Slashdot Mirror
MIT Startup Tests Top Million Sites for Spyware
torrentami writes "An MIT startup called SiteAdvisor has downloaded over 100,000 programs from the top million Web sites and tested them for adware and spyware using an automated system they've built. They've got a blog entry where they dissect 5 of the worst adware bundles they found. There is some amazingly invasive stuff in there."
I hope they have a "submit site" function for people to test random sites....
Spyware and Adware are not caused by microsoft, well not most of it. Thats like saying though that rotten meat causes flies. You can inform your friends and your family, give them the information they need "in a way that they can understand and use it" and you will be fixing their computers less often.
As ignorant users move to other operating systems you will get spyware and adware on linux and mac also. Rootkits have a long history with unix don't they?
Don't know something? Look it up. Still don't know? Then ask.
"We've also made our data available under Creative Commons License 2.5". Data is ineligible for copyright cover in the United States, so no license is needed or can apply.
:)
:)
They wouldn't bundle an unnecessary license with useful data just after writing about bundling unnecessary software with desired applications, would they?
It is useful outside the US, though, so this is actually a but tongue in cheek.
Have you tried the recent Kubuntu releases? If not, give it a try. It is by far one of the most easiest systems to install these days. Even easier to keep up to date, as well.
I was recently asked to set up some computer systems at a seniors home. Now, many of these people have never used a PC. So we were able to acquire several used PCs for almost no cost, and I installed Kubuntu on their systems. We got them set up so that they could check their email, browse the WWW, use various instant messengers to chat with relatives, and even play games (bridge and backgammon were big favourites).
Now, why did I go with Kubuntu? Mainly because it is free, and it is quality software that is quite easy to use. But more importantly, I wanted these systems to always be available to these people. I know that they might visit malicious sites. I wouldn't want that resulting in their systems being compromised just because of that.
You may deny it, but the fact of the matter is that Linux systems won't get infected with spyware at this time. Sure, that may change in the future, but I'm doubtful about that. The basic (yet significant) differences in code quality and architecture are enough to leave Linux (and other non-Microsoft) systems far more secure and usable, even in the fact of malicious software.
Cyric Zndovzny at your service.
This can be reduced somewhat by making the internet zone very restricted and simply making a whitelist of sites and put them in the trusted sites list.
It doesn't solve everything like the recent WMF exploit but it does stop what I lovingly refer to as "dumbfuck user" syndrome, which exhibits such symptoms as the inability to read, lack of intelligence and an inherent lack of cognitive reasoning.
Unforunately the company I work at are currently locked into some bespoke software that REQUIRES lock admin rights. I'm currently trying my utmost to get all windows machines onto XP so I can atleast get IE and Outlook running in reduced priveleges mode using dropmyrights. (if anyone knows of a way to do the same under Win 2k please let me know)
How can they be testing the top 1000000 web sites, if they're only downloading 100000 programs? That would leave a lot of sites untouched. It seems that in order to test 1000000 web sites, they would have to download at *least* 1000000 programs. Unless, of course, they grabbed programs from *some* of the top 1000000 web sites, in which case they would have programs from, say, site #1, #10, #20, etc.
Their may be a grammatical error, misspeling, or evn a typo in this post.
I don't know if users really find it easiest to use. It's just "what's installed on the computer". I would say that way under 5% of the user community has made any kind of comparison between alternative operating systems and decided, as a personal choice, which one they want to use.
...
I know that after trying MacOS, Linux and various flavors of Windows, I find MacOS X much easier to use than Windows - but at lot of this is just that MacOS X doesn't move their preferences around constantly between OS versions.
In the end, though, my preference for MacOS is more aesthetic than anything else - I like the huge amount of work that's gone into making it slick and designer-friendly. There's also the ability not to have to worry constantly about virii and spyware.
I do think more people would work on spyware for MacOS X if it was more popular, but it's hard for me to believe people haven't done it and are not working on it even in its current state. After all, if someone can get their spyware on the Mac, there are still millions of machines to infect and they might be the only infection on the machine instead of one of fifty or so as in the Windows world.
It's quite possible that Mac users are more knowledgeable about their computers, or at least tasteful enough not to download 600,000,000 free smiley faces with hideous background art including 20 new spyware programs. Or perhaps having to type your password after downloading software gives people an idea that downloading software just might be dangerous
D
The technical guys in the company are from MIT's exokernel project.
They worked on delivering high throughput for video with their superior OS technology. It interoperated with Windows, allowing them to make money.
This project looks surprisingly un-technical and uncomplicated in comparison, given how competent and accomplished they are.
Here's an exokernel link:
http://pdos.csail.mit.edu/exo.html
http://www.thebricktestament.com/the_law/when_to_
You know I could flame you to hell and back but I won't. I'd rather just point out something you're obviously missing.
It has been my experience that most Windows systems that end up with this crap installed end up having to be reloaded, wasting hours of time backing up data, reloading, reconfiguring the system. Now in the unlikely event that one of my systems got hold of one of these imaginary UNIX spyware apps, it would leave me having to run a total of 2 commands.
# userdel -r kernelpanicked
# useradd -m kernelpanicked
I'm really not seeing your point here.
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
There are already numerous companies that are looking for malware (including spyware) on the web, developing signatures, and making that information available over the web. They even provide handy little desktop applications that will scan and evaluate software not just by site-of-origin but by actual content. An example of this is "Spybot" (www.safer-networking.org).
It seems like what this company is trying to add into the mix is automated testing, but it's doubtful that identifying spyware is the limiting factor right now in eliminating it. It also seems doubtful that automated testing is, ultimately, going to be effective or reliable.
*nix does not mean secure. It just isn't popular enough for spyware programmers to target, yet. Give it time, I think as it gains popularity, it will begin to be a target for the software companies that try to enter and dissect your life digitally. I strongly disagree with the sentiment. One of the most useful tools available to a really annoying piece of spyware is the Windows Registry. *nix systems (Mac OSX included) do not include this "feature." The registry adds an extremely unecessary layer which adds some convenience, but relies on programs which make registry entries to give a way to uninstall and delete these entries. Guess what? Spyware loves to insert itself all over the registry, and doesn't give an easy mechanism for deletion. This leads to the "I deleted it, but it just comes back!" kind of spyware that drives people nuts. As far as I know, this kind of spyware wouldn't have anywhere near the same resilience on a *nix platform. One very good example of the difference between spyware attempts on Windows and OSX is Sony's infamous "rootkit" DRM software which we all know did very bad things to Windows computers. Before a patch was made, there was some 18 step process that was necessary to get rid of the software, and any attempts to remove the software generally led to failures of the user's DVD drive. What was less reported was that the same company made DRM software for the Mac, but Mac users who found the program on their computer had a slightly easier fix - they just threw the program away. There are simply not the same kind of hooks in OSX which allow these kinds of programs to do nasty things to your computer.
An open letter to slashdot:
Please stop it with the name-dropping. It's irritating and insulting. The article has plenty of merit on its own, and is indeed a fine bit of information to put on slashdot.
However, the fact that it was started by two MIT alum is completely irrelevant. If this was the direct result of research being done by a group of MIT students or professors, it might be appropriate to place a reference to MIT in the blurb (but probably not the title). We're not an MIT related publication, as hard as that may be to believe (Wired is also a terrible offender of this).
It reminds me of my psychology textbook, which would always drop the name of the institution responsible for a certain piece of research: "Harvard Professor Shelly cline worked with Yale Psychologist Howard Walken to refine Pavlov's theory....." and so on, provided that the institution was in the Ivy League. Flipping through the pages, I found a few references to only Ivy Leavue Universities and overseas institutions (specifically Cambridge and Harvard).
Now, I'm not going to deny that a great deal of mighty fine research comes out of MIT and the Ivy League, but I'm also going to remind everyone here that other institutions also churn out a great amount of significant research, and they are hardly ever credited for it. My tiny public liberal arts school even churns out a fair bit of good research.
So, slashdot. Please stop shamelessly plugging these name-brand schools. They've done nothing wrong, but by publicizing them in such a way, you're dragging down the other 99% of the educational system that the rest of us have to utilize.
(To be fair, I did RTFA, and sideadvisor seems genuinely cool)
-- If you try to fail and succeed, which have you done? - Uli's moose
I'm suprized garbage sites aren't being blocked by WebSense. If Maddox's site is blocked (as tasteless humor), why aren't known adware/spyware sites being blocked?
Firefox needs an MSI installer and some Group Policy mods to take off in a corp. enviroment.
Most Linux software isn't installed in the same way as on windows - you don't go browsing through a dozen websites full of ads for software, you browse through your distro's software repository. If you want the latest and greatest, you either wait a few months for your distro to update the package, or if you're advanced, compile it yourself, or beter yet, find some trustworthy member of the community who will compile the package and create an extra repository.
There will be spyware for *nix, but it will be a minor problem, since who needs to click on "FREE! FREE! FREE! WEATHER REPORT ON YOUR TASKBAR FREE DOWNLOAD CLICK HERE!" when you have distro-supplied (safe) software for the same thing?
The problem lies with shareware software whose authors have decided that shareware registration fees aren't giving them the profit they were lead to believe would be theirs (by the windows culture) and who decide to sell a little ad-space inside their software's installer.
*nix programmer and user culture places respect and reputation higher than cash, so you're not likely to see a massive problem like this ever without some fundamental changes. Commercial companies that want to make a living with *nixes must realize that here they will thrive or starve on their reputation (hello SCO!), and bundling spyware is the kiss of death.
*unbelieving*!!
i can't tell you how many times i've expressed the dangers to people. if you don't have anti-spyware, anti-virus, firewalls, and etc these are the risks. and they don't beleive. if you look at the large campaigns (at least in certain areas of the U.S.) to get people to wash their hands on a regular basis, it appears that people are disbelieving of germs also.
how do you fix this?
there is amazing evidence that the use of seat belts in autos reduces your probability of dying in a colision. but we still have to make laws to make people wear seat belts.
so far there has been no real cost to a computer user for being stupid. with the exception of lost data, nothing bad is going to happen. if laws get passed that state your are responsible for your computers actions in dos attacks or if your computer is hijacked and made into a child porn depot, things might change.
eric
It's not about being a big or small company.
Mac developers avoid asking for the admin password as much as they can. Bigger apps tend to ask it more because they need to modify the System folder for some reason.
On OS X, programs rarely need to do that, most applications (even big ones) are contained in a single icon you can drag to your application folder without needing an installer.