Slashdot Mirror
Study Notes Decline in Internet Spyware
Zoner12 writes "LiveScience magazine is running an interesting article about a new study detailing the extent and seriousness of spyware on the Internet, finding that it is still prevalent but declined significantly. The scary statistic is that 1 in 62 websites visited distributes malware. Kind of disheartening that this is a decline."
Whenever we find something new, we look to how we can make our lives better with it. Some people can use this new product or service to save them time or money, and others will use this new product or service to directly make money. Look at the TV, the VCR and now the Internet.
I truly believe that Spyware has always had a market provision for it -- to find a way to capitalize on this "new" medium. Initially spyware may have been created by the big media companies -- Prodigy, AOL, Compuserve and the rest. They never had any opportunity to really sell the informaion of their users, so most of them gave up the flagrant "violations" of user privacy. Of course ISPs likely still have ways to make money on user information, but not like they thought they would.
Spyware was then taken over by individuals and foreign companies who might have been duped into thinking there was a profit. Most spam comes in from out of the U.S., but the value of spam has decreased majorly in the last year -- not due to laws or government regulations but through the end user finding ways to avoid even seeing spam. I think by next year spam will decrease greatly and in the next 5 years we'll have forgotten it entirely.
Spyware is now on that last phase, as well. With firewalls and spyware-detecting software, the power of spyware is decreased majorly. As operating systems are released that are aware of spyware and the implications of being known as a spyware-enabling operating system, manufacturers will take a big step in combating spyware before the fact, rather than after the fact. Yet the spyware will be beaten down by market choices not by government action or mandates.
By the time the law is created, it is already outdated. 10 years from now SPAM and spyware laws will still be on the books, but the market will have provided users with the proper way to fight it. As the next generation of users is accustomed to requesting information in the the way they want it, spyware companies and spammers will have to find new ways to make a profit: they won't be able to trick the next generation as easily.
Yet along with the market ending spyware, the market also seems to be trying to find ways to destroy the previous financial structure of information -- advertising. I use Google AdSense to monetize most of my sites, but it would never truly pay the bills. If I didn't have people volunteering money, I'd have to look into new ways to pay for my time. I actually prefer not to charge for information, I'd rather get my thoughts and opinions out in the market so that I can back up my billable rate by offering people the knowledge that I spend a lot of time researching my businesses. Having to find a new way to pay for media you want (TV, music, whatever) will be the unintended consequence of our market decision to get rid of all advertising and ad-ware type of programs. It'll be interesting to see how quickly the market recovers, though, as it always does: to give the best balance between the needs of party A (the producer) and party B (the consumer).
Does anyone else find the corelation not at all supprizing. Teh firefox usage increases, spyware goes down. Not to mention the good work *gasp* by M$ w/ their free anti-spyware app. s3x3s
Its no longer JUST email that we have to worry about, or downloading a seedy exe file from a porn site. Remember that flaw in Windows images? Yeah, its being used for spyware installation. What about the flaw in the way Windows handles videos that make it possible to insert executable code? Yeah, its being used for spywar einstallation.
Porn sites? Spyware.
Warez sites? Spyware.
Mistyped URL sites? Spyware.
Spam email? Spyware.
So if I break into your house in the middle of the night and offer you great savings on various pills, and you physically have to force me out of the house..is it still breaking and entering? I mean you wouldn't have 'let' me in if you didn't want my great offers!
If spyware/adware is put into ANYTHING that isn't an obvious executable file, it should be labelled deceptive and illegal. Whoever then created said product should be punished, or the website's abuse department should be contacted (spammed by unique sources) with requests to take it down.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Pick the right sites and you can make it one out of three or one in a million.
"Lawyers are for sucks."
- Doug McKenzie
1 in 62 is a lot higher than I'd have expected, but then again, I bet the unscrupulous sites that distribute spyware get a LOT less than 2% of all hits. I imagine the only unscrupulous sites that do get a large percentage of the internets hits would be porn sites.
My removal method is so methodical that I'm bored to tears sometimes.
If it's worth doing twice, it's worth scripting.
Seriously, why wouldn't you write a Windows script that would intall all the programs, run all the commands, clean out the registry keys, and reboot every once in a while? Then when people bring in their computers, you just toss in the CD or USB key with the script, fire it up, and head back to Slashdot.
For security, the MD5 hash of this message and sig is 09f911029d74e35bd84156c5635688c0.
There's one reason for this decline that's not mentioned in the brief article (though it may be in the paper referenced): users are actually getting smarter. Strange as that may sound to your average BOFH, I do think that many users are growing a clue (and no 2x4s were even needed).
I know that almost every residential customer, as they're writing out a check for $100 or $200 for spyware removal, asks two questions: "How did this happen?" and "What do I do to keep this from happening again?". My techs and I are more than happy to answer these questions.
I've suggested a broad range of solutions (there's no one-size-fits-all answer here):
This last one is tough: some seemingly innocuous sites try to force installs on you. For example, I was trying to find the name of a song by some band, so I googled a snippet of lyrics and hit the first site returned in the result. Boom! "Would you like to install Vomit Cursor? [yes] [yes]". A client's teenaged daughter wanted to download "Doll Buddy Icons" for AIM (something to do with Bratz dolls and people on your buddy list, I think). Wham, 450 malware objects installed in ten minutes (I tracked the source by comparing the file dates of the dodgy
When you tell clients that there's no free lunch on the internet and that there are companies whose business model consists of taking control of your computer, you can actually see enlightenment happen. The heavens open up, angels play harps, and everyone is bathed in a warm glowing light. Pretty cool when this happens.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
drive-by installs are certainly a major part of spyware distribution, but unless I misread the article, it left other concerns out, such as bundled installers, spyware distributed by spam, spyware distributed by bittorrent/p2p. Also, their sampling size for the sites was impressive, but I'm wondering how effective their analysis program is. Doing it automatically isn't foolproof
To err is human, to really foul up requires a computer