Slashdot Mirror
Spyware Removal is Big Business
prostoalex writes "Just when you thought all the software niches were taken, IDC comes out with the report saying $12 million was spent on spyware removal tools in 2003, and $305 million will be spent in 2008. IDC also estimates two-thirds of PC users out there are infected. Large PC vendors are waking up to the spyware threat, having their call centers overwhelmed with spyware-related calls."
... before the anti-spyware vendors start bundling spyware?
If only they knew how easy it is to remove.
WOuld we pay for a car if every billboard we passed was capable of taking control of the vehicle and making it drive to other billboards? I don't think so. Why then will we pay for windows.
99 bottles of beer in 175 characte
Microsoft is really helping the computer industry lately. First their initial decision to make outlook express execute any script embedded in email by default kick started the mostly dead antivirus industry into the powerhouse it is today. Now their forward looking decisions regarding the security of ActiveX and Internet explorer has created a whole new industry of spyware detection and removal.
Think of the revenue and jobs created by these decisions.
And Unix (Linux, OS X too), with your anti-economy designs like user accounts that cannot write to system areas, web browsers that do not support a web site's ability to covertly install software behind the scenes, and email clients that do not interpret VPscript, you should be ashamed of yourselves. If popularity of these OSes rises too high, it could seriously damage the antivirus and antispyware industries, causeing a loss of revenue and jobs. Congress should really do something about this.
Finkployd
Not true. Our non-trivial (several thousand PCs) analysis of spyware at my company shows that the majority of the spyware initially infected machines by piggybacking on other programs that the users installed, such as iMesh, Gozilla, eWallet, etc. They didn't need a vulnerability, just a not-very-observant user.
The average user is simply that.
That does not make them morons in the same way your comment makes you a cockbite.
You want to start showing me stat as to where the "average" is.
Me I reckon that the average person knows what the hell is going on, and can fix a fair few problems, but maybe isn`t the hard core programmer/linux guru.
Rather than taking the "intellectual" low ground maybe you want to to help inform, or maybe realise that computers (despite marketting) are not ready for everyone.
Your view is gloomy because of all the shite you talk.
CJC
If microsoft made some changes to windows, this crap would have a harder time getting installed (or at least getting installed unnoticed)
Basicly, anything that wants to change certain things should trigger a "are you sure you want to do this" warning of some kind (with ways to change that warning into a requirement for a password or a total block of the activity). If the activity is blocked, the app requesting it gets an appropriate error (e.g. "you cant open that file" if access to a file is blocked)
The items that should be locked include:
Writing to the "startup" group & other locations where you can have a program start at startup
Writing to
Changing critical windows sockets settings
Changing the HOSTS file
And there may be other things
The idea is that spyware/viruses/trojans/etc that come in totally unannounced would now not be able to do that.
And spyware and such that rides alongside application programs would be easier to spot (so you can choose to use a non-spyware alternative)
Yes the cluless will just click "yes" but at least those who care wont be hit as much.
Anti-virus vendors should start detecting spyware (particularly the kind that installs itself jsut by visiting a webpage or reading an email as opposed to the kind that installs alongside programs like kazza) just like they detect viruses.
After all, spyware shares a fair few characteristics with viruses, worms and trojans.
The big PC OEMs should be doing more to combat spyware.
Myself, I use Mozilla (and keep it up to date with the latest release builds) and I use Norton
Antivirus to keep my system virus free.
I also run Spybot and Ad-Aware regularly.
And I dont install spyware-laden programs like Kazza, Real etc.
I find it terribly sad when companies/people/drones/the family pet/etc. need to fork out a ton of cash just to prevent assholes from taking over their computers. Viruses (Viri?) have caused this for years, and it's completely illegal to create such a program. But, so far, it's still legal in most places (albeit unethical) to distribute this garbage.
Yes, it's really an IE/Windows problem, which is a whole other argument. I know users need to be better educated (or educate themselves), but that still doesn't help my Grandma who can barely seem to find the escape key. I understand this. But still, why should this still be allowed?
On a side note, does anyone know of GOOD network/client-server spyware removal software, either free (as in beer or freedom) or commercial? Just curious...
The "average" computer user is a lazy, uninformed moron
With repect - and a great deal of sympathy (if not outright agreement, at least when I am trying fix something on a friend/relative's computer) I think that we should get away from this kind of mindset with respect to the "average" computer user. The average computer user is not interested in how things work, only that things should work and that they can use what ever piece of technology for the purpose they need it for. This extends beyond IT, to everything from plumbing, electricity, cars, furnaces, etc. Anything beyond basic operating and maintenance procedures gets in the way of use and should ordinarily be outside the domain of the "average" user. The problem lies with technologies and products (e.g. IE) that are poorly designed and therefore require more expertise from the average user than is appropriate.
Sure it's easy to get frustrated with "average" users, but they should not have to be interested in how things work. Don't be so gloomy, there are worse things than being in a position to help a fellow human being with a problem.
I've finally got around to changing my sig
I deal with this at work all the time. To me, spyware/malware isn't that different from a virus, and the logical thing is that symantec/mcafee/panda/etc add spyware/malware detection to their current anti-virus offerings.
In theory, they already have. We have Symantec A/V 9 installed on our the computers at work. There is actually an option to tell it to scan for spyware/malware. The problem is, it seems to be be able to find a lot of it, but then is unable to actually remove it most of the time.
So, we end up having to run ad-aware to actually remove the spyware/malware. It's silly that we need Spybot for immunization (to make it difficult for the spyware to install in the first place), plus ad-aware for spyware removal (it seems to do a better job of removing than Spybot does, but doesn't provide the immunization feature), plus Symantec A/V 9.
Symantec, are you listening? Would be nice to have a comprehensive solution that works *all the time*. We're already paying big bucks for your anti-virus software, you could at least get it to work well for all threats. . .
To help your pops out give him Knoppix (or other LiveCD distro) for pr0n surfing pleasures. No worries about Spyware being installed and (if mom is computer literate) she shouldn't be able to check out the history :)
Windows:
Have to pay for anti-virus, have to pay for firewall, have to pay for spyware removal, have to pay for a copy of windows and then you have to pay someone to set it up.
*BSD/Linuxes:
Have to pay for someone to set it up.
Hmm... and the TOC of Linux is higher because...?
Tom
Someday, I'll have a real sig.
If microsoft made some changes to windows, this crap would have a harder time getting installed (or at least getting installed unnoticed)
Why is any program even allowed to write files out of it's own install directory? A popup whenever something is trying to install itself would be nice, and even nicer would be programs that could only write to their directory or children directories.
Someone please make a live cd that destroys spyware. Even if it just starts a wine session and runs adaware or spybot or whatever.
wikipedia: Broken window fallacy This says that if someone says, look at that broken window, it stimulated the economy because it created work for the glassmaker and glazier. This seems reasonable at first, but it isn't. The country had to use economic resources to reach the same utility it was at before the window was broken. If broken windows really stimulated the economy, countries would bomb themselves to stimulate the economy.
"brxref
What I can't seem to figure out is why Norton and McAfee didn't include spyware detection and removal in their virus detection software from the beginning. I remember specifically reading something on Symantec's site that said something to the effect of "we are not targeting any 'spyware'".
Wouldn't this have saved a lot of problems? How is spyware not considered malicious?
Over and over again, I have to sit at friends' computers and rescue them from the evil clutches of the browser hijackers and such. I think Symantec and McAfee dropped the ball on this one.
No, go back and read that again. I think he means the removal tool authors will start including spyware they "approve" of along with their removal tools, so that they can guarentee said piece of spyware WON'T be removed. Spyware companies would pay huge amounts for something like that, let's hope those making spyware tools won't sell out. (I'm fairly confident they won't,, that's like Symantec bundeling virii with their anti-virus tools...
CAn'T CompreHend SARcaSm?
I agree and disagree.
I agree that the average computer user is not interested in how their computer works, only that it should work. I also agree that the problem lies with technologies that require more expertise from the average user that is appropriate. BUT. Given that, it is logical to conclude that the "average" user is going to have difficulties using their system. To use an analogy, just because my garage is full of tools doesn't necessarily mean I have the skills to properly tune an engine, or even change the oil.
Computers are still very much at the point where they are tools that require skilled operation depending on what you want to do. Some tasks are obviously easier than others, although ease does not preclude education. For example even though I can buy a computer and have high-speed internet installed in days for just a few hundred dollars, doesn't mean I shouldn't be aware of viruses, spyware etc.
It's a fundamental problem of what people expect from their computers, and it's a much larger problem than just IE as slashdotters would like to believe. For example it is not a trivial matter to produce even medium quality DVDs of home movies captured from a camcorder, but people assume that because "computers" can be used to do this task, THEIR computer must be able to as well. And it can, but only if you know what you're doing.