Spyware Removal is Big Business

prostoalex writes "Just when you thought all the software niches were taken, IDC comes out with the report saying $12 million was spent on spyware removal tools in 2003, and $305 million will be spent in 2008. IDC also estimates two-thirds of PC users out there are infected. Large PC vendors are waking up to the spyware threat, having their call centers overwhelmed with spyware-related calls."

Money to be made

If you are out of a job, as many IT people are, there is money to be made here.

Start up a company, focus on home visit spyware delivery. Charge a fortune, but have it come with "Free" software.

And it's too bad...

[daveschroeder]

...that the vast majority of this spyware was installed by exploiting vulnerabilities (some overt, some more roundabout) in primarily Internet Explorer.

And once an ordinary user is compromised by one piece of spyware, it's usually a downhill battle.

Imagine how different the situation would be if, for the last several years, there had been real competition on the browser scene. Of course, there may never have been a way to solve the problem with the courts anyway: they DID decide that Microsoft illegally used its monopoly position to bundle IE, but Microsoft knew exactly what it was doing. By the time the slow wheels of justice had turned, Microsoft's browser takeover was virtually complete.

And during this entire time, IE fundamentally was stagnant. There were glaring, egregious security issues, and no new features that had already become pervasive and popular with alternative browsers (popup blocking, tabs, etc., not to mention a lack of horrible inattention to security). I imagine Firefox's recent uptick in usage illustrates, even after all that, just how bad IE sucks. But this will only be good for Microsoft, and for everyone: if Microsoft feels it has competition from things like Mac OS X in OSes and Firefox in browsers, we get developments like SP2. We get a new "commitment" to security. We'll ostensibly get new features in and an attention to security in IE. (Well, we can dream, right?)

I wonder how many dollars have been spent, or how many families have actually bought new computers (yes, it happens), once their PC slows down and/or crashes, hangs, or has other problems, to the point that it's virtually unusable. Yes. People really do this. They don't feel they can or know how to just wipe the machine and reinstall Windows, and even if they did, they don't know how to save everything they want to. So they just buy a new computer.

Re:And it's too bad...

[nolife]

We had a higher level employee that could not get into our Citrix farm from his home computer. We do not normally support home computers but we made an exception for him as he was willing to bring the PC into the office for us to look at. He was full of spyware. I ran the typical tools and ran all updates AND installed Firefox. I gave him a short story with Firefox and IE and how spyware was getting to his PC. He called back three weeks later and reported that he loves Firefox and asked why we are not deploying it office wide to all of our computers. I don't think this person qualifies as lazy or a moron but probably more like non technical. Not everyone can be an expert on everything. People still buy stuff from Best-Buy and Circuit City when there are many places online that are much cheaper, people still show up on a car dealer lot without a clue of what the invoice price really is and do not compare prices. Morons? I don't think so, uninformed, yes.

Re:And it's too bad...

[NardofDoom]

Nonononono... The average user is a nice person who will give you lots of money to make problems go away.

Your view is gloomy because you're not charging enough.

Re:And it's too bad...

[cassidyc]

my spelling has less to do with my intelligence and more to do with how careful I am. Considering that my desk is a mess right now full of details design documentation, I'll let you work it out.

One paragraph should make one point. Now if I am of such a below average intelligence that I can make my points with such a clarity that requires only one sentence, then so be it.

The poster hit a "raw nerve" with his holier-than-thou attitude and aparent superiority complex. Now if someone wants to spend $1000 (or indeed 1000UKP) then they are welcome to do so. I was suggesting that the poster should get off his high horse and help the "averages" rather than insulting them

Also shite does not necessarily come from "american homies", it's worth considering other dialect that may pronounce it shite as appose to shit (see I can spell both).

"I smell shite" is a particularly Scottish phrase
Maybe you would like to consider the amazing fact that the internet is accessible throughout many varied and interesting parts of the planet, and is not as US centric as americans would like to believe.

CJC

Re:Wonder how long...

[Zorilla]

Measure that in negative values. AOL ships Viewpoint Media Player, a known spyware, with their client, which supposedly also includes anti-spyware software.

$15/hour? Well, maybe in the call center.

[Shag]

I'm a mercen... er, I mean, an independent technology consultant out in the field, and when someone has so much malware on a Windows XP box that they can't even log in to the poor beast, they're generally more than happy to pay psychic-hotline rates to get someone out there who can and will fix it for them.

I travel with a frequently-updated set of tools for exorcising various demons from PC's, and am accustomed to mucking about in the registry, winsock stacks and other oh-so-fun places to finish up the job.

Open source spyware removal utilities?

[tcopeland]

Googling didn't bring up anything helpful... I can see a couple of possible barriers:

- most developers aren't clicking on email attachments
- it's tedious work; rooting around in Windows Registry and system folders isn't fun
- it'd need to be constantly updated to be effective

It's a tough row to hoe...

Re:Open source spyware removal utilities?

[stevey]

I contemplated starting something, a while back and am still fairl interested.

There are four parts to a decent anti-spyware suite:

• GUI + Update mechanism.
• Registry Scanner
• File System Scanner
• Process Iterator

All three parts are trivial and something pretty looking could be hacked together in a week or (much) less to do all those things.

The really hard part is building up and verifying the patterns which can be used to identify spyware - and then removing it.

(Many spyware applications nowadays use "random" keys on install so it's not even a static list).

You'd need to be prepared to have a scratch system to test spyware on - and you'd nee dto accept submissions of malware from users.

If the clamav people can do it then it's certainly possible - but it's not a simple thing to do.

People sponsoring bandwidth / hardware / cash would be a real incentive.

Re:Wonder how long...

[oexeo]

There are already many examples of this, spyware companies do it to destroy their competition (i.e. remove competitors spyware, but not theirs)

The REALLY nasty malware...

[Shag]

In my opinion, most spyware is easy enough to get rid of using tools like Spybot-S&D, SpySweeper and AdAware. The one category that I've found harder to remove are the ones that embed themselves into the Winsock chain and redirect network features.

I cleaned out one PC last month - it wasn't infected too bad, only several dozen things for the scanners to complain about, and I've dealt with systems that had several hundred! - but even after everything seemed to be gone, its default search URL and things like that kept getting hijacked. I had to grab a tool to fix the Winsock chain; some malware had slipped itself in there and was screwing things up.

Re:The REALLY nasty malware...

[sphealey]

In my opinion, most spyware is easy enough to get rid of using tools like Spybot-S&D, SpySweeper and AdAware. The one category that I've found harder to remove are the ones that embed themselves into the Winsock chain and redirect network features.

Just finished a 3-day trip to disinfect a remote office. My findings were a combination of Ad-Aware, Spybot, and Hijack This would find most spyware, but to actually remove it required multiple reboots into safe mode and manual deletion of registry keys, EXEs, and DLLs. The malware seems to be watching for the scanners to run and spawning new copies of itself whenever you try to remove it.

sPh

Daily Spyware

[gmerideth]

Its 9:32 am my time and since 6:55 am I've been at 4 computers removing a combination of spyware on what we thought were fully patched (at least windows update and hfnetchk pro claims are fully patched) systems.

It's almost a daily event at our office, wake up, get to work, drink coffee, remove daily spyware....

This is one group of our population I would gladly invent a story about a giant goat about to eat earth just to get them the hell off.

Prosecution

[bogaboga]

Is there any remote chance of getting these spyware authors prosecuted. Where does the law stand on this? After all, it's in the US where all sorts of law suites can be entertained by courts.

My argument woud be that these authors are invading my privacy when I legitimately get onto the web.

On the other hand, I will shoot myself in the foot by seeing their potential argument too:

They could argue that by visiting specific sites and probably clicking some links, I agree to enjoying all services they offer on these sites including stuff that would be installed on my PC.

Any legal minds here?

Re:Unwilling mercenary...

[Shag]

I don't touch people's home computers, for starters.

I deal with computers at businesses, 10-200 employees in general. Computers that should not be misused, on the desks of people who should know better.

Simply put, if somebody's home PC gets screwed up, it's not worth my time to fix it, since 1) they can't afford it as you've pointed out, and 2) it'll be hosed again next week.

I've gotten to the point where I'm starting to point out to my clients that hey, if they run something other than Windows, this will not happen to them.

Re:Hype = $$$

[smooth+wombat]

Yes, it is as bad as these folks make it out to be.

Where I work (state government) I see all kinds of cruft on users machines when I am out and about. Even though it's not a direct part of my job I am in IT and to help things along I go through users machines and remove the nasties. Sadly, I walk by a week or so later and the users machine has the junk on it again.

I recently got permission to do a test with Firefox. I've been using it without issues and my bosses boss just put it on his work system and has the same results. I asked him if I could put Firefox on a users machine, someone who I knew had all kinds of problems with popups/redirects/whatever.

I cleaned her system (I don't even remember how many pieces of spyware she had) and then put Firefox on the machine. I did some basic configuration (block popups, small cache size, etc), copied her bookmarks over and gave her a quick run through on using tabs and how to configure the toolbar. So far I have not heard one bad thing from her about using Firefox or that she had issues with popups/spyware.

Hopefully, by using this person as a real guinea pig (as opposed to myself), someone who is not overly computer literate, we can convince the higher ups to use Firefox for everything except for our SAP requirements (yes, SAP is evil. I'm not the one who chose to spend millions of dollars on a tricked-out spreadsheet).

Making a killing

[karn096]

Places like Bestbuy are making a killing on this whole Spyware Removal Industry. They currently charge $40 for Spyware Removal, which will usually include an Additional $40 for Virus removal. I work at Bestbuy doing this, and I've seen some pretty nasty infections, i've seen computers infected with literally 1000 instances and the only way to fix it is to boot in safe mode, or just take the hard drive out and scan it in another PC. Fun. And from what I've seen Spybot and Adaware unfortunately dont even get everything. Usually I'll use both, and then use another program and still find spyware and malware!

VMware is one solution

[Werrismys]

Well not solution, but it helps on small sites with fast enough workstations with 768+M RAM. Run debian or some other lean, stable linux distro under the hood, run VMware in fullscreen mode on top of it. Use different virtual disk for "Documents and Settings" folder. Install all the proprietary win32 crap you need, backup the virtual system disk and set it up so that it overwrites the system disk on every real boot. If you don't need SMB browsing and printers, you can further protect Windoze by using NAT networking so the virtual machine is not visible on network. You can still use SMB/CIFS disk shares and CUPS printers (2K and XP support CUPS somewhat). Running winblows under VMware is 100 times preferable to wasting perfectly good hardware to a dedicated, "real" installation. And it's cheap, v3->v4 upgrade is currently 99 US$ + VAT. Another plus: as admin, when installing new software, just make a snapshot of the VM state, then install the proprietary crap, and if it breaks anything, just restore snapshot and you timewarp to pre-fuckup state. Excellent!

Re:Of course it is! Spyware only did good for me!

[NotoriousQ]

There was no option for -1, too informative. This was the closest.

It's small business, too

[conebrid]

Over the summer I worked for a small ISP (six employees including myself) with a decent customer base of about 1800 people. As an extra source of revenue, we also sold hardware, built custom PCs, and provided repair services at $38.50 an hour.

In my two months working there, we had quite a few people come in for repairs, and I would say about 90-95% of those cases were spyware related. They would come in complaining about their computer slowing down, crashing often, or my personal favorite: pop-ups constantly appearing, even when "not on the internet". They would generally describe the problem by telling us "I think it has a virus or something". In cases where spyware was the primary problem, we used several free tools including Spybot and Ad-aware to remove as many traces of the malicious programs as possible, and made sure there were no suspicious processes left running and that the computer was working normally (although the average machine we saw was at least two years old, if not older, and relatively ran very slowly despite all the other common optimizations we applied). We left a note in their service ticket about the software we left installed on their computer (typically Spybot and maybe AVG Antivirus), and offered to instruct any interested customer in their origin and use (not many customers were interested).

It really wasn't a bad summer job, but not the sort of occupation I would enjoy for an extended period of time.