Slashdot Mirror
Every 5th Call At Dell Is Spyware-Related
prostoalex writes "Financial Express quotes a Dell executive saying that spyware is installed on roughly 90% computers out there. Right now 20% of all Dell phone support calls are spyware-related. University of Washington research this March published a moderate estimate of 5.1% PCs running spyware."
I think it's probably somewhere in between 5% and 90%...
According to Dell, 90% of the computers out there have spyware installed on them... the other 10% are Macs and machines running *NIX. :-P
This is Dell(hi). We are not able to being helping you with Spyware this time. Your Dell service is not including that. Do not be cursing at me, sir! Your attitude is having me upset! You must be finding a local person to be helping you.
In that case, Dell should make available for download a "patch" that will scan for known spyware and remove it...
Or they would if this were really a problem for them. Makes one wonder.
... and that would be limited only to Dell customers under warranty or some sort of service package who actually bother to call for support. I would consider it safe to suspect that the actual percentile of spyware infested PC's to be more on the order of 60-70%.
Remember, people only call when they are aware of a problem.
And even then, most people will "get by" until the problem is so pronounced they are forced to do something about it.
Alright, I'm just some guy who fixes computers for friends occasionally, but I like statistics too. When my friends call me a geek for using Linux, I always retort "Guess when the last time I had a problem with spyware?"
I think Dell is going to do some small case studies of selling the average user a machine loaded with linux and see if it becomes cheaper to support them.
From the article Spyware-related phone calls now make up as much as 20 percent of all help calls, compared with just 1 percent to 2 percent in August, 2003
Is this because users are now more aware of the existance of spyware, rather than the actual 19% increase?
For instance, in 2003, Joe-granpa probably didn't know/care why his modem's blinking non-stop, but he does now.
Rock that crushes, Paper & Scissors that don't matter.
Comment removed based on user account deletion
90% may be high. 5.1% is ridiculously low.
90% of Windows machines connected to the Internet is absolutely believable. I don't know anyone who hasn't gotten some. I've never had a virus on any machine, but got spyware on a Windows box by accident when the little "yes/no?" box pops up while I'm typing in a password (hit enter just at the wrong time...)
Windows XP includes may common features with spyware:
* slow down the systems
* phones home to centeral servers
* long click though eula the nobody reads
* pushed on unwitting consumers
* claims to improve system security
* only avaliable on PC
... and get rid of it if you do...
Spybot Search&Destroy http://spybot.safer-networking.de/
and Ad-Aware http://www.lavasoftusa.com/software/adaware/
BTW, be sure to update the definitions or you're going to miss a lot of spyware.
They really went the distance to get the results they wanted...
Techs should feel lucky there's yet another thing out there creating a job market for them, whether they're still based in the USA, or shipped off to another country. You know, I thought Dell had the worst Dell tech support for sure, but I had to call Dlink last week to clarify on something, and I got into an argument from India about what was written on the configuration page of a cheap office router. It's up in the air -- The Dell tech couldn't read, and the Dlink tech said what I was reading was not possible. Hrm.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
It didn't answer how many of the computers were infected with any spyware program, just those four.
Using Linux as a file server at home: Free.
Using Solaris in our data-center: Pricey.
Not having to put up with viruses, zero-day exploits and assorted other bullshit: Priceless.
Apple, Sun & IBM make Microsoft look like the Red Sox, a lot of talk with zero action backing it up.
I like big butts and I cannot lie.
With spyware spreading so rapidly, nearly four users in ten say they feel less secure operating their computers today than a year ago. Huh. A year ago Dell's official line on spyware was that it wasn't their problem, thank you. It's amazing what a difference 40 bucks can make.
Posterity, my posterior.
I run the computer networks for a number of small businesses. We run a variety of programs to keep spyware off the systems. These are less effective than antivirus software.... Approximately 33% of my customers are found to have spyware on a regular basis.
LedgerSMB: Open source Accounting/ERP
Where are the antivirus companies? This shit has gotten to a bigger problem than virii ever were and behaves in much the same way. Still, your fancy $70 "internet security" package won't touch it.
Only in a Slashdot fantasy can a Slackware install turn into several hours of sex . . . . .
1 out of 5 people has no idea how to use their computer.
... the computers are shipped insecure by default.
Most of us know that about 90% of Windows's security problems have to deal with the integration of the default browser (Internet Explod^Hrer), running as administrator all the time (it's default in XP Home, but it's not too much a fault of the user, a lot of applications demand admin access), lack of a automatically enabled firewall (although things are different with XP SP2), and all of these extra services turned on by default (cough MS Messenger cough). However, I'm preaching to the choir here. Most of the regular users don't seem to know about protecting their computer from malware and other nasties of the Internet.
The spyware problem will be lessened in two ways: hardware manufacturers shipping anti-malware programs, firewalls, and secure browsers (Firefox, Mozilla, Opera, etc.), and some user education about general internet security. Perhaps there should be some kind of CD that you can get with your computer or at a library or something that comes with adware and spyware detection/removal tools, Firefox, ClamAV, and one of the personal firewalls.
As for user education, there should be a little pamphlet that comes with those CDs about Internet security and what you should do to protect yourself, and the pamphlet should be written in a non-geeky yet informative manner to get users serious about protecting their computers from crackers. The pamphlet should go into topics such as periodic checking of malware and viruses, keeping your OS up-to-date by using Windows Update, running as a regular user for most tasks, using an alternate browser, and using a firewall.
I wonder if this policy is still in effect ("Dell To Techs: Don't Help Customers Remove Spyware").
By the way, I love the "Your browser has blocked a popup" image over the article text. Really helps in the journalistic integrity department.
The only reason I give a rip is because I have relatives who buy these machines and end up whining about it to me. Hmph.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
I currently work tech support for a small ISP, I'd say those numbers are about right, at least that many of the calls we get here are spyware related, some so severely that we have to refer the customer to their computer manufacturer to reformat and reinstall, or have the customer (assuming they are local) bring it in to our office to have it removed.
Many of the spyware programs out there now infect the system so deeply that none of the removal programs will manage to get rid of it, and some of its now being designed with properties of classic "stealth" viruses - ie, so that theres at least some component (usually a reinfector stub) thats not detectable while the process is running (intercepting system calls, etc so that you can't see it by normal means))
The problem's getting pretty ridiculous, and will only continue to get worse so long as we have browsers that treat web pages as if they were executable files, and users that click buttons on dialogs reflexively without even realizing they are there.
At this point, I spend as much as 10 hours a week just on spyware-related calls. That's insane, even with the peanuts I make working at a mom-n-pop ISP, thats real money. Now, if we can just find a way to bill the scumware companies for our time...
...I fully concur with that estimation, if not higher.
At least 8 of the 10 computers that I fix follow this routine:
Update and run AV program, if possible.
Install Adaware, update, run.
Install Spybot S&D, update, run.
Run CWShredder.
Fire up a HijackThis! log and manually remove the leftovers.
I'm getting pretty damn good at filtering out the hijackthis logs, too.
Seriously, if you familiarize yourself with spyware removal, you could make a killing on the home PC market. Manufacturers won't help you with spyware. It's getting to the point where the retail chains and PC shops won't deal with it either; they'll simply offer you a format/reinstall.
I'd like to see the other results.. Bittorrent client, Kazaa, pr0n sites, browser usage, private emails, IM-conversations, etc... etc...
because you can't pawn your tough cases onto Microsoft. A typical OEM support call follows 3 stages: 1) clean boot 2) run Adaware 3) sorry, run your restore CDs or call Microsoft. Plus, there are _tons_ of tricks to getting free tech support from Microsoft, and many OEM techs are happy to let you know what to say/do.
Oh, and if your customers buy new hardware and it doesn't work, you can't pawn them off on the manufacturer (no Linux support, you see). Yeah, hardware Dell didn't sell you isn't supported. Try telling that to the average jerk who just bought a $30 dollar digital Camera. He's not gonna care if you support it or not, and he's just gonna get pissed and buy a Windows PC next time.
You're underestimating the value that $50 bucks buys an OEM.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
But avoiding spyware on the whole is very simple, and comes down to a few simple steps, based on prevention is better than cure, i.e. it's better not to get something bad at all, than to get something bad and then have to get rid of it.
Make sure their computers are behind some kind of hardware or software firewall which blocks all incoming TCP connection requests. Yes, there is more to it, but this one step is a huge improvement on not having a firewall.
Install another browser such as Mozilla Firefox, and show them how to use it. Only use Internet Explorer for specific sites that you trust, if it has to be used at all. Remember that many users need Flash and Java, so consider installing these as well to stop them going back to IE as soon as they hit a site requiring one or the other.
Spend a few minutes educating your users about malicious software. Explain that a computer simply follows instructions with little concept of good or bad, and that it only takes a double click on one file containing such instructions (eg a .exe file) to contaminate the system.
Yes, there's more: software updates, strong passwords, encryption, using more secure software and all the rest of it. Unfortunately most of our users aren't interested in becoming computer security experts. If you can get those three above points hammered in, and let them know that that there is more to securing their computer, you're making a big step in the right direction.
When I was a Dell tech, we had to refer to spyware as "third-party software" and we were not authorized to recommend tools for removal. Of course, I would just tell them to run spybot and pray for rain, but if a supervisor would have caught me doing that I'd've likely been fired.
What the hell do they expect to happen, when they won't let the techs solve the problem?
REM Old programmers don't die. They just GOSUB without RETURN.
HALF of the internet connectivity related issues are spyware releated in that it corrupts the TCP/IP stack and Winsock settings in the registry. Also, we had major problems when people installed SP2 on an infected PC with spyware too.
In fact it's so bad. I have the Microsoft KB article 817571 bookmarked and always open on my desktop for when I take calls.
Life is not for the lazy.
See this forum discussion on BroadbandReports. On my office Dell Dimension 8250, its support program (support.exe) phones home. I consider this a spyware.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
There's one ultra Death Star customer and they got a virus from a security camera server installed by a contractor. ROFL! Soon as they plugged it in it went nuts infecting other machines.
Five percent...hahahahaha!
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
1988 Citroen AX 1.4 Diesel. Bit scruffy round the bottoms of the doors, good for another few years without significant work, 85-90mpg. Oh, and a radio-cassette.
Yeah, I agree. I get paid pretty well lately doing simple routine jobs such as removing spyware. To me, spyware is the new "killer app". I just hope more and more of it gets made. I'm definitly pro-spyware. Also, I bring joy to peoples faces when I remove it for them. So in conclusion, spyware makes people happy and should be promoted by a citizens government. We should also rename it from spyware to joyware.
"If you are a dreamer, a wisher, a liar, A hope-er, a pray-er, a magic bean buyer
You can get a Dell with no OS, and with FreeDOS in the box. Or you can get a Dell Precision with RH pre-installed.
This has come up before, and just like last time someone said it, I argued the point.
Education, in a general, overall sense, is *always* the best answer. If you really *know* how to avoid all the problems, then you shouldn't have any of them.
But that's as much a "cop out" as anything, if you're trying to offer up workable solutions to the current spyware/malware epidemic we're seeing on Windows-based machines.
Quite a bit of spyware I've run across initially gets on machines because users installed an otherwise legitimate piece of freeware that was bundled with a few hidden "gotchas". Worse yet, many of these "more than you bargained for when you ran setup.exe" programs know how to download additional trojan horse virii and spyware. So all it takes is a user mistakenly deciding to download a p2p sharing package like BearShare or Kaaza, or perhaps even a nifty-looking waterfall screen saver, and a few weeks later, the computer is infested with hundreds of things and rendered unusable.
When you've still got plenty of people just trying to learn the basics of getting on the Internet and sending relatives/friends email - you can't realistically demand that they memorize a complete list of known "bad to download" free programs that include bundled malware!
I do on-site PC repair for a living, and believe me - for every 1 person who obviously has spyware/virus problems from surfing porn sites and trying to download "warez" from the web, there are probably 10 who are just retired folks, doctors, lawyers, or college professors who tried really hard not to open email from anyone they didn't know, etc. etc. and STILL ran into big problems.
That's entirely believable. I worked at a GW call center for several months and I'm dead certain 90% of the computers people contacted me about had spyware or virii on them even if it wasn't directly related to the issue. Keep in mind most of the businesses that buy these things are going to have their own IT - those don't call for help.
What's hilarious is the way techs are told "document everything" and "don't fix spyware and virii issues" but then get chastised (and even written up) if their average goes over some ridiculously low number like 40% redirected due to "out of warranty" issues (ie spyware or virii).
I quit - simply couldn't tolerate anymore the hypocrisy of it all and we were about to move to supporting ONLY Microsoft calls (which would make the work my vision of hell).
Dell has, in the past, stated it's their policy to not help the customer by suggesting ANY spyware removal tools, since those tools may help the customer remove software put their by Dell's partners. Is this still the case? I can't think of any prefab, corporate, store bought machines that don't come with some sort of spyware included right in the reload image.
I work at my school (Cornell Univ.) in the Information Technologies department taking calls and basically doing technical support for folks who don't know anything about computers. Our ratio of spyware questions to any other questions is definitely at LEAST 4:1. It gets real old, real fast. Thing is, we're not allowed to give advice on what spyware removal tools to use, which makes it that much harder. The problem never gets fixed, and we just get more and more repeat calls.
I'd venture to say that most non-tech savvy computers have some sort of spyware/adware installed. Why do these people get it?
1) They accidently click on something they didn't mean to, because of a popup. It goes downhill from there, since many spyware programs act like virii and have some friends join the fray.
2) Users that hit porn sites. These are the black hole of spyware, and while I've told them "stop looking at the porn and you wont get this crap", and they say they don't, yet I see their Internet Explorer history and its just filled with porn urls.
While my parents are largely #1, I've switched them to firefox and its gone down dramatically. I still catch them using IE for things like OWA and a few other IE-sites (and they will re-use the browser window to do other things).
I simply got tired of deal with them calling me about "CoolWebSearch" and tons of other junk that pisses me off.
I use Internet Explorer *and* firefox to browse the web, and I never get *any* spyware - I just know what to look out for. I'd say at least 80% of the people out there don't.
It also helps if you surf the web as a non-priveldged account - those are, for the most part, invulnerable to spyware. Just as none of you would use any web browser on linux as root -
agressiv
So from that we can assume that Dell sells 10% of its computers with Linux. :)
A worm outbreak today is an acute disorder -- the bulk of the damage is done in one day, even a handful of hours or minutes. Even though recovering a business or department from it can take longer, the outbreak itself burns through the vulnerable population pretty quickly, and starves itself. Spyware, because it's rooted in long-standing bad security practices both by Microsoft and by Windows users, is a chronic disorder -- it doesn't just shut you down for a day or so; it degrades your online life over a long, nasty time.
To extend the analogy perhaps too far: A flash worm is like Ebola: it kills its victims quickly and messily and leaves a disgusting corpse. Everyone knows when it's in town because of the gory sacks of flesh lying around the streets. Spyware is like cirrhosis of the liver. It comes from doing something bad over a long period of time. It doesn't spread to others materially, though long-term excessive drinking (which causes it) can "spread" memetically in a population, as do bad Windows security practices. And, eventually, it causes the affected organ to be overwhelmed and just shut down.
The spyware situation today is one created by a nexus of influences:
The first two are well-known and I will not address them further. The latter are not.
What I call contract date-rape is the evil represented by so-called "end-user license agreements" and other documents which purport to represent agreements between software publishers and computer owners. The unethical business practice of software publishers is as follows: The computer owner buys a piece of software and installs it, only to find that it is designed so that it cannot be run without "accepting" an "agreement" which waives the owner's rights -- such as resale rights, rights to a refund for defective merchandise, or even free-speech rights. Then, when the software does something harmful and the owner seeks recourse, he is told that he "consented" to whatever harm was done, simply by the act of using what he purchased.
It is contract date-rape which puts the lie to that old FUD about open-source software: "But whom do you sue when it breaks and doesn't get fixed?" The owner of a computer using proprietary software under a Microsoft-style EULA does not have any enforceable rights against the publisher. Windows does break in many ways that Microsoft doesn't fix, but nobody is suing Microsoft for it. Why? Whether the EULA is in fact legally binding or not, both Microsoft and computer owners regard it as leaving Microsoft with no obligations.
(Of course, software was not always sold on "as-is" terms that were intended in law for used and defective products. Nor was it sold on terms that used copyright law as a cudgel with which to deprive users of rights such as fair comment and resale. Contract date-rape is not an endemic problem of proprietary software; it is one that proprietary software publishers have chosen for themselves.)
And it is the methodical use of contract date-rape which leads to the situation we have with spyware today. Spyware gets into a computer owner's property unannounced, alongside some piece of (presumably) desired software. It is a Trojan horse in the original sense -- sooner or later, it bursts open and out pour the soldiers of the enemy, who go about merrily burning w
The problem is that Dell hides these little morsels of information so that unless you are already determined to buy a Dell with Red Hat on it you would never know you even had the option.
The very fact that you have been modded informative serves to demonstrate that Dell + RedHat is not an obvious option and most people remain blissfully unaware that it exists.
Dell only offer Linux as an option to appease the Linux crowd. They certainly don't want to be hit by a backlash from the rabid Linux fanboys. But at the same time they are keeping on BillG's good side by sticking "Dell recommends Microsoft® Windows® XP" graphics all over their webstore and ensuring that the Linux option is kept pretty much hidden from the general publics view.
Try going to the Dell website and browsing to a PC with Linux. Don't do a site search for Linux, as that defeats the purpose. Joe Average won't be doing that after all. I just tried looking around for a few minutes. You would think that if you were to check out the "Learn more about operating systems" links on most of their store pages you might see a mention of the Linux option?. No, there is no mention of Linux in there, just descriptions of XP Home vs XP Professional. Yay! It's as if Linux doesn't even exist.
Dell might technically sell you Linux if you ask for it, but they sure go out of their way to make sure you don't ask about it.
"You can't fight in here, this is the war room!"
It's pretty bad if your grandmother downloads and installs some screensaver with this shit on it, but HP should not be doing this to its customers. Having to deal with a recovery CD is bad enough, without having to clean out the extra "value added" shit (aka sweetheart deals that make them mo money). HP is stabbing their customers in the back.
(Unrelated to this, kinda, but when I was ordering this recovery CD from the HP drone on the phone, I asked him the price.
He said "between $20 and $40."
So I said, "Can you be more specific?"
He said, "I'll need the model number first."
So I gave it to him and said "So what's the price?"
"Between $20 and $40, depending on the model number."
"I just gave you the model number! What's the price?"
"You need to order it first."
"Tell me the price first."
"You need to order it before I can tell you the price."
"You mean you can't, or won't, tell me the price?"
"Just order it, and if you don't like the price, I'll cancel the order."
"Fine. Whatever."
I ended up ordering it anyway, but I have never seen such a stupid system where you can't know the price until you order.)
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
68% of all statistics are made up on the spot. Although i do agree with the estimate that 90% of computers running Windows are infected. The actual percentage rises to about 99% if servers and special-purpose machines are excluded from the count. And no matter how many times the machine is sweeped with some anti-spyware tool, in 5 minutes of browsing there will be something installed, even if its a tracking cookie.
How long until the support costs of spyware outweigh the partner benefit payments? Once this equation is clearly on the "right" side, Dell and other companies will get serious about anti-spyware legislation. Until then, they will continue to support half-ass measures like we've been seeing from Congress.
I actually made a good amount of money from removing spyware from people's computers. Since I have a full time job and really did not need the money I did at some point give it up. It was the same group of people that were getting infected over and over again. For some reason I could never educate them on how it got on there.
Gator used to be one of the worst ones.
Joel Johnson
1) about:blank
2) coolwebsearch
3) ewebrebates
4) tvm.exe
I'd say thats the bulk of it..most people have at least one of those.. about:blank is the worst.. or one of the ones that strip out the winsock files when removed by adaware or spybot. I never thought of making a big list of what is found.. I normally put best effort into everything but spyware to be honest due to the sheer volume of it... especially since we are expected to remove it as quickly as possible.
Mod me down im a newf (wiki)
I find it ironic that half of the stuff that Dell ships on their prebuilt computers makes computers run ust as slow as a lot of spyware. I know that when clients of mine buy a new Dell computer, they're disappointed at how slow it runs. Reformatting the HD always makes the computer run 10 times+ faster.
...was a very good rant. Nailed everything,and used decent analogies. In particular EULAS which are THE most lame bogus "contracts" out there that joe average has to deal with, least noticed, least understood, and most annoying in what "happens". Maybe someday a true "peoples class action" law suit will be filed against a few big konzernes over them, they need to be abolished. We need consumer protection, a standard warranty of useability and suitability for purpose.
2 hours (+ -) in a courtroom, real time. A clean install on a new machine, attach to the internet, watch with a traffic monitoring program. Show the judge and jury what happens. Then another hour of random surfing, and receiving email, again, show them what happens.
Would be fun to see for sure. Needs to go all the way to the supremes.
The spyware situation today is one created by a nexus of influences:
I can't argue with 3) or 4). But as for 1) [and it touches a little on 2)], we've been running Windows NT & Windows 2000 for more than five years now, and we've NEVER had a SINGLE piece of spyware installed on any of our systems. [Never had a virus or a worm either, although I hope I didn't just jinx myself by saying that.]
You know why? BECAUSE NONE OF OUR END-USERS LOG ON AS ADMINISTRATORS!!! That's it - it's that simple. They don't have Administrative rights, and they can't install spyware [or viruses, or worms]. [Of course, yours truly installs the latest security patches as soon as they appear, and has always had all of his users behind a fire wall, but that's not the important point here.]
If you surf the web as an Administrator [Root] on OSX, or if you surf the web as an Administrator [Root] on Linux, you're every bit as prone to this stuff as any Microsoft user surfing the web as an Administrator [or you would be, if those operating systems had large enough market share for the spyware people to be bothered with writing spyware for them].
Well, nice to see it coming around to byte you, eh, Dell?
The World Wide Web is dying. Soon, we shall have only the Internet.
I whore out my tech support services to the floor where I live, and this is the case in every room with a Windows computer. The first computer I went to was my RA's compueter. She'd switched to Firefox a month earlier after hearing about the tabbed browsing, but hadn't installed Spybot and AdAware yet, so she still had 2 years' worth of spyware on her computer. When I fixed it, she was willing to do anything for me. Too bad that I already have a girlfriend, and I'm not the cheating kind.
Haec merda tauri est. Ceterum censeo Carthaginem esse delendam.
My SigOther works at a Dell corporate call center & she tells me most of the calls lately are for WinXP SP2.
Jaysyn
There is a war going on for your mind.
I'm just glad that I normally don't run Windows at home.
The meme police, They live inside of my head
There's someone who does an organized scan of my ISP's IP space every morning at 8:42 and 9:42 EDT. When I have two DHCP IPs, both get hit with an average of eight bots each trying ports 5554, 1023, 9898 and 445. The IPs it comes from are usually Korean or Japanese. When I listen at the ports, they try various exploits on bots which do listen on those ports to download their own bot software.
I suspect that "8:42 Zombie Charlie" scans a lot more than my ISP's space. So it looks like someone is running a very organized and *punctual* effort to harvest a whole lot of botted machines for unknown purposes. Joy. (Actually, it's kind of fun. I wrote a sound effects program from my firewall, and I drink my coffee listening to the chorus of sounds as the ports are checked. Too bad I can't arrange to be checked a little earlier in the morning.)
One line blog. I hear that they're called Twitters now.
I tried to set my friends up that way. It isn't hard, XP comes with that ability, even in the home version. Setting up is easy enough. Making it work is another matter though. Nearly half of the programs my friends want to run do not work correctly without administrator rights. This includes software for XP from Microsoft!
In the end I gave up, ideally they wouldn't use the administrator account except when needed, but practically their computer didn't work without it. Switching users takes time and is a pain. Not hard, and it doesn't take long, but annoying enough that I can't call it a solution.
Remember this is a home environment, not a work environment. They don't have someone checking out software from various competitors to see if it meets requirements. If Best Buy sells it they buy it, and expect it to work. (note that you can almost never return software after finding out that it doesn't work without administrator rights)
While I agree that spyware is a big problem, in the tech support world, it's used as a convienient catch all if a customer's problem can't be readily solved. I've worked plenty of regional/national ISP tech support, and everything from slow throughput to corrupt TCP/IP stacks were blamed on spyware without much investigation or confirmation. While I don't doubt that 20% of Dell's support calls are resolved to spyware, I would say half of those issues were attributed to spyware just so they could bounce the call to the ISP or vice versa.
This is a majorly bad problem, as I have to regularly check my clients' computers and delete or disable the damn stuff. This is one area that needs government or private intervention, because it is really mucking up (slowing down computers, redirecting browsers) the end-user experience. I can't believe Microsoft is not more concerned about this, because spyware ultimately will drive users to Macs or Linux.
I know many people who replace their computers every two years "because the old one got really slow". These people aren't searching for large prime numbers, finding pi to the 50,000th digit, or running nuclear blast simulations - they are checking email, surfing the web, and burning CDs. What drives this pointless upgrade cycle?
You guessed it: Spyware.
Why would Dell want to fix the problems? Their solution often times is to tell the hapless user that their machine is toast, and that they should buy a new one.
-ted
Almost every single piece of spyware that I have seen has been carefully crafted to NOT REQUIRE ADMIN RIGHTS!! I work in an enterprise where users cannot have Admin rights and we see spyware / malware all the time. As soon as the user clicks OK to some stupid popup the executable runs and has the same priviledges as the user. That is all it takes to put entries in the HKeyLocalUser hive so that these beasties run on login. I would submit that your proactive patching strategy has more to do with the lack of spyware than anything else.
We have effectively stopped almost all virus traffic, only to find that spyware has taken its place as our major pain in the ass.
WoodSmoke
I have a great (and true) anecdote about a Professor who inadvertantly splashed pr0n up on a 4m x 4m screen before an audience of MBA students, managers and Execs, but I don't have a good anecdote for the spyware and phisching parts of the series.
Have you (or do you know anyone) who has been caught out by (i) a keylogger or similar spyware or (ii) a phisching attack, either of which caused some quantifiable loss (ie: $$$ got pinched from their online back account, identity re-used somewhere else, etc, etc)
All I need is a short email description so that I'm quoting a valid/verifiable source instead of making things up.
I'd appreciate an email from an actual victim please, I'm happy to cite your name or be anonymous as required. Thanks.
about:me I'm a geek who works at university, becoming increasingly frustrated at the last year or so's worth of worms, phishing and general microsoft-induced hell and I'd had some degree of success at getting myself published on a range of geek topics. By no means a journalist or anything like that though!
I find your ideas intriguing and I wish to subscribe to your newsletter.
OLPC Australia
"my mom knows how to use windows, and will never, ever change her OS"
Never say never. In 10 years when every major OS has gotten to the point where your mom can sit down at her desk and say "search for Elvis," "IM Bubba, Hello Bubba whats up," and do it with 99% acuracy with her wristwatch/projection screen PC it might not make much diference what OS you use except for price.
Wrong. I see this allegation all the time from people who never use the system in question, but OS X has this wonderful notion that you ought to consent to software being installed on your system. Even as administrator, there are some things you just can't do without authenticating (usually through a password dialog), and one of those is installing any software that uses a program to place it instead the old drag-and-drop method. If you want software to be put onto the system, you have to do it and that's all there is to it.
In order for spyware to work on OS X, it's going to have to be trojanized. There's not much you can do about the human factor, other than running as non-administrator, but that's a FAR smaller deal than it is for Windows.
Oh, and you prove your ignorance by comparing administrator status with root. There is no default root account on OS X, though you can enable it through NetInfo if you really get tired of using sudo. Why you'd do so, I can barely imagine, but there you go. Administrators are more priveleged than other users, but they're hardly root.
Any sufficiently advanced technology is indistinguishable from magic. -Arthur C. Clarke
It is as simple as avoiding the popups that say "You are infected, please scan" It is bs.
If I had read your claim about most 'slow' computers being crippled by spyware half a year ago, I'd have thought you were overly cynical or exaggerating.
This is, however, exactly what happened to my wife's computer. While we're a Mac household, her employer lent her a computer a few months ago, to be able to use a web app that only works using IE6. Being vaguely aware of all the malware on Windows, I told her not to use the Windows machine for email, assuming web browsing was relatively safe. However, after two months of use, IE was getting so slow it was almost unusable. So I installed AdAware, which removed over assorted 90 thingies (registry keys, processes, DLL's, whatever - I didn't bother to check). The perfomance improvement was quite shocking.
"Money is a sign of poverty." - Iain Banks
Great, if the average PC user didn't want windows pre-installed.
The sort of people clogged up with spyware aren't the technical users who want to use something other then widows, or install any OS themselves.
"This just goes to show what security folks who have to deal with ordinary, average users have been saying for quite some time now: spyware is the #1 security problem for the ordinary Windows user today. Break-ins, worms, and viruses are all nasty problems indeed, but they do not cause the level of sheer aggravation and suffering that spyware does."
/. article claiming 1 out 5 children were solicitated in various forms on the internet last year, but I'm pretty sure I wasn't able to get throught to her about the dangers of the predatory social engineering that can take place through the internet these days. Spyware has the potential to pose a much bigger risk than most people believe because it opens the door to rootkits, social engineering, etc. when it is allowed to run amok in this manner.
I absolutely agree with you that spyware is without doubt the most grevious problem afflicting home Windows user today. However, it is not only the shear numbers of spyware and lack of unified solution to these problems that makes spyware the critical problem it is, but the threat and damage that can be caused by spyware, in my opinion far exceeds what I would consider aggrevation.
Although I am a fulltime workstation administrator for a tech company and often times pick up home user workstation support on the side and they are almost always problems related to spyware. I recently agreed to work on a women's computer that was no longer able to connect to the internet as well as set up a home wireless network for her. She told me that it was "her daughters toy and as long as she can get connected to the internet and chat at night it keeps her daughter out of her hair" they both remain happy. The daughter is 13 years old and has taken to chatting with her friends at night, passing around links to salacious little horoscope programs, gossip programs, ad nauseum . . . After two hours of working on the computer I had removed over 500 instances of spyware (files, reg keys, programs, etc NOT INCLUDING COOKIES!). My obvious diagnosis was that Windows XP home needed to be reloaded but for now she could get back on the internet. When I returned a week later after recovery disks had been obtained there was even more spyware than before & a mysterious bridged internet connection that I assumed was being used to turn the machine into a slave for God knows what. Additionally, I found approx. 5000 illegal song downloads (automatic prison time there), limewire and kazaa and an AIM add-on that was keeping documented records of all IM conversations. I quickly learned that this could not possibly have been the daughters choice as the one converstation I opened while investigating revealed explicit discussion of sexual activities. To me, the potential for abuse in this case goes far beyond the loss of data, or even identity theft. A hacker with access to this machine would be able to know all of this girls personal information, name, address, appearance, school schedule and what place her volleyball team achieved at districts. Needless to say, I did my very best to try to educate this women about the dangers of these surfing habits even referencing the recent
...I like the sound of my own voice (and I forgot to add something), so I figured that I'd come back here and mention it.
.app bundle into the user's home directory, which worked. However, thanks to the structure of OS X, the worst that any known exploit can do is wipe that directory and that's it. The proof of concept media trojan showed that a month or three back, and so we know it can happen, but really... Human stupidity is human stupidity, and even Apple can't account for all of the possibilities that brings in.
You can't install anything through an installer if you're not an administrator, either. Software installers are password locked to accounts at the admin level or higher.
Just to check, I swapped over to a non-admin account I keep for guests and tried both installers and drag-and-drop installations. The installers ask for an administrator password, and drag-and-drop to the applications folder says that it can't be modified. It seems that my permissions (which are mostly default) are working properly.
On a whim, I tried to drag the
Any sufficiently advanced technology is indistinguishable from magic. -Arthur C. Clarke
Generally a very good post, and I aggree that the cult of the EULA should die. And that blaming the _victims_ instead of the criminals is a sick joke already. But I do have a couple of minor objections:
/. Sad.
"The spyware is there on that disk because Microsoft security is bad, yes."
Actually, no. Yes, I know, it's slashdot. Daring say that there's something (e.g., AIDS or world hunger) which MS isn't to blame for, is bad for your karma. Blaming MS for _anything_ rakes in the big karma points on
Now Microsoft _does_ have plenty of faults. E.g., worms and viruses, those you can safely blame on Microsoft security. Better coding at MS could have avoided all the buffer overflow exploits, and better design could have foreseen some of the other exploits just waiting to happen.
But spyware? Gimme a break. Spyware is installed by tricking the user. It comes standard with a nice installer and an EULA.
Even on Unix, what do you tell users? Think. "Only log in as root to install programs or other admin tasks." Well, bingo, then they could install spyware just as well on Unix.
Try to picture an alternate universe where the Unix fragmentation never happened, and Microsoft never happened, so all computers run Unix. Now picture Joe Average, on his shiny new Unix home computer. Let's also imagine that enough sense has been hammered into Joe, that he doesn't run root while reading emails and chatting on IRC. (Ok, big stretch of imagination there;)
Now he's just downloaded this useful little movie ripper app, which incidentally comes bundled with Gator. It's right in the EULA too. And the install program tells Joe "sorry, you need to log in or su as root to install this program."
Take your best guess at what will Joe do next. Well, I'll tell you. He obediently switches user to root to install it. Congrats, you just got trojaned on Unix.
"It is a Trojan horse in the original sense - sooner or later, it bursts open and out pour the soldiers of the enemy, who go about merrily burning women and raping houses."
It's a Trojan in the computer sense as well.
Back in the day when BackOrifice was all the fashion, the way to get it was also bundled with some little useful app. When some script kiddie wanted to get you BOed, he'd send you or put up for download some little exe (a utility or game) wrapped in a nasty program that also installed the Trojan on your computer.
And you know, everyone called it a Trojan.
When did it become acceptable and not a Trojan? Since when do we even need euphemisms like "spyware" instead of "trojan"?
A polar bear is a cartesian bear after a coordinate transform.
Well, I guess that this must cost Dell a fair amount in support costs. I've got no idea what the volume of calls is, but it must be great - and 20% of them to do with spyware? It *must* affect their bottom line.
Maybe they will begin to ship machines with a more secure initial configuration. They might start wit some changes suggested by last month's article at The Register.
Note to ACs: I won't mod you up, even if you are being funny or insightful. So take a chance! It's not real life!
What's the deal with "about:blank" anyway? That's one Ad-Aware detects simply because my start page is about:blank. It's an old habit, IE starts much faster on low-end machines when it doesn't have to load a page.
It would be cool if it didn't suck.
> On a whim, I tried to drag the .app bundle into the user's home directory,
.config files in the user's home directory. This is quite enough ... ...
> which worked. However, thanks to the structure of OS X, the worst that any
> known exploit can do is wipe that directory and that's it.
On most systems, wiping out the user's home directory is actually *worse* than
merely destroying system files. System files can be restored from the restore
CD, but only a small percentage of users really back up their home directories,
where all their important data lives.
Additionally, there are more things an app can do with normal-user permissions
than just delete files. An app running from inside a user's home directory
can do any of the following:
* modify
to get it run unobtrusively in the background whenever the user logs in.
* read the user's files, looking for things like email addresses, credit
card numbers, passwords,
* contact a remote system (e.g., to send it the harvested email addresses,
or to obtain instructions about what IP address to DDOS, or whatever).
* send email (e.g. to propagate itself). Bear in mind that it can read
the user's files, so it would be possible (though I don't know of a case
of malware doing this) to construct *replies* to messages the user has
received, quoting something the recipient said, and responding to the
effect of, "Yeah, I see what you mean, have a look at this." with a URI.
The URI could contain an obscured string that the server could decipher
into keywords from the quoted portion, which could be used in constructing
the phony description of what the trojan is good for. Sure, 90% of the
time this wouldn't make sense and the user would be like, "Huh? Why do
I need that?", but think about the other 10% of the time.
* pop up advertisements. Although this would be likely to get the thing
noticed and removed.
* play jokes on the user, such as renaming files, changing the filetype
and creator codes on files, altering configuration and preferences files
(e.g., to "reconfigure" the AutoCorrect feature of a word processor),
kicking in the screensaver at odd times, taking a screenshot of the
user's desktop and setting it as the wallpaper, moving icons around,
Granted, all of this relies on convincing the user to install it. So, it
relies on having clueless users. OSes with no significant percentage of
clueless users are in no great danger here, but any OS with large market
share is going to have some clueless users.
Are *nix-based systems inherently more secure than Windows? Yes. Are they
inherently immune to attacks that exploit the human factor? Hah hah. No.
Cut that out, or I will ship you to Norilsk in a box.
I've been looking into ways to remove the profit incentive from the spyware guys. These morally challenged cruds monitor your web browsing habits and then sell that info. What if that info was full of bad entries? Like increasing the junk to valid signal ratio?
What I envision is a screen saver that we load on all the machines we can get our hands on. This screen saver then contacts these spyware sites and uploads random info. The aggressiveness could be controlled by the user, allowing it not to flood any Internet connection. The screen saver could have spyware lists, just like anti-virus software that could be updated. Imagine having millions of pcs uploading junk to coolwebsearch. How long would you say these guys would stay in business? Would those that are buying this info continue to do so even if it full of garbage?
Obviously this would be OSS, but we could license it in such a way as to allow folks like Dell to preload this and set it as default.
So folks, what do you think? Is this the way to kill these guys or is the recent criminalization enough to stem the tide?
Quit playing Monopoly with Bill.
Linux - of the people, by the people, and for the people.
No, it's you who doesn't get the cigar. I said "Unix", but I didn't say "Open Source".
Unix, even Linux, doesn't mean exclusively open source apps. You tell me for example where we can get the sources for Oracle or WebSphere. Yet we have them here installed at work.
I'm willing to imagine an alternate reality where MS never existed and Unix won. An alternate reality where everything is OSS, on the other hand, is akin to believing in Santa Claus. Never happened, never will.
And frankly, not only for Joe User, but for _me_ too... well, I don't know how to say this nicely, so here goes the very non-nice version: I don't really give a flying fuck about the whole "Open Source" hype. In fact, I don't give a flying fuck about any idealistic ideological battles any more.
In between:
A) I buy a closed source program that does what I need, and
B) I wait for years before an OSS equivalent is available (and I'm not even saying "with good usability." Just available at all.)
I'll take A any day.
I'm not even exaggerating. Look how long it took Mozilla to actually have a browser. In the meantime, dunno about you, but I was very happy with the closed source Netscape, Opera and even IE.
In fact, I still very much prefer the closed source Opera to Mozilla. Between the two, Opera is simply the better browser. And see above: I don't really give a rat's ass about its not being F/OSS.
Or look at how many F/OSS games exist on Linux. No, really. I could play HAND and Pingus... oh wait, noone actually finished making Pingus. Hacking code is good and fine, but you don't find many people designing levels and painting graphics for free, do you?
Or I could just buy a closed source game instead.
Not that tough a choice. I'll take the closed source game, thank you very much.
So to cut a long story short: Joe Average _will_ install a closed source app, and so would I. Basing your whole defense against spyware on the idea that everyone would rather have a useless computer, than install a closed source app... well, it's just utopic.
A polar bear is a cartesian bear after a coordinate transform.
Dell: I am sorry, every support call we get is spyware related.
M$: So?
Dell: It all came from IE, your browser. Now we have to bundle Firebox and disable IE for all shipped Dell products.
M$: No. IE is superior. Windows is superior. Suck my left nut.
Dell: What?
M$: Get back to work or we take away windows licensing.
Dell: Ok. Would you like some coffee sir?