Slashdot Mirror
Given Up to Spyware?
Khuffie writes "Wired has an interesting article about how some people have given up to spyware, knowing that the software they're installing virtually takes over their internet connection. What's even more ironic is that they claim it's a necessary evil for free software, when things like the Google Toolbar virtually replace Gator, and there are many spyware-free P2P programs available."
I'll blame sites like Download.com that started this trend.
Download software foo from us, but it would come with Gator and a whole shitload of spyware. And then, everyone else started following suit.
I still remember times when spywares and trojans were hacker-only. Greedy corps brought it to the masses, and now it's become an accepted part of the "Internet experience."
Spybot
Adaware
Oh, and Linux.
People just don't care... they can't be bothered to think about it. I've talked to so many people, "yeah.. I need to get a new computer, this one's slow" their system gets hosed, they just get a new computer. wtf is with that?
You know...what's disturbing about the theme of this article, is there is so much free software out there that doesn't require spyware, and all of these people are completely unaware.
---Up Up Down Down Left Right Left Right B A START
Quite simply, this is a situation that can be addressed with education. Since we don't have access to big media, we have to do it by word-of-mouth. This means spreading Firefox and other crap-free alternatives, even free plugins for IE if someone chooses to use that browser. It's also important not to force things on people in our typically annoying geek ways. Educate people, so that they can decide for themselves and realize that there is a world of software in which this stuff is frowned upon and actively fought against. Someday with enough effort, spyware will become an amusing memory.
Oh great so now these authors of these spyware programs are going to think that we don't actually mind about their takeover of our pc's.
Spyware makers hear us - we do NOT like your damned "software".
In the Slashdot moderating system, humourless based offenses are considered especially heinous.
They're called morons.
Shouldn't all this anti -virus, -spyware, -malware, etc. software be added to the TCO for a Windows license both in cost and time?
Nevermind, something seems to have gone wrong at wired.com, but it's fixed now and both links are working. Ignore my post.
This comment was thought up very late at night and does not necessarily reflect my views at a more reasonable hour.
Foolish notions are stated, repeated and believed. Things like "if you haven't done anything wrong, you have nothing to fear" and "you get what you pay for" ring through their heads. These faiths are unshakable... might be easier to convince them there is no god.
I've had people swear up and down to me that I couldn't use OpenOffice.org in a business setting even when the software's license specifically states otherwise. People believe the craziest things. It will just take some getting used to... this whole free software thing.
Personally I just format my sister's comp every 3 months or so, I don't know how she does it, but she manages to fill it up with more spyware/adware/free smilies than I thought possible, so I just save her important data, and format. I used to try and stop it all, and try to educate my sister, but that didn't go too well.
The cost of the privacy lost is invisible and (apparently) non-intrusive, while the cost of the time and effort is obvious and immediately quantifiable.
Think about how many times you've heard someone say things along these lines: "Can you believe I spent 6 hours cleaning spyware off my system and had to reinstall Windows twice? Then I had to find new software with a privacy policy acceptible to me, and it took hours to download and install it all."
Compare that to how many times you've heard someone say something like: "Wow! I had spyware all over my system. It was tracking my shopping and browsing habits, reporting my computer usage stats to ad agencies, and sending my IP and passwords to a scam company in Russia!"
The cost former is obvious to even the most ignorant users, while the cost of the latter requires much more insight and knowledge.
open ports one at a time.....
just having a 1 port router will keep most of the fresh install vulnerabilities off line to the net, and allow you to get what you need.
every day http://en.wikipedia.org/wiki/Special:Random
Google Toolbar itself is not much better than outright spyware - so you may want to rethink suggesting that one; Google corp is changing for the worse, so it's only a matter of time before they "enhance" their toolbar with more "features".
Ron Bennett
Someone needs to make spyware illegal unless someone actively buys a PC sponsored with the crap. ie. those 'free' bannered PCs from years ago. The average computer user just is not capable of keeping this crap off of their computer. Windows is becoming more and more useless as a plaform because of this 'stuff'.
All I can say is THANK YOU KDE for kiosk mode. I now have my parents surfing with a crap free computer, dynamic DNS, auto-updates, and has been running bug free for months now. 8)
To quote a few users from the article :
"I had a good idea what the Marketscore software does, though I didn't read the entire user agreement"
"I can't surf the web and I can't trade files if I uninstall the spyware."
"I can't afford a subscription to keep my antivirus software updated. Marketscore doesn't charge any fees."
"They said they'd opted to install it on their computers because they wanted the eWallet application that stores passwords and credit card numbers, entering them into web forms with one click. The users said you have to get the adware if you want the eWallet."
"In Hungary, many people who grew up under communist rule came to accept government interference in every aspect of their lives as inescapable. They were too tired to fight anymore, so they convinced themselves that communism was OK and even a benefit."
For those of you on the "Steam Rules" side of the debate: "Any of that sound familiar?"
THIS is the reason those of us on the "Steam Sucks" side of the HL2 debate have taken the stand we've chosen to take. We're not warez d00dz. And we recognize that Vivendi are a bunch of middlemen who aren't worthy to fellate a goat. And we acknowledge that Valve has gone to the dark side (as Kazaa and the other P2P apps did) of spywaredom - at least not yet.
But we see Valve's solution as a cure that's worse than the disease of piracy. And we see the main arguments of Steam's proponents as eerily reminiscent of the examples of clueless luserdom shown in the Wired article. And we ask: can your system's integrity be that easily sold?
Every time a Steam defender speaks, he or she should take a very close look at his or her argument... and the arguments presented by the spyware defenders in the Wired article, and ask yourself: but for the grace of Gabe, there go ye?
What we need is a good hacking job on one of these companies. Every now and then we hear "Amazon.com/newegg.com/etc Hacked, millions of credit card numbers stolen". But Amazon.com has deals with Visa, Mastercard, etc. and they happily protect their customers. What would happen if a company like this was hacked, and tons of information was stolen? Maybe people would wise up to the fact that no, its not OK for these people to monitor your activities, even if "it's not like there's anything interesting or criminal in my e-mail.""
What these people who accept spyware don't seem to realize is just how much it screws with their computer. Even if they DON'T care that some random shady company is stealing their private information, the spyware can still bring their computer to a stand still.
I work in the IT department at my college and 99% of the problems that students have in the dorms is spyware/adware related. I've seen brand new Dell computers literally slowed down to a halt as a result of the crap that has been installed on them within a few days. Students somehow manage to get used to the unbearably slow speed at which their 2-3ghz computers run at, never associating the slowness with the plethora of file-sharing programs, toolbars, and search tools they have installed on their computer.
So yeah, I can't believe that some people actually think that spyware is a necessary evil of free software. That paints a sad picture of the current state of the Internet, IMO. I want to say "People are dumb," but that wouldn be neither fair nor valid. People are simply uneducated in these matters and do not care enough to become educated.
Nothing disturbs me more than blind loyalism towards some unrealistic and over-idealistic notion of one's nationality.
As horrible as it may seem to some /.ers most people don't really care about their privacy - convenience is more important. Hence this acceptance of spyware and reluctance to switch from Windows to a less spyware-prone system.
No wonder many prefer spyware-infested Windows box to a clean Linux system - it's more convenient that way.
The other day I installed Firefox extension SearchStatus 1.0.4 - the main features being display of PageRan and Alexa rank of pages browsed. Of course soon afterwards I realized in order for it to work the extension sends all URL I visit to Alexa.com (and Google, which is indicated in their toolbar privacy-related help pages).
This is how convenience wins over privacy (I disabled the Alexa Rank only).
I've heard from several ISPs that some customers complain when all spam is blocked - they LIKE to receive spam because they're bored or like "specials".
If they are indeed "routing all internet traffic" through them, they may be operating as your proxy for HTTP and HTTPS. When you try to make a secure connection to a site, you tell them. They make an HTTPS connection to the site, their connection is encrypted to the site. The make an HTTPS connection to you. The connection between you and them is encrypted. They see the unencrypted data. So do you.
</wild speculation>.
You like splinters in your crotch? -Jon Caldara
There may be some question about what the user wants and doesn't want, but that doesn't excuse antivirus manufacturers from dodging the problem. If the ability to prevent spyware from installing was ubiquitous (as are virus scanners nowadays) we'd be winning the war. Nobody should have to accept this as an industry practice; things have been getting way too lax with EULAs and intrusive copy protection methods as it is, but this is over the line and we should treat the people who distribute it as we would those who distribute viruses or worms.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
I used to use Bearshare, and still would today, if it weren't infested with things like NetDotNet.
It would be so nice if Kazaa would just work, instead of clinging to kazaa lite k++.
And I'd pay a one time fee for a product like MSN Messenger with working voice and camera functions, but they know they can make way more money long term by selling ads to me for the rest of my MSN-using-life.
Saskboy's blog is good. 9 out of 10 dentists agree.
It's people like those interviewed for the article that are the reason spyware and adware exist. People who are CLUELESS, in general and specifically with computers, that don't see the irony in installing a program that records your user/pass combinations and web history to get a "free" "antivirus" "scanner".
Just like Nigerian scams, enlarge your penis spam, etc.
Of course, SSL has provisions against such proxying, which it considers a man-in-the-middle attack, but after five seconds it came to me that if Marketscore's proxy installs stuff on your machine as administrator, it's probably installing Marketscore's root certificate as well.
I'm torn between what's worse, spyware, or ponzi schemes trolling for free ipods...
...because we know a lot about tech, and most people don't. We don't tolerate our computers being screwed over with spyware. But - it's only because we know what it is, how bad it is, and what's at stake.
But to put it in perspective - I'm sure a professional mechanic would think I'm exactly the same kind of lunatic if he were to have a look at the brakes on my van. I know there's a problem, and I haven't made it a priority to fix it. The mechanic (bein a pro and knowing what you can and can't get away with) would probably think I was insane.
Weaselmancer
rediculous.
I just returned from Sierra Leone, likely the poorest country in the world.
A good internet connection is 8kbs and that's when the power hasn't failed or you have petrol for your generator and the phone system delivers a dial tone.
Even so, the 8kbps costs $200 a month in a country where an OK wage for a laborer is $2 a day -- when a job can be had at all.
When time after time I see 30-50 percent of that 8kbs bandwidth wasted by spyware, it really makes me angry.
Spyware hurts entire developing countries.
alt.privacy.spyware
It's like watching a group of people exchanging tips for what ointments work best for when they light themselves on fire. Over and over again.
This is one of my two favorite parts from this article:
Of course the only "supported" way is through Add/Remove Programs, and NOT through the use of Spybot, etc.
And here is the second tidbit (also from the linked article):
Fucking Asshats.
We Mac and *nix users should worry about this. The Internet has gotten much worse over the last five years. The sad thing is that users think that this is part of the normal computing experience. They believe that it is okay for strangers to steal their credit card information. They believe that it is okay for their computer to dial long distance to shady places. They believe that whenever they browse the Internet, hundreds of popups should suddenly appear on the screen, and that software magically installs itself. The worst thing is that people are now starting to distrust free software, which will further set back the deployment of free, open-source software in many places.
It is sad and rediculous to see that the maker of the most common operating system in the world has failed at general security this badly. I would have never imagined a few years ago that Windows would get this bad. It's kind of like that Lion King scene (only analogy I can remember) when Simba returns to the Pride Land after leaving there for many years, watching the destruction of the land that he grew up in. Yet lots of users are still stuck in Windows land and don't have a clue about the outside world. They have been conditioned over the years, first to accept instability (2000 and XP fixed that), and now to accept insecurity. Something needs to change on the computing scene in the next year or so.
This phenomenon is known as slashdotting a site to death. You must be new here? ;)
...but it's still our problem. If people stopped using {spy,ad,mal}ware, those who make it would likewise stop. But while its true that uneducated people are the ones who truly perpetuate all this, it is the task of people who know more to try to educate the ignorant on alternatives. I mean, if we don't use it to help others, what's the point in having knowledge in the first place? So what we more technologically-minded folks can do to help is simply keep plugging away with the educational stuff. After all, community education is what got Open Source projects started in the first place. "There's a better way to do this..." has to be our motto if we want to contribute to fixing this problem. [My first Slashdot post, by the way. :^) ]
OK, how many of you play the role of tech support for your ignorant friends and family members? I do it, and I hate it, as I'm sure many of you do also. So, here's what you do.
First, compile a list of good books for beginners to teach them about their computer. Many of the Dummies books are good places to start. Just get your list together.
Now, the next time that big support call comes...you know the one...the one where the computer is really hosed, take a copy of your list with you and present it to your ignorant user. Tell them that you're going to fix their computer for free one last time, and this is that time. If they want any more, and I mean any more support from you, they must get to work on your reading list the following day. Occasionally, you're going to check in with them and see what they've learned so far. If they stop educating themselves, the support stops, period. No more reformats, no more virus/spyware cleanups, no more help formatting a word processing document. Nothing.
If they look at you dumbfounded, put it to them this way. Most likely, their biggest investment is their home, followed by their car, followed by their computer. There's no good reason that they shouldn't spend some of their time learning how the thing works, especially since you're spending your valuable time fixing it for them. They don't ask you to come over and change their oil, clean their gutters, or unclog their sink, so there's no reason to expect someone to continually fix their computer.
If your plan works, you'll surely get some questions as the person starts to read, but at least they're starting to educate themselves. As for those who won't listen, a couple of trips to the local computer store, at $50 an hour, will sober them up.
How about not allowing me to mass-delete the 151,095 messages in my Spam folder? I'm sure as hell not going to manually delete them out of Gmail 100 at a time.
How about keeping messages dating back to September in my Trash folder, and messages dating back to October in my Spam folder, despite clearly stating that "Spam messages more than 30 days old will be automatically deleted" and "Trashed messages more than 30 days old will be automatically deleted?" How about when the combined messages in Spam and Trash are using 906 MB (91%) of my Gmail storage?
There's nothing I can do to purge them, unless I want to click through more than 1,500 pages worth of spam listings, waiting for each page of 100 spams to load, hitting Select All, and selecting Permanently Delete. It's not going to happen, and there's no reason anyone should have to do that. AOL's mail interface is more intuitive than this, for god's sake.
At Yahoo Mail, I can empty the entire Bulk folder permanently with one click and the drive space is immediately credited back to me. Sure, I don't get a gig of storage there, but seeing as how I have control over what does and doesn't get stored, I don't need it. Gmail is unusable to me until there is a way to mass-delete the contents of the Spam folder all at once.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Azureus. Though, to be fair, Download.com probably didn't add the spyware, but they are definitely distributing a version that has spyware. I mean, how difficult would it be for them to go the sourceforge page of azureus (I'll help them out: it's azureus.sourceforge.net) and serve a version directly from the makers.
In the beginning the universe was created. This made a lot of people very angry and is widely considered as a bad move.
it would be good for us who make money to fix their computers. :)
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
What you do is buy one of those spindles of 50 blank CD-Rs, they'll cost you, what? 50 cents a disk or less.
Download the ISO of TheOpenCD, and burn it onto some of those CD-Rs.
Hand them out to all your Windows-using friends and relatives, pointing out that it's not only Free Software, it doesn't come with any spyware.
Urge them all to duplicate the CD for all their friends and relatives, and point out that such copying is not only legal, but encouraged, as I'm sure is documented in ReadMe files on the CD.
If you don't feel you can afford the cost of the blank CD-Rs, you can ask for a donation of a dollar or two to cover the media and your time.
Request your free CD of my piano music.
I got this warning too (and I'm using Gentoo, heh)
Seems there were sites distributing a spy/malware version of Azureus to people (this includes download.com, shame on them). I hope people wise up.
Just look at this user comment:
"one of the worst bittorent program I ever had. yes, this program can download fast, but it's filled with so many spywares. This program will kill your computer! made my pc ran like turtle and had to reformat it."
Have any of you had this problem? Not me.
It's sad that people would do this with GPL opensource code in an attempt to spread more crap to everyone.
It's entirely possible that these people who are singing the praises of spyware on message boards are paid shills. "It's not so bad! Come and join us!" Somehow it makes me think of some evil character in a fairy tale, trying to persuade the protagonist to turn to sin.
Of course it's perfectly possible to have Free Software without intrusive advertising. Ask Linus. Ask ESR. Ask RMS. Ask Vixie. Ask any of the millions of us around the world, who use and create Free Software! I don't see spyware in my kernel, my mail transport, my compiler, or my command scheduler. I don't see adware in my HTTP server, my FTP server or any of the clients I use with them. And if anyone tried to put it there, I'd just comment it right out of the source code -- and then post the diff files on the Internet, so other people could comment it out too. If I was feeling particularly bothered, I'd actually hack it right open, and make it post lots of bogus information to their servers. I'd post that hack far and wide, too -- and make sure the spyware authors knew I wrote it, so they would have proof of what I thought of them.
Just how difficult is it to block out this spyware, anyway? Can't you just patch the source, or edit the Makefile or whatever Windows uses in place of that, so the spyware portions don't even get compiled? Or do Windows downloads work somehow totally different to Linux and BSD ones?
Je fume. Tu fumes. Nous fûmes!
and each time a moderator just deleted it...
My last post read:
And I wonder how long until they are deleted as well.
Did you notice what it said under the little logo in the upper left corner? Beta.
B-E-T-A.
Google adds stuff to gmail all the time, but whining about it on Slashdot gives little result. Drop them a mail.
I did about POP and SMTP, and they served up secure POP and SMTP when enough people suggested it.
This brings up some really good points.
I was recently in a situation where a guy I know, who actually makes money doing tech services by just consistently networking with people he knows, was working on a mutual friends computer while I was in the area. Kinda hanging around, only paying minimal attention (I don't like to advertise any skill with tech matters, it makes for boring conversation and tons of stupid requests) allowed me to see this guy make some serious errors and oversights, eventually ending with me having to fix the guy's computer so we could listen to this CD a friend brought over. (Somehow he borked it good.) This experience was enlightening for a few reasons:
1) I normally assume people know how to use their computers. It isn't hard, I taught myself everything I know (including programming skills due to demand at previous employers), and wouldn't consider myself supremely educated in CS, but very literate, or versed if you will. Call it computer intuition, or just simply common sense and some experience.
2) People really don't want to know. I hadn't realized this, but explaining things to my friend in very broad detail, after this other guy made some 'obvious' mistakes, only provoked the dullest interest, no real attention what so ever.... yeah, just happily oblivious.
Basically, it is just odd how something so simple can be so flagrantly disregarded by a great majority of people, when the slightest bit research or inquiry on their part could save a ton of time and headaches. But people are just different. I, for one, and probably many of the people here, find it stimulating to do some research on an author when we have finished a book, or on the information contained in an article, or the history of some discovery. The internet and other mediums provide us with a hand-crafted Discovery Channel-style special on any given topic as we choose them. We find this stimulating and helpful in providing conversation fodder for the future. And then there are people that would rather have the Discovery Channel compose their special for them, or, worse yet, ABC or NBC educate them about the modes and methods of CSI or Law & Order.
There is definitely an increasingly bimodal culture in this country (and possibly the world) along lines similar to these, the 'Tell Mes' and the 'Findout For Ourselves' or something similar to that. It is interesting, and should have increasing effects on politics and the economy. I am interested to see what develops.
Of blankness, I know nothing.
Hmmm, I'm sure it's possible that you could get that much spam it seems a little unbelievable to me that you've 906 MB worth of spam for 2 reasons:
1) Most people already have an existing e-mail account and most of their spam is already in those accounts, leaving them to selectively give their gmail account out to only those people they trust.
2) 906 MB worth of spam? DUDE WHAT ARE YOU SMOKING? I don't know what you do with your e-mail account, but I've been averaging about 1 spam mail every 3/4 days, if that.
That being said, you're right, the 'select all' feature ain't implemented very correctly yet, thus as so many people before me have said the operative word is 'BETA'. All you have to do, is ask for that. Finally, gmail is also being opened selective for pop mail access. So quit your whining and use a regular mail client. Now even after all of this, I still don't see how anybody can objectively say that gmail sucks, considering what the competitiors offer. At worst, gmail is probably as good as the rest. Now I just have to figure out how I turned into a gmail fanboy, and we're done...
My Favourite Meme
That's the only way to get users to do anything about it. Scare them. Tell them that their credit card numbers, bank details, personal details, and the like could all be stolen if they're not careful. Instruct them how to protect themselves. If they still refuse to do anything after that, they're beyond help, Give up. It's not the most pleasant way to coerce people to action, but it's effective, and a few less zombie computers (well, close enough...) on the internet won't be doing any harm.
-ReK
md5sum -c reality.md5
reality: FAILED
md5sum: WARNING: 1 of 1 computed checksum did NOT match
But to put it in perspective - I'm sure a professional mechanic would think I'm exactly the same kind of lunatic if he were to have a look at the brakes on my van. I know there's a problem, and I haven't made it a priority to fix it.
You know there's a problem with your brakes, and you choose to ignore it?
This is *worse* than the people who have zombified PCs spewing spam, and don't care; it's on a par with drink-driving.
It wouldn't be a problem if you were the only person at risk from such dangerous behaviour. Heck, some people might suggest it was a good way of cleaning up the gene pool. Unfortunately, like the drink-driver, you aren't alone on the road.
Do us all a favour, and get your brakes fixed, or at least have the grace to wrap your van (and yourself) round a lamppost on some unused road in the middle of nowhere.
(Okay, I'm aware that this probably sounds sanctimonious- my apologies for not phrasing it better).
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
For computers (like you pr0n loving uncle's) that are past the "critical point" of spyware programs (i.e. shitloads of the stuff), think of it like a Wack-A-Mole game. Now, in the case of spyware, think of it like a Wack-A-Mole game with 500, posessed, cracked out, hyperactive, mutant moles that have predator-like camo. Now, just you playing you have little chance of winning. Get your buddies Ad-Aware and Spybot and you have a better chance, but it still sucks. You could play for hours and you MIGHT win eventually. Reformatting is like taking 20 gallons (75.7 L) of gasoline (petrol), dousing the whole game, and having the immense satisfaction of torching the entire thing, moles and all.
There may have been other ways, but the reformat is still the quickest and easiest in some cases. The people I feel real sorry for are the ones who don't even know how to reformat and end up buying another computer (yes, I have met people who have done this).
!hoD
This statement is not founded upon facts.
I work in tech support. These days spyware calls are the largest number of calls we get. Let me tell you a sampling of the problems we face:
1. Customer's system is slow, gets loads of popups and shutting it down takes ages.
2. We try starting it up in safe mode after shutting down non-essential services via msconfig. Many times, though not all, mouse and keyboard freeze and we are unable to proceed in that mode. (No I didn't stop MS services)
3. We uninstall all suspicious programs from control panel (after researching and confirming they are indeed malware). Sometimes it takes the crap out, sometimes it just comes back.
4. It is reported that (though I am not sure) that there is a symbiotic relationship between some spyware and trojans. So if you take a spyware out and the trojan is still present, the trojan pulls back the spyware the next time you go online and similarly spyware pulls back trojan if you take trojan out.
5. Some customers lose internet connectivity. Depending upon the savvy-ness of the customer, we may sit from half-an-hour to 2 hours fixing their Winsock - walking them through registry settings, deleting winsock keys, adding TCP/IP protocol, etc.
You can see that by this time, we have spent quite some time with the customer. And this assumes that everything has gone smoothly. However, in real life, what happens is:
"Sir, please click your start button and then click run."
"I can't find Start button. Oh there it is. Now what is it you wanted me to click?"
and so on...
6. Sometimes, spybot and adaware find hundreds of problems/critical objects (as they call them). You fix them. But the system is still slow. There are no popups but performance is still atrocious. What do you tell the customer now?
7. Repair install or restore *does not* fix the problem. Spyware is insidious enough to remain there.
At this point the customer gets very frustrated. He has typically spent several hours on the phone, first with his ISP and then with us spread over a period of several days sometimes.
I would never call such a person lazy!
So at this point he just wants the problem fixed. Throw the PC out the window or reformat. Clearly, reformat is much less painful than going through hours of registry cleanups, reboots, waits, frustration and lost productivity.
Morever, these people aren't stupid, they just don't know about computers. Lack of knowledge of a particular field does not equal stupidity. For example, many of our customers are doctors, economists, journalists, etc. (One was a very nice old lady trying to get her email working so she could email her grandkid serving in Iraq).
Hence it is my considered opinion that to call people stupid or lazy without having more information is incorrect.