Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware Becoming Worst Tech Support Problem

Posted by michael on from the brought-to-you-by-microsoft-windows dept.

teknurd writes "Wired has an article about the growing problem of computer users having to call tech support to get help removing all of the spyware on their computers. 'The fast-growing phenomenon is already responsible for more than 12 percent of all technical support calls in Dell's consumer hardware division, the biggest category of complaints this year, company representatives said.' Personally, I have had to remove this plague from the computers of several friends and family members."

33 of 814 comments (clear)

  1. Just run Spybot by baggachipz · · Score: 5, Informative

    http://www.spybot.info . That's all it takes. Have it run on people's windows startup and they're set.

    1. Re:Just run Spybot by sulli · · Score: 5, Insightful
      Just run Mozilla, and none of that stoopid-ass ActiveX will try to hijack your PC.

      (Come on, didn't people see this coming when Microsoft came up with ActiveX back in the day?)

      --

      sulli
      RTFJ.
    2. Re:Just run Spybot by hattig · · Score: 5, Interesting

      That, and AdAware.

      So that they catch what the other one missed.

      If I was an OEM, I'd get a license from one of the companies to include AdAware/Spybot on the shipped systems and set it to run once a week. That's gotta be worth it to remove 12% of support calls!

    3. Re:Just run Spybot by AndroidonPPC · · Score: 5, Informative

      \\(machine name)\c$\documents and settings\all users\startmenu\programs\startup\ is good place to start

      or just make a registry file to add info into hkey_local_machine\software\microsoft\windows\curr ent version\run key. (hint: this works on any windoze box when done as administrator)

      with remote administration and a script, you could have those puppys running mighty quick.

      -Andy in Chi

    4. Re:Just run Spybot by chosen_my_foot · · Score: 5, Insightful

      You forget that the user can still download and install WeatherBug, Precision Date Time Manager, and many other helpful products. Using an alternative browser does not prevent this action.

      For some reason a lot of people seem to believe that using Mozilla/Firefox/Opera makes their box invincible. It's a good start, but should only be one layer of your security.

    5. Re:Just run Spybot by michelg · · Score: 5, Interesting

      I can attest to the fact that some sites that are using those horrible ActiveX install popups are now also including XPI popups as well, at least for firefox in win32.

    6. Re:Just run Spybot by Anonymous Coward · · Score: 5, Insightful

      If you're an educated user, shoring up your home network is extremely simple:

      1) Install a hardware firewall.
      2) Install a software firewall.
      3) Install a quality antivirus program.
      4) Install Ad-Aware - preferably the Pro version with Ad-Watch.
      5) Install Spybot.

      The problem is that if you have family or friends that don't know anything about computers and don't seem to care to learn, doing the above will help you out temporarily... and then cause you a huge amount of problems on Windows.

      For example, every time the software firewall asks them to approve a connection, they'll either always deny them (screwing up their software) or approve them (screwing up their security). They'll be upset when they can't use a program because it needs ports opened on the firewall. If you show them how to open ports up, they'll eventually just open ALL ports, thinking "now I won't have to worry about doing it every time a new program wants new ports available". The other option is not to tell them how to do this and just do it for them. You are now their bitch.

      The other problem is that they'll want to install applications. In Windows, you can set several user levels. You can set a very restricted one that doesn't let users install software or access/modify any documents but their own. Then there's a level that will let them install software and use all documents. Then there's the full power user, backup user and admin user levels.

      For security purposes, you would of course want to set their account to a level that will not allow them to install software. Otherwise they're going to be installing every stupid spyware riddled, adware plagued, malicious, wasteful, resource-eating piece of shit they come across. So, now every time they want to install a program, they're going to come to you. You're their bitch.

      So the only way to achieve true security is to prevent them from doing anything they really want to do and now you're going to be bothered by every person that you've set up every time one of them wants to install a program or open up some ports. Every time they want to install a game, application, office software, utility, etc.

      It's a hassle just dealing with this for one person. Now imagine if your grandmother, an uncle, your mom, two siblings, a neighbor, a girlfriend and two family friends all have you on the hook like this? It never ends. And then people wonder why techies are becoming more and more reluctant to help and more abrasive. Look, it's like being a car mechanic. As a car mechanic, I would not expect my friends to repair their own engine block or diagnose and fix other complex problems - but I certainly expect them to fill their own gas tank, change their own oil, refill their wiper fluid, check and refill their power steering, check and fill their tires, replace signal lights, screw on their license plates, adjust their rear-view mirors and side mirrors and adjust their seats into position.

      However, for people who aren't willing (or maybe can't in the case of some elderly people who just can't fathom the concepts) to learn the basics, you'll find that if you don't help them they will end up with myriad of crap on their machines. Dozens of viruses, spyware, programs running in the background to steal resources and processing time, adware programs that pop-up crap all the time, hijacked browsers, three p2p networks starting at launch time and running in the background (eating up memory, cpu, storage, bandwidth), p2p utilities that go with them, "weatherbug" software, msn, yahoo, aim and others, and countless other things. I've seen people with so much fucking shit on their machines like the above mentioned that their machines would start-up and then die, crash or reboot before finishing displaying the desktop. Just too much crap running.

      It isn't my job to baby people, teach them every little thing and care for them. They can buy books, play around and learn on their own just like the rest of us had to. If you can't appr

    7. Re:Just run Spybot by chosen_my_foot · · Score: 5, Insightful

      If you're assuming the user isn't stupid then perhaps you haven't worked very long in IT ;)

      I liken our users to toddlers. If there is any way, no matter how ridiculous, for a toddler to injure himself with a toy, he will do it. After only 6 months in IT, I see the user as a toddler and computers as their toys.

      I tell them time and again that their Windows XP computers synchronize their time with our servers, but they still install Gator's time manager because the banner says "OH NO YOUR COMPUTER CLOCK COULD BE WRONG!!! IF YOU DON'T INSTALL OUR SOFTWARE YOU SUPPORT TERRORISM!!!" As many posters in this thread have stated, you tell them time and again that MyComet cursor and all those goodies are what makes their computer run slow, but by the week's end you will return because they have installed it again and now their box is hosed.

      It's even worse when the computers on the production line turn up with these things. The cost of a stopped line per minute is quite a good bit more than my annual salary. Whoever wrote Sasser owes me a lunch break, because I had to skip it to deal with infected machines on the line. (Yeah yeah, "You should have patched sooner". No one mentions the issues that were reported with early patchers, such as frozen computers, 100% CPU usage, and inability to log in to Windows. We chose to wait until the issues were settled, and it bit us. What good is an uninstall, Mr. Anderson, if you can't boot your box?)_

    8. Re:Just run Spybot by Anonymous Coward · · Score: 5, Informative

      I'm going to make the assumption that XPI can be abused in the same way -- but why abuse 5% of the browser population (and the 14 users of Netscape Navigator) when you can abuse 95% of your browsing audience?

      It's not very common, but it does happen. Check out this thread if you don't believe me.

    9. Re:Just run Spybot by mgpeter · · Score: 5, Informative
      just make a registry file to add info into hkey_local_machine\software\microsoft\windows\curr ent version\run key. (hint: this works on any windoze box when done as administrator)

      Instead of messing with the registry, download the Excellent Startup Control Panel from Mike Lin's Home Page. This little Utility is an excellent way to control what does and does not execute on Windows startup. Using this utility you will be amazed at what processes are automatically started, some programs, like roxio's crap, will start 3-5 processes at Windows Startup.

      It is also an excellent way to very quickly see if any Adware/Spyware is installed without running Adaware or Spybot.

    10. Re:Just run Spybot by Just+Some+Guy · · Score: 5, Informative
      The problem is that if you have family or friends that don't know anything about computers and don't seem to care to learn, doing the above will help you out temporarily... and then cause you a huge amount of problems on Windows.

      I have one (1) stock response to all non-business tech support requests. Say this verbatim, and without sounding condescending:

      I work on computers all day, but they're the big ones like banks use, and I don't know much about the smaller ones that people have at their desks.

      I know that Apple makes a nice little Macintosh computer that doesn't cost much more than a good one like the Windows kind you've been looking at, but they're a lot easier to use by people who aren't one of us computer geeks. My own wife has one and she loves it. If you get one of those, I could probably help you with it, but like I said, I really don't know much about Windows. Sorry I can't be of more help.

      It gives them a useful solution to the problem they're having, is honest (I really don't know a whole lot about Windows versions more recent than Win98), and has one of two outcomes:

      1. They buy a Mac, love it, and think I'm a hero.
      2. They stick with their PC, but finally believe me that "has a degree in computers" doesn't mean "can fix every computer made", and find someone else to pester.

      PS: You and I know that "big computer" means "FreeBSD web server over in the machine closet", but who wants to get hung up on details?

      --
      Dewey, what part of this looks like authorities should be involved?
  2. my experience... by Ummagumma · · Score: 5, Insightful

    Im the IT manager for a 100+ person software compandy (actually, the ONLY IT person...)

    Over the last 6 months, I've had to spend more and more time cleaning this crap off peoples machines. I've got it down to a science, though - I keep a disk around with a whole lot of useful tools on it such as:

    Spybot search and destroy
    stinger
    all windows XP / 2000 patches since the latest SP
    spywareblaster
    and others

    Takes me about 15 minutes to clean a machine now. Of course, that is 15 minutes that I could be doing something USEFUL...

    --
    "The natural progress of things is for liberty to yield and government to gain ground." - Thomas Jefferson
    1. Re:my experience... by grub · · Score: 5, Interesting


      I'm [network/unix/Mac/Novell/some windows] support for a ~200 user research place. Every Friday our Director of Research sends out a "what's up" email talking about various projects, etc. A couple of years ago I was asked to do a weekly thing called "Computer Corner". What I do is have a paragraph with a link to an internal webserver I run with more info.

      I did a spyware article a while back and on the server had some tools for installation complete with how-to's, screenshots, etc. Naturally some people aren't geeks and are a bit leery of anything remotely technical so we always offer to come do the work if needed. That happened only a handful of times.

      If you have a lot of users that approach may be helpful.

      --
      Trolling is a art,
    2. Re:my experience... by hattig · · Score: 5, Informative

      A lot of "Spyware Removal" software is actually Spyware that removes competing spyware.

      The only two to trust are AdAware and Spybot.

      Unfortunately the Spybot download doesn't work at the moment, I think it's slashdotted.

  3. Good tools. by grub · · Score: 5, Insightful


    Spybot Search & Destroy [Best spyware cleaner IMHO, also immunizes against re-installation]
    Javacool's Spyware Blaster [works well in conjunction with Spybot]

    I used to use Lavasoft's AdAware but after it wasn't updated for a while someone recommended Spybot which I've stuck with.

    --
    Trolling is a art,
  4. Always a winner... by theirishman · · Score: 5, Funny

    Personaly I find foramt C: the best for getting rid of crap like that!

  5. Bonzi Buddy by AtariAmarok · · Score: 5, Funny

    I always ask Bonzi Buddy to help solve my spyware problems. He is always so helpful!

    --
    Don't blame Durga. I voted for Centauri.
  6. What a Crock by Doesn't_Comment_Code · · Score: 5, Interesting

    If I remember correctly from a previous article (3-6 months ago), Dell prohibits its tech support from helping customers remove certain programs that could be considered spyware. They are unable to do so because Dell, and some other suppliers have partnerships with the makers of the borderline spyware.

    What a crock!

    --

    Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
    1. Re:What a Crock by Doesn't_Comment_Code · · Score: 5, Informative

      Ah, yes. Here it is. It took me a while to find it.

      http://yro.slashdot.org/article.pl?sid=03/12/03/02 57238&mode=thread&tid=126&tid=172&tid=187&tid=98&t id=99

      --

      Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
  7. Reading this article on a Linux box... by Black+Parrot · · Score: 5, Funny


    ...priceless.

    --
    Sheesh, evil *and* a jerk. -- Jade
  8. Joe Sixpack and TCO by mrneutron · · Score: 5, Interesting

    Last night I spent 3 hours at a neighbor's house on spyware patrol. He's a fireman who plows my driveway for free (he is Joe Sixpack personified), and I'm his volunteer tech monkey. I cleaned them all out 2 months ago, and now they were in worse shape.

    All 3 of computers were unable to surf the web. Teenage daughters had downloaded Kazaa, weatherbug, morpheus and others. I explained the dangers of spyware (and getting sued by the RIAA, hoping the scare them into ending the spyware party) to them last time, with predictable results. I also advised Dad to lay down the law (I'm not holding my breath).

    The 98SE box (yeah, I know) was completely hosed. Booted up, auto-launched about 8 different programs, auto popups, and would actually blue screen before I could launch a single app. I blew that one away, reinstalled from scratch, and ran Windows update (requiring 5 reboots) for close to 2 hours (ever run windows update after a clean install of 4-year old media? Not fun).

    And he has a hardware firewall and fast cable modem connection: this would have been impossible on dialup (and the clean install would have been compromised within 10 minutes without the firewall).

    After all of this, I had all 3 computers working fine, with up-to-date patches, virus protection, and an Ad Aware icon on the desktop. Also a lecture on the evils of spyware to the assembled daughters.

    I'll be back there in a month or 2, guaranteed. Let's hope for lots of snow next winter.

  9. Is there a real solution? by manavendra · · Score: 5, Interesting

    Spybot removal software is one thing, but is there a real solution to this problem?

    User's will continue installing software they think is cool, or hear about from their friends/colleagues - be it bonzi buddy, kazaa or anything else. Pretty soon they'll start facing problems - the computer would begin to be unresponsive since kazaa is eating all the cpu, searches in google fail because IE is redirected to SearchScout, or whatever else you have/

    Cure is one thing, what's the prevention for all this? And I ask this, not for informed, knowledgeable users, but naive home users who don't know any better?

    No M$ bashing please. I have heard of several tools that keep track of what's installed and the changes to registry, but haven't come across anything will a simple interface and a "knowledge" of most common spyware (possibly updated frequently from a public server). Such a tool would at least make the customer support job easier!

    --
    http://efil.blogspot.com/
    1. Re:Is there a real solution? by david.given · · Score: 5, Interesting
      Cure is one thing, what's the prevention for all this? And I ask this, not for informed, knowledgeable users, but naive home users who don't know any better?

      There isn't one. I'm afraid it's that simple.

      The real villain is the computing model used. Windows (and Unix, and OS X) has a pretty simple security model: programs are either trusted, where they can run and use local resources, or they're not, in which case they can't.

      This means that in order for the user to execute ThisMayBeAGame that it's downloaded from some random web site, the user has to tell the OS to trust ThisMayBeAGame. At which point the user is screwed, because it's got no way of determining what ThisMayBeAGame is actually doing.

      ...and before you jump on me: yes, I know that all the operating systems I'm talking about support fine-grained access control. Unfortunately, it's only in some areas. Linux only supports it in the filesystem. You can restrict a process to be able to touch some files only, but you can't restrict it to being able to open sockets to certain addresses only or to use no more than X mips of CPU time. Window is even worse because most people (myself included) disable file system access control entirely because it's just too inconvenient; the default user can do anything. I don't know about OS X but since it's based on BSD I assume it's like Linux.

      ...and yes, I know that you can get high-security patches for some operating systems that do provide this sort of control, but they're not used.

      What's needed is a radically different computing model. Instead of a brittle system where all running software is trusted and you have prophylactic systems in place to distinguish between trusted software and untrusted software, you need a failsafe system where it simply doesn't matter if you run malicious code because it can't do any harm.

      Managed systems like .NET and Java are a step in the right direction but things need to go much further. Imagine a computing system where your desktop computer simply provides computing resources to a whole ecosystem of interacting software agents. Some of these you put there; some of them arrived as part of other people's documents; some just wandered in off the local network. Some of them may be helpful, some may be malicious. They're all managed by a high-level system that doles out system resources depending on what the user's doing. An agent that's attached to the screen gets more CPU time and real memory than one that's not. An agent that's resident on the machine's local storage gets storage space, an agent that's arrived from the network doesn't. A transient agent can only make network connections to a host if it can present proof that it actually has something to do with that host... and so on.

      Such a system would be far more resilient than the current ones. It would also work rather differently, but that's no bad thing. A lot of security issues would simply go away. Of course, there would be other problems that you wouldn't get with one of today's system --- notably, your software ecosystem would waste lots of resources --- but I think that's eminently affordable.

      Now, I suppose, all I have to do is to go away and write it...

  10. Spyware Overwhelms the Average User by SirChive · · Score: 5, Insightful

    In the last couple of months I've seen four or five computers that were rendered completely useless by spyware. The owners literally could not open their browser and get on the web.

    Many of the newer programs should not really be called "spyware". They are really a form of hijack-ware. They seize control of a users browser and send up an endless stream of ads.

    And no, the average user will never be able to cope with this. Most people just want to buy a computer and use it. They are no more interested in learning how to maintain a computer than they are in learning auto maintenance. It's up to the computer industry to deliver usable products to the end user.

  11. Odd... money to be made isnt being made? by Serapth · · Score: 5, Interesting

    There is one thing I cant figure out here. Spyware is the next big thing after virii... why havent the big anti virus companies gotten in on the action? I mean, how much more work would it take a McAffe or Symantec to add spyware detection tools and removal software to their current products? If you think about it, the only big thing that distinguishes one AV company from another is there response times to a new virus. Wouldnt this be a very sellable feature?

    On the bright side, the big kids staying out of it, allows little guys the like LavaSoft ( ad-aware ), to carve a niche for themselves. However, in a lavasoft type company gets smart and offers virus removal in their tool aswell... why would you not get the do it all tool, instead of two pieces of software?

    Its always funny watching big commerical companies miss the boat on stuff like this though :)

    Also, I may be wrong, their may be an AntiVirus product out there that deals with SpyWare. If there is, please let me know!

  12. Re:STOP RUNNING AS ADMIN! by dioscaido · · Score: 5, Insightful

    Windows has the "Run As..." capability (right click any app, select Run As... and enter the administrator account), so that somewhat simulates doing a 'su' in linux.

    But I totally agree that many application developers don't understand the concept of running at the least priviledge necessary. So many apps write their config to C:\Program File\APP\ and HKLM, which requires elevated access, instead of writing to C:\Documents and Settings\user\Local Settings and HKLU. Hopefully more people will read 'Writing Secure Code' (from MS, ironically), and windows apps will improve.

  13. Re:People by eth1 · · Score: 5, Funny

    "People don't seem to apply their own basic intelligence to computers"

    That's because computers all have a Common Sense Exclusion Field generator. Anyone coming into that field turns into a dribbling idiot. However technical type people's brainwave patterns generat electromagnetic field around them that nullifies this field. It also knocks quirky hardware and software back into order, which is why it mysteriously starts working once you show up to fix the problem.

  14. its not lazy so much as training by holy_smoke · · Score: 5, Insightful

    Folks have been trained since the DOS days that they just turn on their computer and use it. Programs have been written for that environment with this assumption in mind (no user-admin privilage distinction).

    So the "Problem" is more Microsoft's failure than it is the users failure. Users use, and are taught how to use. Microsoft perpetrated the "run as admin always" problem, and they directly trained (through the use of their software) vast armies of average users and software developers to embrace this road as the norm and the expected software "reality". Unfortunately it is was a disasterous mistake in many regards (virii, worms, spyware, blah blah)

    They need to fix this basic architecture problem, and this will hurt users (learning curve, potential invalidation of older software) and the software industry (re-tooling their software code).

    Garbage in, Garbage out?

    --
    Is the juice worth the sqeeze?
  15. You can look under the hood yourself by zeno_lee · · Score: 5, Informative

    In addition to using the various anti-spyware software recommended above, like AdAware and SpyBot, I've made it a regular habit to look at these registry keys:

    Run regedit:
    Start->Run-> "regedit"

    Look in:
    HKEY_LOCAL_MACHINE
    SOFTWARE
    Microsoft
    Windows
    CurrentVersion
    Run
    RunOnce
    RunOnceEx

    The Run is an especially attractive haven for spyware companies. That's how spyware programs run their programs after users reboot their computers. If you suspect there are weird entries in these registry keys, download spyware removal software and run it. If you don't know what you're doing don't mess with the keys.

    I also check TaskManager regularly for weird processes. It's a bit technical, but after a while you can see which processes belong and which ones don't.

  16. Re:Just run Spybot: A Word From The Trenches by devphaeton · · Score: 5, Insightful

    Or adaware or hijack this, yadda yadda...

    Problem is, we're talking about computers owned by the unwashed masses (at least in my tech support job). These are people that call up with a chip on their shoulder demanding that their ISP fix what has happened to their computer. Wonderful ads lik "Earthlink with a free Pop-Up blocker" etc. have now in the perception shifted the responsibility of parasite problems onto the ISP.

    A lot of these people don't understand the basic directory structure or how to find something that's been downloaded onto their computer, and walking them through a download of a parasite removal tool, updating it, running it, and then guiding them through what to do with what it has found can EASILY turn into a 2-hour procedure. Most of us have more important shit to do than that. Double that amount of time if they don't have two phone lines and/or cannot be connected to the internet. Any coincidental problems are blamed on your removal tool.

    Also, the latest trend i'm seeing, is people calling up to complain about all these popup ads and homepage hijackings/search pages thrown in. You start pointing to all the free games they've downloaded, bonzai buddy, Desktop Calendar, Weatherbug, etc, and you are met with "but i LIKE having my weather updates, i LIKE having my Calendar there" etc.

    THEY WILL REFUSE TO LET YOU HELP THEM

    Doesn't stop them from still calling you up "i'm still having a problem with all these popups..."

    Most machines i've cleaned up (like HUNDREDS of parasites), i'll hand it back to them and tell them what not to do again, and they are in the exact same state in a week's time. They simply go and install all the same crap they had before.

    I was warned by many that doing Tech Support for a living was a burnout job, and borderline emotional abuse. But the last couple years of parasites have made it pure insanity. Tech Support is at a whole new low...

    "i need to find a new job" is an understatement.

    --


    do() || do_not(); // try();
  17. Are you on Win2K? by not_a_product_id · · Score: 5, Informative

    If you are you can run most things as Administrator WITHOUT having log out. Just hold down shift and right-click on the EXE. The pop-up menu will have a "Run-As" option. Just put in your administrator details and away you go. It's not perfect but it's a damn sight easier than having to log out.

    --

    ---
    We spoke for about a half an hour. I don't recall a thing we said. - Colorblind James Experience

  18. Re:Spybot on start-up works fine. by Verteiron · · Score: 5, Informative

    If you'll check the Spybot S&D forums, you'll find that, yes, there is a way to get push SpybotSD out to machines on a domain, and update it, and run it, silently, with no user interaction.

    http://forums.net-integration.net/index.php?c=7

    --
    End of lesson. You may press the button.
  19. Please don't tell them to call their ISP.... by Kazimira · · Score: 5, Insightful

    I saw in a couple of comments that folks referred users off to their ISP for help removing these items.
    DON'T! Please!
    A comparison I had to use yesterday with a customer because they were getting angry that we(ISP) would not help them was:
    If you have a car, don't maintain it, ignore the recall notices, drive without your seatbelt and slam it into park while still moving, you're going to have an accident or break the damn thing.
    Do not call the DOT/highway department because of it. We can't and are not going to help you.

    An ISP's job it to provided a customer an internet connection. Not to be their free tech bitches for any and every issue that comes along. We view virii and spyware as OS issues and not the ISP's connectivity issue.
    Our qualifying test is.....if your computer was in perfect working order, can you get on the internet. If it's not.....call us back when it is and we'll help you with the internet.
    That may sound a little customer unfriendly but when queue hold times are over 30 minutes and every customer is pissed off, you have to draw the line somewhere.

    If we fail to hold computer users responsible for their own actions, we are enablers of the behaviors we are complaining about.