Slashdot Mirror
Spyware Removal is Big Business
prostoalex writes "Just when you thought all the software niches were taken, IDC comes out with the report saying $12 million was spent on spyware removal tools in 2003, and $305 million will be spent in 2008. IDC also estimates two-thirds of PC users out there are infected. Large PC vendors are waking up to the spyware threat, having their call centers overwhelmed with spyware-related calls."
It's the best way of getting free beer I've found: fixing spyware related problems for family and friends. While I watch SpyBot and AdAware do their job, I get free beer. There are worse activities ;-)
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
... before the anti-spyware vendors start bundling spyware?
If you are out of a job, as many IT people are, there is money to be made here.
Start up a company, focus on home visit spyware delivery. Charge a fortune, but have it come with "Free" software.
wooo wooo the bandwagon is going past *jump*. Phew it almost went without me
99 bottles of beer in 175 characte
...that the vast majority of this spyware was installed by exploiting vulnerabilities (some overt, some more roundabout) in primarily Internet Explorer.
And once an ordinary user is compromised by one piece of spyware, it's usually a downhill battle.
Imagine how different the situation would be if, for the last several years, there had been real competition on the browser scene. Of course, there may never have been a way to solve the problem with the courts anyway: they DID decide that Microsoft illegally used its monopoly position to bundle IE, but Microsoft knew exactly what it was doing. By the time the slow wheels of justice had turned, Microsoft's browser takeover was virtually complete.
And during this entire time, IE fundamentally was stagnant. There were glaring, egregious security issues, and no new features that had already become pervasive and popular with alternative browsers (popup blocking, tabs, etc., not to mention a lack of horrible inattention to security). I imagine Firefox's recent uptick in usage illustrates, even after all that, just how bad IE sucks. But this will only be good for Microsoft, and for everyone: if Microsoft feels it has competition from things like Mac OS X in OSes and Firefox in browsers, we get developments like SP2. We get a new "commitment" to security. We'll ostensibly get new features in and an attention to security in IE. (Well, we can dream, right?)
I wonder how many dollars have been spent, or how many families have actually bought new computers (yes, it happens), once their PC slows down and/or crashes, hangs, or has other problems, to the point that it's virtually unusable. Yes. People really do this. They don't feel they can or know how to just wipe the machine and reinstall Windows, and even if they did, they don't know how to save everything they want to. So they just buy a new computer.
I travel with a frequently-updated set of tools for exorcising various demons from PC's, and am accustomed to mucking about in the registry, winsock stacks and other oh-so-fun places to finish up the job.
Village idiot in some extremely smart villages.
Googling didn't bring up anything helpful... I can see a couple of possible barriers:
- most developers aren't clicking on email attachments
- it's tedious work; rooting around in Windows Registry and system folders isn't fun
- it'd need to be constantly updated to be effective
It's a tough row to hoe...
The Army reading list
If only they knew how easy it is to remove.
I'm going to start doing spyware removal next semester at my college campus. But I cant decide how much I should charge. What do yall think?
Oh, I neglected to mention that in my dealings with spyware infected systems, although I've seen (and exorcised) spyware on everything from Windows 95 to Windows XP (SP1 for sure, not sure if I've cleaned it off an SP2 box just yet), for some strange reason none of the Mac users I support seem to have gotten any yet.
Village idiot in some extremely smart villages.
WOuld we pay for a car if every billboard we passed was capable of taking control of the vehicle and making it drive to other billboards? I don't think so. Why then will we pay for windows.
99 bottles of beer in 175 characte
But build your own market has never been easier with MS windows.
THe ULTIMATE irony is if M$ sold thier own spyware-removal tool...
Also, there are so many fraud looking sites selling a million an one spyware removal tools...
Sorry, but educating users on easy removal of software, and mandating all software should be easily removable (an OS binary tracker which tracks file creation etc would be nice!).
Also, any software that breaks these 'principles' can be defined as malware, and is criminal. obviously this would need a lot of careful thought, but generally, programs need to play as advertised, or play nice [because you might want to buy a program that hides itself away].
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
For years now we've all know it was big business. Ad-Aware and SpyBot S&D just to name a couple. I've been running these ever since I had highspeed internet.
Ans this is front page news?
Check out FutureSoft's i:scan Personal Edition and Enterprise edition. Both are well equipped to tackle the respective duties. I personally believe creating your own File Signatures is far more secure than relying on updates from vendors. The scary thing is all of the other functionality the Enterprise version gives you... Beware, big brother commeth..
I know what's on your hard dr
In my opinion, most spyware is easy enough to get rid of using tools like Spybot-S&D, SpySweeper and AdAware. The one category that I've found harder to remove are the ones that embed themselves into the Winsock chain and redirect network features.
I cleaned out one PC last month - it wasn't infected too bad, only several dozen things for the scanners to complain about, and I've dealt with systems that had several hundred! - but even after everything seemed to be gone, its default search URL and things like that kept getting hijacked. I had to grab a tool to fix the Winsock chain; some malware had slipped itself in there and was screwing things up.
Village idiot in some extremely smart villages.
Just think how un-American Apple computer is. Do Macs contribute to the growing anti-spyware business? Hardly at all! Why almost no money is being made removing spyware from Macs. Why hardly anyone has heard of spyware for Macs in the first place. Can you imagine taking bread from the mouths of the little children of anti-spyware software developers? Won't someone please think of the children?
Microsoft is really helping the computer industry lately. First their initial decision to make outlook express execute any script embedded in email by default kick started the mostly dead antivirus industry into the powerhouse it is today. Now their forward looking decisions regarding the security of ActiveX and Internet explorer has created a whole new industry of spyware detection and removal.
Think of the revenue and jobs created by these decisions.
And Unix (Linux, OS X too), with your anti-economy designs like user accounts that cannot write to system areas, web browsers that do not support a web site's ability to covertly install software behind the scenes, and email clients that do not interpret VPscript, you should be ashamed of yourselves. If popularity of these OSes rises too high, it could seriously damage the antivirus and antispyware industries, causeing a loss of revenue and jobs. Congress should really do something about this.
Finkployd
Am I the only one unimpressed by the $12 million figure?
More free beer! Wow! I think I've detected the secret underlying thread in /. !!
Seriously though, my uncle's family from Greenville, SC (read Bob Jones University - no, don't mean to offend anyone's religious beliefs here but I have a beer point to make ;-) have asked me for computer help on occassions but for obvious reasons, that never got ME any free beer.
I'm going off to cry in my beer now...
Mmmm, salty!
Its 9:32 am my time and since 6:55 am I've been at 4 computers removing a combination of spyware on what we thought were fully patched (at least windows update and hfnetchk pro claims are fully patched) systems.
It's almost a daily event at our office, wake up, get to work, drink coffee, remove daily spyware....
This is one group of our population I would gladly invent a story about a giant goat about to eat earth just to get them the hell off.
Why do overlook and oversee mean opposite things?
My argument woud be that these authors are invading my privacy when I legitimately get onto the web.
On the other hand, I will shoot myself in the foot by seeing their potential argument too:
They could argue that by visiting specific sites and probably clicking some links, I agree to enjoying all services they offer on these sites including stuff that would be installed on my PC.
Any legal minds here?
And, this is news? It's sort of like announcing "Hey, the Moon causes the Ocean Tides to Rise and Fall"
I can tell you that spyware removal is about 90% of my consulting (side) business these days. I can usually rake in an extra $300-500 / month thanks to all the spyware problems. I feel bad when I have repeat customers, but I do spend a good amount of time educating the users and immunizing their PCs, but they always find new ways of getting spyware on their computers (it always seems to be the kids and their p2p "needs"...).
:-), I'll be glad to help you anything I can.
Now, as an industry, I don't understand why so much money was spent. There are outstanding tools and tutorials on removing every type of spyware, and every it seems like all the best ones are free.
If you want any pointers or tips on spyware removal, and you don't live in my area
That's the reason they can't outlaw spyware! Too much money involved. pity. Same goes for spam. Anti-spam tools are turning even more money. Yea, yea, I use spamassassin too, but many of the people pay for it (at least with their ISP bills, who install them onto their servers).
A jump from 12 to over 300 million dollars is a big estimate. I wonder if the people who put these things together understand much about the computer industry and how spyware works. There is a large demand for it now, obviously, but I'm skeptic that it will grow as they predict. Even Internet Explorer is much more careful about spyware now, and they've got several years before that projected date comes to pass. Sure people will still click "Yes" and get it, but I find it hard to believe the rate of infection will go up so dramatically given the default protections most browsers (and now Windows) have put into place.
..He reads as he's writing the bill for yet another syware removal job.
Yeah they're out there, but how do I keep out of the poorhouse with this? I'm spending 10-15 hours on the worst of these: it's hard to charge a family more than a new Dell costs to remove this stuff.
How do people do it? The free beer idea gets old when you have no god-father day employer.
My attitude is to make the users suffer and then blame there browsing habits when they piss and moan about the computer being slow(as though its my fault). Eventually I'm hoping my boss will either switch to firefox or hold safe browsing education sessions that are mandatory. Preferably both..
vnc
Y'know what sucks? Having to tell your father to be more careful about visiting porn sites.
The largest cost of spyware is me. 7 bucks an hour for 20 hours a week at my U as tech support. It sure beats working at the mall.
suggests that an economically significant portion of the population rationalizes their new computer purchases, in part, as a purchase of 'a new windows' as a way 'get rid of the bugs'.
,may as well buy a new 'clean' PeeCee!!!
Sure, they want the new hardware anyway, but the old computer would be just fine if it weren't so fscked up by nefarious code. The new windows, in the box, is a couple of hundred bux and the whole new PeeCee is less than $1000. Plus, the disk is getting full and those cost $ and when I add in the cost of someone installing all this stuff I
Not just curbside PeeCees, but dinner party conversations with the Doctors and PhD festooned non-computer professionals, suggests that the rogue software is a market force overall, not just for maidservice software.
Now I'm the grandest Tiger in the Jungle!
Normally when we want to get something done from our systems division we create a help desk ticket and we have options to choose like if it is software or not. Now we have a special one called "spyware". Spyware is indeed very big now. With ~90% intenet users still using IE and their ignorance in visting random sites can easily compromise their computers with spyware.
Can I give you the bill I'm making out right now?
One third of PC users eh ... so that would make the final third users of Linux/BSD/etc on PC's ?
We all know how big of a pain that spyware can be, but it really as bad as these companies would have ignorant computer users believe? After all, there's a lot to be gained from making people think that they need these companies' product.
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
If microsoft made some changes to windows, this crap would have a harder time getting installed (or at least getting installed unnoticed)
Basicly, anything that wants to change certain things should trigger a "are you sure you want to do this" warning of some kind (with ways to change that warning into a requirement for a password or a total block of the activity). If the activity is blocked, the app requesting it gets an appropriate error (e.g. "you cant open that file" if access to a file is blocked)
The items that should be locked include:
Writing to the "startup" group & other locations where you can have a program start at startup
Writing to
Changing critical windows sockets settings
Changing the HOSTS file
And there may be other things
The idea is that spyware/viruses/trojans/etc that come in totally unannounced would now not be able to do that.
And spyware and such that rides alongside application programs would be easier to spot (so you can choose to use a non-spyware alternative)
Yes the cluless will just click "yes" but at least those who care wont be hit as much.
Anti-virus vendors should start detecting spyware (particularly the kind that installs itself jsut by visiting a webpage or reading an email as opposed to the kind that installs alongside programs like kazza) just like they detect viruses.
After all, spyware shares a fair few characteristics with viruses, worms and trojans.
The big PC OEMs should be doing more to combat spyware.
Myself, I use Mozilla (and keep it up to date with the latest release builds) and I use Norton
Antivirus to keep my system virus free.
I also run Spybot and Ad-Aware regularly.
And I dont install spyware-laden programs like Kazza, Real etc.
I find it terribly sad when companies/people/drones/the family pet/etc. need to fork out a ton of cash just to prevent assholes from taking over their computers. Viruses (Viri?) have caused this for years, and it's completely illegal to create such a program. But, so far, it's still legal in most places (albeit unethical) to distribute this garbage.
Yes, it's really an IE/Windows problem, which is a whole other argument. I know users need to be better educated (or educate themselves), but that still doesn't help my Grandma who can barely seem to find the escape key. I understand this. But still, why should this still be allowed?
On a side note, does anyone know of GOOD network/client-server spyware removal software, either free (as in beer or freedom) or commercial? Just curious...
I am a consultant for a small IT firm in Manhattan. We do a lot of small businesses, home businesses, and even home clients. Spyware turns out to be the culprit in probably 90% of our "my computer is slow/not working" calls we get these days. We make it mandatory for all of our techs to install and run Spybot and Ad-Aware on any machine we work on, and I have NEVER seen (or even heard of) a machine with no spyware on it. The third of machines that are uninfected must not have internet connections. Even with Spybot's protective measures activated, an Ad-Aware scan a day later will find something.
-- "the revolution will not be televised" -Gil Scott-Heron
I used to work for a "big retailer" and I saw how much business the on-site "computer technicians" were making from Spyware cleanup. Well... $50 a pop. The funny thing is they were using Ad-Aware only to provide this "great service" for their customers. So as long as there are customers willing to pay all this money for such a service, then the business is going to be booming. *Ohh yeah... using Firefox may help a little.
Rather tell my father that than my mother...
(or your mother! HEEHEE!)
I deal with this at work all the time. To me, spyware/malware isn't that different from a virus, and the logical thing is that symantec/mcafee/panda/etc add spyware/malware detection to their current anti-virus offerings.
In theory, they already have. We have Symantec A/V 9 installed on our the computers at work. There is actually an option to tell it to scan for spyware/malware. The problem is, it seems to be be able to find a lot of it, but then is unable to actually remove it most of the time.
So, we end up having to run ad-aware to actually remove the spyware/malware. It's silly that we need Spybot for immunization (to make it difficult for the spyware to install in the first place), plus ad-aware for spyware removal (it seems to do a better job of removing than Spybot does, but doesn't provide the immunization feature), plus Symantec A/V 9.
Symantec, are you listening? Would be nice to have a comprehensive solution that works *all the time*. We're already paying big bucks for your anti-virus software, you could at least get it to work well for all threats. . .
The only downside is that the guy in IT who's convincing the users that they need spyware protection sits two cubes behind me and likes to use his outside voice. For the last several weeks I've heard him repeatedly tell users over the phone how "amazed" he was to find 4,000+ spyware programs on his PC. (Oh, that pesky Interweb.)
Anything is possible given sufficient time and money.
I'm thinking about exploring the Spyware Writer Removal Service niche instead...
To help your pops out give him Knoppix (or other LiveCD distro) for pr0n surfing pleasures. No worries about Spyware being installed and (if mom is computer literate) she shouldn't be able to check out the history :)
So that leaves people with the option to purchase Windows at retail for roughly the price of a cheap PC, or they can spend 50% more and get a newer, shinier one. I know plenty of people who have "been there done that."
And the problem continues to get even worse. Now we've got spyware "companies" selling spyware removal tools that only remove competitors' spyware. People need to go to jail for that.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
"A young hoodlum, say, heaves a brick through the window of a baker's shop. The shopkeeper runs out furious, but the boy is gone. A crowd gathers, and begins to stare with quiet satisfaction at the gaping hole in the window and the shattered glass over the bread and pies. After a while the crowd feels the need for philosophic reflection. And several of its members are almost certain to remind each other or the baker that, after all, the misfortune has its bright side. It will make business for some glazier. As they begin to think of this they elaborate upon it. How much does a new plate glass window cost? Two hundred and fifty dollars? That will be quite a sun. After all, if windows were never broken, what would happen to the glass business? Then, of course, the thing is endless. The glazier will have $250 more to spend with other merchants, and these in turn will have $250 more to spend with still other merchants, and so ad infinitum. The smashed window will go on providing money and employment in ever-widening circles. The logical conclusion from all this would be, if the crowd drew it, that the little hoodlum who threw the brick, far from being a public menace, was a public benefactor.
Now let us take another look...."
- Henry Hazlitt, Economics in One Lesson
http://freedomkeys.com/window.htm
However, you're not going to get much business if they are running the full version of the Yahoo! Companion toolbar, because the latest versions of this IE add-on has spyware detection and removal built in.
anti spyware is good business: CA just bought up pest patrol, even though they had a joint marketing thing going with Zone Alarm. All I am getting as a result is some additional junk mail from PP/CA and as reported in /., PP aint that great
anyway.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
My daughter and I will be doing spyware removal as a summer job in an affluent suburb of Chicago. (I teach HS chemistry.)
;)
IPO will be next fall.
Help end the use of Sigs. Tomorrow
You know what they say about consulting work.
I can only imagine how amazed! he'll be to find his desktop wallpaper set to "Tubgirl" and all his system sounds changed to loud, breathless spoken-word retellings of ghastly acts that are illegal in most states.
I'll be waiting for the follow-up... ;)
Village idiot in some extremely smart villages.
Windows:
Have to pay for anti-virus, have to pay for firewall, have to pay for spyware removal, have to pay for a copy of windows and then you have to pay someone to set it up.
*BSD/Linuxes:
Have to pay for someone to set it up.
Hmm... and the TOC of Linux is higher because...?
Tom
Someday, I'll have a real sig.
Places like Bestbuy are making a killing on this whole Spyware Removal Industry. They currently charge $40 for Spyware Removal, which will usually include an Additional $40 for Virus removal. I work at Bestbuy doing this, and I've seen some pretty nasty infections, i've seen computers infected with literally 1000 instances and the only way to fix it is to boot in safe mode, or just take the hard drive out and scan it in another PC. Fun. And from what I've seen Spybot and Adaware unfortunately dont even get everything. Usually I'll use both, and then use another program and still find spyware and malware!
After reading another Slashdot-linked article a few days ago, I am reminded of what it said about best practices related to security and how anybody making an OS should never deviate from this path under any circumstances. Failure to do so will only create problems that will become increasingly difficult to correct as time goes by.
Nevertheless, it's no surprise at all to read once again that the industry has no confidence whatsoever in Microsoft's will to change course and produce something decent for a change. As always, to them it simply does not make any business sense to rectify their past mistakes. By 2008, Longhorn will be on the shelves and of course M$ will make security one of their major selling points (just as they did with WinXP). Nevertheless, the rest of industry knows better and sees through this. Hence, this article and its prediction.
I'm sitting around with such letters as CNE/CNI/MCSE/MCT/CCNA etc, and probably 75 to 90 percent of the dollars i've earned in the last 4 months are from disinfection.
It's nice to pay bills but it gets kinda depressing making money off of other peoples misery.
eric
Pay for anti-virus software to keep it from being porked by every 15 year old script kiddie on the planet.
Pay for spyware removal tools on top of that to keep it running at some functional level.
And after a couple years of paying for all that you get the privilege of paying for yet another buggy piece of crapware OS and start the cycle all over again.
Is that pretty much the gist of it? Wow, getting such a great deal it's hard to figure why so many people despise MSFT.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I have to say, it's not just spyware removal vendors that are making the money. I am an IT consultant who makes housecalls, and my business is booming!
I wonder how long before the government gets involved. I mean, once Senator Clinton gets tired of all those porn pop-ups and spyware on her machine , it's just a matter of time before she tries to pass a law to ban it. Of course, if she would stop visiting those not so proper sites, she wouldnt have that problem.
Speaking of which, I NEVER have pop-ups/spyware/adware. Why you ask? Because I don't click on things arbitrarily, I don't visit the not so appropriate sites, and I use Firefox, and it blocks pop-ups very well.
G
Joshua 24:15
If microsoft made some changes to windows, this crap would have a harder time getting installed (or at least getting installed unnoticed)
Why is any program even allowed to write files out of it's own install directory? A popup whenever something is trying to install itself would be nice, and even nicer would be programs that could only write to their directory or children directories.
Someone please make a live cd that destroys spyware. Even if it just starts a wine session and runs adaware or spybot or whatever.
Not as bad as the Boss.
"Someone was using this computer for no good, I highly recomend not using any browser but Firefox for no good."
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
We did at the office and have seen a serious decline in Spyware related calls. We used to get 10 or more a day for Windows 2000.
I don't have that problem, my father and I share a porn collection :)
I'm trying to improve my English. Please correct me on any spelling/grammar errors in this post.
I got sick of this and people complaining about it, so I wrote a short "guide" to keeping a Windows machine saf eonly using free (or open source) software.
t
http://www.boomspeed.com/akito/Windowmaintence.tx
Pass it around, send comments. Whatever, it's very basic so idiots should get it.
I like muppets.
How to help prevent spam/viruses. Most of this information is common knowlege for the IT savy but can be a good cluestick for the relatives.r p.asp has a free online virus scanner that I run once a week. It has found viruses that Norton did not detect.p _za_grid.jsp If you do not have a Firewall router at home or are using dialup. Make sure you have some sort of firewall running on your machine. This one is pretty good and free.
FireFox http://www.mozilla.org/products/firefox/ is a web browser that is much more secure then Internet Explorer. I have been using it for many
months now, it is very stable and has a small fraction of the security problems found in IE.
Ad-Aware http://www.lavasoftusa.com/software/adaware/ is a spyware finding and removal tool. This is one of the best anti-spy ware programs available and should be run at least twice a week.
Spy-Bot http://www.safer-networking.org/en/index.html is an excellent compliment to AdAware and should be run also twice a week. The combination of both Adaware and SpyBot make for great security.
Trend Micro http://housecall.antivirus.com/housecall/start_co
Microsoft's windows update http://windowsupdate.microsoft.com/ should be
checked often to patch your operating system. I would suggest you install the updates.
Zone Alarm http://www.zonealarm.com/store/content/company/za
Here is a mini guide I wrote up on how to prevent from getting spam.
1. Do not give out your work email address to anyone not work related. Do not give it out to relatives.
2. Do not use your primary email address to sign up for things online, use a email from hotmail or gmail.
3. DO not use your work/primary email to post on message boards or USENET unless they are closed and protected forums.
4. Do not sign up for free giveaways, even if they are work related.
5. Do *NOT* forward jokes or other such emails. Discourage people from forwarding them to you. These emails hold a massive list of email addresses and will eventually end up in the hands of spammers.
6. Do *NOT* reply to any spam asking to be removed or to "unsubscribe." It just guarantees that you will get more spam as you have confirmed it is a
valid account.
7. Do not buy anything form a spam email. This only encourages the practice.
8. If you get spam in Outlook, go to "File", then "Work Offline" and then delete the email messages. Selecting the email message for deleting opens
it, this can cause a virus to be downloaded or download pictures that have unique tag. With the unique image tag, a spammer can tell when you
opened the email and that your account is valid. By using the "Work Offline" mode, no images will be opened.
You can find these links at my site http://www.friendsglobal.com/
Finally, I ran a copy of AD-AWARE and SPYBOT-S&D from a CD I had with me. After removing nearly 200 data miners and some files, the system connected on the first try. I have not yet notified AOL of the problem, but I expect others have had the same problem.
Well not solution, but it helps on small sites with fast enough workstations with 768+M RAM. Run debian or some other lean, stable linux distro under the hood, run VMware in fullscreen mode on top of it. Use different virtual disk for "Documents and Settings" folder. Install all the proprietary win32 crap you need, backup the virtual system disk and set it up so that it overwrites the system disk on every real boot. If you don't need SMB browsing and printers, you can further protect Windoze by using NAT networking so the virtual machine is not visible on network. You can still use SMB/CIFS disk shares and CUPS printers (2K and XP support CUPS somewhat). Running winblows under VMware is 100 times preferable to wasting perfectly good hardware to a dedicated, "real" installation. And it's cheap, v3->v4 upgrade is currently 99 US$ + VAT. Another plus: as admin, when installing new software, just make a snapshot of the VM state, then install the proprietary crap, and if it breaks anything, just restore snapshot and you timewarp to pre-fuckup state. Excellent!
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
Maybe I'll give up and join the Borg.
Never shake hands with a man you meet in a fertility clinic.
So There!
Would anyone like to hazard a guess how much spy/malware gets installed by OKing a dialog box or web-page-warning kindly informing the user that their machine was infected and 'download-this-free-to-remove-it' ? I'm guessing it's quite a bit...
For my part in clearing out the web, my plan is simple:
Starting today, all the free help I give to friends/family stops. If the reason for it is found to be virus/spyware related and if I have to undertake any sort of 'cleansing' operation, then they get charged.
Perhaps the message will eventually sink in. Though I suspect not, at least I'll have made a few quid in the process.
Perhaps all of us suckers in the above position should adopt a similar attitude. Nothing educates a fool quicker than loss of money.
andrewweb - clearing up the web, one oaf at a time.
My friends and family are continuously amazed at how my Mac has zero spyware and viruses. So far I have one who is switching and two more who are committed to switch with their next computer. I'm absolutely dumbfounded when I hear coworkers complaining that their credit card number was stolen online, but absolutely refuse to fault windows for allowing all this shit to be automatically installed on their machines.
wikipedia: Broken window fallacy This says that if someone says, look at that broken window, it stimulated the economy because it created work for the glassmaker and glazier. This seems reasonable at first, but it isn't. The country had to use economic resources to reach the same utility it was at before the window was broken. If broken windows really stimulated the economy, countries would bomb themselves to stimulate the economy.
"brxref
" Is there any remote chance of getting these spyware authors prosecuted."
At this point, I'm not so sure the spyware authors are the real problem. Fool me once, shame on you. Fool me twice, shame on me. Fool me 65,536 times, just paste the "Kick me" sign on my back.
The security issues of MS products are well documented, with plenty of real-life evidence. Open an e-mail, launch a virus. Visit a website, get spyware. Eat at McDonald's every day, get fat. You can't expect security out of Microsoft any more than you can expect to lose weight by eating Big Macs. There are alternatives to MS products, just as there are alternatives to the fast-food hamburger.
The problem is that if anyone can install just about anything on your computer without your consent, then any data on your computer can be redirected and exploited. Spyware is just the beginning. It's going to get ugly.
What I can't seem to figure out is why Norton and McAfee didn't include spyware detection and removal in their virus detection software from the beginning. I remember specifically reading something on Symantec's site that said something to the effect of "we are not targeting any 'spyware'".
Wouldn't this have saved a lot of problems? How is spyware not considered malicious?
Over and over again, I have to sit at friends' computers and rescue them from the evil clutches of the browser hijackers and such. I think Symantec and McAfee dropped the ball on this one.
Macintosh systems are less affected just as other PC browsers present less of a target on PCs. There's a reason why geeks still call IE by its sly nickname, "Internet Exploder."
The key here, as I'm sure has been stated, is in how Internet Explorer on Windows works. It's interaction with the internet (through its integration as a part of of the OS) is a liability because Microsoft has allowed a program that connects to the internet to permit external sources to download and launch external applications or link itself to external applications, all of which are dutifully managed by the operating system. No other browser I know is that guillible. IE provides no clear definition between operating system and browser to those who exploit it.
Spyware links itself to the unique components of IE and the Windows registry because some nutjob at Microsoft thought that anything found on the internet should be accessible to use in Windows (note that I didn't say "the browser", but Windows.).
Other browsers isolate all activity to the browser alone. Java and JavaScript on a Mac are not allowed to execute items from anywhere except the browser. If an exploit has been noted in these browsers that tries to touch operating system areas, it's truly an exploit, and not a "feature" that needs a fix as it would be found in IE/Windows.
Take a look at the cookies in Safari on a Mac to that on a PC. The cookies saved aren't much different. But Safari and many other browsers don't recognize or allow commands or configuration requests from these cookies. IE for Windows does.
Vos teneo officium eram periculosus ut vos recipero is.
That is exactly right. I am a an accountant for a medium sized company that makes beer kits and during the evenings I help people out with their computers. 90% of my extra business comes from spyware and virus removal. I collect $50 per hour and a lot of Sierra Nevada Pale Ale. The trick is to stay up on which programs take of the crap the best, I do not have a lot of luck with just one, SpyBot, SpySweeper, and AdAware work best for me together. As long as the person did not put on the free Adaware I have pretty good luck. The never listen to me and still go to a bunch of porn sites and I see them again in 3 months.....I have not had to buy beer for months!
Is it just me or do their numbers seem terribly low? I'd put the spyware infected Windows machines at nearly 95% (only those recently cleaned are clean) and the $305 million number seems about 1000%
I'm not sure what's creepier, the fact that you share a porn collection, or that someone found your post +1 informative.
"Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
What would the cost of computer components be like w/o everyone and their dog owning a PC? What would the job market be like?
-- Having a Creationist Museum is like having an Atheist place of worship
But he doesn't much about the inner workings of his computer. Is he a lazy, uniformed moron?
2) Mac OS X installer CD Next problem with this one is it also requires the purchase of at least several hundred dollars worth of equipment. I'm with you on the Linux/BSD though. Xandros Open Circulation Edition is easy to wean Windows users onto. Then, once they're more used to Linux, move them to a more robust distro.
If you mod me down, I shall become less powerful than you could possibly imagine.
Norton (Symantec) Anti-Virus Corporate version 9 includes spyware blocking and removal tools. Their effectiveness remains to be seen on my network, but it is a sign of progress.
Together, we will drive the rats from the tundra.
I work the computer help desk at Rose-Hulman Inst. of Tech.
Of 10 problems related to software I see, probably 9 are spyware-related. I can install and run Spybot and Ad-Aware with my eyes closed and one hand tied behind my back.
Spyware makers need to be prosecuted, plain and simple. They're creating a problem that is much worse than spam, especially in cases when their programs are debilitating to a system. Their creations are no less than viruses.
when they have spyware problems. They call their catch-all problem solver: their ISP.
Found this site that has a link for a hosts file that will automatically block most adware/spyware/malware: http://www.mvps.org/winhelp2002/hosts.htm
hmmm, It's also great for M$, I bet they stop patching their security holes and start patenting them. So they can sue to get a piece of that pie!
m@t
Most interesting is the clear market distinction that is being drawn between spyware and virus. We've seen the technical argument about how they cannot be categorized the same, but I figured that these markets would have fully merged by now.
With the billions spent on patching, cleaning up viruses, reconfiguring user-botched systems, removing spyware, and secretaries playing with animated text in Word, Microsoft generates jobs for us all.
or is it that Microsoft creates a drain on what would be otherwise profitable small businesses destroying jobs for us all?
You know, Microsoft is the rain and ditch cycle of the software industry. Dig a ditch, rain fills it up, dig it again, fill, dig, fill, dig...wow we just got a lot of work done, right?
-- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
There was no option for -1, too informative. This was the closest.
badness 10000
Yeah, but with a half life of just 4 minutes, people don't see a real improvement no matter which way they go with Windows. "Yeah", you say, "but a Pee Cee with SP2 does not get owned so quickly." Of course, it does, when the user has email (conversation with study author), or browses. People know this and are not very happy.
Next time, give them Simply Mepis or Debian Sarge. It works, it's easy for both of you and they will thank you for it.
Friends don't help friends install M$ junk.
Submitted incompletely due to over haste...
My former post was intended to include a comparisson with the way I don't need/have a heavy haulage 18 wheeled truck, and should not be allowed in control of one until such time as I learn (in a controled environment) to use it responsibly and get certified through a test or series of tests to show that the learning "took".
kartune85 : Incapable of reason, observation or learning. A kind of dim, drab, flightless parrot.
I have found things while cleaning up PCs. Things like pictures from pr0n sites and the like. Say you are doing this for a friend or a family member even. What do you do with this kind of information. A certain amount of pr0n may seem healthy, but there is a level that I see as a problem. Does anybody have any advice or experience in this area?
Sean Lane Fuller - The truth is out there!
What's wrong with the free AdAware?
If they have spyware linked to IE, most likely those settings (default web page, etc) will be transfered to Firefox.
This is probably what you experienced.
The saddest part to the whole "spyware removal" industry is that a majority of the companies that are out there are in fact either directly or indirectly responsible for some kind of spyware or adware software in the first place.
I had a bad case of adware on my brother's machine once, which replaced his home page and such with a "search engine" thing. He would also get popups, some of which would tell him that his machine was infected with adware, and to click there to "remove them". Clicking that popup, out of curiosity, showed me results in the "search engine" page, linking to several sites which sell adware removal programs.
Now tell me this. Why would adware pop up ads which links you to pages that would help you remove the stuff? The answer, of course, is that those companies are responsible for the adware in the first place, or are paying whoever created it to put their company in their adware "search engine", so that people are sure to find'em. If this were a legit search page, it would take you to a program which actually works, and is free, like Spybot or Ad-Aware. These two things never showed up in the adware "search engine" page. Coincidence? Of course not.
Spyware and adware can be just as damaging and result in the loss of as much productivity as a common virus can. And software like this works almost just like a virus; it fights you at every turn to remove it. It can actually be much harder to remove this kind of junk, depending on which one gets installed. The difference is though, if you write a virus, you go to jail. If you write adware (aka, a virus with ads in it), you make a ton of money.
Since I'm the "Computer Person" in the family, I get calls from family members all the time asking for help with spyware (or problems that are obviously caused by spyware). A scan with Ad-Aware usually reveals dozens of pieces of spyware and similar programs.
I'm sure OEMs get swamped with these types of calls too.
"You spoony bard!" -Tellah
It can be done. There's a $39.95 commercial product to remove Internet Explorer and much other stuff you don't want running.
Over the summer I worked for a small ISP (six employees including myself) with a decent customer base of about 1800 people. As an extra source of revenue, we also sold hardware, built custom PCs, and provided repair services at $38.50 an hour.
In my two months working there, we had quite a few people come in for repairs, and I would say about 90-95% of those cases were spyware related. They would come in complaining about their computer slowing down, crashing often, or my personal favorite: pop-ups constantly appearing, even when "not on the internet". They would generally describe the problem by telling us "I think it has a virus or something". In cases where spyware was the primary problem, we used several free tools including Spybot and Ad-aware to remove as many traces of the malicious programs as possible, and made sure there were no suspicious processes left running and that the computer was working normally (although the average machine we saw was at least two years old, if not older, and relatively ran very slowly despite all the other common optimizations we applied). We left a note in their service ticket about the software we left installed on their computer (typically Spybot and maybe AVG Antivirus), and offered to instruct any interested customer in their origin and use (not many customers were interested).
It really wasn't a bad summer job, but not the sort of occupation I would enjoy for an extended period of time.
Before I took up residence at my current gig, the place was a madhouse. A small startup with no clue about internet security and all their machines set up by a well-meaning, but not too savvy employee with a slight IT bent. (And sometimes machines shared with other family members of employees in the cases of laptops.)
I had to have every machine re-imaged, the entire network torn down and reworked. And yeah, all the wacky-ass pr0n and random bizarre spyware cleaned off the big boss's machine was a hoot. Memo to all of you out there, never let your 17-year-old son use your slick new two-pound laptop. I don't care if he does have a paper he needs to finish. That's what cheap home Dells are for.
Mod me down and I will become more powerful than you can possibly imagine...
The viewpoint manager never says "You need this tool to view this content. Click here".
Nope, it just installs itself silently.
Now, if you have Webroot Spysweeper, it alerts you that something has changed.
However, something that installs without your permission and then reports aggregated data back to a central server is by definition spyware.
If its not spyware, then why not ask permission ot install? Are they afraid people will say "no"?
You were mistaken. Which is odd, since memory shouldn't be a problem for you
It seems ironic and counterproductive to have a multimillion dollar industry grow up around something that should be illegal in the first place. We wouldn't think it was normal to have service companies routinely come around and patch bullet holes in our walls, paint over graffiti and haul away restroom waste dropped from airliners. If somebody defaces a big website it's a big deal. Why do we individually accept the time and expense of periodically de-vandalizing our computers?
Hiding behind obfuscated EULAs shouldn't work. Partly because it's an obvious abuse, and partly because nothing is done to verify that the person giving permission has any legal status. A great deal of spyware rides in on "free" games and other amusing things aimed at kids. How does a contract "signed" by a 10-year-old have legal weight? One argument is that the adult who lets the kid use the computer is responsible. But then why wouldn't that same reasoning apply if the kid merely borrowed the adult's pen?
Spyware distributors know they're doing something people don't want them to do, or they wouldn't go to such great lengths to disguise it. I personally think they're in the same category as people who hack into banking systems and should be treated accordingly.
...is all these people with spyware in corporate America. I don't mean mom and pop shops, but large firms with a dedicated IT staff of highly trained and educated IT professionals. I simply cannot fathom how these people can possibly have systems that are so easily destroyed by outside forces when they have complete control over both the hardware purchased and the software installed on the machines.
I can give you examples from both sides.
At the company that I work for, one of the biggest problems the help desk has to deal with is resolving issues with Windows 2000 caused by spyware and other malware. They have Active Directory and SMS, they use a standard corporate image, and users are not given administrator rights on their own machines. Why are these machines still having so many problems?
Well, for starters, the default filesystem permissions on Windows are atrocious. They essentially give even normal users permissions to write all over the operating system and in locations where they have no business writing anything. Couple this with the default settings of Internet Explorer trusting damn near everyone on the planet that can pretend to be someone or something else, and the tendency of Windows and IE to auto-run anything that is possibly executable, and you end up with a total nightmare. The amount of research and work required to solve these limitations is simply beyond most management's ability to comprehend. Why should it take days or even weeks to certify a new image for usage?
The real problem is political and monetary. There are no financial gains to be made by having a team of people spend several days doing research to get something right. It is very hard to quantify monetary loses due to spyware and other things that can be avoided, until after the fact. It is very easy to quantify the cost of X number of people for Y number of days, though, so the decision is consistently made by management to cut as many corners as possible, spend as little time on research as possible, and get the systems out the door as quickly as possible. This leads to the inevitable problems with spyware and malware that so many of us are facing.
Now, I will give you another side of the story. My parents have a computer. It isn't much to look at and it definitely is not fast by today's standards. Knowing that my parents have limited computer skills and limited computing needs, I took the time to design and implement a proper environment for them. I started by picking Windows 2000 Professional. At the time, XP was still a beta, and anything based off Windows 95 was definitely not a choice due to its complete lack of access controls.
The system was installed with a primary partition, being for the operating system and nothing more. It has very little space left for things to be installed, yet still enough space to download, uncompress, and install a service pack (or 3) and still leave the backup files on the disk. This partition is not writeable in any way to any user that is not an administrator, except in cases where poor design required write capabilities. A second partition was created to store all programs and user data.
I took the time to research and modify a proper local security policy, along with group policies for the machine to allow them to perform tasks that are otherwise not allowed for a normal user. At the same time, I removed the ability to perform tasks which might be considered dangerous when left in the hands of a computer novice. Through these policies, I also moved things like "Program Files" and "Documents and Settings" to the secondary partition. The programs are all read-only, except for a few parts of Office, which require write privileges to function properly. I also setup several automated tasks to run periodically, at times when I knew my parents would not be using the computer. One of these tasks makes a backup image of the primary partition to a location on the secondary partition. This is done in case something bad happens an
Computers seem to be the only place where businesses can shoot their own customers, and still sell them a bullet proof vest.
Meet new people, and kill them.
So, like we need "-1: TMI (Too Much Information)"
I have found that when the free version is loaded, it will not detect and correct all of the problems. Then when I try and load a complete version, it does not install correctly and need to clean the free version out first, then reload the complete version. If the spyware is bad enough sometimes the uninstall feature will not work correctly. It really comes down to taking extra time that if I can avoid is really nice.
yeah right, like anyone on /. has a wife ;)
my karma will be here long after I'm gone
In addition to making the car considerably cheaper, Henry Ford also standardized the user interface. I read this somewhere recently. Before the model A, you had to set the ignition advance of a car manually, and you may have even had to adjust the carb fuel air mixture, there was also a lot of different arrangements for controlling the throttle, brakes, clutch, and shifter. Ford made it all simple. Windows 3.1 was a huge improvement for the average user over the CLI. Windows derivatives also became pretty cheap. (They do have enormous flaws) The Mac seems to have done an even better job with the UI. They did it back in 84 (might be off a year). But they weren't cheap, so they have had little market penetration.
"brxref
No, the problem isn't with, specifically, the free version. The problem is that most spyware is more advanced than before... modifying numberous registry keys, changing file names so as to not be detected, etc.
Spyware removal programs are a FIRST step to removing spyware, not the only step. After running a removal program you should
1. Goto Add/Remove Programs and uninstall anything that doesn't look legit (this includes and IE toolbars)
2. Run msconfig and uncheck any services that don't look legit
3. Rebooting into safe mode and deleting the folders in "Program Files" of stuff that won't go away
5. Finally, run your removal tool again
Yep.
The real /. surfaces again.
Who's your daddy! Uh, mommy. Uh, ugh!
Freud?
After I stopped using IE and Outlook Express, and installed a software firewall and Adware + Spybot S&D, I have no problems. The problem in the Windows environment is IE and OE. After getting rid of those, Windows is a good operating system (with critical patches installed, of course).
You know sometimes spyware programs are revealing? I was yesterday at my boss's office...as we talked about something, porn ads kept flashing at his PC! he was embarrassed, to say the least.
(and no, I did not ask for a raise, at that particular moment).
I'm a computer guru, sure, but an "average" car user.
I hear a funny noise, I have my wife take it to our mechanic who leaves me a voice-mail telling me not to go 11000 miles before the next oil change, or I'll hear that noise again!
He gets paid because he knows more about cars than I do. Better, he gets paid so I don't have to care about cars at all!
If you don't like cleaning up after people, why're you carrying that broom around?
Changa hates change.
Whenever I run Spybot, it finds lots of cookies which are deemed to be spyware. The article states two-thirds of PC users are infected, but:
Total Number of SpyAudit Scans: 10,305
Total Number of Distinct Audits: 4,104
Average Instances of Spyware per Scanned Desktop: 20
Average Adware Installations per Scanned Desktop: 2.5
Average System Monitor Installations per 100 scans: 5
Average Trojan horse Installations per 100 scans: 5.5
So, probably most of the infections they are counting are really just cookies. The numbers are alarmingly high, but not nearly as bad as they make it out to be.
as a pc repair technician I can tell that 2 out of 3 machines we are taking in is for a spyware/virus related problem.
What I find really annoying is that the customers are bringing their computer in because "it is slow" so we have to break the news to them that this is a software related problem -so, not covered in store by the warranty (actually not covered at all)- and tell them that it costs 39.99can$ to get them removed. Most of them can even seem to figure that windows or a virus or anything else than the hardware could be to blame in all the slow downs they've been experiencing, and they can't figure that everything began when they installed kazaa or when they went on that pr0n site...it just happened. Most of them are clueless.
We had a woman last week who got her pc restored and brought it back yesterday because she was getting errors when trying to install kazaa...I told her to stay away from that program and she didn't even seem to register the information, like: "yeah, right, whatever, just get it working so I can download music again". Mam, you deserve to pay
as long as the customers will be treating their computer as simple stereos (you turn it on, you turn it off, if it won't work it's because it is physically broken) we'll have those problems and THEY'll have those problems. Most of them don't even figure that they are the cause. "The damn thing is broken again, I feel like I am paying for nothing"...no you're not, you're paying for your lack of knowledge/interest and your stupidity. As the saying goes "fool me once, shame on you; fool me twice, shame on me"
I currently work part-time for my university performing technical support for students' computers and 99% of the machines are infected with Spyware. It's a nice way to make a few bucks on the side.
Hypocrisy is the 8th deadly sin.
Except in extreme cases, where software can not be installed, or the system won't even boot. Other than those cases, can't anybody install and run adaware, or whatever?
Any suggestions tool-wise? I have a badly trojaned winME machine here and can't find the little bastard anywhere. I've gone thru and beyond the usual. Plenty of details if you're interested
Sigh. I'd really rather not reinstall.
SB
It's old. The more humans I meet, the more I like my cats. At least they are honest.
That $15/hour really amaizes me... I charge $50 for a system cleanup, when the machine is brought to me, $75 on site, and it generally takes me about 2 hours (on a regular clogged up machine) most of which is watching Ad Aware, and AVG do their magin... After that it's simply a matter of cleanup up any leftovers, purging the temp directorys and any other junk that's sitting around, then unplugging the whole mess, dragging the machine and keyboard outside for a blast of compressed air to degunk the keyboard and liberate the dust bunnies...
Best part is a good afternoon when I have 5 or 6 machines on the go at once... I sometimes make more cleaning up machines at home than I do at my regualar 8-5 job. Pretty soon I'll be looking to work full time for myself.
Spyware and virus removal companies depend on Microsoft's security holes for their business. That's a given. Think about this:
1. Create monopoly.
2. Create vulnerable software that everyone uses.
3. Invest in spyware/virus removal software.
4. Profit.
Pretty simple if you ask me. I bet Microsoft is invested in at least a couple companies which make anti-virus and/or spyware removal software, which means they are profitting off their own mistakes.