Analysis of Spyware

scubacuda writes "What actually happens when you install adware/spyware/malware? Follow the Bouncing Malware examines what's downloaded, redirected, and obfuscated. A fascinating read. (Part two was postponed in order to cover a new My Doom variant.)"

HAH!!!

[tekiegreg]

Bow before me Spyware infested site, for I have Mozilla 1.7 and the latest Linux Kernel, you puny scum!!! MUAHAHAHAHAHA!!!

Admit it, many a slashdotter is feeling that way right now...

Re:HAH!!!

[Nogami_Saeko]

So... Security through obscurity then? :P

(runs away)

N.

Re:HAH!!!

[Eudial]

Nah, i feel more like

Mua ha ha ha ha ha ha ha! Inferior beings! I run an antiquated version of SPARC solaris, and NOTHING is compatible with SPARC solaris! Not even spyware!

Re:HAH!!!

[tekiegreg]

ok I can one up that....my Netscape for abacus's owns your puny spyware infested site!!!!

Re:HAH!!!

[anynameleft]

"run an antiquated version of SPARC solaris, and NOTHING is compatible with SPARC solaris! Not even spyware!"

You know that your C compiler might well be infected to compile some spyware and backdoors into itself and applications it compiles?

Re:HAH!!!

[Vinson+Massif]

I'll see your SPARC Solaris and raise with PPC AIX. Any of 'em (5.1 at the moment).

Even Sevens

[mfh]

> And that's were I'm going to end it for today. In the next part, I'll take a look at what happens as this chain of malware continues on it's merry way, and I'll also investigate what happens when I fire up IE the next time and visit my new home page.

Personally, I think you should examine ways to get even. Even-Stevens.

Up until this point, I've seen lots of anti-spyware put out that blocks spyware and protects your system from unjustified Reg entries etc., but it generally stops there. It's a shield when what we need is a shield and a sword.

Covenants, without the sword, are but words, and of no strength to secure a man at all -Hobbes

What I would like to see is anti-malware that bites back, hard.

We had this site going a while back that was going to test anti-trolling methods, like by taking a troll user and stuffing them in their own world. All their posts would be modded up and their view of the site was totally different than the users who were not trolls. Of course in tests it was easy enough for them to spoof their IP to get past this, but many of them didn't realize how to do it.

But for malware sites, what if we came up with a solution that would detect it and let it believe it was working, but generated the data needed to put these goofs in jail. I think the SETI distributed computing model could be slightly altered to work to this end.

Then we could get Even-Stevens.

Re:Even Sevens

mostly because people don't want unecessary processes running.

Re:Even Sevens

[FooAtWFU]

What I would like to see is anti-malware that bites back, hard.

Well, you could feed the spyware's controllers some fudged data, but how do you think you're going to get a SETI@Home-like model to "generate the data needed to put these goofs in jail"? Please, explain how repeated computation of fast Fourier transforms will do anything to uncover the spyware's owner. :)

Suppose we managed to get your nice antispyware software to collect data on the spyware's owners. What form do you think that data will take? I'm guessing it would be little more than IP addresses. Perhaps you can convince the authorities to subpeona the ISP for the owners of those addresses, but I doubt it. Good luck.

Re:Even Sevens

[erick99]

Society will always generate malcontents and folks with antisocial personality features. These people have reasons or needs to hurt other people. A fair amount of these folks are quite bright and use their gifts to be hurtful and do damage. Trying to catch them seems futile because they will figure out a way around anything put up to stop them. They feed off the attention that they get (though a few very disturbed individuals do not). It is best, in my view, to not give them any attention at all. Just protect your computer. When you do catch one, prosecute them to the fullest possible extent of the law and then they can have some attention. When the weenies see one of their own in prison without a computer and looking none-to-happy, maybe it will be a deterrent. Or maybe not.

Cheers,

Erick

Re:Even Sevens

[LostCluster]

You're missing a key point. Spyware operators can't be put in jail because they're not breaking any laws simply by publishing spyware. Being scum is not a crime.

A virus gets onto a user's computer through security holes, but malware simply walks through the front door stating their evil intents in a clickwrap TOS that the user usually doesn't read. There's no crime in getting people to agree to something stupid in exchange for a silly little app that runs in the corner of their screen.

Re:Even Sevens

[MindStalker]

Your implying that spy and malware exist because people want attention. That may be true concerning many viruses, but spy ware is simply about money.

Re:Even Sevens

[nkh]

I don't have Windows, but I've seen stories on /. about users infected by spywares, instead of the usual TOS clicking.

Re:Even Sevens

And yet, at the same time, it's no reason to not start breaking kneecaps.

Re:Even Sevens

Technically, that would be a trojan or virus then, and not spyware. (Although, ironically, many slashdotters seem to be clueless idiots when it comes to computers, so their 'infection' may well have been user error.)

Note that some spyware lowers your IE security settings, which makes it much easier for other spyware to get in even after cleanup has occurred.

Re:Even Sevens

Covenants, without the sword, are but words, and of no strength to secure a man at all -Hobbes

So what did Calvin say to that?

Re:Even Sevens

Perhaps you can convince the authorities to subpeona the ISP for the owners of those addresses, but I doubt it.

Why is it that "the authorities" are interested in subpoenaing the addresses of filesharers, but not illegal malware scammers?

Re:Even Sevens

[Augusto]

I would say that most spyware out there is not even installed by a program with the permission of the user, but IE holes that allow websites to install crud.

Re:Even Sevens

The RIAA is not 'the authorities'.

Re:Even Sevens

[WgT2]

Hmmm. Interesting opening comment:

Society will always generate malcontents and folks with antisocial personality features.

Surely you don't mean to discredit these malcontents' freewill do you? And the suggestion that the have "need" to hurt other people also seems to disown them of their personal responsibility to behave properly dispite if they are malcontent and have antisocial personality "features". I'd rather call the later "choices."

Shheesh! What kind system would any lawful country have if they were to punish their criminals because someone else, i.e. "society," made them choose to be evil, malicious, self-serving, or greedy? Sure, society and it's micro-cosmos might promote these things, but everyone is ultimately responsible for their own decisions. Please, let us not even hint at the contrary.

Thanks,

William

Re:Even Sevens

[tsm_sf]

Jail is a good idea if you think 'chroot' instead of 'county', snark is a bad idea if you haven't had your coffee.

Re:Even Sevens

[Crizp]

I got a cousin whose Windows XP would display 31 (he counted them) popups (a new, different one after the previous had been closed), when he logged on his user profile.

After I reinstalled XP for him, I installed Firefox and ordered him to use that and forget about IE unless he wanted to be hit upside the head with my cluestick. He doesn't know much about the underlying technology of computers and recent software but everyone in the family understands when I say "use that and evil stuff might be installed on the PC even if you're only surfing around". They take my word for it as I'm the resident geek.

I did the same with his family's computer. Now I just have to explain stuff to the youngest son who insists on using BearShare, Kazaa (even if I've said NOOOO!) and such stuff. He downloads and installs small programs. Once, the family computer was infected with over 150 viruses.

My cousin is extremely happy with Firefox, once I've shown him the concenpt of tabbed browsing, he's never looked back. And the computer don't get as much spyware installed now. The younger brother screws that up a bit 'cause he won't listen. Damn nu-metal ignoramus :)

Re:Even Sevens

[Daniel+Ellard]

What I would like to see is anti-malware that bites back, hard.

Me too.

We had this site going a while back that was going to test anti-trolling methods, like by taking a troll user and stuffing them in their own world. ...

A nice hack, but I don't see how this is biting back. It's more like ignoring them and hoping that they'll go away. Historically, they don't.

Even if we can ignore spammers (thank you, spamassassin!) that doesn't completely solve the problem; it takes resources to filter mail, and the victims are paying for those resources. I don't want to just stuff them into their own world, so to speak, if I have to pay for that world.

Re:Even Sevens

[BerntB]

[test anti-trolling methods} by taking a troll user and stuffing them in their own world. All their posts would be modded up and their view of the site was totally different than the users who were not trolls.

Posted by userID #56 on /.

Now I understand how I got Excellent Karma! :-)

Re:Even Sevens

[MntlChaos]

RTFA. He went to a web site which had a popup which, through a series of iframes and such, including obfuscated code etc., wound up exploiting a vulnerability in IE to download a progra, and change some keys in the registry

Re:Even Sevens

[rcjhawk]

So what did Calvin say to that?

He said that anyone who accepts a convenant (e.g., an EULA) without reading the fine print is predestined to get hit with spyware.

Re: Even Sevens

[paj1234]

You can do even better than that.

1) Visit Add/Remove Programs -> Windows Components. Untick Internet Explorer. This will remove the shortcuts to the blue 'E for Evil' so they won't be tempted.

2) Go to Internet Options -> Security -> Internet zone, and put "Disable" to everything you can find. Yes, disable font download. In the wonderful world of IE, even font download is a security hole.

I charge people up to GBP 135 (about US $250) to clean up Windows XP, cripple Internet Explorer, delete Kazaa, install Mozilla and show them how to use it.

Re:Even Sevens

[Buran]

They're also not the ones that authorize subpoenas. The court system does that. The court system is thus the party which is not investigating things that actually have potential to cause real harm.

Re:Even Sevens

[VoidWraith]

The problem is, the general public doesn't have a very positive view of 'vigilante' operations like that. Don't get me wrong, it could work, but I think the chances of its success are about 1 in 50, if it even gets off the ground.
This is because most of the idiots who enforce the rules would get trigger happy and try to get something against the involved parties here. You'd need to have a significant supporter base so that authorities wouldn't want to mess with you.

Re:Even Sevens

Set up a profile that does NOT allow him to install things. That way an ADULT is in charge not the child... Also use the others to pressure HIM into fixing it. He will learn...

Re:Even Sevens

[perlchild]

"the authorities" are not interested in getting the addresses of filesharers. Someone with a vested interest in the filesharers not filesharing is trying to make the filesharers life "interesting" through the court system. slight difference.

There is very little interest in the judiciary in catching people who only commit computer crimes, which don't have monetary counterparts in the real world, unless they affect large numbers of people(spam).

The fact that malware does NOT currently stack at around 125+ per day makes them second runners in the race for public interest.

Re:Even Sevens

[ScrewMaster]

Actually, no. The vast majority of mal-ware is installed via drive-by downloads using Internet Exploited^H^H^H^Hrer. The only reason people see a click-through is because they're lucky enough to install an application that happens to ask for permission ... and I've seen a number of these things that go ahead and install themselves even if you click No. Once you've run the setup program you're probably screwed.

I did something similar to the article's author some time ago, although I wasn't particularly detailed in my "analysis." I set up a dummy XP Pro machine (unpatched, since that's how Joe Average's machine will likely be even if he does have broadband and knows how to use WindowsUpdate) and started browsing around for a couple of days as I normally would. I installed no applications other than those that came with XP. At the end of my test period, I had a couple of dozen different unauthorized apps running that entered the system solely through the browser. No warnings, no click-throughs ... just stealth downloads. The test machine was a reasonably fast 1.4GHz Athlon but it was decidedly sluggish at the end. I did have to get rid of a couple of browser hijackers along the way just so I could continue the test. I used Spybot and Ad-Aware to get some idea of the actual programs that were installed: the list was pretty extensive but I have no idea if I found them all. The network it was attached to is otherwise pretty thoroughly firewalled and anyway these weren't worms.

And I wouldn't be so sure these jerks aren't breaking any laws. Regardless of the privacy implications, spyware causes damage. Trashed systems, lost data, personnel time spent cleaning infestations and so forth. I've seen corporate workstations with thirty or forty spyware applications running simultaneously, causing major performance loss and instabilities. It wouldn't be hard for a corporation with a few hundred workstations to get the FBI interested with a legitimate damage claim of a few hundred grand in losses.

Spyware, malware, adware, spam ... all of these are parasitical activities on the part of a diseased few. And they have been greatly aided and abetted in their behavior by the likes of Microsoft, who either by design or by incompetence made such things trivial to implement on a vast scale. My feeling is that, given the relative importance of the Internet to all of the world's largest economies (and to the developing nations that would like to use it to improve their own lot) some kind of immune system will have to be developed to deal with these parasites. That may involve gunshot wounds to the head, I don't know.

Re:Even Sevens

I think if we used the SETI cluster to create a DNS attack on spyware collection networks that would send them a message. Perhaps we could add a module in an already popular spyware cleaning utility that would allow the user to participate in those said attacks. After all if there too dumb to keep spyware off their box in the first place then I'm sure they would'nt mind spending alittle idle bandwidth sending sweet justice back to spyware networks.

Re:Even Sevens

[bhtooefr]

You could say that your Internet browsing patterns, or things you entered into forms, were copyrighted (say that you were attempting to create a geographic art form by traveling the Internet, and use that as the thing that they broke copyright on), and get them with 512(h) of the DMCA (all you need is a "good faith belief that someone violated your copyright", after all)...

Re:Even Sevens

[bhtooefr]

Actually, I think that the section of the DMCA that they're using to get filesharer addresses could get us spyware creators' addresses - after all, they're getting SOMETHING from us, so they might have violated our copyrights ;-)

Yes, I know, abolish the DMCA when we're getting sued, but use it when malware companies are attacking PCs...

Re:Even Sevens

[bhtooefr]

A trojan would be TOS-wrapped, or be a website like "yahoogamez.com". I would consider some spyware to be viruses, except instead of infecting the first .EXE it hits when run, it tries to infect every computer that hits the site it's hosted on via exploits.

A banner or popup on an otherwise legit site that brings spyware without requiring user intervention would mean that the site's ad supplier was "infected" with the viral spyware (for example, a banner here LOOKS like a Google AdSense ad, but is silently infecting your Windows box, would mean that /. is not grabbing ads from the AdSense server, but another server, or that AdSense itself is compromised), and spread it to the client.

Re: Even Sevens

[bhtooefr]

I can get around IE being disabled VERY easily. You see that address bar in Windows Explorer (the file manager of the Windows DE)? I can put a web address into it, and BINGO! Internet Explorer. In fact, it even works without iexplore.exe being present - I know, as I've seen it happen on a Windows ME box that got an install of AOL even though it was a school install on a network and it had access to a T1... I should carry a LART... I eventually just installed IE6. Oh, and this was before I discovered Opera, so don't flame me.

Re:Even Sevens

[bhtooefr]

Unless it considers me a troll too, you've got Excellent karma - you've got the bonus.

And, I doubt it's modifying comments themselves...

Re:Even Sevens

[BerntB]

I was making a (lame) joke.

If /. had such a system in place, it would be known.

(I am a bit confused about Karma, though. I don't really ... hmmm .... optimize my posting for it. So I wonder a bit about how it's given out. But I don't really care.)

Re:Even Sevens

[bhtooefr]

The key to boosting your karma: don't troll, and don't TRY to boost it. Don't make comments that will get modded informative - treat it like you won't get modded up at all, but you WILL get modded down if deserved, and you'll get modded up.

Re:Even Sevens

[Trackster]

It doesn't always work that way. I've had a flood of popups comming up on my screen and as I closed them a window popped up for less than a couple of seconds saying "Now downloading XYZ".

I cleand up the system and later learned that not all popups are "windows" you can close but some are images that look like windows (not fake messages within windows but real windows). If you right-clicked on any part the option to save the image would come up. They even go so far as to fake the little tan-colored explanations that occur on mouseover. I use a Japanese OS but the explanations came out in English!

Re:Even Sevens

[4of12]

stuffing them in their own world. All their posts would be modded up and their view of the site was totally different

I like that. Having MetaModded my share of crap, I can say there are more than a few Slashdot user profiles that could use

Score = 4 - Score;

somewhere along the line.

Slashdotted Already!?

[mungeh]

...or maybe the malware guys got to them first?

Why is this YRO and not IT?

oh yes, because IT colours suck dick.

In other news

Ive heard that MyDoom 3 has just been released too... a much darker scarier variant which seems to have originated on mars

Re:In other news

[trippinonbsd]

Yea and I keep getting a bunch of emails from these martianbuddy guys.

What happens?

[Rosco+P.+Coltrane]

What actually happens when you install adware/spyware/malware?

I'm not sure. Let me ask BonziBUDDY...

Re:What happens?

[accidental_1]

What did it say?
It told me i need viagra.

Re:What happens?

What did it say?
It told me i need viagra.

Well, it didn't tell me much, but it did reset my homepage to www.bonzi.com, just in case I needed to know more about purple gorilla manufacturers. How nice of him...

Re:What happens?

[accidental_1]

You didn't get the first post so "Your computer clock may be wrong. Would you like to keep it accurate?"

Re:What happens?

Now, where's the option in Slashdot to hide posts from 7xx.xxx slashdroids again...

firefox testimonial

I have been an IE devotee since v4.x came out. I have recently moved over to Firefox in order to stop me having to keep up with all the security problems I started to experience only inthe last couple of months.

Seriously, how hard can it be for MS to write an application as straightforward, yet secure as Firefox.

I downloaded Service pack 2 release candidate and noted a lot of security improvements and features, but in agreeance with with MS whom today released the full Service pack 2, it seems to mainly add 'bars and locks' to your 'doors and windows'. Whereas Firefox seems to be a better neighborhood to live in from the start.

Re:firefox testimonial

[TheHawke]

Oh Mod this parent up!
You hit the nail on the head several times with firefox's security. It does seem to have marked improvements over IE in security, blocking 'wares from going off in your system, to barring banners from starting up, ever!

Of course I maintain a hosts file that pretty much keeps them at bay.

http://www.pelicancoast.net/~nighthawke/hosts.zi p

Re:firefox testimonial

[Rosco+P.+Coltrane]

Seriously, how hard can it be for MS to write an application as straightforward, yet secure as Firefox.

Perhaps lots of people, including Microsoft itself, have an interest in perpetuating the myth that software is inherently insecure.

Re:firefox testimonial

[Gigantic1]

You are soooooo right!

Firefox is available at this link: http://texturizer.net/firefox/index.html

Happy surfing.

Re:firefox testimonial

[back_pages]

Here's my homebrew mod point for you, sir. Right on the money.

Insecure software creates a whole economy for crutch-software. If software were secure, entire corporations would go bankrupt.

Re:firefox testimonial

[selderrr]

hey dude, thanks for that hosts file. Impressive collection !

Re:firefox testimonial

[TheHawke]

You are very much welcome. There is a variety of Hosts file managers out there that do a lovely job of sorting and managing the entries in the file. It does bog down slower systems, but I consider it a fair trade to keep the goons at bay.

Re:firefox testimonial

[scubacuda]

Check out this host file also.

Re:firefox testimonial

[TheHawke]

Eeek! This guy just upstaged me! Now i'll go sulk for a week then get EVEN!

Re:firefox testimonial

[Izago909]

And here's some more links for security and privacy.

Re:firefox testimonial

[bvdbos]

Impressive hosts file. But not all is evil. Where would we be without osdn... (last entry in your file) and where would osdn be without ads???

Re:firefox testimonial

[scubacuda]

Just curious...how long did it take you to compile all of that?

Re:firefox testimonial

Why don't we just download it from here?

Re:firefox testimonial

[TheHawke]

I latched onto the core from K-lite's website, before they got hammered by sharman, then added on my own links that I found distasteful.

Re:firefox testimonial

[Donny+Smith]

Oh, I get it now - Microsoft makes shitty OS and then secretly invests in anti-virus companies to make money!

Shiiit, maybe I should have put this in the slashdot-user-friendly format with little numbers as in:
1. Write shitty OS
2. Invest in A/V vendors
3. Profit

What a bunch of bullshit.

Re:firefox testimonial

validated hosts

Re:firefox testimonial

[freedom_india]

Hey
Thanks for the Hosts file man.
It is a really good one. Can i distribute it to my friends?
Thanks

Re:firefox testimonial

10 Write Shitty OS
20 Invest in A/V vendors
30 ???
40 PROFIT
50 GOTO 10

Re:firefox testimonial

[TheHawke]

Go for it, just give credit where it's due.

Re:firefox testimonial

[Omestes]

I have been using either Moz suite or FF for years (and netscape before that), but recently reformatted for a new HD/XP install... I was forced to use IE to redownload FF, and browsed around while it was d/ling, and to my suprise I got 40 items of spyware! In 10 mintues. A couple of them ad-aware wouldn't pick up, something called WebRebates.exe...

Never again... Its bad enough my browsing efficiency is much reduced on IE now (damn mouse gestures!), and my system resources take a decent hit... But I spent 3 hours killing spy/malware.

Since that brief experience I've forced my best friend to install FF, and my Mom and Dad... I decided that that was the ethical thing to do.

Re:firefox testimonial

Wow, what a list! Please, mod this up.

Re:firefox testimonial

[len_harms]

you may find this usefull as well.
pac file
I use it in addition to a decent hosts file. I even combined the two. That way the freeking browser doesnt even ASK to be nuked. Before popup blocker was put into Mozilla and IE this is what I used. I rarely saw a popup, and my spyware count went to 0. Sometimes it pukes on itself but someone was kind enough to put a 'turn it off for now' thing. Which is kind of cool as with a hosts file you have to move it out of the way then back when done. There is also a plugin for mozilla I belive that does something similar. But for someone who has to use both its pretty easy to keep running.

The reason I like the pac thing a little better as it snags whole domains. Where as a hosts file only gets 1 site. Also sometimes you want to goto one site but not part of that site. Its pretty powerfull...

Re:firefox testimonial

[TheHawke]

Heheh, nice one Len!
Actually, i've put a IPblock in my hosts file by entering the IP address into it and referring it to loopback. (I know, it goes agianst the RFC for DNS, but it works!)
I've dogfarted on gator/claria with this action and they are pretty much torqued off at me for that. Of course, i've made it rather difficult for them to get in touch with me without sending a message thru a lawyer by blocklisting their domain in our POP3, hee hee hee hee.

This way it keeps'em honest and let's them know that they are not welcome in any way, shape or form

Re:firefox testimonial

[freedom_india]

Sure.

Re:firefox testimonial

[back_pages]

Yeah good point! Gosh I was silly to think that Microsoft would engage in dubious business practices! Golly, it's completely shocking to think that Microsoft stands more profit more from the A/V business than from fixing its own security problems.

Hmm.. let's think about that. Let the flaws continue and create an industry that doesn't compete with core Microsoft business. When that industry is rolling in cash, point out that Microsoft has them by the balls. If they fixed the flaws, those businesses would tank. Looks like a prime scenario for Microsoft to take over, keep on a leash, make a bitch out of, or whatever you like regarding the A/V corporations. Hell, it's practically a corporate takeover without buying a single share.

How could this go any better for Microsoft? If they muscle the A/V companies into submission/eventual purchase, how can those companies complain? Surely fixing the flaws in their own products is not an abuse of monopoly powers.

Even if Microsoft doesn't end up holding the keys to the A/V companies, those companies are spawning grounds for experienced workers that Microsoft can headhunt. Farfetched, right? Yeah good point, Microsoft will take the brightest and most experienced workers from the OTHER antivirus industry.. the uh, the TI-85 antivirus industry.

Quit thinking that you're so damned special for a second. The A/V and popup industries are literally pimping themselves out for Microsoft's ultimate profit. They're sweating to produce the experts; they're producing the profits that REQUIRE that Microsoft doesn't tighten up their software.

If something rattles when you shake your head, you got a couple of brain cells and you can probably recognize that it is far more advantageous for Microsoft to continue to ship shoddy software until they feel like absorbing/tackling/obliterating the A/V popup industry.

But hey, I'm sure you have your own opinion.

Re:firefox testimonial

What do you mean by dogfarted?

I googled it, but it appears dogfart is a hardcore porn producer.

Re:firefox testimonial

[Donny+Smith]

>If they fixed the flaws, those businesses would tank.

Haha...
I propose they will start selling their A/V software cheaply to make all A/V vendors go bust, then they will quietly fix all security flaws, so that they can fire all their A/V experts and still keep charging for the A/V software! But because of competitive pressures from Linux, they will have to cut price of Windows OS, so in the end Windows will be secure but it will cost the same as it does now!
That way Microsoft will make more money because they won't have to employ dedicated programmers to code bugs and security flaws into their software. Oh, wait, that's how it is now!

>How could this go any better for Microsoft?

Well, for your info, pal, the worldwide antivirus market is about $3b, which Microsoft makes in a month. Why would anyone go in such trouble for an 8% increase in sales (_assuming_ they can have 100% of the antivirus market).

>They're sweating to produce the experts; they're producing the profits that REQUIRE that Microsoft doesn't tighten up their software.

By this logic you are a proponent of the idea that OSS is bad for software ISVs because commercial applications constantly get undercut or made expensive by free OSS apps which creates unemployment - as OSS software destroys their market, commercial software vendors got nothing to do and are forced go out of business.

If there's anything to sweat about, I'm sure they'd choose to sweat over making OS more secure and then focusing on more productive tasks.

Re:firefox testimonial

[back_pages]

By this logic you are a proponent of the idea that OSS is bad for software ISVs because commercial applications constantly get undercut or made expensive by free OSS apps which creates unemployment - as OSS software destroys their market, commercial software vendors got nothing to do and are forced go out of business.

If by "logic" you mean "magical reasoning", sure. The rather clear difference is that OSS software does not exist because of flaws in closed source, proprietary software nor would OSS be run out of business should closed source, proprietary software improve their product.

Why would anyone go in such trouble for an 8% increase in sales

Yes, indeed. Why would anyone go through such trouble (ie, continue their shoddy practices rather than invest time and money into fixing them) in order to spawn a well developed spin-off industry of successful products, marketing, and experts, all of which exist at the mercy of the first producer. And all for just 8% increase in sales?

Think, think, think. The only things I can come up with are 1) it is very easy, 2) there's no way they can get stuck for abusing monopoly powers on this one, and 3) it's a freaking 8% increase in sales. I really don't know what type of background you have related to running a business, but if you can get 13 months of profit out of a 12 month year, you sure as shit shoot for that goal.

If there's anything to sweat about, I'm sure they'd choose to sweat over making OS more secure and then focusing on more productive tasks.

I totally agree, but think about how they're going to do that. Do you hire an army of college recruits to repeat the work of the AV industry, or should you wait until they have a handle on things and pull the rug out from underneath? Of course, time will tell, but I'm pretty sure we'll see a large migration of AV security experts being headhunted by Microsoft over the next 10 years, and as Microsoft (hopefully, oh so hopefully) produces more secure products, the AV industry will dry up. Just my off-the-cuff prediction, but it'll be significantly harder to find consumer-market AV products in ten years.

malware honeypot?

[TheHawke]

I wonder if someone can whip up a honeypot that'll reverse-engineer some of the malware out there, munge all the URLS down and give proof that someone is doing this on purpose.

Then maybe the state DA's will jump in and make a lesson of a malware producer or two. That is, if they are local. IF not, LART until their router is unplugged.

This 'ware business is seriously getting out of hand and MUST be dealt with, one way or another. IF we have to force these jokers to go overseas, fine, then we'll do so and isolate their domains at root DNS.

Re:malware honeypot?

Wouldn't it be great to see spyware producers suffer legal consequences? Don't think it will happen, though: the political and legal system is too busy protecting the recording and movie industries at the moment.

Re:malware honeypot?

Let's give credit where credit is due!

Did you RTFA? The spyware he mentioned all loaded automatically using exploits that are only available in IE and Windows! This is all courtesy of Microsoft!

Face it: these people would not be able to do these things without Microsoft's brain-dead approach to secure design. If you wanna sic DA's on somebody, point them at Microsoft!

Re:malware honeypot?

[selderrr]

You mean like we want to do with spammers ?
We all now how well that worked


Face it : malware is the new spam, and it is a lot harder to detect & isolate. OSX & linux users may be safe for now since the problem is moved from mailserver to client machine, but it is only a matter of time until java malware shows up.

The ONLY solution is keeping the OS secure, the firewall tight and the user aware not to click bogus utilities. That and a network wide hosts file that redirects a lot of crap.

Re:malware honeypot?

[base3]

The state AGs are too busy taking campaign money from the copyright cartel and sending threating letters to "P2P companies" to worry about spyware.

Re:malware honeypot?

[TheHawke]

I do not disagree, and let me reinforce the point. the 'wares take a direct path to customers systems from known sources, unlike virii.
If someone goofs and winds up on a site like the article mentioned, guess what, the customer just hit a malware mine.

It's not like the lovebug bit where it spread like wildfire, at random, the 'wares are more focused and actually show a purpose behind their creation: to retrieve personal information on the user behind the keyboard.

Under Federal and State regulations, this shows Willing Intent to Commit Malice, possible violations of Wiretapping Laws,and is grounds for prosecution to the fullest extent of the Law.

Re:malware honeypot?

[selderrr]

that is under the assumption that malware spreads only via http clicks... I consider it very likely that future malware will spread trhu direct connections, P2P networks, infected downloads, ...

If the malware itself operates in a silent way (i.e. not blatantly plop ads all over your screen, but rather replace existing ads with his own crap), it can be very tricky to pinpoint a guilty party

Re:malware honeypot?

No I did not read the fucking article, you guys are slashdoting the site.

get downstairs and take the trash outside

thanks for thinking of me and our friends who are not so computer savvy

signed:

your dad

Mozilla Firefox - it solves most problems....

[Gigantic1]

Those poor soles running Internet Explorer (like ME until recently) don't know what they are missing by not switching to Firefox, Opera, and some of the other fine browsers out there.

Usually, I skeptical about "Freeware", but Mozilla's Firefox has been a glorious exception. Not only is it faster, more intuitive, and easier to use than IE, it is also MORE SECURE. Unlike IE, Firefox does not allow ActiveX and VBScripts to run - and this is a blessing.

Please consider giving it a try.

Happy surfing.

Re:Mozilla Firefox - it solves most problems....

[Rosco+P.+Coltrane]

Those poor soles running Internet Explorer (like ME until recently)

Jesus, it's about time you upgraded from ME, I'd say...

Re:Mozilla Firefox - it solves most problems....

[Gigantic1]

Nooooooo. Sorry about the confusion. "ME" referes to myself, not "Windows Millineum Edition" (Yuck)

Currently, I'm running Mozilla Firefox on Windows 2000, and I have no complaints. In fact, I'm happier about surfing the web than I've been in years!

For reference, Firefox may be downloaded at http://texturizer.net/firefox/index.html.

Happy Surfing.

Re:Mozilla Firefox - it solves most problems....

It is not "Freeware", it is "Free Software", free as in Freedom, "Libre Software"

Re:Mozilla Firefox - it solves most problems....

Nooooooo. Sorry about the confusion. "ME" referes to myself, not "Windows Millineum Edition" (Yuck)

Have you ever heard the word "dense"?

Re:Mozilla Firefox - it solves most problems....

[Gigantic1]

Nooooooo. Sorry about the confusion. "ME" referes to myself, not "Windows Millineum Edition" (Yuck) Have you ever heard the word "dense"?

And for your "snit fit" concerning semantics, you mod my parent post as a "Troll". Or was it something else?

Anyways...Grow up.

Re:Mozilla Firefox - it solves most problems....

Read the FAQ, you'll see that you can't mod and post on the same piece of news.

Re:Mozilla Firefox - it solves most problems....

[Gigantic1]

Read the FAQ, you'll see that you can't mod and post on the same piece of news.

You can if you post as an Anonymous Coward.

Re:Mozilla Firefox - it solves most problems....

[base3]

Not if you're logged in when you do it--your moderation will be undone if you post AC in a thread you moderated if you're logged in. Of course, I'm $rtbl'd, so it doesn't matter anyway.

Re:Mozilla Firefox - it solves most problems....

-1, Dangerous Influence: warns about moderation "features"

Re:Mozilla Firefox - it solves most problems....

joke

Pronunciation Key (jk)
n.

1. Something said or done to evoke laughter or amusement, especially an amusing story with a punch line.
2. A mischievous trick; a prank.
3. An amusing or ludicrous incident or situation.
4. Informal.
1. Something not to be taken seriously; a triviality: The accident was no joke.
2. An object of amusement or laughter; a laughingstock: His loud tie was the joke of the office.

Re:Mozilla Firefox - it solves most problems....

followup joke

phrase.

1. A joke that is uttered as a followup to another joke.

2. Something that passes way over your head, apparently.

Re:Mozilla Firefox - it solves most problems....

[Shaklee39]

Faster? Hah. Try telling that to everyone in the office where I work after firefox takes 10 seconds to load compared to IE in 2 seconds. It is unacceptable for them, no matter how secure it is.

Re:Mozilla Firefox - it solves most problems....

Yeah, for real. Upgrade to something more stable like Win98SE.

Re:Mozilla Firefox - it solves most problems....

>>Those poor soles running Internet Explorer

Mmm.. I was not aware fish were running browsers.

Re:Mozilla Firefox - it solves most problems....

You forgot "a story with a humorous climax." --Spock.

Re:Mozilla Firefox - it solves most problems....

soles?

you mean their shoes?

Re:Mozilla Firefox - it solves most problems....

[FlutterVertigo(gmail]

That's because IE is already loaded into memory. Yes, you can detach it, but if the common code is available, IE is there.

Spyware Prevention

[Tiberius_Fel]

I've found that all the spyware can be kept down to basically zero if you do what I do (even for Windows users). I use Firefox and not IE (it's interesting to look at how many hits ad-aware gets for tracking cookies etc. with IE)... And speaking of ad-aware, I run it regularly. Honestly, spyware statistics would go way way down if people ran an anti-spyware program now and then. I find in my experience, when you run it for the first time and get 500 - 1500 "objects" found, it wakes the user up as to what sort of crap is on there, and after that they seem to be pretty good about running it themselves.

Re:Spyware Prevention

[MyHair]

(it's interesting to look at how many hits ad-aware gets for tracking cookies etc. with IE)

I don't think Ad-Aware (or other spyware scanners) checks Firefox cookies. I just ran and older version and it only found an Alexa registry entry, but I opened my Firefox cookies.txt and found a doubleclick.net cookie in there.

I'm a Firefox user/fan and IE hater, but Firefox doesn't inherently block tracking cookies, so I had to pick at your example. (Yes, Firefox does allow forcing per-session cookies, but it's not on by default, and it causes problems with remember-my-login cookies.)

Changing subject:

I noticed McAfee and others now have Anti-Spyware products alongside the AntiVirus products in stores. I'm wondering why the distinction between viruses and spyware? Shouldn't scanning for them and removing them involve the exact same process? Why not just include spyware/adware in the definition files?

Yeah, the obvious answer is "to make more money", but that really pisses me off.

Re:Spyware Prevention

I run AdAware/Spybot rarely, but only get maybe 50-100 objects (mostly cookie files) at most. I do have Windows XP running and installed Service Pack 2 (RC1 and RC2) when they became available. But I have used IE the entire time, and while I have had FireFox installed for various other reasons, I still primarily use IE. Either way though, I never get any spyware installed on my computer, and if I do, I am well aware of it because of something I clicked from a site I visited (such as a site I am visiting while looking for a serial #, ya sue me...). I think it all comes down to not being a dumbass and clicking everything you see while browsing - its not that hard. Service Pack 2 for Windows XP fixes alot of these "automatic dumbass" options, and makes you go out of your way to enable things such as ActiveX. Not to say that people still won't go clicking away to disable these options, but it still is much harder and people will have less and less to blame but themselves.

Re:Spyware Prevention

[Tiberius_Fel]

Interesting. I have it set to deep scan every file on my drives, so I might think it would get the firefox cookies, wherevr they're hiding...

Re:Spyware Prevention

[MyHair]

Oh. I didn't deep scan. So I guess it depends if it will recognize a cookies.txt file (as opposed to IE's cookies folder) which I supposed it would if it can do Netscape.

I don't feel like deep scanning to test, so--assuming Win2k or WinXP--open c:\documents and settings\\Application Data\Phoenix\.slt\cookies.txt and see if doubleclick.net stuff is in there. "Application Data" is probably hidden, and new installs of Firefox may have changed the "Phoenix" folder to "MozillaFirebird" or "MozillaFirefox" or similar, but mine is still under Phoenix.

Ahem, excuse me, but I can be a dumbass sometimes. I tend to do things the hard way. Try this instead: Open Tools->Options, click Privacy, click the plus sign by Cookies then click the "Stored Cookies..." button.

And let's not forget...

[Tuxedo+Jack]

How about the bastards who make browser hijackers? Removing CoolWebSearch's affiliates wastes so much goddamn time at my office, it's literally taking nearly three hours a week.

And don't deny it - their affiliates DDoSed SpywareInfo because it told people how to remove their bastardly malware and provided CWShredder.

I say we go after them, drain their coffers dry, and donate the funds to the Mozilla Foundation or something.

Re:And let's not forget...

[saskboy]

Heh, the chances of anyone going after the several parties responsible for browser hijacking, and winning in a timely manner, are slim to nil with the average judge's knowledge of computers.
And then I highly doubt the money would go to something worthy. The lawers would get at least a 1/3 of a large settlement, and unless Mozilla did the suing, little money would go there.

Re:And let's not forget...

What good would giving money to Mozilla do - by your own admission, you don't use it at your office, so no matter how much money Mozilla gets, it will do you no good.

Instead of hunting down IE abusers and giving the money to Mozilla, why don't you just switch to Mozilla and be done with it?

Re:And let's not forget...

[AndroidCat]

Once you've removed CoolWeb for the week, replace Microsoft's Java VM with a real one. As I recall, if you closed off everything else, that was the exploit it used. (Or turn off Javascript.)

I notice that their "affiliates" buy up loads of domains as they expire and turn them into farms directing traffic to sites to install CoolWeb or lesser relatives.

Re:And let's not forget...

[Mattintosh]

I have that same problem at my office. I've been looking at a few solutions. I've found 2 that seem like they'd work well.

1. Norton Ghost - Since it's a single particular user's machine that keeps getting it, this would work well. He will, of course, bitch about losing his pictures every time we wipe the drive, though.

2. RIS - F12 is your friend, I've learned. At least during the boot process. Having a RIS setup would make installation quick and hopefully painless. (Yeah, right.)

There's another CoolWebSearch-like BHO out there that keeps redirecting you to t.rack.cc, which CWShredder doesn't fix. It also tends to cause the HD to thrash so much that it kills the drive. We've chewed through 3 HD's on that particular laptop in the last year. (It's a Toshiba. Maybe they just suck.)

Re:And let's not forget...

1. Norton Ghost - Since it's a single particular user's machine that keeps getting it, this would work well. He will, of course, bitch about losing his pictures every time we wipe the drive, though.

Why is he saving his pictures to the System partition? You probably should make the System partition 4-8GB and tell him not to save to the C:\ drive.

Re:And let's not forget...

[Electrum]

tell him not to save to the C:\ drive

Why tell him? Set the permissions so that he can't save to it.

Re:And let's not forget...

[localhost00]

Why tell him? Set the permissions so that he can't save to it.

Because if nobody tells the average user that he is being locked out of the System Drive and then said user receives an access denied message, said user is going to raise some hell.

Re:And let's not forget...

[cheekyboy]

Why not put the OS on S: and leave C: as it is for the drongos that still think C: is the norm.

My C: is just media data, no apps at all.

OTH, if MS made is EASY to move PROGRAMFILES folder to a new HD/PART that would be sweat, but we know having 54 billion dollars reduces your IQ.

Re:And let's not forget...

[wobblie]

why don't you just install a proxy? squid is free you know ...

I guess you missed the memo...

[lucason]

I'm very sorry to disapoint you, but this article ( http://www.mozilla.org/security/shell.html ) should open them peepers....

I'm afraid this isn't the first and won't be the last.

Re:I guess you missed the memo...

You know, you are absolutely right! I am going right back to IE.

After all, just this one vulnerability makes it just as insecure as IE's 1035.

New one just in: now 1036...

another: 1037...

another: 1038...

Shit! I'm not gonna keep this up all day!

Re:I guess you missed the memo...

And the ratio of IE::NN (Mozilla, Firefox, et al.)?

I realize even one is a security issue, but now we're dealing with issues of scale.

Microsoft's problems lie with their code architecture. That's it - simple[1]. When WHG3[2] redirected as many keyboards as possible for a one-month effort to shore up the code and squash security issues, did it work? No. It was PR. Nothing more, nothing less.
They need to start over and have some code architects who actually know how to deal with preventing buffer overflows & anything else squirming around in the bowels of their code.
Years ago, they were trying to hire people who would work 20+ hours a day. Mass coding was more important than style (or quality).
If you've played competitive soccer, you know the difference between a finesse game and a physical game. Microsoft cares nothing about finesse, even if it wins in the long-run.
Most people who have been around and had an opportunity to write code on a semi-reasonable schedule and care about how solid their code is can do so.
Regardless of where they are, 95% of the people in this business probably shouldn't be there. They think they are and they think they're good, but because of a variety of circumstances, you don't have to be good, just good enough. Unfortunately, that's not good - particularly for the users - and that sucks.
If Microsoft were to lock a few of their better code architects away and let them do their job(s), then base the remainder of their code on it, you'd see far better products coming out. This is part of why a lot of the Open Source products|projects are generally better. Not because "they aren't Microsoft", but because if there's inherently something wrong with what you check in, someone else is going to trump it. I don't think that's the case at Microsoft. Stomping on someone else's code means the stomper should be working on something else (in Microsoft's eyes).

Most people who have paid attention over the years know MS almost missed the Internet boat (rescued by one of Billy the Kid's Summer sojourns); almost missed the XML boat - and have overdone it in some ways - we go from switches in .bat files, to variously named and formatted files, to .ini files, to registry, to XML files - for practically everything in some areas.

What's Microsoft's next snag? We've all discussed it here. And it's not Linux. It's the underlying philosophy & mindset behind Linux. They don't understand Open Source and instead focus on the output, hence the appearance they're against Linux (see influx of M$ to SCO - they see SCO as anti-Linux, not anti-OpenSource). Were Linux developed in a setting where everyone was paid a salary and Linux were sold in shrinkwrap, Microsoft would have an enemy they could fight. They understand money. And when they had people working 20+ hours/day, that was for money, power, and prestige.
Remember NightCrawler in the opening scenes of X-Men 2? The Secret Service didn't have a chance - they didn't understand what they were seeing - never mind they weren't equipped to fight (although they thought they could). That's one example. Want a sillier one? Remember the episode of M*A*S*H where Hawkeye and BJ have a bathtub shipped to them so they can cool off in the heat? When the Scrounger comes, he wants to know how much they're charging people and simply cannot believe it's free - accusing them of being communists.
Microsoft simply cannot understand a standard accounting|bookkeeping system not being used for the purpose of generating business-quality and -targeted software. Shareware is one thing, but for all-purpose use? Unless & until they untangle what Open Source really means, they're going to chase their tails - perhaps until it's too late.


[1] "Make things simple, not simpler." -Erasmus
"From simplicity arises elegance." -me
[2] William Henry Gates 3rd

Re:I guess you missed the memo...

[Zork+the+Almighty]

Or they will simply crush open source with patent lawyers. Let's see, $400 an hour and your average lawyer might weigh, oh, about 200 lbs. Microsoft has 60 billion dollars. That's a lot of crushing.

Re:I guess you missed the memo...

[lucason]

Obviously that's not what I meant.
Though 1 unpached vulnerability is worse than a hundred patched.

The thing is, it ticks me off that some users mistakenly think of firefox or linux as immune. They aren't. And users and companies that are considering migration better take note of that.

I've just checked, after 4 week of not updating my mandrake 10, I just installed 17 security patches and 4 bug fixes. All I'm saying is that companies migrating to avoid security patches are doing it for the wrong reasons. And not taking into account costs and infrastructure to do the updates will cause underestimation of TCO.

Re:I guess you missed the memo...

[Red+Alastor]

Notice that when you patch Windows, you patch... Windows. When you patch your Linux distro you patch ALL the software that are included with it. There is tons of packages included ! And they are patched fast. Red Hat for instance include fixes for critical problems within a day of their publication.

No spyware here

[SteveXE]

I managed to keep my pc pretty much spyware free when running IE aside from the day to day tracking cookies.

I switched to Mozilla about 2 months ago and not only do i never get spyware cookies due to its easy to use cookie blocking and plugins, but its so much better in many respects. I still have to use IE on some pages that contain video files, and i do have a few gripes but overall its much better and lets me control my internet experience on many more levels.

Spyware is just another form of a virus

[onyxruby]

How long will it take people to realize that spyware is just another form of a virus? I remember when people used to argue trojans weren't viruses and now people have finally come to accept them as just another form of a virus.

Look, I have worked on systems that have had hundreds of infections, from viruses and spyware. I routinely subject a drive from a machine with spyware to the same checks and controls I do with viruses. I start by removing the victim drive and putting it in a secondary control system. Only then can I properly remove the hooks installed to prevent you from really removing things.

I've seen everything from DLL hooks to putting itself into the system restore file or hidden OEM restore partitions. This way windows itself will *fix* your removal. I've seen where they try to emulate legitimate hotpacks and patches. It's pretty simple really, if a program installs surreptitiously, disguises itself, and takes steps to prevent it's removal - than it is a virus.

Re:Spyware is just another form of a virus

[drinkypoo]

Spyware/Adware is only as much a virus as a worm is. Guess that makes it a worm. Viruses infect other programs, worms propagate themselves as a program. There is a grey area when they hook themselves into assorted libraries, though.

Re:Spyware is just another form of a virus

[sploo22]

Wrong. Here are some definitions of a computer virus:

A program that can infect other programs by modifying them to include a possibly evolved copy of itself.

"A parasitic program written intentionally to enter a computer without the user's permission or knowledge. The word parasitic is used because a virus attaches to files or boot sectors and replicates itself, thus continuing to spread. Though some viruses do little but replicate, others can cause serious damage or affect program and system performance. A virus should never be assumed harmless and left on a system." -- Symantec

Get your terminology straight. If it doesn't infect other software, it is not a virus. Your argument is like saying malnutrition is a virus because it makes you sick.

Re:Spyware is just another form of a virus

User: Wow! SuperKaazaMidgetCursor! (I agree.) (I agree.) (I agree.)

Peter Norton: SpyVirus removal complete!

User: Norton broke my SuperKaazaMidgetCursor. No more free MP3s and naked strippers on my desktop WAH! I want my money back!

[The big difference between Anti-Virus and Spyware-Removal programs, is that the former is based on program behavior, and the latter makes value judgements about what is 'good' software or 'bad' software. I don't think any developers want a situation where they have to get their programs certified as "good" by some 3rd party.]

Re:Spyware is just another form of a virus

[WhatAmIDoingHere]

Did you read the post you replied to?

He said: "I've seen everything from DLL hooks to putting itself into the system restore file or hidden OEM restore partitions."

That sounds like it's infecting software. Last I checked, Windows wasn't hardware.

Re:Spyware is just another form of a virus

[anynameleft]

"if a program installs surreptitiously, disguises itself, and takes steps to prevent it's removal - than it is a virus." This was my experience with removing some kind of toolbar (believe it was that of smiley central):

Are you sure to remove MyIEToolbar? [yes][[_no_]]

MyIEToolbar contains NO SPYWARE! Are you still sure you want to uninstall? [yes][[no]]

Why do you want to uninstall MyIEToolbar?
[_] didn't like it anymore
[_] have a concurrent product
[x] has spyware
[[ok]]

You selected "has spyware"
MyIEToolbar CONTAINS NO SPYWARE! (blinks)
DON'T BE AFRAID! IT REALLY CONTAINS NO SPYWARE!
Are you SURE to unsinstall (typo intended) even though it contains NO SPYWARE!?

[yes] [[¡NO!]] (blinks)

Now what would you answer to that last question?

Re:Spyware is just another form of a virus

[Gigantic1]

Wrong. Here are some definitions of a computer virus....

So...you preface your diatribe as shown, and then proceed to tear into the guy's thread for the sake of Semantics.

Please...lighten up. We can all be friends here.

Thanks.

Re:Spyware is just another form of a virus

[FireFury03]

Nope, what the media call "virus" is nothing to do with anything. The media definition of "virus" is any bad software (what non-media types with a clue call malware).

A virus is a piece of malware that embeds itself in other programs. This is often done by gluing the malware code onto the end of an innocent executable and modifying the start of the real program so it jumps to the malware code first.

AFAIK there hasn't been a virus written in a _long_ time.

By contrast, most of what the media call viruses these days are trojans, worms or a trojan/worm hybrid:

Trojans are pieces of malware that claim to be something innocent. They rely on the user being gullible enough to execute them, whereupon they either deliver their payload immediately or become resident in memroy and deliver their payload at a later date.

Worms are pieces of software that propogate across a network and require no intervention from any users.

So the modern email-bourn malware is a combination of a trojan (requires the user to execute it manually) and a worm (once executed, tries to spread over the network). They are most definately _not_ viruses since they do not embed themselves in legitimate software.

IMHO virus writing has really gone down hill - viruses used to be well coded (often in assembler) things that did some fairly complex stuff in a very small space. Modern malware by comparison is badly coded, buggy, probably written in visual basic by someone who hasn't the first clue how to code and often does nothing more complex than copying itself into the startup folder when executed.

Re:Spyware is just another form of a virus

You're right.

There should be some distinction made to differentiate those things which spread on their own (no user action required), those things which infect other files, and those things which provide backdoor access via something which purports to do something else, but worm/virus/trojan are not mutually exclusive if used just to describe these properties.

In any event, I still teach the basics of this stuff to people who are not yet comfortable with the mouse. They don't care about viruses/trojans/worms/adware/spyware/malware. I give them the distinctions, but in the end I point out that, no matter what we call it, in the end it's all crap you don't want on your computer.

I try to give them as much information as I can, but when you get right down to it, I don't have that big a problem with them believing these are all viruses, because virus == bad for them, and that's the only part they need to care about to get them to use all the scanning & removal tools I show them.

Re:Spyware is just another form of a virus

[Crizp]

Is this real? Jeez! That uninstall should get even the most ignorant non-techie joe schmoe to suspect there's spyware in it, just by stating there's nothing so many times.

DON'T BE AFRAID! IT REALLY CONTAINS NO SPYWARE!

I need a new keyboard :)

Re:Spyware is just another form of a virus

[sploo22]

I didn't mean any personal criticism, just trying to clear up a misconception. Sorry if it came across a bit too harsh.

Re:Spyware is just another form of a virus

as long as you get the last word, eh?

Re:Spyware is just another form of a virus

+5

Re:Spyware is just another form of a virus

[cheekyboy]

No your wrong, and stop using CORPORATE GLOSSARIES

spyware is just like AIDS, it doesnt spread wildly, you have to visit the SITE (ie person) to get infected.

Besides spyware infects windows (that being software itself)

Your definition of a virus, is more like a bacterial infection which wildly propogates everywhere like a fire, but a virus can stay quiet/hidden, not replicate much, and stealthly move onto new subjects when a clean client comes along and interacts with the filthy whore!

Symantec has a legal reason to define what a virus is because if spyware was defined as a virus, then they
A) could not claim to kill a 99% of virii
B) would get sued for missing so much 'virii'
C) might get sued by the spyware makers
D) loose sales because its useless in fixing all those spywares floating around.

And dude, what happens when theres a virii that actually INSTALLs spyware? whats that called?

Re:Spyware is just another form of a virus

[sploo22]

Besides spyware infects windows (that being software itself)

There is a subtle difference. Spyware adds its own files, it doesn't modify files that are already there. A virus will insert copies of itself into programs, the boot sector, etc.

The only thing spyware modifies is the registry, and it doesn't actually use that to replicate.

Re:Spyware is just another form of a virus

[glesga_kiss]

Thank god someone else believes this. OK, firstly get over the definitions on what is a worm, virus or trojan. If you argue this, you are missing the point of this sub-thread.

Spyware is unwanted software sitting on my machine, using my resources and harming my machine. How in any way is it different to any of the thousands or viruses (media definition) out there?

The following should have no bearing on whether something is or is not included in anti-virus definitions.

• If the software is used for market data or spamming. The former is apparently "acceptible"
• If the software replicates itself. Simply not relevant today's world of connected machines
• If it is owned by a corperation. Just because malware has a company name behind it doesn't make it legit

Perhaps the OSS community should take the lead here and add spyware signatures into the OSS anti-virus packages and treat all malware equally. Rip it out. Quarantine it on first discovery. If bundled software it came with doesn't work, tough tittie. If they want to check for the spyware and disable themselves if it's not there, then it's their loss. Just allow the user to disable that definition with a "this is a very stupid thing to do" warning. You could even be clever and offer altenates suggestions of spyware-free software.

As spyware is corporate controlled, as are other anti-virus solutions, an OSS one is the only one I'd trust to zap all known malwhere and not allow "parners" malware thru.

A lot of people don't care

[.+visplek+.]

Funny thing is that a lot of people just don't care. I remember that visual plugin for Winamp: Wild Tangent Valentine Dancer. It turned out to be spyware (and so did the rest of Wild Tangent's plugins and apps) but a lot of people just wanted to see a girl dancing on their screen. They just don't care. Not aware of the results of a spyware infested computer and blinded by some digital hottie. The result is over 3,707,559 downloads.

Re:A lot of people don't care

[drinkypoo]

It's not that the dancer is spyware, it's that wild tangent is. In order to run it, or any other wild tangent content, you have to install the wild tangent player.

Re:A lot of people don't care

You wouldn't happen to know the URL for that dancing girl, would you?

Re:A lot of people don't care

[red+floyd]

AIM includes WildTangent. You have to remove WT after installing AIM.

Re:A lot of people don't care

[danila]

We need an open source project to provide this functionality in a spyware-free format. The reality is that people need dancing girls, they need strippers on their desktop, they need other bells and wistles. And they will install them, so I'd rather see them install GNUGirl and GNUBuddy.

Re:A lot of people don't care

[spitzak]

Flash should work pretty good.

Are there security holes in Flash? Have not heard of any.

SVG would also be a good idea, it is equivalent to Flash but completely standardized and open and the files are text. Unfortunately there are no working implementations yet.

Re:A lot of people don't care

[Ziviyr]

Ignoring flash being able ta access video/audio ins on your system. So far its perfectly harmless. :-)

Re:A lot of people don't care

[pyrrhonist]

AIM includes WildTangent. You have to remove WT after installing AIM.

You can't just run an installer either, you have to go looking for it in the Windows folder, and delete it, otherwise it keeps running. The really infuriating part is I found a text file in the folder where it is installed that contains a long diatribe about why WildTangent doesn't consider their crap spyware. They can bite me. AOL should not work with these dicks.

This is why I installed GAIM. Problem solved!

Re:A lot of people don't care

[pyrrhonist]

And they will install them, so I'd rather see them install GNUGirl and GNUBuddy.

Find a cute one to pose. I'll start the Sourceforge project.

Re:A lot of people don't care

[cheekyboy]

send the guys an invoice of $350 for spending 4hrs to fix friends PCs up, im sure 3707559 * 350 will bankcrupt them.

Re:A lot of people don't care

[Nyder]

I'm confused on this "Wild Tangent" thing. I thought it was a driver to use directx commands from a web site. mostly for playing web games. One of the authors has a column in CPU magizine, and he's mentioned a few times oh how he's trying to clear up this misconception that Wild Tangent is spy-ware. Does this "Wild Tangent" spy on your usage and report back to it's "headquarters" so it can pop up ads for you? Or is it for playing games? Or is it that some lame people have made some sort of spyware that uses the "wild tangent" engine to display, say, a dancing lady while it sends back info to it's (not "Wild Tangents") headquarters?

i mean, I could be wrong, but I can't see a publication like CPU Magazine letting a producer of spyware use his column in the magazine to tell convince people that he's not doing spyware when he really is.

So, unless you can show me some proof that the "wild tangent" driver/activex is actually spyware, and not a game engine, then hey, I'll make sure to tell CPU magazine that they've been duped.

Re:A lot of people don't care

[drinkypoo]

Wild tangent is a mini game engine designed primarily for the web. I'm not sure precisely what it reports back. I don't particularly trust any print publications that come on glossy paper, not that I trust so-called "zines" either...

The holiday dancer came straight from wildtangent. I installed it, it was a chick with big hooters that didn't dance at all to the music, she just bounced. So, I deleted it. This was many moons (and windows installs) ago.

Re:A lot of people don't care

[yarbo]

http://vigor.sourceforge.net/

There's a simple solution to this..

[Soldevi]

Just don't use windows or IE. I don't. The extent of executable code that runs in my browser is javascript. I have privoxy configured to specifically block every ad site using tracking cookies as well.

Re:There's a simple solution to this..

[nyseal]

"Just don't use Windows or IE"......now THERE'S something new for slashdot. Sheesh

pollution

[wobblie]

the only effective way to combat this is to pollute/crapflood their databases, in a massive sustained effort. A DDos they they are just begging for.

Just how that's done is another matter; but how long will it be before some enterprising young soul comes up with a daemon that generates false information and does nothing but pollute spyware databases? If it can be done with SETI, it can be done here ... the caveat is that the machine would have to be "infected" to do this ...

Re:pollution

[scubacuda]

the caveat is that the machine would have to be "infected" to do this ...

Run it all in VMware.

This would actually be a cool project to do for Defcon. If anyone is interested in something like that, e-mail me: scubacuda#iname-c0m

Re:pollution

[Lehk228]

have spyware emulators so you aren't installing the spyware, but a program which interfaces to the central server as if it was their own spyware app.

Working version

[fuctape]

Working version of the article (for now): http://isc.sans.org/diary.php?date=2004-07-23

make it fun

[zogger]

it's weird but it's hard to get people to download and run antimalware stuff. But they WILL download and run other things, so, I got an idea, code one of those anti virus anti malware things so it works like a video game, you hunt and destroy the individual malware doodads graphically.

Re:make it fun

[40000]

Since many computer problems are caused by malware, wouldn't it be a good idea if a new application would not install until the crap was removed? This would work better for freeware because there isn't the problem with angry and confused customers demanding a refund when they get scary warning messages. Something like a file sharing program would be best to do this because they usually search your hard disk anyway.

Re:make it fun

[zogger]

every new app would in essence have to be a sophisticated antivir and anti everything else along with whatever else it was supposed to do. If every app did that.... I dunno, seems like the department of redundancy department.

My idea was just like a normal shoot em up video game, little tracking cookies that you (as your selected hero avatar) get to zap are one level of e-vile monster, then it goes up from there. zap bap pow, make it fun for people to hunt down and eliminate their spyware and viruses and whatnot.

either way, however it's being attempted now isn't working to the level it needs to work at, that's for sure. Clued in and caring people do it, everyone else, ehhh. And when you have 50 million "everyone elses" on the net at any one time, or even more, it's always going to be a problem.

Doom 4-search and destroy malware monsters

Just not IE!

[yoshi_mon]

I realize that Firefox and Mozilla get all the glory here on /. due to them being OSS but the bottom line in all of this is just that IE is the one to blame.

I've been using Opera since v5.x and have never looked back. Lately I've seen a lot of improvement in Firefox but they are still playing catchup with Opera.

For whatever reason Opera only seems to get a nod here when it should be getting a lot more but cest la vie. I personally will continue to support Opera until they sell out or whatever but I hope that they, and everyone else, realize that having a marketplace full of a few, maybe even many diffrent browsers will only help everyone in the long run.

Currently I am installing Firefox for people who just need to use anything but IE; mostly end users. For a power user however Opera is the way to go.

Re:Just not IE!

[ergean]

There is only one reason why I don't use opera and I use Firefox about:config

Re:Just not IE!

[Dachannien]

For a power user however Opera is the way to go.

I guess I'm not sure what the difference is between an average Firefox user and a "power user" of the web, then. If there are features that Opera has that you simply can't get in Firefox/Mozilla, you'd do your crusade a service by posting what they are.

Re:Just not IE!

...you'd do your crusade a service by posting what they are.

That would be a long post. If you're really interested, you might want to take a look at 30 Days to Becoming an Opera7 Lover

Re:Just not IE!

[mike2R]

That link looks a little out of date (Firebird era). While I wouldn't argue that Opera was first with a lot of features, I'd be interested to know of any that you can't get on Firefox by installing the relevant extension. And lets face it, Opera does not come close to all the functionality out there in Firefox extensions.

If your saying that Opera is a more feature rich browser that default Firefox, then no arguments there - and I think it's probably something Firefox will have to address in some way to appeal to a broad market - but if you want a browser that does exactly what you want it to do, and you don't mind spending a little time getting it set up, then chose Firefox.

Re:Just not IE!

Does Opera still use the ugly, unintuitive, soul-sucking win95 style MDI, or have they switched to using tabs?

Re:Just not IE!

[NoMercy]

Opera annoys me to hell, as a power user It's just got to much to do, firefox is quick, simple and I can use it fast, very fast :)

Re:Just not IE!

[danila]

Yes, they have switched a long time ago.

Re:Just not IE!

[yoshi_mon]

While Firefox's extensions do allow for many things that Opera does not, not many of them are really what I would consider browser features. I really don't want/need a game in a browser. Uptime tracking is neat but not really essential.

Now don't get me wrong, I just downloaded 9.3 and it looks great. Works great. Updates are coming fast. I would almost say it ties with Opera in total useablity but for one little thing.

F12. F12 is what I mean when I talk about Power Users. Unless I'm missing something in Firefox that allows for this type of functionality when browsing the web then Opera still has a big edge. Being able to turn on and off pretty much everything (GIF animation, sound in webpages, Java, plug-ins, and Javascript) on the fly is something you just can't beat.

If Firefox had that I might be using it now instead of Opera because it's just that good. However until then I've got to stick with Opera.

Re:Just not IE!

[tit0.c]

I`m an Opera user and have tried switching to firefox but it just still doesn`t feel complete.
Just the fact that a simple upgrade will break all previously installed extensions is annoying...

Re:Just not IE!

[iantri]

Well, personally, for me, it comes down to the "style" of browsing, which is a bit different in Opera. Until not too long ago, Opera didn't even HAVE the ability to open multiple windows -- everything is a tab.

Pop-up windows (the good sorts) are also tabs, as opposed to Firefox where they open in their own windows. Pressing CTRL-N opens a new tab, not a new window. Opera was designed from the ground up with the concept of everything being self-contained in the Opera window.

It also has a shitload of really neat mouse gestures, mouse shortcuts and keyboard shortcuts. For example, Holding the left mouse button and clicking the right is forward, opposite is backwards.

It is just a matter of opinion, I guess. Personally, I like Opera better. BTW, do you know if there is a Firefox extension to prevent stuff from opening in new windows? (opening as tabs instead, like Opera)

Re:Just not IE!

[FCKGW]

iantri: "BTW, do you know if there is a Firefox extension to prevent stuff from opening in new windows? (opening as tabs instead, like Opera)"

Yes, there is: Single Window 1.0. It doesn't catch things that the browser wants to open in a new window like the "get more extensions/themes" links, and Ctrl+N still opens a new window. However, things that websites want to open in a new window using "target=_blank" or similar open in new tabs and not new windows.

Re:Just not IE!

[Apathetic1]

I tried Opera and while I was generally happy with it, I still prefer Firefox. Personally I find Opera's interface busy (though not cluttered like, say, Avant). Firefox is straightforward and unobtrusive.

To each his own, though and the more browsers the better.

Re:Just not IE!

[mike2R]

I'd certainly agree mouse gestures are a great invention - personally I use the All-in-One Gestures Firefox extension, but there are others

:)

As someone else mentioned, the Tabbrowser Preferences extension will do what you want in terms of tab behaviour.

Re:Just not IE!

[DMUTPeregrine]

Opera has ads. I don't want to see ads. I don't use Opera. End of story. Well, you can pay to get rid of the ads, but you don't have to pay for Firefox. That's the key, not that you don't pay, but that it's not REQUIRED. I donate. In fact, I donated $50 to the Mozilla Foundation. More than the cost of opera. BUT, it was my choice. I didn't have to. And it's deductible.

-1, Flamebait?

More like, +1, truth hurts.

I want an integrated tool!

[gone.fishing]

I hate spyware. It is much worse than most of the viruses I've dealt with. As a support technician in a large corporation I deal with it every single day. Some days, all day.

I'd love to see a tool that would deal with all security threats to the desktop. A single tool that would protect against viruses, malware and would act as a smart desktop firewall. We already use an anti-span service but I think the tool should do that too. In the workplace it should be centrally controlled and updated automatically. It should report on attemts and allow the networking folks to use this data to stop stuff at the corporate firewall.

While I am dreaming, I think I'd even like to tool to provide a transparent, managable method of deploying service packs and patches to the desktop (although that is I admit probably better seperately with software deployment tools).

I suppose the server boys would probably need a tool to keep those back-room boxes squeeky clean too. Maybe a special server version of the same software could be slapped on those bad-boys.

I understand why companies are reluctant to share data but in the case of "common security threats" I think that an exception should be made and an automated but monitorable system of threat identification and reporting should be built into the software so as soon as a new threat is identified it can be made available to everyone using the software.

Then we can all cooperativly figure out who is doing this and we can publish that information somewere (like slashdot?) and we can provide them with a little justice!

Re:I want an integrated tool!

I'd love to see a tool that would deal with all security threats to the desktop. A single tool that would protect against viruses, malware and would act as a smart desktop firewall. We already use an anti-span service but I think the tool should do that too. In the workplace it should be centrally controlled and updated automatically. It should report on attemts and allow the networking folks to use this data to stop stuff at the corporate firewall.

While I am dreaming, I think I'd even like to tool to provide a transparent, managable method of deploying service packs and patches to the desktop (although that is I admit probably better seperately with software deployment tools).

I suppose the server boys would probably need a tool to keep those back-room boxes squeeky clean too. Maybe a special server version of the same software could be slapped on those bad-boys.

As 500 /.ers are currently pointing out, it's called Linux.

Re:I want an integrated tool!

[scubacuda]

If only it were *that* easy....

Re:I want an integrated tool!

I think the integrated tool you're looking for is called "properly configured Linux". (Or BSD.) Note the qualifier; I'm not advocating security by smugness like people who have never done a proper security audit of their Linux boxes.

Re:I want an integrated tool!

[blowdart]

You support a large corporate network that allows their users installation rights (face it, most spyware doesn't install unless you have rights to install BHOs, ActiveX controls or other rights)? You work in a large corporation who runs a windows network and doesn't know how to push patches out over AD, or the nicer 3rd party products out there that do it?

What's your ticker symbol, because I don't ever want to buy stock in a company that can't run a network properly.

Re:I want an integrated tool!

I don't ever want to buy stock in a company that can't run a network properly.

It's probably Worldcom/MCI/UUNET.

Re:I want an integrated tool!

[localhost00]

I think the integrated tool you're looking for is called "properly configured Linux".

I am not trying to be anti-Linux here, since I am booted into it anyway, but I tend to believe that there is a "properly configured Windows XP" too.

It includes:

All users use a Limited account
The is ONE admin account, to be configured with a red desktop and boring scheme as to place zero doubt that no one is supposed to be there to do anything except to install software.
Except for Windows Update, no user under any circumstance whatsoever should use Internet Explorer in the Admin account.
Zone Alarm
Ad-Aware
XP installed on 4-8GB partition
Documents and Settings redirected to another partition (yes, it is possible with a single reg hack)
Norton Ghost (on a FAT32 partition)
Good copy of System partition image on the FAT32 partition
Any suggestions?

I have a theory that the scumware threat in Internet Explorer becomes extremely inert when someone browses the Internet while logged into a limited account. Can't write to HKEY_CLASSES_ROOT or HKEY_LOCAL_MACHINE. Heck, can't write anywhere on the system partition. Can anyone confirm this theory?

Re:I want an integrated tool!

Any system where someone properly configures it and keeps an eye on it is ahead of the game, regardless of the operating system.

Re:I want an integrated tool!

The answer to all your problems is simply to use Macs instead of Windows. Windows comes part-and-parcel with all that spyware crap; OS X doesn't. Take your pick, and don't complain when you reap the consequences. :/

Re:I want an integrated tool!

[gone.fishing]

Our remote people who never go into an office (who we have well over a thousand of) have admin rights on their boxes and many (because of their location) do not have broadband service. This makes it near impossible to push out patches to them. We send them updates via CD as needed (which is too often in my book). They are the ones who get severly infected with spyware.

There are some malware that get into boxes that have less than admin rights also. This even happend to my kids at home over the weekend - and they only have user rights and the box is patched with everything except for last weeks patch!

Startup Cop

[blackmonday]

There's a really nice tool on the net called startupcop that was made by the ZDNet people, released, then dropped. You can still find it on google as "startcop.zip". It's a nice program that shows you what starts in Windows when you boot. My friend had about 60 different adware/spyware programs on his machine. I was able to remove most of them except for this pesky TV something adware which would not uninstall. And something else, there's some other kind of app that won't let adaware or spybot run. Its a giant pain in the ass, my friends PC is unusable, eve with Mozilla, and he ahs a $50 a month broadband bill. The sons of bitches who make these programs need to be put in jail. There, now i feel better.

Re:Startup Cop

[AndroidCat]

If you're using Spybot - Search & Destroy, make sure you have it set to Advanced mode rather than the default. Then you get a Tools option in the left-hand selector bar. Open that up, and there's whole pile of tools and reports, including startup and BHOs.

Re:Startup Cop

[thatiger]

U think that's bad, I had spyware and two viruses that prevented me from re-installing windows XP three weeks ago until I spent my day figuring out how to remove them. It is a major pain and I really would like to see a real effort to make these spyware authors pay for what they put people through

Re:Startup Cop

[Electrum]

I had spyware and two viruses that prevented me from re-installing windows XP

Umm, how does spyware or viruses prevent you from booting off the CD and reinstalling?

Re:Startup Cop

[Jade+E.+2]

this pesky TV something adware which would not uninstall

OK, here you go, JD's quick guide to removing hardened spyware, such as TV-Media (tvm.exe). (This is mainly for stuff that the spyware removers can't delete, or that won't let AdAware and it's friends run.) This is even maybe a bit semi-on-topic, wow.

First, get HijackThis. If you're not very familiar with windows internals, run it on a couple clean systems to get a feel for what should be there.

If it isn't being blocked by some really nasty spyware, AdAware or one of those is a good first step to remove the easy stuff before you tackle the hard stuff.

Now, run HijackThis on the infected computer. It will take some practice to learn what is bad and what isn't, but some things will be obvious. In the case of TVM, there will be a startup item (O4 iirc) for tvm.exe, a URLSearchHook for tvmbho.dll, and a bunch of BHO entries for randomly named 'ms????.dll', and possibly a few more dlls in the system32 directory. (I havn't personally ever seen a valid BHO entry, but YMMV.) The important thing to do here is to make a list of files to delete in the next step. At this point you can check the suspicious entries and click 'fix', then re-scan the computer and see how many of them come back. In the case of TVM, several of them will, most notably being the tvm.exe startup item. Killing tvm.exe won't help with this, either.

Now, on to removing hard files. In this case, tvm.exe is hard because it loads with explorer so it's always 'in use'. A couple of the ms????.dll files are hard because they are in use and/or get replaced on reboot by tvm.exe if they're gone. There are three methods to remove these.

First, safe mode. This is easy, albeit time consuming waiting for reboots, but doesn't work for all files. (In TVM's case, it works.) Just reboot into safe mode and delete each file on your list, then use HijackThis to remove the registry entries.

Second method. Faster if you're a decent typist, works for files (like tvm.exe) that hide their process inside explorer.exe so you can't kill them. Open a command prompt and task manager. Use task manager to kill any visible tvm.exe (or whatever) tasks, then kill explorer.exe. Your shell goes away. Use the command prompt to delete the files, then run HijackThis and remove the registry entries. (You can re-run explorer from the prompt when you're done.)

Third method. Slow, complicated, but works for files that can't be deleted by either of the other two methods. This method also works remotely through most desktop-sharing type connections, unlike the other two. Once you've figured out where the files are being launched from (HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n in TVM's case), open regedit and go to that key. (NOTE: If you're using windows 2000, you'll need to use regedt32 instead of regedit, but the rest of the process is similar) Click on the key (The entire folder, not the individual entry) and choose permissions from the file menu (or right-click menu in XP). Now you need to deny access to everyone for that key. If you're not familiar with permissions, the exact steps are to click 'Add', type 'Everyone' as the name, hit 'OK', hit 'Advanced', highlight the 'Everyone' entry and hit 'Edit', then check the 'Deny' column next to 'Full Control', then OK out. Reboot. The files won't load (and neither will and of the other startup items in that registry key), so you can delete them and run HijackThis freely. When you're done, run the registry editor again, and in the permissions window for the key in question just click on your 'Everyone' entry and click 'Remove', then reboot one more time.

Hope that helps, and good luck.

Re:Startup Cop

[t_allardyce]

You re-install windows by booting to fdisk or a similar program, then you select your partition and hit delete and then recreate it, then you put your windows disk in and install. With windows this is needed about once a year for the OS to remain useable. As soon as its installed you want to get the latest patches and fixes and service packs from another machine (or get them before you re-install) if you can and delete all the short cuts to IE, then install firefox or opera and your problems are solved. I would really like to see Microsoft forced by law to admit that their software is full of bugs on the box in big letters - just like "smoking kills" on cigarette boxes.

Re:Startup Cop

[vonsneerderhooten]

Another method that i've found to work well is to rename the parent directory. The files are still loaded into memory, and therefore stay happy because they're running. Reboot, and Shift+Del.

Re:Startup Cop

[thatiger]

I wasn't able to boot from the XP setup CD at all. After the viruses were cleaned, I was suddenly able to bood from CD and re-install. I believe that's more than a coincidence.

firewall

[zarpa11]

I have BlackIce PC protection for my firewall, and it has a feature to block unknown programs from running. A pretty good defense against spyware (and viruses for that matter), eh?

Re:firewall

BlackICE is worse than no protection at all. It doesn't even attempt to stop the activities of spyware/malware while leading you to believe that you are invincible. http://www.grc.com/lt/leaktest.htm

Use AVG and Spybot S&D along with TPFW(Tiny Personal Firewall).

How about fixing the user...

[Phil+John]

...since it's always the same one beat it into him with a clue-by-four.

Thats so evil

[xmorg]

That is so evil. I feel so sorry for Windows internet explorer users.

OT: MyDoom & Yahoo

[betonme]

I noticed that it Yahoo Mail was really slow this morning. Where they getting flooded by infected windows machines?

I avoid spyware by...

[vudufixit]

1. Not visiting porn sites 2. Not going to the default homepage network 3. Not downloading and installing Kazaa or PTP apps of that ilk. 4. Not clicking on any popup or banner ads 5. Never agreeing to install any software as a result of visiting a web site, unless it's Macromedia, Apple or Microsoft. I still run IE, and I have a bare minimum number of XP fixes.

Re:I avoid spyware by...

Then you are gonna get it eventually!

You really need to take a look at some of the vulnerabilties in IE. You don't have to click any popup or banner ads; they can install whatever they want just because the ad popped up in the first place. Did you RTFA? This particular spyware infection started by opening a popup frame that was 1 pixel by 1 pixel; you wouldn't even know that something had popped up, let alone have to click on it. Then it used a .chm exploit that looks like it opens whatever page the spyware writer wants! You don't have to browse to porn sites; they will do it for you! Then it gets around to resetting your home page to whatever the author wants; this could certainly be a porn site, too. And it goes on and on...

Look, the most telling quote in the whole article is: ...you may be the one that plunked down a grand at your local consumer electronics store to purchase your PC, but THEY own it.

and it is strictly because you are running IE and Windows!

Re:I avoid spyware by...

[Akimotos]

You can get so muuuuuuuch more fun out of the internet by just using a real browser ... or even better: a real operating system. Try OS X with Camino. You'll love it and as an extra bonus: you can also visit your porn sites again and your neofascistic material. Wow! You must have known that this was coming. Now, troll me :)

Re:I avoid spyware by...

1. Not visiting porn sites 2. Not going to the default homepage network 3. Not downloading and installing Kazaa or PTP apps of that ilk. 4. Not clicking on any popup or banner ads 5. Never agreeing to install any software as a result of visiting a web site, unless it's Macromedia, Apple or Microsoft. I still run IE, and I have a bare minimum number of XP fixes.

6. Do not run with administrative privileges.

Re:I avoid spyware by...

[vudufixit]

I actually do run Mozilla Firefox. My only point was that most of the spyware problems are self-inflicted (porn, reckless clicking, kazaa usage).

Re:I avoid spyware by...

[Akimotos]

So very, very, very right you are.... having this same argument in a Dutch newspaper right now about 'stolen' creditcard info. My statement is that all those losers who like clicking on everything that is 'free' shouldn't blame their creditcardcompany when all their personals show up on the internet....

Re:I avoid spyware by...

Unfortunately - your "feel good" posting doesn't even pass the "mustard test".

1: Not visiting porn sites.
BARMP!!! Does the 'look-a-like' Yahoo site look like a pr0n site to you?

2: Not going to the default homepage network.
Thanks for playing! Your default homepage doesn't matter an iota.

3: Not downloading and installing Kazaa or PTP apps of that ilk.
Obviously you've never heard of Web Bugs .

4. Not clicking on any popup or banner ads.
Goto #3.

5. Never agreeing to install any software as a result of visiting a web site, unless it's Macromedia, Apple or Microsoft.
Just not getting it are we? Goto #3.

Your Internet experience of "ignorance and bliss" is just that. This stuff is out there, it's rampant and guess what.... it thrives because of the ignorance/bliss/don't care attitudes of people like you. PERIOD

Wake up! One of these days - you'll find your computer and all the real value (DATA) destroyed or worse STOLEN because of this menace.

Mod Parent Up

> Why is it that "the authorities" are interested in subpoenaing the addresses of filesharers, but not illegal malware scammers?

The perfect question.

Re:Mod Parent Up

[2TecTom]

The perfect answer is because we are too afraid to sacrifice our security, therefore we are unable to earn our freedom.

Of course, it's just way too easy to blame others. Just remember that, the next time you sell out by working for or purchasing crap from corporations.

We're here, because we deserve to be here. It can't change if we don't.

Sysinternals autoruns

[teridon]

Sysinternals provides an array of tools for monitoring your system. e.g. Autoruns provides the same info as startcop. Filemon shows all filesystem activity, in real-time, with optional filters. I use it, in combination with the registry monitor regmon, to monitor software installation.

alternate method

[robogun]

Pull the drive & scan + wipe it with another computer.

As an IT Consultant, this is a huge problem.....

[djhankb]

For my clients, many of them have spent 1000's in my time repairing these issues. I can't say that it's bad for *my* business, but for them... Many are tired of paying for me to be the network Janitor. And I am with them.... Being the Network Janitor isnt much fun.

On the flipside, a simple solution that I've been implementing, is a simple linux box, setup as a transparent proxy, using Squid, with DansGuardian (a pay-for product) doing content filtration, as well as stopping Active-X controls dead in their tracks.

This has proved to be very cost effective, around $300-400 in my time to setup, and stops the junk dead.

Perhaps some other IT managers can put this software to use.

-H

War on Spyware

[jmenon]

There are many possibilities. One would be to make spyware a Homeland Security concern. Maybe your anti-malware can rewrite parts of the spyware that cause it to ask for funding for certain terror operations or something. That would be a very painful bite back. For example: "Welcome to Internet Optimizer. To give money to al-Qaeda, click here." (If it is illegal to include the previous quote, moderators, please edit.)

The basic idea is to rain hell on all spyware apps so it becomes a national security concern to stop people from making it. Raises the ante for the spyware makers, don't you think?

We need a way to make it too expensive a prospect to even consider. Call it the "War on Spyware." I think the challenge of this could even attract some of those virus makers to redirect their energy.

Re:War on Spyware

Ho, ho, ho. And how long do you think when you hack into someone's computer and put that link up, before The Man bludgeons you with the infamous Getaclue Stick? They'll go after you, not the malware guy.

System Safety Monitor

[Vega043]

Or how about System Safety Monitor... Everytime a program wants to start it will give you a notice and it keeps track of authorized programs through md5 checksums.
Great to prevent dll injections and keep your system clean. At least IMHO.

REGMON and FILEMON

[Wolfier]

If you're a Windows user, I suggest you go to:

SysInternal

To get utilities like REGMON and FILEMON.

While people has used them for other purposes (for example, figuring out where sharewares store dates), they can useful tools against spywares too.

Run them before doing anything you think MAY be dangerous, and you'll be able to see spyware activities right in front of your eyes.

Re:REGMON and FILEMON

More important question: will they Digivolve into FIREWALLMON?

I had high hopes for Opera

...versions 2 to 5. But, each time I tried it I was met with odd behaviors. One key bug in the UI (with certain options enabled) that I reported several times starting with version 3 was never fixed. I lost interest. But when Phoenix/Firebird/Firefox came out, it answered 99% of my desires in an alternative browser. Extensions have provided another .5%, already.

About Opera--Switched 3 days ago

[jmenon]

I moved to Opera three days ago after finally getting cheesed off with having IE launch spyware apps and then crash virtually every time I opened it.

I have the free version right now, in which I can even choose whether I prefer Google ads or big, noisy banners. I went with Google, since I am a Gmail fan anyway. One of my friends thinks I am a wuss for thinking this, but I actually like the text ads by Google. They are becoming familiar, and they virtually disappear on the Opera interface unless I need them, and then they are actually relevant!

What I like best about Opera is, well, many things:

1. Never had a popup since I have used it.

2. Easy to read RSS feeds, including a customized Opera newsfeed that brings Slashdot, Salon and some other feeds together as one.

3. Easy password fill-in (I know IE has something like this too, but I just never trusted it, given all the security holes.)

4. Easy, comprehensive toolbar customization. You can also customize your menus and toolbars with single-click "Setups". The toolbars are also far more intelligent than IE. You can set them to appear only when you need them, like the download status bar, which disappears as soon as your page is completed.

5. I imagine the mail and newsgroup features of Opera are also excellent, although I am married to Outlook and don't intend to switch.

6. Not the least important thing is that the design of the interface shows some visual design sensibility; a trained graphic designer of two must have actually designed it!

Basically, it feels like a much more sophisticated, softer Internet experience. I have Firefox installed as well, but mainly for testing my Web pages. It seems too simplified for me. I like complex but well-designed interfaces.

Are there rumours about Opera selling out? If so, I hope Google buys them (and then makes Gmail Opera-compatible.)

Opera & Google, Spyware ?

Where to draw the line ?, The Opera webbrowser sends all your browsing requests straight to Google !, so does the Google task bar !, it's stated fair and square right there in the ClickWrap Terms, but do people really know ?

Opera = Spyware

Hey !, you do realize that Opera sends every http:// request you make to Google and that about 5 minutes later the pages are crawled by Googlebot ?, so i don't know if switching to Opera has exactly liberated you from spyware... im sticking with mozilla...

Re:Opera = Spyware

If you choose to not buy Opera and instead view Google ads to support it it will indeed send off your http info to make the Google ads targeted.

In that sense Google itself is spyware because they are, undoubtably, logging your IP when you use it and then are targeting ads for you on the resulting search page.

I removed 15 spyware apps from 1 computer yesterda

I removed 15 spyware apps from 1 computer yesterday. This poor souls computer was his payroll, accounting, business documents machine for his business. He ran some no name spyware remove tool and it shredded his machine so bad that every time you start IE. The IE would generate a runtime error before the user interface was shown. His machine also had 2 976 dial programs attempting to dial asian countries. At home he had the same happen to his home computer that was connected to a telephone modem. This machine actually did dial out and ran up a $2000 US phone bill. I Cleaned his machine with SpyBot Search and Destroy, installed SpyBlaster to shield future attacks, and installed Firefox.

"... the computer don't get as much spyware now...

Any idea how that spyware still getting in?

Re:Green, Yellow ....Stupid

To put an end to this......

Before posting please proofread for mistakes. Some articles dont need to be proofread though, they need to be foolread for stupidity. Other articles need to be censored.

By Prince of clowns.

Re:also

[BitterAndDrunk]

Tabbrowser Preferences extension allows you to change your preference to open all new windows in tabs as well.

Lots of other nifty menu options for this one within Windows as well. Doesn't seem as robust on my linux box but that's probably due to my ignorance, not the extension.

Re:I removed 15 spyware apps from 1 computer yeste

His machine also had 2 976 dial programs attempting to dial asian countries.

Wow, that's a LOT of dial programs. ;-)

Re: some one make GOOD spyware that helps please..

[cheekyboy]

Why cant the ISPs just block all those dodgy sites, how hard is that? At least easier outside USA since they cant get sued for blocking.

Second, someone make a .exe that kills all processes that are dodgy, like iexplore.exe :)

Someone make some 'spyware' that actually kills other spyware and cleans your system, patches it with MS updates, and downloads mozilla in the background and quietly replaces IE, even the .exe

So copy those dodgy websites methods of 'infestation' and make it infest firefox :)

You don't need to hack the registry...

[Ayanami+Rei]

To redirect Documents and Settings to a drive. You can use gpedit.msc and/or tweakUI to handle that (on a per user basis even).

Easier solution would be to use the "mountvol" command or Disk Management and mount a partition directly on your Documents and Settings folder. Then C:\Doucments and Settings\ is actually a seperate filesystem you can backup, restore, etc.

Re:You don't need to hack the registry...

[localhost00]

To redirect Documents and Settings to a drive. You can use gpedit.msc and/or tweakUI to handle that (on a per user basis even). Easier solution would be to use the "mountvol" command or Disk Management and mount a partition directly on your Documents and Settings folder. Then C:\Doucments and Settings\ is actually a seperate filesystem you can backup, restore, etc. Except that Documents and Settings would have to be an empty folder to be able to mount a partition to it. Besides, I am the user who likes to sometimes type out command lines. Who has the time to type out "C:\Documents and Settings\Owner\My Documents\" when you can type "C:\Home\Owner\Documents\" instead? (C:\Home is a mounted partition on my box, BTW)

Re: some one make GOOD spyware that helps please..

[bhtooefr]

I don't think censorship by a third party is a good idea.

Killing iexplore.exe does nothing if it's not running, and killing explorer.exe does nothing because Windows makes sure that it stays running. Replacing iexplore.exe does no good - If you've got a Windows 9x/Me/2000/XP install that you don't care about, and have IE 4 or greater, delete iexplore.exe (or rename it to iexplore.del or something). Reboot even, I don't care. Now, go to My Computer or anywhere that Windows Explorer gets used. If you don't see an address bar, right click in the toolbar and turn it on. Now, put in a web address. Deleting iexplore.exe does nothing productive, as Windows Explorer still functions as a web browser, with 100% of the functionality (and an identical UI) to iexplore, because it IS Internet Explorer.

strace for Windows

[robert_020202]

I am just wondering whether there is a strace like program for windows. Attach it to IE, and log all system calls (Win32 API), such as file system operations, registry functions, spawning of child processes, and so on. The usefullness of this tool is obvious.

How to secure IE from ActiveX and VBScripts....

[iamcf13]

Don't want to part with Internet Explorer?

Below is two procedures to better secure the browser and your computer system from all sorts of malware and cracking exploits.

open up all vbscripts in notepad:

open My Computer/Explorer (not IE)

click tools/folder options/file types/select vbs extention (or other harmful webscript extensions)/change/open with/other.../navigate to and select notepad.exe in your windows directory (usually c:\windows or c:\winnt)/open/ok/close

disable ActiveX (and better secure IE):

start Internet Explorer/click tools/internet options/security/internet/custom level/disable all ActiveX options/disable java (no more popups!)/disable IFRAME program launching (no 0wnage!)/disable paste option via script (no 0wnage!)/ok/ok

For safety, reboot your system immediately after doing the above tasks to make sure all your changes take effect on your next computing session after the reboot.

You have effectively made Internet Explorer as secure as Firefox and Opera. There are some caveats though:

Your are warned by IE with a popup dialog whenever a website tries to send an ActiveX object. The attempt is blocked but the dialog boxes can become annoying. There are still some security issues such as the %00 URL trick used by scammers to attempt ID theft so be careful....