the phone, so I wasn't able to backup copies of the adaware logs to get exact numbers. Damn junior high kids installing everything and its mother.

  19. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion

  20. so then... by Mad_Rain · · Score: 2, Funny

    I guess we need to make the words "Ad-Aware" as ubiquitous as Google.

    --
    "What do you think?" "I think 'What, do you think?!'"
  21. Correction: by freeze128 · · Score: 4, Funny

    The average EarthLink user's machine is infested with spyware.

    You can guess what the average AOL user's machine has.

  22. I don't doubt it by hords · · Score: 3, Interesting

    I don't think I have scanned a machine that didn't have spyware on it lately. I work at an ISP and our customers have so many spyware issues it's pathetic. We have tried to help them out by putting some good information in our newsletters about spyware and how to remove it (spybot/adaware) but it just doesn't seem to matter. People just don't know how to update windows/scan for spyware/viruses. It is pathetic. Windows really needs to be more demanding on the user to run security updates. And people really need to be careful when downloading programs. But, sadly this is very unlikely.

  23. Spyware nuking my site! by gnuman99 · · Score: 5, Funny
    Some spyware kept accessing my IP address 216.194.67.61. But now I posted by own "ad" - it actually uses less bandwidth than the stupid 404 error as the spyware was just stupid and kept reloading wasting Gb per day.

    216.194.67.61

    Now the rate of spyware/adware requests is down from 2 per second to only 0.3 per second over the last few days :)

    Bwhahaha, doing my part in teaching the public :)

    1. Re:Spyware nuking my site! by Anonymous Coward · · Score: 2, Funny

      Uh...so you not only posted your IP to a public message board, you gave slashdot a link to your site?

      1 step forward, 2 steps back?

  24. Numbers are not surprising by unfortunateson · · Score: 4, Interesting

    Any given time I run Adaware after a day of surfing, I'll typically have 20+ adware cookies. And that's with IE6 set to ignore 3rd-party cookies. It's not something I fret about, 'cuz I've never gotten anything more serious than the cookies. So probably it isn't an average of 24 cookies and 4 spyware programs per PC, it's probably most people with 30+ cookies, and a few people with 10+ spyware programs.

    Really, I don't consider tracking cookies to be much worse than, say, RFID tags in all my $100 bills or Walmart purchases. It's a public network, people are going to watch.

    That reminds me... time to run Adaware again.

    --
    Design for Use, not Construction!
  25. Worst I've ever seen Part 1 by IWantMoreSpamPlease · · Score: 5, Interesting

    This was on a university PC, running Windows 98 SE.

    Using Ad-Aware, it found, and I kid you not: 22,485 units of spyware.

    The machine was so infested, it couldn't connect to the Internet (throough the university T-1 lines) because of all the pop-ups, redirects and what not.

    In defense of the machine, 11 users had profiles on it, which under Win98, merely copied everything (spyware and all) to the new user. But it was astounding all the same.

    part Two

    Same university, brand spanking new P4 3.0 Ghz Dell for a big-shot professor.

    8,000 units. The professor would click "yes" to every pop-up that came her way, not knowing/caring/reading, what it did. Then complained why the brand new machine was slow and needed a new one.

    After removing the spyware, and explaining what had occured, she nodded sagely, and went about her business.

    Next day I get a call from her...same issue, tons of popups.

    She hadn't listened after all.

    It's times like these I wish people like that would be given a Mac or BeOS machine.

    --
    So rise up, all ye lost ones, as one, we'll claw the clouds.
    1. Re:Worst I've ever seen Part 1 by t_allardyce · · Score: 2, Interesting

      It's times like these I wish people like that would be given a Mac or BeOS machine.

      Would probably be better to give me the new machines, and give her a slap round the face and some pencels and paper. Or just tell her that the software had problems and you had a new version which fixed everything - then install firefox or opera.

      --
      This comment does not represent the views or opinions of the user.
    2. Re:Worst I've ever seen Part 1 by CTho9305 · · Score: 2, Informative

      I think this guy has got you beat... 23,002 traces of spy/adware!

  26. The average PC also has... by Anonymous Coward · · Score: 5, Funny
    Windows
    Internet Explorer
    Outlook or Outlook Express

    Microsoft, when contacted, insisted there was no relationship

  27. 3 programs.. by naelurec · · Score: 4, Informative

    Spybot S&D
    SpywareBlaster
    SpywareGuard

    I use these three programs (in the above order) on lots of spyware infected machines and so far, haveh a LOT of success removing and keeping spyware off those systems. Infact, earlier today, I ran that combo on a system and reduced RAM usage by 100MB, not to mention a huge speed increase (of course, I did some other housecleaning such as disabling startup items & removing some other non-spyware search bars & annoyances).

  28. Firefox for HTML, what about for email? by chewmanfoo · · Score: 2

    Guys I was just wondering: I'm not a Windows PC expert - I live mostly in the UNIX world anyway, but the vulnerabilities that Outlook and Outlook Express have with email worms and viruses, are they also present in Eudora, or Thunderbird etc.? For example, can you still infect a Windows PC -running Thunderbird- with an attachment labelled picture.zip, which turns out to be a Windows binary?

    Anyone?

    1. Re:Firefox for HTML, what about for email? by t_allardyce · · Score: 2, Informative

      The reason for Outlook vulnerabilities stems mostly from Microsofts Visual-Basic script, which basically has access to things like your address book and the 'send mail' function, add to this that an email can contain a script and it will run just from the user opening the email and you have a great combination. It gets even stranger when you think how many times these 'worms' have got major media coverage and taken down entire mail servers from all the traffic they generate and guess who gets the blame? some script kiddie who although being an idiot, isnt as incompetent as Microsoft for leaving such a gaping hole open in the first place.

      Frankly if it was a car and with a security flaw that ment _anyone_ could barehandedly get in and start the locked and alarmed car in less than 5 seconds without setting off any alarms there would be outrage against the manufacture and a recall and upgrade!

      Opening executable attachments comes from the windows hack-around approach to programming, so no-one is quite sure of a zip file is an exe file or a screen saver is a virus, Thunderbird and other clients dont have script holes and i think they wont allow you to execute an attachment without saving it to disk first (prooving that you atleast know roughly what you're doing).

      --
      This comment does not represent the views or opinions of the user.
    2. Re:Firefox for HTML, what about for email? by S.Lemmon · · Score: 2, Interesting

      The problem with Outlook has always been the number of holes that allowed a maliciously crafted email to run the attachment automatically or hide its true file type (for example making a exe look like a jpeg or wav file).

      Even so, no matter what the email client is, there's no good way to stop a determined user from running an attachment. Heck, some viruses even send themselves in *encrypted* zip files (to avoid email scanners I guess), yet plenty of users are foolish enough to actually type in the password (from the body of the email), unzip the file, and run the program!

      Unless it just flatly deleted all attachments, no email client, even under unix, can totally prevent that kind of willful cluelessness. :-)

  29. I just tell my friends one word ... by ninewands · · Score: 3, Informative

    Ad-Aware

    It just works ...

    On one machine on which I installed it, it found and removed more than 256 spyware components (bad cookies, spyware registry keys, etc.). That friend installed it on her brother's PC (according to her, he's a <sarcasm>"Really Bright Guy"</sarcasm>) and it cleaned out more than 1,000 Bad Things(TM).

    1. Re:I just tell my friends one word ... by the+eric+conspiracy · · Score: 4, Interesting

      Ad-Aware

      Ad-Aware is great stuff, however you need to be careful recommending in beacause of the low life scum at Ada-Ware. I had one of my friends install that by mistake.

    2. Re:I just tell my friends one word ... by Mesaeus · · Score: 2, Informative

      You should read the comments of the Spybot S&D developer on his webpage about how many "commercial" spyware scanners simply copy his hard worked on spyware database database which is FREE and then ask money for it. Some of them even include spyware of their own. Spyware is starting to become as worse a problem as email spam. Maybe even worse since email is always restricted to email, the inventivity of spyware developers to find new nooks and crannies for their spyware doesn't seem to have any limits.

  30. Correct me if I'm wrong... by NitroWolf · · Score: 3, Insightful

    But don't programs like SpyBot S&D install "fake" cookies and such, and then lock them down to prevent the real cookies from being installed?

    If that's the case, how many of these cookies (or actual programs) are variations on that theme? Would Earthlinks audit utility see a Spybot S&D cookie and count it as spyware, when it's really not?

    If that's the case, then if you've Immunized your computer with S&D, you have every known spyware cookie on your computer according to the audit. This would inflate those numbers dramatically.

  31. Illegal by ryanw · · Score: 4, Insightful

    Isn't this illegal on several levels? How are these companies not being sued left and right? I can't believe this has become an acceptible standard.

    1. Re:Illegal by KingRobot · · Score: 4, Informative

      Usually, you agreed to having it installed on your computer at some point or another; especially Ad-Ware. Often it can be hidden in the fine print of some other programs installation, or a "plug-in" on a website.

  32. I always recommend by pretzel_logic · · Score: 4, Informative

    using a web site http://www.doxdesk.com/parasite for spyware detection and removal instructions. Its pretty good!. Post some more links that may be useful

    --

    pretzel_logic
  33. Small Issues by fm6 · · Score: 4, Interesting
    You're right, cookies are not spyware. But you'll still get lots of flames from the Cookies-Are-Evil kneejerkers. And all spyware scanners look for cookies from known spyware companies. Stupid, but there you are.

    Plus some spyware scanners flag any kind of push technology as spyware. The theory is that vendors can use push software to force you to download stuff. Well duh -- any network-aware software runs that risk.

    Spyware has gotten so bad I never download closed-source software except from certain extremely reputable sources. And even so (I'm ashamed to admit) there's a bit of spyware that I can't seem to track down. Fortunately it only runs when I reboot (no it's not in any startup lists) and all it does is re-install a program called "readme shim.exe" (yes, that's a blank in the name) which itself is just a stealth spyware downloader. Fortunately, I can simply terminate "readme shim.exe", and not worry about it until I have to reboot (I hibernate when I'm not using the machine). No point in deleting the file -- it'll just come back. Scary that spyware vendors can get that clever!

    1. Re:Small Issues by pla · · Score: 4, Informative

      And even so (I'm ashamed to admit) there's a bit of spyware that I can't seem to track down.

      Do a Google search for "sted380.zip" (you don't want the ones after that, they disable themselves after a while). It lets you see exactly what programs your computer loads via the numerous startup methods, and delete them. Short of your particular problem somehow running as an actual device-driver, this would let you kill it.

      Also, you might want to make sure you don't have any strange-looking services running - I've seen a number of difficult-to-remove programs that work by letting you kill them easily, but they don't remove an associated service that just reinstalls them at the next reboot.

    2. Re:Small Issues by Drantin · · Score: 2, Informative

      while this program is a closed source one, it is a good freeware program that checks many places in the registry(and the normal StartUp menu, etc.) for programs that run on startup, StartUp It comes in a Control Panel applet and as a stand-alone exe.

      (Disclaimer: I am not Mike Lin)

      --
      Actio personalis moritur cum persona. (Dead men don't sue)
    3. Re:Small Issues by David+E.+Smith · · Score: 4, Insightful

      Another similar program is StartupCPL. Small (it's only an 80k binary), simple, works with pretty much every version of Windows out there (95, NT, 98, 98SE, 2000, ME, XP), free-as-in-beer (though go ahead and send the author a couple bucks).

      It doesn't handle services, but it covers most everything else, except maybe autoexec.bat. And it's a lot faster than digging through the registry.

    4. Re:Small Issues by Mesaeus · · Score: 2, Informative

      I recommend HijackThis, it will list everything it finds at all the nooks and crannies that spyware programs use to hook themselves into the system. Note that most lines will be for LEGITIMATE programs/system functions, so select carefully what you want to remove. In any case, I find it real easy to determine what's good and what's not, based on program names and directories. There hasn't been any spyware that I couldn't disable this way, though I usually run Spybot S&D first to take care of the easy and older ones.

    5. Re:Small Issues by toddestan · · Score: 2, Interesting

      Usually deleting the file, then naming a 0 byte file "readme shim.exe", then tagging it as read-only will stop most of those programs pretty well. Just hope the program doesn't get pissed and fubar the system.

    6. Re:Small Issues by startup.cmd · · Score: 2, Informative
      Have you checked the service registry for the startup key? Look in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es. There's a program called sc.exe from MS that allows you to stop these services and drivers from starting up. If you don't have Windows XP (which includes it by default), get it here. Place the executable in your path. Enter these two command lines to stop the offending program:
      C:\>cmd /v:on

      C:\>for /f "tokens=1,2" %S in ('"sc query type= service type= driver state= all bufsize= 51200"') do @if /i %S==SERVICE_NAME: sc qc %T 2048 | findstr /i /l "readme shim.exe" && (set SPYWARE=%T & sc config !SPYWARE! start= disabled)

      What the above does is turn on delayed environment variable expansion. Then it queries all of the services and drivers that the service control manager (services.exe) manages. The command parses the output until it finds the offending executable and sets it to disabled, thereby preventing its startup. You could also use sc.exe to uninstall readme shim.exe. Just read the manual that comes in the zip file.

  34. No need to RTFA... by retro128 · · Score: 5, Informative

    ...because a lot of my work is cleaning up those systems infested with spyware. And that's just my parents, co-workers, and friends' systems. My co-worker has a laptop that she telecommutes with, and her sister got a hold of that thing and loaded just about every cute freeware app she could grab on the 'Net. This thing was so loaded down with spyware that they were wrestling each other for control over Internet Explorer, and it wouldn't even browse. I don't remember exactly how many hits Ad Aware picked up, but it was several hundred.

    I also had a bad run in with new.net. My thoughts about those people would land me in jail if put into action. Read about these scumbags along with removal instructions here. I spent an hour trying to extricate it out of my mom's computer before finding this link. This thing has a DLL that literally ties itself into the TCP/IP stack of Windows, so removing it will disable TCP/IP. Just a slight problem, don't you think? Nothing like an untrusted third party app intercepting your TCP/IP calls and doing god knows what with them.

    I should mention that a different co-worker picked up CoolWebSearch, a particularly evil spyware app that resurrects itself even after you try to remove it with Ad-Aware. An awesome app called CWSShredder is available at http://www.spywareinfo.com/~merijn/downloads.html.
    Also located there is a HiJackThis, which scans regkeys commonly used by spyware and allows you to remove them. Be very careful with this app though, as legit keys are listed too.

    In light my experience, I shudder to think what Joe Sixpack must have on his system....

    Last thought: What gets my goat is how everyone's going after virus writers, but no one's touching these asshole spyware programmers. These programs DO interfere with system operations, are difficult to remove (some even actively interfere with ad-removal software), and run without the user's knowledge. I'm probably preaching to the choir here, but I simply must vent.

    --
    -R
  35. Why dont they name names? by revco_38 · · Score: 2, Insightful

    Why isnt there a list of the ones found most often to least often? Isnt that the kind of info that could bring these things to light? Simply mentioning that X number of people died doesnt tell anyone how to avoid death...

  36. Do what I do... by Anonymous Coward · · Score: 4, Informative

    I teach a basic computing class (basic & intermediate internet use).

    The primary topics are:
    * Cutting & pasting (get them out of the habit of typing URLs manually)
    * The browser is just a program, the internet is out there *points* all the browser program does is talk to the other computers.
    * This is a URL, this is what the bits of it mean. These are TLDs, these have their registration controlled (mil, gov, etc.), these don't (com, org, etc.).
    * You CANNOT trust everything you read online! (*uses google to find conspiracy theories, instructions on making tinfoil hats*)
    * This is Google. Don't bother with the other search engines. Here is how we use its features...
    * You should NEVER use the following programs unless you HAVE to, due to their insecurity:
    - Internet Explorer
    - Outlook [Express]
    * You SHOULD use the following, free programs:
    - Mozilla (replaces IE + OL, I don't want to confuse them by telling them to try Firefox, it's name might change before they could get it).
    - Adaware
    - Spybot Search & Destroy (NB: we use Google to find these; I warn them to beware the impostor programs)
    - AVG Antivirus (Out-of-date AV programs are nearly useless. I know that you don't want to pay $$$ for constant updates. This is free for personal use [but not business use!], here is where you go to install it).

    As you can see, I have it pretty well down pat by now. If any of you have free time, talk with your local library about setting up free classes like this for the community. We reserve one of our computer labs for this one, and I teach a class every week.

    Most computer users aren't as stupid as they are uneducated. We cannot fix stupidity, but we can fix ignorance. Teach them and the messages will spread; hopefully they will also share their knowledge, mitigating the problems caused by poorly educated computer users.

  37. Re:I hate this shit, SO much... by Dok+Fenderson · · Score: 2, Informative

    Have you looked into using a product like Deep Freeze? It locks the HDD down in such a manner that you can install whatever you want to but upon rebooting it returns to the state it was in when Deep Freeze was installed. Just have everybody save to removable media, a network share, or make DF ignore a particular directory and the problem is solved. I've used this as a solution in a couple of small private schools and it works like a charm.

    Dok

    --
    "You can't screw the system, but you can give it a good fondling." -- Too lazy to look it up
  38. Spyware by the+eric+conspiracy · · Score: 2, Flamebait


    Did this list include Microsoft products like Windows XP and Windows Media PLayer? Surely that is just as much spyware as any of the stuff that people download off the net.

  39. Re:Over Hyped by EtherMonkey · · Score: 2, Informative

    That's because a fresh, out-of-the-box, consumer-grade machine from Dell (or HP or Compaq) DOES come with Spyware/Adware installed. For example: WildTangent games, RealOne Player, MusicMatch, et cetera. The manufacturers get PAID to put these on customer PC's and get COMMISSIONS for each conversion to the full-featured product. If you think I'm making this up, then go out to Best Buy, Circuit City, Staples or CompUSA and look at any of the systems they sell. Dell's consumer-level stuff is no better or worse in this regard.

    --
    --- A man with a briefcase can steal more money, than any man with a gun. [Don Henley]
  40. Re:Average this, average that by Sgt+York · · Score: 2, Informative
    True, but as the sample size increases, the effect of individual outliers and small groups of outliers dwindles. Once you hit a certain point, you have to have a large number of outliers, which would represent a seperate but significant group of users. Which is interesting in itself. Personally, I'd like a scatterplot of the data. Then see if you can type it to demographics...these people all had spyware, so it should be easy to get their demographic info.

    Anyway, the Earthlink sample size was over 1 million. A single outlier or small group of outliers will not significantly affect that average, unless they had a couple of hundred thousand instances on his computer, and everyone else had 3.

    --

    There is a reason for everything. Sometimes that reason just sucks.

  41. Lies, damn lies, and statistics. by dtfinch · · Score: 3, Informative

    Their figure of 28 pieces of spyware per computer considers identifying cookies to be spyware. When counting just spyware programs, the number drops to about 5 per computer. That's still quite high. They didn't need to redefine spyware to include things undeserving of the "-ware" suffix to get their point across.

  42. Not far from truth by porky_pig_jr · · Score: 2, Interesting

    Not sure about Earthlink, but recently I've learned that the Pop-ads blocking software I had installed on my machine was in fact spyware.

    So I've removed it and installed Google. At least in Google you can explicitly set the option so it does not collect any information (hopefully, Google is more trustworthy in this respect).

    1. Re:Not far from truth by brandonY · · Score: 5, Informative

      I recommend Mozilla or Firefox. They block pop-ups, pop-unders, all potentially bad ActiveX controls, and just about every other form of spyware. If you act now, you can even get standards compliance thrown in for free!

    2. Re:Not far from truth by Three+Headed+Man · · Score: 4, Interesting

      I reccommend Firefox to every single person I know. I run Spybot and Adaware pretty regularly, and haven't had a single bad thing turn up since January. Not a single solitary cookie. You can go into the Preferences menu and have it ask you if you want to accept a cookie. I deny cookies unless I know I'm going to need them to log in, like to slashdot. Like this, I've been free for a long time.

      In a related note, a friend who uses AOL and IE, and had the install for only 1 (one) year. After one year of usage, Adaware turned up three thousand things it deemed as "bad."

      --
      I'm probably at the karma cap. Mod up a funny troll instead, it lightens the mood :)
    3. Re:Not far from truth by spike+hay · · Score: 3, Interesting

      I agree with child poster. Just install Firefox. I use it. It uses less ram than IE, blocks popups, has a nifty built in Google search bar, has tabbed browsing (multiple webpages open in single window) and blocks annoying java and activex. Try it. It kicks the ass of IE, even with the Google Toolbar.

      Internet Explorer is a terrible browser. I'm amazed why so many people, even those knowledgeable about computers, use it. Just because it's built it doesn't mean it is better than the competition.

      --
      If you don't understand any of my sayings, come to me in private and I shall take you in my German mouth.
    4. Re:Not far from truth by KrisHolland · · Score: 3, Informative

      You are mistaken, Spybot Search and Destroy *IS NOT* spyware.

      Here is a list of *SAFE* Adaware and Spyware removal tools.

      *Free*

      Spybot Search and Destroy
      Adaware

      *Not Free but Good*

      Pest Patrol

    5. Re:Not far from truth by John+Biggabooty · · Score: 2, Interesting

      If you mean Spybot Search and Destroy, Pest Patrol is probably finding the quarantine files it creates after cleaning a system. That's a false alarm. Many spyware removers find each other's quarantines. I am curious, if Pest Patrol really did find Spybot Search and Destroy, what kind of pest did it call it? If you have DeCSS, or anything that could remotely be considered a hackers' tool, Pest Patrol will warn you that you may face liability if caught with it.

      --
      That's Bigboo TAY! TAY!
    6. Re:Not far from truth by gregmac · · Score: 2, Interesting

      I reccommend Firefox to every single person I know.

      Me too. And so far, everyone that's switched has loved it - including completely non-technical users.

      You can go into the Preferences menu and have it ask you if you want to accept a cookie. I deny cookies unless I know I'm going to need them to log in, like to slashdot. Like this, I've been free for a long time.

      You know, this is something that is a kind of strange thing. I'm more annoyed by the message coming up asking if I'd like to accept the cookie or not than I am just having a cookie get stored. It's not like it's useful for anything. They can't pop-up advertising. They can't have it interact with spyware on my computer (since there isn't any). They don't actually know anything about me, other than the sites I visit they have tracking on. They can use it to display ads on the web page that are more tailored to me.

      They can't link that information up with my real name, unless they gather it from a site somewhere. And I'm not going to be entering my real name or address or other details on random websites. So who cares? They can collect all the stats on this random person (me) they want, and sit there and do nothing with them. In fact, they're probably collecting stats on all 3 of me, from my home pc, laptop, and work pc.

      Yeah, that is my tinfoil hat in the crumpled ball in the corner.

      --
      Speak before you think
    7. Re:Not far from truth by understyled · · Score: 2, Interesting

      I recommend Mozilla or Firefox.

      i'd like to recommend Opera; blocks popups if you want it to, turn off javascript, plugins (like flash. goodbye flash ads), and cookies at will, all within the incredibly useful menu that pops up when you hit F12. also warns you when sites try to set "illegal" cookies. gorgeous browser and very customizable.

      --
      Sig (appended to the end of comments you post, 120 chars)
  43. Re:Average this, average that by Anonymous Coward · · Score: 4, Informative
    You are using the wrong statistics terms:

    Mean: The sum of the value of every item divided by the number_of_items in the sample.

    Mode: The item in a sample that has the highest value.
    No, you are.

    You defined the arithmetic mean, which is commonly known as the average.

    Mode is the item in the sample that occurs the most frequently. The item with the higest value is called the maximum.

    The median is the value that occurs midpoint in the list of values when they are sorted in ascending (or descending) order. If the list has an even number of values, the median is the average of the two middle values.

    Dork.
  44. Thank God Mom Has A Mac by akira69 · · Score: 4, Insightful

    Thank god my parents have a Mac. I'm reading these horror stories and I am cringing thinking if I had to support a PC for the P's... I do support one for a friend, and my god what a clusterf**k. The're going to Mozilla for good.

  45. Not only the average PC... by master_p · · Score: 4, Informative

    And this is the case not only for home users, but for intranets also. I recently did a research in my company, and ALL Windows PCs (I mean all, 100%) were infected with at least one registry hack or spyware.

    Most PCs had 100s of registry key compromises (Alexa being the most usual), and lots of spyware...some even had trojans and worms, even if Norton Antivirus is installed to all PCs as a company policy.

    I recently changed my boss' internet explorer with Firefox, and replaced all desktop IE links with firefox.

    I have made the habit of running Spybot - S&D and Lavasoft's Ad-Ware at least once a week, as well as having Antivirus on at all times.

    Has anybody calculated the cost of malware ? it could be thousands of billions of dollars. So much time spend cleaning Windows installations, doing system scans, reboots, registry restores and cleanups...not to mention compromized servers and server downtime.

    How much, if Microsoft was charged, would they have to pay society for the damage ?

  46. The cookies they do nothing... by Ayanami+Rei · · Score: 4, Informative

    At it's simplest a cookie is a just a mapping from a string to a value that your computer stores on the behalf of some webserver. It looks like this:

    slashdot.org / 31 Apr 2004 user 621112::jrLk8rfhJlszg7DMS6cI83

    Your webbrowser will provide that information to the server (slashdot.org) at a later time (before the expiration, 31 Apr in this case). In this way the server can "remember" who you are by storing whatever it would have otherwise forgotten as that cookie which is saved to your hard drive. In this case it's remembering that "user" equals 621112...blah blah blah. When slashdot sees me trying to load the front page, it gets that cookie, which it looks up and figures out maps to "Ayanami Rei" and shows me my Slashdot homepage as opposed to the generic one.

    Here's the thing. Your web browser justs sends ALL the cookies that the webserver ever left everytime you fetch a URL from that server since it can't tell which one it might want... the server ignores the ones it's not intereseted in.

    So whenever you see an ad banner coming from some site like doubleclick.net, you can be sure that it's setting and checking a doubleclick cookie. The thing that makes it dangerous is that it can also tell (from Referer headers also graciously provided by your browser) what page that ad was referenced from (and hence what page you were browsing!) So doubleclick.net can track you between sites that use their ad banners.

    Etc. Some websites concerned about tracking traffic insert invisible images that fetch and set cookies from centralized webservers to get statistics. While cookies only get and set themselves to servers with the same name, that doesn't mean a bunch of websites can't subscribe to one tracking service. (And they often do...)

    So while I wouldn't call it spyware, you need to be aware of the potential privacy implications and you need to carefully inspect your cookie files or cookie permissions. Mozilla lets you block access to cookies by originating sites, so you can control who can and can't use your cookie storage.

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
    1. Re:The cookies they do nothing... by Anonymous Coward · · Score: 2, Informative

      You just posted a one-way hash of your slashdot password, which can now be brute-forced cracked offline quite conveniently.
      May I humbly suggest you change your password, here and on every other online service where it is used as well (if you're the password recycling type)?

    2. Re:The cookies they do nothing... by Guido+von+Guido · · Score: 4, Funny

      Yeah, but it takes all the fun out of it when somebody cracks it and discovers that it reads "badgerbadgerbadger."

  47. Well, duh! by macdaddy357 · · Score: 2, Interesting
    The Average PC is Infested with Spyware.

    Well, duh! You don't need to tell slashdotters that, you need to tell the technically illiterate clowns who don't read slashdot, and can't find any website that doesn't end in .com. They used to get quite a shock trying to find the White House!

    --
    How ya like dat?
  48. Re:Stopping this crap by kyoko21 · · Score: 2, Informative

    I doubt anyone will actually see this besides you so I will post the meat of my squid.conf file. It doesn't block ALL garbage, as for it only blocks the garbage that I have encountered. In a way it is only as good as the person that *trained* it.

    What I have done essentially is enabled the real time URL filtering access control list abilities of squid. It isn't clean but instead of plastering it with crazy regular expressions, I have attempted to keep the list in alphabetical order (well I need to sort it yet again...).

    I also have a fairly massive host file that cover some sites that I am not blocking. Though I could technically incorporate the host file into the squid file but I haven't done that either... lol!

    I also have installed a lame little web counter that gets updated (works >50%) when redirected from the deny info tags.

    you can see the configuration snippet here.

  49. Re:whoa! by FryGuy1013 · · Score: 3, Informative

    http://www.musicsonglyrics.com/T/Thursday/Thursday %20-%20Division%20St%20lyrics.htm

    http://forums.mozillazine.org/viewtopic.php?t=68 86 9&highlight=xpi
    for more detail + links to other posts.

    --
    bananas like monkeys.
  50. Bullshit by burbilog · · Score: 4, Informative
    Ditch IE for Firefox. I just did 2 clients' computers today (running slow, yadayada) and guess what? One had 18 spyware trojans installed, the other had 64 (as well as a couple of viruses). Firefox (any Gecko-based browser) is not vulnerable to the crap that IE is. I always tell my clients to not use IE anymore. When they listen, they always have a better overall experience.

    Firefox is not MUCH more secure than IE. Wanna proof? What's the fucking difference between IE's box asking about installation and Firefox's one? Yes, I'm talking about .xpi files. How long it would take before spyware will distribute itself as .xpi files and users will happily click "yes" in these boxes?.... I love mozilla. It's a very good browser. But don't think that it's a magic cure for all spyware.

  51. What qualifies as spyware? by asmellysock · · Score: 2, Interesting

    I briefly ran their "TotalAccess" software (not recommended, btw) which included some sort of spyware detection. It decided that VNC was spyware and removed some of its settings (I forget what exactly) from the Windows registry. It did not find anything else on my system, but I wonder how many other false positives it yields.

  52. Re:whoa! by ErichTheWebGuy · · Score: 2, Informative

    OMG! That makes me angry. The plugin that comes from the first URL is from www2.flingstone.com which redirects to the following URL: http://www.blazefind.com/license.html which is a clear slyware eula. I suspect that this would install and run beautifully on my Linux box with Mozilla 1.6... I feel like a child who has just had his innocence stolen.

    --
    bash: rtfm: command not found
  53. Does JavaScript Spyware Count by poweroff · · Score: 2, Interesting

    Did anyone else notice the Javascript in the second link using https to report home ever 10 seconds or so?

    I didn't bother to go to far into disecting it, but I do find it amusing that it's obviously up to something on the page with an article about spyware.

  54. Analysis of the tool... by ChrisPaget · · Score: 4, Informative

    The Register carried this story earlier - I posted this to John Leyden, and might as well repost here....

    Being somewhat bored on a Friday afternoon, I decided to take a quick peek at
    this software from Earthlink, and found some rather disturbing results. In
    fact, it's ill-represented, borderline illegal, and about as intrusive as
    RealPlayer (and that's saying a lot).

    I ran my machine through their quick'n'dirty scan, which reported
    1 Trojan,
    5 Adware programs,
    65 Adware cookies

    Given that the combined might of one internet security expert, Ad-Aware,
    HijackThis, Spybot Search-and-destroy, and Network Associates Antivirus (all
    with the latest updates - me included!) found nothing, I got somewhat intrigued
    and looked a little deeper. My (american) fiancee has an Earthlink account, so
    I borrowed, that, downloaded the software, and (several reboots and updates
    later), ran their proper spyware detector.

    This showed up that it had found 123search, Alexa Toolbar, Bonzi Buddy,
    OpenSite, and Netbus(!!) on my system. Every one of those apps would be found
    by at least three of the apps which I regularly run, and every one of them would
    have been found in the manual checks which I periodically run as well. So I
    went a little deeper...

    Once the checks had been run, I paused a little before allowing the tool to fix
    the items it had found. In the meantime, I fired up regmon and filemon,
    allowing me to see *everything* that the tool was doing.

    This turned out to be not a whole lot. No files outside of either the Earthlink
    install folder or the system registry were modified in any way. The only
    registry keys which were deleted we for Netbus settings (OK, I fiddled with it
    for a project about a year ago, but a registry key isn't exactly the same as
    having it installed!) and a few random CLSID's that could have been anything.
    Not exactly convincing evidence - especially considering that I know none of
    those other apps have ever been anywhere near this machine...

    So, having "fixed" everything, I ran the quick'n'dirty scan again. Surprise!
    My machine was clean. So, I uninstalled the proper software (its ONLY saving
    grace - it uninstalls cleanly), rebooted, ran the quick scan again, and was not
    entirely surprised to find that it now listed no trojans or adware, but 18
    tracking cookies. Despite only accessing the Earthlink site (and El Reg) since
    it reported that I was clean. And still, Ad-Aware and Spybot report nothing...

    Essentially, it looks like this is reporting large numbers of problems in order
    to convince you to pay Earthlink for their software, which then magically
    "fixes" all the problems (which never existed in the first place). They're
    trading off the FUD associated with Spyware, and it's ethically and (probably
    legally) wrong. Their product may be of benefit to people who know no better,
    but I'd stick with Spybot S&D and Ad-Aware - two very good (and free) apps
    which, when combined with a decent AV scanner (and maybe a personal firewall, to
    boot) give you all the protection you need from spyware, and a whole lot else.

    I have screenshots, logfiles, etc...

  55. Common Sense by foxalopex · · Score: 2, Funny

    Geeze I don't know why adware is such a huge problem. I always tell my family not to click "yes" whenever IE asks you to install something and they don't because I've already installed everything you need. Plus we get the latest windows updates whenever they come out. That alone will keep you safe 99% of times. Unfortunately I suppose there's folks out there that hit "yes" to anything. I wonder if someone put a pay me $100 pop-up (yes/no) if they'd learn faster.

  56. MSConfig by giveuptheghost · · Score: 2, Informative

    Or, just click Start, click Run, type "msconfig," hit Enter, click the Startup tab, and uncheck anything that you don't want to run at startup. There are numerous guides online that can help you sort the wheat from the chaff, and just doing this once will probably be enough, especially if you have a name-brand PC that you bought from Best Buy (since manufacturers and places like BB tend to pile on a bunch of unnecessary startup modules).

  57. The average earthlink user... by ca1v1n · · Score: 2, Interesting

    That's funny, because Sprint's residential DSL, which partners with Earthlink under an arrangement whose terms are not known to me...

    wait for it...

    HAS SPYWARE BUILT INTO THE SETUP SOFTWARE!

    Or at least it did when my parents subscribed. Nothing that a disk crash and a reinstall with RASPPPOE couldn't solve, but wow.

    I guess that's not quite as bad as their new Compaq desktop that came with spyware PREINSTALLED.

    There's a general philosophy amount consumer software and hardware distributors that people don't want to know what goes on underneath, and give their tacit permission for them to put whatever the hell they want on there. We keep blaming code bloat for making computers run slower than they used to, but maybe the fact that people have a couple dozen completely unnecessary processes running, each using just a few megs of RAM that nobody would notice missing by itself, has something to do with it.

    Granted, I could probably cut down on a few things running on my fairly stock Debian/KDE workstation, but they use about 1/100 the resources as the useless crap on my parents' machine. Of course, none of the things on my machine that I'm not entirely sure I need are designed to scan web pages I read for key words and deliver pop-up ads for competitors.

  58. If all of you were truely GEEKS by eadint · · Score: 2, Interesting

    you would say come up with a virus. a good virus not a nasty one. the type of virus that as soon as it detects another virus or spy-ware it would flood the offender with goatse.cx pictures until their servers blew up, better yet a virus that does that t spam to. if you really were geeks there would be a posting in the next week or too of a really good app that was an awesome counter strike to spam/spy-ware/ad-ware kinda like a seti at home dedicated to destroying the aforementioned banes to the computer world.

  59. is it spyware... by way2trivial · · Score: 2, Insightful
    Yer right, how did they ever find out that the average PC had 28 bits o'spyware, since they never spied..
    I use S&D, and it don't tell nobody what I found.. so how come earthlink knows?

    the proof is in the subject, THEY KNOW HOW MANY THEY FOUND....

    --
    every day http://en.wikipedia.org/wiki/Special:Random
  60. Re:True true by BCW2 · · Score: 2, Funny

    At a friend's computer store he charges $75-150 to remove spy-ware and install ad-aware or spybot. All he does is run ad-aware and then spy-bot. The charge is for the time and the dumbass factor. He has one dumbass that pays this monthly because he's to stupid to stop clicking and run the programs himself.

    --
    Professional Politicians are not the solution, they ARE the problem.
  61. Distorted numbers by Knights+who+say+'INT · · Score: 3, Insightful

    Spyware removal software typically counts the number of files + the number of cookies + the number of registry keys related to spyware it finds. So it's not uncommon to get a report with over 150 items when the user has only installed Gator.

    A badly-spyware-ridden machine could have thousands of those items.

    Now, if only one computer out of 10 has Gator, you'll still find that on average, each computer has 15 items. Most typically - specially in corporate environments - you'll find a few machines with thousands of spyware items and a lot of computers with no spyware - since employees aren't _all_ fucking around with company time.

    So, um, another ignorant Slashdot story. Grr.

  62. This is why I hate Windows by Xabraxas · · Score: 2, Insightful

    This is exaclty why I can't stand Windows. Every little program has spyware and leaves crap all over your system. It's either that or god-awful adware that makes a desktop look like a carnival. A Linux desktop is quite refreshing to look at.

    --
    Time makes more converts than reason
    1. Re:This is why I hate Windows by mac+os+ken · · Score: 2, Insightful
      The main purpose of using my Windows machine was using it with the internet. Through normal use my machine de-evolved into an unusuable sluggish piece of hardware. Not on just one computer but two.

      There are so many options available that the masses just don't know about. (Mozilla for one.) Another problem is that people seem to think that if it isn't made by Microsoft (my parents back home for one) it doesn't work.

      Using a piece of computer hardware shouldn't be a painful and frustrating experience. I don't want to click through two pop ups to get to content. I don't want worry about worms and virii every week. I don't want have spyware popping open my drive bays every hour and then tell me I need to buy a product to make it stop. That is RIDICULOUS.

      Then I switched to Mac OS X. Well, you know how those stories go.

      :D

      --
      .deviatefromtheabsolute.
  63. Webroot's SpySweeper is really, really good. by Ride-My-Rocket · · Score: 2, Informative

    I had been using both Lavasoft's Ad-Aware and Kolla's SpyBot Search and Destroy to keep my box free of crapware, before my boss turned me onto Webroot's Spy Sweeper.

    I've been SpySweeper as my primary spyware scanning tool ever since, with Ad-Aware as a 2nd-scan chaser. On the rare occasion that Spy Sweeper misses something, Ad-Aware always gets it, with a 0% margin of error (when using Spybot S&D as a 3rd-round scanner). Conversely, there were a few occasions that Spy Sweeper missed something in Round #1, but Spybot S&D also missed a few in Round #2, so that it was necessary to run a 3rd scan at all using Ad-Aware.

    To summarize: Spy Sweeper rocks. If you want even more security, run periodic Ad-Aware scans, and you should be spyware-free (assuming you keep your product definitions updated).

  64. average 28? by ende · · Score: 3, Interesting

    I'm a fairly saavy (hate that term) computer user, 20 years experience, professional web developer.. I know what to avoid, I know what to click no on, I have stop-the-pop on my win box.. I still have on average 40 different spyware apps installed on my box every week (between spybot and adaware) .. When ever I go over to someones house and run a scan for the first time, there are generally over 400... its getting outrageous.

  65. Earthlink Spyware Audit by dimplemonkey · · Score: 2, Funny

    Did that 28 include theirs?

  66. You're making it too complicated. by robfoo · · Score: 2, Insightful

    Medicine is complicated, but most people know enough that if they have a headache, aspirin will make it go away. They don't need to know exactly what aspirin does at the molecular-biology level.

    Almost every complex thing breaks down into simpler parts, or concepts.

    This can be applied to cars - you've got a seat, an engine, wheels. The engine is connected to the wheels by something (we could call it the drivetrain if we so wished). The front wheels are connected to the steering wheel, and can turn left and right.

    Using just this basic information you can start to diagnose problems - if the engine is going, but the car's not moving, the problem must be either a lack of wheels or something's wrong with the drivetrain. That kind of thing.

    Same thing works for computers - except because it's mostly software (where the problems lie) it's a bit harder to grasp. People just need to be told the basic steps computers go through (after all, that's all they do, just step through instructions).

    If my mother was to ask me how Internet Explorer works, I wouldn't start by telling her the names of API calls (not that I know them). I would tell her you type in a URL (which includes the name of a server), it asks another computer where that server lives and then goes to that server and asks for a document.

    My point is that just because something's complicated isn't an excuse, or an invitation, to be ignorant. Almost everything can be abstracted to high enough a level for anyone to understand, at a basic level.

  67. Users are stupid. by rice_burners_suck · · Score: 2, Insightful
    Yeah. Peoples' computers are so full of crap that it is disgusting. I get these things all the time. That's what happens when people know that you know computers. They say they get some "black screen" or something incredibly descriptive like that, and that the computer doesn't work anymore. (Most people who have money will, at this point, decide that the computer is no longer any good, in much the same way that unknowledgeable drivers with money decide that their car has gotten 40,000 miles on it and is therefore useless, and will replace it with a new one, costing 10 times what it should, with 90% of its features being totally unnecessary for their needs, despite what you'll tell them if they consult with you before buying it, and with 1000 programs preinstalled that they'll never ever use.)

    So I take a look. In my experience, most people have about 3 programs they use most of the time. For most people using Windows, that would be Explorer, Outlook, and then something else, like Word or something. But, and this NEVER EVER fails, they ALWAYS have about 175 programs installed that take up tons of space, many of which have all kinds of daemons that run in the background, causing the hard drive to grind around all the time, causing all kinds of weird and questionable messages and popups to appear, and best of all, make the whole thing run so damn slow that it's a wonder they can get any work done.

    Unfortunately, no matter how hard you try to explain it, 99% of the users DON'T understand: Use this computer for its intended purpose, and DON'T download or install all kinds of shit! Don't go to all kinds of web sites that you aren't familiar with! Don't run or open something when you don't know 100% for sure what it is!

    But do they listen? NO!!! Of course not!

    The solution is to develop a finely grained security model where not only is the user and his files protected, but so are processes, pipes, and just about any other "object", as it were. And these damn things should ship, by default, to do what most users need to do, but under extremely limiting circumstances, so that their computer will refuse even to download some attachment to an email unless some really complicated process is first carried out. Something requiring commands to be entered into a terminal window. Because even if you ask, "Are you ABSOLUTELY POSITIVELY SURE you want to open this attachment, which will MOST LIKELY **D**E**L**E**T**E your files, beginning with those that are most important to you??? Push any key to answer "no" or type, "I, [your name here], do hereby solemnly swear, under penalty of deletion of all of my files, that I am absolutely positively sure that I WANT TO OPEN THIS ATTACHMENT, which will most likely delete my files, beginning with those that are most important to me," you can rest assured that MOST users will simply punch all of that in to answer "yes" and then wonder why in the hell their computer doesn't work properly.

    But the best part is when they don't understand that the malfunction is all in software, which should, at that point, be blown off and reinstalled, and instead think that replacing the entire computer will solve their problem. And then they download all of the same **S**H**I**T** into it and end up in the same situation.

  68. Lockdown ActiveX on IE by B.D.Mills · · Score: 2, Insightful

    I use IE on Windows, more due to apathy than anything else. I have also not had to remove ANY spyware AT ALL from my PC (other than cookies) in the last four years.

    The secret to my success is to lock down ActiveX and restrict scripting. Most of these spyware apps do drive-by installations through ActiveX applets, so if ActiveX is disabled then spyware cannot be installed.

    I have included many websites in the Restricted zone, where scripting and ActiveX are both disabled. The default setting for new websites is to prompt for ActiveX, and I always say No unless I know in advance what the ActiveX control is.

    I have to say No several times a day, but this is no more onerous than closing a popup, and if it annoys me I could always disable ActiveX.

    I also scan with Adaware and Spybot Search and Destroy periodically, and I use a popup blocker and Zonealarm. Not much gets through all of that.

    --

    The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
  69. No correction needed. by Qwaniton · · Score: 2, Funny

    The average PC is a Windows box run by an idiot with 28 malwares on it.

    Makes sense to me.

    </slackwareuser>

  70. Why is it that spyware is legal ? by kaisa_sosey · · Score: 2, Interesting

    Doing the same thing as spyware on your own can get you some years in jail. But if you act as beeing a company doing profit with this stuff then it's perfectly legal.

  71. Re:Zealots guide to using Internet Explorer safely by drooling-dog · · Score: 2, Interesting

    Oh, please. Why is anybody who wanders outside of the Microsoft cage a "zealot"? What we really need is a pithy word for people who willingly wallow in the same cesspool year after year, especially when it's so easy now to climb out...

  72. Fraud by IgwanaRob · · Score: 2, Informative

    This so called "Spyware Detection" program is a fraud. It is nothing more than a marketing ploy to get people to join Earthlink.

    First, it claims that I have several spyware programs on my machine that I know for a fact I do not. Alexa and Wild Tangent are no where near this machine. Spybot and AdAware confirm, as well as manual checks. Seems they are possibly scanning registry keys, and finding SpywareBlaster's kill bit - either that or it is flat out lying.

    Second, it uses generic names for non existent "trackers" - "Spy #5c5f4 -- Research In Progress" - sorry, if it's real, then it should have a name.

    Finally, and this is the most aggravating one - this program identifies a cookie that Earthlink itself places on your machine when you visit this page as a adware cookie. They also list one cookie that I do have that I need - from TV Guide - to keep track of my channel listings on the TV Guide site. This I'll simply ignore, even though it's still wrong.

    This means they are intentionally placing files on your machine so they can identify stuff to make you, the supposed ignorant user, paranoid and lead you to believe that joining their service and using their tools (which are freely available anyway) will keep these things off your machine.

    --

    ~~Iggy~~
    The gene pool needs a lifeguard....