Slashdot Mirror
Spyware Removal is Big Business
prostoalex writes "Just when you thought all the software niches were taken, IDC comes out with the report saying $12 million was spent on spyware removal tools in 2003, and $305 million will be spent in 2008. IDC also estimates two-thirds of PC users out there are infected. Large PC vendors are waking up to the spyware threat, having their call centers overwhelmed with spyware-related calls."
It's the best way of getting free beer I've found: fixing spyware related problems for family and friends. While I watch SpyBot and AdAware do their job, I get free beer. There are worse activities ;-)
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
... before the anti-spyware vendors start bundling spyware?
wooo wooo the bandwagon is going past *jump*. Phew it almost went without me
99 bottles of beer in 175 characte
...that the vast majority of this spyware was installed by exploiting vulnerabilities (some overt, some more roundabout) in primarily Internet Explorer.
And once an ordinary user is compromised by one piece of spyware, it's usually a downhill battle.
Imagine how different the situation would be if, for the last several years, there had been real competition on the browser scene. Of course, there may never have been a way to solve the problem with the courts anyway: they DID decide that Microsoft illegally used its monopoly position to bundle IE, but Microsoft knew exactly what it was doing. By the time the slow wheels of justice had turned, Microsoft's browser takeover was virtually complete.
And during this entire time, IE fundamentally was stagnant. There were glaring, egregious security issues, and no new features that had already become pervasive and popular with alternative browsers (popup blocking, tabs, etc., not to mention a lack of horrible inattention to security). I imagine Firefox's recent uptick in usage illustrates, even after all that, just how bad IE sucks. But this will only be good for Microsoft, and for everyone: if Microsoft feels it has competition from things like Mac OS X in OSes and Firefox in browsers, we get developments like SP2. We get a new "commitment" to security. We'll ostensibly get new features in and an attention to security in IE. (Well, we can dream, right?)
I wonder how many dollars have been spent, or how many families have actually bought new computers (yes, it happens), once their PC slows down and/or crashes, hangs, or has other problems, to the point that it's virtually unusable. Yes. People really do this. They don't feel they can or know how to just wipe the machine and reinstall Windows, and even if they did, they don't know how to save everything they want to. So they just buy a new computer.
I travel with a frequently-updated set of tools for exorcising various demons from PC's, and am accustomed to mucking about in the registry, winsock stacks and other oh-so-fun places to finish up the job.
Village idiot in some extremely smart villages.
Googling didn't bring up anything helpful... I can see a couple of possible barriers:
- most developers aren't clicking on email attachments
- it's tedious work; rooting around in Windows Registry and system folders isn't fun
- it'd need to be constantly updated to be effective
It's a tough row to hoe...
The Army reading list
If only they knew how easy it is to remove.
WOuld we pay for a car if every billboard we passed was capable of taking control of the vehicle and making it drive to other billboards? I don't think so. Why then will we pay for windows.
99 bottles of beer in 175 characte
In my opinion, most spyware is easy enough to get rid of using tools like Spybot-S&D, SpySweeper and AdAware. The one category that I've found harder to remove are the ones that embed themselves into the Winsock chain and redirect network features.
I cleaned out one PC last month - it wasn't infected too bad, only several dozen things for the scanners to complain about, and I've dealt with systems that had several hundred! - but even after everything seemed to be gone, its default search URL and things like that kept getting hijacked. I had to grab a tool to fix the Winsock chain; some malware had slipped itself in there and was screwing things up.
Village idiot in some extremely smart villages.
Just think how un-American Apple computer is. Do Macs contribute to the growing anti-spyware business? Hardly at all! Why almost no money is being made removing spyware from Macs. Why hardly anyone has heard of spyware for Macs in the first place. Can you imagine taking bread from the mouths of the little children of anti-spyware software developers? Won't someone please think of the children?
Microsoft is really helping the computer industry lately. First their initial decision to make outlook express execute any script embedded in email by default kick started the mostly dead antivirus industry into the powerhouse it is today. Now their forward looking decisions regarding the security of ActiveX and Internet explorer has created a whole new industry of spyware detection and removal.
Think of the revenue and jobs created by these decisions.
And Unix (Linux, OS X too), with your anti-economy designs like user accounts that cannot write to system areas, web browsers that do not support a web site's ability to covertly install software behind the scenes, and email clients that do not interpret VPscript, you should be ashamed of yourselves. If popularity of these OSes rises too high, it could seriously damage the antivirus and antispyware industries, causeing a loss of revenue and jobs. Congress should really do something about this.
Finkployd
More free beer! Wow! I think I've detected the secret underlying thread in /. !!
Seriously though, my uncle's family from Greenville, SC (read Bob Jones University - no, don't mean to offend anyone's religious beliefs here but I have a beer point to make ;-) have asked me for computer help on occassions but for obvious reasons, that never got ME any free beer.
I'm going off to cry in my beer now...
Mmmm, salty!
Its 9:32 am my time and since 6:55 am I've been at 4 computers removing a combination of spyware on what we thought were fully patched (at least windows update and hfnetchk pro claims are fully patched) systems.
It's almost a daily event at our office, wake up, get to work, drink coffee, remove daily spyware....
This is one group of our population I would gladly invent a story about a giant goat about to eat earth just to get them the hell off.
Why do overlook and oversee mean opposite things?
My argument woud be that these authors are invading my privacy when I legitimately get onto the web.
On the other hand, I will shoot myself in the foot by seeing their potential argument too:
They could argue that by visiting specific sites and probably clicking some links, I agree to enjoying all services they offer on these sites including stuff that would be installed on my PC.
Any legal minds here?
And, this is news? It's sort of like announcing "Hey, the Moon causes the Ocean Tides to Rise and Fall"
I can tell you that spyware removal is about 90% of my consulting (side) business these days. I can usually rake in an extra $300-500 / month thanks to all the spyware problems. I feel bad when I have repeat customers, but I do spend a good amount of time educating the users and immunizing their PCs, but they always find new ways of getting spyware on their computers (it always seems to be the kids and their p2p "needs"...).
:-), I'll be glad to help you anything I can.
Now, as an industry, I don't understand why so much money was spent. There are outstanding tools and tutorials on removing every type of spyware, and every it seems like all the best ones are free.
If you want any pointers or tips on spyware removal, and you don't live in my area
Y'know what sucks? Having to tell your father to be more careful about visiting porn sites.
I have a "regular job", but I can't help but being drawn into this.
I charge $50 per clean. About 30% of the time, I get a tip too, ranging from $5 to $20. I always call em back a week later to be sure they're happy.
Reinstallation may sometimes be necessary (not often). Sometimes, it's far less time consuming.
I never do a "freebie" anymore. There's just too many of them. I'd drive myself mad.
Video Game News, FAQs, etc
Good point! It reminds me of Doctor Evil -- "One MILLLLLIIIIOOOOOONNNNNN Dollars!"
If microsoft made some changes to windows, this crap would have a harder time getting installed (or at least getting installed unnoticed)
Basicly, anything that wants to change certain things should trigger a "are you sure you want to do this" warning of some kind (with ways to change that warning into a requirement for a password or a total block of the activity). If the activity is blocked, the app requesting it gets an appropriate error (e.g. "you cant open that file" if access to a file is blocked)
The items that should be locked include:
Writing to the "startup" group & other locations where you can have a program start at startup
Writing to
Changing critical windows sockets settings
Changing the HOSTS file
And there may be other things
The idea is that spyware/viruses/trojans/etc that come in totally unannounced would now not be able to do that.
And spyware and such that rides alongside application programs would be easier to spot (so you can choose to use a non-spyware alternative)
Yes the cluless will just click "yes" but at least those who care wont be hit as much.
Anti-virus vendors should start detecting spyware (particularly the kind that installs itself jsut by visiting a webpage or reading an email as opposed to the kind that installs alongside programs like kazza) just like they detect viruses.
After all, spyware shares a fair few characteristics with viruses, worms and trojans.
The big PC OEMs should be doing more to combat spyware.
Myself, I use Mozilla (and keep it up to date with the latest release builds) and I use Norton
Antivirus to keep my system virus free.
I also run Spybot and Ad-Aware regularly.
And I dont install spyware-laden programs like Kazza, Real etc.
I find it terribly sad when companies/people/drones/the family pet/etc. need to fork out a ton of cash just to prevent assholes from taking over their computers. Viruses (Viri?) have caused this for years, and it's completely illegal to create such a program. But, so far, it's still legal in most places (albeit unethical) to distribute this garbage.
Yes, it's really an IE/Windows problem, which is a whole other argument. I know users need to be better educated (or educate themselves), but that still doesn't help my Grandma who can barely seem to find the escape key. I understand this. But still, why should this still be allowed?
On a side note, does anyone know of GOOD network/client-server spyware removal software, either free (as in beer or freedom) or commercial? Just curious...
I am a consultant for a small IT firm in Manhattan. We do a lot of small businesses, home businesses, and even home clients. Spyware turns out to be the culprit in probably 90% of our "my computer is slow/not working" calls we get these days. We make it mandatory for all of our techs to install and run Spybot and Ad-Aware on any machine we work on, and I have NEVER seen (or even heard of) a machine with no spyware on it. The third of machines that are uninfected must not have internet connections. Even with Spybot's protective measures activated, an Ad-Aware scan a day later will find something.
-- "the revolution will not be televised" -Gil Scott-Heron
In addition to the removal, as a value added service, I do a good bit of training- including how not to use IE/Outlook (I install Firefox/Thunderbird for them) and how to not open attachments, etc. If they continue reinfecting themselves, I just keep coming out and charging them again and again. It is quite a cash cow for some of these folks who must go to their little java game sites and who open every possible thing that they are sent...
It is even easier in many cases where I can do the entire thing through NetMeeting from my house, so I get paid full price and don't even have to leave home.
Ceci n'est pas une sig.
:wq!
I deal with computers at businesses, 10-200 employees in general. Computers that should not be misused, on the desks of people who should know better.
Simply put, if somebody's home PC gets screwed up, it's not worth my time to fix it, since 1) they can't afford it as you've pointed out, and 2) it'll be hosed again next week.
I've gotten to the point where I'm starting to point out to my clients that hey, if they run something other than Windows, this will not happen to them.
Village idiot in some extremely smart villages.
I used to work for a "big retailer" and I saw how much business the on-site "computer technicians" were making from Spyware cleanup. Well... $50 a pop. The funny thing is they were using Ad-Aware only to provide this "great service" for their customers. So as long as there are customers willing to pay all this money for such a service, then the business is going to be booming. *Ohh yeah... using Firefox may help a little.
Rather tell my father that than my mother...
(or your mother! HEEHEE!)
I deal with this at work all the time. To me, spyware/malware isn't that different from a virus, and the logical thing is that symantec/mcafee/panda/etc add spyware/malware detection to their current anti-virus offerings.
In theory, they already have. We have Symantec A/V 9 installed on our the computers at work. There is actually an option to tell it to scan for spyware/malware. The problem is, it seems to be be able to find a lot of it, but then is unable to actually remove it most of the time.
So, we end up having to run ad-aware to actually remove the spyware/malware. It's silly that we need Spybot for immunization (to make it difficult for the spyware to install in the first place), plus ad-aware for spyware removal (it seems to do a better job of removing than Spybot does, but doesn't provide the immunization feature), plus Symantec A/V 9.
Symantec, are you listening? Would be nice to have a comprehensive solution that works *all the time*. We're already paying big bucks for your anti-virus software, you could at least get it to work well for all threats. . .
I'm thinking about exploring the Spyware Writer Removal Service niche instead...
To help your pops out give him Knoppix (or other LiveCD distro) for pr0n surfing pleasures. No worries about Spyware being installed and (if mom is computer literate) she shouldn't be able to check out the history :)
Yes, it is as bad as these folks make it out to be.
Where I work (state government) I see all kinds of cruft on users machines when I am out and about. Even though it's not a direct part of my job I am in IT and to help things along I go through users machines and remove the nasties. Sadly, I walk by a week or so later and the users machine has the junk on it again.
I recently got permission to do a test with Firefox. I've been using it without issues and my bosses boss just put it on his work system and has the same results. I asked him if I could put Firefox on a users machine, someone who I knew had all kinds of problems with popups/redirects/whatever.
I cleaned her system (I don't even remember how many pieces of spyware she had) and then put Firefox on the machine. I did some basic configuration (block popups, small cache size, etc), copied her bookmarks over and gave her a quick run through on using tabs and how to configure the toolbar. So far I have not heard one bad thing from her about using Firefox or that she had issues with popups/spyware.
Hopefully, by using this person as a real guinea pig (as opposed to myself), someone who is not overly computer literate, we can convince the higher ups to use Firefox for everything except for our SAP requirements (yes, SAP is evil. I'm not the one who chose to spend millions of dollars on a tricked-out spreadsheet).
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
My daughter and I will be doing spyware removal as a summer job in an affluent suburb of Chicago. (I teach HS chemistry.)
;)
IPO will be next fall.
Help end the use of Sigs. Tomorrow
You know what they say about consulting work.
Windows:
Have to pay for anti-virus, have to pay for firewall, have to pay for spyware removal, have to pay for a copy of windows and then you have to pay someone to set it up.
*BSD/Linuxes:
Have to pay for someone to set it up.
Hmm... and the TOC of Linux is higher because...?
Tom
Someday, I'll have a real sig.
Places like Bestbuy are making a killing on this whole Spyware Removal Industry. They currently charge $40 for Spyware Removal, which will usually include an Additional $40 for Virus removal. I work at Bestbuy doing this, and I've seen some pretty nasty infections, i've seen computers infected with literally 1000 instances and the only way to fix it is to boot in safe mode, or just take the hard drive out and scan it in another PC. Fun. And from what I've seen Spybot and Adaware unfortunately dont even get everything. Usually I'll use both, and then use another program and still find spyware and malware!
I'm sitting around with such letters as CNE/CNI/MCSE/MCT/CCNA etc, and probably 75 to 90 percent of the dollars i've earned in the last 4 months are from disinfection.
It's nice to pay bills but it gets kinda depressing making money off of other peoples misery.
eric
Someone please make a live cd that destroys spyware. Even if it just starts a wine session and runs adaware or spybot or whatever.
Not as bad as the Boss.
"Someone was using this computer for no good, I highly recomend not using any browser but Firefox for no good."
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
We did at the office and have seen a serious decline in Spyware related calls. We used to get 10 or more a day for Windows 2000.
I don't have that problem, my father and I share a porn collection :)
I'm trying to improve my English. Please correct me on any spelling/grammar errors in this post.
How to help prevent spam/viruses. Most of this information is common knowlege for the IT savy but can be a good cluestick for the relatives.r p.asp has a free online virus scanner that I run once a week. It has found viruses that Norton did not detect.p _za_grid.jsp If you do not have a Firewall router at home or are using dialup. Make sure you have some sort of firewall running on your machine. This one is pretty good and free.
FireFox http://www.mozilla.org/products/firefox/ is a web browser that is much more secure then Internet Explorer. I have been using it for many
months now, it is very stable and has a small fraction of the security problems found in IE.
Ad-Aware http://www.lavasoftusa.com/software/adaware/ is a spyware finding and removal tool. This is one of the best anti-spy ware programs available and should be run at least twice a week.
Spy-Bot http://www.safer-networking.org/en/index.html is an excellent compliment to AdAware and should be run also twice a week. The combination of both Adaware and SpyBot make for great security.
Trend Micro http://housecall.antivirus.com/housecall/start_co
Microsoft's windows update http://windowsupdate.microsoft.com/ should be
checked often to patch your operating system. I would suggest you install the updates.
Zone Alarm http://www.zonealarm.com/store/content/company/za
Here is a mini guide I wrote up on how to prevent from getting spam.
1. Do not give out your work email address to anyone not work related. Do not give it out to relatives.
2. Do not use your primary email address to sign up for things online, use a email from hotmail or gmail.
3. DO not use your work/primary email to post on message boards or USENET unless they are closed and protected forums.
4. Do not sign up for free giveaways, even if they are work related.
5. Do *NOT* forward jokes or other such emails. Discourage people from forwarding them to you. These emails hold a massive list of email addresses and will eventually end up in the hands of spammers.
6. Do *NOT* reply to any spam asking to be removed or to "unsubscribe." It just guarantees that you will get more spam as you have confirmed it is a
valid account.
7. Do not buy anything form a spam email. This only encourages the practice.
8. If you get spam in Outlook, go to "File", then "Work Offline" and then delete the email messages. Selecting the email message for deleting opens
it, this can cause a virus to be downloaded or download pictures that have unique tag. With the unique image tag, a spammer can tell when you
opened the email and that your account is valid. By using the "Work Offline" mode, no images will be opened.
You can find these links at my site http://www.friendsglobal.com/
Finally, I ran a copy of AD-AWARE and SPYBOT-S&D from a CD I had with me. After removing nearly 200 data miners and some files, the system connected on the first try. I have not yet notified AOL of the problem, but I expect others have had the same problem.
Well not solution, but it helps on small sites with fast enough workstations with 768+M RAM. Run debian or some other lean, stable linux distro under the hood, run VMware in fullscreen mode on top of it. Use different virtual disk for "Documents and Settings" folder. Install all the proprietary win32 crap you need, backup the virtual system disk and set it up so that it overwrites the system disk on every real boot. If you don't need SMB browsing and printers, you can further protect Windoze by using NAT networking so the virtual machine is not visible on network. You can still use SMB/CIFS disk shares and CUPS printers (2K and XP support CUPS somewhat). Running winblows under VMware is 100 times preferable to wasting perfectly good hardware to a dedicated, "real" installation. And it's cheap, v3->v4 upgrade is currently 99 US$ + VAT. Another plus: as admin, when installing new software, just make a snapshot of the VM state, then install the proprietary crap, and if it breaks anything, just restore snapshot and you timewarp to pre-fuckup state. Excellent!
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
Maybe I'll give up and join the Borg.
Never shake hands with a man you meet in a fertility clinic.
wikipedia: Broken window fallacy This says that if someone says, look at that broken window, it stimulated the economy because it created work for the glassmaker and glazier. This seems reasonable at first, but it isn't. The country had to use economic resources to reach the same utility it was at before the window was broken. If broken windows really stimulated the economy, countries would bomb themselves to stimulate the economy.
"brxref
What I can't seem to figure out is why Norton and McAfee didn't include spyware detection and removal in their virus detection software from the beginning. I remember specifically reading something on Symantec's site that said something to the effect of "we are not targeting any 'spyware'".
Wouldn't this have saved a lot of problems? How is spyware not considered malicious?
Over and over again, I have to sit at friends' computers and rescue them from the evil clutches of the browser hijackers and such. I think Symantec and McAfee dropped the ball on this one.
I'm not sure what's creepier, the fact that you share a porn collection, or that someone found your post +1 informative.
"Upon attaching the waterblock to my penis, I began to notice that I know nothing about computers." -- JRockway
No, go back and read that again. I think he means the removal tool authors will start including spyware they "approve" of along with their removal tools, so that they can guarentee said piece of spyware WON'T be removed. Spyware companies would pay huge amounts for something like that, let's hope those making spyware tools won't sell out. (I'm fairly confident they won't,, that's like Symantec bundeling virii with their anti-virus tools...
CAn'T CompreHend SARcaSm?
There was no option for -1, too informative. This was the closest.
badness 10000
Over the summer I worked for a small ISP (six employees including myself) with a decent customer base of about 1800 people. As an extra source of revenue, we also sold hardware, built custom PCs, and provided repair services at $38.50 an hour.
In my two months working there, we had quite a few people come in for repairs, and I would say about 90-95% of those cases were spyware related. They would come in complaining about their computer slowing down, crashing often, or my personal favorite: pop-ups constantly appearing, even when "not on the internet". They would generally describe the problem by telling us "I think it has a virus or something". In cases where spyware was the primary problem, we used several free tools including Spybot and Ad-aware to remove as many traces of the malicious programs as possible, and made sure there were no suspicious processes left running and that the computer was working normally (although the average machine we saw was at least two years old, if not older, and relatively ran very slowly despite all the other common optimizations we applied). We left a note in their service ticket about the software we left installed on their computer (typically Spybot and maybe AVG Antivirus), and offered to instruct any interested customer in their origin and use (not many customers were interested).
It really wasn't a bad summer job, but not the sort of occupation I would enjoy for an extended period of time.