Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Spyware Inferno

Posted by michael on from the where-wise-men-fear-to-tread dept.

An anonymous reader writes "Ever thought there should be a scale for quantifying the evil Spyware does? In an editorial article at news.com.com, a Silicon Valley Venture Capitalist uses the levels of hell in Dante's Inferno to do just that. The article also goes into depth on how vendors, and Claria in particular, make money - of particular interest, 31% of Claria's revenue came through Overture. This may explain why Yahoo took so long to list Claria as Adware in its anti-spyware toolbar."

13 of 437 comments (clear)

  1. Remember Kids... by romper · · Score: 5, Informative

    Claria is Gator is Spyware.

    --
    Right is wrong when left is right.
  2. IDS's by kc0re · · Score: 5, Informative

    I run IDS's for about 9 different Class C's and a handful of Class B subnets out there. I would say Gator, (to include all of it's baddies, stuff like, PrecisionTime and PrecisionDate), are about 60% of the signatures that alert on those IDS's. Not much I can do about it except report to the SA's which in turn choose to ignore me or run with it, but malware in general is becoming more of a prevalent problem. And frankly it's annoying.

  3. Helpful tools by zokum · · Score: 5, Informative

    We all know spyware is a fucking waste of both resources and internet bandwidth, please do everyone a favour and install either Ad Aware from http://www.lavasoft.de/ or Spybot Search & Destroy from http://www.spybot.info/.

    If you happen to run an OS where these aren't supported (everything but win*) just ignore this post :-).

    --
    Rest in peace Malin "looxn" Kristiansen. We miss you...
  4. Re:It's not just the shady companies by VAXGeek · · Score: 5, Informative

    Removing the Quicktime task is really pretty simple.

    1) Find qttask.exe
    2) Rename or delete.

    Disable Real's SmartCenter by right-clicking on the real icon in your system tray (bottom right hand corner of the Windows screen) and select Disable Smartcenter.

    Hardly "digging".

    --
    this sig limit is too small to put anything good h
  5. Re:It's not just the shady companies by throughthewire · · Score: 5, Informative
    I had to grin when you referred to the tray programs as TSRs. You've been doing this awhile, eh?

    One little utility I find helpful is Mike Lin's StartupMonitor. It hollers at you whenever something (AIM, Real, Quicktime, etc.) attempts to register an executable to run at startup, and allows you to approve (or more to the point, deny) the attempt. Useful and educational!

  6. My Spyware Experience by BlueOtto · · Score: 5, Informative

    As the Intern/Pc Support Help Desk guy at my work, I'd estimate that about half of the problems here are a result of spyware. However, I have a process that works MOST of the time to totally eliminate it it from a computer. It takes time (usually around 30 minutes), but being totally thorough makes sure that one piece doesn't get left behind and bring everything else back. This is what I do:

    -Run AdAware and Spybot Search and Destroy (get latest updates!)
    -Run CWS Shredder
    -Run HiJackThis and locate all curious entries and remove them
    -Run msconfig.exe and clear all suspicious or even borderline suspicious entries from startup
    -Check running processes for suspicious entries (doing this a lot makes you familiar with what is good and not good. Stuff like WhatsUp.exe -- usually bad. Or WJLHOWPDMNW.exe)
    -Try to kill the processes, and then locate and delete those files. If you cannot delete them or end the processes, write them down and boot into safe mode to delete those files
    -Finally, check Program Files for suspicious folders. That's where much of spyware hides. Apoint2K and and search bars and anything else are BAD!

  7. Re:It's not just the shady companies by Octos · · Score: 5, Informative

    Uhhhh. Did anybody in this thread bother to check the program preferences?

    In Quicktime preferences: uncheck "Quick Time system tray icon" and it will never come back.

    I haven't messed with Real player in a long time, but I recall a similar option being available if you right-click the tray icon, possibly in a preference panel.

    I'm sorry it's so easy.

    --

    "I am not a number! I am a free man!"-- The Prisoner

  8. Re:as long as spyware actually does something by Wescotte · · Score: 4, Informative

    Just toss up a link that opens www.weather.com and puts in their zip code for them.

  9. Re:It's not just the shady companies by Schmucky+The+Cat · · Score: 4, Informative
    There are several good suggestions here on how to disable recurring apps. Here are mine.

    Set NTFS rights to the file to DENY for yourself or some subgroup. Deny rights take precedence.

    For executables, setup a software restriction policy, (start, run, secpol.msc) that disables based on the path. Just enter the exe name or it has a nice handy browse button, but the path also accepts wildcards and environment variables. (Don't tell your netword administrator this, but putting %logonserver% in here prevents those annoying domain logon scripts.)

  10. Re:Where do you draw the line? by afidel · · Score: 4, Informative

    You don't have to bury it in the EULA and install spyware through the back door to do ad supported software. ICQ, Opera, and many shareware products incorperate ad sponsorship into the product in a manner that most users do not find offensive and which does not completely destroy the usefullness of the computer on which it is installed.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  11. Re:What defines the circles? by knarfling · · Score: 4, Informative

    There is a .pdf file listed in the article. Downloading it shows Claria belongs in circle 6, The Heretics. Browser hijackers are circle 7, The Violent. Software that charges you without your knowledge is circle 8, the Liars, and software that tracks you keystrokes or transmits personal information belongs in the lowest of the low, The Betrayers.

    --
    Great civilizations have lived and died on false theories. Don't mess up mine with a few facts.
  12. Recovering from Spyware. by Alien54 · · Score: 5, Informative
    Spyware removal can be a pain. Here is a repost of something I posted earlier, along with some added details
    He went down the merry path of trying to rescue the system in order to keep customer data intact. The story is typical of someone who is entering the fray without have their tools prepared in advance. The solution always looks easier than it really is.

    In his case, he needed

    • a CD with all of the relevent tools and updates
    • a windows boot disk with CD support
    • an understanding of the windows command line in order to copy a subset of these tools to a convenient folder on the hard drive from the CD
    • The knowledge to run these tools from Safe mode, and how to get there in the first place
    • Include in the subset of tools one that can fix the broken LSP setup.

      [LSP or Layered Service Provider is a piece of software that can be inserted into the Windows TCP/IP handler like a link in a chain. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, rendering the user unable to access the Internet. Spyware is good at this, and some cleaners leave a broken LSP behind.

      With the correct tool, the fix takes seconds. Without the tool, you need to uninstall and re-install the winsocket, or else the same with the entire network support. Otherwise you fall into the trap this poor bloke got into.]

    tips - I deal with this stuff all of the time. The best data on this stuff can be found in articles at spywareinfo.net - the forums are not bad either, although spywarewarrior.com also has good forums. also good to have is this list of known rogue spyware cleaners [spywarewarrior.com], along with this list of Anti-Spyware Orphans & Outcasts [spywarewarrior.com]

    My current recommended free antivirus is Avast! Home Edition [avast.com], which is very low maintenance for the home user, and requires registration for the free license. It also protect a number of common Instant Messenger clients, as well as several common P2P clients. It is better than AVG in my opinion, and detects many trojans as well as spyware.

    You can get a system that is so hosed that it will not boot, not even into safe mode, even under XP. The solution there to remove the hard drive, drop it into an external drive enclosure, and hook it up to another system where you can use scanning software to do a basic clean so you can boot in the original configuration. Once it boots you can install cleaners from safe mode, and then run cleaners from inside every user account. Note that you still need to run the clean from inside each user account because otherwise things will hide in the seperate user folders.

    Re: the LSP chain break -- HijackThis can sometimes fix it. Otherwise, Spybot can fix it. Xblock will also fix it. [xblock is an excellent first pass cleaner, with a freeware version available). (Spybot second, AdAware third)I always use more than one scanner, and scan multiple times.] Immunisers such as SpywareBlaster are also nice. All of these packages are mentioned at spywareinfo.com, which sometimes goes under due to DDOS problems from people who do not like the services they provide. (insert obligatory plug for someone to help them out, one way or another.)

    --
    "It is a greater offense to steal men's labor, than their clothes"
    1. Re:Recovering from Spyware. by Alien54 · · Score: 4, Informative

      Unless your windows back is infected, which often happens. Often the buggers will be in there for several months, which means that your backup is infected, even if ghosted.

      --
      "It is a greater offense to steal men's labor, than their clothes"