Slashdot Mirror
New Tricks from Browser Hijackers?
Fortunato_NC asks: "I'm the IT manager for a small business that delivers its service via a browser-based application, and we take around two dozen to three dozen tech support calls from users each day. Many have something to do with pop-up ads making using our product nearly impossible, which is odd, since we don't have any advertising on our website. Of course, it's spyware causing the pop-ups, and we recommend using a product like Ad-aware to take care of the issue. However, not everyone gets the message.
Today I was on a client's computer using WebEx helping them remove yet another 'browser helper'. The uninstaller for this program consisted of running no fewer than four separate programs, each of which forced closed the Internet Explorer windows, killing the WebEx session, and making it very difficult to service an already upset client ('What do you mean I have to join the meeting AGAIN?'). It seems as if this product anticipated the need to have someone remotely help the user remove it and went out of its way to make that task nearly impossible. Has anyone else on Slashdott encountered spyware or malware specifically designed to make life miserable for *remote* support techs? What other nasty tactics are spyware authors using that you've noticed?"
Why not stop requiring your clients use IE to get support? That help?
-- 'The' Lord and Master Bitman On High, Master Of All
You think just because you're using a web browser tool, to remotely access a web browser, to remove vermin, is a design decision on the vermin designer's part?
Hate to break it to you, but when you've got a broken arm, you don't usually use that arm to set the bone.
Ever heard of non-browser based remote access? Like VNC, pcAnywhere, NetOP or remotely possible?
It has nothing to do with this vermin's author being clever, you're just using a not very optimal tool for your removal of that vermin.
I've seen windows rebooting as soon as any user logs in (even safe mode). I've seen the media player exploit and Media Player added to HKEY LOCAL MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENT VERSION\RUN. So that the adware reinstalls its self even after running AdAware. I've seen a giant - full screen Active Desktop Ad advertising spyware removal, it even covers the taskbar. I've seen files that cant be deleted from the command line in the recovery console. Windows is the most insecure thing I've ever seen. What I want to know is if someone smarter than me can make a Knoppix like disk, that will read NTFS, run Adaware, CW Shredder, and an online scan like housecall.trendmicro.com and fix all the problems. Barts PE works ok for the purpose, but Knoppix is faster and more flexible.
Actually, many "Browser Hijackers" are coupled with their TSR spyware buddies so #4 would oftentimes backfire on you.
If anyone is familiar with HijackThis they'll know that Spyware/Malware comes with several modules placed in different portions of people's startup/browser configurations so if a piece of the spyware is removed from one area the other modules will replicate back to these areas sometimes with random filenames and a host of many other tricks that anyone familiar with "the game" will know.
Anyway, a lot of us are going to need replacements for HijackThis because the last version Merijn released is just that: the last version.
Making sure your web application works in most browsers is ofcourse sound advice but requires you to hire programmers and designers who know their business. You would be suprised to learn how many sites are setup by some frontpage kiddie. Or worse ASP kiddie. Ugh. They wouldn't know about cross-browser capabilitie if you hit them with the IE open-bug log.
And they would be spending all their time telling their client that IE is the default browser and that coding for the others is not worthwhile because if they don't they are out of a job. As to the market share of Mozilla and others. Supermarkets in holland are involved in a prize fight over 0.1% market shares. Denying browsers other then certain IE versions is like turning away full percentages of customers at the door. Doesn't make sense does it to fight for fractions and then refuse them entry.
Frankly there is no solution, if this tech manager has made sure that his web page can be accessed in every browser (if he hasn't he is beyond help anyway). He can't force his clients to switch browser (clients with a clue will have switched by now and no business can survive turning away the clueless braindead zombies that are still on IE), he can't stop spyware, he can't ask his clients to install something like vnc (or ensure that vnc isn't killed by spyware). He is screwed. Maybe he should sue MS for putting him out of business and costing jobs. Closed source IE costing jobs. Oh well, it made me laugh.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Not an option in almost all business environments. In fact, we're specifically prohibited from even suggesting to users that they use an alternative browser because it'd be a bigger support hassle for the desktop support group. SAP requires IE, WebEx requires IE, our timecard program requires IE, and now they want to migrate people from POP mail to using Exchange Server. I work for morons (the US government).
That would be easy, except that we deliver many of our products in crowded, cutthroat markets to people who usually have little in the way of on-site or corporate tech help. We differentiate ourselves on service and ease-of-use, since we have no hope of competing with the industry "big boys" on straight price. In fact, we buy many of our products from the "big boys", repackage them, add our own unique data, and deliver the whole ball of wax in an easy-to-read format.
Simply telling them "that's not our fault" isn't going to cut it. If we're not providing the best experience possible, our customers can easily take their business to our competitors. And then, I'd be Asking Slashdot about where I could find a new job.
The fact is that most of the "low-end" computer users use MS products because they're the easiest to install - especially since they came preinstalled on the computer. Asking them to download and install software is beyond the capabilities of many of our users. I don't like it, but I have to play the cards I'm dealt - and right now those cards say that 90%+ of my customers are using IE. And unfortunately, when those customers are trying to use my product and spyware prevents them from doing so, it falls on me to fix it. If I don't, one of my competitors will.
Blogging Weight Loss, Distance Education, and more at verlin.com
I'd love to let go of some of our customers, but the nature of our product is facilitating a data exchange between customers, so letting customers go would diminish the value of our product. Plus, the customers who are "trouble" are also the same ones who are likely to have data to report to us.
We have a well developed set of internal procedures, but this particular piece of spy-crud was one we hadn't run across before. I do have a "field guide to American Spyware" that I distribute to all our sales reps and customer service folks, but some calls still end up back in the tech department. We'd rather be writing code than doing tech support, no doubt, but ultimately keeping the customers happy keeps our business growing - and it is growing - we've had record volume the last two months and are on pace to break records again this month.
Blogging Weight Loss, Distance Education, and more at verlin.com
Yet they seem to have no trouble at all installing all that spyware. Someone needs to create a one click install via a popup for Firefox, then you just put that popup on your site and wait until they inadvertently fix themselves.
Extra credit for the hacker if can wipe the existing spyware (the competition) and put the firefox path into all the shortcuts and registry keys that currently point to IE.
Imagine a "spyware" program that make the computer run better and safer than it was before.
In fact, we're specifically prohibited from even suggesting to users that they use an alternative browser because it'd be a bigger support hassle for the desktop support group.
Several points.
First, you are wise to standardize on a browser to help reduce support costs, supporting IE+Mozilla/Firefox will cost more than supporting IE, on the surface. But wait - there's more!
While it costs more for support techs to be trained in both browsers, what if the Mozilla/Firefox users put in fewer trouble ticket calls for support?
It might just be that the cost of supporting IE+Mozilla/Firefox could be less than supporting IE!
Which then leads naturally one to consider whether moving all users to Mozilla/Firefox might lead to even greater savings.
Especially if you consider long term savings from internal web site developers creating content that is more W3C standard and less specific to IE version du jour on Windows OS du jour, things which will surely change.
OK, so don't suggest to users they use a different browser. Instead, do what you're supposed to do: evaluate Mozilla/Firefox in your testbed development department and see for yourself, before you even consider deploying it, whether it makes sense from a business perspective. And ask yourself what the true overall costs are of IE in terms of spyware, adware, security lapses if proprietary information about your business were to leak out, and how much downtime and loss of productivity users have to endure if they have to turn off Javascript, etc.
Then, when you know the answers for your business, do a roll-out and tell people not to use anything but Mozilla/Firefox!
BTW, in my environment it turned out that Mozilla/Firefox supported a lot more web applications than most people expected. Sites would say they needed IE, but it turned out that Moz worked fine. In fact, one of the few web applications that broke under Moz/Firefox was one that relied upon a broken old DOM model for Javascript that origined back in the old Netscrape 3 days.
"Provided by the management for your protection."