Slashdot Mirror
Every 5th Call At Dell Is Spyware-Related
prostoalex writes "Financial Express quotes a Dell executive saying that spyware is installed on roughly 90% computers out there. Right now 20% of all Dell phone support calls are spyware-related. University of Washington research this March published a moderate estimate of 5.1% PCs running spyware."
... and get rid of it if you do...
Spybot Search&Destroy http://spybot.safer-networking.de/
and Ad-Aware http://www.lavasoftusa.com/software/adaware/
BTW, be sure to update the definitions or you're going to miss a lot of spyware.
It didn't answer how many of the computers were infected with any spyware program, just those four.
I run the computer networks for a number of small businesses. We run a variety of programs to keep spyware off the systems. These are less effective than antivirus software.... Approximately 33% of my customers are found to have spyware on a regular basis.
LedgerSMB: Open source Accounting/ERP
Actually, assuming that it was fairly done, it'll have a margin of error of approximately 3.7% [(724^-.5)*100%]. Not bad, I say.
Well as for Mac's -- I don't know if it's part of the culture of the things or what, but there are TONS of mac appps out there that "phone home" to an extent that is generally not tolerated in PC software. A lot of apps even spew network traffic when they start/while they are running to enforce licensing between machines on the LAN. Rather than protest the vendors' applications, though, the community responds as it typically does -- with a ~$10 app named "Little Snitch" that catches this activity. I have never tested it either, but I kind of wonder whether or not "Little Snitch" phones home also...
...I fully concur with that estimation, if not higher.
At least 8 of the 10 computers that I fix follow this routine:
Update and run AV program, if possible.
Install Adaware, update, run.
Install Spybot S&D, update, run.
Run CWShredder.
Fire up a HijackThis! log and manually remove the leftovers.
I'm getting pretty damn good at filtering out the hijackthis logs, too.
Seriously, if you familiarize yourself with spyware removal, you could make a killing on the home PC market. Manufacturers won't help you with spyware. It's getting to the point where the retail chains and PC shops won't deal with it either; they'll simply offer you a format/reinstall.
Both Norton AV 2004 + 2005 and McAfee's current stuff sport spyware detection as a new feature over the older version. Granted, their removal process is god-awful, but even their $40 on the shelf software will detect most spyware programs and can actually remove some.
HALF of the internet connectivity related issues are spyware releated in that it corrupts the TCP/IP stack and Winsock settings in the registry. Also, we had major problems when people installed SP2 on an infected PC with spyware too.
In fact it's so bad. I have the Microsoft KB article 817571 bookmarked and always open on my desktop for when I take calls.
Life is not for the lazy.
The guys who determined it was only 5% only looked for 4 specific pieces of spyware. That means 100% of their computers could be infected with the other 8 billion pieces of spyware out there, but only 5% were gator, ezula, and another two that I can't remember right now, even though I just R'd the FA....
"City hall" in German is "Rathaus" Kinda explains a few things......
You can get a Dell with no OS, and with FreeDOS in the box. Or you can get a Dell Precision with RH pre-installed.
This has come up before, and just like last time someone said it, I argued the point.
Education, in a general, overall sense, is *always* the best answer. If you really *know* how to avoid all the problems, then you shouldn't have any of them.
But that's as much a "cop out" as anything, if you're trying to offer up workable solutions to the current spyware/malware epidemic we're seeing on Windows-based machines.
Quite a bit of spyware I've run across initially gets on machines because users installed an otherwise legitimate piece of freeware that was bundled with a few hidden "gotchas". Worse yet, many of these "more than you bargained for when you ran setup.exe" programs know how to download additional trojan horse virii and spyware. So all it takes is a user mistakenly deciding to download a p2p sharing package like BearShare or Kaaza, or perhaps even a nifty-looking waterfall screen saver, and a few weeks later, the computer is infested with hundreds of things and rendered unusable.
When you've still got plenty of people just trying to learn the basics of getting on the Internet and sending relatives/friends email - you can't realistically demand that they memorize a complete list of known "bad to download" free programs that include bundled malware!
I do on-site PC repair for a living, and believe me - for every 1 person who obviously has spyware/virus problems from surfing porn sites and trying to download "warez" from the web, there are probably 10 who are just retired folks, doctors, lawyers, or college professors who tried really hard not to open email from anyone they didn't know, etc. etc. and STILL ran into big problems.
That's entirely believable. I worked at a GW call center for several months and I'm dead certain 90% of the computers people contacted me about had spyware or virii on them even if it wasn't directly related to the issue. Keep in mind most of the businesses that buy these things are going to have their own IT - those don't call for help.
What's hilarious is the way techs are told "document everything" and "don't fix spyware and virii issues" but then get chastised (and even written up) if their average goes over some ridiculously low number like 40% redirected due to "out of warranty" issues (ie spyware or virii).
I quit - simply couldn't tolerate anymore the hypocrisy of it all and we were about to move to supporting ONLY Microsoft calls (which would make the work my vision of hell).
Dell has, in the past, stated it's their policy to not help the customer by suggesting ANY spyware removal tools, since those tools may help the customer remove software put their by Dell's partners. Is this still the case? I can't think of any prefab, corporate, store bought machines that don't come with some sort of spyware included right in the reload image.
Wow, if you were electrocuted an hour ago that means you are talking to us from the other side! Oh, you just meant that you got shocked...
u ted
definition of electrocuted: http://dictionary.reference.com/search?q=electroc
Hey, there is only one Return and it's not of the King, it's of the Jedi.
Adblock 'images.indiads.com' and the overlay image is gone. Sounds like a website worthy of riddance.
It doesn't hurt to be nice.
The problem is that Dell hides these little morsels of information so that unless you are already determined to buy a Dell with Red Hat on it you would never know you even had the option.
The very fact that you have been modded informative serves to demonstrate that Dell + RedHat is not an obvious option and most people remain blissfully unaware that it exists.
Dell only offer Linux as an option to appease the Linux crowd. They certainly don't want to be hit by a backlash from the rabid Linux fanboys. But at the same time they are keeping on BillG's good side by sticking "Dell recommends Microsoft® Windows® XP" graphics all over their webstore and ensuring that the Linux option is kept pretty much hidden from the general publics view.
Try going to the Dell website and browsing to a PC with Linux. Don't do a site search for Linux, as that defeats the purpose. Joe Average won't be doing that after all. I just tried looking around for a few minutes. You would think that if you were to check out the "Learn more about operating systems" links on most of their store pages you might see a mention of the Linux option?. No, there is no mention of Linux in there, just descriptions of XP Home vs XP Professional. Yay! It's as if Linux doesn't even exist.
Dell might technically sell you Linux if you ask for it, but they sure go out of their way to make sure you don't ask about it.
"You can't fight in here, this is the war room!"
They're only slowly getting involved. Most "spyware" is actually "foistware", amazingly poorly written and stupid software installed with another potentially useful package but that is designed to report your behavior back to some central site, usually an advertising business of some kind.
As such, most installations of foistware were voluntarily accepted in some way by a fool clickin on an "I accept this software" click button, and the virus companies are very reluctant to start ripping it out by the roots and potentially get sued. But they're learning: the next version of Norton Anti-Virus, for example, is supposed to include quite a lot of spyware scanning and removal utilities.
I use my firewall as a snitch. Not only do plenty of apps phone home but so many of them that do still work perfectly well despite being blockaded from the internet. I do however get quite annoyed by applications that you configure to not use the internet that then still go ahead and try to access the internet.
They might, but there is no proof so far. You should read the posts above you instead of blindly posting. They clicked a floating image used to make them open a window that wasnt able to pop up on its own.
Yes, you can order a Dell without Windows. I promply received my windows refund a couple weeks after I received my computer. It just takes you some time on the phone, redialing, and talking to different sales people until you finally get one on the line who OKs it.
1) about:blank
2) coolwebsearch
3) ewebrebates
4) tvm.exe
I'd say thats the bulk of it..most people have at least one of those.. about:blank is the worst.. or one of the ones that strip out the winsock files when removed by adaware or spybot. I never thought of making a big list of what is found.. I normally put best effort into everything but spyware to be honest due to the sheer volume of it... especially since we are expected to remove it as quickly as possible.
Mod me down im a newf (wiki)
First let me say: John Kerry Is A Douche Bag But I'm Voting For Him Anyway.
That being said, I have 0 spyware on my (Windows) system because I never use Internet Explorer. Plain and simple. Firefox protects me pretty good.
(btw) Windows Update no longer requires you to use Internet Explorer - just check the option to download but not install automatic updates.
Get your Unix fortune now!
I'm just glad that I normally don't run Windows at home.
The meme police, They live inside of my head
In IE 6, I had scripting (JVM) and Active-X enabled and it cost me... I got hit with a 0-day exploit that executed on render of the page I visited (It was a old Doom cheats page - I was looking for the command for "all-map"). If it were not for ZoneAlarm, TCPView, and pskill, I might not have caught the ton of spyware that followed.s ure/2004-10/0077.html
It was a situation quite like the one described in this thread: http://archives.neohapsis.com/archives/fulldisclo
(atpartners, "megasearchbar," chtb, 4 or 5 seperate exe's downloaded and run from prefetch in all.
A week ago, I sent this email to a major AV vendor (xxxx) of and have not received a reply:
This is a pre-sales question relating to future purchases, but may require technical assistance to satisfy.
--
Are there any single-user-licensed xxxxx antivirus products that do not rely on Active Scipting, or can use a different Security Zone than "Internet"? Or a differnt browser than IE?
--
I am tired of arbitrary code execution in IE and have locked it down. It is also no longer my default browser. Viewing the xxxxx readme.txt tells me that I must substantially weaken my security in order to continue using xxxx.
I'm not willing to do that. I would sooner find another antivirus vendor.
Your antivirus fails to protect from prefetch code, rendered-on-the-fly, not because of faults in xxxxxx, but because of faults in the configuration of Windows. I should be able to correct those faults and still be able to effectively use a "security product" such as an antivirus.
US-CERT (us-cert.gov), the operational arm of the National Cyber Security Division at the Department of Homeland Security (among many others) recommended a recently that users switch to a more secure browser than IE, and advocated the limiting of mobile code execution for users that do not switch.
TCPView from SysInternals?
w .s html
http://www.sysinternals.com/ntw2k/source/tcpvie
Lots of cool stuff there.
Almost every single piece of spyware that I have seen has been carefully crafted to NOT REQUIRE ADMIN RIGHTS!! I work in an enterprise where users cannot have Admin rights and we see spyware / malware all the time. As soon as the user clicks OK to some stupid popup the executable runs and has the same priviledges as the user. That is all it takes to put entries in the HKeyLocalUser hive so that these beasties run on login. I would submit that your proactive patching strategy has more to do with the lack of spyware than anything else.
We have effectively stopped almost all virus traffic, only to find that spyware has taken its place as our major pain in the ass.
WoodSmoke
Time Warner in Austin will disable your modem remotely if the system detects port scanning from the device connected to it (PC, Router...)
I ran into an issue once where this customer had a repeated history of service abuse. The issue of course was a virus. It was logged over and over in her customer log that she formatted and reinstalled the PC with her Dell restoration disks (dell walked her through the process). So when it came to my attention with the customer called in for the 4th bloody time, I asked her if she was using a wireless router. She said "Ya, I have a blue Linksys wireless"
Well folks, she learned a valuble lesson to never leave a wireless router unprotected at an appartment near the UT campus. Obviously someone else decided to leach off her connection and blow infected viri down her modem, hence SHE got blame for it.
Life is not for the lazy.
Wrong. I see this allegation all the time from people who never use the system in question, but OS X has this wonderful notion that you ought to consent to software being installed on your system. Even as administrator, there are some things you just can't do without authenticating (usually through a password dialog), and one of those is installing any software that uses a program to place it instead the old drag-and-drop method. If you want software to be put onto the system, you have to do it and that's all there is to it.
In order for spyware to work on OS X, it's going to have to be trojanized. There's not much you can do about the human factor, other than running as non-administrator, but that's a FAR smaller deal than it is for Windows.
Oh, and you prove your ignorance by comparing administrator status with root. There is no default root account on OS X, though you can enable it through NetInfo if you really get tired of using sudo. Why you'd do so, I can barely imagine, but there you go. Administrators are more priveleged than other users, but they're hardly root.
Any sufficiently advanced technology is indistinguishable from magic. -Arthur C. Clarke
App: How about phoning scumsuckingspywhere.com at port 80?
Firewall: Sorry, I can't let you do that. *writes log message*
Me: *Viewing logs* Ah, another spywhere program blocked!
While there are global settings blocking common ports, network access must also assigned to individual programs before they are allowed to access the network, otherwise they are blocked! Plus there are port controls on the individual programs themselves should I so wish it, and wish it I do.
But thanks for caring! :)
Most, if not all, of the Win32 firewalls block based on the program name and location. If coolapp.exe tries to access the internet, it can't. It can try all the ports it wants; it won't get through.
Some of the better ones even recognise \myapp\iexplorer.exe as being different than \yourapp\iexplorer.exe. Even if someone tried to write an app named the same as one allowed to access the internet, they still couldn't get through.
I am worried, however, about an app using system calls to route itself through explorer.exe without actually launching it.
I'd rather you do it wrong, than for me to have to do it at all.
...I like the sound of my own voice (and I forgot to add something), so I figured that I'd come back here and mention it.
.app bundle into the user's home directory, which worked. However, thanks to the structure of OS X, the worst that any known exploit can do is wipe that directory and that's it. The proof of concept media trojan showed that a month or three back, and so we know it can happen, but really... Human stupidity is human stupidity, and even Apple can't account for all of the possibilities that brings in.
You can't install anything through an installer if you're not an administrator, either. Software installers are password locked to accounts at the admin level or higher.
Just to check, I swapped over to a non-admin account I keep for guests and tried both installers and drag-and-drop installations. The installers ask for an administrator password, and drag-and-drop to the applications folder says that it can't be modified. It seems that my permissions (which are mostly default) are working properly.
On a whim, I tried to drag the
Any sufficiently advanced technology is indistinguishable from magic. -Arthur C. Clarke
just because they don't "allow" it, doesn't make it legal.
when they say "sorry sir, we can't accept that" you should be ready with "oh, but I'm afraid you can, under the terms of [insert appropriate legislation here]"
for us in the UK it is "The Sale of Goods Act 1976"
if the assistant refuses, ask for a higher up
if he refuses call in your local Trading Standards Agency (or whatever your area calls them) and maybe even your local newspaper, tv station, radio station - local media love "area man takes on big business over crappy products"
It is a pain but it certainly works and you can have some fun while you're at it.
Stay calm and be persistent and don't take no for an answer, the law is the law.
You can't hang a "no refunds" sign on the wall and point to it when trying to rip people off.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
No, it's you who doesn't get the cigar. I said "Unix", but I didn't say "Open Source".
Unix, even Linux, doesn't mean exclusively open source apps. You tell me for example where we can get the sources for Oracle or WebSphere. Yet we have them here installed at work.
I'm willing to imagine an alternate reality where MS never existed and Unix won. An alternate reality where everything is OSS, on the other hand, is akin to believing in Santa Claus. Never happened, never will.
And frankly, not only for Joe User, but for _me_ too... well, I don't know how to say this nicely, so here goes the very non-nice version: I don't really give a flying fuck about the whole "Open Source" hype. In fact, I don't give a flying fuck about any idealistic ideological battles any more.
In between:
A) I buy a closed source program that does what I need, and
B) I wait for years before an OSS equivalent is available (and I'm not even saying "with good usability." Just available at all.)
I'll take A any day.
I'm not even exaggerating. Look how long it took Mozilla to actually have a browser. In the meantime, dunno about you, but I was very happy with the closed source Netscape, Opera and even IE.
In fact, I still very much prefer the closed source Opera to Mozilla. Between the two, Opera is simply the better browser. And see above: I don't really give a rat's ass about its not being F/OSS.
Or look at how many F/OSS games exist on Linux. No, really. I could play HAND and Pingus... oh wait, noone actually finished making Pingus. Hacking code is good and fine, but you don't find many people designing levels and painting graphics for free, do you?
Or I could just buy a closed source game instead.
Not that tough a choice. I'll take the closed source game, thank you very much.
So to cut a long story short: Joe Average _will_ install a closed source app, and so would I. Basing your whole defense against spyware on the idea that everyone would rather have a useless computer, than install a closed source app... well, it's just utopic.
A polar bear is a cartesian bear after a coordinate transform.