Slashdot Mirror
Non-Technical Users Talk Malware
swirsky writes "The Chicago Sun Times is running an article detailing the experiences of non-technical users after they were infected by spyware, malware, and viruses. We cluck our collective tongue and think that we'd never be so stupid, but this is a major problem that plagues personal computing." From the article: "The study found that spyware has disrupted the computer lives of 43 percent of surfers. That means an estimated 59 million people have spyware or adware on their computers, the study found. Adware is defined as tracking programs that come bundled with other software and that users knowingly download, although they don't necessarily want the adware."
I love malware. Malware removal acounts for probably 65-70% of the bottom line in my business. I'll tell you something else...the $129 average price tag quoted in the article is right on the money.
Personally, I hope nothing is done about the problem. I only wish I could protect my less-technically-inclined family members and friends more effectively, as I don't charge them for removal.
____
~ |rip/\/\aster /\/\onkey
I downloaded my first program with BitTorrent a few weeks ago -- a TV show that my VCR failed to record. While doing that, I accidentally clicked on a certain part of the web page. Bingo slammo, my system was infected with spyware, this nasty Aurora and nail.exe
Being a technical guy, familar with the registry, COM, and how windows works, I went about trying to kill this pesky snake. A few hours later, after saying some words I won't repeat here, I decided to wipe the machine and start over (it was a lighly loaded box, so no major loss)
I could have gotten SoftIce and gone into kernal mode to trap this bastard, but it was way beyond my effort vs. reward tolerence level. Spyware has gotten so complicated and sneaky nowadays: to me it is worse of a threat than virsuses ever were.
Now I run double anti-spyware programs in addition to my A/V and firewall. I think that we technical people are also misunderestimating the danger posed by this junk to our own machines.
Run With the Bulls, Swim With the Sharks
An thanks to Microsoft it looks like *every* Windows computer will be infected with spyware in the next veriosn of Windows.
I'll probably be modded down for this...
Ah nevah though' that purpled monkeh wha' read my emails coulda ever stoled mah password!
503 Sig Unavailable
The Signature could not be accessed. Please try again later or contact the administrator
I run a firewall, I have my operating system completely patched, and I never open attachments from people I don't know.
Imagine my surprise when I ran AdAware just today and discovered 7 infections.
The real problem is not that there is a bunch of computer illiterate grannies opening every attachment they receive. While that is a factor, the real vulnerability is in the hubris of "power users" who think they can't get infected because they take all the precautions. But as I learned today, sometimes even that is not enough to be completely protected.
Jesus saved me from my past. He can save you as well.
One small but not insignificant piece of the problem is just that, the attitude among techies that if only the "lusers" would stop being so stupid, they wouldn't have so many problems.
I've predicted this before, I'll stand by the prediction, (unless there are quick, effective, and transparent solutions) people eventually will become so fed up with this they will collectively begin to unplug (not necessarily a bad thing) and move on. I have in the last few years established my uneasy peace with Microsoft Windows on my dual boot machines now that XP has reached reasonable stability, but have gotten to the point where I rarely go there anymore because it has ceased being a "boot into" endeavor and instead is almost always a boot, then reboot, and sometimes yet another update and reboot. So much for transparency. I have programs I like to use in Windows I've actually begun to offset by creating my own similar linux functionality (thank Goodness I can code) just because I can't stand the 15 minute preamble to getting up and running in Windows.
On the other hand, my Dad, whom I've spent countless hours coaxing and helping learn Windows and how to use his computer called the other day and said he had disconnected it, and didn't care to ever use it again. I can't blame him.
Malware?? I thought the porn popups were a feature!!
I have no spyware or malware on my computer. I only download good programs, like Bonzai Buddy and smilies for my Outlook Express. When I am not using my computer, and while I am using my computer too, I let my computer send out e-mail and perform security audits on other Microsoft Windows computers! In exchange, I get free, unlimited access to special money saving offers for products from many reputable companies, such as Pfizer.
Powered by caffeine and sugar; BSD
I can understand why non-technical users surf with Internet Explorer.
I can understand why technical users use Internet Explorer for Windows Update and a small selection of trusted websites (e.g. online banking) for compatibility.
But I have no sympathy whatsoever for technical users who should know better that continue to use Internet Explorer to visit websites that are in no way trustworthy.
people eventually will become so fed up with this they will collectively begin to unplug (not necessarily a bad thing) and move on.
Definately not! If all the idiots on the internet would simply unplug it would
Honestly, I believe you should require some sort of license before operating the internet. You need a license to drive a car because you are putting other peoples lives in your hands. You need a license to fly for the same reason.
You need a license to sell stocks and be bonded by the securities commission. You need a license to sell insurance.
Why do you need a license for all of the above? Because what those people are doing is dangerous! Not necessarily to them, but to others as well.
How is the internet any different. Its estimated that viruses, spyware. and DDoS attacks cost over Billions of dollars.. They slow VoIP systems, they slow regular phone lines, they can mess up cable TV. If messing up necessary communications tools isnt dangerous, what is!
People ain't up to the task of using a computer. Most people are frightened, they have no idea what's going on... they merely repeat cryptic memorized sequence of actions to do everyday tasks but they are just not "getting it". Sad news: this is unavoidable, a gap is going to widen between people. Earlier "breaktrhoughs" in technology didn't need much understanding... take the wheel. But the automobile has been around since a century and people still can't drive ! Ever wonder why plane is safer than road ? The car is not intrinsequely more dangerous, on the contrary, but generally the pilots are trained professionals. I think technology is going to split between ultra-simple computers meant for web (and web will include applications such as wordprocessing etc) and the real-thing.
\u262D = \u5350
That's 43% of the folks surveyed who know they've been bitten. I'd guess there are at least half again as many who don't know that their IE keeps taking them to that new "search screen" because of something they downloaded.
I personally run Debian Linux as desktop OS on my desktop machines, and the *BSDs on my firewall and server machines and entrust my source backup to the FreeBSD machine with NFS, but it is not hard to have a Windows machine that is spyware free. I have my grandparents, non computer savvy teachers, and many relatives who call me "computer whiz" (which is annoying) setup with Firefox and a software firewall (I'm not going to setup an OpenBSD machine to firewall unless they give me more than four litres of Mountain Dew) and they have no problems. They all run Windows {XP, ME, 2000, 98} without problems. With Firefox and gmail, they have never complained about the computer "being slow" or "crashing alot" now. This is a simple solution that ISPs like Adelphia should solicit to customers, instead of blooding blocking ports to "protect" less competent users, and annoy the rest of us like me. These teachers and relatives are soliciting Firefox, gmail, and a software firewall to all their contacts.
Powered by caffeine and sugar; BSD
Not trying to completely berate you here, but I'm genuinely curious as to the level of protection you were using on your PC. Were you surfing with IE at the time? Did you have all the latest windows patches? Also, were you using Spybot S&D's "immunize" function?
I use FF exclusively, unless there's a good reason to view a page in IE. And I always have the latest S&D immunizations for IE. But I'm curious if I'd be just as vulnerable despite these protections.
I only post comments when someone on the internet is wrong.
"There is a trust gap,'' said Douglas Sabo, a member of the board of directors for the National Cyber Security Alliance, which did that study. Consumers believe they are safer than they actually are, he said.
Wow, what insight!!! You could apply this statement to how people relate to today's government, media and advertising.
The bottom line is that people need to be vigilant about security in whatever they are doing. The computer software manufacturers need to stop spyware and adware as a built-in feature, not as a free download from an obscure website. But then again, who is profiting from all this spyware and adware? Most likely it includes some of the same people who are trying to stop it.
It does provide a need for tech workers to fix these problems ---- as its only bright side.
He who knows best knows how little he knows. - Thomas Jefferson
At home I use slackware and OS X (and a well firewalled, FireFox-ed and Thunderbird-ed Win2k box,) but I have witnessed the people at the bank where I am consulting go nuts whenever one of their machines get infected.
A consultant got banned after his laptop got infected from a connection at a hotel while getting his mail and some crap got through when he connected to the bank.
There are over 20k boxes at the bank and they take a bird if any of them would ge anything that would behave like spyware. They might monitor your keystrokes but they would hate like hell if somebody else did it. Its their equipment after all.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Macs are not immune to viruses, we just haven't seen a virus or spyware author take the time to exploit it, yet. Why? Because it isn't profitable RIGHT NOW.
When you see the Mac userbase hit a decent number (and I don't pretend to know what that is) then you'll see spyware and viruses for it. Fact. Until then, stop being a mactard and just deal with the situation at hand: there is a lot of spyware out there and something needs to be done now. That something is not ignoring the problem until it swims up and bites you in the ass.
- Relativistic? That's barely Newtonian!
My experience is as follows.
My mother got a new PC about Feb last year, it had XP installed on it (not by me) and since her Internet access would be coming through my PC through NAT, I asked her to install Mozilla on it to stop her getting malware. She immediately told me she didn't want "any of that Linux crap" on her PC.
Fast forward a couple of months. She was complaining about, among other things, porn popups and the fact that her PC was slowing down to a crawl. She and my brother had installed, among other things, lots of casino programs, Kazaa and had been using only IE to browse the web. A quick scan with Ad-Aware revealed 1000 infections. This time I set Ad-Aware to run a scan at every system startup, removed access to IE and told her to use Firefox. This time, she went schizo and I had to shout her down and get someone else involved to point out to her that using IE was a bad thing.
Normal users don't care. End of.
By summer it was all gone...now shesmovedon. --
Gator, er, Claria, is not spyware.
Gator CPO at the Department of Homeland Security.
Legitimized by Microsoft and with representation on HomeSec DPIAC, Gator is now officially securityware, Citizen!
And if you've got some sort of problem with that, take it up with the boss, namely HomeSec's Chief Privacy Officer. She's none other than Nuala O'Connor-Kelly, formerly of Doubleclick.
What's with the head-on-desk-thumping motion? I'm not demented enough to make this shit up!
Uh, the power of unix and the power of microsoft office? What the hell? Mac's are not immune to viruses or spyware, why do you think there are security updates in Software Update? Having a "proprietary user interface and hardware" doesn't stop you from having a blue screen of death, the fact that OSX isnt windows and doesnt have the "blue screen of death" in it is what prevents it. Hell, have you ever had a kernel crash? Those are the same thing (when the screen fades, and a bunch of different languages all saying 'your fucked' (or 'reboot', i can never remember) show on the screen)
Don't troll windows users into switching to mac, I may like it, you may like it, but if theyre fine using windows then let them bitch about spyware.
Why exactly is that allowed? At least make the bastards advertise it on par with the 'features'.
Because for legal purposes, they're implicitly required to make you agree to a license agreement, which in most cases does state that, by default, or sometimes as a requirement of the license, they'll be installing the adware on your system.
By contrast, there's no requirement for a company to offer a "feature set" on their website, or anywhere else. I suppose you're proposing something like a Surgeon General's warning on cigarettes, but that seems like overkill to me, and I do hate ad/malware.
But more importantly, this sort of thing is exactly how the legislative branch of the US government works: "Sure, you can have this bill, but we're going to tack on some of our own additions that you probably haven't had time to read." Adware in EULAs Riders on bills. While again, I do hate adware, I really suggest we rout this process from our respective lawmaking bodies before we concentrate on [wah, wah] consumer electronics.
--- What
BBC news have also run a similar story recently.
http://news.bbc.co.uk/1/hi/technology/4659145.stm
Also says that 90% of Americans have changed their surfing habits, so it can't be all bad...
If anyone here dares to welcome our new spyware overlords, I'll revoke his geek license and kick his first post to where Soviet Russia welcomes YOU!
First off, I love Linux, have been using it since '99 (SuSE, RH, FC, SlackWare), still use it constantly, am part of a local Linux users group, etc; /. acting as if the use of any MS product or platform is somehow a cardinal sin and an open invitation to get \cr@cked\.
HOWEVER, I'm sick and very tired of many posters here on
Give me a freekin break. First off, I agree that Windows is less secure than Linux out of the box. But with the proper configurations and preparations (which I won't go into because we all know what they are) a WinXP box is a very useful tool and can be used safely in an internet connected world.
Yes, your typical user who buys an HP from CompUSA or where ever will most likely not know how to tighten up their box and connection. But this isn't solely MS's fault. The culture of technology we are now immersed in requires constant learning and updating of even the most mediocre of technical skills to use our devices safely and correctly. Most people in our society don't find this an _acceptable_lifestyle_.
They simply want something akin to a Television.
Turn it on and change the channels!
Until a 'safe' internet device is used by the masses, malware and its kind will continue to proliferate.
We play the game with the bravery of being out of range
People ain't up to the task of using a computer. Most people are frightened, they have no idea what's going on... they merely repeat cryptic memorized sequence of actions to do everyday tasks but they are just not "getting it". Sad news: this is unavoidable, a gap is going to widen between people.
After dealing with this sort of problem for years, my conclusion is that there are two types of people in the world:
a) Those who need instructions and learn new things by learning those instructions, and
b) Those who don't need instructions and learn new things by grasping the underlying behavior behind the system.
That's basically the difference. Most people aren't stupid, but a lot of them fall in the type A category above. These people have trouble with computers. They also have trouble trying to, say, fix a car. They cook by reading a receipe and following those instructions, possibly introducing minor variations on that theme. This basic underlying behavior applies to all facets of everything they do. They're not incapable of learning, but they need some form of step by step to learn it from.
But a type B person figures out how the thing works and then works his way up to how to do specific things. A lot of auto mechanics fall into this category. All "hacker" types do as well. A large number of your better chefs do too. They grasp the basic principles behind whatever it is they do, and then simply figure out the specifics each time, based on their knowledge of those principles.
That's my opinion, anyway.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Well of course it costs $129 to fix. That's the price of Tiger. Duh.
'Securityware' or 'Security? Where?' ;)
Seriously though, your post is interesting - I hadn't heard of the term 'securityware' being used before, especially not for malware. I guess that Microsoft will try to spin this into a good thing, if they can't keep it quiet.
I'll probably be modded down for this...
If a company does it, it's called malware. If one of you did it, it's called a virus and you'll be prosecuted.
Defecation occurs.
Since I didn't want to spend time cleaning my friends and family members' machines the mac mini made it perfect for me. I made my sister switch to a very inexpensive mac and voila.
This is totally insecure, but very convenient.
the Windows users would be the "cool" hacker group making fun of those linux/Max "newbies"
Rubbish.
When is the last time you changed the windows kernel and recompiled it? What disk is the Windows source code on? Remind me again what compilers Windows comes with? Oh sorry, market share is the ONLY factor that makes linux cool...
Seven puppies were harmed during the making of this post.
One one hand, spyware is some pretty evil stuff. There are little weasel programs I've spent quite a bit of time trying to get out of systems.
On the other hand, I get paid to do that. I just did one small company with 5 computers that was literally shut down because they couldn't do anything on their systems. Spyware is a problem on just about every single "joe average" computer that I have seen lately. The problem, of course, is going to get worse as long as Windows continues to allow users to run with privileged access by default.
I don't feel like going into a Microsoft rant - I'm sure it would be preaching to the choir anyway. I would like to share effective tools in my warchest for cleaning out spyware -
Ad-Aware - My favorite anti-spyware program right now. Gets about 95% of baddies.
HiJack This! - Cleans up anything that Ad-Aware may have left behind. It scans all startup regkeys, services, and BHO IE extension keys and lets you select which ones to nuke. BE CAREFUL, it lists both the good and the bad. If you don't know what a process is, google for it before you remove its key.
There are many other useful tools on this download page as well, like LSPFix. This program will fix the mess left by programs that mess with your TCP stack, such as New Net, whos manual removal can disable your Internet access completely.
Pocket KillBox - You know those processes that come back from the dead after you kill them? Can't delete the EXE because it's locked in both normal and safe modes? Pocket Killbox is what you need. If it can't delete the file outright, it can temporarily end the Explorer task and try it that way. If that doesn't work, it can use Windows' replace-on-reboot function to swap the EXE with a dummy file on the next reboot. Very handy for getting rid of the most nefarious of processes.
Spyware Blaster - Pre-emptive spyware prevention. The interesting thing about this program is that it doesn't remain resident in memory. Instead, it writes files and regkeys to your system that prevent the spyware from installing. Adding and removing protection can be done in one click.
-R
The mac had a fair number of viruses back around 1992-1994 when OS7 came out. At that point many schools were buying color macs (II series, then centra, then quadra) since they were far superior (graphically and in some means, performance-wise) to the PCs at that point. This happened to coincide with the beginning of internet use and networking in many schools, and quite a few viruses got prolific amongst the macs, at least in my school system. The only half-decent AV product at the time was from Norton, but even it was awful since it was really slow and wrote about 10MB of files in directories which the mac GUI couldn't locate (which was a fairly nasty surprise given how small hard discs were then)... it was nasty. I remember moving to win95B boxes (we skipped 95 initially) and being impressed with having fewer viruses and nuisances than on the mac. Granted, things have changed a bit.
Ooh Oooh me me! I want it! It will be like my computer is talking to me! After all its Bonzo buddy so he must be friendly!
And all those popups, its like a big game where you get to try and close the windows faster than the computer can display them! I got 50 today but am hoping to beat that score tomorrow. Also this nice girl called Jenny says she wants me, but I've been having problems with my computer and can't get online to talk to her.
Warning, comments may not have been passed by the sanity department of my brain.
How can someone "report" (I use that word loosely) on this problem and tiptoe around the huge elephant in the room? In spite of the overall fraction of users that are having problems, spyware is not normal. It is almost entirely contained within one single very specific homogenous portion of the population. To say that computer users suffer from spyware is like saying that Sol 3 lifeforms suffer from tobacco mosaic virus. Yes, it's technically true if you want to get pedantic, but it's hard to believe that a "reporter" (*cough*) could so egregiously overly-generalize unless they intended to mislead.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
malware is a mind-bogglingly huge problem for the library I work for. I can't tell you (no, really) how many thousands of dollars the county has had to spend updating and maintaining public terminals that just get reinfected over and over again. and who picks up the tab? the county residents, many of whom probably don't even use the internet at the library.
For those interested, here is another article just popped up in the Seattle Times on the very same thing. I think the claims on "reaction" to spyware are a little more gentle (e.g., being more vigilant... what the heck is that?, and what added benefit does it really bring?). Regardless, enjoy... it's a good enough read to take a look.
No, they are not immune, neither is Linux or any other OS.
Exactly. And I agree wholeheartedly. My point was that we just haven't seen it yet.
The damage is more isolated and easier to clean, unless some moron enters his admin password
This is where it gets interesting. At the moment, a large percentage of Mac users would understand what you mean. I'd bet the same percentage of Windows users would say "What?". This isn't a Windows vs. Mac thing, this is a statistics thing. There's just WAY more Windows users and more users who know a lot about systems will be using something other than Windows, which leaves the majority of users (people who don't know that much about computers - read: some-assembly-required-victims) using the majority OS. That's why there's so much spyware for Windows. It may be a little easier to code, but I doubt that's the only reason.
We'll see Mac spyware just like we'll see Linux, Unix, Solaris, *BSD, etc. spyware: Whenever the user numbers are big enough. And when the user numbers get big enough, expect the user base to include a percentage of AOL-type users who would type in their admin password to get smilies, or have it as their default account because it's convenient. Especially in some cases (I can think of one in my family) where people specifically use their admin account because they don't want to have to be constantly switching; people know enough to know what an admin account is, but not enough about why not to use it.
And, because most of the point of the rest of my comments was lost because the parent was just a troll, the answer is not just 'buy a Mac'.
- Relativistic? That's barely Newtonian!
(Below is a paste of my post from above.)
Apache has > 60% marketshare, yet IIS has more vulernabilities.
The whole "windows gets infected more because more people are targeting it" argument doesn't hold up - otherwise, apache would have more security problems than IIS.
feh. stuff.
And what if your slot screwdriver was made of wax? Sorry, but crappy tools can make a job very difficult, if not impossible.
True, Macs aren't immune, but you're missing a few points. It's harder to make a good virus/spyware/trojan for Macs than it is for Windows. Here are a few reasons why that is: