Most Web Users Unable to Spot Spyware

← Back to Stories (view on slashdot.org)

Most Web Users Unable to Spot Spyware

Posted by ryuzaki0 on Wednesday April 26, 2006 @02:48PM from the masters-of-disguise dept.

Ben writes "According to a Spyware Quiz conducted by McAfee SiteAdvisor , a staggering 97% of Internet users are just one click away from infecting their PCs with spyware. One interesting conclusion from this study showed that even users with a high "Spyware IQ" have a nearly 100% chance of visiting a dangerous site during 30 days of typical online searching and browsing activity."

2 of 399 comments (clear)

Re:Follow the money by ScrewMaster · 2006-04-26 14:59 · Score: 0, Troll

How, exactly?

--
The higher the technology, the sharper that two-edged sword.
Re:This is an idiotic quiz. by fafalone · 2006-04-26 18:23 · Score: 0, Troll

Yeah, because normal users routinely examine the status bar and page source. There are ways to tell which of those pages are legit, it was based largely on inferring it from the text on the page. If you didn't get at least 6/8 (2 questions are invalid, see below), then you MISSED SOMETHING that indicated spyware. It was there, on the image, no outside information whatsoever was needed, sorry if it hurts your pride.

Page 1: The left one was for-pay shareware, with an option to order the non-free software. Easily traceable financials, complete file info, not freeware and ONLY a screensaver. The right one had incomplete file info (size missing), and the programs clearly included functionality beyond their claim to be a screensaver (desktop icons, etc)... Second one is quite clearly more likely to have malware.

Page 2: Left option explicitly states it shows popups in the fine print. Also, rushing EULA acceptance. Open and shut case.

Page 3: The overemphasis of the word "free" on the left page should immediately arouse the suspicions of an experienced user. The left page just exudes cheapness. The right page looks more professional, better games typically are less likely to contain malware, and there's a forums and contact option. Overwhelming odds that the left page is more likely to contain malware, no contest.

Page 4: This question is IMO a bad question with no valid way to tell, and has fatal flaws. The 'bad' site supposedly delivered malware through activex, which firefox (their UA) doesnt support, and the 'good' contained pop-ups... from whats presented you should conclude the opposite of what they did.

Page 5/#1: "FREE Sponsored Version"? If you need technical info to guess if a p2p program saying this contains adware, you're a fool.

#2: Open source, easy avenues for contact and user interaction... generally going to be safe.

#3: Absolutely no way to tell on this one. Clean look and nothing suspicious.

#4: "Unlimited free online calls", "Promote your blog", virus protection... in a P2P program? Dead giveaway even if you've never heard of Kazaa.

So at the end of the day, you're just upset because you suck at identifying spyware. "I can't figure out which is safe from this info, so there MUST be no way to tell!". I'll concede your post applies to two of the questions on the test, but beyond that I see this test as a reasonably good indicator of ability to pick up on the smaller details that indicate spyware long before you waste your time going further towards installing/browsing the site. I suspect you, and others lashing out at this test as completely useless, simply resent being humbled by the idea you might not be as good as you think you are when it comes to *early identification* of problematic sites/software. And yes, I noticed these details immediately my first time through, not retrospectively.