Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scaremongering over Spyware?

Posted by Zonk on from the grains-of-salt-available-to-your-left dept.

Dynamoo writes "The BBC is reporting that PCs in the UK are infected with over 20 pieces of spyware on average. A frightening statistic, if it is to be believed. In fact, the figures come from Webroot - an anti-spyware firm with a commercial interest in playing up the spyware threat." From the article: "In Poland, 867 of every 1,000 domestic PCs have been infected by trojans, unsolicited programs that can allow remote users to control the machine. It is this international reach that concerns those in authority trying to combat the spread of spyware. "

36 of 196 comments (clear)

  1. True number or not, way too common.. by luvirini · · Score: 4, Insightful
    Regardless of how mch the actual numbers given there are over the top, the actual numbers of PCs having spyware infections is way too many.

    Slowly people that I know start to have things in order as I have managed to make them change habits, install tools and such, but not everyone has such aquintances, and even then, the number of times I have cleaned spyware from someones computer is way high...

    1. Re:True number or not, way too common.. by HermanAB · · Score: 3, Interesting

      Every Windows PC I get to repair has at least 10 pieces of spyware running.

      --
      Oh well, what the hell...
    2. Re:True number or not, way too common.. by Xerp · · Score: 3, Insightful

      This isn't just down to people's habits - poor quality software is also to blame. Microsoft Windows PCs are top of the spyware tree. Even with changing "habits" and installing a list of "security" bolt-ons as long as your arm, the poor quality of the Microsoft software is still going to let you down. Both at work and in the home, even the most well looked after Microsoft Windows machine is going to get infected. Take for example by PHB's machine. Microsoft Windows XP SP2, Microsoft anti-spyware, McAfee Anti-virus, fully patched.. last scan with Spybot S&D - 81 red entries. Sure, 56 were just cookies but also in the list was some really nasty malware. Then there is good old mum. Just browing using a 56k modem. Bless. Windows 2000 - can't patch as she only has a modem. Thing stopped working. It was so hosed the only way to recover was to use Knoppix to copy her files off. Of course, as it was my mum, I had full control over the situation. I upgraded her to Linux (Slackware 10, to be exact) - its now been 8 months and her PC is still spyware free. Not a single virus. Not one single problem. Mum isn't a techie and she loves not having to worry about "spybot" "mcafee" "norton" and a load of other things that mean nothing to her. She tells her friends how she is using Linux at home and how good it is. What amazed me, is that her friends had even heard of Linux. I mean, they're all over 60. Needless to say, they all want it too now. Sure, Linux on the desktop at work = a lot of corporate hassle. Linux on the desktop at home for non technical users who just want to browse, email and message = 100% perfect - and spyware free.

    3. Re:True number or not, way too common.. by Se7enLC · · Score: 3, Insightful

      The numbers don't surprise me too much. The typical response from people I interact with seems to be "My computer is running slow, acting strangely, crashing. Maybe I'll look into fixing it at some point". People just don't have the urgency anymore as virii/spyware aren't targetting their own machine anymore.

      It's not like the good old days when a virus just trashed your machine, so you had to act immediately. Now it just lies in waiting and uses your machine to launch attacks on others and collects personal information silently. People just don't care enough to fix spyware until it directly prevents them from using their precious web browser, email, and instant messenger.

    4. Re:True number or not, way too common.. by Ravatar · · Score: 2, Informative

      Use the symantec removal tool to get rid of NIS 2005. It's available on their website.

      The reason it exhibits this behavior is because otherwise, it would be WAY too easy for viruses to disable antivirus if it didn't fight back.

  2. Why not? by rahrens · · Score: 3, Funny

    Why shouldn't the anti-spyware companies do it? The anti-virus people over hype the threats all the time anyway. The press plays along cause it sells newspapers and ups the ratings...

    --
    "Money is truthful. If a man speaks of his honor, make him pay cash." Notebooks of Lazarus Long, Robert A. Heinlein
  3. Seems like a statisticians nightmare by antifoidulus · · Score: 4, Insightful

    How can you really tell how many people are infected with spyware? It's not a question like, "do you support proposition 84?" where you can call people at random or talk to them on the street. I would be afraid of the guy who came to my door asking if he could test whether or not my computer was infected with spyware(doubly so since I use a mac :P), and if you just ask people, 9/10 they won't know but will probably make up a answer anyway. They could use the numbers sent to them by customers, but that isn't random at all. Their customers are much more likely to have spyware infections or else they wouldn't be seeking their help.
    So yeah, it's a number, but not a very convincing one...

    --
    Monstar L
    1. Re:Seems like a statisticians nightmare by LiquidCoooled · · Score: 4, Funny

      I wouldn't be surprised if they have installed a little program on peoples machines to monitor and upload the stats about how much spyware a person has on their machine.

      --
      liqbase :: faster than paper
    2. Re:Seems like a statisticians nightmare by tdemark · · Score: 2, Insightful
      I would be afraid of the guy who came to my door asking if he could test whether or not my computer was infected with spyware(doubly so since I use a mac :P), and if you just ask people, 9/10 they won't know but will probably make up a answer anyway.

      It's funny you mention this. Last year (Sept, 2005), Consumer Reports had an issue dealing with personal computers. This is an actual quote from the article:

      Only 20 percent of Mac owners surveyed reported detecting a virus in the past two years, compared with 66 percent of Windows PC owners. Just 8 percent of Mac users reported a spyware infection in the last six months vs. 54 percent of Windows PC users.


      There is NO WAY those Mac results are accurate. I think what happened is that these Mac users got occasional pop-ups saying "Your machine is infected with (spyware|viruses). Protect yourself now by clicking here". So, they did and the problem "went away". As far as they were concerned, they were infected.

      I wouldn't blame the users as they shouldn't have to know better. I would blame CR for a faulty survey - if you ask questions that either require specialized knowledge (how many Mac users know what spyware is) or could generate a false positive (such as a user confusing an infection with a pop-up), then you really aren't doing a good job providing accurate results.

      - Tony
  4. Oh James... by digitaldc · · Score: 3, Funny

    The BBC is reporting that PCs in the UK are infected with over 20 pieces of spyware on average...It is this international reach that concerns those in authority trying to combat the spread of spyware."

    Quick, get Q on the line, I think we are going to need the services of 007 for this one!

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  5. And, typical of scaremongering tactics... by Caspian · · Score: 4, Insightful

    ...they are (probably deliberately) confusing the terms "trojan" and "spyware". Is it any wonder that the average user doesn't know the difference between a "virus", "spyware" or "adware", doesn't know the umbrella term "malware", and thinks that any antivirus program is all they need to stay safe?

    To this day, most end-users I talk to think that "spyware" is something good, since they hear people talking about "Spybot", which they think is "a program that gets rid of the viruses".

    When will we get some REAL end-user education in this topic? Public schools have Sex Ed classes where they teach you how to reduce your risk of getting HIV and the Clap... how about Computer Safety classes where they teach you how to reduce your risk of getting viruses or spyware?

    --
    With spending like this, exactly what are "conservatives" conserving?
    1. Re:And, typical of scaremongering tactics... by luvirini · · Score: 3, Insightful
      The problem is, with the threat environments changing so fast, schools are definitely not the best place to teach this, as schools should give lifelong skills.

      Anything they would teach about spyware today could very well be moot in 5 years if most people use secure systems.

      More proper thing would likely be going the route of licencing.. that is in order to allow use of a computer that is connected, you need a computer lisence, the same way you need a drivers license to drive a car on roads. That lisence could then be limited in duration and you would need to get updated on newest things, from behavior to threaths.

      Ofcourse that would bring many other problems in itself...

    2. Re:And, typical of scaremongering tactics... by fyoder · · Score: 4, Funny
      Public schools have Sex Ed classes where they teach you how to reduce your risk of getting HIV and the Clap... how about Computer Safety classes where they teach you how to reduce your risk of getting viruses or spyware?

      In Republican states that would amount to "Don't use computers, kids, and you won't get infected. Take the computer abstinence pledge."

      --
      Loose lips lose spit.
    3. Re:And, typical of scaremongering tactics... by richlv · · Score: 2

      When will we get some REAL end-user education in this topic? Public schools have Sex Ed classes where they teach you how to reduce your risk of getting HIV and the Clap... how about Computer Safety classes where they teach you how to reduce your risk of getting viruses or spyware?

      and what exactly would be the topics there ? what about exceptions ?

      now, let's say jhonny uses linux at home and tommy's father has bough mac for everybody in the family. are they free to go from these classes (in which case everybody will claim to have something-else-but-windows that year) or maybe we should allow them to sit there and ridicule others (which, i must admit, might be pretty cool & effective way to deal with the problem ;) )

      of course, short, informative classes/lections that are very generic might be usable, but i just do not see how could this be done in sufficient way. additionally, this situation is changing very, very rapidly - unless a person is interested in these things, i just do not see how classes like these could help much.

      for example, i haven't used windows for some 3+ years. it was around that time when spy/ad/whatever ware started to appear. i do not have an idea what to do with all those programs - spybot, adware and, i think ms had one, too - that i keep hearing about.

      should i be sent to some class about them ? or, maybe, as another poster has reminded about 'license' thingie, maybe i should be prohibited connecting to internet unless i, um, somehow learn about all that stuff and somehow even install them ? ;)

      now, one thing i agree with you completely - education is important. but that should start with, let's say, journalists. computers have become pretty important part of our everyday life, so there is more and more information in mass media about things like virus outbreaks or big happenings in it - and pretty big part of them are very low quality.

      now, what seemed funny to me... there was an ad in local supermarket. big letters said "GET RID OF VIRUSES - PERMANENTLY*". at the background some sort of designed, semi-transparent blue computer monitor was displayed.

      small letters at the bottom said "there has been no single virus for mac"

      so, probably customers are interested in security after all - maybe it will not be mass media or opensource backers who will change the things - marketing people might pick up this and other facts so the information will catch the eye and people will start examining the options available. hopefully.

      --
      Rich
  6. Not necessarily that much scaremongering by DagdaMor · · Score: 5, Insightful

    When I help out none-techies with their crippled system, they often have in excess of 100 pieces of various malware. I can well believe as an average of the uk that 21 would not be a too unreasonable figure.

    --
    All is fair in love and war... ...as long as I'm not losing!
  7. More Information by TripMaster+Monkey · · Score: 4, Informative

    From TFA:
    If the FTC gathers evidence of a crime, it can - and does - launch prosecutions. Last month two companies were ordered to hand back more than $2m (£1.14m) garnered through selling fake anti-spyware products.
    More information regarding those settlements can be found here.
    --
    ____

    ~ |rip/\/\aster /\/\onkey

  8. Spyware?? by Anonymous Coward · · Score: 4, Interesting

    Well it would all depend on what was being classed as spyware. Are they including tracking cookies, in which case anyone using google with cookies turned on will be infected.

    And why oh why can't the BBC specify "Windows" users. Why do they report every piece of Malware as being a threat to PC users. It's not. Most malware is operating system specific. if it affects Windows, say Windows.

    Sloppy journalism...slipping standards, blah blah...

  9. Education is key by gihan_ripper · · Score: 3, Insightful

    Education is the real key to computer protection, not the purchase of spyware removal tools.

    I've only ever had one piece of malware, which was ten years ago (the Tai Pei virus). In the meantime, I've learned good computer habits. These include being cautious about downloading and installing software, using the free firewall which comes with Windows XP, and employing the Mozilla range of browsers / email clients.

    If users don't learn to be cautious when using a computer, they're going to run afoul of phishers, which will be much more of an incovenience that a bit of adware.

    --
    Phoenix, Boston, Little Rock, see a pattern?
  10. However... by inphinity · · Score: 2, Funny
    Isn't it also true that most spyware that these programs detect are somewhat-benign tracking cookies for sites like FastClick? I wouldn't necessarily classify those as spyware.

    However, if they are, then I'm sure most of the computers I own (Linux, OS X, Win) will have at least a dozen such "spyware" infections...

  11. I could easily believe that. by edunbar93 · · Score: 2, Interesting

    Hell, I've seen computers that would push that average *way* up all on their own.

    You have: 10,489 viruses on your computer

    No, I did not make that up. There are actually people out there (many, in fact) that think that the computer is running really slow because it's getting old, and not because there's three billion pieces of crap bogging it down. It just never occurs to them.

    --
    "No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
    1. Re:I could easily believe that. by walt-sjc · · Score: 2, Informative

      You have: 10,489 viruses on your computer

      I've seen similar, although generally it's ONE virus infecting 10,489 files...

  12. Re:Cookies by rahrens · · Score: 2

    Tracking cookies in and of themselves are not malware. Spyware is an app, perhaps in java, that specifically targets user's info and sends it independently back to a parent server/site. It may be stand-alone, or it may be part of another app, but a tracking cookie in and of itself is NOT spyware!

    --
    "Money is truthful. If a man speaks of his honor, make him pay cash." Notebooks of Lazarus Long, Robert A. Heinlein
  13. its a concern by dotpavan · · Score: 2, Interesting
    sometimes it concerns me as to how much of valuable resources get wasted in trying to remove these malicious progs. It is sheer ignorance, utter haughtiness and no intention to prevent damage to systems from the users that cause such stats to occur.

    On the other hand, doesnt it lead to waste of:

    (*) valuable time, because every now and then you have to scan/remove/update/etc

    (*) valuable comp resources/processing because you HAVE to have your anti-****(whatever)-ware ALWAYS on, which are generally bloated and eat up memory/processing (*) and imagine the rebooting and re-installing

    Its sad that the 'wonderful pc experience' has now come to a stage that the price one pays is getting heavier. And with some very basic steps/prevention measures (as explained by many at /. during such stories), it could be enhanced many times.

  14. Depends on your definition of "spyware" by Opportunist · · Score: 5, Interesting

    I'm working for an antivirus company (and you have NO idea, the problem with spyware is not that you couldn't remove it, it's the legal issues around removing it and labeling it spyware), and from my perspective, there are 2 kinds of spyware out there.

    The kind that comes in the form of a cookie like doubleclick. It's tracking you, so it is technically spyware, even though it does not modify anything on your PC, does not have any negative impact on your stability or anything else. All it does is to monitor your browsing behaviour.

    If you count this kind of spyware then yes, the infection rate is crippling. 99% I'd wager. And 20 on average is reaching kinda low.

    If you only count those pesky popups that come as BHOs and other installed services, then my count would be a LOT lower. Still way too high but WAY lower.

    And yes, the average infected computer carries a tremenduous load of spyware. If you have one, you have them all. If I didn't know better, I'd say they download each other. :)

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  15. 20 Spyware Packages? by bmo · · Score: 4, Informative

    Hah!

    DOUBLE HAH!

    Them: "Dude, my computer is slow and it's got some sort of popup that comes on when I turn it on"

    Me: "You're infected"

    Them: "But how? I don't go to any porn sites...." yadda yadda yadda.

    And when I get to the sick peecee, I see that not only does it have _one_ piece of malware, but it barely boots from the hundreds (sometimes thousands) of evil packages all fighting for control of the poor machine.

    It's a losing battle. No, it's not scare mongering. It's reality.

    --
    BMO

    1. Re:20 Spyware Packages? by Esion+Modnar · · Score: 2, Interesting
      it barely boots from the hundreds (sometimes thousands) of evil packages

      When I first start to clean a PC, I don't even try to boot it. I just yank the HD, put it in an external USB case, then plug it into a malware cleaning workstation to run a whole slew of programs against it: AVG, Spybot, AdAware, Spysweeper, etc. By the time I replace it in the original box, what few evil programs that remain have been so crippled that finishing the job is a breeze.

      I also get a printout of the list of evil programs and hand it to the customer. Helps the customer's sense of value of my services.

      --

      They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
  16. Here's a solution by eyepeepackets · · Score: 2, Insightful

    They can give Microsoft an additional $50 American every year, that should fix their PC problems post haste: Who better than Microsoft to fix Microsoft products?

    Now if you'll excuse me, Guido the wheel man is at the door wanting his $20 American for not trashing my wheels when I'm not using them -- he calls it "assurance" while I call it "insurance" but it's really just plain old extortion. You see, Guido sold me the wheels and tells me he can only keep them working if I pay him forever, otherwise something nasty is sure to happen and it will cost me even more money to get it fixed.

    If the woman in this article is such a heroic professional, why is she only cleaning off the malware and not getting the users off Microsoft OSes? Surely she has figured out by now that the cleaned machines get trashed again. Maybe she just really likes being needed. Maybe this is PR trash planted by some Microsoft goon.

    Maybe Mac and Linux folks are laughing like crazed loons after reading this "heroic" article.

    Cherrios.

    --
    Everything in the Universe sucks: It's the law!
    1. Re:Here's a solution by Mistshadow2k4 · · Score: 2, Insightful

      Maybe Mac and Linux folks are laughing like crazed loons after reading this "heroic" article.

      Yes, we are. Seriously though, phishing is growing into a problem for *nix-users these days, and so far as I know, the only state in the US in which phishing is illegal is California (I might be wrong there, though). You'd think "well, they should be smarter" but the phishers can be very clever, such as sending you an email that looks for all the world like it's from your ISP. (Yes, I was smart enough to check with my ISP before clicking that link, but I'm not gonna blame the people who didn't think of that. After all, if looks like a duck and quacks like a duck.....) So no matter what OS you're using, you should be paranoid.

      How to solve the spyware problem on Windows? Well, Peer Guardian can help block tons of it. Besides anti-p2p, it has a spyware list and uses little memory to run in the background. It also updates itself automatically unless that is disabled. And you can keep only the spyware list checked to block, nothing else, if you want.

      Another thing that can help is a router. I worked on a guy's computer that was loaded with spyware and had a few viruses to boot. He had a software firewall, Kerio I think, plus Avast antivrus and ran Ad-Aware twice a week. So why was he still getting all this crap? His ISP. They had no filters whatsoever. Their servers were set to allow anything to come through. Combined with an older computer with 128 mb RAM plus a fast DSL connection and it literally just couldn't keep up with all the malware pouring through from his ISP's servers. So he got a router and poof! After a fresh reinstall of Windows along with Avast, Ad-Aware, Spybot and PG his computer ran fine. But still.... from a *nix-users point of view, it seems ridiculous to have to spend so much money and effort just for basic protection that a more secure OS automatically provides.

      But spyware is always going to be a problem on Windows because of MS's bad security model. If they fixed it so remote users can't install, run or modify anything on your computer without your express permission, it would go a long way towards fighting spyware and a lot of viruses - I know from experience that you don't need to download or click anything to get spyware or a virus, many download themselves straight to your computer. And Windows just lets them do anything it wants. This ability for a remote user to modify your system without needing permission is called a FEATURE by Microsoft, as demonstrated by Active X and the recently-patched .wmf vulnerability. People say "well if these *nix OSes were as widespread in use as Windows they'd have all the same problems", but if that were true, where are all the Unix viruses? If MS changed Windows so that it requires an admin to password to modify the registry, install anything, or for a remote user to run anything on your comptuer you'd see a marked improvement right away.

      --
      I dream of a better world... one in which chickens can cross roads without their motives being questioned.
  17. EASILY believable by Short+Circuit · · Score: 3, Informative

    Here at GRCC, Computer Club runs a monthly event called PC Clinic where we fix machines for free. We've serviced more than 60 machines over the course of the three events we've run. We easily average more than 100 pieces of spyware on each machine we test.

    Three or four machines had over 1000[sic] pieces of spyware, and one machine had over three thousand pieces, plus several variants of either Sasser or Sobig. (I forget which...that machine came in the door on our first day.)

    We don't just service the machines of the elderly...we get a lot of uninformed college students and their parents, as well.

    If you have any questions, drop me an email. I'd be happy to answer them. I'll respond to /. comments later, after class. :)

    --
    tasks(723) drafts(105) languages(484) examples(29106)
  18. The aweful truth by Opportunist · · Score: 3, Insightful

    It doesn't matter where you surf. It doesn't matter what you open in mail. It doesn't matter if you keep your system updated.

    What matters is the combination of it all!

    You have to do EVERYTHING to stay clean. No shady porn sites, no clickyclicky on shady mail, daily updates, up to date virus killer, well configured firewall, ...

    "Gaaaaah... too much work!" is the answer you'll get from Joe Schmoe Average. "All I wanna do is surf, I don't wanna worry about system stability, Browser plugins and antivirus."

    Well, all I want to do with my car is drive around. And still I gotta worry about red lights and directional lanes. Why the heck do I? It makes me slower and keeps me from getting right where I want to be!

    Oh. Right. I enjoy being alive and have an operational car.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  19. Fight it, don't clean it off by Simonetta · · Score: 2, Insightful

    The emphasis on preventing spyware from infecting a PC is misplaced. The problem is best addressed by defining what is acceptable and what is not. Then punishing the people who exceed the limit.

        Who will define what is acceptable? We will, of course. We are the technological elite. It's time that we start making the parameters about what is acceptable behavior on the net.

        So the spyware makers pay off the politicians to allow some country to engage in aberant conduct and give them a save haven? Shut off the country from the web.

        It's time that we stop assuming that in the evolving information age that the politicians have more control over society than the technical elite. We control the web, and we need to take responsibility for the assholes and criminals who use it to prey on society. That means shutting down the 419 chuckleheads also.

        We created the environment that allows viruses and spyware to exist. It's time that we and not the politicians put an end to it. And if what we do goes against some jerks 'right' to sell access to your PC for his own profit, then so be it.

  20. Obligatory by Headcase88 · · Score: 2, Funny

    Let's count it up. MSN, Internet Explorer, Windows Autoupdate...

    I kid, I kid :P

    --
    "When the atomic bomb goes off there's devastation...but when the atomic bong goes off there's celebraaaaation!"
  21. Easy for me to see! by StarWreck · · Score: 2, Insightful

    This number is easy for me to see as an "average". Either people are at least mildly educated about spyware like us on /. and have absolutely no spyware or are completely unedcuated and have several thousand pieces of spyware!!! Those with several thousand pieces when averaged with those who have none what-so-ever can easy come up with 20 pieces on average.

    --
    ... and in the DRM, bind them.
  22. Spyware is even scarier than that... by foQ · · Score: 2, Interesting

    It's always a shocker to see what kind of data is collected by keyloggers. With 20+ pieces of malware on the average PC, how many do you think are in places where you do have personal information. Your company has all of your personal information, somebody had to enter that in by hand. How about banks? They're frequently the target of even nastier things than the article mentions. Remember that the credit card and check scanning devices that are attached to computers input data in the same way that keyboards do. In fact, most of them are daisy-chained to keyboard plugs to get power. This means that if your local florist, butcher, dry cleaner, etc. does transactions on the computer, all of your credit card or check information could be in Russia within the hour! Scary.

  23. Then look at other studies by sremick · · Score: 3, Informative

    There are plenty of other more-neutral studies that say basically the same thing.

    Late in 2004 some studies were done that were pretty thorough. I know it's kind of old now but I can't imagine things have gotten any better.

    A study was done by AOL and the National Cyber Security Alliance. Some of their findings:

    6% of users thought they had a virus currently on their computer. A scan revealed that actually 19% of all the users had viruses.

    71% of those with antivirus software thought that it updated weekly or daily. However, a scan revealed that only 33% of all the users had actually updated their antivirus within the last week.

    53% thought they had spyware on their computer. A scan revealed that in truth, 80% of all the users had spyware.

    References:
    http://www.infoworld.com/article/04/10/25/HNaolsur vey_1.html
    http://www.staysafeonline.info/pdf/NCSA-AOLIn-Home StudyRelease.pdf
    http://www.staysafeonline.info/pdf/safety_study_v0 4.pdf

    Another study by Dell estimated that nearly 90% of all desktop computers are infected somehow, with 1 out of 5 calls to Dell tech-support being virus/spyware related. Most people aren't even aware that their computers have been compromised:

    http://www.financialexpress.com/fe_full_story.php? content_id=71662
    http://www.webpronews.com/news/ebusinessnews/wpn-4 5-20041015DellsSpywareSurvey.html

  24. Spyware scaremongering == business model by ChiliJ · · Score: 2, Informative

    Mark Russinovich of sysinternals has an interesting experiment here.