Non-Technical Users Talk Malware

swirsky writes "The Chicago Sun Times is running an article detailing the experiences of non-technical users after they were infected by spyware, malware, and viruses. We cluck our collective tongue and think that we'd never be so stupid, but this is a major problem that plagues personal computing." From the article: "The study found that spyware has disrupted the computer lives of 43 percent of surfers. That means an estimated 59 million people have spyware or adware on their computers, the study found. Adware is defined as tracking programs that come bundled with other software and that users knowingly download, although they don't necessarily want the adware."

Malware == Moolah

[TripMaster+Monkey]

I love malware. Malware removal acounts for probably 65-70% of the bottom line in my business. I'll tell you something else...the $129 average price tag quoted in the article is right on the money.
Personally, I hope nothing is done about the problem. I only wish I could protect my less-technically-inclined family members and friends more effectively, as I don't charge them for removal. :P

Re:Malware == Moolah

[MarkByers]

every infection brings my family members that much closer to letting me switch them over to Linux...

But don't try to force them to make the switch, it will just lead to frustration when thing don't work out as expected because they can't play this-or-that game.

Just leave them with their malware problems and let them figure it out for themselves. Drop the odd hint about never having received a virus if you feel like it. Perhaps they'll get a Mac or something. It's a step in the right direction at least.

Re:Malware == Moolah

[Doc+Ruby]

Wouldn't you rather be expanding the productivity of your customers, rather than just keeping them at "square 1"? If all the production lost to malware were spent on promoting better communications, you'd have at least as many customers. And more produced in exchange for your work (rather than just saved from destruction), which means more wealth to share.

"War is good for the economy" is a fallacy that is true only for weapon makers. Everyone else pays the price. Fear is a motivator, but it produces less than it destroys. I guess some firefighters "love fire", but most would rather be barbecueing.

Re:Malware == Moolah

[plover]

I think joining the "Yay spyware! Keep those fixit dollars rolling my way" chorus is pretty much an assurance that you already have no soul to be sucked.

Perhaps the better question is: how long can this gravy train last? Will Windows ever evolve to the point where spyware won't be a problem again?

.
.
.

HAHAHAAHAAHAHAHAHAHA! Sorry, I knew I couldn't type that and keep a straight face till the end. Congratulations and I hope you make lots of money!

Claria

[MarkByers]

An thanks to Microsoft it looks like *every* Windows computer will be infected with spyware in the next veriosn of Windows.

Re:Claria

[MarkByers]

Some malware replaces adverts of the sites you visit with adverts of the malware author's choice. You say this doesn't affect you.

So you think that it's ok that when you visit your favourite site, all their adverts are replaced by adverts of Microsoft's choice, and your favourite site gets none of the revenue? And when your favourite site ends up having to shut down due to lack of funds, will you still argue that spyware/malware does not affect you?

I thought I was immune too

[ReformedExCon]

I run a firewall, I have my operating system completely patched, and I never open attachments from people I don't know.

Imagine my surprise when I ran AdAware just today and discovered 7 infections.

The real problem is not that there is a bunch of computer illiterate grannies opening every attachment they receive. While that is a factor, the real vulnerability is in the hubris of "power users" who think they can't get infected because they take all the precautions. But as I learned today, sometimes even that is not enough to be completely protected.

Re:I thought I was immune too

[misleb]

Cookies are far too useful to turn off. And they are mostly harmless anyway.

-matthew

not a big surprise, but it's ominous for future

[yagu]

We cluck our collective tongue and think that we'd never be so stupid, but this is a major problem that plagues personal computing.

One small but not insignificant piece of the problem is just that, the attitude among techies that if only the "lusers" would stop being so stupid, they wouldn't have so many problems.

1. they really aren't as stupid as we accuse them of being
2. most of us techies probably would have to admit to an infection or two ourselves, that with our extensive knowledge and background
3. the world of malware is incredibly aggressive at staying ahead of the defensive curve.

I've predicted this before, I'll stand by the prediction, (unless there are quick, effective, and transparent solutions) people eventually will become so fed up with this they will collectively begin to unplug (not necessarily a bad thing) and move on. I have in the last few years established my uneasy peace with Microsoft Windows on my dual boot machines now that XP has reached reasonable stability, but have gotten to the point where I rarely go there anymore because it has ceased being a "boot into" endeavor and instead is almost always a boot, then reboot, and sometimes yet another update and reboot. So much for transparency. I have programs I like to use in Windows I've actually begun to offset by creating my own similar linux functionality (thank Goodness I can code) just because I can't stand the 15 minute preamble to getting up and running in Windows.

On the other hand, my Dad, whom I've spent countless hours coaxing and helping learn Windows and how to use his computer called the other day and said he had disconnected it, and didn't care to ever use it again. I can't blame him.

It's your own fault

I can understand why non-technical users surf with Internet Explorer.

I can understand why technical users use Internet Explorer for Windows Update and a small selection of trusted websites (e.g. online banking) for compatibility.

But I have no sympathy whatsoever for technical users who should know better that continue to use Internet Explorer to visit websites that are in no way trustworthy.

Re:It's your own fault

[Secrity]

I have no sympathy whatsoever for ANY users that continue to use Internet Explorer to visit ANY website. The problem has been talked to death in the popular press and anybody who doesn't realize that there is a major security problem when using Windows and MSIE should not be using a computer. I also believe that anybody who doesn't know that they shouldn't toss a toaster or blow dryer into a bathtub should not be allowed to use any electrical appliance. There is NO difference between ignoring the warnings about computer security and ignoring warnings about the use of other appliances.

...not to mention the ones who don't even know

[fhknack]

That's 43% of the folks surveyed who know they've been bitten. I'd guess there are at least half again as many who don't know that their IE keeps taking them to that new "search screen" because of something they downloaded.

Re:It's not just the non-technical users

[MobyDisk]

I don't get this stuff. I hear this story all the time and I don't believe it. I can't download and execute an EXE file in less than 3 clicks, and that's if I've already done it previously and set it as the default and I use an old version of Internet Explorer.

If you were using Mozilla, you would have had 5 clicks and a double click: Click on the page, then click "Save to Disk" then point to a location, then minimized your browser, then double-clicked the EXE. That's a big accident!

Firefox lets you set a default download location, so that's down to 4 clicks.

Maybe you were using Internet Explorer 6 and had the default operation for EXE files to be to open them. You are down to 3 clicks. You could have clicked the web page, clicked OKAY to the prompt to open the EXE. Then maybe you accidentally clicked OK to the prompt about installing an application from the web that shows in a big warning box telling you about signed and unsigned applications.

Or maybe you were using an old version of Internet Explorer (IE 4? 5?) which doesn't prompt for anything if you have that set as the default. That seems highly unlikely for someone smart enough to know COM and the registry.

Okay, sorry if I am sounding like a jerk. I really just want to know how this can happen!

I have to ask ...

[Kozz]

Not trying to completely berate you here, but I'm genuinely curious as to the level of protection you were using on your PC. Were you surfing with IE at the time? Did you have all the latest windows patches? Also, were you using Spybot S&D's "immunize" function?

I use FF exclusively, unless there's a good reason to view a page in IE. And I always have the latest S&D immunizations for IE. But I'm curious if I'd be just as vulnerable despite these protections.

Re:Just buy a Mac :-)

[Aerog]

Okay, I'm going to bite, because this has been irking me a bit this week.

Macs are not immune to viruses, we just haven't seen a virus or spyware author take the time to exploit it, yet. Why? Because it isn't profitable RIGHT NOW.

1. Lots of users (likely the ones who would initially be succeptible to a virus) are running windows. This makes it easy to spread.
   
2. Most computers run windows. You don't see a lot of human viruses that only attack people with anemia; it's just more profitable to attack the majority (or everything, if you can get it).
   
3. Spyware makes its money on user numbers. The more users you can get, the more you want to develop a product. Why spend the time to write for the small % running macs when you can take some already-proven techniques and go for the big money (i.e. the lots of users) on Windows machines.
   
4. Programmers are lazy. If there isn't a really good reason to do it (i.e. not enough profit potential in their eyes) they generally won't do it unless they're really keen on it. Mostly, these people are not making spyware/viruses.
   

When you see the Mac userbase hit a decent number (and I don't pretend to know what that is) then you'll see spyware and viruses for it. Fact. Until then, stop being a mactard and just deal with the situation at hand: there is a lot of spyware out there and something needs to be done now. That something is not ignoring the problem until it swims up and bites you in the ass.

Re:Just buy a Mac :-)

[FLAGGR]

Uh, the power of unix and the power of microsoft office? What the hell? Mac's are not immune to viruses or spyware, why do you think there are security updates in Software Update? Having a "proprietary user interface and hardware" doesn't stop you from having a blue screen of death, the fact that OSX isnt windows and doesnt have the "blue screen of death" in it is what prevents it. Hell, have you ever had a kernel crash? Those are the same thing (when the screen fades, and a bunch of different languages all saying 'your fucked' (or 'reboot', i can never remember) show on the screen)

Don't troll windows users into switching to mac, I may like it, you may like it, but if theyre fine using windows then let them bitch about spyware.

EULAs, Bill Riders

[Marc2k]

Why exactly is that allowed? At least make the bastards advertise it on par with the 'features'.

Because for legal purposes, they're implicitly required to make you agree to a license agreement, which in most cases does state that, by default, or sometimes as a requirement of the license, they'll be installing the adware on your system.

By contrast, there's no requirement for a company to offer a "feature set" on their website, or anywhere else. I suppose you're proposing something like a Surgeon General's warning on cigarettes, but that seems like overkill to me, and I do hate ad/malware.

But more importantly, this sort of thing is exactly how the legislative branch of the US government works: "Sure, you can have this bill, but we're going to tack on some of our own additions that you probably haven't had time to read." Adware in EULAs Riders on bills. While again, I do hate adware, I really suggest we rout this process from our respective lawmaking bodies before we concentrate on [wah, wah] consumer electronics.

$129 to fix

[MrToast]

Well of course it costs $129 to fix. That's the price of Tiger. Duh.

Securityware

[MarkByers]

'Securityware' or 'Security? Where?' ;)

Seriously though, your post is interesting - I hadn't heard of the term 'securityware' being used before, especially not for malware. I guess that Microsoft will try to spin this into a good thing, if they can't keep it quiet.

Pffft..

[sandman935]

If a company does it, it's called malware. If one of you did it, it's called a virus and you'll be prosecuted.

Re:Ironic

[Dunbal]

the Windows users would be the "cool" hacker group making fun of those linux/Max "newbies"

Rubbish.

When is the last time you changed the windows kernel and recompiled it? What disk is the Windows source code on? Remind me again what compilers Windows comes with? Oh sorry, market share is the ONLY factor that makes linux cool...

Re:Non-techies don't care

[ratboy666]

So your Mom went to the trouble of downloading and installing 1000 programs?

Wow, that's industrious, and she should be commended.

Ignore it, and get on with your life. The CORRECT answer is, as always, that computers just get old, and slow down. There are SPECIALIZED shops that can give them a tune-up, and you don't have the equipment.

Keep repeating that. You KNOW you can't win this battle.

Ratboy.

The strange thing about this article

[Sloppy]

What's funny about this article, is that it does not contain the words "Windows" or "Microsoft".

How can someone "report" (I use that word loosely) on this problem and tiptoe around the huge elephant in the room? In spite of the overall fraction of users that are having problems, spyware is not normal. It is almost entirely contained within one single very specific homogenous portion of the population. To say that computer users suffer from spyware is like saying that Sol 3 lifeforms suffer from tobacco mosaic virus. Yes, it's technically true if you want to get pedantic, but it's hard to believe that a "reporter" (*cough*) could so egregiously overly-generalize unless they intended to mislead.

Re:Just buy a Mac :-)

[Aerog]

No, they are not immune, neither is Linux or any other OS.

Exactly. And I agree wholeheartedly. My point was that we just haven't seen it yet.

The damage is more isolated and easier to clean, unless some moron enters his admin password
This is where it gets interesting. At the moment, a large percentage of Mac users would understand what you mean. I'd bet the same percentage of Windows users would say "What?". This isn't a Windows vs. Mac thing, this is a statistics thing. There's just WAY more Windows users and more users who know a lot about systems will be using something other than Windows, which leaves the majority of users (people who don't know that much about computers - read: some-assembly-required-victims) using the majority OS. That's why there's so much spyware for Windows. It may be a little easier to code, but I doubt that's the only reason.

We'll see Mac spyware just like we'll see Linux, Unix, Solaris, *BSD, etc. spyware: Whenever the user numbers are big enough. And when the user numbers get big enough, expect the user base to include a percentage of AOL-type users who would type in their admin password to get smilies, or have it as their default account because it's convenient. Especially in some cases (I can think of one in my family) where people specifically use their admin account because they don't want to have to be constantly switching; people know enough to know what an admin account is, but not enough about why not to use it.

And, because most of the point of the rest of my comments was lost because the parent was just a troll, the answer is not just 'buy a Mac'.

Re:Yes, it is your own fault. Not the brower's.

[DocSavage64109]

And what if your slot screwdriver was made of wax? Sorry, but crappy tools can make a job very difficult, if not impossible.

Re:Non-techies don't care

[strikethree]

Ignore it, and get on with your life. The CORRECT answer is, as always, that computers just get old, and slow down. There are SPECIALIZED shops that can give them a tune-up, and you don't have the equipment.

Insightful? Computers "get old and slow down"? WTF? A computer runs at the same speed it always has. It does not have arteries that harden.

Maybe what you meant to say is that Microsoft based operating systems tend towards disorder and appear to operate slower as the internals of the operating system creep towards a disjointed state? Regardless, there is only one solution: reformat and reinstall. Nothing specialized needed.

strike