Posted by
CowboyNeal
on from the keeping-things-clean dept.
peterfa writes "Sun and Google have teamed up and started a project called Stop Badware. This project aims to expose all the spyware and adware bundled in software and the companies that are responsible. While it's funded by Sun and Google, the research will be done by Oxford and Harvard."
While it's funded by Sun and Google, the research will be done by Oxford and Harvord."
Hay, I got my Computor Sciense degrie from Harvord Web Univercity! I'm an aluminumni! I lerned abowt it frum adware witch was
monitering my/. typiing skils and sugestid I enrol rite away (don't bothur enterring you're credit card, we alreddy
know it, jist hit buton and you start on yor way too hire educatoin!!!1) (My sistor is going to Oxfurd!)
I try anty spywear softwear but, itt keeps flasshing lotsa things on teh screen with WQRNINGs and stuff, so
I geussed it didn'tinstall rite so I uninstaled them all. Ihop this works betters!
-- There is no theory of evolution. Just a list of animals Chuck Norris allows to live.
Google Toolbar?
by
BEI01
·
· Score: 4, Interesting
I wonder if Google Toolbar will be included in this.
What is there to research?
by
orangeguru
·
· Score: 3, Interesting
We need spyware killers and better protection - not more academic research. They should fund some OS project to help users.
Re:What is there to research?
by
networkBoy
·
· Score: 4, Insightful
Actually the research should be done as it will help the developers of OSs and apps to understand how spyware gets on systems. If most spyware arrives because someone installed Bonzai Buddy then that is different than exploits being used to install without user consent. While they are both bad I think it is vital to OS developers to know why and how this stuff gets there. -nB
-- whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Re:What is there to research?
by
SilverspurG
·
· Score: 4, Insightful
What we need is a legal precedent set to establish that, yes, a computer belongs solely to the person who shelled out the cash for it. No, it does not belong, in whole, part, or by EULA, to any idiot who manages to package their badware with some stupid search toolbar, screensaver, or desktop theme.
-- fast as fast can be. you'll never catch me.
Re:What is there to research?
by
orangeguru
·
· Score: 3, Insightful
Hmmm. Many Windows loopholes are well known - but the main reason for spyware gets installed are the users themselves. Either they don't fix loopholes (by running windows patches), use safe browsers or they simply can't resist the temptation to install any crap they find.
Sure - we can't blame it all on users and their badly managed/protected systems - but some safer computing with more brains could help... a lot...
Re:What is there to research?
by
Michalson
·
· Score: 4, Informative
Yeah, count me in as another person wondering why there was such a big rift:
Google gets Sun, Lenovo (IBM), WebWatch (Consumer Reports), the Berkman Center for Internet & Society and Oxford University together to form a group called "Stop Badware" that sends money to a bunch of students, who in turn setup a little website that "names and shames" spyware software. The website is to be visited by people that already understand what spyware is and how not to get it. Spyware makers to totally ignore the students strongly worded opinions.
Microsoft leads a group containing Lavasoft (Adaware), Trend Micro, Symantec, Grisoft (AVG), McAfee, Websense, Panda Software, Yahoo, AOL, Dell, HP, Aluria (Earthlink), the National Center for Victims of Crime, the National Cyber Security Alliance, the Samuelson Law Technology & Public Policy Clinic (UC Berkeley School of Law) along with another 2 dozen major security, general internet, public advocacy and legal organizations called the "Anti-Spyware Coalition". Microsoft directs this organization in a three pronged attack on spyware:
- Clearly defining what spyware is and what is does, in order to improve understanding among normal users, providing common standards for anti-spyware software, and helping to make spyware a concept that can be used effectively and accurately in legislation.
- Directly confronting spyware makers in the courts, hitting them where it hurts, their wallet. For example this week Microsoft is pulling in Washington Attorney General Rob McKenna to file a lawsuit against the makers of "Spyware Cleaner", a product that actually infects computers with its own spyware, and is advertised through misleading email and messenger spam. Microsoft has already had numerous court room victories against the spyware makers and spammers.
- Using the rigorous terminology defined in point 1, with the court precedent created in point 2, the ASC lobbies Congress to pass tough anti-spyware laws, closing the loopholes and grey areas that make spyware non-trivial to legally stop.
So to compare, one camp has declared war on spyware, and has assembled the best generals in the industry and the largest groups of regular troops, and launched a major assault on the spyware mainland, already capturing several cities. The other camp has gotten together at the local university to sit around writing beatnik poetry about how bad spyware is.
Re:What is there to research?
by
TubeSteak
·
· Score: 5, Informative
Internet users can visit StopBadware.org to check whether programs they want to download are infected with badware and alert others to programs they have encountered that include malicious software such as spyware, incessant pop-up ads or other obtrusive programs.
StopBadware.org will publish short user friendly reports on downloads they have identified as badware, as well as more detailed academic studies on the problem of badware.
StopBadware.org will publicize the names of companies that make up the most insidious purveyors of badware and shed light on how they make money through unethical marketing practices. For example, advertisements will spotlight the worst purveyors of badware.
StopBadware.org will seek the horror stories from Internet users who have been adversely affected by badware. It will publish these stories to raise awareness of badware's harmful affects.
To be fair to the beatniks, they have a different focus and the fact that they've got Consumer Reports on their side shows it. IMHO, Their goal is to review software & not to sue bad guys or write laws.
The article is light on how the project actually works, do users have to install some sort of detecting tools which alerts them of badware upon download and/or prior to installation?
Is this going to be like the spamm blacklists which can be subjective?
Personally I'd be satisfied with some sort of a trusted archive that allows you to research different programs/sites/companies. There's a lot of info available on the web but most of it is buried in tech forums or as come ons for dubious spyware removal programs, both of which you're never really confident about the truth. That way it wouldn't be just a yay or nay that goes on under the covers, but a place where you could find out what a program's issues are, or the track record of a developer.
What about Stanford?
by
Tackhead
·
· Score: 5, Funny
> While it's funded by Sun and Google, the research will be done by Oxford and Harvard.
Stanford and Berkeley snubbed by alumni, film at 11!
Re:What about Stanford?
by
doxology
·
· Score: 3, Interesting
Especially strange since Stanford's president is on Google's Board of Directors...
[assorted remarks regarding detection of Stop Badware by Microsoft AntiSpyware/Onecare and vice versa, and their views towards Claria/360/assorted other 'Badware' providers and packagers who are really legitimate buisnesses with legitimate buisness models who are given a bad name by their devilish affiliates who are still mysteriously taking paychecks from aforementioned companies]
I can't see what sun can gain my pouring money into this research. It is obvious about the competitive edges Google and Lenova (left out of the summary) can get. But why is Sun in on this?
Excellent!
by
rob_squared
·
· Score: 5, Interesting
Not because google is handling funding, but that an organization that doesn't have a vested interest in such business persuits is doing the actual work.
PS: I'm waiting for Google to annouce its plan for world peace.
Google's income comes from advertising, and these spywares are showing ads, hence competiting for eyeballs, I would say Google has a large interest in squashing these competitors.
Project UngoodWare aims to give you a double plus good bellyfeel about your computer. The people of Harvard and Oxford will have a goodthink and make an effort to stop the many installcrimes done by the unpersons who make ungoodware.
Project Ungoodware: brought you you by the Minisry of Love.
Google IS the problem
by
slashkitty
·
· Score: 5, Interesting
Notice how the site has a forum, on google groups. The ADS on those pages are for adware based spyware removers!
Google makes millions if not billions from adware/spyware companies who advertise on google and google affiliates. Lots of standard searches like "screensavers" and "smilies" will bring up adware, and if you search for a spyware removal tool, you'll likely get some even worse spyware than you had before.
If Google wanted to do good (and not be evil) they would BAN spyware, adware and badware from AdSense, and they'd filter them from the listings!
Who's with me?
-- -- these are only opinions and they might not be mine.
And the URL is...
by
fugas
·
· Score: 5, Informative
Good news, but I would have been happier if the article or submitter also mentioned the actual URL of the site...
Spyware is easy money
by
chris411
·
· Score: 5, Interesting
I often get paid to provide tech support to friends and other people from my area (just a modest village) for a few bucks. Recently, our local ISP not only provided us with DSL, but also a special offer that includes a payment plan for a (cheap) Dell computer if you sign up for DSL for a year.
You would not believe the number of computers that went out of commission within the first month just from being overloaded with spyware/adware. I often feel the urge to tell them "Stop surfing pr0n sites. Stop clicking on everything in sight just because it tells you to click it."
But I don't. Because I know that as soon as I fix it, they'll just ask me to come over again within a few weeks. I seriously doubt they would listen anyway. As I said, easy money.
Google profits from spyware
by
slashkitty
·
· Score: 5, Insightful
Google has a reason to keep spyware around. They make millions from selling ad space on their search results and affiliates TO the adware companies. Do a search for "smiles", "screensavers" or "Spyware removal" and you'll see lots of ads for adware/spyware!
Google should do less evil by not accepting ads from these companies.
-- -- these are only opinions and they might not be mine.
This is a Trojan horse - No one will see it coming
by
MindPrison
·
· Score: 4, Interesting
It really should be obvious - but most of us are so used to Google by now that we might be too comfy.
Google has an enormous information gathering capability. Seen those Goooooooogle ADS everywhere? While it may not be spy-WARE per say... it certainly feeds you a cookie. Noticed how MANY of these Goooooogle ADS sites there are? Theyre just popping up everywhere arent they?! Yes they are - and you dont even give it a second thought while you throw yourself into the Google anti-spyware projects. Google dont want competitors. A Spyware program is a competitor of Google as it gathers information about the users surfing habits just like Google does - but in a much more intrusive way (well...at least if feels that way).
Are we getting the picture yet?
-- What this world is coming to - is for you and me to decide.
I get what they're doing
by
evilsofa
·
· Score: 5, Interesting
This past week I've been helping one of my friends remove spyware from his computer. All he did was hook up to a relative's cable to download a large update file, and in the space of a couple of hours, his unprotected PC got loaded down with several DOZEN virii including VX2, smartloadb, Virtumundo, etc.
Google believes click fraud to be the most significant threat to the internet. This makes sense because click fraud is what makes all the malware, adware and virii PROFITABLE. What Google and Sun are doing with stopbadware.org is their answer to that. And it's an answer that is needed badly.
Why? As a very recent veteran of attempting to remove malware, I can tell you that the good side of this war is terribly, horribly disorganized. Let me explain:
If you get a massive infection of various kinds of malware, or if you want to protect yourself against all this stuff, you have to:
1. Protect yourself with a firewall (software example: Zonealarm) 2. Run or have available an antitrojan application (example: Trojan Hunter) 3. Run an antivirus program (commercial examples: Norton or McAfee; freeware example: Grisoft AVG Free) 4. Run several antispyware programs (examples: Spybot, Lavasoft Adaware, Microsoft Antispyware) 5. Use something like merijn.org's HiJackThis to find out what your system is infected with that all of the above cannot detect 6. If you're infected with something difficult like VX2 that can't be detected by ANY of the above, you may also need to hunt down very specific helper scripts and applications to deal with it, or even worse figure out how to remove it manually (which is generally VERY technical and difficult).
So, you have firewall, antitrojan, antivirus, antispyware and detection all covered by entirely different industries, most of which don't have much overlap (antivirus programs still do little against antispyware, for example). In the antispyware category, none of the legit programs can detect everything, so you need to run several of them.
You also have the fact that most of these anti-malware companies are commercial; they need to make money doing what they do, because what they do is very difficult, very technical, and has to be done VERY FAST. You see freeware versions, probably because they can't stand to see people who can't afford all these applications get run into the ground by the malware industry.
It doesn't help at all that you've got hundreds - literally, hundreds - of malware installers masquerading as antispyware, antitrojan and antivirus programs. The antispyware industry has had no choice but to put up www.spywarrior.com just so people can sort out the few good ones from the many bad ones. That site is run by one of the legit companies. That company would obviously much rather have nonprofit, noncommercial oversight declaring who is legit and who isn't - it puts a commercial company in an uncomfortable ethical position to be declaring legitimacy of other companies in its industry. But I don't see that they had any choice; to not do it would be even worse.
It looks like that is what badware.org is intended to be, and what is so badly needed - a nonprofit organization that has no base or funding from within the antimalware industries, to oversee and report on those industries.
Do you know what the process for cleaning an infected computer is right now? You post HiJackThis logs to a variety of different forums (just google "HiJackThis Logfile" for a sample) and people voluntarily, out of the goodness of their hearts, help you with incredibly technical removal procedures (google "VX2 removal" to see what I mean). If you want to look up these removal procedures yourself, you google around on various antispyware and antivirus web sites with various descriptions (often vague or assuming you have their commercial product). It's horribly disorganized, with different antivirus companies calling each virus by a different name. A good example: try and find out how to tell the difference between a Lo
Slashdot Mirror
While it's funded by Sun and Google, the research will be done by Oxford and Harvord."
Hay, I got my Computor Sciense degrie from Harvord Web Univercity! I'm an aluminumni! I lerned abowt it frum adware witch was monitering my /. typiing skils and sugestid I enrol rite away (don't bothur enterring you're credit card, we alreddy
know it, jist hit buton and you start on yor way too hire educatoin!!!1) (My sistor is going to Oxfurd!)
I try anty spywear softwear but, itt keeps flasshing lotsa things on teh screen with WQRNINGs and stuff, so I geussed it didn'tinstall rite so I uninstaled them all. Ihop this works betters!
Ad-Aware-Aware(TM) approved text
Mr. Grabpot Thundergust has 600,000$AM for you!
I wonder if Google Toolbar will be included in this.
We need spyware killers and better protection - not more academic research. They should fund some OS project to help users.
The article is light on how the project actually works, do users have to install some sort of detecting tools which alerts them of badware upon download and/or prior to installation?
Is this going to be like the spamm blacklists which can be subjective?
Uncensored Google results requested and delivered by email
Stanford and Berkeley snubbed by alumni, film at 11!
[assorted remarks regarding detection of Stop Badware by Microsoft AntiSpyware/Onecare and vice versa, and their views towards Claria/360/assorted other 'Badware' providers and packagers who are really legitimate buisnesses with legitimate buisness models who are given a bad name by their devilish affiliates who are still mysteriously taking paychecks from aforementioned companies]
I can't see what sun can gain my pouring money into this research. It is obvious about the competitive edges Google and Lenova (left out of the summary) can get. But why is Sun in on this?
Not because google is handling funding, but that an organization that doesn't have a vested interest in such business persuits is doing the actual work.
PS: I'm waiting for Google to annouce its plan for world peace.
I don't get it.
How about also exposing the companies that pay for the information gathered by spyware/adware? In other words, the ones actually funding it...
/Didn't RTFA
This must be a record! Come on - I know Slashdot has become synonymous with the Google Blog, but this is crazy!
Project UngoodWare aims to give you a double plus good bellyfeel about your computer. The people of Harvard and Oxford will have a goodthink and make an effort to stop the many installcrimes done by the unpersons who make ungoodware.
Project Ungoodware: brought you you by the Minisry of Love.
Notice how the site has a forum, on google groups. The ADS on those pages are for adware based spyware removers! Google makes millions if not billions from adware/spyware companies who advertise on google and google affiliates. Lots of standard searches like "screensavers" and "smilies" will bring up adware, and if you search for a spyware removal tool, you'll likely get some even worse spyware than you had before. If Google wanted to do good (and not be evil) they would BAN spyware, adware and badware from AdSense, and they'd filter them from the listings! Who's with me?
-- these are only opinions and they might not be mine.
Good news, but I would have been happier if the article or submitter also mentioned the actual URL of the site...
You would not believe the number of computers that went out of commission within the first month just from being overloaded with spyware/adware. I often feel the urge to tell them "Stop surfing pr0n sites. Stop clicking on everything in sight just because it tells you to click it."
But I don't. Because I know that as soon as I fix it, they'll just ask me to come over again within a few weeks. I seriously doubt they would listen anyway. As I said, easy money.
Google should do less evil by not accepting ads from these companies.
-- these are only opinions and they might not be mine.
It really should be obvious - but most of us are so used to Google by now that we might be too comfy.
Google has an enormous information gathering capability. Seen those Goooooooogle ADS everywhere? While it may not be spy-WARE per say... it certainly feeds you a cookie. Noticed how MANY of these Goooooogle ADS sites there are? Theyre just popping up everywhere arent they?! Yes they are - and you dont even give it a second thought while you throw yourself into the Google anti-spyware projects. Google dont want competitors. A Spyware program is a competitor of Google as it gathers information about the users surfing habits just like Google does - but in a much more intrusive way (well...at least if feels that way).
Are we getting the picture yet?
What this world is coming to - is for you and me to decide.
This past week I've been helping one of my friends remove spyware from his computer. All he did was hook up to a relative's cable to download a large update file, and in the space of a couple of hours, his unprotected PC got loaded down with several DOZEN virii including VX2, smartloadb, Virtumundo, etc.
Google believes click fraud to be the most significant threat to the internet. This makes sense because click fraud is what makes all the malware, adware and virii PROFITABLE. What Google and Sun are doing with stopbadware.org is their answer to that. And it's an answer that is needed badly.
Why? As a very recent veteran of attempting to remove malware, I can tell you that the good side of this war is terribly, horribly disorganized. Let me explain:
If you get a massive infection of various kinds of malware, or if you want to protect yourself against all this stuff, you have to:
1. Protect yourself with a firewall (software example: Zonealarm)
2. Run or have available an antitrojan application (example: Trojan Hunter)
3. Run an antivirus program (commercial examples: Norton or McAfee; freeware example: Grisoft AVG Free)
4. Run several antispyware programs (examples: Spybot, Lavasoft Adaware, Microsoft Antispyware)
5. Use something like merijn.org's HiJackThis to find out what your system is infected with that all of the above cannot detect
6. If you're infected with something difficult like VX2 that can't be detected by ANY of the above, you may also need to hunt down very specific helper scripts and applications to deal with it, or even worse figure out how to remove it manually (which is generally VERY technical and difficult).
So, you have firewall, antitrojan, antivirus, antispyware and detection all covered by entirely different industries, most of which don't have much overlap (antivirus programs still do little against antispyware, for example). In the antispyware category, none of the legit programs can detect everything, so you need to run several of them.
You also have the fact that most of these anti-malware companies are commercial; they need to make money doing what they do, because what they do is very difficult, very technical, and has to be done VERY FAST. You see freeware versions, probably because they can't stand to see people who can't afford all these applications get run into the ground by the malware industry.
It doesn't help at all that you've got hundreds - literally, hundreds - of malware installers masquerading as antispyware, antitrojan and antivirus programs. The antispyware industry has had no choice but to put up www.spywarrior.com just so people can sort out the few good ones from the many bad ones. That site is run by one of the legit companies. That company would obviously much rather have nonprofit, noncommercial oversight declaring who is legit and who isn't - it puts a commercial company in an uncomfortable ethical position to be declaring legitimacy of other companies in its industry. But I don't see that they had any choice; to not do it would be even worse.
It looks like that is what badware.org is intended to be, and what is so badly needed - a nonprofit organization that has no base or funding from within the antimalware industries, to oversee and report on those industries.
Do you know what the process for cleaning an infected computer is right now? You post HiJackThis logs to a variety of different forums (just google "HiJackThis Logfile" for a sample) and people voluntarily, out of the goodness of their hearts, help you with incredibly technical removal procedures (google "VX2 removal" to see what I mean). If you want to look up these removal procedures yourself, you google around on various antispyware and antivirus web sites with various descriptions (often vague or assuming you have their commercial product). It's horribly disorganized, with different antivirus companies calling each virus by a different name. A good example: try and find out how to tell the difference between a Lo