Slashdot Mirror
Most Web Users Unable to Spot Spyware
Ben writes "According to a Spyware Quiz conducted by McAfee SiteAdvisor , a staggering 97% of Internet users are just one click away from infecting their PCs with spyware. One interesting conclusion from this study showed that even users with a high "Spyware IQ" have a nearly 100% chance of visiting a dangerous site during 30 days of typical online searching and browsing activity."
That has to be wrong, somehow. A lot of the people I know only go to trusted sites, virus-scan everything, etc etc. It only takes common sense and a slightly focused attention span to keep your machine clean.
...can't spot it either, but they use Macs-- so it's a moot point.
McAfee will sell me the software to help save me.
Well, I wager that even though 100% of these "high IQ" users may visit one of these sites, 99.99% don't become infected by it.
That's why I'm using VMWare's non-persistent feature so that my internet-facing OS is always the same, except after updates have been installed.
Please stop entering code 2,2,7,6,6,4
But Mac and Linux users comprise more than 3% of Internet users!
The quiz in question has you choose which of two sites, based on screenshots, has spyware. The sites were all for things like screen savers, song lyrics, and free game downloads. That is a terrible, terrible way to judge a users capability to determine if something has spyware.
One interesting conclusion from this study showed that even users with a high "Spyware IQ" have a nearly 100% chance of visiting a dangerous site during 30 days of typical online searching and browsing activity.
Sure, we like to visit places like http://www.cracks.am, who actually write their own spyware. But I am not so sure that qualifies me as ever installing any of their garbage.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
How exactly does that matter if less than 97% can get infected with spyware, or were they only testing people with systems that didn't safeguard against such? I would assume more people are careless about such things because they have anti-spyware software installed or are running an OS other than Windows.
*Click*
Clearly the message is to just give up and pay the anti-virus/anti-spyware people a bunch of cash.
The real way to combat this is to hold website owners responsible if they are hosting such malware.
Windows is the only operating system suceptible to spyware. I am SURE that users of alternative operating systems comprise more than 3% of internet users.
Yet another misleading article. They should at least get their facts right.
Arrrrrrr
Free pr0n? Free laptop? Free Ipod? Yes!! *clikc*click*click*! 97% of internet users think free truly means free.
This is just like a "spot the phishing email" quiz I saw. Just looking at a picture gives you no context. Did you get the link from a reliable source? What OS/browser are you running. (I'm definitely more willing to check out something suspicious in Safari than Internet Explorer.) Are you dumb enough to download and run something from the site.
I got 6 out of 8 (both of my misses were regarding P2P software). What did you get?
This is very surprising. If they had not done this study, I never would have believed the results.
It contains no technical information or interactivity whatsoever. No status bar information, no ability to view page source, just screen grabs of random web sites.
This is a completely invalid, unsound test, as there is no technical way to determine the presence of malicious software simply by looking at a page as it initially loads in the absence of any ability to interact with it or at the very freaking least scroll up or down or hover a mouse... sheesh...
It's like blindfolding someone and then blaming them for not being able to catch a baseball pitch, facing away from the thrower, with their bare hands. Of course they won't be able to, if you take away every single useful tool for them to accomplish the task.
STOP . AMERICA . NOW
This quiz doesn't measure anything. Where's the option for "Both of these look suspicious and I wouldn't go near either of them"?
Since the quiz requires JavaScript, and since I have that by default disabled, I think I passed the test.
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
The quiz (http://www.siteadvisor.com/quizzes/spyware_0306.h tml) asks questions like "Which of these smiley download sites is safe?" The answer I'd pick is "I don't care which one is safe, I wouldn't ever download something so pointless and high risk to begin with", but that option isn't available.
Seriously, is McAfee trying to imply that some executable code you download off the Internet from people/organizations of unknown repute is safe?
BTW, if 3% of people answered their questions correctly, that means that 5 of 8 questions effectively had 50% odds. For example, if 50% of people were able to get questions 5-8 correct, and everyone just flipped a coin to answer questions 1-4, you'd get a 3% all-correct rate.
New study says Linux more expensive than Windows! And cigarettes are not addictive!
Give users a cool, savvy looking test that makes them choose between two equally suspicious looking webpages, then reveal their horrible results. Oh no! But with SiteAdvisor, never fear... you'll have a handy site report to base your decisions off of!
/. as an indicator it's a shameless plug for their product, except the majority of intelligent Slashdotters is hardly prone to falling for this.
Yes, easy to see what the purpose of this test REALLY is... promotion promotion promotion! I'd even point to the fact that this is on
Then again, what do I know? I got a 5 out of 8 on the quiz. Boy, am I a dumb intarweb user! Better go install that SiteAdvisor after all...
I love it.
McAfee claims that one of the lyrics sites has "delivered adware through ActiveX" via Firefox.
Notice the Top Right of any pic. Thier FireFox is out of date.
And that is just another reason I don't use McAfee.
I took the quiz - it's a terrible format. It shows you a SCREENSHOT of two different sites (say two free screensavers sites...) and asks you "what one do you think is bad". How lame is that? There is no way you can judge if a site has spyware just by looking at it. One of questions even said "wrong - this site delivers it's games via an active x control that contains spyware". Well how the heck are you supposed to know that from a screenshot? I'm sorry, but that is a very, very flawed quiz. I'm apparently a high risk user even though I haven't had one case of spyware on any machines in over two years.
:)
A better quiz would be to pop up both sites, let you investigate a little - of course, I could have done that as part of the quiz, but I didn't feel like working at it that much tonight
It's kind of like the AIDS awareness posters they used to have up at campus - you can't tell just by looking at someone! True in this case as well.
Use Firefox or Opera, disable Java and Javascript.
End of problem - next quiz, please.
"You're either outstanding, or outprocessing"
Only staggering internet users are affected by this. Even then, three percent avoid the pitfall.
I'm thinking most people are surfing for stuff that I never think to. In 20 or so years of using a computer, and 15+ years of being able to access the internet, I don't believe I've ever had a single virus, malware, spyware, or whatever.
Then again, I don't want animated cursors, free screen savers, or any of that stuff.
Then again, I primarily surf from a Mozilla with no plugins enabled, prompts for cookies, and a hosts file to block everything. So I'm probably not the typical web-user.
Lost at C:>. Found at C.
I came across a 7th grader who managed to load up a Win98 machine with 14 different pieces of spyware with 1 click in IE. We wiped the machine with an industrial strength removal program, installed Firefox, locked it down, and asked her to go out to the same website. NOTHING - not one single piece of spyware - got through on Firefox. At that moment, I converted for life.
So I took the quiz, and the first 4 questions didn't have the correct answer as an option. The correct answer is "do not download binaries from unknown sources."
Seriously, if you're asking which smiley or screensaver site is "safe", you've completely missed the point. Downloading binary files from arbitrary sources is inherently unsafe. Build from source, or do without whatever it is.
All's true that is mistrusted
I just saw the Microsoft ad on this particular article! Just coming to this page infected me with more Microsoft spyware, how can I remove it now?
I got four out of eight wrong, but then I don't use any of the P2P programs listed, so I'm not up on the current ones as to which has spyware embedded. Of course, I KNEW Kazaa did, so that one was easy. I've never used BearShare or eMule and never heard of the other one.
Since I run Firefox with no ActiveX, and on the Windows side I run at least four antispyware programs, I'd say my performance on the quix isn't terribly relevant.
Also, the fact that the SITE has downloads with spyware doesn't necessarily mean that any specific SOFTWARE I download has it. I tend to get my freeware from sites that check for that sort of thing anyway. And I never download crap software like screensavers, smilies, and the like. If I get a smilie, it's an animated GIF. I only download utilities that seem to have been written by someone with a clue.
I'd say this is hype from the security software guys again. I'm sure a better quix could be developed - but it wouldn't matter since most people aren't concerned about computer security anyway - as the horrible results demonstrate.
Teach people to dump IE and ActiveX and design the browsers to turn off scripting and applets by default and provide prompts and sandboxes, and spyware will go the way of the dodo.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Most Web Users Unable to Spot Spyware
Well, I guess that's why they call it spyware, don't they. I mean, what kind of spy would be easy to spot? Wouldn't be a very good spy, now would he.
The higher the technology, the sharper that two-edged sword.
Most of the boxes that are popping up are getting increasingly cloak and dagger.
For me, its gotten to the point where I don't even trust a "close" button on these popups
Something akin to clamping down on false advertising (or just plain fraud) needs to be done.
Most web users are unable to tell what browser they are using. Or operating system, for that matter.
Support: What web browser are you using?
User: Microsoft Excel.
Support: Okay, what operating system are you using?
User: Um... Dell?
Find environmentally and socially responsible products on http://buy-right.net
did they gather these results with spyware?
I got 7 out of 8... I would have had 8/8 but I second guessed myself on one of the P2P programs at the last second. D'oh.
I went to each one of the sites before answering. I still missed two of them.
:) And Kazaa has a long history of being full of crap that's bad for your system. Ugh.
First I missed the lyrics sites. One of them supposedly installs activeX adware. I couldn't tell this since I'm using Firefox in Linux.
Then I missed one of the P2P software sites. I incorrectly decided that Blubster was safe, even after looking through the site. They do mention that they take information given when you fill out a contact form, but I didn't see any mention in the terms of use or privacy policy regarding anything in the software itself.
Of course, I would have never actually downloaded that in the first place. I knew emule was safe though. Yay open source!
So yeah, I missed 2 of them, but would not have been infected by any of the bad sites. Mostly I just think this quiz is lame.
Nothing to see here
I find it humorous that the system used to prevent spyware also tracks the score people get on a quiz and what sites they visited for at least 30 days thereafter.
Everyone (read: 100%) knows that 47.6 percent of all statistics are made up on the spot. I mean, sheesh, I haven't had any spyware, virus, trojan, malware, etc on my machine for about six months now. I'm a heavy user and so are my friends. I think it's a testament to just how stupid people are. Oops! I almost said 'americans'. Then I would have been flagged for trolling.
7h3$3 4r3n'7 7h3 Ðr01Ð$ ¥0 4r3 £00|{1n9 f0r. M0v3 4£0n9. --OB1
let's go through the quiz (if you want to see for yourself untainted, do so before reading this):
the first 4 questions have you determine which of two sites is safe, based on screen shots.
question 1: choose between two screen saver distrobution sites. like all the others, it's just a screenshot, and doesn't even show the whole front page, let alone users look at other pages. the only decernable difference is that the first one looks more professional, so heeding the remarks in the article that said most users seem to think that means it's safe, and "reading between the lines," I picked the other one, since there was no logical way to decide. I was wrong.
question 2: smilies. the one on the right looked more professional, and said "NO UNWANTED SOFTWARE" in a very easily spotted location, with big letters, and the other in regular sized font, in the bottom right, had a half cut off message that pretty clearly stated (even with incompete sentances) that it contained spyware, so I picked the one on the right, this time with some actual info to go on. I was right.
question 3: free games. the sites had no noticeable differences in professionalism, no warnings or advertising of spyware freeness either way, nothing to go on that really made any sense to actually use, so I decided that TotallyFunFreeStuff was trying to hard, and was probably hiding something, and picked the other. I was right.
question 4: Lyrics. important to note that this one used active X, so it's irrelevant to anyone who's not dumb enough to still regularly use IE anyways, which now that I mention it, I think I'll soon put a rant about McAffee and that that in my Journal (will be a first entry,) but it's to much of a tangent for this post. anyways, the one on the left looked more professional, and the one on the right had a "firefox blocked a popup" message on it, so I picked the left (entirely because of the message, I continue to mention the professionalism because the article made a stink about it.) I'd like to note that the thing I took as a tip off wouldn't be availible if I were seceptable to this at all, as it's a firefox message, which doesn't do active X. In any case, I was wrong.
the last 4 questions had you determine whether a file sharing program was safe based on the usual screenshot of the webpage.
Bearshare: site looks professional, there's a link for a "FREE Sponsored version," sponsored sets off a red flag in my mind, I say no. I'm right.
eMule: worst site design of the four astheticly, says it's open source, I've heard of it, I say yes. I'm right.
blubster: pretty sleek front page design, though it feels like a splash screen, so there's almost no information. nothing to go on really except that it says it's 100% free, which given the fact that OSS/Free software tends to advertize itself as such, and they didn't, probably meant add supported, but for some incomprehensible reason I still picked yes. I'm wrong.
Kazaa: slick page, big "NO SPYWARE" label on the font page, there's a main section for the privacy thing, which I bet a lot of people would have looked at if it were a page, not a picture, but instead just trusted it because the label was all they had to go on. I was familiar with the software though, so
No single raindrop believes that it is responsible for the storm.
This quiz is supposed to scare people into buy their product, nothing more. No useful statistics can be gleaned from it.
If they wanted to make an accurate assesment they would set people up with a VM with a resonably patch version of windows, and big shiny icons for both IE and firefox and say "Browse the internet for an hour" and see how the machines were affected.
PS: I got a 5 out of 8 on the test, but only because there was no option to say "Why would I be dowloading lyics or smilies in the first place -- these things or more likely to have spyware than pr0n?" That and I guess they want you to trust eMule.
Comment removed based on user account deletion
I'll fight tooth and nail to rid my windows os of that annoying spyware trying to replicate and connect out on random ports. Eventually it will win and I'll give up. Twenty minutes after the new install I'll be back on astalavista... trying to get that crack for some new antivirus I think will work. Yes, I know I just picked up the same spyware/adware/malware that caused me to reinstall in the first place. Still, I'll do it again and again, because damnit there isn't anything that can stop it anyways. All the antivirus out there just tells you that you have a problem. I haven't had any antivirus remove anything in the last 5 years, and I try them all. Two tears in a bucket...
Most www users are not geeks and cannot tell the boundary between their computer and the internet, let alone know how to drive a hosts file etc. Any advice of this form is completely useless to most www users. If the computer says "click on this" they will. Don't expect them to tell the difference between something from MS or the OS and a phishing scheme or other attack.
It is also not reasonable to say that people should know this stuff to use the www. Nonsense! Do you need to know the difference between a knit and purl stich to wear a sweater? Do you need to know what advance and retard are to drive a car? Why the hell should you know what a hosts file is to use the www?
Engineering is the art of compromise.
Anyone else that took the quiz notice that their Firefox window had some unapplied updates? Also, a screenshot of a website can't provide much information, especially when you can't even do as much as scroll down to see what their privacy policy is.
How are sites slashdotted when nobody reads TFAs?
My God, he hit the nail on the head. Good show.
If a site has popups when I hit the first page, I dont go any further.. it's a desperate sign of revenue gathering. Who knows what else they would do to get money... *cough*
The problem is that by saying that users can't tell the difference, the quiz implies that that users were fairly tested and failed, when in truth, the test is effectively rigged to be impossible to pass by anything other than pure chance, thereby providing a guaranteed result for the seller of the product in question.
I completely agree that most users don't have the technical skill to spot a spoof email or determine whether a link actually goes where it says it does... so there was NO NEED for this rigged, idiotic test that simply helps to miseducate users further by implying (to their understanding) that the only way to try to make such determinations is by staring dumbly at a screen. In short, not only is the test rigged and pointless, but it also effectively spreads misinformation to the very users most in need of the sort of help it purports to provide.
That's my point. There's nothing slimier than being slimy just for the sake of it when you can achieve smiliar results by being fair and open. It speaks very ill of the company that produced the quiz.
STOP . AMERICA . NOW
In a test of slashdot editors 97% were unable to differentiate between news or a corporate press release. Successful identification dropped to 0% if either Google or a Microsoft competitor supplied the article. When asked about his editors incompetance Rob "Cmdr Taco" Malda explained "We just pick the articles with pretty colors, as we really don't have time for anything other than wacking of to pictures of Linus Torvolds and sending resume's and cover letters to Sergie Brin"
I just took the quiz, didn't choose any of the offered sites as safe, and scored a zero. WTF, how could I get spyware from not using the site in the first place.
Gimme a break....
I'd mod this up if I had the points. So many "use Linux", "use Firefox", "love open source" trolls to mod down too...I don't think even 30 points would be enough.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 SU CK IT MP AA
By analogy, this quiz is the rough equivelent of having people pick from a group of crack-head prostitutes the one without disease, and when they fail, telling them they know nothing about safe sex. Safe sex, like safe browsing, ended before the the first question on the test. There is no safe sex by trying to pick only the disease-free crackhead prostitutes. There is no safe browsing by trying to pick the free smilies site that won't blow your computer up. There is value in mininimizing risk where it's found, but to me, safe browsing and downloading FREE SMILIES!!! from some popup window are mutually exclusive activities. That said, their product does have merit, probably. I just wished it was marketed as what it is: "You're a dumbass, and are going to do dumbass things. Maybe you need a net."
exceptio probat regulam in casibus non exceptis
Stay away from the scraggy whores (sites offering binary executables) and you're at least somewhat safe. Give in to temptation, and you're certainly doomed.
1. People with a high spyware IQ don't choose either option. But that doesn't make for good headlines when you're trying to peddle your spyware-killing software.
2. People with a higher spyware IQ don't run IE. At least they passed this test.
3. People with even higher spyware IQ update FireFox when the little red "you need an update" icon appears. Bzzzt....bad form for an anti-virus company.
4. People at the top of the spyware IQ scale don't run Windoze.
Last time I checked, 10% of all surfers have disabled javascript and a significant percentage which I don't recall at the moment don't run Windows. Makes that 97% figure a bit hard to swallow.
~~~~~~~
"You are not remembered for doing what is expected of you." - Atul Chitnis
I passed the quiz, no real surpise. It's quite easy just looking at the pictures, when you know what you're looking for.
Every single "safe" site had a "Support" or "Forums" button. None of the "unsafe" sites did.
That's because the unsafe sites support would have the FBI on them in a second from this guy.
FreeBSD: The Power to Serve!
"Most Government Officials Unable to Spot Spies"
And what is that one click? Infect me now
.. paranoid crackpot leftover from the days of Amiga.
With the exception of eMule, adware and spyware are only suffered by those who are credulous, vacuous fucking morons who spend their days looking for free $something_retarded_like_giant_smileys_or_crappy_f lash games.
"In our tests, we found downloads on this site that some people consider adware, spyware, or other unwanted programs."
From the "View site report" link below the screenshot after you've taken the quiz. Ok, so who are "some people" and how much are they getting paid to go which way?
are using OpenBSD on SPARC, and we prevent viral code execution by removing the CPU.
I get the point that when you go to a screensaver site and see 2 menupoints and 4 screensavers, that is suspicious, ....
,,, )
but in most cases they seem to tell me, that a simple design vs bling means that the simple design will sell you spyware
dunno, i think any download is a potentional spyware, especially the spyware programs (that my wife installed on her mom's computer adter a popup : your computer mught be infected
well at home she uses linux so did not get a clue......
ohh that crap also has the important message: all p2p programs are spyware laden....
I'm just one commandline away from "rm -Rf /". Having typed it into this Slashdot submission form, I'm just a click away from pasting it into a terminal window.
Yet somehow, I don't feel like I'm peeking off the ledge of a 50 storey building into tiny traffic below.
--
make install -not war
For sites that direct your browser to an IP address URL this hosts file does nothing. (http://123.22.33.44/grabyoubytheshorthairs.php)
1. We present you with a 32x32 pixel cropped screenshot from two sites. One of those contains dangerous spyware! Which one is it!
*click*
Ahahah, it's both you loser!
Now go buy our software.
2. Next question: what you see is 32 bytes from two EXE files. Which one of those installs adware?...
-Cypheros
I took my usual paranoid route. For the first four questions, I didn't select either site (which, as it asks which site you trust, seems to me to implicitly state that I don't trust either site). For the last four sites, I specified that all of them potentially had spyware.
My result? Well, acccording to this "survey" I only scored 3 out of 8, as my not trusting sites which didn't have spyware (as they could find) counted against me, and I distrusted one site which the survey claims has no spyware. So apparantly, because I don't trust ANY of the 8 sites referenced in the survey, I'm "At Risk", and my "...answers would have infected your PC with adware and spyware many times over.".
Uh huh. Not trusting any of the 8 sites is putting me at risk? Spyware and adware many times over? Let's ignore for a moment that I'm running Mac OS X, and that I wouldn't visit any of those sites in the first place, and don't download screensavers, wallpapers, or smilies, but apparantly according to SiteAdvisor my distrust of all their sites puts me at risk.
And that right there is enough to tell you the quality of this so called "survey".
Yaz.
FTFA:
According to the first-ever Spyware Quiz conducted by SiteAdvisor, a staggering 97% of Internet users are just one click away from infecting their PCs with spyware, adware or some other kind of unwanted software.
If we accept this statistic, then we accept that the non-windows OSes share 3% of the market. OK, I know OS X and Linux each have a small market share, but they're splitting up 3%? I don't think so.
It's not offtopic, dumbass. It's orthogonal.
I heard good things about it too! I better stop trusting people!
Just at least for my own reference (and google's sake), I'm not entirely sure SiteAdvisor is owned by McAfee - it wasn't when I first checked it out, and I don't think it has been since (a cursory check of their site seems to agree with me...)
I recognize people by their sigs. Is that a bad thing?
Dear SiteAdvisor,
I recently took your online spyware quiz and was very shocked. While I consider myself a safe and secure web user I only scored a 3 out of 8 on the quiz. This was like waking up with a hangover, only to find holes in your condoms. My mind is now reeling at the thought of all of the viruses and spyware that my machine might be harboring. I've been to several sites that look similar or offer similar services as the ones in your quiz. I'd like to protect myself as soon as possible from this threat, and hopefully rid myself of any of these dangerous infections before they wreak havoc on my precious data. After taking the quiz, I quickly went to your downloads page in hopes of downloading this software. However, while I have used Firefox extensively, I mostly run Camino and Safari. Are there plans in the works to create a version of SiteAdvisor for these browsers? Can you suggest any other software that I can use until such time as a SiteAdvisor plugin for these browsers comes out? Please help me to stamp out this scourge of spyware that is threatening to destroy my machine... before it's too late!
Sincerely,
Sleepless from Spyware
(sometimes, no matter how hard you bite your tongue, it still comes bleeding out...)
I download the HTML and view in notepad, and I still failed the quiz.
Moreover there are so many unpatched vunerable PCs out there that a malicious spammer would rather take on those than try to take on a machine thats protected. Script kiddies may take it as a matter of pride, but the chance of getting hit by one of those when your IP changes every time you login, and also sometimes when you are logged in(Auto disconnection and reconnection) thats not too much of a worry
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
Driving people to a website because a "survey" deems it safe from spyware is marketing said websites. Duh...
--
Interesting idea, type SiteAdvisor.com (or click here http://www.siteadvisor.com/sites/siteadvisor.com) into their own "site report lookup." They claim a popularity rating of only "some users." More people need to take the quiz! Come on you guys! It should say "Dang /. killed our bandwidth, now nobody can take the quiz!
Also, their Reviewer and Web site owner comments claims they have been reported as spammers, have excessive popups, have adware/spyware/viruses, etc. But it's still safe.
Interesting, very interesting.
That quiz is crap btw. 4/8? that's BS.
...because it's not a valid test. In "real life" you never are in a situation where you have to choose between one site or another, knowing that one is infected and one is not. In real life if I have the slightest doubt I'll try to research the company by Googling "companyname + spyware" and if I still have doubts I just don't download.
I scored a 6/8. I lost a point because I said that all P2P software packages contained spyware. Why? because that's what I heard, and I don't use P2P so how should I know which packages are clean and which aren't? I steer clear of all of them, like I steer clear of any suspicious website and that's how my machine stays clean. But because I am playing it safe the stupid test docked me one point for wrongly accusing eMule of containing spyware, and called me a "Tightrope Walker" to boot.
This test doesn't test anything, but it's a great marketing ploy. How many people will freak out and download McAfee right then and there?
-Oliver / TreasureTunes.comThe test subject is inserted earplugs which results in him being unable to hear absolutely anything.
... oh and we need to require it by law that people wear their earplugs at all times.
Then he is played two videos. In one of them an actor says "fuck you" in the other one "vacuum". The test subject has to guess which is which.
In the case of wrong answer the subject can't take care of himself in the event of attack, terrorism, and we should complete the transition to a police country as fast as possible.
And they got /. to run it for them.
Kinda like the one recently about Snapper lawn mowers.
I think the term "puff piece" applies here.
I did the test, and got 2 out of 8 right. How am I supposed to know wether a site is 'good', just by the looks of it?
-- Cheers!
I got 7 out of 8, and I've never been to any of those sites. I just looked at the claims that were made on each of the sites, and chose the one that seemed the least deceptive. Although one of the screenshots actually said right on it that it would collect information from the user (hello, spyware!). And I just said that all of the file sharing sites were spyware, because most file sharing software if spyware (that's the one I got wrong). I think the point they're trying to make is that you can't tell just by looking at a site, and that you need to take other precautions to protect yourself. Even with an 7 of 8, they said :
"Remember that even one misstep can put your PC at risk, so SiteAdvisor's free software can help you always stay safe and in control online."
Well, you can get their software, or you can just avoid downloading "free" software off the internet. It's not rocket science, software developers need make money somehow. They can either sell software, ad-space, or personal information (or some combination of those three).
Yes, I'm quite sure that just giving us a screenshot of the sites is a perfectly sound way of judging our web "street-smarts". Usually I look through the prvacy policy first. Not to mention that last one had (kazza) had a little "NO SPYWARE" icon on it. Everyone knows kazaa isn't safe, but I still find that funny :)
I got 100% on my first try. I based my decisions on how community friendly the sites were. Sites that had fourums meant some level of accountability because they was a public way to bash the product on the main page.
Is blog sites, or other sites that are publicly writable or have been recently defaced. This is especially true for sites that are hosts for many users or subsites.
However, it does help you avoid the 11,000 known sites, but scammers are always ready to have more... unfortunately.
This survey was, frankly, one of the dumbest things I have ever seen on the Internet. And there is a lot of very stiff competition...
....a "smiley programme" that is not infected? Thank you, McAfee...
The reason is simple. The test is loaded.
You are asked to choose between various free sites and have to judge just buy a screenshot wich one is save. That of course is very hard to do. Worse is that you can't choose the answer "none of the above" wich I think is the only real answer.
Frankly I wouldn't trust any screensaver or smiley site. Period full stop end of story.
Oh and as for people using virus scanners. Well yeah. Because others have hit them over the head and tied them to a chair and then installed the virus scanner for them and then trained them with a cattle prod not to remove it. They still go out of their way to make live hard for the virus scanners and still basically just get it.
Virus scanner == safety belt. Wearing a safety belt doesn't make you a safe driver.
It only takes common sense to keep your machine clean. Right the same common sense that tells you to limit your speed in dangerous road conditions?
Common sense is a misnomer because whatever it is it sure as hell ain't common.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
the snapper article was one of the better ones lately. It was about economics, globalism, quality over quantity and how there still remains a niche market for intelligent and informed consumers that goes beyond the cheapest price. It could have been about toasters or tennis rackets, it just happened to be about lawnmowers. There's a company that didn't cave into globalism, still is quite profitable, didn't have to outsource a thing and didn't have to whore for cheaploseyourjobmart.
LINIX!!!!!!!
http://linix.ytmnd.com/
But that was not an option.
Anyway perhaps linux users are even worse. How many of use just install packages from your distro without ever checking who actually wrote them? Just because no-one included a spyware package yet doesn't mean you are being safe. Just lucky.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
"Take this poll to win an ebay gift certificate"
"Shoot the rabbit and get a free ipod"
Or worse still, those found the site already had a spyware problems and where looking for solutions so they took the quiz. You just don't wait outside a creek to find out about the memory capabilities of the residents of a city.
OMG ROFLCOPTER!!!
Stop for a minute and ask yourself: "Are the people who called tech support to fix computer problems an accurate sample of all users?"
I don't know about privacy, as it probably has to check each url with a database.
And I guess that DB isn't installed locally.
I just installed it, let's see what happens
"...nearly 100% chance of visiting a dangerous site during 30 days of typical online searching and browsing activity." where's the "wouldn't touch any of them with someone else's barge pole" option? honestly I wouldn't go to to any of those sites or ones similar... well maybe the lyrics ones... maybe, but probably not. be that as it may a typical case of marketing parading as a survey, full of loaded and leading questions to give the result most desirable to gain sales through installing fear, confusion and anxiety in to your average computer user (of course not that that something that shouldn't be done occasionally :P ) and a perfect piece of low hanging fruit for hack journalists everywhere.
I did the quiz with 8 of 8 the first time:
YOU GOT 8 OF 8 QUESTIONS CORRECT
Rating: Safety Guru
You laugh in the face of spyware and adware. Your practically clairvoyant knowledge of the Web allows you to distinguish between safe sites and those that pose potential danger. (We suspect that you may also know which soda machines might steal your money before you drop a quarter.) Our hats off to you.
Now we step into the propaganda:
Remember that even one misstep can put your PC at risk, so SiteAdvisor's free software can help you always stay safe and in control online.
On the right side of my "you got 8 of 8 correct" note, there was another note saying:
Even the savviest expert can use a little help sometimes.
Download the free SiteAdvisor plug-in today and be warned of spyware attacks, online scams, and sites that spam you as you search and browse the Web.
Download SiteAdvisor for Firefox
Would you prefer IE or a different browser?
So basically you can't really win this quiz, even if you get everything right, you're being brainwashed that "one misstep and you're out". What this is, is one elaborate PR campaign of SiteAdvisor, and not a test in the least.
Not to suspect any bias on my side, I actually have SiteAdvisor installed on Firefox here (my default browser) for the last 5-6 months and it's not bad, but this is really low of McAffee, are they so desparate?
By the way, how I guessed the questions right (if someone cares...):
***SPOILER WARNING***
- I know eMule has no adware, I know Kazaa has adware
- A nice design doesn't mean free of spyware, but often spyware sites lack a lot of relevant and meaningful information about what is offered (exception: really high grade ones, like Kazaa)
- If a site offers all sorts of free downloads, like DVD burning, games, screensavers, you gotta be suspicious, a specialized site with a community section and apparently done by people who are involved in the matter being presented (rather than just list downloads) is less suspicious
- If a site offers no forums, contact info, feedback etc., you gotta be suspicious
- If a site tries to sell a product it's less likely they'll actually turn you off by installing adware in the trial version, but that alone can't be enough, so look for a community section with forums etc.
What the hell is this so called "Spyware" all about? I don't think I've ever stumbled across it before.
Did I mention I run Linux and Firefox?
A matter of having good taste, I guess.. You can usually spot the bad sites just from looking at their cheesy web design.
My brother is coming over today to have Win XP installed in the only proper way.. Inside VMWare, on a Linux host system (with zero network access to XP).
I scored 7 out of 8, just because I said e-donkey was spyware (it wasn't). The second time I got 8/8.
Here's how it went:
Question 1: See how site#1 has links called "Order Now" and "Support"? The other site has no info about the authors whatsoever.
Question 2: Easy. Site#2 has a "Buy" button.
Question 3: At first glance hard, but then turns out to be easy. Site#2 has links called "Forum", "FAQ", "Contact", etc.
Question 4: A little tricky. Site#2 has a button "Advertise Here".
Question 5: All of them are spyware. That's easy. The hard part is seeing which one is malware-free. I got that wrong, although some friends had told me e-donkey is clean (I just wouldn't believe that).
One thing you should rememeber is that siteadvisor is in the market of marking sites BAD. And they are very simple about it: if a site ever was bad, or got a suspisous review it is marked bad. You better have one false alert than one good alert. It is good for suspisiour users, because you get a extra warning (beside the one in the eula....) to be careful.It is not yet ready for mom and dad who do not know how to handle false alerts.
I can tell you the next step: companies will use the siteadvisor list(/plugin) to block suspisous sites. Siteadvisor was never made for this! It is just a extra flag. Nothing more. Nice if it stays free, but i wonder what their business modell will be in 2 years.
Their colors are discussable. I think sites with adware/phishing download should be marked orange (watch out). Only sites with browser exploits should be marked red.
Q1
One site has an address that matches the website, and the other doesn't. Anyhow, screen savers still waste power. Unless you are doing a useful calculation, you don't need these. Neither is really safe.
Q2
One site says "No unwanted software". Well, you could say that even if you included stuff - doesn't say who wants it? But, at least it reaised the issue. The other is a tad too bland. But, smileys? If you get infected trying to download smileys, then it's just nature's way of telling you to get a Fisher-Price instead of a Dell, and serve you right.
Q3
Games? These are programs. They could do anything within your space. They are all potentially poxed. But we play games, so we download one at a time froma site we trust, and try it very carefully. How do we find a site we trust? Well - one of them has a forum. You could fake these, but it takes time and effort.
Q4
Again, go to the site with more features, if you have to.
Q5-Q8
I knew KaZaa was unsafe. I knew Emule is supposed to be safe. So I didn't trust the others. Which turned out to be right.
So, where does this get us? Nowhere. Every malicious site will now have its own forums where it removes unflattering letters, extra features that may not actually be implemented, a cluttered and 'less professional' look, so they look less like rip-off artists. And the harder it gets to tell which sites are safe, the more we have to depend on bought software. We get wiser. They get wiser. The world remains the same.
Has it not occured to you that most of the people you know are also computer literate? Most of my cutomers can't tell the difference between a firewall and anti-virus software. It's not about common sense, it's about user knowledge, unfortunately the vast majority of users have neither the knowledge or the interest to keep their PCs clean.
What I find most amusing is at the first suggestion that spyware may be as prevalent as it is because of user ignorance, rather than Windows, and the Slashbots fall over themselves posting to discredit the survey. It's quite sad really.
I *Click* *Click* *Click* with my one-button mouse and nothing happens.
I am missing something as Mac user, what is this spyware you talk about?
No, that's the wrong approach entirely (a little knowledge can be a dangerous thing indeed), you can't possibly hope to keep track of all the hosts required, it's a losing battle.
The correct approach is to use better software, that blocks Spyware by design.
Do you think most people's results would be different if they had the opportunity to click through the pages? I doubt it. If it was different, how comes that every single computer I get my paws on is loaded with spyware and adware?
People don't even know what spyware is. Or what adware is. Adware is "pesky popups". And against those, we install something that blocks popups. Case closed. That adware is actually a foot in the door of your security is something they don't realize. They don't know. They don't want to know. They're looking for a solution so they don't need to know. That's why they turn to antivirus companies and demand protection.
Unfortunately, that's something we cannot provide. There is no technical solution for a social problem. The human stupidity outmatches any smart routines you could possibly implement. I will certainly never take the machine out of the user's hands, and I will ALWAYS ask the user if he wants to access the file, even if I have a positive ID of malware. It is, after all, HIS machine. Not MINE. I can warn him, I can inform him, I can tell him that it's not the brightest idea to access a page or a file. But I cannot force him NOT to do it!
This would be worse than DRM ever could be. The human should be master to the machine. Not the other way around. A good protective program will warn you and suggest that you don't access harmful content. But it will not forcibly keep you from doing that. If it does, get rid of it and install a program that is under your control.
Before I go completely off topic, this page proves one thing: It's not easy for an average user to discriminate between "harmful" pages and normal ones. Yes, if you are using FF (or Opera), or if you at least have the security settings on your IE high enough and aren't surfing with admin privileges (ok, everyone does, lemme dream), you will notice that something's fishy. IF you can actually.
Most people out there surf as admins with low sec IE settings. For them, there is no difference between the real page and those screenshots. THIS is all the information they'll ever get. No warning popups that ActiveX wants to install stuff. No warning popups that plugins want to sneak into their browser. They need to install something to download something from the page? Ok, taken, after all I want that stuff from the page...
It is, unfortunately, how it works. Yes, the test is loaded. But even if it was real, the majority of people would fall for it. I can see it every day.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Sorry, redundant
Hilarious! Ridiculous. Stupid to an unbelievable degree. That is what this quit could qualify for. Choosing between two sites for downloading... simeleys... No joke! "Please choose wether you want to have aids or cancer". Id-di-ot! They consider that to be a serious quiz ? Pure marketing, to get some people think they are at risk. FUD again.
So it has to be said at least once (dind't read the thred): please people do NOT download smileys, do NOT download stupid free games, do NOT download something you have not heard about from different sources, do NOT download screen savers. Ever. Why: because those are un-needed things. As simple as that. You'll see, the strange effect of using only what you need, is you have suprisingly less problemes. Amazing! Funny enough it makes me think about food habits in western countries: insteed of going to the gim (like a rat in a wheel) just eat less, drink less soft drinks.... Just eat what you need, not what you want.
I run XP _without_ patches, I disabled recently virus protection because it is too costly on file access, I do not have permanent spyware protection. Yes! For the last 3 years, each time I checked : no viruses, no spyware... It IS possible. How ? I also disable all services I don't need, I disable all startup things I don't need, I certainly do NOT allow automatic updates. I do NOT use what is known to be security nightmares, I avoid over-integration. In short I use very less in order to get more, without the fuss. Cheaper, faster, simpler, easier: win win win win. Bye.
Technical ineptitude has to be the only thing that can explain the dreaded problem of spyware. During my ~9 years of Internet usage, I've yet to be infected with spyware or viruses. Well, there was one spyware infection, but I let it happen on purpose because I was installing some warez thingy that I needed. Every single time I've scanned my system (using two or three different scanners), I've come up with nothing except tracking cookies. I don't even use anti-virus or anti-spyware programs continuously, I just manually scan every now and then. I've went through every imaginable porn site on the Internet, and some warez sites, and I'm still not infected.
Maybe I'm safe because I always have the latest updates, a firewall and Firefox. By the way, I never get spam either, possibly because I don't distribute my e-mail address all over the place.
So now visiting "dangerous sites" means getting infected with crapware?
you don't *have* to use it. I recommend it for non-geek users though, as they're the ones who are continually bringing their PCs to me to fix, despite me having put AVG/Spybot etc on and explicitly told them not to install random crap that claims to speed up your internet connection.
Have you found any useful content that hosts file blocks? No, didn't think so. If you had, you'd just comment out that line so you could access it anyway.
It's just another layer of protection.
An analogy might be
"How do I avoid getting an STD from people I sleep with?"
"Ideally you don't sleep with anyone infected. Get them tested. Don't sleep with highrisk groups. Oh, and you might as well wear a condom. It'll lower your risk even if you do those things we told you not to".
The hosts file is the condom: it's not foolproof, but it definitely doesn't hurt. Why would you *not* want to use it on a home PC?
that the author of this study might not belong the said 3% of computer litarates.
1 Earth is warming, 2 It's us, 3 it's royally bad, 4 we need to take action NOW
... use *nix.
let me guess: anyone who didn't get all 8 right added to 97% figure:
now the math: 1/2^8 = 1/256=0.5%
3%=100%-97%=1/2^5
so 3 questions people answered right based on their knowledge and 5 questions they gave random answer.
Given the audience: people who download free screensavers, the result is not bad at all.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
There is only one way to be sure whether or not a piece of software is likely to contain spyware: READ THE SOURCE CODE.
As a second best method, only ever download software which has been vetted by someone you trust who is independent of the original author.
Insist on source code even if you end up downloading a pre-compiled binary. If they don't want to let you look at the source code, then they are obviously trying to hide something! That probably means the software contains malware. It really is as simple as that.
Je fume. Tu fumes. Nous fûmes!
>I still don't get the idea of a host file. The host file contains a list of hosts which somewhere contain some vicious content, right? But it doesn't contain a list of all vicious things.
Correct. It's a security measure that doesn't prevent all possible problems.
You might be happier with a product which does solve all your problems.
I am so tired of repeating my self I blogged the answer Ultimate Virus/Spyware Blocker.
I updated the site with a quote from the article because it only stresses the need for this solution even if you are a "Net Savvy Geek"!
Gizmos Gagets For Ninjas
I found the test to be a classic push poll approach.
This is like lining up 16 Nigerian hookers, two at a time , and asking you you to screw one and see if you get AIDS. Well, statistically one in four has AIDS, so by the 16th hooker, you have AIDS -- guaranteed.
But, would you actually screw a Nigerian hooker? Not if you had any knowledge of what you're getting into.
Anyone who goes to a free screensaver website deserves every single virus they ever get. In fact, they deserve to be booted in the head.
The test is rigged in a fashion that ensures that even competent people end up in the mid-range.
In all seriousness, how many web savvy people are going to the types of sites they depict? None.
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
"By the way, I'm pro-adwords: I find them useful myself, they generate revenue for sites that would otherwise not be online (because of hosting costs) and they are not intrusive IMHO. Does anybody care to explain why you would block these?"
It is simple. In a word: Bandwidth. It costs bandwidth to download those useless ads that I never click and it is in some cases worse. However benign Google ads, or any other ads for that matter, may be it is still costing me bandwidth that I paid for. That is why I choose to block them.
B.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
Have you ever been using Windows, with you Firewall installed to be told MSXBLAH.exe want to access your network? The names are usually so damn cryptic that I usually go 'huh', go into paranoia mode only to find that it is some Microsoft tool. Then again the opposite is probably true aswell, where people allow things through because they think this cryptic name is part of something important. Provide clearer names and part of the problem has been solved, but only a small part since the issues are great under MS-Windows.
Jumpstart the tartan drive.
In a recent study, a major condom manufacturer showed photos of men and women to internet users. Surprisingly, most people were not able to distinguish those with an STD from those without.
Conclusion: most internet users are in serious danger of contracting AIDS.
[note to moderators. this is a parody.]
Geez you insensitive clods... You could tell the spyware sites by lack of community, support, help, or contact information. Just a simple glance around the screencaps showed that. I scored 7 of 8. I missed the e-mule one because I think it's retarded to trust anything p2p. Meh.
Like most, I have no idea what a dangerous site looks like and I assume most people, like me, cannot tell the difference so if it is a fair test, then the majority should have had 4 right. (they were picking randomly). Disclosure of the full results should show this, otherwise it is bogas test.
What does this mean? Well, apart from the misuse of statistics for marketing purposes, I think is more of the "blaming (charging) the victim" marketing mentality. For the average users, they have been told "Here is this great thing called the Internet, go forth and enjoy the new world". Then they are told, "You are so stupid you can't tell which site will wreak your computer, you need to buy our software."
The problem needs to placed on software allows such unsanctioned downloads (i.e. the browser and OS). Of course you cannot stop the user from clicking where they should not, but with the current majority of systems running Swiss cheese software like IE users will continue to get infected.
There is no way the average user can tell if a well designed website is indeed a mal-site. Until users start demanding accountability for poorly designed software, it will continue.
HPC for Primates. Read Cluster Monkey
In my everyday browsing (in Windows), I do not download stuff as long as someone I know has some experience recommended me the site[1]. But from this survey's perspective, what looks like professional is professional (except emule). That's dumb, at best. And we can't be expected to know by memory which sites are safe and which aren't.
I'm calling BS on their site!
I was forced to choose one of 2 screen saver sites, not to list a site that I would feel comfortable downloading from. I would have never clicked on either one of them. What was this supposed to prove?
I was asked which file sharing program was "safe" from spyware? WTF? Have you seen the spyware infected files people get from eMule? Who cares if the package at that one site seems "free of spyware"?
This absurd test is the equivalent of asking someone to pick between 2 gay lovers in a San Fransicko gay sex club, then telling them that if they had asked, that only one was HIV positive. The fact that you are there, doing that, is what puts you at risk.
Anyone who downloads a file sharing program, screen saver, etc. knows they are taking a chance. They also know that they can protect themselves by going with Linux (e.g., a Knoppix live DVD) and well known programs.
Andy Out!
I chose that ALL sites were unsafe (take no chances) and assumed they were risky.
Then the stupid quiz told me I was at risk. I call bullshit on the results--it doesn't account for "paranoid" mode.
I might know what I'm talkin' about, but then again, this is Slashdot...
My guess is one such site would be McAfee SiteAdvisor given the company's history of finding a virus where they don't exist.
Spyware is just nature's way of getting idiots off the net and oddly the bread and butter of the article. I need to check however to see if I'm infected and my /. link points to CNet.
"Humans are considered to be primitive, the third smartest species on Earth"
How those statistics are for linux/unix/bsd ... users
If cookies are considered spyware most of us would have some of it on our boxes, but apart from that :)
I'm positive, don't belive me look at my karma
Bah, this stuff is surely patentend or something...
But, you'd take your chance of running that gauntlet?
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
I know FF 1.01 is old, but it's worth noting that it is not affected. Anyone know the oldest version that is impatced? 1.5? 1.07?
Smart ppl generally know better than to allow Javascript.
I was able to get 8/8, but I'm pretty sure a naive user would have done no better than chance. I wonder who these "experts" are who did so badly.
There's really no overall strategy here. Mostly, my strategy was to find the site that was even more obviously unsafe and vote *against* it. Other times, I had outside
knowledge that a certain site was ok or not.
On question 1, they show you two pages that provide free screensavers. These are suspicious to begin with. Look at the title bar of the bad site. It contains obvious keyword spam "Download for Free screen saver screensaver." So they obviously can't be trusted, even if they don't install any spyware. So that's a vote against them. I didn't think they ok site looked very reliable either, but they also post a description for each screen saver saying that it's shareware. Seems less likely to be spyware. With spyware, everything is FREE so you get more downloads.
Question 2 was a giveaway in that it actually had fine print on the bad site saying they install popup software. Again, if I ended up on either site, I'd probably close it because I have no interest in "free" screensavers or smiley software.
The bad site for question #3 looked bogus to me. There's no real information on the front page, just a bunch of links for you to click. No file sizes, nothing but "Free free free!" The good site also looks pretty suspicious. Why would it take 15 minutes to download a tiny pinball game? And they also used exclamation points way too often. On the other hand, the presence of a forum makes them a little more likely to be legit.
For question #4, azlyrics comes up on google all the time for lyrics searches, so I'm assuming it's ok. There are no obvious hints that the other site is malicious.
I knew the bearshare and kazaa bundled badness, and I use eMule all the time. I'd never heard of blubster, but there was almost no info on the page, so I didn't trust it.
So that's my strategy - don't trust things. You should see me squinting in suspicion every time I find a new site. People will lie to you all the damn time, especially when they have something to gain.
I picked neither for the first four (I didn't think any of them looked safe) and got the last 4 correct (I knew that eMule was a sourceforge project). So I am at risk even though I wouldn't get any spyware.
Great Quiz </end sarcasm>
Even the savviest expert can use a little help sometimes.
Download the free SiteAdvisor plug-in today and be warned of spyware attacks, online scams, and sites that spam you as you search and browse the Web.
Download SiteAdvisor for Firefox
Would you prefer IE or a different browser?
So were supposed to trust you are we?
Very true. But for some of these illegit shops, they can't use static IP addresses, and have to rely on URLs -- that way they can have the content floating from one ISP to another to another. If your goal is to stay up as long as you can using a URL will enable that. Simply code your pages. When it looks like you are going to get shutdown, then you set up another hosted solution, and repoint everything there. It allows for quick, and relatively easy setup with out the hassle of changing and recoding sites.
The views expressed are mine own and do not express the views of my employer.
I was pretty damn unimpressed with the quiz myself - how the fsck should I know which one is safe? I'm not going to trust either until I've read a *whole* lot on their site - even then, maybe (probably) not. So stupid...I hope those 3% don't think they can just do whatever they want now.
--LWM
Why is this scaremonger "survey" being being slashdotted? It is an advertisement for a product. One of the "answers" requires requires being able to see an invisible exploit that only products such as the one being advertised in the survey could detect - if forced to choose. The correct answer to all the questions is "none of the above - they are all potential spyware candidates", yet the "survey" forces us to choose one or the other: "X free trial screensavers or Y free trial screensavers? Oh, you didn't know you were supposed to click Y? That's why you need to use our product."
Please do not slashdot advertisements.
A screenshot of the website is only one of many tools to use in judging whether a site has safe downloads or not.
:->
That said, I got 7/8
The only one I got wrong was I thought emule had spyware (it did before, I believe)..
I am the maverick of Slashdot
Thank you Captain Obvious. Was your point to discourage people from using something that only works about 95% of the time? Yeah host files suck, don't use them, because there are sites out there going on IP address only. Yeah don't drive a car either because there are certain places where you might possibly get smacked by a drunk. Better stay inside too, there's a slight chance one of those drunks will find you on the sidewalk.
for this test to work, you got to know the different sites. Those security minded individuals who spend alot of time online do not go by the name of the site. They will do a little research before downloading and installing anything. How hard is it to type the file name and spyware in google. That will tell you real quick if there is a problem.
That test is just a marketing ploy to sell a product.
Like with AIDS, computer virus contraction is an education issue. The public isn't educated enough to realize what they need to do.
The original article only makes that problem worse because it implies your system is going to be infected no matter what.
When people develop that attitude, they generally stop trying to fix problems.
I probably should have considered the articulate approach to saying that rather than being glib.
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
Do you need to know the difference between a knit and purl stich to wear a sweater?
No, but if you wear a sweater wrong (or buy a crappy one, or look stupid in it, etc), it affects only you. No one else. Wear whatever you like.
Do you need to know what advance and retard are to drive a car?
No, but you do need to learn an awful lot, including fundamentals of safety, because now you're getting on a public road where you can affect other people. How to accelerate, brake, shift gears, take in a lot of visual information while travelling 70mph, about what everyone else around you is doing simultaneously, the millions of traffic laws and semi-unofficial rules about merging and passing, navigation, how to steer out of skids, avoid collisions, etc. And that's just to drive! To maintain the car you have to remember to get the oil changed every so often, check tire pressure, put gas in it, change the air filter now and again, etc.
You weren't born with this information. You had to learn it. Somehow, people got the idea that it's normal to have to learn a little about cars and safety of the road to use them, but to use computers, it's okay to know absolutely nothing and have zero responsibilty to learn anything. Ever.
Your example of "advance and retard" is inane; we're not asking these people to do the digital equivalent of knowing how to adjust the timing chains. We're asking them to know how to step on the brakes if they're about to hit something.
It is *totally* reasonable to expect people to have basic fundamentals of security before they're allowed to use a public network. If some moron downloads spyware, it affects all of us. Suddenly the spammers have his email contacts, or are using him as a relay, or as a waypoint for other hapless twits to download even more crap. Plus it's encouraging the malware makers by providing them with revenue, which means they can harrass other people (like, you and I) even more.
Most www users are not geeks and cannot tell the boundary between their computer and the internet, let alone know how to drive a hosts file etc.
Yeah, well, I bet most drivers aren't "car people" either, but they somehow manage to get their oil changed, even if they don't really know what it does.
mirrorshades radio -- darkwave, industrial, futurepop, ebm.
If everyone answered randomly, only 1 in 256 people taking the quiz should have succeeded in avoiding all of the spyware.
So how did the other 6 manage it?
There are no clues on those websites (except the one that mentioned terms and conditions) to indicate that they might be trying to take something from you in return for the "free" stuff.
What are the tells?
Even though no software was delivered the intent of the site's quiz seemed less like it was designed to get you to recognize there is a problem and more like a way to establish themselves as a provider of tools to remove adware/spyware. Here's why.
I spend a good 50% of every day cleaning infections of adware/spyware as the owner/operator of a small systems integrator company.
First, anyone taking the test would become infected because as with almost 100% of websites any one of these could have delivered adware regardless of the content of the site.
My point is that you could go to a site for doing genealogy research and be prompted for an activex control that is malicious. Or you could go to a site teaching about pre-natal care and download malicious programs without knowing. Just because these sites are offering free software or some other techie incentive (gimmic) means nothing. This quiz didn't cover those bases and in the end it didn't explain those facts.
The conclusion of this slashdot.org article is false. It says that I am 1 click away from being infected because I got only 6 of 8 of the quiz questions correct.
The layout of the sites in the examples are not representative of the legitimacy of the site nor the professionalism. Familiarity with adware/spyware products are no guarantee either that you'll choose good/bad sites all the time. We are human and since some of these are not representing content download upon entering the page we would never be able to actually tell, and that's why 97% of people don't get 100% on the quiz.
Now, even if I hit a site such as this *even* after taking this quiz I still would be prone to infection. That's what the true intent of the owners of this quiz are after--they want to sell you something so the quiz itself is an adware product.
Now, even if I hit the site such as this *even after* taking this quiz I still would not be infected. Why's that? Because I have the tools (noteably free tools, not some commercial toolset, as the commercial nature of a product is moot). The free tools do much better than any commercial product I've ever seen at detecting and removing malicious programs.
But--no one is safe if they just use a single program solution to detect and clean the infections. You CANNOT clean your system with a single adware/spyware removal program....PERIOD.
You must use a collection of tools. Usually you need 3-4 anti-spyware/adware tools to keep it clean and 7-10 tools to remove an initial bad infection. On the other hand only one antivirus program is necessary to detect and clean almost any virus infection and almost any freeware or commercial program will clean it adequately.
If you leave a single adware/spyware program on your computer you will become reinfected, and in a short time heavily reinfected.
There is no reason to believe this poll, as it is designed to make you fail so that you will purchase their product due to your guilt and embarrassment at failing the quiz. 97% of all people fail to get 100% on the quiz because any website whether techie or not, professional looking or not, could potentially infect you.
Hmmm, IMHO its better that folks should know that there are drunks on the road or other hazards that can harm them instead of simply believing that wearing a seat belt is a 100% sure fire forcefield from trouble.
Your point is that my comment should not have been made because people should be blissfully unaware? Nice.
My new starting point is yours. Organizations trust their web servers, they just put them in a DMZ and don't allow them to access the internal network and are prepared to lose any data on them and prepared to re-image them on a moment's notice because they are "most likely to be compromised". The distinction between your position and mine is pretty subtle anyway, but I adopt it heartily here, for the sake of discussion of the relevant point: advising people to avoid untrusted sites is not helpful to the recipients of that advice.
Advising people to "avoid untrusted sites" is the leading contender for "the dumbest advice the security industry has ever given". It's generally given during the time that one's web browser has an un-patched security hole. You can tell it's dumb advice because nobody can answer the natural and simple follow-up question which it evokes: "How does one tell an untrusted site?"
Never mind how one tells before clicking on the apparently innocuous link and actually inspecting the site.
If you mod me down, I shall become more powerful than you could possibly imagine.
I got a 7 out of 8 and here is what I did:
Q1) I guessed. both sites looked equally legitimate to me.
Q2) The first screenshot (smileysource.com) included a part of a disclaimer that "This website will collect information...websites you access and will use that information to display ads". Easy, no?
Q3) One screenshot was of a site title "TotallyFunFreeStuff" and had the word "Free" throughout it. The other site didn't spam any words, had a link to a forum, and had descriptions summarizing the offered games.
Q4) I got this one wrong. Both sites looked equally malicious or legitimate to me. What I don't understand though, is how did they get ActiveX adware on Firefox?
Q5-8) I recognized eMule from Sourceforge and Kazaa from everywhere else. The Blubster site had 4 links: "free download", "learn more", "send to a friend" and "open blubster.com". Such bare bones sites make me suspicious. The "BearShare" site states "FREE Sponsored version".
If I had applied the criteria I used in Q3 on Q1 then I'd have gotten that one wrong. Also, Siteadvisor.com itself doesn't look all that safe to me seeing that they have a large "Download SiteAdvisor" link on nearly every page.
- tlf
The quiz promotes a misunderstanding that harms a great many people - a bunch of pixels on my screen doesn't contain any information at all that helps me determine whether the programs pictured are "safe." I left all answers blank and failed the test.
I won't even go into the fact that the meaning of "safe" varies from user to user. Sometimes I am willing to trash an old computer, sometimes I am afraid to touch a server that is used for production work.
In order to assign any meaning to a bunch of bits, you have to know the source and trust the source. You can delegate some of that responsibility to somebody else: the authors of your malware scanner, or your system administrator, but the principle remains the same.
I teach computer skills as a part time job, and I tell my clients:
1) Install less software. Ask me (free) for recommendations.
2) Limit your losses by using restricted accounts when possible (runas works fine) and making backups. There is some stuff so sensitive you might not want it on your computer, especially if you are responsible for somebody else's data. I don't like having client data on my machines for any length of time.
3) Malware scanners are a "second line of defense." If they find something, it is worth understanding what went wrong and trying to avoid it in the future.
4) Accept that you can't eliminate risk, and plan accordingly.
Don't mess with The Phone Company. Piss them off and you'll be using two tin cans and a piece of string.
Since I'm running firefox on linux, then the chances of me visiting a site and not being infected are 100%. Anyone not using IE on windows with decent AV and maybe Ad-Aware installed should also come away uninfected.
So, the idea is not to try and guess whether the site might be safe or not, but to wear a fucking condom !
If all else fails, run firefox in DSL through QEMU.
Sure, only "3% of the 14,000-plus consumers [...] received perfect scores," and two-thirds "would have been infected with adware or spyware many times over," according to this 'quiz.' Statistics can send whatever message the author wishes. To quote Mark Twain: "There are three kinds of lies: lies, damn lies, and statistics."
This quiz does not take into account that many people would not visit these sites in the first place. Personally, I am not in the market for screensavers, smileys, or file-sharing. Additionally, without being able to read other information on the site it becomes a guessing game; therefore, I received a 5/8 score. If this accurately reflected my level of danger, I would be scared.
I can see the popups:
"Research shows you are just ONE CLICK away from infecting your computer with SPYWARE.
CLICK HERE to stop this from happening!"
They are not able to spto spyware? DO they want to spyware or is the personal line of "what is spyware" just undefined for them. You ask them: "How does the company which offers you this free software and the free service survive?" The answer: "I never thought about that" You ask: "Where is you personal information stored, here or on the net at the company with an undisclosed busines model?" The answer "I dont care" You ask: "Do you have any kind of conrtact with the company and did you read what they are allowed to do to your data" The Answer: "oh my data is not so valuable". Hey, wake up. You use instant messenging, chat rooms and similar things where you exchange a big part of your personal communication. And you tell me that you actually don't know at all what the companies storing it may do to your data? Would anybody sell me a mobile phone - no even if he make it a present to me - i would not accept the usual terms of use for most of the non-spyware services on the internet. What if they log your communication and made that legal? What if they were only made for beiing baught by the first big company interested in your adresses? If the users are not intersted in their responsibility i can not help them...
the quiz is impossible, since the screen shots are not enough information. One of the sites it said used ActiveX, well that's great, but you can't tell from a screenshot.
I'm one click away from loading spyware? Hmm. First I stop using my Mac. Then I have the sort of total brain transplant that prevents me from saying "neither of these sites are safe; in both cases you would download smileys! And finally, I lose the ability to choose software by looking on the web to see what other people recommend.
Here is how I am 100% safe on the web:
1) remove hard drive from my laptop
2) boot up knoppix, log on the web, surf away