Slashdot Mirror
Spyware Becoming Worst Tech Support Problem
teknurd writes "Wired has an article about the growing problem of computer users having to call tech support to get help removing all of the spyware on their computers. 'The fast-growing phenomenon is already responsible for more than 12 percent of all technical support calls in Dell's consumer hardware division, the biggest category of complaints this year, company representatives said.' Personally, I have had to remove this plague from the computers of several friends and family members."
with the company i work for id love to make suggestions to help people rid themselves of this, but were not allowed because its all third party stuff. i dont work for an ISP, but an internet banking group, and time after time people are blaming their bank for redirect hijackers and popups...all i can say is that your computer is messed up and you should try to call your ISP for assistance. not like theyd be in a much better sitch than me. too bad we can convince people to stop clicking on every bloody thing that pops onto their screen.
________________________________________________
between spy-bot and hijack this, i have been able to remove any spyware i have encountered. The trick with spybot, is that people need to know what they are doing, so they dont screw up their computer. Adaware is dummy proof, but only does gets a portion of the stuff.
That, and AdAware.
So that they catch what the other one missed.
If I was an OEM, I'd get a license from one of the companies to include AdAware/Spybot on the shipped systems and set it to run once a week. That's gotta be worth it to remove 12% of support calls!
If I remember correctly from a previous article (3-6 months ago), Dell prohibits its tech support from helping customers remove certain programs that could be considered spyware. They are unable to do so because Dell, and some other suppliers have partnerships with the makers of the borderline spyware.
What a crock!
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
I support this kind of thing every day at work with the odd internet customer/staff member. Spybot has really helped out a lot - its free, small, and works great. I can believe the 12% figure, but here at the ISP I work for, its more like 60% of calls, only the customer doesn't know they are calling for this particular problem. For them, the internet and their computer has just bogged right down so they think something is wrong with the internet.
You create your own reality - Leave mine to me.
"the developers get paid, in theory, by companies that want to harness the spare computing cycles on thousands of computers to solve some complex computing problem."
i wouldn't actually mind giving a fwe of my spare cycles to someone if they needed them for something legitimate.
everyone i know ran the SETI@home screensaver... not only were you contributing to something, but it looked way cool too!
and if you see me strut, remind me of what left this outlaw torn...
I used to think that only computer novices got spyware. But just this past week i got several all at one time. i have no idea how it happened ( i dont even use internet explorer) but it was bad. after i run ad-aware and mcaffee to clean them off, one of them deleted some important files under my system folder, or at least thats what i assume because my tcp/ip wouldnt start. i ended up having to totally reinstall windows. ive since decided im going to try and use windows as little as possible, only when i need to work in photoshop or office (i have the newest versions, ie no crossover office). but beware even advanced windows users can still get these things.
I'm [network/unix/Mac/Novell/some windows] support for a ~200 user research place. Every Friday our Director of Research sends out a "what's up" email talking about various projects, etc. A couple of years ago I was asked to do a weekly thing called "Computer Corner". What I do is have a paragraph with a link to an internal webserver I run with more info.
I did a spyware article a while back and on the server had some tools for installation complete with how-to's, screenshots, etc. Naturally some people aren't geeks and are a bit leery of anything remotely technical so we always offer to come do the work if needed. That happened only a handful of times.
If you have a lot of users that approach may be helpful.
Trolling is a art,
Last night I spent 3 hours at a neighbor's house on spyware patrol. He's a fireman who plows my driveway for free (he is Joe Sixpack personified), and I'm his volunteer tech monkey. I cleaned them all out 2 months ago, and now they were in worse shape.
All 3 of computers were unable to surf the web. Teenage daughters had downloaded Kazaa, weatherbug, morpheus and others. I explained the dangers of spyware (and getting sued by the RIAA, hoping the scare them into ending the spyware party) to them last time, with predictable results. I also advised Dad to lay down the law (I'm not holding my breath).
The 98SE box (yeah, I know) was completely hosed. Booted up, auto-launched about 8 different programs, auto popups, and would actually blue screen before I could launch a single app. I blew that one away, reinstalled from scratch, and ran Windows update (requiring 5 reboots) for close to 2 hours (ever run windows update after a clean install of 4-year old media? Not fun).
And he has a hardware firewall and fast cable modem connection: this would have been impossible on dialup (and the clean install would have been compromised within 10 minutes without the firewall).
After all of this, I had all 3 computers working fine, with up-to-date patches, virus protection, and an Ad Aware icon on the desktop. Also a lecture on the evils of spyware to the assembled daughters.
I'll be back there in a month or 2, guaranteed. Let's hope for lots of snow next winter.
I love how the Microsoft representative draws no line between open source software and free-closed source software with his comment "If something's free, there's often a catch." Furthermore the Microsoft and Dell reps both say that the best protection is to keep MSIE up to date. Too bad neither of them mentions mozilla or mozilla firefox. I wouldn't expect the microsoft rep to but I can't believe the article's author doesn't mention it.
Then again - don't use mozilla - according to microsoft - if something's free, there's probably a catch. I bet its full of spyware right now. Just like those microsoft "Smart Tags" we read about yesterday.
Spybot removal software is one thing, but is there a real solution to this problem?
User's will continue installing software they think is cool, or hear about from their friends/colleagues - be it bonzi buddy, kazaa or anything else. Pretty soon they'll start facing problems - the computer would begin to be unresponsive since kazaa is eating all the cpu, searches in google fail because IE is redirected to SearchScout, or whatever else you have/
Cure is one thing, what's the prevention for all this? And I ask this, not for informed, knowledgeable users, but naive home users who don't know any better?
No M$ bashing please. I have heard of several tools that keep track of what's installed and the changes to registry, but haven't come across anything will a simple interface and a "knowledge" of most common spyware (possibly updated frequently from a public server). Such a tool would at least make the customer support job easier!
http://efil.blogspot.com/
Dell should just provide users with a Windows Live CD that contains and anti-virus program and a spyware removal program.
Pop it in, computer boots up, runs the anti-virus and spyware removal, shuts down.
Then there is no hassle for the customer about them going to an internet site and installing a program, and then figuring out how to run it.
That's interesting. I usually stick with ad-aware, but decided to evaluate some other products for use at work. Within 2 minutes of installation (The first time I ran IE afterwards), I had a popup from gator come straight up. I'm not saying without a doubt that spywareblaster contains gator from the original source, but the copy I got my hands on snuck gator in. Anyone else seen this? Did you download your copy direct or from a download mirror? (Also interesting to note is that spywareblaster, as of the last version I saw, did not detect gator as spyware.)
I can count to 1023 on my hands. Ask me about #132.
"A separate study by Internet service provider EarthLink found more than 29 million spyware-related files on the 1 million computers the company tested."
Earthlink uses those types of data mineing files in their total access software. When I run spybot and Ad-ware, it constantly finds the files tied in with earthlink for advertising.
Not to mention AIM now has pop up advertising and things. I am glad that I don't have to use my windows machine for anything more than audio processing for the most part. I couldn't imagine what it would be like if I used it to browse the web regularly...
root 10956 5164 0 Oct 22 - 0:23 sendmail: rejecting connections: load average: 70 (isn't sendmail just too kind)
I can attest to the fact that some sites that are using those horrible ActiveX install popups are now also including XPI popups as well, at least for firefox in win32.
Finally, Friedberg [from Microsoft] cautions Internet users to pay extra attention to offers of free software. "Be suspicious," he said. "When something's free, there's likely a catch."
I worry that ordinary users will associate the free software work done in the Linux/BSD community with spyware - or more likely that MS will turn up the rhetoric against the Linux/BSD community when the competition gets hot in the desktop space.
There is one thing I cant figure out here. Spyware is the next big thing after virii... why havent the big anti virus companies gotten in on the action? I mean, how much more work would it take a McAffe or Symantec to add spyware detection tools and removal software to their current products? If you think about it, the only big thing that distinguishes one AV company from another is there response times to a new virus. Wouldnt this be a very sellable feature?
:)
On the bright side, the big kids staying out of it, allows little guys the like LavaSoft ( ad-aware ), to carve a niche for themselves. However, in a lavasoft type company gets smart and offers virus removal in their tool aswell... why would you not get the do it all tool, instead of two pieces of software?
Its always funny watching big commerical companies miss the boat on stuff like this though
Also, I may be wrong, their may be an AntiVirus product out there that deals with SpyWare. If there is, please let me know!
However, OS X appears to phone home on boot. Check out some of the ip traffic (you can't use kismet or such as the OS X box is still booting, but you can look at the log from your router/firewall). This may not be spyware, technically, but Apple does see which systems are connected, if you let them. If you block this traffic or boot without an internet connection, the system still works fine, of course. I don't have an XP box to play with, but my buddy Amit says the same thing occurs. Any comments?
We coupled XP permissions, SUS (godsend, that thing) and NAV Corporate. NAV updates everyone's definitions as soon as they come out. SUS sends out updates nightly (usually a few days pass after they're issued by MS so we can test and approve them). Firewall keeps dump RPC requests out.
Since then: no viruses, no spyware. Time taken to set up all of the pieces: a few days. Money spent: XP licenses came with new machines, NAV cost a couple grand, SUS was free. Time and frustration saved: priceless.
I work at an ISP and we get a fair amount of calls pertaining to spyware/adware. "As soon as I connect to your service I have all these ads coming up on my screen!" "I keep changing my home page but then it goes back to this porn site!" All that we are supposed to support is getting people connected to the internet and setting up their e-mail.. so they always get upset. I personally prefer SpyBot, but management tells us to recommend Ad-Aware. The best is when they call up because Ad-Aware didn't fix the problem. "Now what?!". CWShredder can be pretty useful in these situations.. For your own personal machine I recommend SpyBlocker. It isn't free anymore, but it's worth the money to buy it. It's a real-time ad/spyware/bug/cookie filter. It works quite well.
She's running windows 2000, and logs in as a USER.
I've got Admin rights to her computer. When she needs a game installed, I install it. But limiting her to user rights, she doesn't have to proper access to install ANYTHING.
This works for me.
Executive ability is deciding quickly and getting someone else to do the work. --John G. Pollard
Sometimes it's just about hopeless. I threw together a computer for my girlfriend, who has a Comcast Cable connection. Fully patched, with AVG, Zonealarm, and ad-aware. There are 6 other people who use the computer.
If I don't maintain it to the point of once-a-week troubleshooting, the next time I stop by, there is more garbage/spyware/viruses/popup junk than I can possibly understand. Comet Cursor, Weatherbug, Bonzi, that "set your clock" thing, backdoors, and a deluge of popups that will make your head spin when IE is loaded ( I installed Opera. They don't like it. ). You're probably thinking, if I had correctly installed all the stuff I said I did, this wouldn't happen, right ?
If only it were that easy.
Zonealarm ? Well, they were having problems with their internet one day, and decided it might be that firewall thing, so off it went. Despite my insistence, this happens fairly often - because they don't actually see the negative effects of it.
Viruses ? AVG just disappears. Someone must be uninstalling it, because it's usually gone when I go looking for it.
The spyware ? I don't really know where it actually comes from. There's usually a bunch of other junk apps and game demos, I assume that's how they find their way on to the computer.
So yeah. PEBKAC. at least one of the problems.
Funny, it is integrated into McAfee. I use it in my 100 person company and it works pretty well. The feature is called "Find Unwanted Programs" or something. It's all set up with EPO so I know every desktop has it, and nobody can turn it off. Catches most spyware, and McAfee is good about updating.
There is one major drawback. McAfee decides what is an "unwanted program" and you can't change it. It stops some tools that I would rather it didn't. However, I've found this trade off to be well worth it as I spend exactly *nill* time cleaning spyware.
I get calls all the time about the "virus" someone or other just got though.
If a bunch of spyware sites are set to a certain # of hosts, can we just make them resolve to 127.0.0.1 with a nice custom hosts file?
I know mike's ad blocking hosts file does it for pop-ups, but what about stuff like bonzi buddy?
If so I'd like to put it on my dad's computer. Problem is, a lot of little rinky-dink apps he downloads have spyware just piggybacking on it. Then again there's a few utilities that take care of that.
Ahh i can see in a few years we'll have a nice internet that will blindfold themselves to such malicious sites.
We do this. The only other things I would recommend would be to tie them in with MimeDefang and ClamAV. Doing that lets you bounce e-mail bourne viruses before they make it into the internal network.
One day last month 1/3 of all of our inbound e-mail traffic was e-mail attempting to deliver viruses. They never got to the user's desk, so they never became a security problem.
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
1 - Blocking spyware from being downloaded and installed EVER (aside from simply saying "Use Linux"), and
2 - Completely cleaning already infected machines/browsers/etc, and
3 - Hunting down the developers of all of this crap and them.
It pisses me off knowing there are many hard-core intelligent software developers out there creating this crap!
They all should suffer!
The community should find them, like they do for child-molesters, and berate them and publically thrash them.
doooh
>after i run ad-aware and mcaffee to clean them off, one of them
>deleted some important files under my system folder, or at
>least thats what i assume because my tcp/ip wouldnt start.
There is at least one adware program that replaces one of the windows internet-related DLL's with it's own version. Adaware didn't handle removing it very well when I came across it months ago, I was hoping they had fixed that. It usually isn't necessasary to reinstall the machine. Removing TCP/IP from the list of installed network protocols, rebooting and reinstalling it (windows CD or setup files required) usually works.
It always amazes me how people deny doing anything and these things just magically appear. Well how come they never happen to me? I spend 50% of my day on computers during the week and I have never gotten any of this crap. When I run adAware it shows cookies and that is it. What am I doing differently? My housemate uses my computer ONE day and all of a sudden I have some stupid toolbar in IE. But she didn't install it. It just magically appeared.
While that is a good suggestion, it's also very annoying. If I run as a regular user and want to install something, I have to actually log out, log back in as Administrator, install the software, log out, and then log back in under the normal account.
Why can't Windows just prompt for the Administator password when I want to install something? Not offering that practically ensures that almost nobody will use the normal user settings. It simply makes it too difficult to install software.
Talk about stupidity....
YARTHMS.
(Yet Another Reason to Hate Microsoft)
No matter how many of my rights are taken away, somehow I still don't feel safe. -Frigid Monkey
I've come to the conclusion that between web vulnerabilities (like ActiveX controls) and the myriad of trivial pieces of software people install (funky cursors, search bars, whatever) a Windows machine is always going to be infected if you're not careful.
My office machine I only use Mozilla except for sites that absolutely require IE, and I sure as hell don't click on or download anything that I don't explicitly want.
My home XP box sits behind a hardware firewall, and except for *very* occasionally, I don't install much software on it -- and truthfully most of that is stuff like Mozilla and cygwin anyway.
In both environments my e-mail gets delivered to a UNIX machine.
To date, I've had decent luck with both machines -- only once has anything hit and that was the Windows RPC vulnerability. I suspect the usage pattern of most people is to embrace a lot of the new and shiny stuff that comes their way.
I guess I've been using UNIX long enough that eye candy bugs me so much I don't get exposed to it. Which might be part of why i don't have problems.
We used to have an office admin that downloaded every screen saver, animated cursor, or cutesy little flash game that was sent her way.
I must say, Windows has improved a lot over the years. I still don't trust it to not stumble if left on its own.
Lost at C:>. Found at C.
Most companies that provide tech support will not let you remove / delete anything from a user's computer...liability issues if removing spyware ends up borking the whole thing. Then it was tech support that killed the computer and the company is responsible for fixing it.
slashdot, news for crazed liberal socialist zealots
I spent an hour with our Symantec account rep last year imploring him to communicate how badly we need spyware protection integrated with virus protection.
In the US corporate world, Symantec is probably the leader. If they would just buy Spybot or something, build in a spyware signature download system (as they have with virus), my job would be so much easier. I'd even happily pay them another 5k$ for that feature on our machine.
But this sales guy didn't even know what spyware was.
Symantec really missed out on a big feature that would have set them apart from McAfee.
.sigs are for post^Hers.
It seems like MOST of these beasties throw themselves into the Run and/or Runonce registry keys. Why can't those keys be locked down?
"Draco dormiens nunquam titillandus."
I warned my daughter about the Same Stuff on Different Days. Even had to reinstall Windoze on her system because it was so trashed. I read her the riot act about adding "the goodies" and tied in the third degree with it on top. The next week all of the garbage was back. So, I cleaned the drive again and pulled the network drivers. She has no email, internet, NOTHING. Yes I get the occasional whine and sob about not talking to her friends but I told her, you mess up - you pay. Best fix possible - pull the plug. It also works at the office. Install spyware after a cleaning and warning, your computer loses internet access. It is just ToughNetworkLove.
The problem here isn't spyware developers. The problem here isn't the Nigerian spammers. The problem here isn't DDOSing skript kiddies taking over thousands of machines on the Internet. The problem here is users who expect to be able to be allowed to be completely ignorant of their extremely complex system while at the same time being protected against the hazards that they will encounter on the Internet.
The solution is quite simple; force those users to learn the fundamental basics they'll need to protect themselves from all the above hazards, and require them to take a test to determine that they're at least minimally able to protect themselves. Additionally make it easy for a person working in a technical capacity to revoke that license ("I'm revoking your license. If you want it back you'll have to take the class and the test again.")
Elitist? Is requiring a driver's license so that idiots won't go out and kill people on the road elitist? Is requiring a ham radio license so that people won't go out and interfere with legitimate services elitist? The potential exists to do as much or more damage with the Internet. We can no longer allow users to be blissfully clueless. A license is a public affirmation that they are aware of the responsiblity they take when connecting their computers to the Internet.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
When I was working in phone support for a major ISP one of the biggest problems we had was people wouldn't call in about spyware problems until their machines were SO hosed they couldn't even GET to the sites to download removal tools. So eventually I started bugging my supervisor and various higher ups until we put spybot in a small public ftp that we all memorized the IP adress of. That way when the users called in, what we'd do is have them open a command prompt, and walk them through an ftp on the command line to get the file. Sure it'd take 5 minutes to explain all the crap to type in, but it's way better than the usual "Wait I can't see the link anymore, there's a popup. Let me close it. Ok there's 3 popups, I'll close them. Ok wait I'll just reboot" etc that'd take half an hour. Command line ftp doesn't trigger all the resident hijack crap because it doesn't use the browser.
Introducing the new Occam Fusion! Now with sqrt(-1) fewer blades!
You think spyware's bad? Take a look at the "cool web search and other malware removal" forum on SWI.
http://www.spywareinfo.com/forums
Hell, just because of that crap that people push out, I keep a USB pindrive (yes, it's the "devil duck" one from ThinkGeek) filled with utilities:
- Spybot (can be run without installing!)
- Ad-Aware 6 installer and new reference file
- Stinger
- CWShredder
- AVG installer and license code
- ZoneAlarm installer
- TheKillBox (can delete _ANY_ file - even ones in use)
- PV (used to detect new versions of CWS that tie themselves to winlogon.exe as well as explorer.exe and can't be removed without DOS or the Recovery Console)
- Firefox and K-Meleon installers
Suffice it to say, my life is rather busy thanks to those bastards who make this.
If I had my way, I'd take them out into the street, then let each and every person who was inconvenienced by their software throw one ball at them.
I.E. shotputs.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!