Failing Grades For Most Anti-Spyware Tools

serbach writes "Steve Gibson posted this link to a superb test of about two dozen top Anti-Spyware programs: Eric L. Howes conducted the test over a two-week period in October. The results surprised me: only 3 ASW programs had a 'batting average' of better than .500 when it came to eradicating the broad range of spyware in the test. Freeware star Spybot Search & Destroy came in a distant 7th with an average of only .376. The top three? Giant Anti-Spyware, Spy Sweeper, and Ad-Aware. These test results are well worth your time."

Ars Report

[cow_licker]

Ars-technica also just did a review. Check it out.

http://arstechnica.com/reviews/apps/spyware-remo va l.ars

Re:Ars Report

Clickety

Re:Ars Report

Can I ask what your sig does? I can't figure it out.

Re:Ars Report

Uh - no thanks. If Ars words were fertilizer, no farm lands anywhere would be void of nutrition. But Ars words are fertilizer, and I'm not interested in reading any more of their pretentious e-shit.

Thanks anyway.

Re:Ars Report

[Asphalt]

The only truly effective spyware detection tool is a firewall with "deny all" set at installation.

Then, as you start using the machine, you will know what ports need to be open, and which applications use them.

Then, after about a week, turn on the computer, turn logging on for all traffic, and let it sit idle for a day. See if the programs you allowed access to the internet do so while you are away from the computer, and if so lookup the IP addresses that they contact.

I love Ad-aware, etc, and use it every week.

However, I always do the "firewall inspection" test once every few months as well, and make access adjustments accordingly (for instance, my email program is ONLY allowed to access ports 25 & 110 on the IP address of my mail server.

Spyware removal tools are a good first line of defense, but should never take the place of iron-fisted, tedious, firewall administration.

Re:Ars Report

[LO0G]

How does this catch Kazaa and other "freeware" that bundles the spyware within it? How about the freeware that includes a firefox plug-in that downloads its popups from port 80?

You're not blocking firefox from accessing port 80, are you?

Re:Ars Report

[Asphalt]

How does this catch Kazaa and other "freeware" that bundles the spyware within it?

I don't use Kazaa. I use Shareeza which, from what I can see, is spyware free. Your question is a good one, but one that I haven't had to deal with. And, I did not mean to imply that his method was fool-proof, only a necessary adjunct to spyware removal tools. I doubt any windows box is 100% spyware free, or ever will be. I am talking about limiting as much as possible.

How about the freeware that includes a firefox plug-in that downloads its popups from port 80?

You're not blocking firefox from accessing port 80, are you?

Well, of course not. But I am very selective about the plug-ins that I add. I don't have any that pull ads. At least not that i have been able to determine.

Re:Ars Report

[cow_licker]

It use to be a perl script to decode encrypted dvd's, but they shortened the allowed length of sigs since I posted it and it got cut off. I stole it from a slashdot article years ago. Must be in the archive here somewhere.

none here

[usernotfound]

I dont use any, and have no problems. Never. And i fix other people's computers without them. When are people going to learn to be careful? I put firefox on a friends PC, along with adaware, and he still was screwed withtin 2 weeks. what is wrong with the general public???

Re:none here

I gonna get firefox and ad-aware asap. I also want to get screwed! No more than 2 weeks right?

I wonder what it is like...

Re:none here

what is wrong with the general public???

The general public relies on Adaware's auto-execution ability and launches FireFox by clicking on the 'e' in their toolbar.

Re:none here

What's your secret? I have Ad-aware, Spybot, SpywareGuard, Spyware Blaster, Zone Alarm on my main PC. I use Firefox. I hardly ever (to be honest) visit pr0n sites. I hardly ever do any P2P stuff. And occassionaly, I DO still find the odd malware on my PC.
Never is a loooong time. Even Sean Connery learned Never to Say Never Again.

Re:none here

[afd8856]

I've seen spyware targeted at firefox and java applets that would want me to install something I was not curious enough to see. Fortunately, I was always asked if I want to install (security mechanism in Java and Firefox). I think grandpa' will click ok on those boxes, without reading them first.

Re:none here

[Lord+Kano]

I dont use any, and have no problems.

That's kind of the point. If spyware broke your computer immediately, you'd know it's there and would be able to remove it.

If you've never checked for spyware, it might be on your system.

You can declare that you know you don't have a disease because you were never tested for it.

LK

Re:none here

[26199]

What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone.

Unfortunately that's a long way from the truth. But I think you should blame the engineers and computer scientists, not the end users.

Re:none here

[WishieTools]

too right, and well, *I* don't ever go to p@rn sites or anything like that, oh no, but I suspect that a fair percentage of the posters here do, and any number of sites that *all* have ways of trying to get spyware onto your system. To the poster, *other* people *use* the internet, the "none here" poster clearly only views sites from a list of regulated safe sites. I might randomly trawl 500 sites a day looking for *something* or *nothing*, but in doing that I might hit on some interesting information that may lead me somewhere else. I'm not a monk, using the internet isn't a case of "Radioactive Material, approach with Caution", don't give us that Holier-Than-Thou cr@p about "when will people learn" (which pretty much equals, "nya nya, I'm better/smarter than you dum shmucks"). Fact : spyware is around, maybe not on large reputable sites, but when you trawl the internet, searching or messing around or *enjoying* the internet, then you will come across it ... obviouly not if you are the poster of this thread, who is Perfect, and may in fact be the Second Coming I suspect, but for other lesser *normal* mortals, it's there, so simple safe precautions make sense ... put suntan lotion before you go for a walk in Death Valley huh ... and use anti-virus / anti-spyware before you go on the internet ... simple sensible precaution ??

Re:none here

What's your secret?

He has no secrets. I am currently logging in to his machine, if you call Windws 98 a machine. he can either pay me for real spy removal tools or I email his files to his mother.

Love,

Mr. Hacker

Re:none here

[DrSkwid]

did you set firefox to be his default browser ?

otherwise clicking on links in email opens IE

installing is not enough

There are also products that use the HTML Active X control (such as EditPlus and WinAmp I think) thus by-passing your hard work.

Re:none here

[gtkuhn]

I don't have spyware cuz I check processes for new things that pop up (XP Pro). I've had malware before and I reformat ASAP. Now, one nifty line of defense I use is a freeware program called Startup Monitor. http://www.mlin.net/StartupMonitor.shtml

Re:none here

[Lord+Kano]

I don't have spyware cuz I check processes for new things that pop up (XP Pro).

What about programs that appropriate the names of legitimate windows processes? Or ones that take advantage of the shortcomings in the font used in the task manager to look like a legitimate process?

LK

Re:none here

[jeef_zula]

you're definately on to something. another damaging policy happens here, at my university. all students live behind a draconian firewall their first year that lets nothing through. then when they leave they're dumber about security than when they started. isps and schools need to put more emphasis on the user to handle their own security. we don't let broken/dangerous cars on our roads. isps and schools shouldn't allow them on their networks.

Re:none here

[bloodredsun]

A decent browser, good av software and a patched os will protect you from most things but the reality is that most people will click on the okay button of the "Can I please install malware on your computer" dialogue box! Users are exposed to so many dialogue boxes during the day for puerile reasons, they become conditioned to mindlessly clicking on things to get to their destination. So that when one pops up for a decent reason, they click on the damn thing anyway. Non-techies out there have no idea of cyber-hygiene, which in todays environment is the equivalent of not using a condom while you bang crack ho's while mainlining H from a shared needle (almost)!

Re:none here

[leuk_he]

scanners do not prevent the problems. They do only detect them. Note that some of them also detect cookies. cookies do not affect your system stabilyty but they can be used to track your surfing behaviour.

So the question is then: what spyware do you have and how did you get it.

Note also the diclaimer in the linked article. Some spyware is not detected because of the policy. spyware can be dived in category's spyware that is visibly installed (you know what you get when you install kazaa). To the search related (alexa what's related installed in internet explorer) to the hidden installs of activex applications/dailers.

I am mainly interested in spyware that (can) disrupt system stabily (hidden proxy's, resource hogging, improperly uninstall when related free application is deinstalled)

Re:none here

[gtkuhn]

Ah! Then try Security Taskmanager instead of that crappy windows taskmanager. Sorry, it's not free, but has a trial period. http://www.snapfiles.com/get/securitytask.html Also, StartupManager (the free one that I can't recommend highly enough, see grandparent) catches stuff that tries to run at startup which is at least a valuable tipoff that something is wrong.

Re:none here

[goatan]

Run some you might me supprised, my company firewall regularley blocks known spyware in websites like hotmail. Just because a site isn't seedy doesn't meen it won't contain spyware, hell i even found some that got installed by ubisoft when i used to play IL2-Sturmovik. Last ubisoft game i ever bought. I wouldn't be complacent if i were you.

Re:none here

[rudy_wayne]

What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone. Unfortunately that's a long way from the truth. But I think you should blame the engineers and computer scientists, not the end users.

It's that attitude that's the problem. The computer IS NOT supposed to be a 'generic consumer product'. That's marketing bullshit. For years, companies that sell computers have been pushing the idea of the computer as an appliance. You don't need to know anything ... you just push a button ... just like your toaster.

User stupidity is still the number one security problem.

Re:none here

[26199]

Er... you have that backwards. I said that it's not actually like that. But the marketing departments claim it is, and it would all work better if it was. So it should be.

It's impossible to make everyone in the world an expert on computers, so you might as well give up complaining about it. It's also impossible to prevent people who aren't experts from using computers.

It's not impossible to make computers secure. It's a very hard problem, I admit -- it's much easier if you can rely on the users to know what's going on. But it's solvable, and that's what the industry needs to be working towards.

Re:none here

[DigiShaman]

I dont use any, and have no problems. Never. And i fix other people's computers without them.

Same here, I call it the ol Format/Reinstall process.

Re:none here

[KombuchaGuy]

Perhaps, but it's not Levi's fault if I go out with my trouser zipper undone. People need to be educated about computers requiring security, much in the same way I was educated last week on the functions of a zipper.

Re:none here

[dapendragon]

Until engineers and computer scientists can make computers idiot proof, I don't see why we should consider computers a 'generic consumer product'. You need a license to drive a car, since the car is by no stretch of the imagination idiot proof. If you try driving a car in traffic without any sort of training you'll most likely end up hurting yourself and others.

Similarily, using a computer with a broadband connection to the Internet without at least some idea of how to make the computer secure (i.e. antivirus software/firewall) will most likely result in a computer infected with trojans and spyware, causing problems for the owner. What's worse, his computer will probably infect other computers as well.

Sometimes the concept of an "Internet license" similar to the driver's license actually seems like a good idea. A driver's license doesn't stop car accidents from happening, but a least you're keeping some of the worst morons off the road.

Re:none here

[rale,+the]

I can concur with the grandparent. I have a windows box running xp, and use firefox and thunderbird. It lives behind NAT from my linux box, and I never see any spyware/malware crap.

I just ran Ad-Aware for the first time in a while (it told me my definition file was 109 days old), and it prompted me to go download an upgrade. Ironicly, it launched IE for this (firefox is definately set as default). Once it finished updating and running a full scan, it found 4 whole 'bad' things, which in this case were IE tracking cookies (doubleclick.net, etc). 2 of those 4 had a creation date of today, meaning they were picked up in the process of downloading that adaware update...

Re:none here

I have Ad-aware, Spybot, SpywareGuard, Spyware Blaster, Zone Alarm on my main PC

Why not just encase your computer in concrete and then drop it on your head from a height of no less than 200ft? This will solve your overly paranoid computing experience in a flash.

Re:none here

[RealityMogul]

Personally I find that only granting read permission on the Run & RunOnce registry keys prevents a lot of problems, as if doesn't seem that any malware I've come across is smart enough to reset the permissions.

Re:none here

[NoMercy]

Seems to be more and more firefox is leaning towards the 'Weve blocked this, click here to find out why' approach, would be nice if this was extended to all areas including dangerous java programs/etc.

Re:none here

[goatan]

I don't have spyware cuz I check processes for new things that pop up (XP Pro). I've had malware before and I reformat ASAP. Now, one nifty line of defense I use is a freeware program called Startup Monitor. http://www.mlin.net/StartupMonitor.shtml

what sort of job does that do on cookies?

Spyware doesn't just include a .exe on startup.

Re:none here

[RedBear]

The general public is composed of people who literally can't tell the difference between Adobe Photoshop and Adobe Acrobat Reader, or Mozilla Firefox and Mozilla Thunderbird. This is no hyperbole, I know many people with this problem and I'm sure you've met some yourself. They'll call and say, "I'm having a problem with my Adobe." Or ask you repeatedly which application you're in right now when you're both looking at the screen, even though the applications present completely different interfaces. The person usually will have been using the applications in question for months or years, and still can't tell them apart without thinking about it really hard.

Is it simple ignorance? No, that could be easily corrected. Is it sheer stupidity? No, these people are otherwise of average intelligence or better. It's some kind of weird mental blindness that comes over people whenever they are faced with a computer screen. It's conditional stupidity, and it's one of the main problems with the general public. Most of them will never learn to be careful until you hook up a car battery to their earlobes that gives them a physical notice whenever they do something stupid. Otherwise they just don't seem to be equipped mentally to grasp the concepts involved in using a computer responsibly. The software industry hasn't exactly been helping matters, but they have a monumental task ahead of them. I think computers are just too abstract for a lot of homo sapiens sapiens to deal with.

Re:none here

[shufler]

The secret is to turn JavaScript OFF.

Re:none here

[kyhwana]

Also, sysinternals.com has a pretty decent process explorer.
http://www.sysinternals.com/ntw2k/freeware/procexp .shtml

Re:none here

[commodoresloat]

I dont use any, and have no problems. Never. And i fix other people's computers without them.

You fix their computers without them? Isn't that illegal?

Re:none here

[gtkuhn]

For cookies I use Firefox and disable 'em. Exceptions for Slashdot, of course.

Re:none here

[Errtu76]

Compare what you said with buying/operating let's say a car. It drives and everything, but people still like to lock their car, and use airbags, all to improve security (for themselves and the car). Why not do the same with a computer? The fact that it only became a (big) issue recently shouldn't matter much.

Btw, brave comment to post :)

Re:none here

[dasunt]

What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone.

That would work if a computer had about the same features and abilities of a toaster.

Unfortunately, a computer is mixture of hardware and computer software that can do office tasks, multimedia, file sharing, communications, and gaming. The feature set is easy to upgrade and expand through software installations.

In addition, due to most computers being connected to the rest of the world, the cost benefits of spyware/viruses (creating spamming relays is big money) and the fact that trying to infect an individual computer is effectively free, the problem is apparent.

Any product with a ton of features and abilities requires user training. Its possible to easily design a car that doesn't require knowledge to drive -- as long as everyone will only go to the mall or the grocery store. But people use their autos for many destinations, over many different roads, and thus we require people to learn how to use cars.

A computer is no different.

Want to write documents? A typewriter works. Some of the electric ones were quite nice. Want to send text messages? SMS over mobile phones. Want to send documents? Fedex. Games? A console. Music? A radio.

Want to do all of the above, and more, with the ability to extend the features and easily upgrade for less cost? Okay. But it will require some training.

If you disconnect yourself from the internet, and lose that feature set, you will probably be secure. Even disconnected, not knowing what you are doing will have consequences. If you are lucky, the only consequence will be wasting your own time. If you are unlucky, you will be frustrated by fighting with the computer all the time to do what you want, how you want it.

Do you want to connect to the net? Congratulations, now you are exposed to the worst people in the world. Would you be cautious walking down a street in Romania with your credit cards in your wallet? Why aren't you cautious while you are online, making purchases, connected to the same network as a Romanian hacker?

I'm sorry, but we can't not create an idiot-proof box. We can't even make a box that requires zero knowledge to run. Our best bet is education.

Re:none here

[HerbieStone]

I got moderation Points. But after reading some of the replies to your comment, I was thinking to support you by responding myself.

I support your view, that the general public shouldn't need to know anything but the most basic security procedures. Using the computer to surf the net is often compared to driving a car. I had to learn more than a year how to drive to get a driving licence. Using a computer is a lot more complex than driving a car and knowing when to hand it to someone to maintain it. With computers, users are exposed to so much stuff to learn that they are happy when the computer does somewhat what they need to have. People are burdend enough to get their machine doing what they need. They don't want to learn yet another thing, just because the machine can't seem to protect itself.

The general public has been trained to click dialogs away without reading them because most time they either they don't know what it means or they don't know how they could remedy/react to the problem. So they click them away hoping the computer still somehow does what they expect them to do.

Expecting that every user with internet-access becomes an expert in computer security expert is never going to happen. People should know how to surf securly, but as it is right now, there is to much to read and to learn. For anyone who doesn't like to learn the in and outs of a computer (i.E. most users) its a frustrating, time consuming and seemingly endless task.

There is still much to do, to make surfing the web as securly and as easy as possible.

Re:none here

[ljw1004]

I use IE (set security & privacy to high), and The Proxomitron. I've never *EVER* had an adware/spyware infection. And it blocks out ads as well.

Re:none here

Never had problems with spyware or anything.

Well, there was this "Pammela Anderson STrip Poker" game in 95 or so.. that turned out to be a hard-drive formatter in disguise.. but appart from that, nothing. :-)

Safe browser habits I suppose..

Re:none here

[arminw]

..trouser zipper undone..

If the zipper were made the way MS makes their software, the zipper would come apart on its own at the most embarrassing moment.

Re:none here

"Ironicly, it launched IE for this..."

Wrong, AA does not open a browser to update def files--it has its own interface for this. So this would also not explain your two tracking cookies today--perhaps you picked them up on fudgepackers.com?

Re:none here

[Taladar]

Even better would be to turn Web Developers off Java Script ;)

Re:none here

[Taladar]

It IS impossible to make anything (not just computers) 100% secure. Sure, you could kill all humans worldwide so nobody could think of new exploits but as long as there are users that want to use the network/host in another way than it was intended it is not possible to get 100% security.

Re:none here

[Taladar]

The most important advantage of a license would be the possibility to revoke them for users proving to be complete idiots even after a reasonable number of warnings which would spare the rest of us the spam-zombies created by this stupidity.

Re:none here

[kfg]

I dont use any, and have no problems.

I use Spybot and Adaware in combo. I also use AVG anitvirus. I'm not sure why, just for peace of mind I guess, because they have never, ever turned up anything on my own box, and I've been running the same install of original Windows 98 on a cable connection for four years now, much of that time without a NAT/firewall box (although I'm only in Windows about 10 hours a week).

A little informed caution really does go a long way.

When I fix other people's computers I use them because it does "jump start" the process of cleanup making things go a hair faster and smoother. I like faster and smoother. They're tools, like using a circular saw for long rough cuts, as opposed to a hand saw. Of course you'll still use hand saws for the fine finish work. Plus if I can get the people themselves to run them once in awhile I don't have to fix their computers quite so often, and I prefer to be paid for preventitive medicine, rather than emergency meatball surgery. The hard part is getting them to run them on a regular basis, and some of them just will click on every mailing list attachment that comes down the pike.

When are people going to learn to be careful?

Let us observe the behavior of people while they are engaged in a legitimate matter of life and death, shall we? Say, while driving?

I think the answer to your question, for most of them, is 'never'.

what is wrong with the general public???

Oh sweet Jesus, you want me to try to answer that in the space of a forum post? Yeah, right Bob. Blow me.

Ok, ok, I'll give you the Reader's Digest condensed version:

They really are functional morons.

KFG

Re:none here

[EchoesEchoes]

Wrong, grandparent meant it launched IE to download a new version of Ad-Aware which is the case.

Re:none here

[rale,+the]

Ya, I should've made that more clear, but that was indeed the case.

Re:none here

[26199]

That's just plain not true.

Impossible in practice is not the same as impossible in theory. It just means we haven't got the right practices available to us yet. And, yes, you're right. It's currently impossible. That doesn't make it the end user's problem. It makes it a research problem. (Or maybe a 'trying to do too much when all people want is web and email' problem).

Also, there's a big difference between 'technically not 100% secure' and 'gets pwned by every piece of spyware or adware on the Internet'. Again, moving away from the second option is a hard problem. But it's up to the software providers to solve it, not the end users.

Re:none here

[26199]

There needs to be some basic knowledge, yes. Currently the level of knowledge required to use a computer safely is excruciatingly high. It needs to be a lot lower before users can reasonably be expected to meet it.

If, for example, all the user had to remember was "don't type in the root password unless you're installing from a CD", that would be fair enough.

Currently you have to know about viruses, and how you might be infected; firewalls and related networking knowledge; adware and spyware, and how you might be infected with those; the various means of checking for exploits and cleaning them; the various means of keeping software up-to-date... and so on. Turning a Windows box into a secure Windows box is a good half hour's work for someone who knows what they're doing.

There's absolutely no way an average user can be expected to deal with all that.

Re:none here

[26199]

Quite. Unfortunately my "solution", "make the software secure", isn't especially immediate or practical. Sadly the idea of a widely-adopted "Internet license" seems even less likely to succeed.

About the only thing I can see potentially working is if ISPs took a proactive approach: providing training, checking for security holes, and disconnecting insecure computers.

Sadly I suspect the economic factors just don't work out... there's no incentive for an ISP to abuse its customers to that extent. The bandwidth sucked up by malware is a business expense which they can easily swallow.

Re:none here

[Nephilium]

Actually... I'll take it a step further. It's not mental blindness, it's willful ignorance. These are the people that will say they don't want to know anything about "that computer stuff". After painfully explaining to them what was wrong with the machine (damn you new.net, damn you to hell!), and explaining why it was causing problems (it's sending you to different places then you want to go, think of it as a malicious gas station attendant that reverses all directions for his own sick amusment), they'll wait until after you leave, and then re-install it.

These are also the same people who argued that Windows ME was the same as Windows 2K, because the Millenium was in 2000.

Nephilium
Slab: Jus' say "AarrghaarrghpleeassennononoUGH" -- Detritus' war on drugs Terry Pratchett, Feet of Clay

Re:none here

[26199]

You're making good points right up until that last paragraph.

User education will never happen -- you might as well accept it. It's almost impossible to come up with circumstances under which the general population learns enough about computers to use today's machines safely. To most people, computers are confusing, annoying, useful most of the time, and of little to no importance.

Sure, it would be nice if users were educated. But it's a pipe dream. Therefore it's the technology that must change. It's a hard problem, but it's by no means unsolvable.

Most people don't need their computers to do much. The proportion of people who actually use their computer as a computer, rather than a browser-emailer-wordprocessor, is tiny. They're the majority of the market, and they should really be provided for.

Re:none here

[OldeTimeGeek]

Using a computer is a lot more complex than driving a car

The two don't compare. When was the last time that you heard of someone either being killed or killing someone else because they didn't know enough about how to use a computer?

Actually, driving is a lot simpler - the rules are finite and don't change very often, traffic controls are standardized and the only real threat are idiots who insist on driving too fast, talking on cell phones (or eating, drinking, fixing their hair, etc.) or thinking that they can mix alcohol and driving. Oh yeah, and teenagers.

Re:none here

Yeah, but people on the road are going somewhere. People on the internet, aren't.

Re:none here

[26199]

Er... you might want to try reading that again.

Last I checked 'A is a lot more complex than B' and 'B is a lot simpler than A' mean the same thing.

Re:none here

[VTBassMatt]

Computer science shows us that it's impossible to accurately detect a virus (some combination of undecideability and Rice's theorem, I'm thinking). Spyware is a "virus" in this sense, and since we can't detect viruses, we can't get rid of them. In theory, then, it's impossible to have a secure computer program (because even if it did, we couldn't detect that it had achieved such security).

Obviously there are heuristics that antivirus (and antispyware) programs use to "detect" viruses, but ultimately the virus-maker-versus-virus-detector problem is an arms race: virus-detectors try to keep up with virus-makers by discovered new heuristics to "detect" viruses, and virus-makers keep trying to outwit these new heuristics with ever-more-clever viruses.

In practice, a human being can detect the difference between a legitimate application and an unwanted application (hence the popups from firewalls and antivirus tools asking, "Do you want to allow this activity?"), but also in practice, many human beings do not exercise this ability. My grandmother, for example, sees those questions as a nuisance and simply clicks the left-most button no matter what the question asks.

Both in theory and in practice, this is an arms race and ultimately an impossibility.

Re:none here

[OldeTimeGeek]

Oops. You're right. I blew it.

Yes, using a computer is more complex than driving a car. The point that I tried unsuccessfully to make was that comparing the two tasks isn't appropriate or informative. Yes, maintaing a computer is "more complex" in that there are more individual tasks that have to be done more often (patching, virus updates, dropping it on the ground from a significant height when it fails again, etc.) and maintaing a car is "less complex" in that the only thing that a driver can really do themselves is add fuel when necessary, but it misses the point. The reason that cars are as easy to use as they are today is that there is over a hundred years development involved in desiging a car for a human to use easily and safely. Granted that computers have been around for a lot less time, but can one really say that computers now are better and easier to use for the people that use them than the systems that preceeded them? In what other discipline would we tolerate this?

And rather than fix it, we blame the user.

Re:none here

[nine-times]

User education will never happen -- you might as well accept it...Most people don't need their computers to do much. The proportion of people who actually use their computer as a computer, rather than a browser-emailer-wordprocessor, is tiny.

I think you're right. I wonder if that might be a good reason to have operating systems, by default, ship with everything locked down pretty well, allowing for basic applications. For people who know enough to understand that they can do more than word-processing, care enough to do it, and know enough to access that extra functionality, you'll be enabled to bypass certain security measures. So, as a principle, the security is such that you need to know what you're doing in order to do something insecure.

The problem with this is, the same people who only use their computer for e-mail will get upset if you take away their weatherbug and their favorite virus-infected screensaver or spyware infected cursor-set. It's the people who don't understand computers who refuse to believe that there's a connection between giving complete system-wide freedom to people who know nothing about computers and the types of computer problems they experience. Until this is resolved, the operating system that sacrifices security in order to pander to users will remain dominant.

Re:none here

[The+Patient]

User stupidity is still the number one security problem.

And a close second, or perhaps tied at number one, is the negative attitude of a lot of knowledgeable types. They're very quick to assume the average user is "stupid" because he doesn't know how to format a floppy disk, for example. I actually heard a couple of techs laughing about this behind someone's back the other day. Well, those two guys probably had to use DOS to format disks back in the day, but when's the last time you went to the store and bought an unformatted disk? The current crop of "average" users has never had to deal with that, so why would you assume that when such a situation arises, they're just going to know what to do? And when all they encounter is derision and ridicule when they ask questions, how likely is it that they're going to continue to ask questions so that they can learn?

And then there's the nerd factor. A lot of people, particularly young women, are terrified that if they display any computer-centric knowledge beyond the bare minimum needed to get by from day to day, they'll be tagged as a Poindexter and ostracized. Sure, you can tell them that they shouldn't give a rip about what other people think, but never underestimate the power of peer pressure. I had an interesting conversation about this topic with someone from some educational institution a couple of years back, and she said that it was such a problem that it was causing many young people to think twice about taking computer-related courses -- and that was leading to a shortage of qualified IT staff. This may have changed a bit today, but not a lot, I'd wager.

Recent case in point: after dropping the phone on my desk for the umpteenth time while tucking it between my neck and shoulder, so that I could look up something on the PC while talking to someone, I asked my manager for a phone headset. He figured that would be a good idea, and asked the young (20-ish) woman on the other side of the office if she'd like one, too. Her reply: "Ohmigod, I'd look like a NERD!"

Some time ago, this same person was asked by another employee how to perform some sort of basic (to you and me) operation one one of the other PCs in the office. She gave him some instructions, and tagged them with "Gee, I hope you don't think I'm a NERD for knowing that."

I doubt she's a prime candidate for reading up on what spyware is, how to avoid it, and then finding, downloading and installing something like Ad-Aware -- much less telling anyone else how to do so. And I think she's representative of a lot of "average" users.

Re:none here

[airjrdn]

Well, first of all, they don't have to do anything to use the airbags, they're there by default.

As for the locks, it's not really that simple. It's like being on your own to locate and/or purchase locks for your car after the initial car purchase. Every 4th street corner has some guy peddling locks, and there's no governing entity stating which locks work and which locks don't.

From there, you not only have to decide which lock or locks to use, but you have to figure out how to install them, as well as maintain them. How often have you had to do maintenance to the locks on your car?

For you and I and the bulk of the /. crowd it isn't so bad. We're interested in this stuff so we're in-the-know about it. Most people (our parents, siblings, friends, etc.) simply aren't.

Re:none here

[usernotfound]

exactly. also, if i always have 22 proccesses running, that's a pretty darn good clue, too.

Re:none here

[malfunct]

I must say that since I updated to XP SP2 I have had no spyware on my machine. I built out the machine and installed SP2 in about august. Since then I've done normal browsing on the box and so has my wife and I just checked with ad-aware last night and the only "spyware" was tracking cookies and I don't really count those. Now that active X controls can't (as easily anyway) install in stealth mode (and in fact are auto canceled so my wife can't even figure out how to install them when she wants which is good) I don't see them on my machine.

Re:none here

[CreatureComfort]

If it is possible for a well educated and intelligent human to look at a piece of software and determine that it is or is not benign, then it will ultimately be possible for a software program to do the same.

In my opinion, the use of "hueristics" to detect malware is a complete red-herring that has taken over the anti-malware community, because it is comparatively easy and easily marketable. In reality, we shouldn't care that xyz.exe is on the computer, or that some registry value is set. As long as we keep trying to build hueristics or library lists to detect xyz.exe with semi-frequent scans the arms race continues. What we should be doing is constant real-time monitoring of the actions of all running programs. The first time a program tries to do something that could be malicious, run the action against a set of deterministic rules and decide if it really is a danger or not. If the rules still can't decide it, give the user an informative dialog box with the option to allow or disallow, and keep that decision for future reference with respect to that program and that action.

I keep a copy of the last free version of Tiny Personal Firewall on my USB thumbdrive just to install on friend's and family's computers that I end up fixing. I install it, reboot and start IE. I show them the popup asking allow/disallow and click allow, then tell them that unless they are in the process of installing a new program that they know needs to get to the internet, just click disallow every time the box pops up. In five years, and over 20 people using it, I've only had 3 calls where I had to walk someone through unblocking an application that they had disallowed, and every single one of the users is in love with it.

The only time there is a problem is when you have malicious programs that also provide functionality that the users wants. Trying to get my family away from Gator and incredimail has been a long battle.

Re:none here

[Saeed+al-Sahaf]

It's that attitude that's the problem. The computer IS NOT supposed to be a 'generic consumer product'. That's marketing bullshit. For years, companies that sell computers have been pushing the idea of the computer as an appliance. You don't need to know anything ... you just push a button ... just like your toaster.

No, it is not an appliance to you or probably most of the /. readers. But, we are a very small minority of users. Most people do think of computers as a 'generic consumer product' or appliance, and there is absolutely nothing wrong with this. The computer makes the ideal platform to ease the common person's life, just as any other appliance. Your attitude is typical elitist snobbery.

Re:none here

[Garse+Janacek]

But your car metaphor only extends so far. Yes, computers require training, and that's fine, but what's at stake here is the particular type of training. People require training to drive the car effectively, but we don't have to train them to distinguish between legitimate road signs and fraudulent ones.

Suppose companies started putting up fake road signs everywhere -- fake street names, fake stop signs, fake construction detour signs -- and suddenly every driver had to be "trained" to get to their destination without being distracted by all this, or making any wrong turns. That's the kind of situation we have with computers. Even though laws exist, enforcement is lax.

The metaphor doesn't go much further, of course (you can't program a car to recognize fake road signs :P). My point is just that you can't blame the end-users for everything, because they are being lied to, and education as a solution will only go so far.

Re:none here

[26199]

It's something of a scary thought that programmers are in the minority, and so it makes perfect sense that computers not be programmable...

But then I guess they wouldn't be computers :-)

Anyway, yes, it's a hard problem to solve. Hopefully more and more software will become commoditised, so it'll become easy to provide a standard set of programs that everyone wants...

Re:none here

[26199]

Indeed.

Re:none here

[26199]

Well, that depends on your definition of 'virus'. For example, say a virus is a program which could potentially damage a user's documents.

This could be prevented completely by permanently linking every file to the application which created it. Only that application is allowed to access the file.

As an even simpler example, just check all programs against a whitelist and if they're not found, don't execute them.

As a simpler and easier to implement example, have an 'executable' bit and don't let anything set that bit after you're done installing the OS.

Not that I'm saying any of the above are good ideas. But the problem is far from unsolvable. In fact, if the computer is only needed for a limited range of tasks, it's a pretty easy problem to solve. (In theory, if not quite in practice...)

Re:none here

How do you think the people who know what to do found out what to do? We don't think that "average users" are stupid because they don't know how to do things, we think they're stupid because they don't have the intelligence to learn things that they don't know themselves.

Re:none here

[Shadwhawk]

I just fixed a client's machine that was heavily infected with spyware. While I was finishing up protecting the machine, I decided to look at his Zone Alarm programs list (my clients rarely have firewalls installed, so it didn't occur to me to check earlier).
There were something like two or three dozen spyware entries in the programs list. 90% of them were 'allowed'. And they were all manually configured! That means that Zone Alarm popped up "awojethk.exe wants to access the internet" warnings, the person clicked the "Remember this setting" box, and clicked yes!
Argh!

Re:none here

Recent case in point: after dropping the phone on my desk for the umpteenth time while tucking it between my neck and shoulder

There's a serious health issue with using the handset this way, and I'm not talking about dropping it on your toes. I forget what the syndrome is called but it has something do do with the cartoid artery or jugular vein. The repeated stress to the relevant artery/vein by cradling the phone on your shoulder causes it to stretch and possible fail.

Re:none here

[Inthewire]

I rooted your mom's box.

Re:none here

I rooted your box while you were rooting his mom's box. Nice wallpaper.

Personal experience with anti spyware tools

[Phidoux]

I've been using a few different anti spyware tools in parallel because it seems as if there isn't a single tool that can reliable remove all spyware.

Re:Personal experience with anti spyware tools

[catwh0re]

In terms of spyware that runs on your system as a program, it's a good idea to write a list of the notorious Run directory in the windows registry, that way you can check your list to see if new spyware(and sometimes viruses) have been added. What you need to really do though is ensure that you don't end up deleting legitimate additions to this list, such as those added after installing applications.

Re:Personal experience with anti spyware tools

[mgv]

I've been using a few different anti spyware tools in parallel because it seems as if there isn't a single tool that can reliable remove all spyware.

Try OSX. Or Linux. Both work very well.

Michael

Re:Personal experience with anti spyware tools

There is a much easier way. Why not just bookmark those registry keys and then you can return to them very easily. Or, alternatively, use Sysinternals excellent free tool called "autoruns". Why do non-windows users go about things in the most agonizingly painful way?

Re:Personal experience with anti spyware tools

[juiceCake]

Thanks for the suggestion but neither suit my needs or preferences at this moment. To each his own and all that. Don't suffer from virii or spyware regardless.

Re:Personal experience with anti spyware tools

Try this site ....

http://computercops.biz/sl-2600.html

This gives a clear description of the various items that might appear under "run" and what you can do with them. I find this valuable.

Re:Personal experience with anti spyware tools

[airjrdn]

Sure, assuming you're willing to give up the plethora of applications you've grown dependent on.

Re:Personal experience with anti spyware tools

[Jaysyn]

Even better, go to Mlin.net & download Mikes great freeware startup monitor & startup control panel applets.

Jaysyn

Re:Personal experience with anti spyware tools

[Software]

The Run key in the registry is only one of many places that spyware can be installed. To get all of them, use a tool like AutoRuns, from System Internals, which is free and works great (disclaimer: I haven't tried the just-released version 6.0). AutoRuns looks in several places, and allows you to easily disable or re-enable entries. I'm not sure that their disabling works reliably vs. spyware, because spyware will re-enable itself, but it's a start.

Re:Personal experience with anti spyware tools

[Feanturi]

There are tools that can watch your registry and inform you of things changing. You can then decide if a given change happened when you were intentionally trying to install something, or not.

Re:Personal experience with anti spyware tools

[mgv]

Sure, assuming you're willing to give up the plethora of applications you've grown dependent on.


My short answer got modded down, perhaps rightly so. So I'll give the long answer.

I tried both linux (which was ok for alot of stuff but had some problems with a couple of issues and my wife never took to it) and then OSX (Which works exceptionally well).

I do live in a mixed environment - I have to use windows (98!) for work, and I write code for this using VB and VBA. I manage a couple of small microsoft databases for my work environment because it gets things done. Not alot of choice there.

I do all of that at home, in a virtual environment, on my powerbook. And it goes without saying that I don't use the virtual box to connect to the internet directly - I do all of that from my mail and firefox apps on OSX.

So, for me, I didn't give up the stuff I was dependent on. My emulated box is about the same speed as the hardware I have to work with at work - its slow, but so are the work computers anyway.

Your mileage may vary.

On the other hand, doesn't the huge amount of discussion in this slashdot article answer the question anyway - That for many people, there are not enough good tools to prevent spyware from taking over their machine. For these people, using OSX (or a well configured linux desktop) will probably help alot, and they aren't usually the power user that has specific windows apps that they have to have.

So the long answer:
Spyware is out there everwhere, and it destabilises millions of users computers. It takes alot of hard work and a large IT department to stop this happening. There aren't enough tools to really stop it effectively in all cases.
For many people, switching to an alternative OS would be the best solution. For those who are forced to use windows, hopefully you know enough about the real world to not get spyware, because the windows security model and the current tools available won't stop the typical dumb user from having problems.

Michael

Re:Personal experience with anti spyware tools

[catwh0re]

haha, I'd love to do this, but I notice alot of mother boards require start up software these days for both audio drivers and usb drivers.... why on earth they don't use the existing frameworks I'll never know.

Re:Personal experience with anti spyware tools

[airjrdn]

Really, I don't have much of an issue w/spyware/adware, and neither do family members whom I admin their pc's. I run the standard tools; adaware, spybot, sygate (firewall), and avg (antivirus). Couple those with Firefox and Thunderbird and you're generally very safe.

Switching to another OS is at minimal a monumental effort in many cases IMO. I think a larger burden is often on the tech support guy, than the computer user at times.

For instance, I set my Mother up w/a computer when my Father became ill and bedridden. This gave her something enjoyable to pass the time. She learned a few little games and has grown dependent on the computer now for email, minimal surfing, and those games.

I set her up w/Windows because that's what I know. She could have possibly learned Linux (or OSX) just as easily as she learned Windows, but by me not knowing them, she really had no choice.

A consequence of that is that now the only stuff she knows is Windows (usage wise) and some software (including games) that's Windows only. She's now a Windows user from here on out (more than likely).

I'm a Windows user because that's how I make my living (development). From time to time I've tried Linux, but missing a key application, or good hardware driver (ATI Radeon 9700 Pro video card) generally keeps me running back to good old familiar Windows.

Switching seems great, but as you said, mileage may vary. I personally think Mac's are too expensive for the performance they offer coupled with the lack of solid applications when compared to Windows.

I also can't help thinking that switching OS's is simply running from a problem today, that will evolve and catch up to you tomorrow. I guess I'm in the camp thinking it's only a matter of time before Linux and eventually Mac's become much bigger targets for the bad code.

Re:Personal experience with anti spyware tools

[the+angry+liberal]

why on earth they don't use the existing frameworks I'll never know.


Because people will buy them regardless. I suggest avoiding any hardware which requires extra control panels or clunky interfaces, as this will keep your system perpetually unoptimized.

Then again, there are those things we all need for business and pleasure and they aren't always ideal. :(

It's interesting

The attitude to directed advertising programs or "spyware" on Slashdot. Especially when you step outside the parochial echochamber that is Slashdot discourse and speak to people who actually use these programs. On the whole, they are actually happy to get these novelties for "free", like the funny little desktop buddy, or the search bar, weather report or stopwatch.

I used to work for one of the companies that distributed a "spyware" program through download.com, and we had continual PR problems with being lumped in with the worst offenders of the spyware world. We didn't do drive by installations, or hide our intentions: we just traded our customers data for use of our program. What, exactly is wrong with that? Why is Slashdot pretending all of us are as bad as each other, as if in this, as with all fields, there isn't a spectrum of behaviour?? Even some linux users are bad, just look at the DDOS at sco.com. I'm sure noone here would condone that behaviour.

(Posted anonymously, not interested in karma bonus.)

Re:It's interesting

[destinedforgreatness]

it's interesting that you've decided to go AC to mention you used to work for a company that wrote software that didn't conform to the beautiful utopia of "clean" OSS. I do not entirely agree that people who have Bonzi Buddy et al would be "actually happy" if they knew the inner workings. would you be happy with a car air freshener that reported which gas station you prefer?

Re:It's interesting

no they are not 'happy' with all that crap. that's why the developers go to such extreme lengths to get make the damn things next to impossible to remove without dedicated removal tools (which even then, as we see in the article, often fail).

if your program had a smooth uninstall that actually did something, was called WarningNastyEvilSpyware.exe, flashed up a new warning everytime it ran that evil crappy spyware it installed, and clearly documented everything it did, then I guess it was ok (though you'd have to pay me to use it).
otherwise you were working for evil.

(and what made you think you'd get karma for admitting to writing spyware?)

Re:It's interesting

[cheezemonkhai]

Regardless, I don't see a problem with giving users the option to remove these things which trade their personal details.

• Who actually reads all the agreement to use the software?
• How many of them know their personal details are being sold?
• How many people know what is actually being collected.
• How many people got these "tools" from a random e-mail saying look this is cool?

I can hear what your saying, but I think the user is allowed the right to remove the spyware.
If the company doesn't want them to use the tool without the spyware then make it break without it and inform the user they removed the spyware which collects their details and would they like to reinstall it or remove the free "tool".

Sure some spyware is worse than others, but the user deserves the choice.

Re:It's interesting

Please provide your proof that Linux users were involved in the DDOS of sco.com.

Re:It's interesting

[RedBear]

Ahem... Why are you pretending all /.ers are as bad as each other?

On the one hand, some /.ers do find it reasonable for spyware like yours to exist in the world, as long as it notifies the user clearly that they are selling personal information in exchange for the "free" use of this software. On the other hand even those folks will usually still class your software in the same category of the junk that unknowingly violates your privacy and bogs down your computer.

It's difficult for most people to come to the conclusion that there is such a thing as "good spyware" a.k.a. "direct advertising software", just because there are idiots in the world ready to willingly give up their rights to information privacy for money or free junk software goodies. In the end, users like that and software like yours simply chip away at our ability to keep our personal information private. Therefore all spyware is considered somewhat of a menace whether they are "legitimate" or not.

On the gripping hand, of course, if your software were really totally honest and straightforward about what it does, it wouldn't really fit the definition of "spyware", now would it? I don't know of any such software, but I will concede that it could exist. Personally I would still disapprove of it, but people have to make their own decisions about giving up their personal information.

The general public would probably give up lots of other rights in exchange for free stuff. That usually doesn't make it OK for them to do so, nor does it make it OK for someone to try to get them to do so. Even if it happens to be legal.

Re:It's interesting

[gtkuhn]

I don't mean to flame, but did you get paid to post that?

Re:It's interesting

[FluffyPanda]

>> Even some linux users are bad, just look at the DDOS at sco.com.
>> I'm sure noone here would condone that behaviour.

Are you new here?

Re:It's interesting

[Erik+Hensema]

• spyware almost always hides its true intentions deeply into some EULA nobody reads
• spyware usually is very hard to uninstall

Especially the last point is important. If my browser is infected with spyware, I simply want to go to controlpanel->software, select the program and uninstall it. Nearly always this is completely impossible. Lots of spyware nowadays actively combats uninstalling. And when software does that, it always is written by the Bad Guys.

Unfortunately you don't say what product your company was/is making, but I guess that was to be expected.

Re:It's interesting

Oh, don't think you're original in calling Slashdot an "echo chamber"!. Give credit where it's due: Forbes.com

Near the bottom of the page where it says:

"Who runs this noisy echo chamber? Slashdot.org is owned by VA Software (nasdaq: LNUX - news - people ), a Linux vendor"

Re:It's interesting

[asadsalm]

Of course!

They would be really happy to install these free utilities and games. They really wouldn't care why their computer takes 30 minutes to start, and keeps crashing every so often, randomly. They wouldnt care, because they dont "know".

Its absolutely wrong to create awareness, since ignorance is bliss isn't it? For them, all they need to do when their computer becomes a constantly-rebooting over-sized paperweight is to call me and spend a day to have it "formatted".

I mean, c'mon, the funny-little-desktop-buddy is OK. All it does is reduce my computer to a 0.5 frame per second 1956 batch-processor.

Its funny how, when your bread comes from a shady source, that source becomes morally right. Like, for example, in my religion, interest based financial transactions are not allowed. The only people who say its ok are bankers!

Re:It's interesting

[NoMercy]

1/4 the time your probably breaking the law when you do that, there are strict laws governeing what you can and can't do with information about european citizens. I know any 'information handler' which operates with the UK has to have a data protection statement, be registered as a data handler, and needs to keep all it's data on file for several years as any person must be able to get a copy of all the information held on themselves for no more than 10 pounds (about 30 dolars).

Sure your actions are still legal?

Re:It's interesting

[v01d]

Like, for example, in my religion, interest based financial transactions are not allowed. The only people who say its ok are bankers!

I've never been clear on a few points about that. Are stock dividends also forbidden? What is the principle involved? In practice there's a huge difference but it seems in theory, that there isn't much of a difference between a loan shark and any sort of investment.

Re:It's interesting

[IO+ERROR]

There's a big difference between an ad that someone can choose to click on or ignore, and a program you install on their computer which sends all of their data to your servers for you to do with whatever you want.

First of all, your program probably didn't disclose to the users that it was collecting personal information, or if it did, it was buried near the bottom of the license, which is to say you may as well not have disclosed it.

You may not have hid your intentions, but I'll bet you didn't show them either. How many of your users would have installed your program if you said right on the first screen "We collect your personal information and do whatever the hell we want with it"? Uh huh, that's what I thought.

There's a huge difference between a banner ad on someone's site and your typical spyware program.

Re:It's interesting

[dave420]

"On the whole" doesn't mean "everyone who ends up installing this software because the only mention of it was buried deep in the EULA of some shareware app". That's the problem. By your logic, the cops can go out on the street randomly shooting people, as they'll get lucky every so often and shoot a bad guy.

Re:It's interesting

[asadsalm]

>in theory, there isn't much of a difference
>in a loan shark and any sort of investment

Sorry about going off-topic, but - Not really.

INTEREST
--------
When you loan an amount on INTEREST, you always make a profit. The more money you have the more profit you can make. The rich get richer - faster.

Invest
------
When you invest that same amount in a business, you can loose that money. You cannot sit on your ass all day and hope to make money. You are doing actual work. Or you might be motivating people to work. If you dont, you loose your money.

So, in an INTEREST based economy, there is no production and people get fatter. In an investment based economy, people are working hard, and hence healthier. The INTEREST would certainly make that economy have more $$$money$$$ on fiscal records, but amount of money isn't everything, when health is being sacrificed.

Moral - You just gotta work hard for your money. If you don't its only bad for you.

Re:It's interesting

[Ilgaz]

If you state directly that program will sell your private habits, you are off to go.

I don't have problem with that myself.

I _hate_ one little, clever company named Limewire. Limesoft to be exact.

Those assholes recently tested SPYWARE on Mac OS X knowing the fact that mac users aren't so advanced on such things.

They used same tactic as they did on Top Moxie, on Win32 years ago. Coded it so system part (java.exe) will run it and if user runs an advanced firewall (not usual on mac too!) , Java will ask for permission to connect to net, NOT the spyware itself.

Advanced users figured it (thank god) and that "Adam" guy from Limesoft (boss) said "they were testing technology on macintosh, its pulled from installation now"

Do I remember that kind of answer and shameless response from somewhere? YES! It was same deal on Win32 topmoxie!

Notice something, I use "spyware" for Limewire, not whatever your product is. If you show users your intentions, you won't get much protest from them.

BTW, as mac users turned out to be "not that stupid", they removed "limeshop control panel" installation from later releases.

Limewire, on mac, while doing such "great inventions" as first spyware on OS x is currently number 1 on download.com mac edition... :)

When are you bundling your shit again Adam Fisk?

Re:It's interesting

[The-Bus]

The attitude to directed advertising programs or "spyware" on Slashdot. Especially when you step outside the parochial echochamber that is Slashdot discourse and speak to people who actually use these programs. On the whole, they are actually happy to get these novelties for "free", like the funny little desktop buddy, or the search bar, weather report or stopwatch.

They are happy to get a girl that dances to your mp3s. However, they are not happy to also get a program that tracks their information and generally screws up the system. If that was part of the install process (WE WILL MONITOR ALL WEBSITES YOU VISIT!) then I guarantee a lot less people will be actually happy. The /. is not actually happy because we know what it does. To them, they just clicked on a kitten screensaver.

Re:It's interesting

[gad_zuki!]

I've found the opposite to be true and I've done tech support in a variety of atmospheres. Once "spyware" became a common word and we were able to talk about it, I have yet to hear anyone say "Yeah, I love the GAIN suite of helper apps." What I have heard is stuff like "I dont even know what that is, it just appeared one day." Sometimes I hear some pissed off outrage when they find out all those delays and crashes theyve been dealing with were caused by these semi-stealth installed programs and their privacy has been violated the whole time.

I think I met one dude who didn't care then the spyware kept multiplying. Afterall these vendors don't care about their customers, in fact they are hostile to thme, so why not abuse the system and turn that one downloaded app into more installs during an "update."

On top if it, a lot of these apps append the sig line in your mail client and professionally its makes the users who use email for work look bad. It makes them look stupid and incompetent. This kind of thing embrasses them quite a bit, and rightly so. A client is going to see a email full of multicolor characters with 4 links to GAIN and think, 'This guy is a moron.'

>Especially when you step outside the parochial echochamber

And once you step out of your "people are stupid/ignorant and dont deserve disclosure" stage you'll understand.

I am very glad both socially (people deserve disclosure and a legalese 10 page EULA isnt) and personally (Im sick of fixing computers) that spyware/adware is the kiss of death and now in the same league as spam and other scams.

Re:It's interesting

[rar]

spyware almost always hides its true intentions deeply into some EULA nobody reads

spyware usually is very hard to uninstall


Wouldn't this qualify directX?
< ducks >

Re:It's interesting

[arminw]

...actively combats uninstalling...

Why is it so hard to remove *any* program from a Windows computer? On old OS9 and new OSX Macs all one needs to do is drag the program into the trash and empty the trash. One can also delete stuff from the startup and extension folders and that is the end of the unwanted software. Simple free utilities make "invisible" files visible so they too can be trashed.

Re:It's interesting

[Dr.+Manhattan]

spyware usually is very hard to uninstall

Last Friday I went over to my cousin's house and cleaned her computer. (Can't quite get her to switch to Linux... yet.) Took all evening, and I finally had to boot into DOS and remove some files that way. One of them called "Wintools" had even set the 'hidden' and 'read-only' attributes, if I hadn't remembered 'attrib' I'd have had to wipe the thing and reinstall.

One of them had screwed up shutdown; it would freeze and she'd have to power-cycle, invoking a scandisk the next time. I don't know if it was intentional (to encourage the user keep the system running) or just crap programming, but either way the damn things could *not* be uninstalled without major surgery.

Re:It's interesting

[efextra]

would you be happy with a car air freshener that reported which gas station you prefer?

Yes, if it was given to me for free on the condition that I let it to do that.

Re:It's interesting

http://www.usc.edu/dept/MSA/economics/nbank1.html

Principles Of Islamic Banking
[This article was published in the 10th issue of Nida'ul Islam magazine, November-December 1995]

For millions of Muslims, banks are institutions to be avoided. Islam is a religion which keeps Believers from the teller's window. Their Islamic beliefs prevent them from dealings that involve usury or interest (Riba). Yet Muslims need banking services as much as anyone and for many purposes: to finance new business ventures, to buy a house, to buy a car, to facilitate capital investment, to undertake trading activities, and to offer a safe place for savings. For Muslims are not averse to legitimate profit as Islam encourages people to use money in Islamically legitimate ventures, not just to keep their funds idle.

However, in this fast moving world, more than 1400 years after the Prophet (s.a.w.), can Muslims find room for the principles of their religion? The answer comes with the fact that a global network of Islamic banks, investment houses and other financial institutions has started to take shape based on the principles of Islamic finance laid down in the Qur'an and the Prophet's traditions 14 centuries ago. Islamic banking, based on the Qur'anic prohibition of charging interest, has moved from a theoretical concept to embrace more than 100 banks operating in 40 countries with multi-billion dollar deposits world-wide. Islamic banking is widely regarded as the fastest growing sector in the Middle Eastern financial services market. Exploding onto the financial scene barely thirty years ago, an estimated $US 70 billion worth of funds are now managed according to Shari'ah. Deposit assets held by Islamic banks were approximately $US5 billion in 1985 but grew over $60 billion in 1994.

The best known feature of Islamic banking is the prohibition on interest. The Qur'an forbids the charging of Riba on money lent. It is important to understand certain principles of Islam that underpin Islamic finance. The Shari'ah consists of the Qur'anic commands as laid down in the Holy Qur'an and the words and deeds of the Prophet Muhammad (s.a.w.). The Shari'ah disallows Riba and there is now a general consensus among Muslim economists that Riba is not restricted to usury but encompasses interest as well. The Qur'an is clear about the prohibition of Riba, which is sometimes defined as excessive interest. "O You who believe! Fear Allah and give up that remains of your demand for usury, if you are indeed believers." Muslim scholars have accepted the word Riba to mean any fixed or guaranteed interest payment on cash advances or on deposits. Several Qur'anic passages expressly admonish the faithful to shun interest.

The rules regarding Islamic finance are quite simple and can be summed up as follows:

a) Any predetermined payment over and above the actual amount of principal is prohibited.
Islam allows only one kind of loan and that is qard-el-hassan (literally good loan) whereby the lender does not charge any interest or additional amount over the money lent. Traditional Muslim jurists have construed this principle so strictly that, according to one commentator "this prohibition applies to any advantage or benefits that the lender might secure out of the qard (loan) such as riding the borrower's mule, eating at his table, or even taking advantage of the shade of his wall." The principle derived from the quotation emphasises that associated or indirect benefits are prohibited.

b) The lender must share in the profits or losses arising out of the enterprise for which the money was lent.
Islam encourages Muslims to invest their money and to become partners in order to share profits and risks in the business instead of becoming creditors. As defined in the Shari'ah, or Islamic law, Islamic finance is based on the belief that the provider of capital and the user of capital should equally share the risk of business ventures, whether those are industries, farms, service companies or simple

Re:It's interesting

http://www.islamonline.net/fatwa/english/FatwaDisp lay.asp?hFatwaID=99645

Title of Fatwa Refuting Claims on the Permissibility of Bank Interest
Date of Fatwa
5/ June/ 2003
Date of Reply
5/ June/ 2003
Topic Of Fatwa
Bank Interest
Question of Fatwa
As-Salamu `alaykum. Many people nowadays are tackling the fatwa of the Islamic Research Academy in which respectful scholars legalize interest on money deposited in banks. They say that determining the percentage of interest is subject to special economic studies. That is to say, it is not fixed but fluctuates according to prices and so on. The percentage of interest, they claim, is also subject to the principle of public interests. But really, I'm not fully satisfied with this fatwa. So what is your opinion on this issue?
Name of Mufti Dr. Hussain Hamed
Content of Reply

Wa `alaykum As-Salamu wa Rahmatullahi wa Barakatuh.

In the Name of Allah, Most Gracious, Most Merciful.

All praise and thanks are due to Allah, and peace and blessings be upon His Messenger.

Dear questioner, we would like to thank you for the great confidence you place in us, and we implore Allah Almighty to help us serve His cause and render our work for His Sake.

Actually, banks consider people's money as loans and not as money for investment in shared profitable projects. But loans which incur interest are definitely riba. It has nothing to do with any economic studies or fluctuation of prices. Moreover, riba is made unlawful by textual evidence and it is not subject to public interests.

In his response to the question, Dr. Hussain Hamed, Professor of Shari`ah at the Faculty of Law, Cairo University, states the following:

"The fatwa issued by the Islamic Research Academy is supported by some arguments that prove that predetermining the percentage of interest on money deposited in banks is lawful and there is nothing wrong with it at all. Hence, I will mention these arguments and the reply to them.

The first argument: Predetermining the percentage of interest is based on a thorough study of the conditions of the market.

In this concern the fatwa reads: "It is well known that banks' pre-estimation of a certain percentage of interest on dealers' deposits is based on well established study of the stock market and its conditions, and of the economic conditions of the society. Fixing interest thus differs according to the circumstances, the nature of each deal, and the average of gains."

This justification is not a point of controversy in itself, because what matters is not the way of fixing the interest. Rather, controversy is on the ruling of interest given to depositors, disregarding its amount and the way of fixing.

Bank deposits are considered loans by law and by the consensus of jurists, and "any increment in a loan is riba," as the Prophet (peace and blessings be upon him) states in his hadith. In reality, banks deal freely in people's deposits; they unilaterally dispose of them by using them in lending to other people for interest. At the same time, banks are committed to pay that money back with interest. These are the characteristics of loans as stated in law, with no regard to how such interest is estimated, what its percentage is, or what the name given to it is. It is no matter whether such extra money given on the capital is called benefit, gain, earning, interest, reward, gift or whatsoever. What matters is the actual results effected by the contract between the bank and the dealers, because contacts are governed by the results they entail. Rulings are generally given to real matters not to hypotheses. Moreover, the claim that banks are just investors by proxy that invest money deposited therein in legal projects has already been refuted by law, Shari`ah, and by experience.

The second argument: The percentage of interest fluctuates.

The fatwa of the Islamic Research Academy states: "It is well known that the percentage of interest

Re:It's interesting

http://www.al-bab.com/arab/econ/nsbanks.htm

PRINCIPLES OF ISLAMIC BANKING

An Islamic bank is based on the Islamic faith and must stay within the limits of Islamic Law or the sharia in all of its actions and deeds. The original meaning of the Arabic word sharia was 'the way to the source of life' and it is now used to refer to legal system in keeping with the code of behaviour called for by the Holly Qur'an (Koran). Four rules govern investment behaviour:

1. the absence of interest-based (riba) transactions;
2. the avoidance of economic activities involving speculation (ghirar);
3. the introduction of an Islamic tax, zakat;
4. the discouragement of the production of goods and services which contradict the value pattern of Islamic (haram)

In the following part I explain these four elements give Islamic banking its distinctive religious identity.

Riba

Perhaps the most far reaching of these is the prohibition of interest (riba). The payment of riba and the taking as occurs in a conventional banking system is explicitly prohibited by the Holy Qur'an, and thus investors must be compensated by other means. Technically, riba refers to the addition in the amount of the principal of a loan according to the time for which it is loaned and the amount of the loan. While earlier there was a debate as to whether riba relates to interest or usury, there now appears to be consensus of opinion among Islamic scholars that the term extends to all forms of interest.

In banning riba, Islamic seeks to establish a society based upon fairness and justice (Qur'an 2.239). A loan provides the lender with a fixed return irrespective of the outcome of the borrower's venture. It is much fairer to have a sharing of the profits and losses. Fairness in this context has two dimensions: the supplier of capital possesses a right to reward, but this reward should be commensurate with the risk and effort involved and thus be governed by the return on the individual project for which funds are supplied.

Hence, what is forbidden in Islamic is a predetermined return. The sharing of profit is legitimate and that practice has provided the foundation for Islamic banking.

Ghirar

Another feature condemned by Islamic is economic transactions involving elements of speculation, ghirar. Buying goods or shares at low and selling them for higher price in the future is considered to be illicit. Similarly an immediate sale in order to a void a loss in the future is condemned. The reason is that speculators generate their private gains at the expense of society at large.

Zakat

A mechanism for the redistribution of income and wealth is inherent is Islam, so that every Muslim is guaranteed a fair standard of living, nisab. An Islamic tax, Zakat (a term derived from the Arabic zaka, meaning "pure") is the most important instrument for the redistribution of wealth. This tax is a compulsory levy, one of the five basic tenets of Islam and the generally accepted amount of the zakat is one fortieth (2.5 per cent) of Muslim's annual income in cash or kind from all forms of assessed wealth exceeding nisab.

Every Islamic bank has to establish a zakat fund for collecting the tax and distributing it exclusively to the poor directly or through other religious institutions. This tax is imposed on the initial capital of the bank, on the reserves, and on the profits as described in the Handbook of Islamic Banking.

Haram

A strict code of 'ethical investment' operates. Hence it is forbidden for Islamic banks to finance activities or items forbidden in Islam, haram, such as trade of alcoholic beverage and pork meat.

Furthermore, as the fulfilment or materials needs assures a religious freedom for Muslims, Islamic banks are required to give priority to the production of essential goods which satisfy the needs of the majority of the Muslim community, while the production and marketing of luxury activities, israf wa traf is considered as unacceptab

Re:It's interesting

[jayhawk88]

What's really interesting is how after 5+ years, thousands of articles, and literally millions of posts, how effective a simple, obvious AC troll still is on this site.

Re:It's interesting

[Lehk228]

if the AC's company has no operations in europe their actions are perfectly legal, I know lots of governemts like to claim jurisdiction over everything their citizens encounter online, but I can assure you they could never enforce such claims (excepting the US govt, they enforce what they want when they want, regardless of national boundries, current administration, or constitutional limits).

Re:It's interesting

[lukewarmfusion]

He sure did. An anonymous company paid him an unknown amount of money to not mention their company, their product, or even his name.

I agree with him. Google's Toolbar has the ability to transmit your info back to Google. They openly admit it and offer you the opportunity to turn it off. Plus, you can uninstall it easily.

That doesn't stop idiots from claiming that Google Toolbar is Spyware or that the entire company is evil. Come on - you're not losing anything by letting someone know where you surf, but you can gain the ability to use their software.

Re:It's interesting

[Lehk228]

how about if every once in a while it would cause your car to refuse to start and wrain the battery to nothing randomly?

Re:It's interesting

[Ilgaz]

If Linux folks spared half of their time purchasing native Linux games from Loki soft and supporting SDL that way instead of bitching about directx eula...

Re:It's interesting

[Quobobo]

That's really interesting, but I can't seem to find any information on it. Do you have any links?

Re:It's interesting

[swv3752]

I think Opera would qualify. As far as I know, it just has a banner ad that runs all the time. Not nearly the same as all the spyware out there.

Re:It's interesting

[swv3752]

The problem with Loki was twofold. One, the guy running it was a sleaze. Two, most of thier ports were old before they started working on them.

Re:It's interesting

Start-->Set Program Access and Defaults-->Change or Remove Programs. You can argue it's actually easier than on a Mac because you don't have to navigate to the folders where the programs have been installed. All programs are compiled into a single sortable list viewable at a glance. As for a free utility to make hidden files visible, in Windows you just go into any folder and Tools-->Folder Options-->View Hidden Files. Couldn't be easier.

Re:It's interesting

[dAzED1]

He sure did. An anonymous company paid him an unknown amount of money to not mention their company, their product, or even his name.

Yeah, because pro-spyware PR doesn't help the industry in general...esp those companies that try to suggest they are legit.

Re:It's interesting

[efextra]

and how about if its allergic to some drivers and kills them. You can add many ifs and buts, but thats not the point of discussion.
Of course if the item is defective and causes harm to the user, its the manufacurers liability(weather it was free or not).

Re:It's interesting

[korbin_dallas]

Sure, hey lets turn this argument around 'kay?

Can I store a garage full of my crap at your house?

Thx, luv.
KD

Re:It's interesting

[Ilgaz]

It was a real funny chance myself getting infected in fact.

Its in just couple of Limewire 3.7.2 beta and 3.7.3 releases for mac. When they figured mac forums getting reports, they immediately pulled it from installation.

I am one (c) freak guy using all original dvds, cds, programs etc. Its really funny I got infected with spyware because of Limewire I mean...

I left a friend alone with my Mac G5, knowing my root pwd and I really didn't think he could be THAT GOOD on macs or forgot how easy macs are used :)

Guy installed limewire to get a rare mp3 he likes and boom, I had java asking permission to connect at morning (netbarrier running here)

What drove me nuts is, I am one of the FIRST guys figured TopMoxie on Win32 and alerted press (Wired etc) about it.

They figured mac users are aware of what that thing does and pulled it.

here is a forum posting for you, on a real popular mac website.
http://forums.macnn.com/showthread.php?s=&threadid =195695

About Top Moxie? Oh man, that thing was more evil than satan... Can't imagine how much money went to wrong hands instead of non spyware legit referrers of Amazon.com etc.

http://www.symantec.de/avcenter/venc/data/adware.t opmoxie.html

Looks like Symantec analysed a recent version. That thing is written by very advanced java authors itself, read: Limesoft. It was first bundled with Limewire/Windows and OS integrated firewalls like Symantec firewall AUTOMATICALLY granted ALL rights to it since it was using SIGNED Microsoft JView to run. So, Jview, signed app, you get alert from firewall which RECOMMENDS to enable access since its signed microsoft system part.

Understand the trick? Since its SAME trick used on Limeshop/OS X

Oh it did one "cool" thing on windows...:) You know there are poor coders, freelance authors etc making money to run their sites via referring books,cds from amazon etc? It rendered such URLs (childs toy to get current url from IE) and REPLACED it with some limewire referrer.

Looks like they changed that attitude since Amazon and major, LEGIT referrers threatened a lawsuit against them.

We _must_ keep an eye on that Limeshop and TopMoxie, especially Java fans and developers. This is one cool(!) and evil way to unleash Java "run anywhere" potential. As its written in java, imagine 1 year later we speak about J2ME (java micro edition) spyware which is installed to Cell Phones, PDA's and Nokia, Ericcson give option to their customers to DISABLE Java via firmware.

Or lets say, you see people bragging about Linux,BSD is free of Spyware? It can easily change with that java sneaky thing.

Re:It's interesting

[khrtt]

Yeah. But Windows application programmers have to do a consious non-trivial effort to make the program uninstall cleanly. Guess what - this is very low on the list priorities for most developers. If they don't, the program leaves crap behind - files, registry entries, etc. Entries with obscure names, scattered around several system directories, each with several tens of thousands of entries with even more obscure names. A luser can't deal with that! You, a knowledgeble person, can't really deal with it either, unless you have too much free time on your hands.

This system is really easy to fix. All you need is, well, something like RPM, that manages contents of installation packages without effort on the part of the app developer. Unfortunately, a good installation system is not high on Microsoft's list of priorities either. Also, I'm not sure the shit in HKCR could be made easy to get rid of without a complete system overhaul.

What do they use for settings on Mac? Hope they don't have a registry..

Re:It's interesting

[Jeff+DeMaagd]

I don't want any information sent about me. I also have a problem with the business model of giving people a trinkety product in exchange for letting a company use you for market research or whatever. I won't use the product.

While there is a spectrum of behavior, I try to avoid allowing even tracking cookies.

Re:It's interesting

[Ilgaz]

Oops, I noticed I got infected by a Limewire 4 (final) version, not just 3.7.2.

If you look at that macnn forum topic I referenced, you will see another "Adam" promising it was pulled from installation. Notice he and all guys speak about 3.7.x versions.

Now, its 4.x level and some of builds got Limeshop installed.

It can give a clue about their tactics. I am expecting a Limewire corp post in reply to my post REAL SOON btw.

Seems they dig web and sites like slashdot for words "limewire" and "spyware" and reply with non honest comments as stated above.

sorry replying to my own post, I had to inform any OS X users out there...

Re:It's interesting

[thefatz]

Note: "Like, for example, in my religion, interest based financial transactions are not allowed."

Also note: the said religion also chooses not to bank with interest, but has an interest in flying airplanes into some of the biggest banks in the world (WTC). .....

But I guess im a christian, I deserve to die.

Re:It's interesting

(and what made you think you'd get karma for admitting to writing spyware?)

Because it's slashdot. Anything more than two paragraphs long that doesn't mention the GNAA is modded up.

(posted anonymously, to dodge the karma bullet for mentioning the GNAA)

Re:It's interesting

Farrakhan Denounces Terrorist Attack

By Jay Hughes

Associated Press Writer

Monday, Sept. 17, 2001; 1:06 p.m. EDT

CHICAGO -- Nation of Islam leader Louis Farrakhan condemned the "wild beasts" who carried out a terrorist attack on America and agreed with government leaders that a strong response is warranted.

But during a Sunday service at Mosque Maryam, he also hinted at doubts about whether the administration should declare war on terrorism.

"Indeed, this was an act of war. The leadership of America and the people of America are justly angry," he said. "We agree with President Bush that there must be an appropriate response, but anger and wounded pride must not determine what the appropriate response should be."

Farrakhan denounced the attacks in New York and Washington on behalf of the Nation of Islam and American Muslims.

He also said U.S. foreign policy has helped foster overseas hatred of the United States, and suggested policy changes as part of any response.

The overflow crowd cheered as Farrakhan recounted how many people jumped to the mistaken conclusion that Muslims bombed the Oklahoma City federal building in 1995 and talked of attacks against Muslims after Tuesday's tragedies.

"As Muslims, the greatest thing we can do right now is pray because it looks like this war could take American soldiers into Muslim countries and many innocent Muslims could die," Farrakhan said.

© Copyright 2001 The Associated Press

Re:It's interesting

OT

Even some linux users are bad, just look at the DDOS at sco.com.

Way to slip that into your post. No doubt that some people are overzealous about what they like (including Linux), but SCO's press releases are the only "proof" that the DDOS was a) real, and b) perpetrated by a Linux advocate.

Re:It's interesting

We've got a Fox News viewer here, folks! Better call the army, them damn Moslems are coming again!

Re:It's interesting

the ddos of sco.com was a bad attempt by darl macbride to gain public sympathy... it never actually happened

Re:It's interesting

[Hobophile]

When you loan an amount on INTEREST, you always make a profit. The more money you have the more profit you can make. The rich get richer - faster.

This line of reasoning is absolutely misleading. With any loan there is a significant possibility of default. Profit is not guaranteed, and the interest provides economic motivation for people with surplus cash (the "rich") to loan money to people who need it.

Furthermore, this completely ignores the benefits that the borrower obtains from loaned capital. The ability to leverage money not your own is incredibly powerful, though not without significant risk. You can borrow funds to invest in a business or real estate, and done properly you have a good chance of making yourself quite a bit more wealthy. In many cases your return will far outstrip that of your lender.

When you invest that same amount in a business, you can loose that money. You cannot sit on your ass all day and hope to make money.

By any measure, buying stock in a company is investing in its future growth potential. The average shareholder can do very little to guarantee this return except sit around all day. Further complicating this worldview is the notion of "investing" in the bond market, which essentially involves purchasing shares in interest-bearing loans.

Delve deep enough, and you get to the core concepts of capital, investment, and return on investment. What you are essentially suggesting is that one kind of ROI is "bad" (interest) while others are "good" (dividends earned through hard work). While this is an intriguing premise, there is no logical method of obtaining this conclusion.

It should be noted that much of the utility of wealth lies in its ability to let you choose to work hard only for the things you want to. There is no great benefit in suggesting that hard work itself is moral; people can and do work very hard for extremely selfish or malicious purposes.

Re:It's interesting

[NoMercy]

I think he mentioned that they were available from download.com, that service is available within the EU.

Re:It's interesting

[clodney]

For trivial programs (an exe, a few DLLs, collateral files), an uninstaller is indeed trivial, and is usually created automatically by the installer provider (MSI/Installshield/Wise, etc.)

For larger apps or ones that have more complicated installs, an uninstaller takes some work, but nowhere near the scope required to write the program, or even to do the installer.

And it may be low on the priority list for most developers, but that is no excuse for writing a crappy product.

Re:It's interesting

[shokk]

Yeah, they're really happy to see security holes opened on their system, and how they are unable to use that brand spanking new 3.4GHz system as the CPU is fully consumed running hundreds of unwanted processes. I saw 800+ at one victim's system before applying the double-whammy of Spybot and Ad-Aware (non-commercial user). I'm going to check out SpySweeper to see how it fares vs the other two for keeping on my USB keychain thumb drive for when I visit friends. Since they have a Corporate Edition of Spy Sweeper I'll see about a demo for our company.

I encourage everyone else to do the same: test these tools and see what fits your environment and wallets. Even though these don't cost all that much per-seat, the cost adds up across a few hundred seats. Start small and see if you can get buy-in from small departments. Sales groups are especially vulnerable since they provide the proper combination of really needing to check out every email for leads and some good ol' fashioned "duh, which end of the mouse is up." Next sprinkle in a few secretaries/AAs. You may not even need to move beyond that to stem the tide of unwanted software.

Re:It's interesting

[NeoSkandranon]

You consider running an "uninstall" program hard?

Re:It's interesting

Reading through your history, it's clear to me that you, sir, are a fucking idiot. The majority of your past posts are simply outlets for your hostility towards people who disagree with you politically or religiously. If you don't agree with Democrats, non-Christians, etc... then either do something intelligent about it, or shut your stupid yap and get the fuck out. Right now you just sound like a whiny bitch who's badly in need of a good old fashioned spanking. You don't deserve to die because you pretend to be Christian while completely missing the entire message of Christianity - you deserve to die because we already have too many fucking annoying morons on this planet.

The mere fact that you associate all of Islam with the actions of a tiny, radical, very vocal minority speaks volumes on your intelligence.

The Islam extremists responsible for the WTC attacks are no more representative of all of Islam than the KKK are representative of Christianity.

Dumbass.

Re:It's interesting

[NeoSkandranon]

Who's fault is it they didn't read the agreement r look into what "data" was being collegcted?

The user's, ultimately.

Re:It's interesting

Not the original AC, but yes, in general, people are happy with the spyware crap, or at least the stuff that can give them something that they percieve as benificial.

The biggest offenders that I've had to deal with are "Smiley Central", Weatherbug (Not to be confused with the Weather Channels own weather reporter), and "My Search Web". All of these offer something that end users want, and they all fall into the spyware catagory, and they all are popular with the end-user in every place that I've been. Even at places where I haven't worked, and just had a chance to look at the monitor. People love these things.

The problem with these of course is that in addition to being resource intensive, they'll often turn off the active x confirmation settings in IE, thus allowing all the crap that people don't want. The stuff that actually slows down the computer without having any benifiets.

Re:It's interesting

[Shoten]

-Nevertheless, I advise you in future to eplace the words "Crunchy Frog" with the legend, "Crunchy, Raw, Unboned Real Dead Frog" f you wish to avoid prosecution!
-What about our sales?
-FUCK your sales! We've got to protect the public! Now what about this one, number five, it was number five, wasn't it? Number five: Ram's Bladder Cup. (beat) Now, what sort of confectionery is that?!?

Perhaps someone will come out with a bit of adware someday with the name of "Lark's Vomit" or "Anthrax Ripple?"

Re:It's interesting

[hackstraw]

(and what made you think you'd get karma for admitting to writing spyware?)

Not to mention that posting anonymously while logged in can get your entire subnet banned from posting to slashdot. This can and does happen if your karma is "too low". And "excellent" is not high enough to be "too low".

Moral of the story. Log out before posting anonymously.

Re:It's interesting

[gilliboo]

The only people who like to see those (IMO) annoying things like extra search bars or the funny little desktop buddies are the people that don't realize the side effects.

They're the same poeople who come looking for answers when their computer starts taking 10 min to boot up or when performance grinds to a halt because the system uses 400M of memory in an "idle" state.

Re:It's interesting

[rainman_bc]

Agreed. Most spyware runs using two executables monitoring each other. If one process is ended, the second executable starts the other prcess up again. Seeing as though you can't end process on two tasks simultaneously, you're pretty well screwed.

And both processes actively monitor your registry for the run folder.

I've also seen Mirc installed as msmmgs.exe (notice the two m's? Took me a while to notice). They use existing processes and slightly rename them so they don't catch your eye.

Ever since I moved ppl over to FF though, I seem to be getting way less spyware calls now. Yippie!

Re:It's interesting

[hackstraw]

spyware almost always hides its true intentions deeply into some EULA nobody reads

spyware usually is very hard to uninstall

In other words, spyware like most spam depends on a business model based upon deception. Using deception in a business model is also known as fraud.

fraud (n.) -- A deception deliberately practiced in order to secure unfair or unlawful gain.

Fraud in the US is illegal.

Therefore, most spyware and spam are alread illegal in the US.

Look lawmakers you can give yourself another raise and take the rest of the day off. Your work is already done!

Re:It's interesting

Unfortunately you're very uninformed about the problem like most people. The most damaging spyware is never included with a click through EULA, a "Yes I agree" or anything of the sort.

One day you decide to go search google for good pricing on a Satellite dish. You click a link which appears to be a legit result but really is a timebomb waiting. 15 popups immediately happen upon arriving to the page. You Alt-f4 and close any window that comes up.

Immediately after you run ad-aware and realize you now have 15 different flavors of spyware installed. Let your computer idle for another 30 minutes and you'll have double as they remotely download themselves. There clearly is *NO* way someone can prevent this without having an active shield going. Spysweeper in most cases would stop this from happening or lessen the effect.

Re:It's interesting

[bhtooefr]

Give some proof. I've never heard of this.

I've posted anon while logged in, and never SEEN such a thing.

Re:It's interesting

[bhtooefr]

Well, there's spyware, full-disclosure spyware, and adware.

Spyware may not even show that it's doing anything, or it'll mask as something else *cough*those "Your computer may be infected with SPYWARE!" things*cough*. Full-disclosure spyware will TELL YOU that it will get data that may even be personal data, and make it VERY clear (not like Claria, which, IIRC, put those things at the END of the EULA) - think like Google Toolbar, except with personal data. Adware is something that displays ads while you are using it (some adware is also spyware).

Opera is adware, except when it is in Google Ad mode, in which case it's actually borderline full-disclosure spyware (it doesn't send personal information, though, just URLs, and even then, only Google gets the URLs, and provides related ads based on what text it gets from the page). Even then, I'll still use it, as it's lighter weight than Firefox or IE EVEN WITH THE GOOGLE AD COMPONENT, and has more features.

Re:It's interesting

[Tassach]

We didn't do drive by installations, or hide our intentions: we just traded our customers data for use of our program

And in your moral code "just" pimping out your sister isn't wrong either, as long as you're not hiding your intentions. It's a cop-out and you know it.

Did your program pop up a message when it started saying "WARNING: We collect your private information and sell it to the highest bidder"? Did you tell the user exactly what data you were taking and what you were using it for UP FRONT in CLEAR LANGUAGE, or was it in obfuscated legalese buried at the end of a 12-page click-through user agreement? In other words, would a clueless newbie (your grandmother, for instance) realize that their privacy was being violated, or would they just say "oooh, neat stuff for free"?

"It's not illegal" isn't an acceptable excuse for engaging in scummy behavior; you may not be a criminal scumbag but you're still a scumbag.

Everyone can (and should) turn down job offers from employers who engage in ethically dubious business practices, even if it means making less money. I turned down a job 6 months ago even though it meant a more money and a shorter commute. The advantage is that when my son asks me "what do you do, daddy?" I can say "I help scientists find a cure for cancer" instead of "I send people junk mail."

Re:It's interesting

[Nopal]

When you loan an amount on INTEREST, you always make a profit. The more money you have the more profit you can make. The rich get richer - faster.

No, you are missing the point of interest. When you loan an amount with interest, you are accounting for the future value of money since money tends to depreciate due to inflation. It's simple microeconomics: $1,000 20 years ago is not the same as $1,000 today. $1,000 20 years ago is equivalent to roughly $1,500 today, assuming a very conservative 2% yearly inflation compounded yearly. That doesn't take into account the amount of money that the lender can make with that $1,000 if he invested it in a business for 20 years instead of lending it.

So in any type of free market society, loans would be fiancial suicide if interest could not be charged. As the incentive to loan, the interest rate is designed to yield a small profit. Banks make money because in essence they create money (due to the money supply multiplying factor), so they can make a small profit on loans because they expand and contract the money supply and thus keep both runaway inflation and runaway recession under some level of control. You'd be surprised how thin the profit margins of banks actually are. If you are a bank, it's extremely easy to go into bankrupcy if you aren't paying very close attention. The risks they take and the services they provide is in essence how and why they get paid.

I suggest that you read a little bit about Keynesian macroeconomics and how modern free markets couldn't exist without banks because of the effect that banks have on the money supply due to interest loans. A measured amout of what you call "greed", my friend, has in a sense made possible the computer and the Internet that you are using to read this, and has brought a higher standard of living to the world than almost any other force, including religion, and I say that while being deeply religious myself.

Re:It's interesting

[Sein]

Too bad that affiliate commission stealing trick is what keeps Gator/Gain/Claria, CoolWebSearch, WhenU, 180Solutions. lop.com and others in business - without anyone suing them.

Thiefware is a major problem for anyone involved in affiliate marketing - they are essentially basing their business model on large-scale theft. And they're getting away with it too.

Re:It's interesting

[ChrisMaple]

Like, for example, in my religion, interest based financial transactions are not allowed. The only people who say its ok are bankers!

Much of civilization and technology would not exist without "interest based financial transactions." Without those transactions, people with money would have no incentive to loan money to people with ideas. So: commercial borrowers like them. So do people with money in savings accounts.

Re:It's interesting

> Yeah. But Windows application programmers have to do a consious non-trivial effort to make the program uninstall cleanly.

Yeah. But spyware application programmers go to a conscious, non-trivial effort to make their programs not removable at all. Dual processes that monitor each other and relaunch a killed partner, using the hidden and readonly attributes, using almost Windows system filenames, using said names in Run registry keys, blocking spyware programs, etc.

Not nearly comparable to a lazy developer that leaves harmless (but annoying) remnants of a program behind.

Re:It's interesting

[superpulpsicle]

I think the line between software, spyware, adware in general has been blurred too much. M$ Windows is either showing real signs of collapse or just milking people for money to buy more scanner software.

Re:It's interesting

[hackstraw]

Give some proof. I've never heard of this.

http://slashcode.com/

Get the code and search for:

"Due to excessive bad posting from this IP or Subnet"

Also, google for that phrase.

This also happened to me and I am a subscriber, and have a pretty clean posting record and my karma has been labeled as "excellent" for years. I don't remember it ever not being "excellent".

It could have been someone else on my subnet, but I don't know. I almost ditched slashdot for good after that. It pissed me off pretty bad.

Re:It's interesting

[Lehk228]

that doesn't matter, EU authorities could make download.com take down the file, but that's about it.

Re:It's interesting

[bhtooefr]

What did you post as AC, and did you ever e-mail CowboyNeal (IIRC, that's who you e-mail to plead for permission to post again)?

Re:It's interesting

[khrtt]

Not nearly comparable to a lazy developer that leaves harmless (but annoying) remnants of a program behind.

In other words, there are, indeed, evel people in this world:-). Who would've though!

Re:It's interesting

[dbacher]

The key phrase here is "operates in the UK."

The problem here is that in the US, we currently have no laws requiring this at a federal level. Enforcing European laws internationally is unlikely to happen; the US has tried to shut off sites that aren't operating within US laws internationally, and the WTO has turned us down every time (gambling, etc.).

The other big problem is defining spyware accurately and consistently.

I have real problems with some of the programs that AdAware and Spybot flag as spyware/malware. Some of these programs shouldn't be flagged, but are.

When a Virus Scanner finds a virus, you can usually exclude it from future scans. When a Virus Scanner finds a virus, you can usually click on a button to have an accurate description of what it does, and what its impact is.

I think that what's really needed is to have some system of categorizing risks in the spyware systems, so you can say "hey, you know what? it's OK for a program to 'phone home' for DRM, but I don't want it tracking me."

An example of this would be wild tangent, which phones home for DRM purposes. When you view wild tangent content, whoever wrote the content gets billed. It has to phone home to do that, and personally, I don't see it as a privacey risk, and it's not a performance risk since the client is only loaded if you view a site that HAS tangent content.

At the very least, the amount of information removal programs give needs to be greatly improved.

Re:It's interesting

[jo42]

>they are actually happy to get these novelties for "free"

Now when this poorly coded cr*p screws up their computer, making it run slow, or not do things properly anymore, etc.

Re:It's interesting

[berzerke]

Who's fault is it they didn't read the agreement r look into what "data" was being collegcted? The user's, ultimately.

Of course, that's why most of these spyware programs that *DO* have a license agreement (not many IMHO; how many drive-by downloaders have a license agreement at all?) are designed to be as unreadable as possible. You need a law degree to understand most of them. And at many, many pages long, why bury the "good" stuff down near the bottom? Why not put it right at the top in clear language? Maybe because the spyware programs are trying to hide what the programs do???

Re:It's interesting

[Ilgaz]

I checked your website, yes it hurts legit referrers but you should also guide people not to spam etc.

It is truly lacking from your website.

Re:It's interesting

[Sein]

That's in the optional course people can register for, in the privacy policy, the terms of use, and in most of the basic books - including the one that doesn't require anything but a click on the cover to download. But if you got any more suggestions for where to put it, I'm game ;)

Re:It's interesting

I do think people overextend themselves on credit and it is overall going to hurt the US, however the concept of lending and investing are essentially the same when you get right down to it. Both can be benficial to you as an individual if you are wise, and either party can lose their investment (after all if you take out a loan, the lender is essentially buying a bond from you, you could always fail to pay).

Anyway, more importantly, WHAT RELGION IS THIS? I have never heard of any religion with this tenet.

Re:It's interesting

[Darthmalt]

My cousins gave me what was at the time a pretty decent computer with *shudder* winME that "didnt work". Because it wouldnt even finish booting anymore.

I started it in safe mode went to the startup menu, and fell in the floor laughing. The only thing wrong with it, besides the fact that it had ME on it, was that my cousin had d/l so many spyware/malware/tollbar crap that the computer didnt have enough processing power to get it all started.
after disabling all that crap and running spybot and adaware it started just fine.

Re:It's interesting

Welcome to the drug industry. "There is more money to be made in the treatment than in the cure."

Re:It's interesting

>WHAT RELGION IS THIS?

Christianity and Islam are two religions I know of that cast interest in a negative light.

(The Catholic Church started allowing interest-bearing loans when the Columbian Exchange was starting, and explorers/exploiters needed funding for voyages; that is why people who were Jewish--and exempt from the Christian prohibition--were involved in financing many courts before Rome allowed loans.)

Re:It's interesting

[VoidWraith]

There's a huge difference between a banner ad on someone's site and your typical spyware program.

Unless of course, its like the banners we saw mentioned the other day that lead to an adware download, in which case, they're just as bad!

I agree with you completely. No matter what software does, it should be made obvious, and made possible to remove. If it doesn't do that, I will call it unethical. I would go so far as to call it malicious. If it gets in the way of ME doing what I want to do with MY computer, then its malicious. It doesn't matter if its five hundred kilobytes of RAM and a couple processor cycles, those are MY processor cycles and kilobytes of RAM.

Its like having a house and someone comes along and installs hidden surveilance, or ads all over and if the owner tries to remove the ads or the surveilance it tries to avoid being removed. Perhaps these ads or surveilance were bundled with a superfluous lamp the owner bought, and being the "smart consumer" they were, got it for a seemingly very good deal! The lamp came bundled with legalese documents which were in the box, but written in all caps and a stack of paper the size of a dictionary. Who is honestly going to read that?

Re:It's interesting

[Master+of+Transhuman]

Right - catch us begging Cowboy for the PRIVILEGE of posting...given the level of piss-poor karma ninety percent of /. posters should have.

Fuck him.

Re:It's interesting

Strong Sad: Did you get a virus?
Strong Bad: No.
Strong Sad: Did you get 400,000 viruses?
Strong Bad: Yes. Very Yes.

Re:It's interesting

[sabernet]

I helped fix computers that were screwed up due to spyware. Many of which had spyware that would actually replace the intended links on certain webpages with those of the spyware application's sponsers.

Also, my parents had to go on dial-up. They had so much spyware on their system their internet connection was worth sh!t due to all the bandwidth used to deliver their info to sponsers.

I have no pity for fallen spyware nor would I disagree with criminal records and/or fines to those who install applications secretly(page 9 on a EULA is bullsh!t), and make them impossible to remove EVEN AFTER the application ITSELF if removed.

Nice tactic to go AC. Many misguided souls go that route.

All I can say is that if you do work for a company condoning that nonsense, keep that sh!t away from my family.

Re:It's interesting

[idontgno]

The way most spyware works, I think the best confection name would be "Spring Surprise".:

Milton: Ah - now, that's our speciality - covered with darkest creamy chocolate. When you pop it in your mouth steel bolts spring out and plunge straight through-both cheeks.

Praline: Well where's the pleasure in that? If people place a nice chocky in their mouth, they don't want their cheeks pierced. In any case this is an inadequate description of the sweetmeat. I shall have to ask you to accompany me to the station.

Re:It's interesting

We didn't do drive by installations, or hide our intentions: we just traded our customers data for use of our program.

Which data did you trade? Names? Addresses? Social security numbers? Passwords? Credit card numbers? Do you know exactly what you collected, or how it was to be used by the people who bought it? That's the problem most people have with spyware. Personal details of their life that they *wouldn't* tell to any random person they passed in the street are being sold to whoever wants them. Often this fact is obscured from end users by glossing it over as "market researching" or other buzz-words which don't describe the actual details.

If you do not specify to the end user in a larger font than the rest of the license agreement exactly what information, and what possible information could be shared, and to who, then I have nothing but contempt for you. I have some pity for the users who expect their computer to behave like a typewriter or other appliance that doesn't have the capability to financially ruin them by spreading their personal secrets to unknown parties.

Re:It's interesting

[swv3752]

The problem with Loki was twofold. One, the guy running it was a sleaze. Two, most of thier ports were old before they started working on them.

How is the above a troll?

The president of Loki was not paying his employees, used one employees credit card to charge up a bunch of expenses while he continued to draw a salary. As for point 2, the only port that I would call timely was Tribes2 as it came out concurrent with the Windows release.

Re:It's interesting

[_Bucktooth_]

With any loan there is a significant possibility of default. Profit is not guaranteed, and the interest provides economic motivation for people with surplus cash (the "rich") to loan money to people who need it.

Most financial institutions lend only to those with minimal risk of default (those with a lot of capital). To those with a higher risk of default, they will lend only with collateral. Therefore, lending becomes a no-risk business. So the rich lend to the rich, but the poor who do not have assets have much less opportunity.

Those who can't borrow from licensed banks and such will probably have to go to the loan-sharks, who have their own methods for minimizing loan defaults.

Spyware

[cheezemonkhai]

Well Spybot may not do great, but it certainly does enough to clean up a persons PC so it works again without crashing every 5 minute.

My reccomendation is firefox or mozilla or even opera if you prefer it.

I do however note that if you take a clean system and then visit msn.com, then run spybot etc you will find that there are little evils that appear on your system.

It now appears that the best option is to wave goodbye to MS if you can. Pick a nice linux distro (eg Ubuntu or whatever suits you) or even MacOS X and feel that little bit safer.

Re:Spyware

[MoonFog]

A lot of the spyware you get is just cookies from servedby.com or something that registers what sites you visit etc. You're not safer from them on Linux than you are on Windows.As long as you accept cookies, they'll be there.

I just use Firefox's cookie handling. I disable cookies and choose to allow only certain sites to set cookies (such as gmail, online banking etc).

Re:Spyware

[cheezemonkhai]

I find the really destructive stuff seems to play with the registry which is why I suggested an alternative OS.

Of course not running as Admin or Root helps for these as does not using IE.

WIth FIrefox I tend to allow the cookies, then blast them when I close the window. Makes browsing easier as some sites are persistantly annoying in the fact that they won't work without cookies enabled.

Re:Spyware

[MoonFog]

I know, but I was talking only about spyware cookies. You're not safer on any other OS than Windows. The cookies don't care what privileges you have, it just registers your traffic. Deleting every cookie still requires you to log in to a forum (such as Slashdot) every time. Thus I enable cookies for Slashdot. If a site requires me to use cookies, I will look at what cookies it actually tries to set and perhaps allow it for this session. It comes down to a matter of preference how you like to handle cookies though.

Re:Spyware

Funny, every six months or so, I install the latest various spyware searching tools, virus scanners, what-have-you and do a rather thorough sweeping and every time, it comes up absolutely clean and this particular machine in my home runs Windows, though I also have a few other OSes in the home as well.

Here's the trick: Don't run IE, keep updated, have a good NAT solution (which you should have regardless of OS), be aware of what services you have running (another big one, regardless of OS, as some distros require tuning in this regard, too), don't open strange email attachments (You may skip running Outlook, but that's no longer an issue.. I use TheBat!, myself). The rest really is being picky what you choose to install, such as weather reporting services that come 'bugged', which I'm sure likely will become a problem for other platforms in time if they see a market in it.

But, this is going to kill most people... Stop fucking downloading all those pirated programs off of P2P and various public trackers. Those are cesspools for repacks of releases and can include various little 'extras' that wind up with trashed machines. Same with some crack sites out there. I've sadly seen this happen to friends. This is one of those little 'gotchas!' people don't ever seem to mention, probably because they think those people deserve it, which I'm not going to debate.

Anyway, posting Anon since I'm sure anyone who displays any sort of competence running Windows will be shot down in flames here, regardless of whatever else I run.

Re:Spyware

[Artega+VH]

i used to get it to prompt me... but i just go so tired answering questions for every single cookie... often i'd spend as much time clicking Allow, Deny or Allow for session as i would reading a site.. so now i just let them all go thru and prune out the ones i don't like (and use adblock to stop me connecting to the really bad advertising sites)...

Also note that since i've moved to OS X i'd had to spend heaps less time messing around with this stuff.. i spend much more time maintaining my debian server :p

Re:Spyware

[dave420]

What the heck are you on about? I run Windows, and I've had no problems with spyware ruining my PC or crashing it. I'm fed up with all this "ooh better stop using microsoft, otherwise your face will melt clean off" bullshit. I thought you guys were professionals? Why are you spouting this FUD about microsoft? If it was as bad as everyone here says, no-one would be able to use it at all, as their computers would be simultaneously blowing up and sending their credit card information to north korea.

There are PLENTY of things people can do in windows to protect themselves as much as they want. Suggesting moving to another operating system shows your real intentions here.

I apologise if this sounds pretty harsh, but I'm pissed off with the lack of professionalism or objectivity on this site.

Re:Spyware

[cheezemonkhai]

Hmm lets see...

I can install apps x, y , z and utilities p, q & r.

I must update all of these regularly and patch my system almost consistantly.

For the average user a swap to MAcOS X or similar is far easier than putting up with this crap. I have just given a live CD to my father who was pleasently supprised and is now considering a switch to linux on the PC. His next computer may be a mac or a PC that depends on his needs at the time.

I'm not MS bashing, I am pointing out that an average user should not need to worry as much as a windows user does about patching their system.

Face it most users don't path or install 101 wizzy utils to clean up your system.

Re:Spyware

[dave420]

Let's really see...

I can install apps x, y, z and utilities p, q & r.

The apps update themselves without my intervention.

There's no crap to put up with. I don't update my software, my software updates itself. This is what I mean - you're not telling the truth here. You're saying Windows is at the state it was 5 years ago, when it clearly isn't. As for spyware, just install adaware, and it'll protect you perfectly. Heck, I still use IE, and my computer is still mine, running without any spyware at all, with no intervention from me whatsoever.

It clearly is MS bashing if you misrepresent the truth on such a massive scale. From your post, a newcomer to computers would assume it's impossible to run an MS windows box without having to manually update ever single thing on it. That it's insecure and will become compromised within minutes. It's pure FUD, and not in the least bit true.

Re:Spyware

[Rytr23]

"I apologise if this sounds pretty harsh, but I'm pissed off with the lack of professionalism or objectivity on this site" hmm..I'm thinking your IE rendered this page incorrectly.. this is Slashdot, home of the lack of professionalism or objectivity.. Wait.. Maybe I'm being obtuse here and your post was supposed to be funny... Doh..

Re:Spyware

[GigsVT]

You apparently don't have to go clean up loser's computers at a company where they have little in-house talent or IT management.

It's not unusual to find a computer so laden with spy and adware that it crashes during boot, every 10 minutes, or serious parts of the OS are damaged.

An example, there was a computer I worked on, so laden with spyware that IE couldn't pop up the download dialog box, and since Windows doesn't include useful utilities, I couldn't wget or anything like that either. The CDROM was broken so I couldn't boot into linux either.

It really is as bad as everyone says here. People use it because they don't know better, and because those shiny boxes in Best Buy contain software for it. They don't realize there's a whole other world out there where software doesn't come in shiny boxes, and you don't pay "per user" for permission to use your own hardware.

Re:Spyware

[Threni]

> I apologise if this sounds pretty harsh,

It sounds like you have an anger management issue. Is everything alright at home, Dave?

Re:Spyware

[Ruphuz]

as their computers would be simultaneously blowing up
Well, a lot of them are, for sure, blowing up right now. Simultaneously.

and sending their credit card information to north korea
Well, that would be very bad. It does not mean that company is not just bad, or their programs are not bad because they do not particularly send your credit card info.

There are PLENTY of things people can do in windows to protect themselves
Well, it is more like "there are PLENTY of things people MUST do in Windows to protect themselves".

See, I actually have no problems with spyware nor virus because I do know what must I do to avoid these plagues, but one cannot really expect everyone of the hundreds of millions of people using Windows to have this knowledge.

Suggesting moving to another operating system shows your real intentions here
It is far easier than to try to teach hundreds of millions of people how to secure their machines, or even try to convince them to have their machines secured, and to try to convince thousands of current spyware programmers to use their time for something profitful, instead of being coding those pieces of crap.

Moving to an operating system/browser/whatever that is secured from the beginning, and where a user would have to conciously open it up, is not a bad advise to give, IMHO.

Re:Spyware

[lmsig]

um... you did read the article right? The one that talks about how adaware only stops maybe half of the spyware? That's a little bit less than perfect in my book.

While I'm a Mac user I do keep a PC around for the occasional use. This is a machine that I don't really use for anything. Maybe the occasional work product on windows or a game now and then. Noone is downloading all kinds of shareware or really messing with it. I decided to put a virus scanner on it and low and behold I'm completly infested. Mostly due to IE exploits. I'm a professional and know what i'm doing and I get infested. Just imagine joe sixpack.

Re:Spyware

Thanks, Mr. Gates. It's cool that you're willing to post here on Slashdot and even to use our hip lingo.

Re:Spyware

[Reapman]

Slashdot is definitly not objective... however I think the arguments made here are pretty valid... I mean you never hear of SpyWare for Linux or MacOS, if there are it's not nearly as prolific as Windows Spyware, and honestly, I've never gotten SpyWare with Firefox... however, I've used Internet Explorer for, oh, 20 minutes since my last format, and I've already had some programs phoning home (my fault for not running ZoneAlarm or some such program.. oh well) And yes, I only got those programs after running IE.. I'm sure that eventually, if not already, some spyware will exist for non MS products, but until their market share drops out of the 80-90% range, MS products are always going to be mroe "dangerous" then non

Re:Spyware

I apologise if this sounds pretty harsh, but I'm pissed off with the lack of professionalism or objectivity on this site.

Well, that's nothing new (the lack of professionalism/objectivity). I'm happy to see that several mods agreed with you, because I don't have points today. It's pretty rare that someone will get fed up with the FUD, and really stick it to the Microsoft-bashers. Gold star for you, chief.

Re:Spyware

[RoloDMonkey]

...I'm pissed off with the lack of professionalism or objectivity on this site.

Your new here, aren't you?

Re:Spyware

[blackest_k]

first of all who's professional? Some readers of slashdot may be professional but I am certain a lot are not. your asking a lot of a readership that has a number of posters who just post for creating havoc if you read slashdot at -1 you will soon see that comments on slashdot pump through the site like raw sewage with the occassional gem which moderators reach in and retrieve.

While you may be able to run a windows operating system without getting infested with spyware it seems to be the case that many people can't.
perhaps if people could be educated into looking for "open source" instead of "free" when looking for a tool or utility then they might improve their Pc's health.

Spyware often uses two parallel processes to maintain control of a pc, when you go to kill one process the partner process restarts it. these tricky beasts can be killed by booting in safe mode and finding the programs on the harddrive and deleting them. These are the most common ones I have to deal with once I have educated users to run spybot and adaware to remove the easy stuff.

It doesn't help that users like to run things like kazaa instead of kazaalite as an alternative and seem clueless and overly trusting of the files they download- often not even running an up to date antivirus program such as avg (free edition).

Finally while windows is a mess of worms trojans and spyware, suggesting that these same users run linux instead, is pointless they struggle hard enough with windows. linux isn't friendly to clueless users ect...

Maybe a Mac is the real answer for these people but few will migrate to another o/s or buy new hardware so the problem will remain.

perhaps it might help if it was possible to launch linux from within the windows environment. similar to the experience of running amiga os under emulation.
then users can venture into linux as and when they find applications to run under linux and don't have to reboot into windows to run something which doesnt have a linux alternative.

To be objective you can't look at windows and say it is not vunerable to these problems (no matter how well you look after your system). It is equally valid to say Linux isn't a pain free alternative yet.

hope you find this post a little more balanced.

Re:Spyware

[99BottlesOfBeerInMyF]

Why are you spouting this FUD about microsoft?

My father and one of my brothers have windows machines. One is a locked down corporate XP pro SP1 laptop that is remotely administered by professionals. The other is a Windows ME home computer used for web surfing, e-mail, and video games.

About every other time I go to visit them, I walk them through spyware removal to make their machines run at a reasonable speed again. About once every three months, one of them calls me because their machine has become too bad to use and I talk them through it on the phone. They are both average, clueless users. If I could switch either of them to linux or the mac, I would in a heartbeat. My mother only calls for help with her imac when she forgets how to delete things in her webmail or she accidentally kicks the power cord out of the wall.

It is my professional opinion that anyone who does not actually need windows should switch, if they can afford to.

Re:Spyware

[dave420]

I hear what you're saying, but then you might as well condemn air travel, as a pilot could crash his aircraft on purpose. If you run IE unprotected and sans firewall, you're going to get trouble. Everyone knows that.

Where do you go on the net? I've used IE ever since Netscape went shit, and have yet to have these spyware problems I'm told about. JUST CLICK NO, PEOPLE! :)

Re:Spyware

[skaeight]

Yeah, everytime I go home, my brother's computer is so damn infested with spyware it's ridiculous. I've probably spent a collective 5-10 hours cleaning it.

Yesterday my mom said you'll have to look at your brother's laptop again at Thanksgiving, he said it restarts every ten minutes after he turns it on. I told her I was kind of getting tired of doing this, I keep cleaning it up and he keeps messing it up. She asked me, how does it get like this? I said, hmmm....I don't know. I didn't really want to tell her that he's probably surfing ridiculous ammounts of pRon.

Spyware sure is a problem, especially when people use IE and surf less than legitmate sites. However, if you use firefox and keep your websurfing clean, you rarely encounter any spyware.

GRRRR....I really hate being the "IT" person in my family. I spend half my time at home fixing computers.

Re:Spyware

[_Sprocket_]

What the heck are you on about? I run Windows, and I've had no problems with spyware ruining my PC or crashing it.

Years ago, I ran nothing but Win9x. My own home systems were fairly stable and usable. I had no interest in anything but a Windows world. Then I became a "professional".

As a payed IT cog, I had to deal with OTHER people's Windows machines. I got a full sample of Murphy's Law and Microsoft. And then I began to understand some of Microsoft's detractors.

It's not that Windows is absolutely unusable. But each iteration has had, and continues to have, serious issues (bad user decissions aside). And those issues DO, in fact, affect people - sometimes with considerable impact.

No system is perfect. But there are, in fact, very viable alternatives to Windows. For all your talk of objectivity and profesionalism, it is generally rather rare to give fair consideration to a Windows alternate. Even in an environment where it makes very good sense.

Re:Spyware

[nine-times]

I'm fed up with all this "ooh better stop using microsoft, otherwise your face will melt clean off" bullshit.

Many of us aren't so extreme, but "better stop hooking a default install of Windows straight to the internet, or you're asking for trouble" is a pretty fair statement.

There are PLENTY of things people can do in windows to protect themselves as much as they want.

True, and there is much to be done to a Windows install before it's ready for general internet use. You really need to install an Antivirus. You need a firewall (MS Windows XP built-in does not count). You need several pieces of spyware-protection/removal software (perhaps someone will come out with a good comprehensive solution soon). I'd highly recommend not using Internet Explorer except for sites that need it (Windows Update). I'd keep up to date on the Critical Updates for Windows. And, if your computer has any users who aren't computer people, and I'd run it in a user account, not the administrators or Power Users account. Unfortunately, since the default is to run in an Admin account, many developers have made their programs to run in only an Admin account, so running in a user account is problematic, but still recommended.

You take all the necessary precautions, and you're pretty close to the level of security found in the default, out-of-the-box install of most Linux distros or MacOSX-- which is to say, not totally secure, but sufficient for most cases. In no case is any system perfect, and if you have an uneducated user with admin-type rights, you're likely to run into problems on any system.

Suggesting moving to another operating system shows your real intentions here.

No, actually, suggesting that people use the best tool for the job that they're doing is my serious PROFESSIONAL advice. Yes, like many here, I support these sorts of boxes on a daily basis. Linux, MacOS, and Windows. Many people are familiar with Windows, and they're dealing with clients who run Windows, and they need to run programs that only have Windows versions. In those cases, Windows is what I recommend. If you're looking for a web server, in most cases, I'm going to recommend a Linux/Apache solution, unless there's some special need. For general desktops, I used to favor Windows, but since OS X 10.2, I've been leaning more in the direction of Macintoshes, whenever the needs of the user allow for it. However, both Gnome and KDE are looking pretty good, as are OpenOffice and Evolution, so in some cases, I have advised that someone try out an Ubuntu install and see if it works for them.

All of this to say, I am a professional, and it's my professional opinion that Windows is often not the best solution. Currently, what tends to make it the best solution is hardware/networking/file-format/application incompatibilities due to the fact that most of the world runs Windows and MS doesn't tend to make their software compliant to any sorts of standards (other than their own standards, which no one else has access to). In other words, Windows is almost only the best solution when you're suffering from vendor lock-in.

It's my semi-objective and professional opinion that you shouldn't use Windows unless you have to, and when you do have to, take the time to secure your box properly.

Re:Spyware

[robpoe]

>>I apologise if this sounds pretty harsh, but I'm pissed off with the lack of professionalism or objectivity on this site.

You MUST be new here. Welcome to Slashdot.

Re:Spyware

[drew]

There are PLENTY of things people can do in windows to protect themselves as much as they want. Suggesting moving to another operating system shows your real intentions here.

yes, there are planty of things people CAN do, but not many that most pc users ACTUALLY do. my dad was about to buy a brand new computer because his was too slow (p3 450 which he only uses for browsing the web and occasionally microsoft office.) i convinced him to ship it out to me so i could check it out before he bought a new one.

the first time i booted it up, it took over ten minutes before i could open a window because over a dozen little programs opened themselves up in the taskbar. (when i asked him about them, he said he didn't know where any of them came from) i couldn't even use internet explorer, because just loading the home page would popup about 6 popup windows, and for every one i closed, two more would open.

sure, i can go ahead and install ad-aware or some other spyware/adware detection tool (and somebody reccomended a program called geek superhero the other day, which looks interesting, but i think would only confuse my parents) but if he doesn't change how he uses the computer, it won't do any good in the log run.... he'll ed up right back where he started.

if not for the fact that
1) he needs to be able to use ms office on it to work from home, and i don't yet trust openoffice to properly handle all of his files
2) he needs to be able to set up his dsl (PPPoE) and printer after i send it back to him
i would just install linux on it, and not worry about it any more. as it is, i'm doing everything i can think of to try and lock this computer down without doing so in a way that is likely to confuse my parents. somehow i'm not too confident on my chances for success.

Re:Spyware

[NardofDoom]

Simple solution: Download a knoppix iso. Burn iso and boot from it. Download all the MSFT patches you can using Linux. Disconnect computer (physically) from the Internet and reboot. Install patches, reconnect computer.

Or, download Knoppix, boot into Knoppix, wipe the HD and install Linux.

Re:Spyware

[baggins2002]

Great I feel that way also, IF.
If you send us a couple of thousand so we can install software that enforces and monitors usage to prevent spyware
If you come over and spend a couple of days training users on how to prevent installation of spyware?
If you supply us with a technician a couple a days a month to clean up one of the users computers which has crashed?
Then I wouldn't have a problem with it. Due to resource usage and time spent on this issue. My current estimate for the last year is about $10,000 for 100 computers. This is money directly out of the IT budget and doesn't include lost time in user productivity. This includes computer recovery time, training, anti-spyware installation.

The other issue is cost of anti-virus. We have some computers with 400 MHz - 500Mhz CPU which until recently were working fine. Used mainly to read mail work on Office documents and such. Despite no changes to OS or software these are becoming unusable. We find that if we turn off the anti-virus they work fine, turn it back on and it's like working in mud. Okay, so now let's add another $15,000 for upgrading computers.

If users were using Linux these computers would still be usable. So we'll only add on $7,500 for 2 year life we lost with these computers due to running MS or $3,250/year in lost computer usage (Assuming 4 year computer life).

So I just had $13,250/year per 100 computers tacked onto my IT budget. This is a very conservative estimate, but it seriously pisses me off, especially when I don't see it in the latest MS TCO calculations.

And to top it off, this report indicates that most of the anti-spyware installs were ineffective.

Re:Spyware

[fupeg]

If you run IE unprotected and sans firewall, you're going to get trouble. Everyone knows that.

No they don't! That's the whole point. Your average, non-techie user doesn't know how to "protect" IE and doesn't know what a firewall is. Give them a brand new Dell, and they will have problems. In your analogy, they will crash the plane. Give them a brand new Mac, and they are far less likely to run into problems. It's hard to crash that plane.

Where do you go on the net? I've used IE ever since Netscape went shit, and have yet to have these spyware problems I'm told about.

I love your ad homeniem fallacies. If you're getting spyware, it's your fault for going to that website!!! How ignorant. BTW, you would know some potent spyware sites if you RTFA. From TFA they list this one, this one, and this one. You might not want to click on those!

Re:Spyware

"Moving to an operating system/browser/whatever that is secured from the beginning, and where a user would have to conciously open it up, is not a bad advise to give, IMHO."

Yeah, okay. I know you're talking about Linux, since BSD is dead, of course*. Linux, from a default install, is about as secure as a toaster in a bath tub. Same goes with the BSD suite, et al. (with the exclusion of OpenBSD--however, someone that doesn't know how to keep their install of Windows spyware free probably won't know how to install OpenBSD).

Cheers.

* I use FreeBSD. Yay.

Re:Spyware

[dave420]

The Mac plane, for most, is uncrashable because they can't even get it into the air. I have a feeling this analogy could go on for a while :)

How on earth is that an ad-hominem attack? I asked you a serious question. I didn't attack YOU. sheesh.

I can see this debate is pointless if you're going to go off on a tangent and accuse me of allsorts :)

My basic understanding of this is fine - noobs shouldn't use IE without protection, as they can't be trusted. However, when said browser is protected, it's fine for use by ANYONE. There. :)

Interesting...

...though I would have liked to see how the pre-emptive SpywareBlaster changed the results...

Re:Interesting...

[Gubbe]

One of the good things with his detailed explanation of his testing methodology is that you can recreate the testing conditions and test for yourself with the spyware remover of your choice.

Re:Interesting...

[JuggleGeek]

I haven't used it, but my understanding is that SpywareBlaster isn't a "spyware remover". It's goal is to stop you from getting the spyware in the first place, not to remove it after you've gotten it.

Ad-Aware and HijackThis

[krumms]

I've always found a combination of Ad-Aware and HijackThis do an excellent job of keeping all things spyware under control. Ad-Aware for more frequent scans, and the odd hit of HijackThis when things seem screwy. Admittedly, I don't know how much spyware I actually miss but it seems to keep XP happy for most part :)

Re:Ad-Aware and HijackThis

(this is written under the assumption that you're cleaning your own system with SW scanners)

There is only one real solution to spyware: be very careful what you install.

Like worm scanners, Spyware scanners are damage control. They try to clean, as much as possible, a compromised environment from from within that environment, after the fact. If you need a virus or SW scanner, its already too late.

A lot of bullshit reasons to use Free Software are thrown around on this site. Spyware is one of the legit, and often overlooked reasons. One doesn't even need to switch to GNU/linux; there is plenty of Free Software for windows. As long as one is willing to exorcise a little restraint, spyware scanners are redundant.

Re:Ad-Aware and HijackThis

[Alan]

I've always found a combination of Ad-Aware and HijackThis do an excellent job of keeping all things spyware under control.

I've always found a combination of not running IE and not running outlook do an excellent job of keeping all things spyware under control. :)

Seriously though, I've had only two cases of spyware trying to get onto my windows xp system with Firefox. One was a random .xpi (firefox extension install request for those who don't know) that popped up out of the blue and the other was a random java 'this applet is unsigned do you want to run it anyway' message. Of course, I also run squid as an ad-blocker so chances are a fair number of the nasty ads are never let through the proxy.

if you don't log and analyze traffic

[Sai+Babu]

you never know where your internet connected peecee might be sending it's bytes.

hmmm why is that activity LED blinkin?

Re:if you don't log and analyze traffic

OMIGOD SOMONE TEH HAX0RED ME WITH TEH PING!!!11!1!!!ONE

Re:if you don't log and analyze traffic

Speaking of, I need some packet sniffing software for Windows, that will allow me to capture what's being sent out over my modem connection. Like ethereal, but works with modems. Any ideas?

Re:if you don't log and analyze traffic

[Ilgaz]

If you can show one AVERAGE end user can understand what your post means, I will shoot myself.

Log? analyze? Traffic?

Come on man, real world! :)

Re:if you don't log and analyze traffic

If they would RTFM for 'zone alarm'(tm?) they would understand. My daughter who recenrtly made her first web page, using HTML tags and a text editor, knows how to interpret zone alarm 'notices'. I'm notplugging this product in particular, it's just the only one I'm familiar with that will ask you if you want to contact a site, if so configured.

Re:if you don't log and analyze traffic

[Ilgaz]

"If they would RTFM for 'zone alarm'(tm?) they would understand. My daughter who recenrtly made her first web page, using HTML tags and a text editor, knows how to interpret zone alarm 'notices'. I'm notplugging this product in particular, it's just the only one I'm familiar with that will ask you if you want to contact a site, if so configured."

No, Real world, AVERAGE users don't RTFM, or even 1000 byte readme.

Your daughter isn't general public I say.

Also the guy references traffic analyzing, not granting access to stuff with zone alarm. I saw lots granting spyware to access web to use their "mp3 programs" (read:kazaa) while having zonealarm installed btw.

Re:if you don't log and analyze traffic

[skaeight]

Did you really tell your daughter to RTFM?

Is Windows fit for the internet?

[Viol8]

This isn't a standard issue MS bashing troll but you do have to question whether given the ease at which programs (which is what spyware is) can install themselves on someone elses computer with little or no user intervention , Windows is fit to be allowed on the internet. If all windows systems were taken offline then almost all viruses and the like would disappear almost immediately along with spambots and other unpleasent creations of the black hat fraternity. I'm not pretending this is feasible but you have to wonder what the net would be like if only relatively secure OS's were allowed to use it.

Re:Is Windows fit for the internet?

[Skyfire]

As much as we like to say bad things about Windows' security here on /. (and I won't argue with the poor security of Windows), I don't really think that most spyware is a security issue. Most of the spyware that gets installed is installed hidden in amongst other downloaded programs, and the only warning that the user has might be one or two lines in the EULA, which no one bothers to read. I think that the real culprit behind spyware is the companies that play these dirty tricks, and also to some extent the users that blindly click every little button. I've learned to carefully look through the installer instructions on random programs that I download, and I very rarely have problems with spyware.

Re:Is Windows fit for the internet?

[DrSkwid]

If you change the ecosystem new species will evolve to fill the niches.

Re:Is Windows fit for the internet?

[Viol8]

I'm sure most spyware is nothing more than some greedy company wanting to find out what you like to buy and then send off the data to their warehouse to help in decision making or something similar. HOwever , these programs could do anything which is the worrying part. 99% of them may just be Gary Grocer trying to make some extra money , but 1% may have more nefarious intentions and thats the worrying part. Once you can install a program on someone elses machine without their knowledge you can do anything with that machine that the user permissions allow.

Re:Is Windows fit for the internet?

I'm not pretending this is feasible but you have to wonder what the net would be like if only relatively secure OS's were allowed to use it.

Windows is a relatively secure OS if you know how to run it. Unfortunately, most people who run it are dumbasses who install all programs they find and click YES to every prompt they see. If you run it with a decent firewall (whether that be software or hardware), antivirus software, and diligence then Windows won't give you any problems.

BTW I recommend Ad-Aware and Spybot: S&D for clearing out just about any crap if the spyware does somehow "install themselves" onto a system.

Re:Is Windows fit for the internet?

[mog007]

The ease at which Windows systems are compromised isn't solely because it's a flawed operating system. Granted Microsoft has made some pretty fundamental security mistakes, if Windows installs were to suddenly go the way of the Dodo, it's only a matter of time before the next OS of choice is easily compromised, by both Spyware and the Virus/Trojan sects.

Re:Is Windows fit for the internet?

[master_p]

It's not a problem of the Windows operating system. Windows NT has actually a very strong security model. It's a problem of applications. That's why many posters here suggest to use Firefox. If it was a problem of Windows, Firefox would not save us.

Re:Is Windows fit for the internet?

[fishbot]

Windows is a relatively secure OS if you know how to run it. Unfortunately, most people who run it are dumbasses who install all programs they find and click YES to every prompt they see.


Unfortunately, Windows is designed so that any dumbass can run it. Any OS which demands any kind of technical comprehension is labels 'elitist' and stays relatively obscure.

The only reason Linux is gaining ground is that the latest desktop environments and installers allow you to be a total eejit and still get a halfway working system...

Re:Is Windows fit for the internet?

[DarkZero]

If all windows systems were taken offline then almost all viruses and the like would disappear almost immediately along with spambots and other unpleasent creations of the black hat fraternity. I'm not pretending this is feasible but you have to wonder what the net would be like if only relatively secure OS's were allowed to use it.

While a minority of spyware is installed on the user's Windows machine without permission, the majority is still installed because a user clicked "Yes" on the install, and in many cases clicked "Next" over and over when asked "Would you like to install Gator, MyCometCursor, and ThisIsClearlySpywareYouJackass, as well?" No OS is secure enough that it can stop its users from making poor decisions.

Operating systems, in this case, are like cars. You can add seat belts, you can add air bags, you can even add night vision, but you still can't stop the driver from deciding to swerve into oncoming traffic. Even if Linux magically became ubiquitous tomorrow, the problem of users intentionally installing malicious software would not go away.

Re:Is Windows fit for the internet?

[harrkev]

This isn't a standard issue MS bashing troll but you do have to question whether given the ease at which programs (which is what spyware is) can install themselves on someone elses computer with little or no user intervention , Windows is fit to be allowed on the internet.

I am not sure if your assessment is entirely accurate. To me (and I admit that I could be wrong), there are three entirely separate classes of "spyware."

1) Slimy. Includes such things as "drive-by installation." The fault for this lies squarely on the shoulders of Microsoft. They need to tighten up security. They still have a long way to go, but they ARE getting better.

2) Sneaky. This category includes program that the user had to download and install, but the spyware is hidden in the EULA. This is NOT the fault of Microsoft, unless they play "daddy" and tell you which software you can install. There is talk of this happening in Longhorn, and the general concensus is that it is a bad thing. The only thing that will help this is possibly some legislation requiring an up-front admission of any "spyware-like" activities. When was the last time you read an entire EULA?

3) Up-front. It is possible for a program to be up-front about its activities (but does anybody actually know of any). This is the user's decision on whether or not to install it. Nobody should have a problem with this.

So, Microsoft IS responsible for some portion of spyware, but it is not fair to lay the entire burden at their feet. I am no huge fan of M$, but I do try to be fair.

Re:Is Windows fit for the internet?

[root2]

google toolbar. tells you up front it's collecting information about you (though you can turn it off...)

Re:Is Windows fit for the internet?

[internic]

You're probably right that most adware/spyware is installed with a program and is allowed by some clause baried in the EULA. Oddly, it's been my experience that free and open source software can help with this too.

Many years ago I started carefully reading all the EULAs for the software I used in Windows, and it was such a pain! The problem is that there are a lot of programs, each with a different, lengthy EULA in sometimes indecypherable legalese. In fact, any time I ran windows update I'd get a EULA for each item being installed. Those were usually the same one, but you really could tell unless you read the whole thing.

When I switched to Linux, I was releaved because it was so blessedly easy to read all the EULAs. Why? Because a lot of free and open source software uses one of a few standard licenses, such as the GPL or the Mozilla Public License. This idea of standarized licenses is wonderful, because once I know the GPL pretty well, I can easily agree to any GPL'ed software. It's not one of advantages of open source you'd usually think of, but it really is a great feature for people who want to know what they're agreeing to. Of course, I'm not sure this has anything intrinsically to do with the "open source" or "free software" model, so it could change in the future.

Re:Is Windows fit for the internet?

[RollingThunder]

I would say it's about 50/50 for "drive-by" installs vs hidden-ine-the-EULA. The third and fourth tests on the linked site were from, in the author's words, "25 different adware and spyware programs picked up via "drive-by-download" at the Innovators of Wrestling web site".

It's not clear if they were self-installing behind the scenes, or if the researcher had to simulate a colossally foolish user who just clicks "yes" on everything, though.

Re:Is Windows fit for the internet?

[PNutts]

"Secure OS's" are defined by the configuration. Some default installations are better than others, but if you remove all Windows boxes then you will have an Internet full of viruses and exploits that target non-Windows systems. If mom and pop can't run Windows, they'll run something else. And like their Windows box, it will be configured by someone else who may or may not know what they are doing.

Re:Is Windows fit for the internet?

[Herstal]

Hmmm, your telling me there are no *nix based viruses. Although Windows is obviously insecure it is partially a victim of its own success. Any OS that dominants the market is bound to suffer from malware/virus. Wonder how secure Linux will be if/when it dominants the OS market and the script kiddies have easy access to GUI virus creation tools.

Note: Im note a huge M$ support either but reckon your just trolling!

Re:Is Windows fit for the internet?

[HermanAB]

Windows is reasonably secure only if it is behind a Linux firewall...

If Windows was secure, then Linux would have been behind Windows firewalls and all the little Linksys and Dlink firewall routers in Best Buy would have been running WinCE.

Nuff sed.

Re:Is Windows fit for the internet?

all the little Linksys and Dlink firewall routers in Best Buy would have been running WinCE.

Linux is free (as in beer, too).

Re:Is Windows fit for the internet?

[yarbo]

" 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it." - from the GPL version 2

Re:Is Windows fit for the internet?

[tricops]

Unfortunately, that particular mix won't always do the job right. The last time I had a problem with bargain buddy, nls, and a slew of others, that mix would only remove a few of the files. Hijackthis might have helped more but I didn't try it, and spyware blaster didn't do the job either though. To get rid of everything I finally ended up having to use giant antispyware, which removed another 48 files or so that the others were completely ignoring (some despite being parts of what they can scan for).

Re:Is Windows fit for the internet?

[nytmare]

No it isn't. A secure OS would make it easy for normal users to RECOGNIZE and REMOVE any illegitimate software or processes that have managed to wend their way onto their PC. Windows does not. It takes experts to figure out most infestations, often by using third-party apps like Hijack This to analyze the system. It takes third-party anti-virus and anti-spyware apps to remove the problems, and then only on a case-by-case basis. It takes third-party firewalls to control and inform users about internet traffic entering and leaving their own PC.

Hiding information from users is a mantra that directly undermines security.

Re:Is Windows fit for the internet?

[poot_rootbeer]

If all windows systems were taken offline then almost all viruses and the like would disappear almost immediately along with spambots and other unpleasent creations of the black hat fraternity.

Along with 95% of the userbase, and all the content they create.

It's common for internet old-bies to long for a return to the days of 1993, but I don't see why anyone would want to.

Re:Is Windows fit for the internet?

[Mordaximus]

It could be. Windows in theory could be as secure as OpenVMS. The NT security model is very powerful (thanks to ex-digital employees!) but the stuff around it makes the system a joke. Two major problems:

1) Microsoft : Their blind persuit of dominance leads to stupid design, such as integrating a browser.

2) Unknowledgable Users: Users running with admin privlidges. Micorosft does nothing to prevent this misguided practice. They often instigate or even require running with those privlidges. A big step they could have taken with SP2 would have been to audit and warn user about admin accounts. Many problems would be solved. But they chose ease of use over security and implemented it very poorly. What good is a wicked ACL when your primary user has all permissions!?

" If all windows systems were taken offline then almost all viruses and the like would disappear almost immediately along with spambots and other unpleasent creations of the black hat fraternity. "

Take the Windows systems offline, and the users will still be ignorant of proper system administration practices. It wouldn't be any better world with millions of users running as root on $DISTRO. They are after all half the problem.

Re:Is Windows fit for the internet?

[internic]

Your point is what? That you don't techically agree to the GPL if you're just using the software? That may, indeed, be true, but the salient point is that you know you're not specifically being asked to agree to the installation of spyware in order to use the program if the only licensing given is the GPL.

Clearly, though, one could write a license that was like the GPL but with an additional click-through portion that said you agree to (insert underhanded clause here).

Re:Is Windows fit for the internet?

Windows is fit for the internet if painstakingly configured to do so. I like to think my XP box is configured pretty well:

- No unnecessary services
- Firewall
- Anti-virus
- Couple of anti-spyware apps
- Religious checking of log files
- Religious checking for updates
- Pop-up blocker
- etc, etc, etc..

Oh, and it's never powered on, or connected to the internet, when I'm not using it. :)

However, doing so does up a lot of my time, and does take away a great deal of functionality. Also, most Windows users login at home with the Windows equivalent of root access...something you are taught not to do in Linux unless absolutely necessary. Accounts with the inability to install software might avoid a large percentage of accidental infections. :)

Is Linux any more fit for the internet? I wouldn't necessarily say that it is.

Re:Is Windows fit for the internet?

[Feanturi]

have to wonder what the net would be like if only relatively secure OS's were allowed to use it.

Simple, those relatively secure OS's would become less so, as greater effort would be made to find flaws. Linux is 'secure' partly by design, and partly by the fact that nobody really cares about trying to wormify it. Same for Mac. What would be the point of propagating a virus on a platform with low market-share? MS is inept, certainly, but they are also the biggest target, so more effort is put into finding Windows flaws, because that is the biggest infection vector. Make Windows magically disappear, and the urge to 'sploit will roll onto the replacement target. This will continue until there is a platform that is truly unhackable, unbreakable, unspoofable, etc. So probably forever.

Re:Is Windows fit for the internet?

[djp928]

Show me how Linux can do any of what you claim a "secure" OS should be able to do.

-- Dave

Re:Is Windows fit for the internet?

[Robert+The+Coward]

Not true in all markets. IIS is only around 20-25% of the market. Appache is around 50%. How many virus come out for IIS verses Appache. Code Red, Nimda, slammer, etc.

Re:Is Windows fit for the internet?

[Feanturi]

I'll grant you that, it does appear that by my reasoning Apache should be under attack more often. However, given what I said about the attractiveness of the windows platform, more of your virus writers/sploiters are fluent in the win API's and not necessarily knowledgeable enough to dig into Apache. Just a theory really, but I think that if more virus coders were wanting to code for linux in general, then Apache would become a more realistic target for them.

Re:Is Windows fit for the internet?

[rizzo420]

yes... visiting certain websites (such as windowsupdate.microsoft.com) for the first time will pop up a window to download and install a program to allow it to run. if you click yes, it downloads and installs it. if you click yes and check off the box to "always trust ______ company" you'll never see that popup again from that company, but you'll always get stuff auto-installed. if you click no, it doesn't install the program and may not allow some parts of that site to work. these tell you what they're doing (downloading and installing a program) and you have to do it yourself (the google toolbar used to be installed this way). the ones i've seen the most from is gator/gain/claria (whatever they're calling themselves now). when i see those, i rarely even click "no". i click the X to close the window.

Re:Is Windows fit for the internet?

[rizzo420]

IIS comes running by default on windows 2000 server. if you don't know what you're doing, you've got IIS running. you generally need to know what you're doing to get apache up and running as well since it's not quite as easy to just point and click to configure it.

Re:Is Windows fit for the internet?

[rizzo420]

you make no point. one of the biggest reasons microsoft is targeted is because of it's market dominance. someone already stated that apache has fewer problems than IIS and has a larger market share, but apache's market share is not really dominating the market like windows and IE do. they have something like at least 80% of the market. if linux or firefox had that much, we'd see viruses and spyware written for it. same goes for apple, apache, and any other operating system/browser/server/insert program-type here.

Re:Is Windows fit for the internet?

OK. I'll bite. One example to start with.

Boot into Linux. If you wanted us to show you without you actually having Linux installed, you will have to download Knoppix, copy it to a CD and boot from that CD (don't worry, it won't affect your system at all...you can disconnect the HD if you are really paranoid).

Click on the little terminal icon on the bottom of your desktop. It'll look like a little screen or a seashell depending on the distro.

now type "ls -l" and press enter. You will notice that the files have a whole bunch of information attached to them that says who OWNS each file and who can MODIFY each file. This makes it nearly impossible to inadvertently modify critical parts of your system since you don't normally run the system as "root", the account that has access to those parts.

I could also show you how having plain text configuration instead of a registry makes it nearly impossible to conceal such a program and trivial to uninstall it or how ipchains etc work but I suspect that I've already given you more of an answer than you really expected or wanted.

Now that we're done, perhaps you can show me how one could install Bonzi Buddy on a Linux system.

Re:Is Windows fit for the internet?

[yarbo]

My point is that installation programs should not require you to click "I agree" to the GPL.

Clearly, though, one could write a license that was like the GPL but with an additional click-through portion that said you agree to (insert underhanded clause here).

"Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed."

Re:Is Windows fit for the internet?

[internic]

My point is that installation programs should not require you to click "I agree" to the GPL.

Again, the point is simply that once you know the GPL you can use 100 GPL'ed programs and never worry about the terms of the license (click through or otherwise).

"Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed."

As I said, "one could write a license that was like the GPL but with an additional click-through portion..." It looks to me like this would have to be a look alike to the GPL and not just a straight addition, but the point is that it could still be open source and otherwise have similar terms to free software. On the other hand, for a while Limewire was alledged to have spyware in it despite being GPL'ed at the time. I believe that this was installed after the user agreed in a click through EULA, so that would seem to be a case in point of just such a tacked on EULA. I'm not sure how that panned out legally.

Re:Is Windows fit for the internet?

[Viol8]

Yes there have been a few nix viruses , but given the different versions of unix and the different architectures they run on their scope is limited. Plus in most unixes you can install and run most apps WITHOUT being root so if a virus did sneak in via a user account the worst it could (ok , should) be able to do is mess up thats users files , it wouldn't be able to mess up the whole system.

Re:Is Windows fit for the internet?

[Viol8]

First you say: "apache has fewer problems than IIS and has a larger market"

Then you say: "apache's market share is not really dominating the market like windows and IE do."

I'm sorry , am I missing something or is that a complete contradiction?

"linux or firefox had that much, we'd see viruses and spyware written for it. "

Perhaps we would , but you're forgetting that to install spyware in unix you either need a process running all the time (easy to spot) or you need it to add itself into .profile or .kshrc or similar so its kicked off each time the user logs in. Also easy to spot and remove. Obviously if the user logs in as root all the time then anything is possible but unlike Windows you don't usually need to , even to install apps if you're installing them locally. A virus/trojan/spyware that is limited to running with normal user account privs has very limited scope in which to operate and can easily be tracked down. Sorry , but thats just the way it is.

Re:Is Windows fit for the internet?

[rizzo420]

a larger market share does not mean a dominating market share. compare apache's 50% market share to IE's 89%. half the market is using something other than apache for their web server. but almost all users are using IE as their browser. that's the difference, not a contradiction.

yes, you need to be root to install stuff, or have a user with more priviledges. this has already been discussed, but someoen mentioned how windows should be like OSX where you are always logged in as a normal user with no privs and whenever you need them, a box pops up for the root password so you can install stuff or whatever. he watched a guy sit there and blindly type in the password. while you say that normal linux/unix users wouldn't just do that, if it has the market share most wnat it to have, people will do just that, or always use it as root (which is what lindows does, isn't it?). so it is mainly a user issue, but it's not operating system dependent. i can create a normal user account on my parents XP machine and they won't be able to install spyware, however, if they see that they can't install software, they'll be pissed. so they have administrative access (actually, my parents use 98, so it's a lose-lose situation, but the same sort of thing). yeah, it's a user problem and people need to learn "smart computing", but that's not gonna happen anytime in the near future, if ever. the more people use computers, the lower the smart computing level drops. people just don't want to learn about this shit and take care of it when they can no longer use their computer.

so it's not just the way it is, linux/unix is not better, unless you're a smart user, in which case, i'm sure you're windows machine is pretty damn secure as well (i have no spyware on mine).

Re:Is Windows fit for the internet?

[Viol8]

"yes, you need to be root to install stuff, or have a user with more priviledges."

I'm sorry, when was the last time you used unix? 1970? You do NOT need to be root to install stuff unless you wish to install it to one of the standard public bin directories. I've downloaded countless apps into some dir in my home directory and run then under my own user id. The only apps that need root are the ones that need setuid root permissions or they won't work or where you need to install a new version of a library. Try getting a clue before you post.

Re:Is Windows fit for the internet?

[rizzo420]

you seem to contradict yourself. just as much as you like to chastise me for having no clue.

if we're talking about spyware, we're talking about applications that need root permissions to do any of the damage that they do. maybe i should've been more clear on that, but i assumed you understood, since you made that point to begin with. you're obviously one of those linux elitists who believes that linux/unix will never have problems. but if it gets the market share people wnat it to, it will have problems because the general user is an idiot and doesn't give a crap about security.

Re:Is Windows fit for the internet?

[Viol8]

Unix does not normally need root to install stuff.

Hence user will not *normally* be running with root permissions.

Hence spyware will have limited damage and can be easily spotted and removed.

Just how hard is this concept to understand? Seems to me you just want to make out that unix has the same foibles as windows. Clue: It doesn't. Maybe if you'd ever used it (which you obviously haven't) you'd know this. End.

Re:Is Windows fit for the internet?

[rizzo420]

i'm not going to say it has the same foibles as windows. i have used it. it's solid. however, a good portion of the exploits that spyware in windows uses is user stupidity. so if something randomly comes up asking for root permissions, the average user will probably think "gee, i should do this". yes, i know this is not the average unix user. but if it gets the attention people want, the average computer user will be using it, and will do just that (as happens in windows when a program asks for permission to install, user clicks "ok").

so while an informed user will be able to spot spyware, the average user won't. you don't seem to understand my point. the whole thing has to do with who is using the operating system. the average computer user will not care and just give things permission almost constantly. the point of this whole thread was that if (and only if) linux/unix gets mainstream attention and is no longer jsut a fringe operating system used by people who know what they're doing, it will be susceptible to a lot of the same stuff windows is for the most part because of the user.

Ad-Aware Rules

[dreegle]

If you can limp yourself to download it, I've found Ad-Aware does an outstanding job in most cases. But you must have the new (free) version to do any good, The rate of evolution of these beasts are high, and they apparently came up with a new engine for Ad-Aware SE, that I've seen fund hundreds of objects that Ad-Aware 6, a moment before with current updates, had missed.

Makes most machines usable again, and quickly.

Re:Ad-Aware Rules

[jankyPhil]

This is true. I just installed SE over my old version 6 this morning and found 24 items that I didn't find yesterday (with the latest updates, etc.) If you haven't upgraded to SE yet, I highly recommend it.

No they aren't

> These test results are well worth your time.

Quite presumptuous of you to decide what my time is worth!

Anyway, since I use Linux and the only time I install software not via the package management, it's installed as a new generated user whose homedirectory is then killed with "userdel -r" - No, I never had a problem with spyware and probably won't in a long time to come. Ergo these tests are completely irrelevant to me.

Re:No they aren't

Boy! Your one smug little fucker aren't you?

More then one

[Shadow_139]

I find the only way is to install FireFox with adblock.
Remove the IE shortcut, and rename the firefox link and check the icon it the stupid E.
And had Spy-Bot,Adware and SpywareBlaster running but you still get "users" installing crap,.. e.g. screensavers,and crap.
I been admin here only a few months but when I can the network was in shit. And 99% on the systems had at least 1 smileyface or such search bar installed and riddled with other crap.
Only do a update and full scan on a system when a user really complans about the speed of there PC for over a week or more.....
"NIPPLES!! I HAVE NO NIPPLES!!!" -Happy Noodle Boy

My time is preciouss.

[Maljin+Jolt]

These test results are well worth your time.

No they are not. I already burned all Windows CDs in the fire. You wan't believe how much time I gained by doing this!

Re:My time is preciouss.

[BinLadenMyHero]

My time is preciouss.

And you're not only reading, but also posting in slashdot.
Riiiiiiiight.... :)

Re:My time is preciouss.

[tepples]

I already burned all Windows CDs in the fire. You wan't believe how much time I gained by doing this!

How much time did you take to figure out how to get Linux to recognize and use the bundled Windows driver disc for a SANE-unsupported scanner?

Re:My time is preciouss.

[RzUpAnmsCwrds]

"You wan't believe how much time I gained by doing this!"

How much of that time did you waste recompiling modules to get your hardware to work?

Re:My time is preciouss.

[Maljin+Jolt]

None. I do all compiles on background.

Re:My time is preciouss.

[Maljin+Jolt]

Exactly, that was no more than 8 minutes. However, the scanner in question was perfectly supported in the next version of SANE.

Re:My time is preciouss.

[tepples]

Until just now, I didn't know that some scanner drivers can run in Wine. And how many versions will it take before the SANE team cracks the Microtek Scanmaker 4850 (which is probably a minor variation on this)?

someone will flame me but...

[nilbog]

top three anti spyware programs: 1. osX 2. Linux 3. commodore64

Re:someone will flame me but...

Yes they will.

The only reason there is no spyware for lunix + co is because the ad revenue generated by spyware for lunix is tiny as hardly any people use it compared to windoze. Not because its a better OS.

(Mod for truth)

Mac + Firefox = ok?

[chroot_james]

I use a mac and firefox. As far as I know, I haven't had any problems. Does anyone bother to make spyware for mac's? Does Java's sandboxing make it hard to write platform-independent spyware?

Re:Mac + Firefox = ok?

[random_culchie]

Yes it does. Since the applet only runs within the context of a given page makes it spyware unfriendly. Spyware generally sits in the backround gathering information on what you do. Since applets are limited to one page this eliminates spyware possiblities. An applet can only communicate with the server it originated from also. (Unless you click those grant permission things) This also makes it difficult send information to spyware hq. Generally applets have little if any information about the page they reside on.

Re:Mac + Firefox = ok?

[chroot_james]

I wasn't referring to applets. I can't imagine anyone would write spyware as an applet...

Re:Mac + Firefox = ok?

[random_culchie]

Ordinary Java apps arn't sandboxed. They run with full privilages. Sandboxing only makes sense with applets.

Re:Mac + Firefox = ok?

[RedBear]

Mac OS X is wonderful, but it is not a panacaea. There isn't really any commercial spyware that I know of, but that's mostly because it's an extremely small market that doesn't justify the development time for spyware. There isn't anything technically stopping a Mac user from installing software that will send out information over the network to a third party. Most software installations require an administrator password, which is a good thing, but there are ways around that, like not using an installer and just unzipping the application onto your desktop.

There are already a couple of trojans in existence for OS X, although if you are up to date I think at least one of them no longer works. No operating system is really protected from trojans, unless you get something ultra-secure like OpenBSD and lock it down so tight that it can't be used except for a few specific tasks. Java's sandboxing may keep a Java applet on a random web page from attacking you and installing software, but if you download a separate Java application there's no reason it can't be spyware or contain some sort of trojan. Anyway, why would trojans or spyware need to be written in Java?

So no, Mac + Firefox != OK. It's a hell of a lot better than Win + IE = "pwned in 60 seconds", but you better be on your toes nevertheless. Don't open random email attachments or download kooky software off IRC. There is nothing inherently protecting Macs/Linux/*BSD or any other operating system from all possible threats. That's just not the way it works. It just has a higher default level of security than some other things we know.

Your best security on any platform is incremental backups with an offsite copy.

Re:Mac + Firefox = ok?

[chroot_james]

Right, obvee don't run random programs, etc... My question was more about when people use the computer in some reasonable fashion. The physics professors at my school seem to get loaded with spyware and all they do is go to physics websites and a few news sites. Nothing out of the ordinary. I was curious if the same thing ever happens on Mac systems. As for Java, I am mainly curious if people care enough about other platforms to write their spyware in a platform independent language. I haven't heard of it being done, but who says it isn't being done... you know? As for sandboxing, I guess I made the mistake in thinking it applied for more than just applets...

Re:Mac + Firefox = ok?

[RedBear]

I'm not a programmer, but yes it is my understanding that sandboxing only applies to running a Java applet in a web browser or something similar.

Most Mac users aren't plagued by viruses, trojans or spyware simply because there isn't much of that stuff around for the Mac platform. This is for several reasons. One is that Macs still only represent about 5% of the computing world. Another is that Mac OS X has a better security structure and default security settings than the dominant OS. Another reason is that many Mac users are the type of people who simply don't put up with installing crap on their computer, and see no reason to install useless free junk. Mac users typically want to actually use the computer to get something done. It already looks pretty, why mess with that? ;)

If your physics professors are the only people using their computers, they must not be staying on legitimate physics and news websites. Something must be out of the ordinary for them to be contracting spyware. To get spyware you have to download some software, either manually or through a bug in the browser. Your typical website catering to educators isn't going to allow that sort of automatically installing code on their website. These professors of yours must be straying off the reservation at some point, or getting it through email attachments, or quite possibly a worm.

Firefox could possibly help them if you start with a clean system, but if they are actually going out and downloading FREE ANIMATED MOUSE CURSORS!!! they will need some re-education on how to keep their computer safe. Mac + Firefox would be a vast improvement, but unless they were restricted from installing any software (yes, this can be done) they will eventually get themselves in trouble. For general web browsing it is definitely a much more secure environment, but only if you know not to do something stupid. Java is certainly more secure when using Firefox on either platform, since you aren't using the buggy MSJava implementation.

Don't stop at replacing IE with Firefox. Outlook/Outlook Express is just as bad. Apple Mail is very nice on the Mac, but Thunderbird also works, and of course is cross-platform. And none of this is going to be very effective on Windows if you don't have a solid firewall to go along with it, and anti-virus software. On the Mac, turn on the built-in firewall to increase the already decent security.

Re:Mac + Firefox = ok?

[chroot_james]

Agreed. What I did for them was to replace IE and Outlook with Firefox and Thunderbird. Just as you suggested, only it happened about a month ago. So far, things seem to be pretty smooth...

Re:Mac + Firefox = ok?

[arminw]

...installations require an administrator password...

That can be a tremendous security enhancement for multi-user Macs in schools an businesses. Just make sure the ordinary users don't have admin privileges. In Windows, withholding admin privs will not allow many pregrams to function properly.

I never rated S&D

[PhilHibbs]

I've been an Ad-Aware user ever since I discovered spyware. SS&D was always over-zealous and broke too many legit applications for my liking.

Re:I never rated S&D

[Lehk228]

what legit apps does SpyBot break? I have been using it for a few years and never had a problem.

Re:I never rated S&D

[mesach]

I have used SS&D and it has not broken one program in about 2 years, I do have a lot of stuff installed on my HD and never have any problems... can you state which programs have broken?

Re:I never rated S&D

[PhilHibbs]

Okay, it may not have actually broken them, but when I ran it on a friend's (thoroughly infested) PC, in among the thousand or so spyware elements that it did find, there were a lot that were obviously not spyware, but were .dll, .txt, etc. files that had something in the name that might were similar to other spyware hits. Some of them were for software (one was a game, I think) that had not been infected with anything. I didn't think that deleting a whole load of .dll and .txt files based on the file name was a polite thing to do on my friend's PC so I de-installed S&D and used Ad-Aware instead.

It didn't separate out the name-match results from the more conclusive hits, it just presented thousands of individual entries with all of them ticked by default. Separating out the good from the bad would have taken hours of laborious, error-prone work.

And if they fail...

[Tuxedo+Jack]

That's what SpywareInfo's for.

http://www.spywareinfo.com

It's arguable that they're the biggest antispyware site out there, and if nothing else, they can get the CoolWebSearch strains that even Ad-Aware and Spybot can't get (real-yellow-pages, linklist, et cetera).

(Disclaimer: I'm a Trusted Advisor there.)

Spybot S&D..

[Henk+Poley]

Spybot Search & Destroy is more preventive, as far as I know Ad-Aware doesn't do preventive measures like blocking (kill bit) of known bad ActiveX controls.

Re:Spybot S&D..

[Drantin]

Ad-Aware does not, but its companion tool AdWatch may. (runs in the background...)

You can lock the startup sections of your registry, block possible and actual browser hijack attempts, block suspicious processes, lock executable file associations, block malicious cookies, block pop-ups, and uses the all new CSI technology to protect you from unknown variants as well.

AdWatch comes with Ad-Aware Plus and Professional, so it costs money.

I'd try to test it myself, but the computer I've got it installed on currently is not allowed on the internet here

I don't get it

[value_added]

Really, I don't. Can some explain what exactly these "tools" do?

Perhaps I'm in a rare position and have been lucky to be immune from such troubles, but it seems to me that checking startup items, managing what's running on your system (exe's, services, etc.) is fairly routine stuff. And if there is a problem, deleting a file, making a simple regedit, etc. can't be that hard, right?

Re:I don't get it

[Tuxedo+Jack]

You ever root through the Windows registry? Literally millions of keys and subkeys are there, and it's a pain in the ass to root through them all to find and kill one.

Admittedly, there are certain hotspots (HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n being the big one), but you don't want to regedit over there every time, do you?

No. You use tools to kill that.

You can't manage BHOs without BHODemon or XP SP2, so you use HijackThis to kill the bastards.

Services are a pain to check, but very few spyware bits (outside of a few very, _VERY_ rare CWS infections) install services anyways.

I'm in the rare position too, but it doesn't hurt that I've been cleaning machines of this crap for years and I know how to stop it from running (SpywareBlaster, Firefox, _LINUX_, et cetera).

Re:I don't get it

I think it's more to do with the convenience and ease of use. I'm like you; a quick scan of the run entries in the registry are usually enough to fix the most blatant of spyware problems. I do like to teach people to use spybot/adaware though, because it sure beats me having to play technician quite so often.

Re:I don't get it

[isdfnmo]

No, friend, you really don't.

The point is not that we technically proficient people can deal with SpyWare but rather that the 99% of computer users who are not technically adept can use their computers, the internet and their email without having to fight a constant battle with unwanted intrusion.

What other mass-produced, home appliance can you think of that requires a deep understanding of its inner workings? We, as the technicians, should be hanging our heads in shame that we have failed, in over 20 years of trying, to devise a machine and an interface and a secure environment that allows the end-user to enjoy the internet or office suite or any other application with such carefree abandon as they do their TV or Dishwasher or Microwave.

Sure people need to be careful, just as they do when driving or using a blender, but surely it is not beyond the wit of man to hide the complexity of the system. Surely a better use of our time and effort, rather than trying to play catch-up with 'the man' is to start finding common ground upon which we can progress best practices... Let the Corporations then compete on price and feature-sets from that good and solid foundation rather than firing off in their own directions with their own agendas and muddying the already dirty waters.

We have a lot of work to do, I'm afraid.

Re:I don't get it

[value_added]

"Admittedly, there are certain hotspots ...but you don't want to regedit over there every time, do you? ... No. You use tools to kill that."

Yeah, I do want to go there. More accurately, I have to -- there's no /etc folder on Windows systems, and most settings don't have graphical interfaces to change them. As for startup items, it's fairly trivial to write a script to query values in the dozen or so startup locations on Windows systems, and if that's too hard, I'm sure there's GUI-based software that can provide the info graphically. A regedit is a regedit, like text file editing is text file editing. Not to sound argumentative, but I still don't see the need for a "special tool" to replace "ordinary tools." Checking startup items should/could be routine.

"You can't manage BHOs"

I can't? Granted, there's more than a few flavours, but if they don't appear in an obvious place and/or have configurable options, you're back to performing a simple regedit. Also, I'd guess that Sysinternals probably has utility to manage/display them.

"Services are a pain to check"

net start, or services.msc is hard?

I appreciate the reply. I guess my conclusion is that I'm not missing anything new. And I definitely don't need some program to do what I can do myself. Unless I'm lazy, of course. The laziness argument is about the only one that makes any sense. The rest is marketing.

Re:I don't get it

"making a simple regedit". Well yes. Unless you're dealing with a hundred PC's in an organisation who believes in "open access" for all, including allowing users admin rights onto their PCs. What is a "simple regedit" turns into a pain if you have to comb every registry by hand every time you *think* there is a problem. Which is why it's nice to have these tools to alert you to the problems so you can narrow your seraches in the registry down.

Re:I don't get it

Well, I agree the parent post didn't get it. But I'm not sure you do either.
A computer isn't a washing machine. It isn't a TV. It is a piece of equipment with millions of possible functions and configurations. All of which are _supposed_ to just work.
This is basically an unfeasible proposition and the sooner you stop carping about how it isn't simple enough, the better.
Even a car with vastly simpler interface and level of functions, requires a training course and a test of competence. When will we get one of these for computer users. It will make it safer for the rest of us!

Re:I don't get it

> (...) simple regedit (...)

I don't get this either.

Re:I don't get it

[m50d]

You overestimate people. The average windows user wouldn't know what the registry was if it hit them on the head. And why should they? To them, the computer is just an appliance, they don't care about what's underneath.

Re:I don't get it

[pqdave]

While it's possible for a skilled individual to hunt down many of the places malware hides itself, it's a lot easier to leverage the efforts of others. I'm convinced it's a much more effective use of my time to let Adaware and/or SS&D do most of the work so I can spend my time on problems that can't be automated. This is especially true when I'm not going to see the computer in question until it's hosed enough for the user to notice. My better users are able to run anti-spyware programs themselves, but there's no way I want even them mucking around in the registry.

Re:I don't get it

> What other mass-produced, home appliance can you think of that requires a deep understanding of its inner workings? We, as the technicians, should be hanging our heads in shame that we have failed, in over 20 years of trying, to devise a machine and an interface and a secure environment that allows the end-user to enjoy the internet or office suite or any other application with such carefree abandon as they do their TV or Dishwasher or Microwave.

What other mass-produced consumer device can do ALL of the things a computer can do, plus the ones that haven't been devised yet (but will work when written)?

The fundamental difference between a computer and any other consumer device is that a computer is deliberately general-purpose - that's both its great strength and its great weakness when it comes to the less than honest software developers. It can't be locked down without losing that property of generality that makes it attractive most people ("I can run games, and work/office productivity suites, and draw pictures, and write music, and keep track of things from my phone/camera/Palm Pilot, and chat realtime with friends, and make Internet phone calls, and ... and ... and ...").

Passive isn't good enough.

This just goes to show that anti-spyware (and as a extention that anti-virus) is wholy inadiquate to keep you safe.

Passive systems like virus scanners and anti-spyware are only effective at removing software AFTER it has infected computers.

You can scan downloaded software and e-mail, but that isn't going to do anything for you for stuff like worms or new threats that anti-virus firms are not aware of.

What is needed for security is a pro-active approach.

Auditing code, Compiling programs with stack protection, diversified software base, peer review of code, firewalls, better seperation of user and system and various other technics.

For a great example look at OpenBSD. If the technology sector as a whole adopted technics such as their's then virus, spyware, and worm threats would be nearly non-existant.

So as consumers of software we need to be aware of these things and only use software that employ these technics to keep us safe.

For example it would be cheaper to make cars like tin cans and no secure seats, no seat belts, no crush zones, no nothing... And that's what people are paying for in their software currently.

We need to only use software that does employ things that are the equivilent of seatbelts, airbags, and big hunks of metal to protect us.

"Unsafe at any speed" meets "Unsafe on any computer".

So the simple solution to this is to stop using Windows and start using Openbsd and secure versions of Linux and FreeBSD/NetBSD, etc.

of course most people are not that smart, but if you can you should. Security is a warm fuzzy.

Thank God...

[rainer_d]

...that I run FreeBSD, Linux and Solaris.

The least Microsoft could have done is create a non-admin user upon installation and force users to work as that, e.g. by changing word, excel etc. to refuse to open when used by an administrator and changing IE to refuse to work on anything but windowsupdate for administrators.
That would have been far more effective than SP2 and all the gazillion tools one seems to need today to be able to use XP reasonably.
It would also have cut down on a lot of Spam.

Yes, it would have been annoying, but safety-belts were annoying, too, when they first appeared.
Security is sometimes annoying, people should get over it, just like they got over Windows Product Activation.

Rainer

Re:Thank God...

[a24061]

The least Microsoft could have done is create a non-admin user upon installation and force users to work as that...

Such a good idea! Home users with XP---which allows proper user segregation---just will not listen when I tell them to use it!

Re:Thank God...

[Xrikcus]

I actually think that home user OSs should not be able to connect to the net while logged in as an Admin user, and not allow software installs as a normal user (except for basic user-space only software, clearly, but even that could still be optional).

Re:Thank God...

[a24061]

But someone has to be connected as administrator to do Windows updates, just as I have to have an internet connection while I'm root to use apt-get.

One of the main stupid things in Windows is that you have to log in to the whole GUI mess as administrator---whereas in proper systems (where the GUI, e.g. X, is an optional part of the OS) you open an xterm and use su so that only the processes run from that xterm have root privileges. There's little temptation to run a web browser or word processor as root.

Re:Thank God...

[Malc]

It would break a million other apps too. Too many developers write to HKLM. There are some aspects of Windows that require Admin rights at some point, such as installing a Windows XP autoplay version 2 event handler... why? A lot of things can be diverted to HKCU at the expense of duplication between users, but there's a million apps out there that don't and are broken by running as a normal user. Probably they were written for Win9x, or by developers in a Win9x mentality.

Re:Thank God...

[pqdave]

I'd settle for a decent SU, instead of the frequent situation where a user account is locked down to the point that it can't change it's own settings. Apparently in our environment, the easiest solution is logging the user off off, logging on as admin, upgrading that user's rights, logging off, logging on as the user, making the changes, downgrading the user's rights, logging him off, then logging on again to test that the changes themselves work with his standard rights.

Or just giving up, and giving most of the users local admin to begin with.

Re:Thank God...

[Badaro]

Bzzz, wrong! :p

You can use Run As to run any program with different credentials in Windows. Hold SHIFT, right-click an icon than choose the "Run As" option.

If you prefer, you can also use runas from the command line.

[]s Badaro

hitman pro

This is a very good solution :

http://www.freedownloads.nl/hitman_pro.htm

It's dutch and it runs Ad-aware, Spysweeper , Spybot S&D, Stinger, Spywareblaster , ect...automaticly....

Re:hitman pro

[cybergibbons]

Do you know if this is going to get an English translation? I can understand what is going on, but for end users, it would be harder... it seems like a very useful tool.

my spyware solution

[BinLadenMyHero]

use only Free software

Re:my spyware solution

[it0]

Name 1 piece of software you paid for that came with spyware?

Re:my spyware solution

[BinLadenMyHero]

I never paid for software, mmwhahahaha!
Before running Linux, I used a pirated copies of operating systems (W98, W95, OS/2, W3.1, MSDOS, DRDOS) and applications. I also buy my computer from parts, so no pre-installed software here.

Now I only use Free software (but a few games), and I'm very happy with it.
Not only they are of better quality, but I can trust them, and possibly manually verify what they do.

Whoa!

[galdur]

"... twenty anti-spyware scanners were pitted against a collection of 15 adware and spyware programs that were installed with the latest version of Grokster ..." 15 pieces of trash with ONE program!

The best Anti-Spyware tool...

[Viceice]

Me charging $60 an hour and HijackThis.

Seriously, I've yet to see spyware that booting into SafeMode and running HijackThis won't cure.

Re:The best Anti-Spyware tool...

then maybe you shouldn't be charging 60 an hour, as you will be horribly dissapointed one day when you can't, as it happens every day for me, as a field tech.

Spy Assassin

[Tomahawk]

I use Spy Assissin. You download it from the ad-aware site, and have to pay for it. I think it's supposed to be better than adaware SE, which is the one tested (that's the free one).

Spy Assissin is cheap, and you get a 5 PC licence for it. Certainly sorted out a few nasty popup problems on my dads PC (though he probably didn't mind some of those lovely ladies popping up, but I'm sure my mother would have if it had gone on any longer).

Spy Assissin is updated regularly, and each time you run it it downloads it's updated (and reinstalled updated software, if required).

Pity it wasn't tested.

T.

I dont understand ...

[lemonjus]

Who won ??

Use a combination

[lbruno]

I personally recommend Ad-Aware and S&D to my friends; it's been effective, methinks.

The most important thing is: if they must run Windows, a combination of those two kill the usual culprits.

An even better combination

is "think before install something" and "don't use insecure browsers". Never ever got a single pice of spyware with that. Nor did my parents or my girlfriend, who are not really what you would call "experienced users". And it don't even need performance hungry scanners.

Horses for Courses

[One+Childish+N00b]

The anti-spyware game is a real case of horses for courses - one tool will detect some spyware and miss others, while another will find all the bits the other missed, but miss off a couple it didn't. There really is no 'definitive' spyware removal tool and it's foolish to say there is. I advise people to run both Ad-Aware and Spybot with latest updates at least once a week to ensure almost all spyware is found and removed, as I've had too many instances of one of the two missing out five or six items on every sweep that the other one found straight away.

You could probably get even better performance by running more than those two, but I'm not going to harrass my clients to start running half a dozen programs just to remove spyware and it's a pretty rare thing to come across a piece of spyware, even a humble cookie, that both of those two miss. Anyway, my point is this; You can't just run Ad-Aware or Spybot and think you're protected. Until an anti-spyware tool has a 100% record against all known spyware, I won't consider them anything near a definitive tool, or a licence to behave recklessly on the net, something which too many naive people seem to do.

The problem with anti-spyware tools is three-fold;

a) They are made by private companies and individuals who's credentials and/or decency cannot be guaranteed. They could easily take kickbacks from spyware companies in exchange for 'excluding' their programs from the scan list. Sure, it might not be happening now, but what's to stop Lavasoft suddenly to start taking kickbacks to let the less insiduous spyware through? Unless you're on the inside of a company like that, you can never be sure. I'm sure Lavasoft aren't doing anything like that, as these results prove, I'm merely using them as an example - any anti-spyware app people trust is in an immensely powerful position on the user's computer, and any money-seeking company can theoretically be bought out.

c) When they remove a spyware .dll that a program the user makes use of hooks into, the program may stop working, and who would get blamed? the anti-spyware vendor. Hey presto, Spybot looks like pure evil because they just killed off Joe User's cool new P2P app because keylog32.dll got wiped. This happened a lot when Kazaa was big - naive users getting told by techy types to run Spybot every now and then to clear spyware ended up bitching because it nuked the spyware that Kazaa checked for before starting up. They didn't seem to care about privacy when protecting it stopped them getting their MP3s and porn.

c) People do, as I mentioned above, use them as an excuse to behave recklessly on the internet - they will install random .exes, they will visit dodgy sites and they will do all manner of things because they believe they are safe. They don't understand that spyware blockers only work against known types of spyware, not all spyware in total. Naive users seem to think it's an agreement between spyware vendors and anti-spyware companies when it is, to all intents and purposes, an arms race which the anti-spyware groups will always in second place.

Anyway, what was my point again? Oh yes, that these statistics are misleading for naive users. Ad-Aware and the others are now going to start shouting from the rooftops about how they're one of the top 3 anti-spyware apps on the market, and thousands of lusers will trust themselves to it implicitly solely because of that blurb, while the reality is Ad-Aware still misses stuff, and it is more than fallible. That 'lowly' Spybot has turned up half a dozen items Ad-Aware failed to find at least three times for me, but I wouldn't run that on it's own either - Everybodyb knows it's a good idea to get a second opinion, especially when it's free.

Also, does anybody else find it funny that /. are now serving ads to the Microsoft 'Get the Facts' campaign? Is this Slashdot putting one over on Microsoft by taking the money they throw at them when they know no-one here will believe it, or have they reached a new low, actually showing not just Microsoft ads, but ones that feature blatant FUD against FOSS?

Re:Horses for Courses

[T-Kir]

Just a thought on the kickbacks point you raised... most of the anti-spyware vendors have gone (and probably still) through having threats and crap levelled their way from the spy/mal/crap-ware vendors and affiliates. With the type of treatment they've had, and the thickening of skin because of it, as well as the more positive feedback from users who have finally had control of their own computer handed back to them... wouldn't this give them a bit more immunity from the kickbacks issue? Even if they were offered with a buy out, enough blood sweat and tears have gone into the development to make them care enough for the future of their product and the kudos they've built up in creating it.

And also, apart from the clicky-happy-don't-read-warning-signs user (which would coincide with your 3rd point) there are plenty of warning signs for installing the anti-spyware apps that it will break spyware infested apps.... they've had the warnings and must be running the anti-spyware apps for a reason, it's their choice.

Anyway, most of this is AFAIK and based on my experience with the 3 punch combo of AdAware, Spybot and SpywareBlaster (which connects into Spybot as well)... oh and FireFox too :-) and the Mike Skallas Host file, and the Firefox Adblock plugin....(ad infinitum)!

Re:Horses for Courses

[Caseyscrib]

They could easily take kickbacks from spyware companies in exchange for 'excluding' their programs from the scan list. Sure, it might not be happening now, but what's to stop Lavasoft suddenly to start taking kickbacks to let the less insiduous spyware through?

Corporate ethics and responsibility? :P

Re:Horses for Courses

[madprof]

Just to address your last point, the ads are served up by OSDN, not /.

Re:Horses for Courses

[JuggleGeek]

a) They are made by private companies and individuals who's credentials and/or decency cannot be guaranteed.

What, like SpyWiper and Spamford Wallace? His credentials are very well known, and I have never had any doubts about his decency.

He's currently under a TRO to keep him from marketing his "spyware removal tool" which was advertised by spam and spyware, and which appears to do lots of harm but to be no help at all in removing spyware.

Who would have thought that a slimeball like him would lie to people that way?

His partner in the Spy Wiper business is Rob Martinson. Rob, like Spamford, is also salt of the earth. You can read his history in this article "A Hated Man".

Re:Horses for Courses

[wallace_mark]

"They are made by private companies and individuals who's credentials and/or decency cannot be guaranteed. "

The set of individuals and or companies and or any other institution whose credentials and/or decency can be guaranteed is precisely equal to the null set.

One Childish N00b has the genesis of a good argument here, but this sentence detracts from it. It would be nice to have a way to assess the trustworthiness of the authors of anti-spyware. I can think of protocols which would improve my ability to do that assessment. But it adds nothing to the debate to point out that some people might be untrustworthy.

And the reference to companies just puts this in the realm of political discourse.

To put this back on topic, let's reformulate this as the core problem.

There are no tools which allow us to verify the quality of software, or the intent of software. We need to evaluate the intent of software to determine if it is serving the customer's needs, and we need to evaluate the quality to tell how well it serves those needs. We need to be able to detect software which serves multiple needs - frex a toolbar which provides an overt convenience to the consumer, and a covert function to the advertiser. Some people may choose to pay for the convenience. But there should be a way for them to assess what information they reveal, and compare it to the value they receive.

Framed that way, it is evident that the problem is twofold. First, users. Users of any infrastructure - whether it is computers or grocery stores are unable to perform price and quality discovery. Second, softare. The software market is still very immature.

Eh - I'm done ranting for now.

Re:Horses for Courses

[djp928]

I'm not going to harrass my clients to start running half a dozen programs just to remove spyware and it's a pretty rare thing to come across a piece of spyware, even a humble cookie, that both of those two miss.

Actually, if you RTFA, you'll see that there's plenty of fairly common cases where both of those apps fail to detect/remove certain pieces of spyware.

-- Dave

Re:Horses for Courses

[rizzo420]

while this is true, the other apps don't get everything either. i work in a college IT department and deal mainly with student issues. they have nothing but ad/spyware issues. when i personally fix a machine, i install adaware and spybot and run them both in safe mode (adaware first, spybot second). then after both finished and cleaned up mostly everything, i run hijackthis and get rid of anything else. then i use an lsp fix tool called winsockfix just to be sure the networking is repaired back to normal. i restart and 9 times out of 10, the computer is back to normal and runs a lot better. i have had the occasional one that still gets some popups. here's my issue with installing something else. all the others are only trial versions. i don't want to give someone a false idea that they're using a program that is really good and up-to-date. ad-aware and spybot are the only ones that are completely free of charge and you can still update them. after i'm done with it, i tell them how to run the programs and to update them whenever they run them. i instruct them to run them about once a week. problem is, they're not going to run them anyways, so what's the point of even installing more stuff. they don't care until their computer is nearly unusable, and at that point they come crying to me and i have to explain everything to them again. they also don't care about going to safe mode to run them where the programs will be way more effective.

so yes, you are correct. but most people, especially my clients who are students, don't want to pay for more software. and like the article proves, sometimes you pay for what you get, other times you don't get what you pay for.

Arguments to the contrary...

[Spoing]

Oh, not from me. While the failure rate is much higher than I'd expect, that they do fail on a regular basis is not a surprise.

The reasons seem to be simple;

1. Spyware detectors find and remove known spyware.
2. Spyware creators know about the spyware scanners. If they decide that being detected is a big enough problem, they work on ways to not be detected.
3. As the new spyware revision comes out, they are discovered and the spyware detectors are updated.
4. Rinse and repeat.

Yet, the test results show that the spyware detectors aren't in the arms race against spyware that I described above. Instead, many spyware revisions aren't detected at all. Either they don't know about the spyware revisions, the spyware is not being tested for, or the spyware is being ignored on purpose.

Right now, the bar that the spyware creators have to leap is very low. Both social engineering and direct injection onto systems make spreading these things fairly easy to do for the spyware maker. Tie that in with many spyware detectors not detecting completely, and not being used consistantly, and I don't see an end to this problem soon for most people.

What to do? I'll leave that to others for now. I have my own lists. It is a security issue so the systems should be considered to be on hostile networks and hostile users. I consider 2 hours to lock down a Windows XP system to be a reasonable minimum amount of time to spend on each system -- unless automation tools are used.

Re:Arguments to the contrary...

[Lumpy]

final solution.

run trustnoexe and startupmonitor on your computer.

no virus,trojan,spyware or other asshat ware made can get past that combination.

does it make some things a pain? yes. but for Grandma's computer that she uses only for AOL, solitare and an occasional UT2004 deathmatch it is absolutely perfect.

Re:Arguments to the contrary...

[Spoing]

Thanks for the pointer! This is the first time I've heard about beyondlogic.org. Unlike sysinternals.com, I'm not seeing very many comments about BeyondLogic...a shame. In addition to trustnoexe there seem to be some very nice tools there.

That said, the low number of comments means that they haven't passed the sniff test yet. I'll be checking them out before installing anything just in case.

Damn M$

[absBrain]

I finally managed to install SpyBot S&D on my Linux, and only now i found out that SpyBot is not so good after all. Oh, will I ever be safe from spyware ?!

Spyware tips I've picked up

[cybergibbons]

I run a small IT consultancy, and nearly every internet connected PC we work on has a significant spyware infection on it. It's not only our job to remove it, but to prevent it coming back. The things that I've noticed after fixing a lot of problems:

• People don't know they have spyware on their computers. They are crawling along, at a stage I would call barely usable, and it doesn't bother them in the slightest. Or, better still, they find those new toolbars really useful...
• A combination of Spybot S&D and Adaware will clean up most problems. Hijackthis will then allow you to remove anything else. Some people say that Hijackthis is the only tool you need - but it can only remove very apparent problems, whereas the other tools will remove nearly all associated keys, files etc.
• To prevent re-infection, you need to lock down the machine whilst it remains usable. People really do not want to change, or put any effort in. You can try putting Firefox and Thunderbird on the PC, but most people will choose IE, or complain if you hide IE, so they don't have the option.
• Change the settings for the zones in IE to be more secure.
• Add a big list of bad sites to the restricted zone in IE. This includes some sites that have content, but it's generally porn, and as our users are business users, they won't call us back to give them access to a porn site.
• Add an even bigger list of ActiveX CLSIDs to not run.
• Stop the default action on windows scripting host files, scr files etc. from "run" to "edit". A lot of problems start with some user interaction, and this has cut down on quite a few (mainly non spyware) problems.
• A lot more small registry tweaks can be done... most of the above is done automatically by scripts we have writen. One of the problems we found was adding keys once to each HKCU hive - you don't want to overwrite them at each login, or the user changes will be forgotten, but none of the Run, RunOnce etc. keys do it per user.
• Add some buttons to the IE toolbar to put sites in the trusted or restricted zones, for when people have problems.
• Install Spyware Guard - this provides some active protection against spyware.

This won't stop everything by any means, but it slows down reinfection. End users need to change habits - reading EULA, not just clicking OK, using passwords - but this isn't something you can do with a couple of hours work, so people aren't willing to do it. I have no solution to that problem.

Re:Spyware tips I've picked up

[cybergibbons]

I should ad (hoho) that one major advantage of Spybot S&D is that you can schedule it to run quietly in the background... this just isn't possible with any of the other free tools. The command that does it:

spybotsd /autoupdate /autocheck /autofix /autoclose /autoimmunize /taskbarhide

There are other tools that help massively with spyware. As a consultant, it's equally important to understand the ways and means spyware gets onto the system, so that you can prevent and cure effectively, and respond to new spyware before the automated tools do it or before it appears on the many forums.

• Sysinternals Utils are free and great. Process Explorer replaces the crippled useless tasklist in XP, and is quicker and easier to use than the command line utils. Filemon, Regmon, and Diskmon allow you to monitor files, registry keys, and disk access - you can see how, when, and why spyware is getting in.
• WhoLockMe - appears on the right click menu in explorer, and shows what is causing a file to be locked. Again, this can be done at the command line, but this makes life that little bit easier.
• Knoppix - for when it all goes very very wrong.... recover files, partition tables, reset passwords, even edit the registry

Re:Spyware tips I've picked up

[hyfe]

but most people will choose IE, or complain if you hide IE, so they don't have the option.

I've yet to hear a single dissatisfied non-techie complain about Opera :) .. Setup the mail client properly and they'll love you too.

Re:Spyware tips I've picked up

[Malc]

"Knoppix - for when it all goes very very wrong.... recover files, partition tables, reset passwords, even edit the registry"

When did Linux's NTFS drivers become reliable enough for write operations?

Re:Spyware tips I've picked up

[esarjeant]

End users also need to be disabled from performing administrative tasks on their computers.

From my limited experience with spyware, by simply removing the user from the Administrator group you effectively cripple the majority of spyware tools. If you do not have access to modify the %SystemRoot% or make any changes to %ProgramFiles% you'll be a much safer user overall.

I would never logon to my box using root for daily activities. While spyware may be able to make modifications to the current user they will at least be unable to affect the overall system.

Re:Spyware tips I've picked up

[cliffski]

"but most people will choose IE, or complain if you hide IE, so they don't have the option."

TOUGH.
If you are the IT guy and they are the users you just tell them its tough shit. that was my policy when i was an IT guy. The work computer is work property, maintained by the IT dept, its not up to the end user to decide what browser he uses. If they complain, pull up their history folder and tell their manager how much non-work surfing they do in work time.

Re:Spyware tips I've picked up

[FullCircle]

Since Captive NTFS was written to use the Windows DLL's to read and write NTFS partitions.

http://www.jankratochvil.net/project/captive/

Knoppix can find the needed DLL's and mount the drive as RW. It isn't 100% guaranteed safe, but when the system is already damaged it is definately worth a shot.

I've used it once to move data to a second drive for a customer and it worked flawlessly.

Re:Spyware tips I've picked up

[Techguy666]

Your suggestions are good. I'd also add that if your clients insist on using Windows XP and IE, I highly recommend installing SP2. The SP2 version of IE is much more secure and allows you to control "add-ons" or plugins. This, in turn, helps control the explorer browser where a user will spend a bit of time each day (and thus triggering some of the more annoying spyware).

Now, as to Spyware Guard, that's a good program but I prefer to run as few background programs as possible on a machine. You might consider Spyware Blaster from the same company. It's not as secure but considerably less resource intensive.

On an infected Windows XP machine, my usual course of action is to run Ad-Aware SE to clean the computer, install SP2, turn off the firewall and the built-in pop-up blocker. I then install proxomitron and Spyware Blaster. Then I run regedit and manually check out what stuff is remaining in the Run keys. That pretty much cleans out a machine, protects it fairly well, and keeps CPU usage to a minimum. It's also a simple enough solution that I can explain to most users in layman's terms - which is a bonus.

Re:Spyware tips I've picked up

[Mastoid]

How about do what I do: don't frickin' let users be administrators.

Seriously, if you're locked out of your OS internals, there's a lot of damage you can't do.

I realize this is only one layer of defense, since there's a lot of malware (viruses, particularly) that require no user interaction to run, but it's a biggie.

Re:Spyware tips I've picked up

[NMachiavelli]

"End users also need to be disabled from performing administrative tasks on their computers."

Anyone who says this hasn't tried it with a Windows machine. Way too many applications were written requiring admministrative privileges that have no need for them. This often includes important functions like antispyware and antivirus products. There are some complicated work arounds or things you can do with the run as command, but the bottom line is it is a *huge* pain in the ass, to the point of almost being unworkable.

I might be comfortable regularly typing in an admin password to do certain things, but there is no way I'll set it up for a family member like this. They would either call me every time it came up to ask what they should do, or default to typing in a password for everything, which is way too much extra work when it ends up defeating the purpose it was designed for.

Re:Spyware tips I've picked up

[cybergibbons]

That's fine in a environment where you are there all of the time. We're not, we go into a small business, and secure their machine the best we can. They aren't our machines, they're theirs, and all we can do is offer strong advice.

I estimate a convertion rate of about 20% after installing Thunderbird and Firefox, which can only get better.

Re:Spyware tips I've picked up

[cybergibbons]

I should have added that we always upgrade to SP2, the advantages far outweigh the disadvantages, especially on business machines.

The registry hacks that involve restricting activex, adding restricted sites etc. that we do are almost the same as the ones used by Spyware Blaster - expect we use more sources of information, and do several things this doesn't. Also works out a lot smaller, and doesn't need to be installed.

Do you find that the SP2 firewall is inadequate? After watching many users just click "Allow" in most third party firewall applications, I tried SP2 firewall, and found it to be more effective under the control of someone who does not know what they are doing. Though, in most situations, the machines are behind an existing hardware firewall.

Re:Spyware tips I've picked up

[jfoust2]

I'll second the rinse-lather-repeat effectiveness of Ad-Aware and Spybot S&D, but also that Hijack This is necessary to zap some spyware. The hard part, and I mean really hard, is looking through its listings of all the potential spots where Windows will automatically run an executable.
The spyware program filenames are as confusing as possible, leading even a geek to believe they are part of Windows. Or part of the OEM install, or part of something from a printer or a camera or a USB device. The only answer is Google, then removing items carefully. Do you cut the red wire or the blue wire?
Another big problem I face in my consultancy / repair work is that there's no effective tool I've found yet that can clean a drive if the system isn't running. The removers all want to be installed on live systems. Sometimes these spyware'd systems are so slow as to be unbootable or unusable, or the net stack is hosed. Then what? I'd pay for a Knoppix-based cleaner.

Re:Spyware tips I've picked up

[moonbender]

WhoLockMe - appears on the right click menu in explorer, and shows what is causing a file to be locked. Again, this can be done at the command line, but this makes life that little bit easier.

Thanks, that sounds very helpful. And at 100k uncompressed it's very sleek. I second your recommendation of the SysInternals utilities - they're great. Process Explorer, Filemon, Regmon, and the internet utilities are all indispensible.

Re:Spyware tips I've picked up

[Techguy666]

I don't mind the SP2 firewall. It's better than nothing and it is far less intrusive than something like ZoneAlarm for the less technical person. The SP2 firewall is also particularly seamless if the user is working exclusively on a Windows network.

I had a user that needed strong security but had zero knowledge about technology... What I did was install a third party firewall, set it to "learning mode" for a weekend plus a business day, came back on Tuesday and quickly reviewed the programs requiring network access. After I ensured the system was still clean, I then locked down the firewall. If she needed help installing a new program, she could give me a call and I can lead her through the process in under twenty seconds by phone.

But yeah, for someone who doesn't need the additional security, SP2's firewall's not bad. It's really just a backup for everything other fix/patch on the machine. Restricting the registry and blocking ActiveX should be enough for most remotely-knowledgeable users.

Re:Spyware tips I've picked up

[cybergibbons]

With regards to the filenames, one of the worst offenders are Lexmark printer drivers. The filenames actually look like they were generated randomly. Oh for the days when a printer only needed a driver with no processes running (another reason to steer users away from cheap inkjets).

A Knoppix based cleaner would be an amazing tool - like someone said earlier though, the NTFS writing can be a tad fruity at times still, and that would need work on first.

Re:Spyware tips I've picked up

[bbdd]

one thing that we have done that helps is run the users through a proxy server and block them from downloading certain file types. this won't keep spyware from being installed as part of software installation, but it does stop a lot of drive-by installs.

how many random users in the workplace need to be able to download .dll, .scr, .lnk, .reg, and even .exe? not many. block them, and save yourself a lot of headache.

An ounce of prevention worth a pound of cure

[gtkuhn]

Seriously guys, none of these spyware removers are even remotely perfect and they all suck time and CPU cycles. I disavow any knowledge of this guy, Mike Lin, but his itty-bitty FREEWARE program kicks butt.http://www.mlin.net/StartupMonitor.shtml It does one tiny little thing with almost zero overhead, it tells you what wants to insinuate itself into one of the several startup vectors of Windows. And gives you the option of not allowing it. Any spyware must have some part that runs at startup. This gives you a warning and a filename for googling to remove whatever you have contracted. Probably works for many worms, viruses, and trojans too.

Re:An ounce of prevention worth a pound of cure

[Slashamatic]

Agreed, anything evil has to be started somehow. Mike's program works well at picking up autostart changes, but I don't know whether I would give it to a general user.

Re:An ounce of prevention worth a pound of cure

[gtkuhn]

So long as the user clicks "No", don't allow this. Just about anything will be left sitting dormant and ineffective on the HD. Am I correct?

Re:An ounce of prevention worth a pound of cure

[TractorBarry]

I do the same with:

http://www.x-setup.net/

Which works a treat for me (and allows me to have a nice black background on my works machines WIn2000 log in etc. etc.)

A top bit of software.

Re:An ounce of prevention worth a pound of cure

[Slashamatic]

The problem is that genuine Microsoft updates (AS WELL AS OTHERS) usually have components that register themselves for launch during startup to complete the installation, so it isn't as simple as saying no.

Re:An ounce of prevention worth a pound of cure

[ppz003]

Spybot S&D will do this too. If you choose the advanced mode, and then Tools from the left side, you get a list of all processes that execute at system startup, with the option of disabling or removing them.

Browse through some of the other tools too. Some of them are pretty slick.

Re:An ounce of prevention worth a pound of cure

[flonker]

It's a great tool, and I use it. The biggest fault is that many program installs will set something to run at startup and immediately reboot, before you get a chance to click the "yes" button.

But programs that reboot without asking permission first are ill-behaved anyway, so it isn't a big issue. And if it's absolutely necessary, StartupMonitor can be disabled for the duration of the install.

Re:An ounce of prevention worth a pound of cure

[Darthmalt]

I use kerio to tell me when something wants to run. It's nice because not even MS programs can start without permission. I also check msconfig > startup fairly regularly as well.

Re:An ounce of prevention worth a pound of cure

[asavage]

StartupMonitor has a yes/no popup dialog box whenever something tries to change your registry to load on start up. You don't have to search for anything after the fact.

Re:An ounce of prevention worth a pound of cure

SpyBot TeaTimer goes one step better. It pops up a confirmation dialog about any major registry change (not just startups) or hidden process.

Nyah nyah.

Nonsense.

[brunes69]

A car is a generic end-user product as well. But if the engine catches on fire because the owner hasn't changed the oil in 12 months, despite the car manual prescribing a change every 5,000, documentation from the dealer saying the same, and red blinking light in the dashboard, no one blames the engineers. The exact same thing is true of sypware and viruses - it is a well known problem, the user's companies and ISPs tell them not to open the attachments, Windows XP even issues a warning prompt, but they do it anyway.

You can engineer many problems, but you can never engineer away human idiocy. There will always be some idiot who will find a way to kill themselves with a pair of dull safety scissors.

Re:Nonsense.

[arminw]

...tell them not to open the attachments...

The problem with Windows is that you can install a brand new, genuine copy of any flavor of Windows on a computer and then be infected within minutes of connecting that system to a high speed Internet connection. No user action is needed other than plugging the computer into the network. Most of the time you won't even be able to download and install the needed patches/service packs in time to prevent getting the system infected.

THAT vulnerability is clearly the fault of MS, not the stupidity of the users. That, in you car analogy, is equivalent to driving a car off the showroom floor and having the car catch on fire before you get it home.

For the average Joe user a computer should be at least as secure as Mac OSX which, out of the box comes with only commonly used function enabled and everything else is turned off. It is much harder, if not impossible to infect a Mac without some stupid action on the part of the user.

Re:Nonsense.

[26199]

An argument by analogy isn't an argument at all. Cars are not computers. Computers are not cars.

There is no technical reason why a computer should need any maintenance at all. Nor is there any reason why it should be possible for someone else to take over your computer if you do the wrong thing. This is a problem for the software providers to solve, not an education problem.

Computer scientists and geeks tend to think the world should revolve around computers. It shouldn't. It's the computers that need to change, not the users.

And, yes, "stupid" end users are frustrating. My family frequently drives me nuts with what, to me, are unbelievable blunders. My family is full of intelligent individuals, but as it happens none of them have an interest in computers. And they shouldn't have to to use a computer effectively.

Re:Nonsense.

[Sique]

There is no technical reason why a computer should need any maintenance at all.

There is one. It consists of two components. The first one is called Turing completeness, the second one is called Termination problem.

If you have an object that is Turing complete, then there is no way to prove for sure that it will execute exactly according to the specification, because you can't even prove (in general) that it will ever stop with whatever it is doing.
This is founded deep down in the Mathematics of computing, so there is no way to engineer around.

So if you can't be sure, you have to do maintenance to make sure it will perform as expected, because then the computer needs manual supervision to externally stop programs from running for eternity or doing arbitrary things you never expected them to do. Computers are per definition all-purpose tools, and they can be modified to do things that cover many different areas of knowledge and science. No single person and not even a larger team is able to oversee what a computer is capable of, because of this general openess. You can only limit the damage a computer is able to do by limiting the ways it is able to communicate with its exterior, because for now computers are limited to logical operations, and they need external hardware to have a physical impact to their environments.
On the other hands: What we need from computers are mostly not logical operations, but interactions with external hardware to have this physical impact to the surrounding world, may it be printing out a document or sending an electrical signal to another computer, changing the color of pixels on a screen or reading the buffer of a keyboard connected to it.

So if no one can specify the limits of what a computer may be able to do, no one can say for sure how to limit the damages a computer can do. There is only one way to minimize the impact: continously monitoring the computer while it is running and correct everything that goes wrong. This is called maintenance.

You can limit a computer and its hardware to a certain subset of possible operations, but then you end up with an electronic dish washer, a phone headset, a CD player or any other electronic gadget. But not with an all-purpose computer.

Re:Nonsense.

[26199]

That's irrelevant.

Here's how to stop a computer needing maintenance, ever: put all the programs you're going to need in ROM. Clear RAM whenever you reboot.

There. That wasn't hard, was it?

The Halting Problem talks about the general case. There's nothing to stop you proving that individual programs halt. In fact, for standard applications, anything which doesn't provably halt is a bug.

How many people use an all-purpose computer as an all-purpose computers? Only the programmers. Everyone else uses it as a collection of applications. That's where the money is, that's where the customers are, so that's how they should work.

Re:Nonsense.

[Sique]

Here's how to stop a computer needing maintenance, ever: put all the programs you're going to need in ROM. Clear RAM whenever you reboot.

There. That wasn't hard, was it?

Yes. No persistant data storage. No way to actually create new programs. No way to use remote ressources. No protection for so called active content (program builtin languages) not running havoc. What you create is a quite limited type of computer, similar to a game console or an early '80ies home computer without external storage.

We are talking about computers you actually want to work with.

So now lets talk about the real components such a computer needs: verified hardware (where the correct implementation is mathematically proved), verified compilers, verified operating system, verified applications, verified protocols for remote usage.

Four out of those five requirements are already accomplished or on its way to accomplishment. There is hardware (CPU, memory...) where there is a mathematical proof that the implementation is an actual representation of the specification. There are verified compilers where there is mathematical proof, that the object code they put out is mathematically equivalent to the source code you are feeding it. There is work in progress to prove the correctness of an operating system (I should check with my old operating system group if they are finished yet). There are lots of network protocols whose correctness is proved for both the protocol itself and an actual implementation of the protocol.

So there is one big block remaining: verified applications. And there we are back at Step 1. No one hinders us to implement a hardware layer or a complete operating system at application level (You don't believe me? Look at VirtualPC [OS] or VMware [hardware layer]).

Any application that has a Turing complete subsystem (like most Office suits with their application specific languages) can be host system for the same thing: You could even create a Linux being hosted by Microsoft Word (write an C Compiler in VBA and then port the Linux kernel. Simulate a simple framebuffer device on the Word canvas in VBA and port X11 etc.pp.).

So having verified applications still doesn't warrant a maintenance free computer. Even the data the applications get feed with has to be verified. And that's the point where a computer turns from a useful tool into a completely verified and maintenance free but even so completely unusable piece of junk, because you have to mathematically prove the correctness of your own data.

Re:Nonsense.

[26199]

A computer that who wants to work with?

How many users actually use the VB support in Office? I'll bet it's under one percent. It's just this kind of crap which leads to security problems. Most people don't understand it, most people will never use it, but it's there as a security risk.

Think about a computer from the point of view of a normal person, not a computer scientist or someone who works with technology. The things it has to do are, by and large, extremely simple. The state it needs to store is probably limited to the odd piece of homework/report/letter. Those could even be stored on a central server, leaving absolutely no state stored locally.

Making a computer safe is hard. But for most people, a computer is just a word processor/web browser/email client. Making that safe is certainly doable. Why hasn't anyone done it yet? That's my complaint.

Re:Nonsense.

[Sique]

How many users actually use the VB support in Office? I'll bet it's under one percent.

In every company I worked so far, especially Microsoft Excel was used heavily relying on the builtin VB. In fact it's one of the real strengths of Excel.

Making a computer safe is hard. But for most people, a computer is just a word processor/web browser/email client. Making that safe is certainly doable. Why hasn't anyone done it yet? That's my complaint.

Because there is currently no way to make a restricted computer actually cheaper than the fully fledged one. There have been several attempts at reducing the capabilities of computers for simple home/office use. Remember the NetPC, the Thin Client, the JavaStations? None of them worked. They weren't cheaper than the all-purpose computer (because they basicly rely on the same hardware), and they were less flexible.

It is in fact much more expensive to build a sufficiently restricted computer than an all-purpose one. An all-purpose computer just needs a Turing complete CPU (a small microprocessor with the OpCodes INC, DEC and JZ is Turing complete), sufficient memory and I/O interfaces. A restricted computer needs much more than that. Either it has a Turing complete core and then lots of assistance checks&bounds builtin, or it uses a not really Turing complete core, where all OpCodes are limited in a sophisticated way.

And now comes the biggest disadvantage: An all-purpose computer can emulate the restricted one (given the right software), but not vice versa. So in the end the all-purpose computer prevailed: It could do everything the restricted computer was capable of at a cheaper price. And the real maintenance cost (TCO) is still much debated and complete meaningless to people, who own a computer in private and just call the boy from the neighborhood, who is so intelligent and good with that thing.

Re:Nonsense.

[26199]

Hmm. I was more thinking Word; there must be a large number of users who use Word far more than anything else, and don't use VB with it. Excel, I agree, is much more useful with VB. But that's when it's used as a fairly technical application.

It certainly is hard to restrict computers so that they're idiot-proof... or, as I'm arguing, normal-person-proof. But I think that's what needs to be the goal, not user education.

poor presentation

[joe094287523459087]

the article seems well done and deep but the presentation of the results is lackluster. they performed all those rounds of tests and analysis and the "conclusions" are

Spyware and adware can prove quite difficult to remove
No single anti-spyware scanner removes everything

etc. no kidding! why did they need to compare them to find out what is conventional wisdom for most people already. there is no quantifiable list of best-to-worst that i can find on the site, which is really the most valuable result of a study like this.

a waste of their time and ours.

Re:poor presentation

[joe094287523459087]

i sent him an email - here's his reply
>I'm sorry, but I deliberately neglected to include the kind of ranking that you're asking for because such a ranking would be taken as a definitive pronouncement on the products tested, and three tests simply can't support that kind of conclusion, as I noted in my Disclaimers section. Also, once I did produce that chart, people would link to that directly and blow right past the details, and the details in this case are important.

Best,

Eric L. Howes

Talking of Java....

[prandal]

Folks, you should check out this Sun Java Plugin Arbitrary Package Access Vulnerability

Gary Grocer, Billy Butcher...

[Dogtanian]

HOwever , these programs could do anything which is the worrying part. 99% of them may just be Gary Grocer trying to make some extra money

I think you're underplaying the seriousness of Gary Grocer's nefarious activities. After all, he's an internationally-wanted credit card fraudster who is also notorious for using zombified PCs to send spam.... that's how he makes his "extra money". (Note: There is a reward for the capture of him and his money-laundering associate, Freddy Firefighter).

"These people are scum, " says Florida's Head of Anti-Fraud Investigations, Calvin Criminal.

"Damn right, " adds his colleague, Alvin Arsonist.

Review Format

[Donny+Smith]

While we should be grateful for the work done by the reviewer, I cannot but notice that the results are hard to find out.

I, for one, would like to see some conclusion or recommendation or rating (Anti-Spyware A - goog; Anti-Spyware B - shit; Anti-Spyware C - excellent).
I know the article focuses on falling efficiency, but still, it's a bit overwhelming to go over those huge tables.

where can i get the rpm's for these?

link me

Becareful not to shoot yourself in the foot

[DigiShaman]

About half the time a user removes spyware from a PC that is running really sluggish, I've found that it the spyware removal utilities does NOT repair the winsock registry keys. Thus, you can't even get TCP/IP connectivity. You will know it's broken if you get an IP of 0.0.0.0 or will fail instantly to repair the LAN connection in XP and just get a 169.x.x.x address.

If you do plan on removing a heavly invested PC, be sure you know how to fix repair winsock.

If the customer is running XP with SP2, then you can run the "netsh winsock reset catalog" command (without quotes) to repair the connection and reset the winsock settings back to defaults. However, if the PC does not have SP2 installed, you will have to check out this link http://support.microsoft.com/default.aspx?scid=kb; en-us;811259

For Win9x users, check out this link http://support.wadsnet.com/winsock/winsock98.asp

Re:Becareful not to shoot yourself in the foot

[Quazion]

http://www.majorgeeks.com/download4372.html

There you can download winsockfix.exe which will try to repair the winsock settings for win9x/me and xp. works really like a charm most of the time.

Re:Becareful not to shoot yourself in the foot

[Shadwhawk]

I had a Win98 machine in the lab that wouldn't connect to the Internet at all. Opened up Spybot S&D and use its LSP viewer to see if my suspicions were correct, and they were: there were SAHagent entries in winsock. I ran Spybot's scanner, and it removed the bad entries and fixed winsock.

Use Linux

[xiando]

I use Linux and I never hard spyware installed on my computer. Obviously, I also never had to install a anti-spyware program. If you are using a OS that allows spyware, then you are taking a risk. It is you choice do to so. But do not cry about your data loss. You took the risk. You did not use Linux.

Try it. Once. You can download a Live CD and try it even without installing it. If the 5 minutes this takes was a waste of time, then too bad. But if not, then you may just learn how to use a secure, modern OS that does not allow viruses for the rest of your life.

P.S: It's my birthday today. Actually. (as if anyone cares).

Re:Use Linux

Happy Birthday!

Re:Use Linux

[91degrees]

Well, I tried this Lunix thing you mentioned.

After spending about an hour configuring the windowing system to work, I was able to get started. Why is it so sluggish?

Couldn't get The Sims to run. Or MSN for that matter. I tried quake, but the performance was kindof lacklustre, and I had no control over the resolution. But I don't use my PC just for games.

Shame I couldn't use it for Photoshop either. And it didn't seem to support my scanner.

My point is that Linux is not an option for a lot of people. Sure, I could probably find an MSN client, but a lot of applications don't have an alternative. Gimp is nowhere near a replacement for photoshop; This is why Adobe is still charging a lot of money for it. Hardware support is not perfect, especially for more specialised hardware.

They're getting smarter.

This stuff scares me. With each generation, these spyware writers become sneakier and more devious. As much as I have a handle on technology now, I imagine that there will be a time when I will have to ban myself from electronic transactions and do everything by hand and feet. One of these days they will get me... and that sucks.

I fear for my father who knows just enough of using the internet and installing applications to be dangerous. What's worse is that he often defaults to standard browsers that came with his ISP (e.g. Earthlink), who use IE.

I am intrigued by you ideas and wish to subscribe.

[gtkuhn]

Actually, a really good suggestion. I am learning stuff here. http://www.windowsecurity.com/articles/Securing_th e_Windows_2000_Registry.html

No mention of CnsMin?

[videodriverguy]

I'm surprised that they don't mention this piece of s**t. But since I haven't yet seen a program that can remove the latest version, I'm not surprised. This insidious piece of work actually installs a device driver which continuously monitors its files and prevents deletes etc.

Even starting in so-called 'safe mode' won't stop it. You have to boot with a CD and erase it manually.

The people who wrote it are 3721. something, and a link to it even appears on the default Chinese search page. In theory it just allows for Chinese name searches, but in reality does much more.

You have been warned - please don't visit the site.

Re:No mention of CnsMin?

[m50d]

If you're sure safe mode doesn't work, F8 on startup and choosing step by step confirmation will. Of course you need to know which drivers are real ones, but you learn that.

Re:No mention of CnsMin?

[videodriverguy]

Thankfully, I do know which ones are ok etc. But it does demonstrate a severe problem with XP (may or may not be cured by SP2) in that driver installs are possible. And WITHOUT the 'signed driver' warning. I certainly hope that other spy ware doesn't start doing this.

End User License Agreements and Privacy Policies

[NoMercy]

"Moreover, users should learn to practice safe computing habits, which include avoiding web sites and programs of unknown or dubious provenance and carefully reading End User License Agreements and Privacy Policies."

Am I the only one who doubts that will come true any time soon, we all know how to click on a button as a reflex action, reading a lengthy EULA full of lawyerspeek... that's a headache.

Well, here's IMHO what's wrong with them

[Moraelin]

I've said this before, but here goes again: what's "wrong" with non-nerds is that they're used to the Real-World "security model". The real world doesn't work like computers do.

In the real world, you don't have to have an absolutely-unbreakable titanium-plated vault door to your house, nor bullet proof windows. If anyone wanted to hack your front door down, it's worth a maximum 5 minutes with an axe.

Real world locks also aren't supposed to be unbreakable. Au contraire. By computer security standards, they're a catastrophe. Most allow 1-pin-at-a-time attacks, which in computer security is the worst anti-pattern. Locks with master keys allow easy escalation of privileges too.

It's all documented vulnerabilities (or exploits) and they've been known for ages, and never fixed.

But they work IRL anyway. Yes, any kid could lockpick your front door, or hack it down, or just throw a brick through the window to get in. But people still use locks, doors and windows.

Why? Because the IRL (In Real Life) you don't live in a lawless no-man's-land where any kiddie with a lockpick is l33t and free to pick your lock. IRL your real defense isn't the lock, but the law.

The lock or the door just markers. They just say "you're not supposed to be past this point uninvited, and if we find you inside, we'll throw your sorry ass in state jail."

(If you're a die-hard gun fanatic, feel free to replace by "if I find you in, you'll get a gut full of buckshot." Same idea: there'll be repercursions. The door just marks the point beyond which the thief is not supposed to go, not _the_ deterrent itself.)

And people instinctively expect the same kind of rights and protection to apply to the online world too. "This is my computer, you're not supposed to be on it. Your playzone ends at the ISP, and this side is my private property."

Unrealistic expectation? Maybe. But it exists nevertheless.

Unreasonable expectation? Not at all.

Re:Well, here's IMHO what's wrong with them

[JuggleGeek]

Someone, anyone, please mod parent up. This is the best post of the thread.

Re:Well, here's IMHO what's wrong with them

Yes, well my aunt has no deadbolt but I have two. I also put a padlock on my gate but others don't. I also put a bar in my patio door.

As long as I'm less convenient to rob than my neighbours, I'm ok. Same thing in the computer world.

Re:Well, here's IMHO what's wrong with them

[olman]

That's what you get for the crappy US locks.

Over here we use Abloy locks which are a lot more tougher nut to crack. In fact by far the easiest method is a brute force approach since (most) doors are a lot more flimsy than the actual lock mechanism. That doesn't mean resorting to an axe, it's enough if you can turn the handle..

Re:Well, here's IMHO what's wrong with them

The anology alos breaks down at the other end of the anology. In the real world if someone want to break into your house he needs to be physically present, can be easily noticed by you or your neighbors, and will probably leave eveidence that law enforcement can and will follow up on.

Re:Well, here's IMHO what's wrong with them

[airjrdn]

Exactly.

That's probably the best explanation I've heard to date on why NOT to relate computer/internet issues to real life issues.

Re:Well, here's IMHO what's wrong with them

[emiddlec]

Excellent post. I'd like to turn over and examine your Real-World analogy, if I might.

Normal locks and windows work IRL. Consider that this is based on the physical requirements for an attack, though, which limits the number of attacks you're likely to receive. For instance, in a small town in the Midwest (fewer people), you might not lock your car when buying groceries. On the other hand, if you live on the ground floor in a bustling city (more people), you might have bars on your windows. People understand that security varies based on the need for it -- they just don't understand what the need is when it comes to computers.

What normal Mom-and-Pop users need to hear is that connecting your computer to the Internet with say, Broadband is a bit like connecting your front door to the infinite hallway of doors from The Matrix. Anyone anywhere in the world can now knock on your door, day or night, and try the lock. And tell them it's a safe bet that they will be knocking in the first 15 minutes, in fact.

Now of course this won't help them learn anything about what specific precautions to take, but I'll bet they will be listening to you for suggestions.

Re:Well, here's IMHO what's wrong with them

[Moraelin]

"In the real world if someone want to break into your house he needs to be physically present, can be easily noticed by you or your neighbors, and will probably leave eveidence that law enforcement can and will follow up on."

Oh, indeed. Very insightful observation, and indeed it's one big factor in why you get so many attacks over the internet. We can easily aggree on that one.

I'm just saying what Joe Average, with zero knowledge of computers, instinctively expects. He's lived all his life in a world which works by completely other rules (yes, because the factors you mention), so he just instinctively applies those rules without thinking.

It sorta reminds me of an Asimov story, the title escapes me though. Basically on an orbital station, where gravity is generated by rotation and everyone lives on the inside surface, they have to catch a spy who's from a _planet_ in a group of other people from orbital stations. So the "guide" just starts talking about the centre of it. Everyone who's from an orbital station instinctively looks _up_ (correct for such a station), the guy from the planet looks _down_ (correct for a planet.)

Computer expectations are like that too. _You_ who've dealt with computer lots, look in the right direction, they look in the direction that would be right for RL. That's all I'm saying.

Not worth much of my time

[FedeTXF]

This spyware tools only apply if you are on Windows. Even if you are, most of spyware (and the nasties kind) will not affect you as long as you stay away from IE and OE.
And I'm saying it running FF 1.0 on Fedora Core 2.

but you get spyware with free software!

[Quazion]

I think you mean free like in open source and not in free as beer. Since most software you download for free contains spyware like kazaa and grokster, those applications are free because they try to make money tru spyware.

Re:but you get spyware with free software!

[BinLadenMyHero]

True.
That's why I wrote 'Free' instead of 'free'.
But I should have made it more clear.

Note that you can even get spyware from open source software. There is no warranty, unless you check all the code by hand before compiling. Of course nobody does that, but you can do it over a sucpicous software. The main point of course is the freedom to study, modify, and use the software.
It's no good for a company to put spyware on Free software because it's easy to spot, and it will ruin it's reputation (you know Free software users cares more about that..)

Re:but you get spyware with free software!

Yeah, that's why they used a capital F. Remember, kids, that's Free as in speech, not free as in beer.

Re:but you get spyware with free software!

[Quazion]

I seem to learn something everyday, but the Free and free seems not very logical to the untrained brain....

Away from windows recently (1 year), asking...

[Ilgaz]

Is "backweb" on win32 still considered "spyware" by those programs?

One of the inventors of anti spyware stuff called it "spyware" and forced my novice brother to delete it.

That "spyware" was installed by Siemens and FRISK, makers of F-Prot for gods sake! Its job was to download virus definitions for F-Prot Mobile which came with guys computer.

In 1 week I had to clean a damn new windows virus which was advanced and his half of documents were deleted by that virus.

I knew he was novice and wouldn't care about updates so I installed backweb on PURPOSE!

There, the company and customers which Ad-aware considered spyware :)))
http://www.backweb.com/customers/

Note I am not against Lavasoft but I think the "paranoia" level of anti spyware is way TOO HIGH. E.g. deleting doubleclick.net cookies of IE which comes with P3P installed will get "bravo" from users but advanced ones will know it means NOTHING.

Giant Anti-Spyware

[The-Bus]

Ahhh yes, the power of Visual Basic. I like how professional the software is, it doesn't even say you need the Runtime libraries. Their website is mostly filled with "technical questions" about how to order the software.

Let's hope they address that.

MOD PARENT UP...Re:Use Linux

[advocate_one]

go on... do it... you know you want to... :)

A hardware solution to Spyware

[SoupIsGood+Food]

You could simply buy an iBook and look at it as a peripheral for your cryo-cooled 1337-gamerboi PC.

You use the PC for playing "City of HalfEverDiabloCraft III" and for generating dubious overclocking benchmarks and storing your MP3's on your terrabyte RAID with the windowed 250gb SATA disks.

You use the Mac for web surfing, email and IM, to store critical documents you don't want eaten by Virii (making sure to back them up to CD-R every now and again) and generally Doing Usefull Stuff.

That way, your precious game time is uninterrupted by Microsoft's Keystone Kops approach to secuirty and monoculture attacks. Let's face it... you ain't never gonna be able to lock down your Windows box, no matter how much money and third party utilities you throw at the problem.

Alternatively, OpenBSD on any old laptop is another way to dodge the spyware bullet, if your Unix Fu is the stronger.

SoupIsGood Food

Anti-rotware tools are largely placeboes.

What good does a 90% detection rate do when programs can be remotely run via a web browser (or remote OS update program)? There is a design flaw here someplace which shouldn't require more bugware to compensate for.
Download=fine.
Download and automatically execute=very bad.

The very best of all available anti-spyware-tools

[c0l0]

...is to be found on http://www.linuxiso.org/ - and, best of all, it's free! \o/

Ad aware in the top listing?

[NeoSkandranon]

I was under the impression Ad-aware's scanlist oriented more towards tracking info and the like.

Personally I rarely use ad-aware by itself due to the amount of things it misses --possibly just the unique spyware demographic i've encountered, but I'm not sure I ever recall running ad aware AFTER spybot and finding more than a few cookies.

Those whacky wikipedians...: They _do_ eat canes!

[ArsenneLupin]

Wikipedia vandals supply the community a valuable service, by inserting insiduous copyright traps:

Goats are reputed to be willing to eat almost anything. Contrary to this reputation they are quite fastidious in their habits, preferring to browse on the tips of woody shrubs and trees, as well as the occasional broad leaved plant. Due to this they are less susceptible than other livestock to parasites when allowed to feed in a natural setting. Goats are very fond of wheat grain. They will seldom eat soiled food or water unless facing starvation. They certainly do not consume garbage, tin cans, or clothing. But they do eat canes.

Well, at least open-encyclopedia didn't copy the version with the, hmmm, alternative plural form, hehe...

What surprises me is...

[wowbagger]

What surprises me is the fact that Mr. Gibson is able to find web sites that do "drive-by-installation" that are not taken down immediately.

You'd think that the hosts of "Innovators of Wrestling" would yank it if it were downloading crap onto people's computers without their knowledge - in violation of the LAW!

But then again, I've seen how well most System AdminDUHstrators manage their sites; perhaps my surprise is simply the result of my moring coffee not kicking in yet.

And here is a question for the class to consider: Given the difficulty of removing spyware in a machine which is running the spyware, why has somebody not taken Knoppix, Wine, the NT filesystem wrapper code, and a virus cleaner, and created a boot disk that would

1. mount the users disk using the NTFS in the kernel
2. locate the native NTFS DLL, MD5 check it, and assuming it is not corrupt use it to mount the system R/W
3. Use winelib to access the registry and clean it
4. Run the filescan and purge to remove the infections

. That way, you would need to reboot twice (once to boot into the CD, once back into Windows).

Granted, for me this question is of academic interest only - I don't run Windows anymore. But for those of us who have relatives still stuck in purgatory, this might be a better way to run.

Re:What surprises me is...

[Peyna]

You don't need Linux to do it. BartPE works very well for this purpose.

Re:What surprises me is...

[Filmwatcher888]

You could do something similar to this by using BartPE. It is a Bootable CD version of WindowsXP. You won't have to worry about messing up the NTFS partition with a bad write since it is a "native" tool. And, the BartPE community has created hundreds of plugins, including registry checkers, virus scanners, and spyware cleaners.

Best combinations

[__aavljf5849]

I took a (not that hard) look at which are best as compliments to the top dog, GIANT AntiSpyware.

Turns out that SW Doctor seems to fill up the holes best, even better than AdAware and SpySweeper, although they come in better as standalone.

So, GIANT AntiSpyware with a liberal helping of SW Doctor and maybe an occational spray of AdAware seems to be the medicin to use.

Its not just how much it cleans

[auzy]

Some anti-spyware tools have done a horrible job in my experience, incorrectly removing them sometimes leading to crashes occasionally (in fact, one that I've experienced was due to ad aware). A proper test should also test how correct the removal is and test the stability of potentially affected programs.

I'm wondering how they did quality analysis of the removal process.. Whats to say that some spyware removed here was only disabled or half removed?

Its also a matter of their distribution on the planet, of all the billions of worms out there for instance, just because a virus detector detects more then the other ones, they might be extremely rare.

I wouldn't rush off and choose any of these based on these figures, because the best ones could easily be the ones which incorrectly remove common spyware breaking stuff.

I think eric did a good job though. Maybe though he should update the results to include the distribution in the wild and quality of the removal

CoolWebSearch

[M$Lackey]

A lot of people here have made a mockery of the relevance of spyware removal tools, and even questioned whether spyware is a real issue at all. These people probably haven't tried to combat the latest strains of the CoolWebSearch infestation. Visiting a friend recently I noticed his laptop had gone totally Ga-ga, and I offered to help, thinking that a quick anti-virus scan accompanied by ad-aware cleansing, would get the unit back in shape. It didn't. I tried every automated and manual step-by-step procedure I could find on the net and nothing seemed to help. The premier anti-CoolWebSearch volunteer on the net seemed to have given up (as reported by the Register) I ended up deciding that it was less time consuming to save the few vital files that existed on the machine, and reinstall the operating system, rather than trying a meticulous process-creation-timestamp-analysis. The operating system I reinstalled was Win XP (not Linux). Why? Because my friend is a technically challenged moron and will never be capable of using anything but Windows for desktop computing.

Re:CoolWebSearch

[neuph]

I have run into this hellish demon before, on my wife's computer. After painstakingly researching (So many different variants of CWS make removal instructions hard to find, especially when I had no idea that it was called CoolWebSearch).

However, once I learned what it was, I downloaded CWShredder (here and here), which got rid of the nuisance quickly and painlessly. And it took less time than a reinstall.

Put yourself in USER group.

[ic0wb0y]

Why not just 'not' log in as 'Administrator'? I mean, nobody logs in as Root in Mac or UNIX, but it's default to do so in Windows. In Mac, before installing anything major, it prompts for a password, even Updates. In UNIX you need to SUDO. When I set users up in Windows, they are all USERS. If they really are dangerous to the system, I put them in the GUEST group. Spyware and Viruses don't work without access. By default, Microsoft condones ruinware because of it's ambilivent user policy design.

Re:Put yourself in USER group.

[Fortran+IV]

My boss does not have administrator access (he's the owner, I'm the geek), but he still gets tons of adware crap installed and running on his Win XP laptop. Trust me, you don't have to have administrator access to get hosed up.

Data could show which combo works best!

[museumpeace]

I'd re-process this excellent report, if i had time, so that it looked at pair-wise and perhaps triplets of products: Since NO product is 100% coverage, which pair or 3 products are the most effective combination? If I could just load Mr Howes' excellent tables into my spread sheet!

Also, there are clearly some infections that no product can see...vendors, are you paying attention?

And finally, to the apologists for the spyware industry: ANY piece of software so contrived that

• [a] I don't get some in-my-face interaction like a EULA click-through to warn me I am installing it and
• [b] it has no clearly visible means of completely unistalling itself from my machine

is at the very least a detriment to the performance of my PC and at worst, because it operates in the shadows of my registry and START menu, gives me no easy way to be sure it is not informing others about choices and interests expressed on my PC that are nobody's business but mine. ANY such "convenience" or "novelty" is something I don't want and would never seek to have on my PC so take your sneaky crap and shove back up where it came from, all of it!

RTFS

[ajs318]

Imagine a cake department in a supermarket .....

CUSTOMER: Excuse me, miss. This cake. There doesn't seem to be an ingredients list on the box.
MANAGERESS: That's right, sir. There isn't one.
C: Why not?
M: Because it's a secret.
C: But how am I supposed to know what's in it?
M: We don't want you to know what's in it. If you knew what was in it, you might not buy it.

Would you buy a cake without an ingredients list? You don't know. It might contain animal fat. It might contain artificial colourings. It might contain nuts. It might contain radioactive isotopes.

I am genuinely curious as to what motivates people to run software knowing that they are not allowed to look at the source code. Fair enough, you may not understand it yourself. But people are not islands, and you probably know someone who could understand it, if you really needed it understood. And more to the point, if they won't show you the source code, why not? What don't they want you to see?

The only way you can ever know for certain what a piece of software is doing, is by reading the source code. If the suppliers don't want you to read the source code, that suggests to me that they have a problem with you knowing what it does. Which further suggests that it's probably dodgy.

Re:RTFS

[pafcu]

Source Code != ingredients
Source Code = recipe (At least to some degree)

As you may have noticed, very few cake-makers put their recipes on the box.
I have some shocking news for you, the recipe for Coca Cola is also secret! Does that mean that you shouldn't drink it?
Don't get me wrong, Open Source is great, but most analogies comparing open and closed source are so flawed it's downright scary...
As a matter of fact my own analogy(code=recipe) is also flawed, since you need more than just the recipe to make good food(cooking skills,actual ingredients,etc).
If a 5 star restaurant gave away all its recipies people would still visit, but if Microsoft gave away the Windows source code, no one would buy their product.

Re:RTFS

[Politburo]

Would you buy a cake without an ingredients list? You don't know. It might contain animal fat. It might contain artificial colourings. It might contain nuts. It might contain radioactive isotopes.

As the sibling points out, your analogy is flawed.

In any case, most people buy food without looking at the ingredients. I mean, just look how many people eat at McDonalds. Yes, there are vegetarians/vegans/people with dietary needs/etc. who closely monitor what is in the food that they buy to ensure they aren't eating things that they don't want to consume, but they are in the minority. In your analogy, vegans are Linux users. They are willing to learn about the foods, know which ones are undesired, and actively avoid them. Most people, like Windows users, see a cake and just want to eat it.

Re:RTFS

[ajs318]

Since the ingredients list is invariably presented in descending order by weight and usually accompanied by a nutritional breakdown of proteins, fats and proportion of saturates, and carbohydrates and proportions of sugar and fibre, it's not actually that hard to deduce most of the recipe -- it's just simultaneous equations.

Anyway. Getting back onto topic. The point I'm making is that you can't determine what a piece of software does without the source code. But it seems to me that much, if not all, of the anti-malware for Windows is closed-source ..... and therefore may contain malware of its own, or otherwise fail to perform as advertised. Otherwise, why won't the manufacturers show us what's inside?

Re:RTFS

[ajs318]

In your analogy, vegans are Linux users.

Hmmmm ..... I hadn't spotted the connection before, but it is actually frighteningly accurate. Right down to the division between the practising ones and the preaching ones!

Most people, like Windows users, see a cake and just want to eat it.

Then they should not be surprised when it gives them diarrhoea, or constipation, or brings them out in a rash, or makes their hair turn green, or their throat constrict so they cannot breathe. Or causes a large, heavy object to descend the second the cake is lifted from the table .....

Why is all notion of common sense apparently abandoned the instant anything electronic is involved?

phone call

ring ring, hello, tech support, may i help you?

yes, my computer is running slow and crashes a lot, i think it may be infected with a virus or spyware...

format C: and reinstall or use your OEM restore disk - this is a recording... format C: and reinstall or use your OEM restore disk - this is a recording... format C: and reinstall or use your OEM restore disk - this is a recording... format C: and reinstall or use your OEM restore disk - this is a recording...

this is about the only way to actually clean a windoze OS of any version #...

better yet, just abandon windoze and use Linux or BSD...

Some scanners ARE Spyware

[gelfling]

I think that the spyware industry is one of the most corrupt in the software biz right now.

Many of the tools in that review don't have uninstall procs and some that do like Aluria have 'problems' with the install.log that prohibit easy uninstallation.

Some spyware tools like Adware (not Adaware) are flat out spyware themselves.

And the remainder for the most part, are scanners that tell you something and then want you to spend $19.95 to remove them.

That's only slightly more ethical than Mafia protection scams.

Best case scenario any tool you use is missing about half of the spyware that may or maynot be on your machine. Your best bet is to use a few different tools like S+D and Adaware and to use real time blockers wherever possible.

Note: I have an XP Home machine at home where S+D teatimer has memory hole and it can't be run w/o consuming all the RAM.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Here's what I do

[Akardam]

First off, I love linux, but in this case I think there's a better tool for the job. (The following is not really a shameless plug).

I use Bart's PE Builder. In a nutshell, it's a bootable cd with a Win32 network, disk (with native NTFS support) and GUI API load. The best thing is that it's built using actual Windows dll's and the like. Of course, you have to have a copy of XP or Server 2003 to built it, and it may not be strictly within Microsoft's licensing agreement to use their IP in this fashion, but that doesn't bother nor stop me.

Anyway, there's a native Ad-Aware plugin for BartPE, and I've hacked together a Spybot S&D plugin, as well. My usual proceedure is to boot the system with my cd, run AAW & S&D to clean up files on the hard drive. Then, I boot from the hard drive into safe mode with networking support, install the latest versions of AAW & S&D, and run them again. This cleans the registry as well (which unfortunately I haven't figured out how to do under BartPE... yet). This method has worked well in situations where the system is so infested I can't start from safe mode.

Part of the problem is that even with the proliferation of anti-spyware programs, often to completely eradicate these nasties, manually crawling for files and registry entries may be necessary. At least for the forseeable future I don't see this becoming a fully automated task.

Re:Here's what I do

[teridon]

This cleans the registry as well (which unfortunately I haven't figured out how to do under BartPE... yet).

Just an idea -- how about using regedt32's "Add Hive" to add the registry files to a temporary key (e.g. HKU/foo)? I'm not sure if AAW and S&D would look in that temporary key, but if they do they should be able to remove it. You'll have to repeat the process for each registry ".dat" file on the system (the one for the system, and one for each user).

Re:Here's what I do

[mattOzan]

http://www.spychecker.com/program/winsockxpfix.htm l

Where can I find your Spybot S&D plug-in? I've never seen a sucessful implementation; all the one's I've ever tried only let Spybot scan the RAMDrive, not the C:\

Re:Here's what I do

[Akardam]

I've thought about doing that, but I'd prefer something a bit less cumbersome and a bit more automated. I'll figure it out, somewhere in my copious free time... *sigh*

Online encounters

[Nursie]

This isn't just something encountered online though is it?

When it transfers itself to an EU citizen's PC and runs in the background collecting information it is acting within the EU. The EU could conceivably extradite the people responsible for this and try them as crimes have been comitted in the EU as surely as a cracker gaining illegal entry to an EU government computer from a terminal in the US has comitted a crime.

A couple of utilities I've found usefull

[Akardam]

There's two utilities I use on a regular basis for winsock fixing:

1. LSP Fix. This program will let you see what dll's are embedded in your TCP/IP stack. Most of the time it will even detect stuff that's not supposed to be there, but you do have the option to override its judgement. Spybot S&D also has the ability to look into the stack, but you can't use it to remove offending modules, nor see their actual dll filenames.

2. Winsock XP Fix. This nifty little utility will basically reset all registry settings for the stack back to what they're supposed to be. This is usefull if some nasty has totally trashed the stack on its way out the door. It would also appear it works on earlier versions of Windows (certianly Win2k) but I've never tried it on anything but XP.

I used to joke that as long as people break their computers I'd have a job, but there are times when the spyware thing really drives me up a wall...

Windows...

[cuban321]

Unfortunetly I just switched my laptop back to windows from linux due to some software I must use (VMWare is too slow and WINE won't run it).

I am now faced worrying about spyware and viruses.

What I've done:

-Use Firefox for browsing.
-Set IE security to HIGH for the "Internet zone". Disabling ActiveX.
-Added Windows Update sites to the "Trusted Zone" so I can actually update".
-Installed Privoxy to help block junk when browsing sites.
-Installed SP2 so I have a firewall to protect against viruses that hit on the ever so lovely NETBIOS or RPC ports. No exceptions in the firewall.

All of my email is filtered by my Exchange server so I don't think I'll be needed anti-virus on my laptop. I almost never get or open attachments.

I'm hoping this will protect me. If anyone has anymore suggestions, please let me know. Also, I'm trying to figure out why Windows gets slow over time. It's like the installation rots. I'm trying to find out if you can prevent it.

Hope this helps,
Daniel

Re:Windows...

[Politburo]

Also, I'm trying to figure out why Windows gets slow over time. It's like the installation rots. I'm trying to find out if you can prevent it.

One thing that seems to help a lot is preventing the installation of shell extensions. Shell extensions are the menu options that Winamp, Winrar, AV, CuteFTP, etc. put into the right-click menu in Explorer. Things like "Open in Winamp", "Uncompress using WinRAR", "Scan for Viruses", etc. I find that if you keep the shell untouched, it runs a lot better. I can't remember the exact place, but there's a spot in the registry where all the shell extensions are listed and you can remove the ones you don't want. Also, from time to time go through the file extensions and remove ones that you don't use (In explorer, tools:options, file types tab). Some programs will add what seems to be about a hundred file types (I think Real is a bad one with this). There's no need to have associated icons and actions for file types that you never use. It just slows things down from my experience. YMMV.

Re:Windows...

[gregeth]

All of my email is filtered by my Exchange server so I don't think I'll be needed anti-virus on my laptop. I almost never get or open attachments.

I had mod points, but I decided to respond instead. I'll go ahead and assume that you've been using linux for so long that you haven't realized of what is out there. Viruses that spread via attachments are found in abundance. But you have to also consider the worms that just propogate themselves accross the network to every machine.

Remember blaster? *shudders* I remember that our network was so bad at work that when we would get a new computer and turn it on to cast an image with Symantec Ghost, that it would be infected within 30 seconds. Anti-virus software is definitely necessary.

As far as spyware is concerned, in addition to what you listed, I also like to change the default security settings for IE to prompt me for anything, especially ActiveX controls. There are plenty of Windows programs that use IE for updating or something else (McAfee for example)

Re:Windows...

[cuban321]

Remember blaster? *shudders* I remember that our network was so bad at work that when we would get a new computer and turn it on to cast an image with Symantec Ghost, that it would be infected within 30 seconds. Anti-virus software is definitely necessary.

That's why I said I use a firewall. It can spread to what it can't access.

Just my two cents...

[ardustry]

We use Adaware, Spybot, and Spysweeper. I also use pstools to kill anything in memory that comes back.

Some trojans/virus/spyware programs like to run two copies in memory. When you try to axe one, the other respawns the process.

Pstools will handle this. Pskill run from the command line with an ampersand (&) seperating the command lines will run a kill on two processes fast enough in most cases to kill them both before a respawn.
If it doesn't, start a pretty big file copy process to slow the system and rerun the pskill commands. This is usually enough to kill anything I have run across in memory.

Re:Just my two cents...

[cyborman]

Another thing you can do is in ntfs, you can deny all users (system, Administrator, personal users) from accessing the site, then kill the process. The process can then no longer respawn. The downside to killing the process this way is you can't delete it afterwords.

Terrible Review

It didn't include the two most effective spyware removal tools, Webroot's SpySweeper, and Giant's program.

It chooses to test alluria, which now admits that not all spyware is spyware, since certain spyware paid them money.

They test S&D, which is fair, but they fail to mention that S&D can get less than 1/3 of the known spyware.

Then they only test a handful of software and have no basis for their comparisons.

Cripes. Why bother wasting the electrons for this review?

Re:Terrible Review

[zaffir]

It says right in the story summary that they covered SpySweeper.

It is the one piece of software i've found that gets rid of everything i throw at it. On my client's machines, I used to run adaware and spybot, and then spysweeper if there were still popups. Now i just run spysweeper from safe mode once and it's all taken care of.

Re:Terrible Review

[gurps_npc]

Refrase your statement.

Spysweeper is the one piece of of software that detected and removed all the pop-up. For all you know there is a ton of spyware sitting on your machine that is sending information back whenver you log on.

Watch out for newer spyware's startup routines...

[Akardam]

I've recently seen a rash of new spyware that registers a .dll or ten into the TCP/IP stack, or even in some cases a device driver. Those are truly the beasts. And, of course, the normal Windows startup routines don't necessarily apply, since Windows will include the dll's at launch, and once they're hooked into a process, they'll go about their nasty business as part of what may otherwise be considered a legitemite executable. The line between spyware and a virus/worms/trojans these days is so incredibly thin, it's hard to see anymore.

If it hasn't already become obvious I'm all in favor of dropping large objects on the scumbags that make this kind of stuff. Say, a super-large special order 1000 ton ACME anvil, to start?

The "or-choose-a-safer-computing-practice" Dept

[gfecyk]

I get a 1.000 batting average with my favorite anti-spyware prevention (not detection) tool:

Limited User.

And when not working as a Limited User, I turn off scripting and other stuff, and add "*.microsoft.com" to Trusted Sites so I can use Windows Update and Office Update.

Windows XP and Windows 2000 can catch 100% of all spyware all by themselves. If you let them. Spyware (or other software) doesn't install as a limited user.

Time to LOGOFF and smash the evil eye!!!!

[TapeCutter]

The forbes article in the parent also has a not too subtle message that associates computer geeks and terrorists. Are there any groklaw "terroists" out there that could use that for a "class action lible suit"[sic], if there is such a thing?

SINGLE BEST SOLUTION

[dioscaido]

Stop running your daily desktop account as Administrator. Most, if not all, of the spyware will fail when it attempts to infect your system. It's just general good practice anyway. No one runs KDE/Gnome as root, or log into their OSX machine as root. Neither should we.

• http://www.techproblemsolver.com/limited.html
• http://www.dotnetdevs.com/articles/RunningAsNonAdm in.aspx
• http://blogs.msdn.com/aaron_margosis/
• http://www.pluralsight.com/keith/book/html/howto_r unasnonadmin.html
• http://support.microsoft.com/default.aspx?scid=kb; en-us;305780

Re:SINGLE BEST SOLUTION

[dioscaido]

Scanning through previous posts it looks like mine is a bit reduntant, although the links above are useful. I'm glad to see this is catching on.

Re:SINGLE BEST SOLUTION

[KozmoStevnNaut]

Hell, I didn't know about "Run As..." in Windows 2K/XP/2003 until a few weeks ago.

It's the equivelant of 'su', yet it is so badly documented you'd think MS were hiding it on purpose...

Re:SINGLE BEST SOLUTION

[Mastoid]

Thank you!

This is supposedly a techie forum. How come no one else seems to understand this simple concept?

You need another ounce...

[mpath]

There's another class of evilness that doesn't involve startup and that's BHO's (or Browser Helper Objects), which come into play when IE is started and have full access to the computer.

Re:You need another ounce...

[tricops]

Indeed, my last rash of problems were mostly related to that. I had a hell of a time getting everything cleaned out. I didn't get to trying HijackThis, but S&D, Spyware Blaster, and Ad-Aware were unable to remove everything.

It really sucks when every time you open an IE/Explorer window it restarts and dls 3/4 of the stuff you just stopped and removed. Before that I was using IE maybe 30-40% of the time. That was enough to make me swear it off for anything but windows updates, and I wish I didn't have to use it for that....

Parent post is very important

[NKJensen]

Anything from M$ since 9x/ME has a built-in access rights system.

NO ONE needs to run as administrator, if they are not installing software.

Still today, lots of M$ users don't know that - what a waste!

Re:Parent post is very important

[hibiki_r]

NO ONE needs to run as administrator, if they are not installing software.

Yeah, right. There are lots of apps out there that refuse to work properly under a normal user account. From some versions of MQSeries to the current version of The Sims 2, many apps end up not running at all if you don't run as admin. Sure, it's the developers fault, but the user's only choice is not to use the app at all.

Not All Installations / Configs Are Made Equal

[clotito]

It always pisses me off when somebody tries to do this because they never seem to do it right. That is to say, they never fully document the settings that they adjust on each software installation. News orgs are always coming up with statements that Mozilla or Spybot isn't that great, but that's always with out of the box settings. All I have to say is: "Hey, it's not the software's fault if you don't know how to use it!" Also, I felt that this statement was particularly telling: "The test results reported here constitute but a few tests with three collections of spyware and adware programs. The anti-spyware scanners tested here may perform differently with other collections of spyware and adware."

Re:End User License Agreements and Privacy Policie

[nine-times]

...reading a lengthy EULA full of lawyerspeek... that's a headache.

And the fact that it's lawyerspeak raises another issue: even if you do read it, are you going to understand fully what it is you're agreeing to?

Nothing works completely.

[vspazv]

I've been doing spyware removals for customer's at my job for over a year now. At first it was easy, just run Ad-Aware and you're done. Now some of the spyware programs are getting much more deceptive and can actually startup in safe mode making it nearly impossible to remove.

At this point the first thing i do for a scan is use a USB adapter and connect the hard drive to my test station then clear all temp folders and run spysweeper and adaware to find any files. Then i reconnect the drive adn boot directly into safe mode and rerun both programs to clean out any registry entries. Finally i go through with hijackthis to repair any damage to the browser.

Ive tried out Giant spyware and it seems to work fairly well but the stupid tray app WILL NOT GO AWAY even after haing all of its startup options unchecked.

Also, the new version of Pest Patrol from eTrust keeps detecting a small text file in my 3 year old compressed video drivers as a keylogger :)

Viruses for windows aren't a threat to Linux

[wowbagger]

The reason I suggested using Linux rather than a Windows or DOS derivative was the idea that a virus written to infect Windows would be vastly less likely to be able to infect a Linux system.

That's also why the only file I suggested using from the victim was the NTFS DLL, and that only because of the legality of distributing the NTFS DLL.

Granted, in theory a system booting from CD would not fetch anything from the victim and would not be at risk, but you know what they say about theory and practice - in theory there is no difference between theory and practice, in practice there is.

Re:Viruses for windows aren't a threat to Linux

[Akardam]

Yes, I agree that there is the posibility that a Win32 based live cd could get infected. I think however that the possibility of that is pretty slim. First off, it's on a read only media, so the worst possible thing that could happen is that the actual processes in memory could be infected. In that case, a simple reboot would fix the problem. However, in order to get infected, viral or spyware code would actually have to run, and someone who's using this is not really liable to go around double clicking on random executables. On top of that you've only got enough of the Win32 API realized in order to carry out basic graphical, disk, and networking functions. I don't believe there's a lot of vulnerable code in those API's.

In short, I think it's a pretty safe way to do it.

Windows 2000???

[spanel33]

Why on earth would you do this test on an Outdated OS? Does this really give us useful information if 90%+ of these problems are on Xp Pro and Home? I would think not. I would bet companies fix the spyware on xp then move onto other OS's or put them on the back burner. Chris

Re:Spyware & Updates

[cheezemonkhai]

Things do not all update themselves.

Indeed especially in a corperate environment where you don't want windows auto updating with untested patches. If you have adaware/spybot & windows & you av & A.N.OtherApp updating itself you soon find your systems become unmaintainable or that user systems randomly break when things conflict.

There is no anti MS motive, I indeed worked as a windows sys-admin and at the time used linux on my system due to worms. I had a windows box to test patches on.

My point is this causes hastle to users & admin who do not need it.

Cycles

[argStyopa]

I'm not surprised Spybot did badly.

These things go in cycles, kind of like the Darwinism that didn't work quickly enough on the germ plasm that somehow evolved into the amoral mockeries of humankind that write spyware/malware.

Adaware was widely used for a while, then I started noticing that it wasn't working so well.
Then Spybot is/was hugely popular and extremely effective, so I've started to notice that it too is missing stuff now (or is unable to remove what it finds).

Virus...er...spyware writers are working against these programs, and it's only natural that they are evolving their code to defeat at least the most successful/widely used anti-spyware programs out there.

You wouldn't expect the flu inoculation from 5 years ago to protect you this year, would you? Spyware - and it's counteragents - are the same.

And there's really no defense

[Sycraft-fu]

I used to think that what Windows needed was an SU ability, so you'd run as a normal user, and enter the admin password when needed. I still think that's a good idea, but I've come to realise it won't do shit to stop spyware.

For those that don't know, Mac OS-X does just this. You run as a user, and it asks for root when something requires root to execute. Good idea, don't want to be running as root full time. So I'm hanging out in a recording studio, chattering with the engineer, who is also piddling around on his computer while we talk. He's doing something, a box popos up and asks for root and almost before I can see what it wants he whips off the root password and goes back to talking to me.

I asked him about this and he said well EVERYTHING requires it. Anytime you install any app, it needs root. It's just part of the install process.

Well I realised that would be the attitude most non-tech users would take. Installs need root. It's even correct in most cases. So the spyware that's piggybacking on whatever app they want gets root through the install, and then you are back to where you started. The extra verification step isn't any good since people just give it without checking.

I still think it's a good system for those of us that would be suspicious when some little app with no DLLs/libraries to install whines for root, but a normal user isn't going to know the difference. They'll give it root, and get spyware'd.

Re:And there's really no defense

[bilgebag]

I used to think that what Windows needed was an SU ability

Ah, that'd be Microsoft's patented idea?

Re:And there's really no defense

[Hoser+McMoose]

With WinXP, Microsoft actually has an 'su' replacement that is mostly functional. It also has Fast User Switch (almost as easy as multiple virtual consoles). With the combination of these two things it's actually reasonably managable to run Windows as a non-superuser. The odd program does require that you grant write permissions to one or more folders in it's "Program Files" directory, but usually you can limit that to just a "data" or a "cache" directory or some such thing. This does require a small bit of knowledge, and it really shouldn't occur except for poor programming practices, but such is life.

Does this help with viruses and spyware? Tough to say for sure, but I'd guess that yes, it does. Ok, spyware can still be installed when piggybacking along with an app that you are installing, but at least it does prevent installation through some backdoor methods. Not the one-shot solution some might be looking for, but every little bit helps. Combine that with not using IE or OE, as well as a decent firewall, virus scanner and spy/adware scanner, and Windows can be kept rather secure.

It will never come true

[Sycraft-fu]

Not only do most users not want to take the time, they just lack the knowledge to tell if it mentions anything evil in there. They want their Kazza or whatever, and they'll just click buttons till it's installed. Hell, some programs don't even mandidate the installing of their spyware, they just rely on the fact that most people will just do the default install and pay no attention.

People do not want to understand how their system works, they just want it to work.

Dude...logic has nothing to do with it...

[FatSean]

...It's a religious belief. Good explanation tho, I think I shall save it.

Re:Spyware & Updates

[dave420]

Not everything does, but every piece of software that talks to the internet DOES get automatically patched, which is where the vulnerabilities come in.

And yes, in a corporate environment, it's not advisable to do that, which Microsoft thought of, funnily enough, and provided many ways to roll out TESTED updates to clients of your choice. Also, our corporate spyware detection has central references, as does our corporate antivirus and everything else that has periodic updates.

If you do things properly, Windows will cause you as many problems as linux. Like linux, if you don't know what you're doing, you can make a bad situation worse. Please bear in mind I'm not casting dispersions about your technical ability, but like you, just speaking from experience. God knows I've nuked some boxes in my time ;)

18 references at this site to greater understandin

http://www.islamfortoday.com/attack.htm

On the Hijacking of Islam
If the terrorists that struck the USA last week were indeed Muslims, they have not only committed murder, which carries the death penalty, but have also committed a physical attack upon Islam by the damage they have done to its image.
By English convert to Islam, Ruqaiyyah Waris Maqsood.

The Islamic Rules of Warfare
Michael Young details how the attackers of the World Trade Center, if indeed they were Muslim, flagrantly violated the most basic Muslim conventions of war.

Recapturing Islam from the Terrorists
"Muslims cannot deny forever that doctrinal extremism can lead to political extremism. They must realise that it is traditional Islam, the only possible alternative to their position, which owns rich resources for the respectful acknowledgement of difference within itself, and with unbelievers."
by English convert to Islam, Abdal-Hakim Murad.

It's Time to Look in the Mirror
"The anger being vented at Muslims in the west is the anger that Muslims should have toward the murderers that crashed into those buildings. We should be the ones so incensed and sad. We should be the ones putting together military forces to hunt them down and find them, then dispense justice - Islamic justice - toward them. They attacked our religion - Allah's religion!"
by American Convert to Islam, Abdul-Lateef Abdullah.

Yusuf Islam on September 11
Britain's first government-funded Islamic school closed temporarily last week amid a wave of anti-Muslim feeling. Its chairman of governors, Yusuf Islam - formerly the pop star Cat Stevens - explains why his adopted religion is the home of tolerance and not of fanaticism.
September 18, 2001

American Muslim Leaders Condemn Terrorism, Defend Muslims' Civil Rights
By Susan Domowitz, Washington File Staff Writer 19 September 2001

Taliban have "hurt Islam and distorted the reputation of Muslims throughout the world".
Full text of the Saudi Arabian Government's statement on the breaking off of diplomatic relations with the Taleban
IslamForToday.com Tuesday, 25 September, 2001

External Links

Islam Hijacked
Rabbi Reuven Firestone, author of "Jihad: The Origin of Holy War in Islam" and Professor of Medieval Judaism and Islam at Hebrew Union College in Los Angeles, offers his insights into the events of September 11.

Mainstream Muslims Condemn the Attacks

Islamic Scholars Call September 11 Attacks a Distortion of Islam
By Laurie Goodstein, The News York Times, 30 September 2001

Muslim clerics say attacks in US are un-Islamic
Sheikh Mohammed Sayyed al-Tantawi of Al-Azhar, the highest institution in Sunni Islam, warned that those who attack innocent people will be punished by Allah.
Irish Times, September 14, 2001

We Need Spiritual Doctoring
Muslim American ER doctor Faiz Khan, M.D., on duty in New York on September 11, reflects on the incomprehensible suffering of that terrible day.

Islamic world deplores US losses
BBC News, 14 September, 2001

Mohammed Ali defends Islam on tour of New York devastation
Ananova, September 21, 2001

American Islamic scholar, Hamza Yusuf: Terrorists are mass murderers, not martyrs "It's politics, tragic politics. There's no Islamic justification for any of it."
The Mercury News (San Jose), September 15, 2001

Sheikh Yusuf Al-Qaradawi Condemns Attacks Against Civilians: Forbidden in Islam
Islam Online, September 13, 2001

UK Muslims disown 'lunatic fringe'
Members of Britain's Muslim mainstream majority yesterday rounded on the "tiny lunatic fringe" supporting the terrorist attacks on America.
By Richard Alleyne, Daily Telegraph (London) September 20, 2001

Ali's sorrow at terror attacks
Boxing legend Muhammad Ali has made a morale-boosting visit to rescue workers in the rubble of the World Trade Center.
BBC News, 21 September, 2001

Australian Islamic Council Condemns Attacks in US

Tech calls

[gmerideth]

So far, in 2004, 26% of all of the tech calls we've gone on for our clients and customers have been spyware removal.

While its simply amazing how many people claim to get "tricked" into installing this garbage I have to admit...being able to charge people and make money in this sluggish economy is fine with me.

If, due to people's inability/lack of know-how/tech department to update their machines or simply use firefox or any other non-ie browser is a good thing to my business.

So far we've had our clients buy more copies of adaware professional and hfnetcheckpro than we've sold copies of office 2k3.

Re:Spyware & Updates

[Tenebrious1]

Not everything does, but every piece of software that talks to the internet DOES get automatically patched, which is where the vulnerabilities come in.

That's BS as well. Windows allows you to set automatic updates so it will connect to the server, see if there are any updates available, but not actually update. Norton Antivirus connects to the server to check for updates, but does not update itself unless you tell it to. Adobe Acrobat Reader is one that unfortunately checkes every single time and reminds you there are updates available, but it does not download them until you tell it to. So no, ALL programs do not automatically update themselves.

Why isn't this illegal?

[krgallagher]

I recently began cleaning a friends computer of spyware. There were over 1,400 objects found by Adaware,and according to the article Adaware missed 25% of the infections. To make matters worse, even after eight reboots, running Adaware between each reboot, I still could not remove all the infections. I even tried mannually editting the registry. Now, thanks to this article, I may not have to reinstall the OS.

What I do not understand is how can this be legal. To me this is no different than a trojan (the viral type not the condom.) Maybe it does not self-replicate and spread, but it still hijacked my friends computer. I thought that the malicious or destructive control of a computer without the users consent was illegal according to federal law. Why is it the the government will go after script kiddies, but does not go after the corporate goons who are no better? Oh, wait, I forgot. Script Kiddies do not make political contributions. I'm going to email my congressman.

Out-of-control

[gone.fishing]

Slimeware er, spyware is the bane of my existance. I work for a large company and do not have final say about how the desktops are configured (I would do it differently), I support a special group and nearly all of my people have "admin rights" on their computers. I agree that these people need admin rights for some of the functions that they have to do but figure about 95% of the time they could run as a "super user" without any problems at all.

Very nearly 100% of the computers I touch are infested with slimeware. Running several commercial apps will clear most of the crap that is found but one or two apps seem to come back within a day or two (even if the user claims that they have not been on the internet). It has gotten to the point where I actually believe some of them!

I've found that what seems to be happening is that the slimeware distributors are playing a little versioning game. As soon as the major spyware removal tools are able to kill a specific version of slimeware, the slimeware authors make a new version that they then distribute.

It takes time between the release and the time that the spyware removers catch up and in the meantime, it is up to people like me to figure out how to clean up the mess. I am pretty hard-nosed and will spend a couple of hours searching the registry, booting from CD and deleting files and that kind of stuff to kill off the slimeware. Others who do similar jobs just re-image the machines. Soves the problem faster but I don't think the users are quite as happy. They have to reconfigure the machine to how they like it and there is always the risk of lost data.

I'd love to see these purveyors of filth in prison. Many of them serve up porn and put it on kids machines! They are guilty of a crime every time this happens. Why can't we do something?

Anyway, I don't blame the spyware removal people for these setbacks. They work hard to keep up but just can't.

Im my dreams, I dream of a single tool that sits on the desktop and checks for viruses, slimeware, spam, and other threats and inconveniences. I'd like the tool to be able to be programmed to block access to various applications and websites too. I'd like the same tool to have some sort of "safe recovery" feature that allows me to move back in time to a stable configuration that would not delete data.

These are just dreams but will someone somewhere please make my dream come true? Corporate IS departments everywhere would thank you with money from their budget!

Re:Out-of-control

[monkeypuzzle]

We use CSA http://www.cisco.com/en/US/products/sw/secursw/ps5 057/products_data_sheet09186a008033a40f.html It fulfills most of the requirements of your dream.

Re:Out-of-control

[Reziac]

I haven't tried it yet myself (I practice safe hex by long habit), but take a look at "Geek Superhero", $25 shareware http://www.geeksuperhero.com/ which is meant as essentially ZoneAlarm for applications (it tattles on and requires approval for anything that tries to meddle with the system). Over the years I've come to trust the author, and he's very responsive to bug reports, feature suggestions, etc. If someone tests it against the wide world of malware, I'd be interested to hear how it fares, and I'm sure Michael would be too.

Re:Out-of-control

[burns210]

" Others who do similar jobs just re-image the machines. Soves the problem faster but I don't think the users are quite as happy. They have to reconfigure the machine to how they like it and there is always the risk of lost data."

Newer versions of ghostcast can backup the profile account from a machine and restory before and after ghosting. Backing up the profile(and checking IT for spyware crap) and then restoring it after ghosting a machine is pretty transparent to the user. It is standard procedure at our (enterprise level) shop.

I hardly think that's good enough

Milton: It says 'crunchy frog' quite clearly.

Praline: Well, the superintendent thought it was an almond whirl. People won't expect there to be a frog in there. They're bound to think it's some form of mock frog.

Milton: (insulted) Mock frog? We use no artificial preservatives or additives of any kind!

Praline: Nevertheless, I must warn you that in future you should delete the words 'crunchy frog', and replace them with the legend 'crunchy raw unboned real dead frog', if you want to avoid prosecution.

Milton: What about our sales?

Praline: I'm not interested in your sales, I have to protect the general public. Now how about this one. (superintendent enters) It was number five, wasn't it? (superintendent nods) Number five, ram's bladder cup. (exit superintendent) What kind of confection is this?

Milton: We use choicest juicy chunks of fresh Cornish ram's bladder, emptied, steamed, flavoured with sesame seeds whipped into a fondue and garnished with lark's vomit.

Praline: Lark's vomit?

Milton: Correct.

Praline: Well it don't say nothing about that here.

Milton: Oh yes it does, on the bottom of the box, after monosodium glutamate.

Praline: Well I hardly think this is good enough. I think it would be more appropriate if the box bore a large red label : "WARNING:: Lark's Vomit".

Not your old-time spyware

[slonkak]

Spyware, these days, is much harder to get rid of. A simple scan from a program isn't gonna do it. I've been doing ad-hoc tech support for my college dorm, and 95% of the cases I see are computers crippled because of spyware. There hasn't been one I couldn't fix yet.

Here's what I do:
-Install Ad-Aware SE (from a pen drive, since the spyware killed the internet)
-Update it
-Do a default scan
-Remove ANYTHING it finds
-Remove anything it puts in the quarantine
-Run MSCONFIG and, using your best judgement, uncheck anything from the services tab that doesn't look kosher
-Uninstall anything not kosher from Add/Remove Programs
-Reboot into safe mode
-Uninstall anything that didn't work before from Add/Remove Programs
-Open Explorer and delete anything from the Program Files directory that isn't kosher (this step will only work in safe mode because the programs in here won't be loaded into memory)
-Delete anything not kosher from the Start Menu's Startup folder
-Reboot into Normal mode
-Run Ad-Aware again just to be sure
-Install Firefox and hide IE icons

That should take care of the spyware (until the user decides to download more of it).

But there is more work to be done. Show the user what Firefox is and that they should use it from now on. Turn on Automatic Updates so they never have to visit the Windows Update site, the updates will download automatically. Inform them of the dangers of clicking popup messages to install software or whatnot. Though this is not a problem with firefox, explain they should read everything and install nothing that they didn't ask for.

Yes, this takes some time, sometimes upwards of 30 minutes, but if you did your job, you won't be visiting that person for a long time (at least for computer problems).

I hope you get cancer

"I used to work for one of the companies that distributed a "spyware" program"

Moved on to a baby seal beating company? Or maybe an anal wart preserving company?

I mean, once you crawl down into the gutter, its hard to get out.

Re:End User License Agreements and Privacy Policie

[diggem]

Interestingly, after you read enough of them, you begin to see the standard disclaimers and can scan very quickly through the EULAs. The stuff that's different usually pops out at you pretty quickly. I can scan the normal EULA (there are some pretty standard ones out there) within 1-2 minutes. It's worth the extra minute to scan now than to have to try to dig out the spyware later.

Re:Spyware & Updates

[dave420]

Ok, I can see you've not used windows in a while.

On the home desktop machine running XPSP2, as most are, updates are INSTALLED automatically. That's right - no user intervention.

In the corporate setting, it's very easy to not rely on the standard windows update to update clients - hotfixes and service packs are easily deployed over the network from a central server, again, without user intervention.

Acrobat reader is not a worry of mine - the only PDFs people read here are generated by ghostscript, and as with the service packs, etc., is very easy to update remotely using scripts. Our anti-virus isn't Norton, but Sophos, so that IS updated automatically.

I can see where you're confused, but I can assure you these problems you state don't exist any more.

Re:Spyware & Updates

That's because Spybot search and destroy is *very* harmful. Sure it gets rid of spyware but it has no respect for any other application on your system and will break it if it needs to remove the spyware. It is very sloppy. That's why it's rated #7. Spysweeper on the other hand has been working with major software vendors to be sure their shit does not break simple things like MS office.

Spyware

And with my mac I have none of these concerns!

Re:Spyware & Updates

We have 250 local users and 500 remote employees and have not had a virus outbreak in over 3 years now.

Norton antivirus + a managed server which pushes virus definitions updates immediately upon arrival.

Shavlik patch management for pushing patches to individuals machines without setting up all that sms bullshit. Hit em every friday at 2 pm. Simple. We patch our 45 servers manually...

Spysweeper has been our spyware protection standard for almost a year now. We are still cleaning up some machines but no new ones are getting hit.

We run exchange 2003 server as well (oh my god) with Sybari Antigen and in 4 years have not had a single virus penetrate us. Not a single one!

The last outbreak we had was a customer who brought in randex after plugging in but now policy states their machines get checked first. Shrug, this end of the world and ultimate destruction attitude you claim is just a result of lazy or maybe lack of administration due to payroll $$$$. But it in no way is a result of Microsoft at all The same shit will happen if Linux ever becomes mainstream, which I feel will be even worse due to overconfident admins.

I expected as much

This is no suprise, this stuff is getting more and more difficult to remove. Programs like WinTools and TVMedia aren't totally removed by these programs, you have to browse the drive in explorer, in safe mode and delete the directory. Then you have to remove the service if you are using XP. These spyware companies are getting more complex in how the infest your system and it's all companies like lavasoft can do just to try keep up with these jerks.

Just use firefox. and a brain.

[toastee]

There has been no spyware or adware on my machine since I started using firefox back at 0.7, period. Not a single item or article. Unless you count tracking cookies, but when was the last time a tracking cookie caused system instability? I still make love to my bonzai buddy daily though! ;)

Limewire

[Britz]

If You really still use Limewire than that is Your fault (tm).

http://xnap.sourceforge.net/

With plugins for Gnutella, OpenNap, GiFT, Overnet and stuff. All in Java. With a nice little MacOSX installer.

Re:Limewire

[Ilgaz]

Its NOT my fault. A novice computer using friend installed it here as I stated on my post. To pirate a mp3, to be exact while having 4000 original cd songs on my iTunes library and being a Radiopass from Real Networks member.

I don't care about any non legit p2p myself, I tell about what a novice mac user can do and can get infected with spyware on OS X, a BSD based OS!

I still don't care about newest p2p or non spyware, sorry. I just see Limewire is being marked "freeware" on download.com mac edition and its being spyware. Also being NR 1 download too.

heh. Giant. hehheh.

For a company that's selling an anti-spyware tool, you'd think they could at the very least use a more secure way of tracking sessions than passing them in the URL.

I see that same thing done with way too many ASP.NET sites and it absolutely sickens me. It's as though no one knows that URL's that use the GET method are capable of being stored in cache even when you turn caching off via pragma:no-cache.

My suggestion is, never buy from a site with a URL that includes /(<session token>)/filename.aspx. You're simply asking for trouble if you do.

Re:Spyware & Updates

[Tenebrious1]

On the home desktop machine running XPSP2, as most are, updates are INSTALLED automatically. That's right - no user intervention.

Re-read the parent post; he's arguing that all programs that connect to the web automatically update without giving the user a choice. I'm pointing out that Windows GIVES YOU THE OPTION. Yes, even in XP you can turn of Automatic Updates, as is recommended by most people. No serious professional leaves Windows Automatic Update enabled. Check your Security Panel under Control Panels.

In the corporate setting, it's very easy to not rely on the standard windows update to update clients - hotfixes and service packs are easily deployed over the network from a central server, again, without user intervention.

Again, that means that Automatic Updates are turned off on the client, and pushed out from from the Server. Yes, you can set it a client to automatically check a local server an automatically download from local server if there are updates, but no corporation does this; having 20,000 systems checking a local update server is a lot of useless traffic. So automatic udpate is disabled on all clients and updates pushed out from the server when needed.

Acrobat reader is not a worry of mine - the only PDFs people read here are generated by ghostscript, and as with the service packs, etc., is very easy to update remotely using scripts. Our anti-virus isn't Norton, but Sophos, so that IS updated automatically.

Again, reread the post. Yes, I know many programs can automatically update. Most programs are written so they will NOTIFY you that an update is available, and ask if you want it installed. Sophos automatically updates itself only because during initial configuration you clicked on an option to allow it to automatically connect, download, and install the updates. Most programs are written like that, they give you the option.

I can see where you're confused, but I can assure you these problems you state don't exist any more.

Re-read the parent post, it said programs that connect to the web *automatically* update, and I am saying that many programs give you the option .

Unbelievable

Totally unbelievable that there are so many Windows lusers at Slashdot.

Then again, who ever said Slashdot visitors weren't a bunch of slimy cowards only pretending to have joined the open source camp?

Disgusting.

I can't run Ad-Aware

[SpryGuy]

Recent versions of Ad-Aware always hang on me. They cannot run a complete scan at all. I've seen other reports on this, and I've tried most of the work-around suggested, but all to no effect. Or at most I'll get past one hang only to get hung up on another one just a few moments later.

Generally the hangs are in attempting a deep scan of the registry, or while scanning somewhere in my Windows directory.

I haven't been able to successfully run it since upgrading almost a year ago. I've upgraded since then to keep the latest version, but there has been no change in my ability to run it.

I'm running WinXP SP2 on a 2Ghz Pentium 4 processor with 512Meg of RAM and an 80Gig hard drive.

Anyone else having these problems or know of any sure-fire work-arounds?

Forensic analysis works best for me...

[farsideofthemoon]

I use FutureSoft's i:scan because it gives me the ability to seek and destroy malware that no one else has a definition for... Also of note is the enterprise edition that allows you to create your own signatures so you don't have to wait on updates... Used together they are extremely effective... =)

this is fine for your computer but not for grandma

[dknj]

who has her brand spanking new $35 lexmark which requires funky ass control panels to start with the computer to operate properly. also when you start removing well known programs, you get more tech support calls "Where did my program(s) go???".

i have found the easiest way to clean out spyware from a computer that is not my own is to go through the Run keys in both hklm and hkcu and remove anything that looks suspect (novices will probably be better off removing everything). i.e. C:\windows\systray.exe does NOT need to start, nor does C:\windows\system32\asdfjlw12.exe. However, rundll nvDwcpll,start does need to exist (norton antivirus).

Next hit up the services mmc plugin (services.msc) and disable any services they do not need (including upnp discovery, server, workstation, and computer browser if its the only computer in the house). Once that is done, load up BHOdemon and turn off any benign BHOs for IE.

Finally install Firefox and all relevant plugins (flash, java, etc.) and change their desktop IE shortcut and default browser to Firefox (leave internet explorer in their programs menu incase they need to goto an IE-only website like windowsupdate).

This whole process takes me about 10 minutes tops (god bless usb flash drives) and either gets me free drinks or easy money and happy friends that don't come back to me for problems.

Again, this is only for computers that aren't your own. i advocate destroying your own computer in order to learn how spyware works (although virtual pc is a better place to break things :) Also, to save yourself some headaches from the very annoying malware, do the above process in safe mode.

-dk

Don't forget one of the best...

[brw12]

Pest Patrol belongs on this list, as in my experience it beats out Adaware and SpySweeper. It's not shareware but definitely worth the $40 I paid for it.

Wow! Giant Anti-Spyware smoked them!

[Musashi+Miyamoto]

Its amazing how bad almost all of them are. I expected at least a handful to be getting 70-80% of spyware... But to be that horrible was totally unexpected. More amazingly, Giant Anti-Spyware was ONLY 3 WEEKS OLD when they reviewed it. I've been using it for a week, and it really does work well. It has significantly more features and a better UI than the two others I tried (ad-aware... weak with no features, and spybot... better but still ineffective)

Their SpyNet must really be effective to be able to beat ad-aware and Spysweeper by 50%!

Its a good thing sites like this are out there, otherwise who would have known that the software out there is that useless? Its shameful that bad software can still be profitable. I hope Giant gets recognized (monitarily) for it.

Ultimate WinBlows nuisance user solution

[EXrider]

Here's what I do in these situations...

First, it requires a windows machine (NT,2K,XP) using the NTFS filesystem. FAT32 won't work because it don't do ACLs

1. Create a new local administrative account to work under (this is important read the whole thing here!)

2. Run Ad-Aware, Spybot S&D, and Hijack This, under this new admin account keep all the directories the spyware created, or make note of them so you can re-create them later.

3. Now, delete everything contained in these folders, then you start changing permissions on all these folders to deny Everyone access (including administrators), and take ownership of all these directories, when spyware trys to re-install itself it will fail. This method works real well when nuisance kids come back and try to re-install kaazaa, iMesh, etc. If you deny access to the kaazaa folder it won't come back unless they're smart enough to take ownership back and change permissions, or install it in a different directory.

4. This is the kicker: Install Firefox to replace IE, and Firebird to replace Outlook/Outlook Express. Run a search (F3) for iexplore.exe and msimn.exe and change permissions on them just like we did with the spyware folders.

5. This is my favorite: Now delete the IE icon and Outlook icons and change the Firefox and Firebird Icons to look just like IE and OE (MUHAHAHA).

6. Now login as Administrator and delete the user account we just created to do all this stuff.

If nuisance user must have IE to access a dumb banking website that's coded in shitty client side ASP or something like that; write a VB script, or batch file or whatever to use the runas command (similar to sudo in unix) to launch iexplore.exe under a less privileged account; point this back to the normal IE icon and it becomes seamless for the user.

You can take it even farther and deny write access to all the Run keys in the registry to keep crap from getting loaded in the System Tray. You can also deny write access to the Root of the Program Files folder, if you deny access to the whole folder including subdirectories and files it will break a number of applications that love to write metadata, temp files and such in the Program Files folder, like Microsoft Office 2000 (let's not even get started on how many Microsoft developers don't know where temp files and metadata belong). Of course if you do these things the user won't be able to install programs. If the user isn't running as an administrator they won't be able to write to the root of Program Files anyways, but they still can put stuff in their own Run key and the global Run key!

Sorry this is so hacked together, I'm in a hurry, want to go eat lunch NOW...

Readable version

http://shit.slashdot.org/article.pl?sid=04/11/23/0 331228

Licenses

[alexo]

Since I wish to keep my contact to the MIS department (a.k.a "the obstacle") to the bare minimum, I only consider installing software on my work machine which is (a) free (gratis) and (b) has no "non commercial" clauses in its license.

Both Ad-Aware and Spybot S&D have workplace-friendly licenses.

Again, Nonsense.

[brunes69]

Cars are not computers, yes. Computers are not cars, yes. You get a gold star.

But both computers and cars are complex multi-purpose devices. They are not commodity television sets or VCRs whose software only perform one basic function (watching a channel, recording a channel).

The more you can lock down and restrict the software on a device, the more secure and useable it can be. This is why crashes in phones and PDAs are so much less common than PCs.

The instant you give the user the ability to install whatever they want, all bets are off.
Flexability and Idiocy-proofness are inversely proportional for any complex system. There is no way around it, you can't have your cake and eat it too.

No I don't expect that Joe user should know how to swap out a DIMM. But I do expect that he should read the manual. I also expect him to read and heed warnings from his ISP about malware. If they can't do that then either

a) They can't complain when they get malware / virii
b) They shouldn't use a PC, since they won't take the time, they should use a locked down Internet Appliance.

Re:Again, Nonsense.

[26199]

You think that reading the manual that comes with your PC will help? Reading ISP warnings? I don't. I think that to use a Windows PC securely, you have to be extremely dilligent, and you have to have a pretty good grasp of computer science.

This, to me, is completely unacceptable. There is simply no reason to expect people to learn so much before they use a PC.

I agree, the solution is to restrict things more. And why not? Most people, when they buy a computer, are buying a word processor, web browser, and email terminal. It doesn't need to let the user install a hundred pieces of malware by mistake.

It's perfectly possible to give the average computer user what they need/want. The fact is, what you currently get if you pay $500 for a PC is nothing like what the average user needs/wants. Hence, it's a technological problem.

Joe Average can't keep Windows clean, period!

While you may be able to run a windows operating system without getting infested with spyware it seems to be the case that many people can't.

You are being way too kind! A large portion of MS Windows' user mass have absolutely no chance keeping Windows clean on their own. If they use Windows on the Internet, that is. They will get screwed. Many of them won't know, or won't care. Those who do will often need help from others.

No test for false positives

[tradeoph]

It's a pitty none of the tests have compared the false positive rates of the various spyware busters. It would be interesting to run all tested products on a PC with no spywares and compare the results. On my machine pest patrol (the online version) found 16 non-existing spywares. Testing for positives only encourages products that create false postives.

Re:Watch out for newer spyware's startup routines.

[mutterc]

And I've seen this kill FlexLM-licensed stuff (e.g. ClearCase). Whatever the spyware does to the IP stack makes FlexLM not work right (you can resolve the server's name, ping it, telnet to the port, but can't check out licenses. Ugh!) It requires whacking the spyware and/or reinstalling TCP/IP (a bit nontrivial on WinXP - there are a few dead chickens you have to wave over the system).

I'm starting to feel like a crank for mentioning that this is just a natural consequence of capitalism; the pursuit of ever-expanding profits by all legal means, when the corps own the government, is obviously going to lead to tragedy-of-the-commons problems like spam, spyware, pollution, etc.

Surely if the U.S. government can make pirating music and movies illegal the world over, then, if they wanted to, they could make spamming and spyware illegal as well. But, guess what? Pirating music is bad for business, so the gov't will push on it. Spamming and spyware is good for business, though citizen/comsumer-unfriendly, so the government "of the people" says "Suck it up! Don't be un-American by suggesting these businesses shouldn't have the right to shove advertising at you at all times."

Mod parent up. Startup Monitor is great.

[e7]

Startup Monitor is nice. I only stopped autoloading it because every time my mom ran RealPlayer, it asked permission to allow TkBell to run at startup ;-)

Re:Mod parent up. Startup Monitor is great.

[Jaysyn]

Then you should uninstall the P.O.S. & install RealAlternative. I did a long time ago & never looked back.

Jaysyn

Wintools Note

[trip11]

I came home for the holidays and got busy cleaning up the family computers like always. I happened to notice wintools there as well. Well after running adaware, stinger, trying to delete it, end task it, etc..... I just went into add remove programs in the control panel and there it was. Uninstalled as easy as could be. I always have to laugh when I forget to try the obvious and just go to the heavy handed stuff right away. But if you ever come across wintools again, keep it in mind.

spyware ?

[zo219]

You people have programs that install on your machine, collect data and send it back?
I can't tell you how strange this is to read.
I've been on Mac so many years, I genuinely take it for granted: my Powerbook belongs to me. As does the information stored within. All of it.
Mac OS X is fully networked . . .and no app makes a data call out without my approval. The default is set to No. It's hugely easy.
I post this not to be zealot-like, but with the idea that a free people should remain unco-opted. You don't have to put up with this shit at all.

Marketshare Planned Attack

[tilleyrw]

Why is there discussion of market share and vulnerability to attack?

The number of hackers attacking an OS does signifies nothing, especially if the OS in question has a better security model.

Linux is not overrun with viruses, worms, trojans, etc. as is Windows because of a simple reason -- the foundation of Linux is more secure.

Windows is fundamentally flaw at it's core. Microsoft knows this and "patches" the obvious flaws but cannot fix the source of the flaws without re-writing the entire OS. Which will never happen.

Re:this is fine for your computer but not for gran

[tchuladdiass]

An added percaution is to look at the time/date stamp on the individual binaries, if any of them are newer than system installation time you have a better chance than not that it doesn't belong. Also, run cwshredder in report mode, it will tell you every IE toolbar/helper app/search assistant that is installed, many of them you can get rid of after inspecting the binaries.