Slashdot Mirror

← Back to Stories (view on slashdot.org)

MIT Startup Tests Top Million Sites for Spyware

Posted by ryuzaki0 on from the ads-burning-need-spybot dept.

torrentami writes "An MIT startup called SiteAdvisor has downloaded over 100,000 programs from the top million Web sites and tested them for adware and spyware using an automated system they've built. They've got a blog entry where they dissect 5 of the worst adware bundles they found. There is some amazingly invasive stuff in there."

8 of 243 comments (clear)

  1. What about the rest? by Anonymous Coward · · Score: 5, Interesting

    I hope they have a "submit site" function for people to test random sites....

  2. End Users Beware by queenb**ch · · Score: 5, Informative

    I can tell you from the experience of working on a network where the end users have very unwisely been made local admins on their workstation that the *only* thing required for a full spyware infection is a nice little surf around the 'net. This is compounded by the problem that they all seem to have some touch of OCD that compels them to click "OK" on anything thing that wants to install itself despite all of our efforts to educate them.

    I will say that it is nice to see someone put quantifable numbers to the things I have long known from practical experience, but this isn't exactly news.

    2 cents,

    Queen B

    --
    HDGary secures my bank :/
  3. Re:The major lesson of all this. by BushCheney08 · · Score: 5, Insightful

    In fact, if Windows were to fail commercially tomorrow and everyone runs *nix, you'll see spyware applications be written for these OSes immediately.

    Agreed. Especially when you consider that all of the programs in TFA were installed after the user clicked the "I Agree" button five, six, seven times. The OS could be totally secure and only allow the installed apps to affect the logged-in user. They'll still be there annoying that one user, though, since the user is the one who said it was okay to put them there. This is where informing the user comes in. And the user has already shown many times over that they don't care to be informed. This sort of crap is gonna be around for a long long time...

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  4. No reason to be vulnerable to spyware. by CyricZ · · Score: 5, Interesting

    Have you tried the recent Kubuntu releases? If not, give it a try. It is by far one of the most easiest systems to install these days. Even easier to keep up to date, as well.

    I was recently asked to set up some computer systems at a seniors home. Now, many of these people have never used a PC. So we were able to acquire several used PCs for almost no cost, and I installed Kubuntu on their systems. We got them set up so that they could check their email, browse the WWW, use various instant messengers to chat with relatives, and even play games (bridge and backgammon were big favourites).

    Now, why did I go with Kubuntu? Mainly because it is free, and it is quality software that is quite easy to use. But more importantly, I wanted these systems to always be available to these people. I know that they might visit malicious sites. I wouldn't want that resulting in their systems being compromised just because of that.

    You may deny it, but the fact of the matter is that Linux systems won't get infected with spyware at this time. Sure, that may change in the future, but I'm doubtful about that. The basic (yet significant) differences in code quality and architecture are enough to leave Linux (and other non-Microsoft) systems far more secure and usable, even in the fact of malicious software.

    --
    Cyric Zndovzny at your service.
  5. I don't agree. by Zombie+Ryushu · · Score: 5, Insightful

    THe security paradigm of Windows and the Unix World are Apples and Green peppers. There will still be spyware threats out there if Windows didn't exist. But they would be different threats, and they could eeven be worse in some cases, but they would be fewer in number and the Internet wouldn't be such a darkened Hell hole it is steadily becoming. The Data miners would get more resistance from the Unix world than they have a Windows world that can't fight back.

  6. You get what you pay for... by ian_mackereth · · Score: 5, Insightful
    If the word "Free!" is enough to get users to download the screensaver, game, utility, etc., then this sort of thing will continue.

    Somebody has to pay for the server bandwidth and the time to write the programs, and one viable model is adware. I deplore the installation of software that's a)not in the EULA or installer screens and b)damn hard to get rid of, but the 'legit' adware is what's paying the bills of the guys giving you free stuff.

    There's always a subset of users who can circumvent the installation of the unasked-for bundles, but the average user without updated anti-spyware, firewall or anti-virus software will make enough money for the vendors to keep us in freebies for quite some time to come...

  7. Similar by Mistlefoot · · Score: 5, Informative

    Education is certainly the key.

    I've been using the HOST file supplied by <URL :http://www.mvps.org/winhelp2002/hosts.htm > the Microsoft MVPS site for the past few years and have not had ANY spyware or Malware or viruses on any of my machines.

    I still run ad-aware and spybot monthly and never see anything but a few cookies.  Once every few weeks I update my HOSTS file and then set it to read-only again and  the 10,000 or so sites it blocks are just that - blocked.

    Web sites load faster too without some of the tracked ad sites loading.  From time to time I get pages that aren't found.....but I can review these as the HOST file is of course text.

    I really do not know why HOST files are not a more common theme on here when setting one up on your Dad's computer saves you from removing crap from it as a hobby.

  8. Re:The major lesson of all this. by WindBourne · · Score: 5, Insightful
    I always laugh at that argument. Basically, so many windows encourage all the hackers. So not true. Even back in the 80's when Mac was bigger than Dos, attacks were being designed for DOS. Why? ease of doing so. Apache has shown this,as well as numerous other examples. The best example out there, is that banks during the 60's and 70's were heavily robbed until the 7-11 stores became the easy marks (and loaded with small money). Finally 7-11 decided to change their attitude and make it near impossible to make any amount of money over 50. So what are robbers hitting these days? banks. Why? do to ease of hit combined with the amount of money.
     
    The lesson to learn on that, is that crooks go for the easy mark that makes money. *nix will be the target when either:

    1. insecure systems do not have money.
    2. all other systems are more secure than *nix.

    Neither is likely to happen anytime soon (and many would argue any time far). *nix will be very secure for a long time.
    --
    I prefer the "u" in honour as it seems to be missing these days.