Non-Technical Users Talk Malware

swirsky writes "The Chicago Sun Times is running an article detailing the experiences of non-technical users after they were infected by spyware, malware, and viruses. We cluck our collective tongue and think that we'd never be so stupid, but this is a major problem that plagues personal computing." From the article: "The study found that spyware has disrupted the computer lives of 43 percent of surfers. That means an estimated 59 million people have spyware or adware on their computers, the study found. Adware is defined as tracking programs that come bundled with other software and that users knowingly download, although they don't necessarily want the adware."

Malware == Moolah

[TripMaster+Monkey]

I love malware. Malware removal acounts for probably 65-70% of the bottom line in my business. I'll tell you something else...the $129 average price tag quoted in the article is right on the money.
Personally, I hope nothing is done about the problem. I only wish I could protect my less-technically-inclined family members and friends more effectively, as I don't charge them for removal. :P

Re:Malware == Moolah

[qbasicnewbie]

Although I don't charge for malware removal (on my family's machines), I know a kid not much older than myself (I'm 15, I thin he's 17) that runs a business centered around this sort of thing....He is apparently doing very well... p.s. I must say I have to agree. I love malware as well, but for a different reason...every infection brings my family members that much closer to letting me switch them over to Linux...

Re:Malware == Moolah

[lucabrasi999]

I'll tell you something else...the $129 average price tag quoted in the article is right on the money.

Bah, I could find an overseas resource to do the same thing for $12.

Re:Malware == Moolah

[MarkByers]

every infection brings my family members that much closer to letting me switch them over to Linux...

But don't try to force them to make the switch, it will just lead to frustration when thing don't work out as expected because they can't play this-or-that game.

Just leave them with their malware problems and let them figure it out for themselves. Drop the odd hint about never having received a virus if you feel like it. Perhaps they'll get a Mac or something. It's a step in the right direction at least.

Re:Malware == Moolah

[v1]

We must be giving our customers quite a deal - most of our service is covered in 1 hour's time, $80.25 w/tax. I've watched our PC tech clean up computers on several occasions, and it astounds me how much you really need to know to pull that crap out, even with the automated programs. After he runs two or three apps, he opens up folders and goes recursively through them all, and selects what appear to be a random assortment of folders and files and deletes them. "All of this is spyware." These things are named in such a way as to look like they belong, and it's amazing that anyone can remember all the "bad" names from the good. That being said though, the PCs usually spend about 2 hours on the bench, mostly spent scanning while he works on another machine that needs more focus.

I'm the mac tech so I don't see the spyware first-hand but I know it keeps the PC tech pleanty busy. Most entertaining aspect of spyware: when one of the other employees uses the PC tech's PC to web browse, and he comes in to find popups on his own machine. hehe..

Then there are the oh... 1 in 15 customers that can bring in their machine every two weeks to have us remove the spyware, again. Some customers just can't get "don't click the popup's close button" through their head. There ought to be a simple law that states that "any software installer must clearly label the buttons and other control areas in their installer, such that there can be no confusion or deception as to the function of each control, whereas a user could be tricked into allowing the installation without his consent."

Re:Malware == Moolah

[tehshen]

Bah, I could find an overseas resource to do the same thing for $12.

I downloaded a desktop assistant that does the same thing for free!

Re:Malware == Moolah

[Doc+Ruby]

Wouldn't you rather be expanding the productivity of your customers, rather than just keeping them at "square 1"? If all the production lost to malware were spent on promoting better communications, you'd have at least as many customers. And more produced in exchange for your work (rather than just saved from destruction), which means more wealth to share.

"War is good for the economy" is a fallacy that is true only for weapon makers. Everyone else pays the price. Fear is a motivator, but it produces less than it destroys. I guess some firefighters "love fire", but most would rather be barbecueing.

Re:Malware == Moolah

[dlZ]

I can't agree more. At least 75% of my business comes from spyware removal, and we're starting to get a lot of new customers who were sick of other shops just wiping their systems, not evening performing backups properly. The fact that we actually fix the machines, and in a worst case scenerio, create a real backup and then reinstall, brings us a ton of customers.

I luckily don't have to deal with the family removal issues. The one family member that is constantly infecting her machine lives no where near me, and my local family is very knowledgable (only one Windows user, my mom, and she keeps her machine so clean. Uses Firefox, and used Opera before that, with no input from me. Only problem is if she does call me, it means something is really broken and beyond her ability to fix it.)

I'll also agree that figure is pretty spot on for removal costs.

It's not just the non-technical users

[DanielMarkham]

I downloaded my first program with BitTorrent a few weeks ago -- a TV show that my VCR failed to record. While doing that, I accidentally clicked on a certain part of the web page. Bingo slammo, my system was infected with spyware, this nasty Aurora and nail.exe
Being a technical guy, familar with the registry, COM, and how windows works, I went about trying to kill this pesky snake. A few hours later, after saying some words I won't repeat here, I decided to wipe the machine and start over (it was a lighly loaded box, so no major loss)
I could have gotten SoftIce and gone into kernal mode to trap this bastard, but it was way beyond my effort vs. reward tolerence level. Spyware has gotten so complicated and sneaky nowadays: to me it is worse of a threat than virsuses ever were.
Now I run double anti-spyware programs in addition to my A/V and firewall. I think that we technical people are also misunderestimating the danger posed by this junk to our own machines.


Run With the Bulls, Swim With the Sharks

Re:It's not just the non-technical users

[guitaristx]

I think that we technical people are also misunderestimating the danger posed by this junk to our own machines.

I think we technical people are "misunderestimating" our own grasp of the English language.

Re:It's not just the non-technical users

[MobyDisk]

I don't get this stuff. I hear this story all the time and I don't believe it. I can't download and execute an EXE file in less than 3 clicks, and that's if I've already done it previously and set it as the default and I use an old version of Internet Explorer.

If you were using Mozilla, you would have had 5 clicks and a double click: Click on the page, then click "Save to Disk" then point to a location, then minimized your browser, then double-clicked the EXE. That's a big accident!

Firefox lets you set a default download location, so that's down to 4 clicks.

Maybe you were using Internet Explorer 6 and had the default operation for EXE files to be to open them. You are down to 3 clicks. You could have clicked the web page, clicked OKAY to the prompt to open the EXE. Then maybe you accidentally clicked OK to the prompt about installing an application from the web that shows in a big warning box telling you about signed and unsigned applications.

Or maybe you were using an old version of Internet Explorer (IE 4? 5?) which doesn't prompt for anything if you have that set as the default. That seems highly unlikely for someone smart enough to know COM and the registry.

Okay, sorry if I am sounding like a jerk. I really just want to know how this can happen!

Re:It's not just the non-technical users

spayware

I didn't know software could do that.

Re:It's not just the non-technical users

[malcomvetter]

You're not going to want to hear this, but anyway ...

You could have *_avoided_* all of that if you just ran your box as a user, and elevated to admin when needed.

Mor info on the non-admin experience

Re:It's not just the non-technical users

[AnObfuscator]

Okay, sorry if I am sounding like a jerk. I really just want to know how this can happen!

You somehow assume that you actually have to "click" a link and "save to disk" to download a file through IE. This is not so. Sites can use IE to install software on your computer, without your knowledge, even with all the preventative measures you mentioned. This is possible with what are known as "exploits" in the system. The insecurity of IE is not so much the default settings, as it is that changing the settings means practically nothing. That is why IE is flawed and broken beyond belief with critical security vunerabilities.

If you want to see how easily a PC is infected without you clicking, saving, or knowing ANYTHING, this series of articles will help: http://isc.sans.org/diary.php?date=2004-07-23

Claria

[MarkByers]

An thanks to Microsoft it looks like *every* Windows computer will be infected with spyware in the next veriosn of Windows.

Re:Claria

[MarkByers]

Some malware replaces adverts of the sites you visit with adverts of the malware author's choice. You say this doesn't affect you.

So you think that it's ok that when you visit your favourite site, all their adverts are replaced by adverts of Microsoft's choice, and your favourite site gets none of the revenue? And when your favourite site ends up having to shut down due to lack of funds, will you still argue that spyware/malware does not affect you?

I thought I was immune too

[ReformedExCon]

I run a firewall, I have my operating system completely patched, and I never open attachments from people I don't know.

Imagine my surprise when I ran AdAware just today and discovered 7 infections.

The real problem is not that there is a bunch of computer illiterate grannies opening every attachment they receive. While that is a factor, the real vulnerability is in the hubris of "power users" who think they can't get infected because they take all the precautions. But as I learned today, sometimes even that is not enough to be completely protected.

Re:I thought I was immune too

[MoonFog]

How many were cookies? The only adware I've really got were tracker cookies from doubleclick etc. Those are recognised as infections in AdAware, and they are easy to get if you forget to turn off cookies.

not a big surprise, but it's ominous for future

[yagu]

We cluck our collective tongue and think that we'd never be so stupid, but this is a major problem that plagues personal computing.

One small but not insignificant piece of the problem is just that, the attitude among techies that if only the "lusers" would stop being so stupid, they wouldn't have so many problems.

1. they really aren't as stupid as we accuse them of being
2. most of us techies probably would have to admit to an infection or two ourselves, that with our extensive knowledge and background
3. the world of malware is incredibly aggressive at staying ahead of the defensive curve.

I've predicted this before, I'll stand by the prediction, (unless there are quick, effective, and transparent solutions) people eventually will become so fed up with this they will collectively begin to unplug (not necessarily a bad thing) and move on. I have in the last few years established my uneasy peace with Microsoft Windows on my dual boot machines now that XP has reached reasonable stability, but have gotten to the point where I rarely go there anymore because it has ceased being a "boot into" endeavor and instead is almost always a boot, then reboot, and sometimes yet another update and reboot. So much for transparency. I have programs I like to use in Windows I've actually begun to offset by creating my own similar linux functionality (thank Goodness I can code) just because I can't stand the 15 minute preamble to getting up and running in Windows.

On the other hand, my Dad, whom I've spent countless hours coaxing and helping learn Windows and how to use his computer called the other day and said he had disconnected it, and didn't care to ever use it again. I can't blame him.

No spyware, malware

[Krankheit]

I have no spyware or malware on my computer. I only download good programs, like Bonzai Buddy and smilies for my Outlook Express. When I am not using my computer, and while I am using my computer too, I let my computer send out e-mail and perform security audits on other Microsoft Windows computers! In exchange, I get free, unlimited access to special money saving offers for products from many reputable companies, such as Pfizer.

It's your own fault

I can understand why non-technical users surf with Internet Explorer.

I can understand why technical users use Internet Explorer for Windows Update and a small selection of trusted websites (e.g. online banking) for compatibility.

But I have no sympathy whatsoever for technical users who should know better that continue to use Internet Explorer to visit websites that are in no way trustworthy.

...not to mention the ones who don't even know

[fhknack]

That's 43% of the folks surveyed who know they've been bitten. I'd guess there are at least half again as many who don't know that their IE keeps taking them to that new "search screen" because of something they downloaded.

Spyware & Windows

[Krankheit]

I personally run Debian Linux as desktop OS on my desktop machines, and the *BSDs on my firewall and server machines and entrust my source backup to the FreeBSD machine with NFS, but it is not hard to have a Windows machine that is spyware free. I have my grandparents, non computer savvy teachers, and many relatives who call me "computer whiz" (which is annoying) setup with Firefox and a software firewall (I'm not going to setup an OpenBSD machine to firewall unless they give me more than four litres of Mountain Dew) and they have no problems. They all run Windows {XP, ME, 2000, 98} without problems. With Firefox and gmail, they have never complained about the computer "being slow" or "crashing alot" now. This is a simple solution that ISPs like Adelphia should solicit to customers, instead of blooding blocking ports to "protect" less competent users, and annoy the rest of us like me. These teachers and relatives are soliciting Firefox, gmail, and a software firewall to all their contacts.

The "Trust Gap"

[digitaldc]

"There is a trust gap,'' said Douglas Sabo, a member of the board of directors for the National Cyber Security Alliance, which did that study. Consumers believe they are safer than they actually are, he said.
Wow, what insight!!! You could apply this statement to how people relate to today's government, media and advertising.
The bottom line is that people need to be vigilant about security in whatever they are doing. The computer software manufacturers need to stop spyware and adware as a built-in feature, not as a free download from an obscure website. But then again, who is profiting from all this spyware and adware? Most likely it includes some of the same people who are trying to stop it.
It does provide a need for tech workers to fix these problems ---- as its only bright side.

Re:Just buy a Mac :-)

[Aerog]

Okay, I'm going to bite, because this has been irking me a bit this week.

Macs are not immune to viruses, we just haven't seen a virus or spyware author take the time to exploit it, yet. Why? Because it isn't profitable RIGHT NOW.

1. Lots of users (likely the ones who would initially be succeptible to a virus) are running windows. This makes it easy to spread.
   
2. Most computers run windows. You don't see a lot of human viruses that only attack people with anemia; it's just more profitable to attack the majority (or everything, if you can get it).
   
3. Spyware makes its money on user numbers. The more users you can get, the more you want to develop a product. Why spend the time to write for the small % running macs when you can take some already-proven techniques and go for the big money (i.e. the lots of users) on Windows machines.
   
4. Programmers are lazy. If there isn't a really good reason to do it (i.e. not enough profit potential in their eyes) they generally won't do it unless they're really keen on it. Mostly, these people are not making spyware/viruses.
   

When you see the Mac userbase hit a decent number (and I don't pretend to know what that is) then you'll see spyware and viruses for it. Fact. Until then, stop being a mactard and just deal with the situation at hand: there is a lot of spyware out there and something needs to be done now. That something is not ignoring the problem until it swims up and bites you in the ass.

Claria and HomeSec

[Tackhead]

> An thanks to Microsoft it looks like *every* Windows computer will be infected with spyware in the next veriosn of Windows.

Gator, er, Claria, is not spyware.

Gator CPO at the Department of Homeland Security.

D. Reed Freeman, the "Chief Privacy Officer" of Claria Networks (formerly Gator), the creators of the pervasive spyware package GAIN, has been appointed to the Department of Homeland Security's "Data Privacy and Integrity Advisory Committee"

Legitimized by Microsoft and with representation on HomeSec DPIAC, Gator is now officially securityware, Citizen!

And if you've got some sort of problem with that, take it up with the boss, namely HomeSec's Chief Privacy Officer. She's none other than Nuala O'Connor-Kelly, formerly of Doubleclick.

What's with the head-on-desk-thumping motion? I'm not demented enough to make this shit up!

EULAs, Bill Riders

[Marc2k]

Why exactly is that allowed? At least make the bastards advertise it on par with the 'features'.

Because for legal purposes, they're implicitly required to make you agree to a license agreement, which in most cases does state that, by default, or sometimes as a requirement of the license, they'll be installing the adware on your system.

By contrast, there's no requirement for a company to offer a "feature set" on their website, or anywhere else. I suppose you're proposing something like a Surgeon General's warning on cigarettes, but that seems like overkill to me, and I do hate ad/malware.

But more importantly, this sort of thing is exactly how the legislative branch of the US government works: "Sure, you can have this bill, but we're going to tack on some of our own additions that you probably haven't had time to read." Adware in EULAs Riders on bills. While again, I do hate adware, I really suggest we rout this process from our respective lawmaking bodies before we concentrate on [wah, wah] consumer electronics.

$129 to fix

[MrToast]

Well of course it costs $129 to fix. That's the price of Tiger. Duh.

Securityware

[MarkByers]

'Securityware' or 'Security? Where?' ;)

Seriously though, your post is interesting - I hadn't heard of the term 'securityware' being used before, especially not for malware. I guess that Microsoft will try to spin this into a good thing, if they can't keep it quiet.

Malware - Love it AND hate it

[retro128]

One one hand, spyware is some pretty evil stuff. There are little weasel programs I've spent quite a bit of time trying to get out of systems.

On the other hand, I get paid to do that. I just did one small company with 5 computers that was literally shut down because they couldn't do anything on their systems. Spyware is a problem on just about every single "joe average" computer that I have seen lately. The problem, of course, is going to get worse as long as Windows continues to allow users to run with privileged access by default.

I don't feel like going into a Microsoft rant - I'm sure it would be preaching to the choir anyway. I would like to share effective tools in my warchest for cleaning out spyware -

Ad-Aware - My favorite anti-spyware program right now. Gets about 95% of baddies.

HiJack This! - Cleans up anything that Ad-Aware may have left behind. It scans all startup regkeys, services, and BHO IE extension keys and lets you select which ones to nuke. BE CAREFUL, it lists both the good and the bad. If you don't know what a process is, google for it before you remove its key.

There are many other useful tools on this download page as well, like LSPFix. This program will fix the mess left by programs that mess with your TCP stack, such as New Net, whos manual removal can disable your Internet access completely.

Pocket KillBox - You know those processes that come back from the dead after you kill them? Can't delete the EXE because it's locked in both normal and safe modes? Pocket Killbox is what you need. If it can't delete the file outright, it can temporarily end the Explorer task and try it that way. If that doesn't work, it can use Windows' replace-on-reboot function to swap the EXE with a dummy file on the next reboot. Very handy for getting rid of the most nefarious of processes.

Spyware Blaster - Pre-emptive spyware prevention. The interesting thing about this program is that it doesn't remain resident in memory. Instead, it writes files and regkeys to your system that prevent the spyware from installing. Adding and removing protection can be done in one click.

Re:Non-techies don't care

[ratboy666]

So your Mom went to the trouble of downloading and installing 1000 programs?

Wow, that's industrious, and she should be commended.

Ignore it, and get on with your life. The CORRECT answer is, as always, that computers just get old, and slow down. There are SPECIALIZED shops that can give them a tune-up, and you don't have the equipment.

Keep repeating that. You KNOW you can't win this battle.

Ratboy.

Re:Just buy a Mac :-)

[Prophet+of+Nixon]

The mac had a fair number of viruses back around 1992-1994 when OS7 came out. At that point many schools were buying color macs (II series, then centra, then quadra) since they were far superior (graphically and in some means, performance-wise) to the PCs at that point. This happened to coincide with the beginning of internet use and networking in many schools, and quite a few viruses got prolific amongst the macs, at least in my school system. The only half-decent AV product at the time was from Norton, but even it was awful since it was really slow and wrote about 10MB of files in directories which the mac GUI couldn't locate (which was a fairly nasty surprise given how small hard discs were then)... it was nasty. I remember moving to win95B boxes (we skipped 95 initially) and being impressed with having fewer viruses and nuisances than on the mac. Granted, things have changed a bit.

The strange thing about this article

[Sloppy]

What's funny about this article, is that it does not contain the words "Windows" or "Microsoft".

How can someone "report" (I use that word loosely) on this problem and tiptoe around the huge elephant in the room? In spite of the overall fraction of users that are having problems, spyware is not normal. It is almost entirely contained within one single very specific homogenous portion of the population. To say that computer users suffer from spyware is like saying that Sol 3 lifeforms suffer from tobacco mosaic virus. Yes, it's technically true if you want to get pedantic, but it's hard to believe that a "reporter" (*cough*) could so egregiously overly-generalize unless they intended to mislead.

Re:Survey results skewed (as always)

[MynockGuano]

I'm not sure why more people don't mention this, but you can get firefox easily without ever touching IE.

ftp ftp.mozilla.org

seems to be the obvious thing to do immediately upon booting into a new Windows installation.