Slashdot Mirror
Study Notes Decline in Internet Spyware
Zoner12 writes "LiveScience magazine is running an interesting article about a new study detailing the extent and seriousness of spyware on the Internet, finding that it is still prevalent but declined significantly. The scary statistic is that 1 in 62 websites visited distributes malware. Kind of disheartening that this is a decline."
What does most spyware do? Show advertisements and redirect browsers? Use your pc to generate spam? Track your surfing and purchases online?
Are not all of these things in the end for comercial gain?
What companies profit from this?
Are any legit? Or do they all offer you penis enlargement?
If so why not name and shame them?
Of the ones that are a scam, who buys penis enlargment pills for 1.99 or cheap viagra? Spam wouldnt be profitable if no one bought any products that it advertises?
Any idea what percentage of spam emails are responded to?
Just like all types of software, spyware will eventually evolve into new forms... assuming you believe in that evolution stuff... it may be declining now, but it will eventually rise in a new form.
GetOuttaMySpace - The Anti-Social Network
Last I heard companies like claria are still making a mint.
Maybe the decline can be linked to the fact that now these companies are turning around and offering consulting for the problems they helped propogate?
8hop.com
I blew up and started obliterating every add I could when Drudge Report went around Firefox's built-in popup blocking. Prior to that, I'd been blocking images from ad servers that served women in swimsuits (or less), since I won't look at a woman dressed like that unless I'm married to her. That meant I was missing most of Slashdot's ads.
I've never had any qualms about blocking the ads, and have been saying for a long time that we'll just she a shift in the "ecology" of website funding. Some will continue to be funded by ads, more will become funded by donations or subscriptions. Some will continue to be funded by private individuals or companies.
I keep hearing two-bit webmasters on slashdot prophesy Armageddon on the web because of people like me. Yet life has continued to go on, and it's nice to see someone putting out content on the Internet who does not think that ad blocking is going to cause the sky to fall.
I run only a handful of websites; one is supported by user donations, and the others are not yet big enough to need anything other than about $10/year from me.
I'm a much happier man since I started skipping all ads on the Internet. We also quit watching television other than recorded shows where we could skip the ads, or purchased movies with no ads (other than at the beginning, sigh...). Much, much happier, all around.
Secession is the right of all sentient beings.
So, is this '1 in 62' figure just a meaningless aggregate of all domains they found? (ie. we tried 62,000 web sites and got 1000 hits)
I mean, if the sites which inject spyware are all warez/download/music sharing sites, I'd not be surprised.
If, say, reputable news sites (like commercial papers and TV networks) are included in that number, then it's a lot scarier.
There's a huge difference between knowing that in some of the "more shady areas of the Web" (as the aricle puts it) are the main sources, and knowing that even the good guys have this stuff.
When I go into the shady areas of the web, I know where I'm going, and I take much more precautions. When I'm going to a known, and assumedly benign site, I might be a little less paranoid.
Lost at C:>. Found at C.
I work in the tech support department at my university and EVERY machine that comes in here has spyware. I see about 15 students a week and everyone is infected. My removal method is so methodical that I'm bored to tears sometimes.
Of course, FF taking ActiveX out of the picture certainly helps things. The problem is that most of the shitware-infested (spy/ad/"mal"/etc -ware) users aren't the type to go out of their way to get Firefox, no matter how much more incredibly convenient it is after the fact. Unless they spot and then make sense of things like the user-sponsored NY Times ad or the news reports saying "OMGH4XFFFTW!!1IERTEHSUCKZ!!1121", they're not even going to know about Firefox, much less actually make use of it. Basically, geeks are in-the-know, and they make the switch. Some of them tack up "getfirefox.com" printouts, others tell their friends, and basically what we end up with are the people who can already protect themselves getting even more protection, and get the best browsing experience, and everyone who was having the worst problems continues to experience those same problems.
Now I have neither tried nor have any intention of trying IE7 (Beta2), but provided that Microsoft were smarter about security, particularly regarding activex and... well... that's really the biggest problem, then spyware (and the like) will probably continue to dwindle. It's like spam - you can only buy so many different p3n1s p177z before finding out that the only change is your ePenis halving in length, and the real deal being just as unsatisfying as ever. Stopping user error before it's a problem certainly won't hurt things, but in the end, it's the financial damage done to the user that's causing the damage to be inflicted less frequently.
How are sites slashdotted when nobody reads TFAs?
Most spam comes in from out of the U.S., but the value of spam has decreased majorly in the last year -- not due to laws or government regulations but through the end user finding ways to avoid even seeing spam. I think by next year spam will decrease greatly and in the next 5 years we'll have forgotten it entirely.
... it just means we can no longer see it.
Yeah, we may have forgotten about it in 5 years, but that doesn't mean it's gone away
I'm not worried about how many spam messages end up in my mailbox; I have all kinds of filters and things set up to prevent that. What I'm worried about is the sheer amount of traffic being sent over the internet backbone fibers related to spam. All that data is clogging the system, even if filters at the message's destination make it so the data never arrives in a mailbox. Lots of this spam is being sent by zombie machines, and will continue to be sent long after spam is no longer profitable, which is highly unlikely to ever happen. Even a single purchase of a product justifies the cost of sending millions of messages.
If all the spam in the network is completely eliminated all at once, would the internet speed up? Would my downloads be faster, and my bandwidth wider, and my gaming lag smaller, and my surfing more productive?
How much bandwidth are we truly wasting on spam? I'd love to see some up-to-date statistics on this.
For security, the MD5 hash of this message and sig is 09f911029d74e35bd84156c5635688c0.
http://www.cs.washington.edu/homes/gribble/papers/ spycrawler.pdf
For comparison, we also crawled and examined the new set of 45,000 URLs that we generated in October. During this crawl, both browser configurations observed a significantly lower number of drive-by download attacks than we found in May. For example, in May, 5.9% of the crawled URLs performed cfg y attacks and 1.2% of sites performed cfg n attacks; in October, these percentages dropped to 0.4% and 0.6%, respectively.
We also examined whether the Firefox browser was susceptible to drive-by installations. We found that only 0.08% of examined URLs performed a drive-by download installation, but all of these required user consent in order to succeed. We found no drive-by attacks that exploited vulnerabilities in Firefox.
Basically what they did was see spyware that was installed by just visiting the website, with firefox no spyware was installed without any user interaction, and only 36 pieces got installed after the user agreed to it. This is from a sampling of 45,000 sites.
On IE, in October, 180 sites installed spyware with no user interaction, and 270 installed spyware with user interaction.
One of many reasons I use firefox.
Like a rootkit? Sony, anyone?
.frm or .bas file from LimeWire, inject it into their project, and call a sub to hide it in the kernel. Then, we'll have regular spyware all over again, you just can't see the .exe
.exe if the website sugared it up for them and gave it a nice name. Now, nobody opens an exe file, mainly because of the "This will $*#( up your PC. Continue/Cancel?" messange XPSP2 gives. Everybody has AV software, and AntiSpyware software, because they buy Symantec's security ads.
I say 2 years until any 12-year old script kiddie that took a Visual Basic tutorial online can download a
On the other hand, look at spam originally. Nothing prevented a mass mailer propagated with addresses harvested from websites. When it became a pain in the ass, stuff started blocking it. Programs were released to fight it, MTA's used a internet-wide blacklist, and users could tune the Bayesian filter by ticking a check and clicking "Report as spam". I don't even get spam anymore, not even on my well-known email accounts. Now, even the stupidest, most naive PC user won't read the "YOU CAN ENLARGE YOUR PENIS!!!!!!!!!!!!!!!!!!!!!" email
Now spyware. Nothing fought that originally, and Mom and Pop would download an
Logically, anything unfavorable but profitable will be invented. People (including Symantec, Webroot) will find ways to fight it. Malware writers find ways to circumvent it. Companies sell products to remove, malware finds ways to hide.... Is this so suprising? All it means is that *ware has hit 1 of it's infinite lulls. We will NEVER see the end of spyware, because no operating system (yes, even *nix) that is even halfway functional is bug-free. Ever. And you *still* have the user element, tricking people into thinking it is necessary. What a load of bull.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.