Slashdot Mirror
Every 5th Call At Dell Is Spyware-Related
prostoalex writes "Financial Express quotes a Dell executive saying that spyware is installed on roughly 90% computers out there. Right now 20% of all Dell phone support calls are spyware-related. University of Washington research this March published a moderate estimate of 5.1% PCs running spyware."
I think it's probably somewhere in between 5% and 90%...
According to Dell, 90% of the computers out there have spyware installed on them... the other 10% are Macs and machines running *NIX. :-P
This is Dell(hi). We are not able to being helping you with Spyware this time. Your Dell service is not including that. Do not be cursing at me, sir! Your attitude is having me upset! You must be finding a local person to be helping you.
In that case, Dell should make available for download a "patch" that will scan for known spyware and remove it...
i work for a smaller isp and our ratio is probably a bit higher than this...and if its not a "i have too many popups" then its a "i can get on but cant go anywhere and half the time those end up being fix by runing spybot/adaware/hijackthis/cwsshredder...
If Dell pre-installed less spyware, perhaps they'd get fewer calls.
Or, if they pre-installed Linux there'd be even less (unless you count up-to-date/rhn as spyware).
Or they would if this were really a problem for them. Makes one wonder.
Of course, it doesn't help that the Dell website has a popup message proclaiming
"SPYWARE DETECTED ON YOUR MACHINE! CLICK HERE TO REMOVE!"
After which, the user proptly clickes there to install the spyware...
(Ok, I don't know if the Dell website really has a popup like that, but I have no reason to believe it doesn't, and I sure ain't going there to check it out)
Ohh look, the sky is blue! And my water is wet!
... and that would be limited only to Dell customers under warranty or some sort of service package who actually bother to call for support. I would consider it safe to suspect that the actual percentile of spyware infested PC's to be more on the order of 60-70%.
Remember, people only call when they are aware of a problem.
And even then, most people will "get by" until the problem is so pronounced they are forced to do something about it.
Alright, I'm just some guy who fixes computers for friends occasionally, but I like statistics too. When my friends call me a geek for using Linux, I always retort "Guess when the last time I had a problem with spyware?"
I think Dell is going to do some small case studies of selling the average user a machine loaded with linux and see if it becomes cheaper to support them.
From the article Spyware-related phone calls now make up as much as 20 percent of all help calls, compared with just 1 percent to 2 percent in August, 2003
Is this because users are now more aware of the existance of spyware, rather than the actual 19% increase?
For instance, in 2003, Joe-granpa probably didn't know/care why his modem's blinking non-stop, but he does now.
Rock that crushes, Paper & Scissors that don't matter.
Comment removed based on user account deletion
90% may be high. 5.1% is ridiculously low.
90% of Windows machines connected to the Internet is absolutely believable. I don't know anyone who hasn't gotten some. I've never had a virus on any machine, but got spyware on a Windows box by accident when the little "yes/no?" box pops up while I'm typing in a password (hit enter just at the wrong time...)
Windows XP includes may common features with spyware:
* slow down the systems
* phones home to centeral servers
* long click though eula the nobody reads
* pushed on unwitting consumers
* claims to improve system security
* only avaliable on PC
It's public awareness. Is there some sort of law that says common publications have to report technological problems to the public 4-5 years after the nerds, geeks, dweebs, and dorks came to a consensus?
Those 5.1% refer to the amount of infected boxes on the uni campus, which is quite a bit removed from the joe user home computer, not in the least because of usually a more or less capable admin surveying things, and the amount of unix/linux/mac machines might be higher than in households too. Therefore those 5.1% are just an observation and not an estimate of real world infection rate. on the other hand 90% does sound quite exaggerated...but i'd not say it is impossible, even though at slashdot it is hard to believe that there are so many other users out there who don't keep two eyes on their running processes...
... and get rid of it if you do...
Spybot Search&Destroy http://spybot.safer-networking.de/
and Ad-Aware http://www.lavasoftusa.com/software/adaware/
BTW, be sure to update the definitions or you're going to miss a lot of spyware.
They really went the distance to get the results they wanted...
Techs should feel lucky there's yet another thing out there creating a job market for them, whether they're still based in the USA, or shipped off to another country. You know, I thought Dell had the worst Dell tech support for sure, but I had to call Dlink last week to clarify on something, and I got into an argument from India about what was written on the configuration page of a cheap office router. It's up in the air -- The Dell tech couldn't read, and the Dlink tech said what I was reading was not possible. Hrm.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
. . . by the fact that Dell buyers tend to be some of the least computer savvy people. Those who are familiar with Dell's "support" would recommend a local vendor, and those with knowledge tend to build their own machines. Thus, we end up with folks relatively ignorant about PCs and who don't know anyone to steer them clear of Dell. Of course, these are probably the same people who click "Yes" on the dialogs warning them about pornography on their computers . . .
Windows users are really patient to put up with things like this, having spyware invading my computer from time to time would drive me crazy.
i thought dell computers already ship with spyware...
so that means only 10% of the people were smart enough to get rid of them
Calling tech support about spyware?
C'mon! The stuff installs itself without asking confusing configuration questions, runs invisibly in the background, and can't be deleted even if you try, much less by accident. It "just works", and users often don't even know it's there.
It's the ideal user experience. How much easier could they make it? And people still call tech support for help? They obviously must be clueless Joe Sixpacks that just don't understand software.
It's the users' fault.
It didn't answer how many of the computers were infected with any spyware program, just those four.
I went to RTFA, and got a nice fake javascript prompt (XP-looking, of course) in the middle of the window telling me mozilla had successfully blocked a popup.
Thanks for telling me, now I'll never visit that site again.
~~~
In my experience working in AOL the same can be said for customers of AOL UK,
Spyware/adware causes so many problems its not even funny and most of the time its not even affecting the AOL software it affects the way DSL modems connect and webpages are viewed in IE.
Using Linux as a file server at home: Free.
Using Solaris in our data-center: Pricey.
Not having to put up with viruses, zero-day exploits and assorted other bullshit: Priceless.
Apple, Sun & IBM make Microsoft look like the Red Sox, a lot of talk with zero action backing it up.
I like big butts and I cannot lie.
With spyware spreading so rapidly, nearly four users in ten say they feel less secure operating their computers today than a year ago. Huh. A year ago Dell's official line on spyware was that it wasn't their problem, thank you. It's amazing what a difference 40 bucks can make.
Posterity, my posterior.
I run the computer networks for a number of small businesses. We run a variety of programs to keep spyware off the systems. These are less effective than antivirus software.... Approximately 33% of my customers are found to have spyware on a regular basis.
LedgerSMB: Open source Accounting/ERP
Where are the antivirus companies? This shit has gotten to a bigger problem than virii ever were and behaves in much the same way. Still, your fancy $70 "internet security" package won't touch it.
Only in a Slashdot fantasy can a Slackware install turn into several hours of sex . . . . .
I sure hope that spyware is here to stay, I pay my way with this stuff. Hours spent on scans and bench time. tee hee.
Me thinks the creator of spy/malware is a computer grease monkey wanting for a union.
So listen to the, "University of Washington research this March published a moderate estimate of 5.1% PCs running spyware,", because it is true.
I really do know KungFu
1 out of 5 people has no idea how to use their computer.
I see lots of machines with lots of spyware that the user doesn't even know they had.
They only complain when it re-directs their browser or causes it to crash.
As long as the machine is still usable, most users won't even know anything was installed, much less call tech support about it.
If they were worried about spyware, they'd have installed ad-aware and spybot.
I think this more along the lines of an explosion of badly written spyware rather than an explosion of infections.
Hell, I think Dell's 90% is too low!
I service a lot of personal computers for people. I also service several small businesses in my area. Whenever a system comes in for anything, I run Spybot and Ad Aware on them as a matter of course. I find 100% of the computers running IE 6.0 are infected with spyware. That's most of them sice Microsoft has everybody demanding upgrades to run their latest software. I find somewhat less on computers with IE 5.0 and 5.5 and most of what I find on these machines requires some user interaction to load them (i.e. Weatherbar, Hotbar or another BHO). And no, I am not talking about tracking cookies; that's just a fact of life on the 'net now.
The only systems I don't see infected with spyware are the ones that I have cleaned previously and talked the users into Mozilla.
... the computers are shipped insecure by default.
Most of us know that about 90% of Windows's security problems have to deal with the integration of the default browser (Internet Explod^Hrer), running as administrator all the time (it's default in XP Home, but it's not too much a fault of the user, a lot of applications demand admin access), lack of a automatically enabled firewall (although things are different with XP SP2), and all of these extra services turned on by default (cough MS Messenger cough). However, I'm preaching to the choir here. Most of the regular users don't seem to know about protecting their computer from malware and other nasties of the Internet.
The spyware problem will be lessened in two ways: hardware manufacturers shipping anti-malware programs, firewalls, and secure browsers (Firefox, Mozilla, Opera, etc.), and some user education about general internet security. Perhaps there should be some kind of CD that you can get with your computer or at a library or something that comes with adware and spyware detection/removal tools, Firefox, ClamAV, and one of the personal firewalls.
As for user education, there should be a little pamphlet that comes with those CDs about Internet security and what you should do to protect yourself, and the pamphlet should be written in a non-geeky yet informative manner to get users serious about protecting their computers from crackers. The pamphlet should go into topics such as periodic checking of malware and viruses, keeping your OS up-to-date by using Windows Update, running as a regular user for most tasks, using an alternate browser, and using a firewall.
related data: http://yro.slashdot.org/~kmanq/journal/85971 & http://nullvariable.blogspot.com/2004/10/83422785- instances-of-spyware-found.html
Free Google Secrets
I wonder if this policy is still in effect ("Dell To Techs: Don't Help Customers Remove Spyware").
By the way, I love the "Your browser has blocked a popup" image over the article text. Really helps in the journalistic integrity department.
Symantec has manual removal instructions on their site for various spyware programs they don't remove programatically. You'd think their products would do this. They flag the existence of the spyware for you but stop short of removal.
So what gives, why can't spyware be dealt with programmatically like virus's. Anyone?
Perhaps the issue could be that Dell machines ship with spyware like Musicmatch and Real, and only 10% of their customers bother to remove them.
No it's the other way around - James bond, as a spy, wears special computers integrated in his suits.
[cringe] puns...oh the humanity
The only reason I give a rip is because I have relatives who buy these machines and end up whining about it to me. Hmph.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
I currently work tech support for a small ISP, I'd say those numbers are about right, at least that many of the calls we get here are spyware related, some so severely that we have to refer the customer to their computer manufacturer to reformat and reinstall, or have the customer (assuming they are local) bring it in to our office to have it removed.
Many of the spyware programs out there now infect the system so deeply that none of the removal programs will manage to get rid of it, and some of its now being designed with properties of classic "stealth" viruses - ie, so that theres at least some component (usually a reinfector stub) thats not detectable while the process is running (intercepting system calls, etc so that you can't see it by normal means))
The problem's getting pretty ridiculous, and will only continue to get worse so long as we have browsers that treat web pages as if they were executable files, and users that click buttons on dialogs reflexively without even realizing they are there.
At this point, I spend as much as 10 hours a week just on spyware-related calls. That's insane, even with the peanuts I make working at a mom-n-pop ISP, thats real money. Now, if we can just find a way to bill the scumware companies for our time...
The UW numbers are from their own network. I'm assuming that college students & departments are better users than the average dell customer.
Most every pc i help on a personal level someone with has some sort of spyware installed..
On business, even after all the protection we have in place its like 50%...
---- Booth was a patriot ----
Would this be apparently the same mythical 90% of computers that are running a version of Microsoft Windows?
If you read the linked article, they tested that 5.1% of computers had one of FOUR pieces of spyware, based on their NETWORK traffic. They then claim that this means that 5.1% of computers have spyware.
There are tens of thousands of pieces of spyware, many of which don't use or need special network access. The study is bad.
Having dealt with Dell directly on a couple of occasions, they're really bad about support. Aside from that, everybody that knows that will keep from calling just to avoid a native Indian (the country) from telling then to fuck with their registry and whatnot.
/.ers should know that it doesn't really matter the make or model of PC... if it's running Windows and you're on the internet, you're vulnerable. And if you're a curious mother fucker(P2P, Banner Ads, pr0n) you're just comitting your PC to a spyware-y death.
The nice thing is, it's not Dell's problem.
it's Microsoft's.
We
I got nothin'.
... 90% of Personal Computers. And if he really wanted to be precise, he'd say 90% of PCs running Windows. After all, only PC owners running Windows are going to get Dell tech support, right?
Has anyone got any metrics on spyware levels on other platforms?
Crumb's Corollary: Never bring a knife to a bun fight.
Well then they should make a new script for Apu over in Bangalore describing how to install adaware and spybot S&D now shouldn't they? A coworker of mine was telling me how just last weekend he spent over 4 hours on the phone with Dell "support" trying to get rid of this stuff. This guy is a salesman. Having a scriptmonkey reading "reboot holding F8" 2000 times to this guy with a bad accent is about the same as trying to tell Congress that they work for the citizens not the corporations.I say let the Indians have this particular job!
In the near future I predict that computers are going to be treated more and more like automobiles, in that paying for routine maintenance will be pretty much a requirement for all but the experts in the field. Unlike with automobiles, the experts will be able to maintain their software for free, but just about every machine I've seen has some form of spyware/adware on it.
Those of you who say that linux is the answer, I'm afraid you're wrong, at least in part. Unless you lock down a computer so that no software except for that approved by the manufacturer is run (or is crippled beyond even that of a java applet), spyware is inevitable on the machines of the average Joe. Linux may help by eliminating the cost of the software itself and enabling people to pay for support, but support is inevitably necessary if a non-computer expert wants to remain spyware-free.
...I fully concur with that estimation, if not higher.
At least 8 of the 10 computers that I fix follow this routine:
Update and run AV program, if possible.
Install Adaware, update, run.
Install Spybot S&D, update, run.
Run CWShredder.
Fire up a HijackThis! log and manually remove the leftovers.
I'm getting pretty damn good at filtering out the hijackthis logs, too.
Seriously, if you familiarize yourself with spyware removal, you could make a killing on the home PC market. Manufacturers won't help you with spyware. It's getting to the point where the retail chains and PC shops won't deal with it either; they'll simply offer you a format/reinstall.
1) "There, your brandnew PC, spyware & multimedia addons pre-installed, all for free! There ya go!"
2) Set up expensive hotline
3) ??? Profit!
All the other sigs say that this sig isn't a real sig, but this sig says all the other sigs are lying bastards.
Aren't stories like this simply reminding the people that distribute spyware that their attempts are working. We even provide statistics at how far their attempts have penetrated today's computers.
because you can't pawn your tough cases onto Microsoft. A typical OEM support call follows 3 stages: 1) clean boot 2) run Adaware 3) sorry, run your restore CDs or call Microsoft. Plus, there are _tons_ of tricks to getting free tech support from Microsoft, and many OEM techs are happy to let you know what to say/do.
Oh, and if your customers buy new hardware and it doesn't work, you can't pawn them off on the manufacturer (no Linux support, you see). Yeah, hardware Dell didn't sell you isn't supported. Try telling that to the average jerk who just bought a $30 dollar digital Camera. He's not gonna care if you support it or not, and he's just gonna get pissed and buy a Windows PC next time.
You're underestimating the value that $50 bucks buys an OEM.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
But avoiding spyware on the whole is very simple, and comes down to a few simple steps, based on prevention is better than cure, i.e. it's better not to get something bad at all, than to get something bad and then have to get rid of it.
Make sure their computers are behind some kind of hardware or software firewall which blocks all incoming TCP connection requests. Yes, there is more to it, but this one step is a huge improvement on not having a firewall.
Install another browser such as Mozilla Firefox, and show them how to use it. Only use Internet Explorer for specific sites that you trust, if it has to be used at all. Remember that many users need Flash and Java, so consider installing these as well to stop them going back to IE as soon as they hit a site requiring one or the other.
Spend a few minutes educating your users about malicious software. Explain that a computer simply follows instructions with little concept of good or bad, and that it only takes a double click on one file containing such instructions (eg a .exe file) to contaminate the system.
Yes, there's more: software updates, strong passwords, encryption, using more secure software and all the rest of it. Unfortunately most of our users aren't interested in becoming computer security experts. If you can get those three above points hammered in, and let them know that that there is more to securing their computer, you're making a big step in the right direction.
sounds about right..
As far as the tech knows. Do tech support for a while. The company you work for will tell you nothing about when they change the product nor provide any useful training.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
At least, I know what programs are running on my mac and linux.
Why? Because it's such a monumental pain in the arse to get *anything* running on Linux, spyware hasn't got a chance!
I say this as a long-term (>10 years) Linux user. Show me *one* person, just *one* (!) who has built a fully-working Mozilla Firefox from source, and I will give them a car.
When I was a Dell tech, we had to refer to spyware as "third-party software" and we were not authorized to recommend tools for removal. Of course, I would just tell them to run spybot and pray for rain, but if a supervisor would have caught me doing that I'd've likely been fired.
What the hell do they expect to happen, when they won't let the techs solve the problem?
REM Old programmers don't die. They just GOSUB without RETURN.
Ever try removing all of that crap that Dell preloads for their "updates?" Freaking impossible.
This guy is way out there
that 10% of their business now is linux. not bad huh?
... Dell executive is trying to find a way to prevent those 10% morons who keep using ad-aware/spybot after buying those 100% infected Dell machines.
I'm currently working in a tech support call center for one of the Baby Bells doing DSL/Dialup/ISP tech support. I track my calls closely and on the average day, between 1/4 and 1/3 of my calls is a hosed computer, most typically a combo of spyware/adware/other malware. Interestingly enough, it's only Windows machines and of these, almost all are Windows XP.
:)
Never hear from the Mac folks once you get them up and going. Never, ever hear from Linux folks even for setup.
Some of that problem might be relieved. I've had several clients bring in their computers and are told by Dell. "Sorry, Microsoft won't allow us to help you with that. You'll need to take it into a repair shop."
I keep telling my clients to not by name brand crap and they'll be in better shape. Not to mention have an ISP like mine that bothers to TELL you about things and keep you informed via email so you know how to protect yourself.
news.com reports that Dell is supporting spyware education program or would the CNET story explain the article?
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
I have a job fixing computers and lately the business has been booming big time with customer calls coming in because of all the spyware they have. Many don't even know that it's spyware causing their problems but when we investigate it's usually the first thing we find. Often, removing it, securing some holes in their OS (ahem, Windows) etc fixes their problems. Then we give them a lecture on spyware, what it is, how they got it and what they can do to prevent it. Then we give them a $75/hr bill. :)
Anyways, the new tagline for spyware should be: "Spyware, bad for consumers, great for business!"
"If you are a dreamer, a wisher, a liar, A hope-er, a pray-er, a magic bean buyer
HALF of the internet connectivity related issues are spyware releated in that it corrupts the TCP/IP stack and Winsock settings in the registry. Also, we had major problems when people installed SP2 on an infected PC with spyware too.
In fact it's so bad. I have the Microsoft KB article 817571 bookmarked and always open on my desktop for when I take calls.
Life is not for the lazy.
See this forum discussion on BroadbandReports. On my office Dell Dimension 8250, its support program (support.exe) phones home. I consider this a spyware.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
There's one ultra Death Star customer and they got a virus from a security camera server installed by a contractor. ROFL! Soon as they plugged it in it went nuts infecting other machines.
Five percent...hahahahaha!
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
note: I haven't bought a retail PC in years, but this was a VERY good deal.
Damn! I think it's time to go set up some kind of HTML alteration proxy to link the submit button to "preview" instead.
I just spent 2 hours cleaning off spyware (my favorite, No-AdWare).
Something must be done in education land to get people to understand DONT MAKE YOUR KIDS (or idiot spouse) THE ADMINISTRATOR.
This has come up before, and just like last time someone said it, I argued the point.
Education, in a general, overall sense, is *always* the best answer. If you really *know* how to avoid all the problems, then you shouldn't have any of them.
But that's as much a "cop out" as anything, if you're trying to offer up workable solutions to the current spyware/malware epidemic we're seeing on Windows-based machines.
Quite a bit of spyware I've run across initially gets on machines because users installed an otherwise legitimate piece of freeware that was bundled with a few hidden "gotchas". Worse yet, many of these "more than you bargained for when you ran setup.exe" programs know how to download additional trojan horse virii and spyware. So all it takes is a user mistakenly deciding to download a p2p sharing package like BearShare or Kaaza, or perhaps even a nifty-looking waterfall screen saver, and a few weeks later, the computer is infested with hundreds of things and rendered unusable.
When you've still got plenty of people just trying to learn the basics of getting on the Internet and sending relatives/friends email - you can't realistically demand that they memorize a complete list of known "bad to download" free programs that include bundled malware!
I do on-site PC repair for a living, and believe me - for every 1 person who obviously has spyware/virus problems from surfing porn sites and trying to download "warez" from the web, there are probably 10 who are just retired folks, doctors, lawyers, or college professors who tried really hard not to open email from anyone they didn't know, etc. etc. and STILL ran into big problems.
So, when does it become sensible for Dell to spend the money on per-installed, fully licensed Spyware and Antivirus software? Though they do install MCafee software, it requires the user to fork out more money past the investment in the computer itself (no to mention it also sucks in its current incarnation).
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
come via IE, and others come with ad supported software.
There is a spark in every single flame bait point.
That's entirely believable. I worked at a GW call center for several months and I'm dead certain 90% of the computers people contacted me about had spyware or virii on them even if it wasn't directly related to the issue. Keep in mind most of the businesses that buy these things are going to have their own IT - those don't call for help.
What's hilarious is the way techs are told "document everything" and "don't fix spyware and virii issues" but then get chastised (and even written up) if their average goes over some ridiculously low number like 40% redirected due to "out of warranty" issues (ie spyware or virii).
I quit - simply couldn't tolerate anymore the hypocrisy of it all and we were about to move to supporting ONLY Microsoft calls (which would make the work my vision of hell).
Dell has, in the past, stated it's their policy to not help the customer by suggesting ANY spyware removal tools, since those tools may help the customer remove software put their by Dell's partners. Is this still the case? I can't think of any prefab, corporate, store bought machines that don't come with some sort of spyware included right in the reload image.
Sure, but I still use Windows XP on one of my boxes, despite largely being a Mac OS X user and running Linux in niche places (recently set up a MythTV PVR box, for example) -- and guess when the last time was *I* had a problem with spyware?
The difference between us "geeks" and most of the population is they just see their computers as tools they have to (often against their will) use to get certain things done. Spyware victimizes the masses who have no desire to spend the amount of effort it would take to become proficient enough to avoid all the places it can come in from.
Linux isn't some magic pill for the "average user" and their computer headaches. Far from it. Heck, wait until they want to start playing newly released games on their Linux box and see how long they like the OS?
One big reason I started gravitating towards the Mac is the nice mix of having a Unix-based box plus a somewhat respectable list of commercial software titles to choose from for it, plus all the freeware/shareware. I think pointing the "average users" towards Apple's offerings makes more sense than trying to push a Linux box off on them at this time - except for specific cases.
The second article's website has a fake popup that says "Your browser has successfully blocked a popup" with a Windows error icon and an OK button. Clicking it would probably result in some sort of spyware. Ironic? (Yes, I'm using Firefox.)
Why doesn't the Gnu community get coding and create a Linux compatible spyware remover? think of this 1 boot from a linux live cd 2 run clamav 3 run %anti-spy tool% 4 hand user a copy of The Open CD 5 shutdown and eject live cd 6 reboot 7 install most of The Open CD
Any person using FTFY or editing my postings agrees to a US$50.00 charge
No, not all the in-store techs at Best Buy are retarded. It's the people in the blue shirts you have to watch out for.
85% of the computers we see, as long as they weren't JUST restored by the customer, have spyware on them.
It's really destroying any reputation Microsoft had left, thank god.
I work at my school (Cornell Univ.) in the Information Technologies department taking calls and basically doing technical support for folks who don't know anything about computers. Our ratio of spyware questions to any other questions is definitely at LEAST 4:1. It gets real old, real fast. Thing is, we're not allowed to give advice on what spyware removal tools to use, which makes it that much harder. The problem never gets fixed, and we just get more and more repeat calls.
I think all new installtions of windows come with an alexa cookie for tracking people. It may not be bonzi buddy, but a tracking cookie you never even requested sure sounds like spyware to me.
the dell tech support job isn't much different than mine...helping random people with whatever problem they start crying about at 2 AM. not a fun job. makes me want to punch spyware-makers in the face, and kick myself for not thinking of this (obviously) profitable business. as for statistics... 5% of slashdot readers have spyware on their computer. 90% of soccer moms have spyware on their computer. 20% of spyware cases are so severe that they require a call to technical support. 75% of these calls are resolved in under 30 minutes. 80% of all statistics are false. enough of all this "no one wants to spy on my *nix system" crap". we know. give it up. fact is: my mom knows how to use windows, and will never, ever change her OS. i don't think i'll be that keen on massive computer change when i'm that old. Lets all take a minute to wish the young men and women at dell good luck as they try to get the computer-illiterate people in the world to remove spyware. http://www.deadtroll.com/index2.html?/video/hellde skcable.html
william.
I'd venture to say that most non-tech savvy computers have some sort of spyware/adware installed. Why do these people get it?
1) They accidently click on something they didn't mean to, because of a popup. It goes downhill from there, since many spyware programs act like virii and have some friends join the fray.
2) Users that hit porn sites. These are the black hole of spyware, and while I've told them "stop looking at the porn and you wont get this crap", and they say they don't, yet I see their Internet Explorer history and its just filled with porn urls.
While my parents are largely #1, I've switched them to firefox and its gone down dramatically. I still catch them using IE for things like OWA and a few other IE-sites (and they will re-use the browser window to do other things).
I simply got tired of deal with them calling me about "CoolWebSearch" and tons of other junk that pisses me off.
I use Internet Explorer *and* firefox to browse the web, and I never get *any* spyware - I just know what to look out for. I'd say at least 80% of the people out there don't.
It also helps if you surf the web as a non-priveldged account - those are, for the most part, invulnerable to spyware. Just as none of you would use any web browser on linux as root -
agressiv
gosh, tell us something we don't already know. 1 out of 5 people are computer/ internet illiterate if they are still having problems with spyware.
So from that we can assume that Dell sells 10% of its computers with Linux. :)
A worm outbreak today is an acute disorder -- the bulk of the damage is done in one day, even a handful of hours or minutes. Even though recovering a business or department from it can take longer, the outbreak itself burns through the vulnerable population pretty quickly, and starves itself. Spyware, because it's rooted in long-standing bad security practices both by Microsoft and by Windows users, is a chronic disorder -- it doesn't just shut you down for a day or so; it degrades your online life over a long, nasty time.
To extend the analogy perhaps too far: A flash worm is like Ebola: it kills its victims quickly and messily and leaves a disgusting corpse. Everyone knows when it's in town because of the gory sacks of flesh lying around the streets. Spyware is like cirrhosis of the liver. It comes from doing something bad over a long period of time. It doesn't spread to others materially, though long-term excessive drinking (which causes it) can "spread" memetically in a population, as do bad Windows security practices. And, eventually, it causes the affected organ to be overwhelmed and just shut down.
The spyware situation today is one created by a nexus of influences:
The first two are well-known and I will not address them further. The latter are not.
What I call contract date-rape is the evil represented by so-called "end-user license agreements" and other documents which purport to represent agreements between software publishers and computer owners. The unethical business practice of software publishers is as follows: The computer owner buys a piece of software and installs it, only to find that it is designed so that it cannot be run without "accepting" an "agreement" which waives the owner's rights -- such as resale rights, rights to a refund for defective merchandise, or even free-speech rights. Then, when the software does something harmful and the owner seeks recourse, he is told that he "consented" to whatever harm was done, simply by the act of using what he purchased.
It is contract date-rape which puts the lie to that old FUD about open-source software: "But whom do you sue when it breaks and doesn't get fixed?" The owner of a computer using proprietary software under a Microsoft-style EULA does not have any enforceable rights against the publisher. Windows does break in many ways that Microsoft doesn't fix, but nobody is suing Microsoft for it. Why? Whether the EULA is in fact legally binding or not, both Microsoft and computer owners regard it as leaving Microsoft with no obligations.
(Of course, software was not always sold on "as-is" terms that were intended in law for used and defective products. Nor was it sold on terms that used copyright law as a cudgel with which to deprive users of rights such as fair comment and resale. Contract date-rape is not an endemic problem of proprietary software; it is one that proprietary software publishers have chosen for themselves.)
And it is the methodical use of contract date-rape which leads to the situation we have with spyware today. Spyware gets into a computer owner's property unannounced, alongside some piece of (presumably) desired software. It is a Trojan horse in the original sense -- sooner or later, it bursts open and out pour the soldiers of the enemy, who go about merrily burning w
Actually, my mom's new HP Pavillion came with Wild Tangent and lots of other useless crap. I also had a horrible tech support experience with them. The NIC card died. When I got the computer back, they had replaced the Dial Up modem, not the NIC. I complained to one of those Indian dudes at tech support and he said he would notify the repair facility. I told him not to worry about doing anything else, I didn't feel like dealing with them anymore.
Here's a support transcript I had while trying to get info about upgrading my Axim X3i to Windows Mobile 2003 Second Edition: --- Dear , , I am a Supervisor at Dell and have gone through your previous mail. I apologize for the persistent trouble that you are facing. , I understand that you want to upgrade your Axim X3 to Windows Mobile 2003 Second Edition. , I would have loved to have provided you any information regarding the stated issue but please note that we are not trained to handle the software issues. To quickly resolve the issue, I would suggest you to contact our PDA support queue at: . Once you call this number, you will get an IVR menu, one of the menu options will be the AXIM PDA support; please select the same and you should be able to contact the PDA support. , I once again apologize for the inconvenience caused to you in this matter. Respectfully, Navin. DT D23212. Dell Technical Support My Axim X3i already has Windows Mobile 2003 with the A02 ROM. What I want to do is upgrade my Axim X3i to Windows Mobile 2003 SECOND EDITION. The X50 and X30 come preloaded with Windows Mobile 2003 SECOND EDITION. - Dear , Since the previous email agent is not available today, I am replying to your message so that we can solve your problem as quickly as possible. As per your email, I understand that you want to upgrade your Axim to Windows Mobile 2003. , I apologize for the inconvenience caused. However, please click on the link given below to download the ROM update for Axim X3: http://support.dell.com/support/downloads/type.asp x?c=us&cs=19&l=en&s=dhs&Sy
stemID=PDA_AXIM_X3&category=0&os=PPCA&osl=en&devic eid=7810&devlib=7
Kindly follow the steps given below if you are unable to view the Dell website link: -
* Log on to www.support.dell.com
* Under ?Consumer? Section, click Home and Home Office?.
* If listed, click on ?Troubleshooting (Dell KB)?.
* Type in your Service Tag (Press Enter).
* Now copy and paste the link in the address bar of the browser and click on ?Go?.
I hope that this resolves the issue that you are facing. However if it persists, please email me the result of the steps given above. I assure you that I would do my best to resolve the issue.
Thank you for choosing Dell.
Respectfully,
Daphne
DT D31164
Dell Technical Support
I have a X3i, not a X5. The X3i comes with Windows Mobile 2003. I want to upgrade my X3i to Windows Mobile 2003 ***Second Edition***.
-
Dear ,
Thank you for contacting Dell Technical Support.
, if I understand the issue correctly you want to upgrade the software for the Axim
, I would like to inform you that you can Upgrade From Pocket PC
2002 to Windows Mobile 2003. For assistance on this, please click on the following link: ?How Do I Perform the ROM Upgrade On My Dell? Axim Handheld Using the CD I Received From Dell??
http://support.dell.com/support/topics/global.aspx /support/kb/en/document?dn
=1085099#Section1
I sincerely hope that the above information would have been helpful. If
there is any issue with the system, please feel free to contact me. I
shall
do my best to solve it. It was a pleasure to assist a valuable customer
like
you.
Faisal
DT C68128
Dell Technical Support
I am an owner of an Axim X3i. I was delighted when Windows Mobile 2003
Second Edition came out. However, my excitement was dampened when I
learned
that Dell would not be releasing an update for the X3 and X3i. I am
unsure
about purchasing Dell products again.
I and 3396 other people (see petition at
http://www.petitiononline.com/mod_perl/signed.cgi? WM03SE)
would like your company to release a firmware upgrade for the new
operating
system for Axim X5, X3, and X3i devices.
All current devices running Pocket PC 2002 or Windows Mobile 2003 are
technically capable of running Windows Mobile 2003 Second Edition.
I and many other people would be willing to purchase an upgrade to
Windows
Mobile 2003 Second Edition.
I guess that means the combined Linux/Mac/*BSD marketshare is up to 10%.
---
10553124
Thanks to http://windowsrefund.net and some persistence I got my Dell Inspiron 8600 without paying for spyware-prone windows. I had to pay full price but Dell sent me a refund check. The first thing I did was installing Gentoo Linux on the machine. Everything runs blazing fast and I have no spyware problems. Sorry, but people who are still stupid enough to use windows nowadays don't deserve better.
It's pretty bad if your grandmother downloads and installs some screensaver with this shit on it, but HP should not be doing this to its customers. Having to deal with a recovery CD is bad enough, without having to clean out the extra "value added" shit (aka sweetheart deals that make them mo money). HP is stabbing their customers in the back.
(Unrelated to this, kinda, but when I was ordering this recovery CD from the HP drone on the phone, I asked him the price.
He said "between $20 and $40."
So I said, "Can you be more specific?"
He said, "I'll need the model number first."
So I gave it to him and said "So what's the price?"
"Between $20 and $40, depending on the model number."
"I just gave you the model number! What's the price?"
"You need to order it first."
"Tell me the price first."
"You need to order it before I can tell you the price."
"You mean you can't, or won't, tell me the price?"
"Just order it, and if you don't like the price, I'll cancel the order."
"Fine. Whatever."
I ended up ordering it anyway, but I have never seen such a stupid system where you can't know the price until you order.)
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
I made some pretty factual comment about the USPTO a few days ago, and I got modded troll, too.
"City hall" in German is "Rathaus" Kinda explains a few things......
Since every Windows PC that Dell sells comes preinstalled with spyware, it's no wonder that a Dell executive thinks that most PC's have spyware installed. Perhaps the situation is different for HP, IBM, and so on, but I doubt it. Buy a computer from a major OEM, you have spyware. Add to that most of the P2P clients coming with a ton of spyware bundled, and of course most PC's are infected.
everyone that calls micrsoft pc safety has spyware
I'll second that. I do hand out, with the bill, a little instruction sheet with pictures on how to run AdAware and Spybot weekly - and usually don't have repeat customers for virus and spyware problems.
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
68% of all statistics are made up on the spot. Although i do agree with the estimate that 90% of computers running Windows are infected. The actual percentage rises to about 99% if servers and special-purpose machines are excluded from the count. And no matter how many times the machine is sweeped with some anti-spyware tool, in 5 minutes of browsing there will be something installed, even if its a tracking cookie.
>>>>truth; beauty; unix.<<<<
Actually InfoSys and WiPro charge a fair bit for their offshore guys. I've seen figures of $120k / year, with maybe half going to the programmer in India. The main benefit provided to the large IT Services company I worked for was the ability to drop/hire ten or twenty bodies at short notice, much faster than doing local hiring in the US. Someone is sure making a lot of money from this though.
...anything like an anecdotal top ten best of the worst list for spyware? Purely for conversational and amusement purposes. There must be some that really stand out both in spyware "features" and in non-ease of removal.
*ring* *ring*
Customer: "Hi, I need help."
American Customer Support: "I'm too stupid to help. Let me transfer you to our New Delhi customer service support office. Please call again."
They are a nationality.
How long until the support costs of spyware outweigh the partner benefit payments? Once this equation is clearly on the "right" side, Dell and other companies will get serious about anti-spyware legislation. Until then, they will continue to support half-ass measures like we've been seeing from Congress.
I actually made a good amount of money from removing spyware from people's computers. Since I have a full time job and really did not need the money I did at some point give it up. It was the same group of people that were getting infected over and over again. For some reason I could never educate them on how it got on there.
Gator used to be one of the worst ones.
Joel Johnson
I find it ironic that half of the stuff that Dell ships on their prebuilt computers makes computers run ust as slow as a lot of spyware. I know that when clients of mine buy a new Dell computer, they're disappointed at how slow it runs. Reformatting the HD always makes the computer run 10 times+ faster.
...was a very good rant. Nailed everything,and used decent analogies. In particular EULAS which are THE most lame bogus "contracts" out there that joe average has to deal with, least noticed, least understood, and most annoying in what "happens". Maybe someday a true "peoples class action" law suit will be filed against a few big konzernes over them, they need to be abolished. We need consumer protection, a standard warranty of useability and suitability for purpose.
2 hours (+ -) in a courtroom, real time. A clean install on a new machine, attach to the internet, watch with a traffic monitoring program. Show the judge and jury what happens. Then another hour of random surfing, and receiving email, again, show them what happens.
Would be fun to see for sure. Needs to go all the way to the supremes.
The spyware situation today is one created by a nexus of influences:
I can't argue with 3) or 4). But as for 1) [and it touches a little on 2)], we've been running Windows NT & Windows 2000 for more than five years now, and we've NEVER had a SINGLE piece of spyware installed on any of our systems. [Never had a virus or a worm either, although I hope I didn't just jinx myself by saying that.]
You know why? BECAUSE NONE OF OUR END-USERS LOG ON AS ADMINISTRATORS!!! That's it - it's that simple. They don't have Administrative rights, and they can't install spyware [or viruses, or worms]. [Of course, yours truly installs the latest security patches as soon as they appear, and has always had all of his users behind a fire wall, but that's not the important point here.]
If you surf the web as an Administrator [Root] on OSX, or if you surf the web as an Administrator [Root] on Linux, you're every bit as prone to this stuff as any Microsoft user surfing the web as an Administrator [or you would be, if those operating systems had large enough market share for the spyware people to be bothered with writing spyware for them].
Well, nice to see it coming around to byte you, eh, Dell?
The World Wide Web is dying. Soon, we shall have only the Internet.
I whore out my tech support services to the floor where I live, and this is the case in every room with a Windows computer. The first computer I went to was my RA's compueter. She'd switched to Firefox a month earlier after hearing about the tabbed browsing, but hadn't installed Spybot and AdAware yet, so she still had 2 years' worth of spyware on her computer. When I fixed it, she was willing to do anything for me. Too bad that I already have a girlfriend, and I'm not the cheating kind.
Haec merda tauri est. Ceterum censeo Carthaginem esse delendam.
My SigOther works at a Dell corporate call center & she tells me most of the calls lately are for WinXP SP2.
Jaysyn
There is a war going on for your mind.
First let me say: John Kerry Is A Douche Bag But I'm Voting For Him Anyway.
That being said, I have 0 spyware on my (Windows) system because I never use Internet Explorer. Plain and simple. Firefox protects me pretty good.
(btw) Windows Update no longer requires you to use Internet Explorer - just check the option to download but not install automatic updates.
Get your Unix fortune now!
I don't think "spyware" means the same thing to all people. Spybot calls Hitbox spyware, but I know for a fact that it's not (my site uses it). So I don't screw up my stats, I never remove any of their cookies, because I know it's not bad. Thus, I have spyware on my machine.
I don't respond to AC's.
I'm just glad that I normally don't run Windows at home.
The meme police, They live inside of my head
There's someone who does an organized scan of my ISP's IP space every morning at 8:42 and 9:42 EDT. When I have two DHCP IPs, both get hit with an average of eight bots each trying ports 5554, 1023, 9898 and 445. The IPs it comes from are usually Korean or Japanese. When I listen at the ports, they try various exploits on bots which do listen on those ports to download their own bot software.
I suspect that "8:42 Zombie Charlie" scans a lot more than my ISP's space. So it looks like someone is running a very organized and *punctual* effort to harvest a whole lot of botted machines for unknown purposes. Joy. (Actually, it's kind of fun. I wrote a sound effects program from my firewall, and I drink my coffee listening to the chorus of sounds as the ports are checked. Too bad I can't arrange to be checked a little earlier in the morning.)
One line blog. I hear that they're called Twitters now.
I tried to set my friends up that way. It isn't hard, XP comes with that ability, even in the home version. Setting up is easy enough. Making it work is another matter though. Nearly half of the programs my friends want to run do not work correctly without administrator rights. This includes software for XP from Microsoft!
In the end I gave up, ideally they wouldn't use the administrator account except when needed, but practically their computer didn't work without it. Switching users takes time and is a pain. Not hard, and it doesn't take long, but annoying enough that I can't call it a solution.
Remember this is a home environment, not a work environment. They don't have someone checking out software from various competitors to see if it meets requirements. If Best Buy sells it they buy it, and expect it to work. (note that you can almost never return software after finding out that it doesn't work without administrator rights)
Wow, I would have pegged it closer to 95%. I'd say it is an annomalty to see a machine without it.
Like spam, this stuff would go away if all users were smart. The only reason it works is that someone somewhere makes money off of it.
I've found that there are some almost impossible to clean spyware's out there are easy to deal with using a Knoppix CD and deleting the necessary files. Home page hijackers and the like seem to be the hardest suckers to get rid of. At least it gives me an opportunity to use Linux in a corporate environment!
While I agree that spyware is a big problem, in the tech support world, it's used as a convienient catch all if a customer's problem can't be readily solved. I've worked plenty of regional/national ISP tech support, and everything from slow throughput to corrupt TCP/IP stacks were blamed on spyware without much investigation or confirmation. While I don't doubt that 20% of Dell's support calls are resolved to spyware, I would say half of those issues were attributed to spyware just so they could bounce the call to the ISP or vice versa.
This is a majorly bad problem, as I have to regularly check my clients' computers and delete or disable the damn stuff. This is one area that needs government or private intervention, because it is really mucking up (slowing down computers, redirecting browsers) the end-user experience. I can't believe Microsoft is not more concerned about this, because spyware ultimately will drive users to Macs or Linux.
If Linux, Unix and Macintosh have a total of roughly 10% of all desktops, then the 90% that are left (all running some form of MS operating system) must all be infected. Hmm... not too farfetched from what I can tell.
No one ever had to evacuate a city because the solar panels broke!
Spare us your righteous indignation. Please. Many people who speak english non-natively speak with incorrect grammar.
Do you deny this?
Is it racist?
Just because he made a reference to outsourcing doesn't mean it was racist. You can hear whatever you want if you are listening for it, but there was nothing inherently racist about that. For all you know, he prefers broken english.
I used to bulls-eye womp-rats in my pants
Dell isn't allowed to sell any computer that has Linux. The only exception is servers.
In IE 6, I had scripting (JVM) and Active-X enabled and it cost me... I got hit with a 0-day exploit that executed on render of the page I visited (It was a old Doom cheats page - I was looking for the command for "all-map"). If it were not for ZoneAlarm, TCPView, and pskill, I might not have caught the ton of spyware that followed.s ure/2004-10/0077.html
It was a situation quite like the one described in this thread: http://archives.neohapsis.com/archives/fulldisclo
(atpartners, "megasearchbar," chtb, 4 or 5 seperate exe's downloaded and run from prefetch in all.
A week ago, I sent this email to a major AV vendor (xxxx) of and have not received a reply:
This is a pre-sales question relating to future purchases, but may require technical assistance to satisfy.
--
Are there any single-user-licensed xxxxx antivirus products that do not rely on Active Scipting, or can use a different Security Zone than "Internet"? Or a differnt browser than IE?
--
I am tired of arbitrary code execution in IE and have locked it down. It is also no longer my default browser. Viewing the xxxxx readme.txt tells me that I must substantially weaken my security in order to continue using xxxx.
I'm not willing to do that. I would sooner find another antivirus vendor.
Your antivirus fails to protect from prefetch code, rendered-on-the-fly, not because of faults in xxxxxx, but because of faults in the configuration of Windows. I should be able to correct those faults and still be able to effectively use a "security product" such as an antivirus.
US-CERT (us-cert.gov), the operational arm of the National Cyber Security Division at the Department of Homeland Security (among many others) recommended a recently that users switch to a more secure browser than IE, and advocated the limiting of mobile code execution for users that do not switch.
"Why doesn't the Gnu community get coding and create a Linux compatible spyware remover? t"
Simple. All the Windows problems drive them into our arms. While fixing it will keep them on Windows.
Second why should the "free" community help corporations clean up their mess?
It's the users! Nobody cares or knows why their comp is running slowly ect.
I just recently formatted my sister's comp, and installed the "bare bones" (drivers, dx9, ect) and let her re-install her apps herself. Some of the programs she likes to use has spyware in it (but an option not to install it), and she completely and utterly installed it anyway!,
I blame the "Next Next Next" Policy that makes people think that it's only installing the program they want.
Although spyware is a horrible thing, it has opened a new market for pc repair shops. If I opened a PC repair shop, I could probably make a fortune for just fixing spyware-infected pc's. Most users don't know what happened. Just that their PC just stopped working or became really really slow. "Sure it can be fixed. Bring it over. That'll be $50."
http://www.up0.com/
I used to work for dell (up till 2 months ago)tech support tier 2 software support and I can tell you at that time it was much much higher than 20% of our calls where spyware related. I'd venture it was more than 50% of the calls to us was a problem caused by spyware.
I know many people who replace their computers every two years "because the old one got really slow". These people aren't searching for large prime numbers, finding pi to the 50,000th digit, or running nuclear blast simulations - they are checking email, surfing the web, and burning CDs. What drives this pointless upgrade cycle?
You guessed it: Spyware.
Why would Dell want to fix the problems? Their solution often times is to tell the hapless user that their machine is toast, and that they should buy a new one.
-ted
Almost every single piece of spyware that I have seen has been carefully crafted to NOT REQUIRE ADMIN RIGHTS!! I work in an enterprise where users cannot have Admin rights and we see spyware / malware all the time. As soon as the user clicks OK to some stupid popup the executable runs and has the same priviledges as the user. That is all it takes to put entries in the HKeyLocalUser hive so that these beasties run on login. I would submit that your proactive patching strategy has more to do with the lack of spyware than anything else.
We have effectively stopped almost all virus traffic, only to find that spyware has taken its place as our major pain in the ass.
WoodSmoke
That's just insane! That much support for spyware has got to be putting a heavy burden on Dell; and other similar companies. So, why the h!! don't they track down and sue the spyware makers; if in the U.S., and able to track them, and have money to invest, and...never mind.
To the Best Buy in Orange, CT. Wouldn't work on my machine. I still buy DVDs there as they are cheap, and I dutifully bring my latest copy of WOlfenstein back to return. I wonder where all the opened copies they took back went...
Blar.
What a coincidence. Every 5th call I get is from some guy named Yuri who describes exactly what I'm wearing and then disconnects.
I have a great (and true) anecdote about a Professor who inadvertantly splashed pr0n up on a 4m x 4m screen before an audience of MBA students, managers and Execs, but I don't have a good anecdote for the spyware and phisching parts of the series.
Have you (or do you know anyone) who has been caught out by (i) a keylogger or similar spyware or (ii) a phisching attack, either of which caused some quantifiable loss (ie: $$$ got pinched from their online back account, identity re-used somewhere else, etc, etc)
All I need is a short email description so that I'm quoting a valid/verifiable source instead of making things up.
I'd appreciate an email from an actual victim please, I'm happy to cite your name or be anonymous as required. Thanks.
about:me I'm a geek who works at university, becoming increasingly frustrated at the last year or so's worth of worms, phishing and general microsoft-induced hell and I'd had some degree of success at getting myself published on a range of geek topics. By no means a journalist or anything like that though!
I find your ideas intriguing and I wish to subscribe to your newsletter.
There's no way 90% of the PCs powered on and connected to the internet at any given time are infected.
:)
Not unless you count tracking cookies
OLPC Australia
It's called liability. The last thing Dell wants is for a customer to say "A Dell Support agent recommended I use product XYZ" And yes..because you are on Dells watch as an employee, Dell is liable for any advice you give a customer regardless of the fact you would use the words "my personal recomondation is...."
Face it, Dell that is a landmind of an issue they do not want to step in. Once the futz around with a PC, you are the last party responisble in the eyes of the legal world.
Life is not for the lazy.
Root is turned off by default in OS X and everything is done with sudo (Ubuntu Linux does the same thing). An ordinary user of OS X does not need the root account (and OS X doesn't make it easy to activate the root account). To make any system changes on OS X (or Ubuntu), the admin user will have to enter his password. And, at least in OS X, a window comes up that explains which program is requesting sudo access.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
If there *were* spyware for linux, it would only work as a seperate app running in the userspace, much easier to clean.
/tmp, etc. You can't infect the browser because you only have read access, there's no registry, but you can't infect the init, config, or other files either.
* is beyond your average user, so that's going to cost money to get fixed by somebody in-the-know.
For windows, it's a little nastier. Since most users run with admin privilages (albeit they can run without, but many apps don't actually work properly then), spyware - like viruses - can infest different levels of your OS. You get keys in the registry, things that burrow into IE, and even farther by infecting things like the TCP/IP drivers. They're like ticks on a dog, with much of the problem is far well IE is integrated into the OS - browser events run without the browser even seeming to be active.
Now for linux, if one is running as a standard user, you can only infect those files that you have write access to. Generally, this will be your home directory and perhaps some other shared areas,
I use linux part-time. I'm not a fanboy, but if you're really such a heavy user you should by now appreciate the security of the way the OS is moulded. That, or perhaps you just don't use windows enough to appreciate how many places an infection can dig itself in. Even the registry, which is often a simple thing to patch up HKLM/software/microsoft/windows/currenversion/run
Spyware isn't just about sending back info, the main problem is how it roots into your system, and it's big brothers malware and adware are often called "spyware" for simplicity - but they're much worse.
So really, before you tell those that use both OS's regularly and are aware of such pitfalls to "Get a fucking life," you should realise that such comments on linux security aren't coming from our asses.
*disclaimer: using firefox on WinXP right now, but I'm smart enough to avoid most spyware infections anyhow. After switching various relatives to an "easy" customized linux distro I've had less "HELP ME" calls about nasties sneaking in. Gee... go figure...
Wrong. I see this allegation all the time from people who never use the system in question, but OS X has this wonderful notion that you ought to consent to software being installed on your system. Even as administrator, there are some things you just can't do without authenticating (usually through a password dialog), and one of those is installing any software that uses a program to place it instead the old drag-and-drop method. If you want software to be put onto the system, you have to do it and that's all there is to it.
In order for spyware to work on OS X, it's going to have to be trojanized. There's not much you can do about the human factor, other than running as non-administrator, but that's a FAR smaller deal than it is for Windows.
Oh, and you prove your ignorance by comparing administrator status with root. There is no default root account on OS X, though you can enable it through NetInfo if you really get tired of using sudo. Why you'd do so, I can barely imagine, but there you go. Administrators are more priveleged than other users, but they're hardly root.
Any sufficiently advanced technology is indistinguishable from magic. -Arthur C. Clarke
What makes spyware such a monumental bitch is not the fact that it exists, but the fact that it is so damned hard to remove. On Mac or Linux, a program is about as easy to remove as it is to install. And even if a program does spread itself out, leaving the pieces behind won't affect your system other than a bit of lost disk space. Cut off the head (main program) and all the other pieces die too. On Windows, you can write a program that digs its claws into your system and rips huge gashes as you drag it out. THAT'S why Mac and Linux will never be as bad as Windows.
It is as simple as avoiding the popups that say "You are infected, please scan" It is bs.
I heard that the mass software often includes the back doors known only to the producer. Like the receipe of Coca Cola is known only to the company president.
Could not it be that this chaos with spyware is profitable to hide the inbuilt spyware? Like the "chaos" on the US sounthern border is profitable to the US economy by providing rightless workers?
Would not it better to have the environment of several basic OSs, which does not have some fancy blinkers, but which could be looked through and customized by small vendors?
I would rather work with the plain text and simple image viewer, than having 50 MB of My Documents pumped to some unknown person, what exactly happend to me once. But unfortunately the hardware is being tied to software by obfuscating drivers. And again this "chaos" is profitable to some individuals. I would even say not only profitable, but it is the corner stone.
If I had read your claim about most 'slow' computers being crippled by spyware half a year ago, I'd have thought you were overly cynical or exaggerating.
This is, however, exactly what happened to my wife's computer. While we're a Mac household, her employer lent her a computer a few months ago, to be able to use a web app that only works using IE6. Being vaguely aware of all the malware on Windows, I told her not to use the Windows machine for email, assuming web browsing was relatively safe. However, after two months of use, IE was getting so slow it was almost unusable. So I installed AdAware, which removed over assorted 90 thingies (registry keys, processes, DLL's, whatever - I didn't bother to check). The perfomance improvement was quite shocking.
"Money is a sign of poverty." - Iain Banks
We took delivery of 6 new Dell Dimensions, and running on the system are:
Some kind of Support program,
AOL Dialer - this runs as a service in WinXP!,
Norton security that keeps asking to register a free trial with Norton - effectively useless unless registered.
and 10 other useless programs that start with Windows...
So it wouldn't suprise me if most of the support calls are about these inbuilt programs.
-----------
To get rid, look in HKEY_CURRENT_USER / HKEY_LOCAL_MACHINE \Software\Windows\CurrentVersion\Run and RunOnce, delete obvious dell stuff.
Then look in 'Start >> Settings >> Control Panel >> Administrative tools >> Computer Mangement >> Services & Applications >> Services
stop the AOL dialler (set it to start never), becareful here you can really arse up a computer in that section.
I currently remove spyware, and install firefox, for people who dont know jack about computers. And thats most people. I take the spyware out then slap them lightly on the hand and tell them NOT to use "internet explorer" anymore. And then feel bad about taking thier money. There are quite a few more spyware than can be googled, one often has to manually scan the system dll's and .exe's for really stupid nonsensical names, a recent favorite was max733t.exe.
I forget the exact dll name, but this morning i was scanning one of my own systems dll's with process explorer, and the vendor names roll by.. and i see "pace anti-piracy".! I use move-on-boot to delete the sucker, and guess what? System boots a LOT faster.
It's nigh on impossible to run many apps out there unless you are an administrator. one of my clients is a print shop and they can't even run half their software unless they are an admin (the software actually checks if you are or not before starting, so you can't even play with premissions in the registry, etc).
Even still, i run everyone i can as a non-admin and they still get tonnes of spyware on their machines. The only difference is they can't instal adaware or spybot themselve to remove it.
Now I know why they are always so busy when I call them about the PIECE OF CRAP NOTEBOOK they sold me...
4 out of 5 PC's now run Linux...
-
University of Washington research this March published a moderate estimate of 5.1% PCs running spyware.
This MUST be grossly inaccurate. The past few years of my life have been filled with installing broadband on spywayre-wormware ridden windows boxes. It seems like every-single-customer had no idea what spyware does, is, how they got it, or how to get rid of it. All they know is the "cable guy" is telling them that the Dell they spent $1000 on needs another $100 worth of work on it.
Horribly inaccurate. The ONLY machines I didnt see spyware on were the Macs, the other *nix'en, and, of course, the occasional new Dell PC that I had to help the customer unpack. Many of the PCs were so bogged down that just installing the USB driver for the cable modem was painful enough for me to blaitantly tell the customer that they NEED TO EDUCATE THEMSELVES, at least SOMEWHAT, before they can have the service. Glad I'm not in the field anymore...
Dont get me wrong, some people were cool enough for me to dig "the disc" out of my truck, but for the most part I would say a substantial amount of man hours is lost due to spyware and companies, even contractors for companies, should be entitled to recieve compensation from the creators and purchasers of spyware. I could legitimatly document hundreds of jobs where I had to sit down and fix the damn thing before it would pull an ip without broadcasting the customers user information to the whole internet. If I had to guess how much money I lost, as a contractor, due to this downtime, I would measure it in the tens of thousands.
I sincerely hope that Microsoft feels the pain of losing business to a better competitor over this issue soon. If this explosion is not their fault, then I don't know what is.
You are about to give someone a piece of your mind, something which you can ill afford...
"This just goes to show what security folks who have to deal with ordinary, average users have been saying for quite some time now: spyware is the #1 security problem for the ordinary Windows user today. Break-ins, worms, and viruses are all nasty problems indeed, but they do not cause the level of sheer aggravation and suffering that spyware does."
/. article claiming 1 out 5 children were solicitated in various forms on the internet last year, but I'm pretty sure I wasn't able to get throught to her about the dangers of the predatory social engineering that can take place through the internet these days. Spyware has the potential to pose a much bigger risk than most people believe because it opens the door to rootkits, social engineering, etc. when it is allowed to run amok in this manner.
I absolutely agree with you that spyware is without doubt the most grevious problem afflicting home Windows user today. However, it is not only the shear numbers of spyware and lack of unified solution to these problems that makes spyware the critical problem it is, but the threat and damage that can be caused by spyware, in my opinion far exceeds what I would consider aggrevation.
Although I am a fulltime workstation administrator for a tech company and often times pick up home user workstation support on the side and they are almost always problems related to spyware. I recently agreed to work on a women's computer that was no longer able to connect to the internet as well as set up a home wireless network for her. She told me that it was "her daughters toy and as long as she can get connected to the internet and chat at night it keeps her daughter out of her hair" they both remain happy. The daughter is 13 years old and has taken to chatting with her friends at night, passing around links to salacious little horoscope programs, gossip programs, ad nauseum . . . After two hours of working on the computer I had removed over 500 instances of spyware (files, reg keys, programs, etc NOT INCLUDING COOKIES!). My obvious diagnosis was that Windows XP home needed to be reloaded but for now she could get back on the internet. When I returned a week later after recovery disks had been obtained there was even more spyware than before & a mysterious bridged internet connection that I assumed was being used to turn the machine into a slave for God knows what. Additionally, I found approx. 5000 illegal song downloads (automatic prison time there), limewire and kazaa and an AIM add-on that was keeping documented records of all IM conversations. I quickly learned that this could not possibly have been the daughters choice as the one converstation I opened while investigating revealed explicit discussion of sexual activities. To me, the potential for abuse in this case goes far beyond the loss of data, or even identity theft. A hacker with access to this machine would be able to know all of this girls personal information, name, address, appearance, school schedule and what place her volleyball team achieved at districts. Needless to say, I did my very best to try to educate this women about the dangers of these surfing habits even referencing the recent
The ISP is calling another 5% to shut off their netconnection and stop sending spam ....
Quidquid latine dictum sit, altum videtur
...I like the sound of my own voice (and I forgot to add something), so I figured that I'd come back here and mention it.
.app bundle into the user's home directory, which worked. However, thanks to the structure of OS X, the worst that any known exploit can do is wipe that directory and that's it. The proof of concept media trojan showed that a month or three back, and so we know it can happen, but really... Human stupidity is human stupidity, and even Apple can't account for all of the possibilities that brings in.
You can't install anything through an installer if you're not an administrator, either. Software installers are password locked to accounts at the admin level or higher.
Just to check, I swapped over to a non-admin account I keep for guests and tried both installers and drag-and-drop installations. The installers ask for an administrator password, and drag-and-drop to the applications folder says that it can't be modified. It seems that my permissions (which are mostly default) are working properly.
On a whim, I tried to drag the
Any sufficiently advanced technology is indistinguishable from magic. -Arthur C. Clarke
Generally a very good post, and I aggree that the cult of the EULA should die. And that blaming the _victims_ instead of the criminals is a sick joke already. But I do have a couple of minor objections:
/. Sad.
"The spyware is there on that disk because Microsoft security is bad, yes."
Actually, no. Yes, I know, it's slashdot. Daring say that there's something (e.g., AIDS or world hunger) which MS isn't to blame for, is bad for your karma. Blaming MS for _anything_ rakes in the big karma points on
Now Microsoft _does_ have plenty of faults. E.g., worms and viruses, those you can safely blame on Microsoft security. Better coding at MS could have avoided all the buffer overflow exploits, and better design could have foreseen some of the other exploits just waiting to happen.
But spyware? Gimme a break. Spyware is installed by tricking the user. It comes standard with a nice installer and an EULA.
Even on Unix, what do you tell users? Think. "Only log in as root to install programs or other admin tasks." Well, bingo, then they could install spyware just as well on Unix.
Try to picture an alternate universe where the Unix fragmentation never happened, and Microsoft never happened, so all computers run Unix. Now picture Joe Average, on his shiny new Unix home computer. Let's also imagine that enough sense has been hammered into Joe, that he doesn't run root while reading emails and chatting on IRC. (Ok, big stretch of imagination there;)
Now he's just downloaded this useful little movie ripper app, which incidentally comes bundled with Gator. It's right in the EULA too. And the install program tells Joe "sorry, you need to log in or su as root to install this program."
Take your best guess at what will Joe do next. Well, I'll tell you. He obediently switches user to root to install it. Congrats, you just got trojaned on Unix.
"It is a Trojan horse in the original sense - sooner or later, it bursts open and out pour the soldiers of the enemy, who go about merrily burning women and raping houses."
It's a Trojan in the computer sense as well.
Back in the day when BackOrifice was all the fashion, the way to get it was also bundled with some little useful app. When some script kiddie wanted to get you BOed, he'd send you or put up for download some little exe (a utility or game) wrapped in a nasty program that also installed the Trojan on your computer.
And you know, everyone called it a Trojan.
When did it become acceptable and not a Trojan? Since when do we even need euphemisms like "spyware" instead of "trojan"?
A polar bear is a cartesian bear after a coordinate transform.
"Thou shalt not attempt to benchmark the software, not shalt thou create documents that disparage microsoft or are obscene or otherwise naughty"... (paraphrasing).
---
- Bad security design in Microsoft Windows,
- Absent security education for the ordinary user,
- The unethical business practice of contract date-rape, and
- Negligent refusal on the part of law enforcement to respond to electronic trespass offenses in other media, such as e-mail spam.
---
You forgot one very important factor. Badly authored programs and websites which force the uneducated user to be admin on his machine and lower all security on his browser for it to work.
Rich web crap has corrupted the web.
Running Linux I've put this stuff to the back of my mind. But, I do run a VMware Windows 2000 machine for some propritary VPN RSA connection software to connect to work. It's both software (KPF) and hardware firewalled.
I keep the VM patched but never figured I need to worry much about spyware. I hardly use it for web access unless it's work related. I was wrong. I just installed AdAware and found 24 instances. Now, I guess, I'll install the others, SpyBot etc.
The best I can figure is I must of had a brain fade while tele-commuting and drifted to a few sites while working. Usually when I do that I switch to another destop and use Linux to surf. That or the work related business site I've visited loaded them.
Live and learn. It's going to really suck if Linux ever starts having problems like this or something simular. I've enjoyed the freedom since moving to Linux a few years ago. I neglected my Vmware machines though. But, not any more.
Well, I guess that this must cost Dell a fair amount in support costs. I've got no idea what the volume of calls is, but it must be great - and 20% of them to do with spyware? It *must* affect their bottom line.
Maybe they will begin to ship machines with a more secure initial configuration. They might start wit some changes suggested by last month's article at The Register.
Note to ACs: I won't mod you up, even if you are being funny or insightful. So take a chance! It's not real life!
For the most part, I agree with you whole-heartedly, and, unfortunately, the parts I disagree with put me in a most unenviable position: defending spammers.
And there is a cadre on/. that thinks boiling them in lead is a good start before things start really getting rough, I don't expect my position to garner much support, however, your argument is flawed.
When you speak of property rights in regards to spam, you are extending your rights to include what can be done with the entirety of the internet. You are, in essence trespassing against someone else's use. For example, I'm certain you get advertisements daily through your snailmail. What is the difference between that and a spam for viagra? Both are unasked for, both can be seen as a public nuisance, except when attempting to press charges of trespassing against Safeway for a bulk advertisement; you would be laughed out of court. You do not get to define the operation of the entire postal service just because you have an address.
And claiming to know what the specific intent of a spammer who writes "\/1aGr/\" is a bit much. The same could be said of a mailing label that contains "or current resident of". Is it not an attempt to evade a filter? Call the Calvary; Valu-pak has just invaded my home.
And comparing the acts of the Unabomber with "PENIS GROWTH GUARENTEED" is just laughable. I got a catalogue to Victoria Secret the other day. Is it pornographic material being sent through the mail, or is it just an advertisement. Should I sue? I certainly don't want my kids to see women portrayed in such a derogatory manner. Perhaps next time I will just throw the catalogue away.
And any other argument you make for criminal intent of email can just as easily be applied to snailmail, with one primary difference: we take away a persons ability to send mail after they have been convicted of a crime. If all of these property laws apply to email, why do we make an exception in this circumstance?
And beyond the problems of trying to enforce US law on a spammer that may reside outside of US jurisdiction, it comes down to this: I want the right to email Tyan to ask about IRQ settings without having their expressed permission. I want enough leeway to dial a wrong number without the receiver crying foul. I want the right to receive an email for a product or service I might find useful, or to be notified of a problem with a product I have already purchased. The idea of asking permission first is a catch-22 if I have no means to contact you in the first place.
And ultimately pandering to the idea of some nebulous common public good brings the entire level of discourse to the lowest of common denominators. The issues aren't black and white, and viewing them as such distracts from pursuing answers which are more viable in the long term.
I know the answer, and the answer is fixed functionality, ala something like WebTV.
Good idea; but unless it's very cheap, it's going to be a hard sell against a dirt-cheap PC that's loaded to the gills with gimmicky consumer-crap and a "fast" processor (and insufficient memory, because as we all know, it's better to spend lots of money on that extra 0.1GHz you can impress your friends with than a few pounds/dollars/whatever ensuring it has enough memory to work effectively).
Yeah; you can bet the salesman will entice those people with tales of what they can do with their computer; although they'll never actually bother doing most of it.
In this situation, your "safe" non-expandable box sounds like a poor sell; sad, but true.
If this sort of device takes off, it'll probably be in the market covered by the Amstrad Em@iler; that device is very cheap, because it is subsidised by the compulsory use of the manufacturer's own ISP. And even if such a device would be poor value compared to the PC in the long-run, we all know that a large number of people simply buy on the basis of the initial price tag.
The sort of people that buy the Lexmark printers because they are (marginally) the cheapest, then balk at the price of the replacement carts, so they buy another Lexmark because it comes with free carts anyway(!!!).
Anyway- consider this; the more the replacement ink is overpriced, the more the (perceived) value of the free carts that come with the printer (e.g. if a black and colour cart would together cost $200, Lexmark could claim that you got $200 worth of ink free with the printer). I *have* heard this logic used by someone replacing their Lexmark with another Lexmark, rather than buy new ink.
Canon can't boast such "great" offers, because their ink isn't sold in overpriced, chipped carts. So I must be a mug for buying a Canon (cough).
Heading off-topic... sorry. But the point is that consumers are generally not logical in the sense that you (and I) would like them to be; they will buy on the perceived value of "features" and "gimmicks" far above everything else.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
When I purchased a brand new Dell about 3 months ago, it actually CAME with gator installed. I keep a bunch of applications that I typically install on a machine on a DVD. Before I even hooked it up to my DSL, I installed SpySweeper on it. And it actually found Gator....
Considering just how many machines out there are Dells, is it any surprise then how many have spyware?
> There is no default root account on OS X,
/etc or make a symlink in /usr/bin.
Oh, there *is* such an account, you just can't log into it...
> though you can enable it through NetInfo if you really get tired of
> using sudo. Why you'd do so, I can barely imagine
For convenience. When you run as root, you don't have to sudo every time you
want to do something a regular Administrator account can't do. (Granted, you
have to be a *nix geek to ever run into that scenerio; point-and-click users
barely have any use for sudo, much less need it often enough to get annoyed
enough to want to run as root.)
I run Gnome as root, on my Mandrake systems both at home and at work, because
I got tired of doing su or sudo every time I needed to do something a normal
user can't do, such as edit something in
It's very convenient, I can tell you. For the occasional app that refuses to
run as root (such as freeciv), I use gdmflexiserver. I also use that for apps
that crash X from time to time, so that I don't lose all my open windows in
all my other apps whenever that happens. (Railroad Tycoon II is the biggest
offender there.)
Cut that out, or I will ship you to Norilsk in a box.
"You know why? BECAUSE NONE OF OUR END-USERS LOG ON AS ADMINISTRATORS!!!"
That may be fine if you're running one specific program that's designed to run as a non-administrator user, but, thanks to bad security design in Microsoft Windows, half the programs I run on my home PC simply won't work properly unless they have administrator priviledges. I did try to set up a non-admin user, but after a few hours of faffing around trying to make these programs work, I just gave up.
> On a whim, I tried to drag the .app bundle into the user's home directory,
.config files in the user's home directory. This is quite enough ... ...
> which worked. However, thanks to the structure of OS X, the worst that any
> known exploit can do is wipe that directory and that's it.
On most systems, wiping out the user's home directory is actually *worse* than
merely destroying system files. System files can be restored from the restore
CD, but only a small percentage of users really back up their home directories,
where all their important data lives.
Additionally, there are more things an app can do with normal-user permissions
than just delete files. An app running from inside a user's home directory
can do any of the following:
* modify
to get it run unobtrusively in the background whenever the user logs in.
* read the user's files, looking for things like email addresses, credit
card numbers, passwords,
* contact a remote system (e.g., to send it the harvested email addresses,
or to obtain instructions about what IP address to DDOS, or whatever).
* send email (e.g. to propagate itself). Bear in mind that it can read
the user's files, so it would be possible (though I don't know of a case
of malware doing this) to construct *replies* to messages the user has
received, quoting something the recipient said, and responding to the
effect of, "Yeah, I see what you mean, have a look at this." with a URI.
The URI could contain an obscured string that the server could decipher
into keywords from the quoted portion, which could be used in constructing
the phony description of what the trojan is good for. Sure, 90% of the
time this wouldn't make sense and the user would be like, "Huh? Why do
I need that?", but think about the other 10% of the time.
* pop up advertisements. Although this would be likely to get the thing
noticed and removed.
* play jokes on the user, such as renaming files, changing the filetype
and creator codes on files, altering configuration and preferences files
(e.g., to "reconfigure" the AutoCorrect feature of a word processor),
kicking in the screensaver at odd times, taking a screenshot of the
user's desktop and setting it as the wallpaper, moving icons around,
Granted, all of this relies on convincing the user to install it. So, it
relies on having clueless users. OSes with no significant percentage of
clueless users are in no great danger here, but any OS with large market
share is going to have some clueless users.
Are *nix-based systems inherently more secure than Windows? Yes. Are they
inherently immune to attacks that exploit the human factor? Hah hah. No.
Cut that out, or I will ship you to Norilsk in a box.
why the heck are people dragging Linux into the discussion... this is purely a problem with Microsoft Windows...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
I've been looking into ways to remove the profit incentive from the spyware guys. These morally challenged cruds monitor your web browsing habits and then sell that info. What if that info was full of bad entries? Like increasing the junk to valid signal ratio?
What I envision is a screen saver that we load on all the machines we can get our hands on. This screen saver then contacts these spyware sites and uploads random info. The aggressiveness could be controlled by the user, allowing it not to flood any Internet connection. The screen saver could have spyware lists, just like anti-virus software that could be updated. Imagine having millions of pcs uploading junk to coolwebsearch. How long would you say these guys would stay in business? Would those that are buying this info continue to do so even if it full of garbage?
Obviously this would be OSS, but we could license it in such a way as to allow folks like Dell to preload this and set it as default.
So folks, what do you think? Is this the way to kill these guys or is the recent criminalization enough to stem the tide?
Quit playing Monopoly with Bill.
Linux - of the people, by the people, and for the people.
You've just been lucky. There's a good chance you have spyware infected computers right now and don't know it. There are spyware programs that can install themselves without admin rights on the system. I've found them on our systems already.
Have you actually scanned your systems for spyware? Or are you just hoping that what you said is true? I'm not trying to be antagonistic (though some of what I just wrote sounds that way), but you really should be watching closely, even if your systems are locked down. Maybe I'm preaching to the choir and you really are scanning and watching. It certainly is possible to keep a Windows system free from spyware, mine is, but keeping a large number of end user systems free from spyware is a real trick, since there are always some people who will click on any shiny button they see. Maybe you don't have any users like that, I wish that were so here.
Evidently you haven't broken their fingers often enough with the cluestick for them to have learned not to install stupid programs...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
.....firefox in particular is easy to get folks to try, just I am worried it is another bandaid approach. I have not had any lucky getting people to try linux, changing entire operating systems is scary to folks. Even suggesting knoppix is hard, unless you are physically present and do it for them, most people won't make an attempt to go non-windows.
There will not be much in the way of "mass migration" until people can see linux (some decent os) running on a decent machine with lots of ram at the computer store and it comes pre installed, so that means major vendor support. The only reason I ever tried it is a friend of mine ran a small hosting company so he was more familiar with it and was kind enough to download and burn me a couple of disks, and I ALSO have a lot of spare machines kicking around. Being on dialup and/or only having one machine is a factor for millions of people, that and they don't know anyone running Linux. It becomes a chicken or the egg phenomenon then. People aren't going to run what they have never seen, the entire idea of "operating system" is still foreign to most people, all they know is "computer=internet=games=emails=..." but they honestly don't understand all the nuances. And it's because they purchase a package deal, the computer comes pre installed with the OS and apps so that's what they start with, and at the store, all the apps say "runs on XP" blah blah. they can't see it or touch it or play with it, so it's only a vague theory to them. Too many hoops to jump through. A browser a certain small percentage might try, but really, even that is a minority, people are more content to just put up with it and/or complain about it.
I honestly don't blame them, it is really not their fault they buy something brand new which is in reality 1995 with some shiny smeared on it and called 2004. It is sold as a brand new and improved product, unfortunately, it is still major league broken, and it is the *only* thing they see at the store and on the shelves. They are never told about it even when they take their computers in for "repair", they just get offered more bandaids, which I will include asd firefox on MS, spybot, antivir, adaware, zone alarm, and so on, those are all bandaids, they will never "solve" windows.
We need at least one major vendor to crack and offer, completely transparently, at least a choice, and it has to be advertised and on the shelves.
It's amazing how many calls from friends and private customers I've gotten over the last three months about adware / spyware on their systems, in many cases more than 5 active processes makes the computer unusable or the internet inaccessible.. too many custom protocol drivers inserted by this crap.
So far the single best advice I've found was by the author of the HiJackThis! tool, it appears that a large percentage of adware / spyware uses weaknesses and vulnerabilities in the MS Java Virtual Machine (even the last version with the patches) to secretly install themselfs so uninstall the MS Java Virtual Machine and install the latest Sun version instead. Just search Google for "Uninstall Microsoft Java Virtual Machine" to find instructions on how to do it. So far no one that I've done this for has had a major reoccurrence though they've scanned and found more stuff with the latest Adaware SE 1.05.
One other note, Adaware SE (I don't know if SpyBot is the same) won't uninstall "legitimate" stuff from the machine. The Adaware people have some type of standard that spyware / adware must meet in order to get in the removal database and one key is "Does the spyware / adware have an uninstall in the add / remove programs". In some cases the entry in Add / Remove programs is camouflaged as something you wouldn't think of like "IE Patch" or "Internet Tools" so if Adaware and Spybot doesn't totally fix the problem start looking for suspicious entries in Add / Remove.
No, it's you who doesn't get the cigar. I said "Unix", but I didn't say "Open Source".
Unix, even Linux, doesn't mean exclusively open source apps. You tell me for example where we can get the sources for Oracle or WebSphere. Yet we have them here installed at work.
I'm willing to imagine an alternate reality where MS never existed and Unix won. An alternate reality where everything is OSS, on the other hand, is akin to believing in Santa Claus. Never happened, never will.
And frankly, not only for Joe User, but for _me_ too... well, I don't know how to say this nicely, so here goes the very non-nice version: I don't really give a flying fuck about the whole "Open Source" hype. In fact, I don't give a flying fuck about any idealistic ideological battles any more.
In between:
A) I buy a closed source program that does what I need, and
B) I wait for years before an OSS equivalent is available (and I'm not even saying "with good usability." Just available at all.)
I'll take A any day.
I'm not even exaggerating. Look how long it took Mozilla to actually have a browser. In the meantime, dunno about you, but I was very happy with the closed source Netscape, Opera and even IE.
In fact, I still very much prefer the closed source Opera to Mozilla. Between the two, Opera is simply the better browser. And see above: I don't really give a rat's ass about its not being F/OSS.
Or look at how many F/OSS games exist on Linux. No, really. I could play HAND and Pingus... oh wait, noone actually finished making Pingus. Hacking code is good and fine, but you don't find many people designing levels and painting graphics for free, do you?
Or I could just buy a closed source game instead.
Not that tough a choice. I'll take the closed source game, thank you very much.
So to cut a long story short: Joe Average _will_ install a closed source app, and so would I. Basing your whole defense against spyware on the idea that everyone would rather have a useless computer, than install a closed source app... well, it's just utopic.
A polar bear is a cartesian bear after a coordinate transform.
Not on OSX mate- it's designed so that you only ever log in as Root to install software. It's pretty well impossible for spyware to install itself automatically without an Admin agreeing to it.
I've never had a virus, worm or spyware on our Solaris, Irix, HP-UX, Linux and Mac OSX machines. But boy are you wrong about Windows. Worms can hit your computer even if you are not logged on as administrator, so if you've never been hit then consider yourself lucky. Secondly, we have a 5 man team that loads Windows computers for our computer labs and they where hit by all of the above, viruses, worms and spyware. What annoys me is why does Microsoft allow folders like C:\Program Files\Common Files\ to be vulnerable to Netsky? The PC loadset team have to get 200 Windows Engineering applications running in the College of Engineering and I'm appauled at the amount of pop-ups that have occured on our systems, even though NONE of the students where administrators and these computers where configured by a team of PC experts. I'm pretty disgusted with Windows and have been advising our faculty members to switch to Mac OSX or Linux. Windows by default allows users to write into the root of the C:\ drive and other undesired places. It is a MAJOR pain in the ass to lock down. Don't have to do that with BSD (Mac OSX), Unix, Linux boxes. Thank God.
oh, I forgot about the "Messenger" folder ... and any other IM clients. Do NOT reset User permissions on these....
Dear Frater 219
Hi
I am an undergraduate student at Endicott College. In order to graduate I am supposed to be focusing on a thesis. I decided to write it on privacy issues that came along with spyware. I read your journal and I would like to use it for my literature review that I am currently working on. Is that possible? If yes I need to get all the information about you and this journal so that I can be able to cite it.
thank you
Halil Deniz
Evidently you haven't broken their fingers often enough with the cluestick for them to have learned not to install stupid programs...
In one of the two most common cases, it seems to be one of those spyware-by-IE-exploit issues. I have tried to get him to use Mozilla but that has been an uphill battle.
THe other case, I am not sure where it is coming from.
LedgerSMB: Open source Accounting/ERP
What "Dell does not endorse the use of spyware removal software" means is only that no company has paid Dell to advertise a specific brand of spyware removal software. Such payment doesn't have to come in money; it can also come in working with Dell to make sure that the software doesn't interfere with Dell's preinstalled software.
Dell: I am sorry, every support call we get is spyware related.
M$: So?
Dell: It all came from IE, your browser. Now we have to bundle Firebox and disable IE for all shipped Dell products.
M$: No. IE is superior. Windows is superior. Suck my left nut.
Dell: What?
M$: Get back to work or we take away windows licensing.
Dell: Ok. Would you like some coffee sir?
I do computer repair as a part time after school job. I agree with the quote from someone above saying "90% of all machines have spyware the rest are *nix based." Every win machine I look at has spyware on it at least. Many times it is the cause of the problem. There is spyware that will fuck up all of win xps fonts if you remove it just with spybot search and destory. Spyware has gotten really nasty and acts more like viruss. To prevent the spyware I put mozilla on my customers computers. I have found it helps GREATLY!!! Spyware is cut down alot from mozilla, plus mozilla has a popup killer and loads pages after then ie so most people like it. I myself am a Linux user. All of my machines run Linux and Linux only. I am very happy with Linux and a very big Linux supports. I do think that if M$ dosnt do something fast to combat spyware it WILL be Windows or at least IEs down fall.
...I stated that the OS has to be on the machine, vendor supplied, so it's installed and all the doo dads are supported. That is really the only sort of big breakthrough that might occur, IMO. Aftermarket installs just won't work past a limited small single digit percentage, at least when you are talking single home users in general. With business, and dedicated purposeful bought machines and admins it is much more possible and a more credible scenario for "mass adoption on the desktop".
Surprised it's not more, 5 out of 1, wow, there doing good.
Thanks asshole. You just proved my point.
"City hall" in German is "Rathaus" Kinda explains a few things......
Thanks asshole. You just proved my point.
If it counts for anything I just meta-modded that troll mod that you got "unfair". I read your original post a few days ago and didn't see the mod -- then I got it in my m2 list.
And I'm even posting this from my account! Go ahead and mod me down. A) I don't care, B) You'll pay for it in M2, C) If you do it "overrated" you are a spineless wimp and I still have lots of karma to burn.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Cool. Thanks.
:)
(Beware, stupid mods! Be very afraid.
We will strike when you least expect it!
BWAHAHAHAHAHAHA!!)
"City hall" in German is "Rathaus" Kinda explains a few things......