Scaremongering over Spyware?

Dynamoo writes "The BBC is reporting that PCs in the UK are infected with over 20 pieces of spyware on average. A frightening statistic, if it is to be believed. In fact, the figures come from Webroot - an anti-spyware firm with a commercial interest in playing up the spyware threat." From the article: "In Poland, 867 of every 1,000 domestic PCs have been infected by trojans, unsolicited programs that can allow remote users to control the machine. It is this international reach that concerns those in authority trying to combat the spread of spyware. "

True number or not, way too common..

[luvirini]

Regardless of how mch the actual numbers given there are over the top, the actual numbers of PCs having spyware infections is way too many.

Slowly people that I know start to have things in order as I have managed to make them change habits, install tools and such, but not everyone has such aquintances, and even then, the number of times I have cleaned spyware from someones computer is way high...

Re:True number or not, way too common..

[Xerp]

This isn't just down to people's habits - poor quality software is also to blame. Microsoft Windows PCs are top of the spyware tree. Even with changing "habits" and installing a list of "security" bolt-ons as long as your arm, the poor quality of the Microsoft software is still going to let you down. Both at work and in the home, even the most well looked after Microsoft Windows machine is going to get infected. Take for example by PHB's machine. Microsoft Windows XP SP2, Microsoft anti-spyware, McAfee Anti-virus, fully patched.. last scan with Spybot S&D - 81 red entries. Sure, 56 were just cookies but also in the list was some really nasty malware. Then there is good old mum. Just browing using a 56k modem. Bless. Windows 2000 - can't patch as she only has a modem. Thing stopped working. It was so hosed the only way to recover was to use Knoppix to copy her files off. Of course, as it was my mum, I had full control over the situation. I upgraded her to Linux (Slackware 10, to be exact) - its now been 8 months and her PC is still spyware free. Not a single virus. Not one single problem. Mum isn't a techie and she loves not having to worry about "spybot" "mcafee" "norton" and a load of other things that mean nothing to her. She tells her friends how she is using Linux at home and how good it is. What amazed me, is that her friends had even heard of Linux. I mean, they're all over 60. Needless to say, they all want it too now. Sure, Linux on the desktop at work = a lot of corporate hassle. Linux on the desktop at home for non technical users who just want to browse, email and message = 100% perfect - and spyware free.

Re:True number or not, way too common..

[Se7enLC]

The numbers don't surprise me too much. The typical response from people I interact with seems to be "My computer is running slow, acting strangely, crashing. Maybe I'll look into fixing it at some point". People just don't have the urgency anymore as virii/spyware aren't targetting their own machine anymore.

It's not like the good old days when a virus just trashed your machine, so you had to act immediately. Now it just lies in waiting and uses your machine to launch attacks on others and collects personal information silently. People just don't care enough to fix spyware until it directly prevents them from using their precious web browser, email, and instant messenger.

Seems like a statisticians nightmare

[antifoidulus]

How can you really tell how many people are infected with spyware? It's not a question like, "do you support proposition 84?" where you can call people at random or talk to them on the street. I would be afraid of the guy who came to my door asking if he could test whether or not my computer was infected with spyware(doubly so since I use a mac :P), and if you just ask people, 9/10 they won't know but will probably make up a answer anyway. They could use the numbers sent to them by customers, but that isn't random at all. Their customers are much more likely to have spyware infections or else they wouldn't be seeking their help.
So yeah, it's a number, but not a very convincing one...

Re:Seems like a statisticians nightmare

[tdemark]

I would be afraid of the guy who came to my door asking if he could test whether or not my computer was infected with spyware(doubly so since I use a mac :P), and if you just ask people, 9/10 they won't know but will probably make up a answer anyway.

It's funny you mention this. Last year (Sept, 2005), Consumer Reports had an issue dealing with personal computers. This is an actual quote from the article:

Only 20 percent of Mac owners surveyed reported detecting a virus in the past two years, compared with 66 percent of Windows PC owners. Just 8 percent of Mac users reported a spyware infection in the last six months vs. 54 percent of Windows PC users.

There is NO WAY those Mac results are accurate. I think what happened is that these Mac users got occasional pop-ups saying "Your machine is infected with (spyware|viruses). Protect yourself now by clicking here". So, they did and the problem "went away". As far as they were concerned, they were infected.

I wouldn't blame the users as they shouldn't have to know better. I would blame CR for a faulty survey - if you ask questions that either require specialized knowledge (how many Mac users know what spyware is) or could generate a false positive (such as a user confusing an infection with a pop-up), then you really aren't doing a good job providing accurate results.

- Tony

And, typical of scaremongering tactics...

[Caspian]

...they are (probably deliberately) confusing the terms "trojan" and "spyware". Is it any wonder that the average user doesn't know the difference between a "virus", "spyware" or "adware", doesn't know the umbrella term "malware", and thinks that any antivirus program is all they need to stay safe?

To this day, most end-users I talk to think that "spyware" is something good, since they hear people talking about "Spybot", which they think is "a program that gets rid of the viruses".

When will we get some REAL end-user education in this topic? Public schools have Sex Ed classes where they teach you how to reduce your risk of getting HIV and the Clap... how about Computer Safety classes where they teach you how to reduce your risk of getting viruses or spyware?

Re:And, typical of scaremongering tactics...

[luvirini]

The problem is, with the threat environments changing so fast, schools are definitely not the best place to teach this, as schools should give lifelong skills.

Anything they would teach about spyware today could very well be moot in 5 years if most people use secure systems.

More proper thing would likely be going the route of licencing.. that is in order to allow use of a computer that is connected, you need a computer lisence, the same way you need a drivers license to drive a car on roads. That lisence could then be limited in duration and you would need to get updated on newest things, from behavior to threaths.

Ofcourse that would bring many other problems in itself...

Not necessarily that much scaremongering

[DagdaMor]

When I help out none-techies with their crippled system, they often have in excess of 100 pieces of various malware. I can well believe as an average of the uk that 21 would not be a too unreasonable figure.

Education is key

[gihan_ripper]

Education is the real key to computer protection, not the purchase of spyware removal tools.

I've only ever had one piece of malware, which was ten years ago (the Tai Pei virus). In the meantime, I've learned good computer habits. These include being cautious about downloading and installing software, using the free firewall which comes with Windows XP, and employing the Mozilla range of browsers / email clients.

If users don't learn to be cautious when using a computer, they're going to run afoul of phishers, which will be much more of an incovenience that a bit of adware.

Calling cookies of simple webcounters spyware

A lot of anti-spy/adware tools are targetting the cookies of webcounters. These are not spying on people but just used to destinguish between visitors that are visiting a site once or a steady visitor. This cookie information is also used to give more reliable statistics and this information is used to improve the website.

This has nothing to do with spy- and ad-ware.

Please don't call a cookie spyware unless it is used over different sites or it contains personal information.

Here's a solution

[eyepeepackets]

They can give Microsoft an additional $50 American every year, that should fix their PC problems post haste: Who better than Microsoft to fix Microsoft products?

Now if you'll excuse me, Guido the wheel man is at the door wanting his $20 American for not trashing my wheels when I'm not using them -- he calls it "assurance" while I call it "insurance" but it's really just plain old extortion. You see, Guido sold me the wheels and tells me he can only keep them working if I pay him forever, otherwise something nasty is sure to happen and it will cost me even more money to get it fixed.

If the woman in this article is such a heroic professional, why is she only cleaning off the malware and not getting the users off Microsoft OSes? Surely she has figured out by now that the cleaned machines get trashed again. Maybe she just really likes being needed. Maybe this is PR trash planted by some Microsoft goon.

Maybe Mac and Linux folks are laughing like crazed loons after reading this "heroic" article.

Cherrios.

Re:Here's a solution

[Mistshadow2k4]

Maybe Mac and Linux folks are laughing like crazed loons after reading this "heroic" article.

Yes, we are. Seriously though, phishing is growing into a problem for *nix-users these days, and so far as I know, the only state in the US in which phishing is illegal is California (I might be wrong there, though). You'd think "well, they should be smarter" but the phishers can be very clever, such as sending you an email that looks for all the world like it's from your ISP. (Yes, I was smart enough to check with my ISP before clicking that link, but I'm not gonna blame the people who didn't think of that. After all, if looks like a duck and quacks like a duck.....) So no matter what OS you're using, you should be paranoid.

How to solve the spyware problem on Windows? Well, Peer Guardian can help block tons of it. Besides anti-p2p, it has a spyware list and uses little memory to run in the background. It also updates itself automatically unless that is disabled. And you can keep only the spyware list checked to block, nothing else, if you want.

Another thing that can help is a router. I worked on a guy's computer that was loaded with spyware and had a few viruses to boot. He had a software firewall, Kerio I think, plus Avast antivrus and ran Ad-Aware twice a week. So why was he still getting all this crap? His ISP. They had no filters whatsoever. Their servers were set to allow anything to come through. Combined with an older computer with 128 mb RAM plus a fast DSL connection and it literally just couldn't keep up with all the malware pouring through from his ISP's servers. So he got a router and poof! After a fresh reinstall of Windows along with Avast, Ad-Aware, Spybot and PG his computer ran fine. But still.... from a *nix-users point of view, it seems ridiculous to have to spend so much money and effort just for basic protection that a more secure OS automatically provides.

But spyware is always going to be a problem on Windows because of MS's bad security model. If they fixed it so remote users can't install, run or modify anything on your computer without your express permission, it would go a long way towards fighting spyware and a lot of viruses - I know from experience that you don't need to download or click anything to get spyware or a virus, many download themselves straight to your computer. And Windows just lets them do anything it wants. This ability for a remote user to modify your system without needing permission is called a FEATURE by Microsoft, as demonstrated by Active X and the recently-patched .wmf vulnerability. People say "well if these *nix OSes were as widespread in use as Windows they'd have all the same problems", but if that were true, where are all the Unix viruses? If MS changed Windows so that it requires an admin to password to modify the registry, install anything, or for a remote user to run anything on your comptuer you'd see a marked improvement right away.

The aweful truth

[Opportunist]

It doesn't matter where you surf. It doesn't matter what you open in mail. It doesn't matter if you keep your system updated.

What matters is the combination of it all!

You have to do EVERYTHING to stay clean. No shady porn sites, no clickyclicky on shady mail, daily updates, up to date virus killer, well configured firewall, ...

"Gaaaaah... too much work!" is the answer you'll get from Joe Schmoe Average. "All I wanna do is surf, I don't wanna worry about system stability, Browser plugins and antivirus."

Well, all I want to do with my car is drive around. And still I gotta worry about red lights and directional lanes. Why the heck do I? It makes me slower and keeps me from getting right where I want to be!

Oh. Right. I enjoy being alive and have an operational car.

Fight it, don't clean it off

[Simonetta]

The emphasis on preventing spyware from infecting a PC is misplaced. The problem is best addressed by defining what is acceptable and what is not. Then punishing the people who exceed the limit.

    Who will define what is acceptable? We will, of course. We are the technological elite. It's time that we start making the parameters about what is acceptable behavior on the net.

    So the spyware makers pay off the politicians to allow some country to engage in aberant conduct and give them a save haven? Shut off the country from the web.

    It's time that we stop assuming that in the evolving information age that the politicians have more control over society than the technical elite. We control the web, and we need to take responsibility for the assholes and criminals who use it to prey on society. That means shutting down the 419 chuckleheads also.

    We created the environment that allows viruses and spyware to exist. It's time that we and not the politicians put an end to it. And if what we do goes against some jerks 'right' to sell access to your PC for his own profit, then so be it.

Easy for me to see!

[StarWreck]

This number is easy for me to see as an "average". Either people are at least mildly educated about spyware like us on /. and have absolutely no spyware or are completely unedcuated and have several thousand pieces of spyware!!! Those with several thousand pieces when averaged with those who have none what-so-ever can easy come up with 20 pieces on average.