Spyware on One in Twenty Computers? 400
SpaceDonkey writes "New Scientist reports that researchers at the University of Washington carried out a scan of the campus network for signs of spyware. They found spyware lurking on more than one in 20 machines and also discovered a serious vulnerability in two of the four spyware programs they looked for."
Spyware flaw (Score:5, Funny)
Re:Spyware flaw (Score:5, Insightful)
Re:Spyware flaw (Score:5, Funny)
It's not exactly a representative group, is it?
New Scientist reports that researchers at the University of Washington carried out a scan of the campus network...
The same researchers noted that 90% of all computers have an inordinate number of "Phish" MP3s.
Re:Spyware flaw (Score:4, Insightful)
Re:Spyware flaw (Score:5, Insightful)
Re:Spyware flaw (Score:5, Insightful)
If I were to guess at a number I would say that at any given moment that more than half of home computers running windows have some kind of spyware/adware running. This comes from helping out many friends with spyware related problems.
UW found so few instances because I'm sure that they limit users? ability to install software on their lab computers. As for dorm computers, many types of spyware can't be detected by a port scan, the only way to pick them up would be through a carnivore type system, even then not all of them would be found.
The only way to stop spyware is to start prosecuting the companies who make it; it should be pretty easy under one of the laws for protecting children on the internet. After all if opening popup windows advertising porn with every page load isn?t illegal under these laws what is?
Re:Spyware flaw (Score:3, Interesting)
Re:Spyware flaw (Score:3, Troll)
Girls seem to average around 250-350 infections, while guys tend to be around 150-250. This is anecdotal for sure, but it's what I've observed. Draw your own conclusions.
I've found that the best solution is to switch users to Mozilla-Firefox (most spyware automatically infects default installs of IE just by visiting the page),
Re:Spyware flaw (Score:4, Interesting)
Re:Spyware flaw (Score:4, Funny)
Re:Spyware flaw (Score:5, Interesting)
A. Most Unix systems won't get infected and cannot be infected. Not only is it more difficult, the spyware perps write this stuff specifically for Windows.
B. There would seem to be an assumption here that 'all computers (in the world) run Microsoft Windows'.
C. Ad-aware does as well as an automated tool can do (hopefully), but it cannot kill the latest spyware variant, the automatic cloning program. These programs are scheduled to make multiple copies of themselves with different names and be deposited in different directories and then look out for each other. Should any one of them disappear, the others will quickly clone and replace the missing file and launch it again. Further, they incessantly monitor Windows Registry activity, and as soon as their 'autostart' (in one of the 'Run' keys) is removed, they will immediately replace it. As Ad-aware cannot deal with spyware that fights back like this, Ad-aware cannot defeat them.
D. A better estimate is not that one in ten Microsoft Windows computers is infected, but that a greater number are infected perhaps tens of times with thirty - forty spyware programs all competing for CPU. We recently had a customer completely oblivious to the issue until his XP idled at 100% CPU - that's how bad it becomes, through Windows being so easily exploitable, and through the average Windows Joe being so clueless.
Re:Spyware flaw (Score:4, Interesting)
Dear god, I came across this a month ago, last time I cleaned out my parent's computer. I have never seen anything fight back like that in my life. Also, windows programs like msconfig, and notepad were over-written by some program (couldn't determinei what it was) that seemed to reinfect the computer. Really nasty stuff. I did manage to get it all off, but of course I check a week later and theres tons of spyware back on it *sigh*. Luckily not the same stuff though.
there's a difference? (Score:3, Insightful)
Oh, wait... windmills at least do not say "but i didn't *do* anything! really!"...
Spyware? You mean data collection? (Score:5, Funny)
Dont accept cookies. Ever.
That is all.
Re:Spyware? You mean data collection? (Score:3, Informative)
Bad spyware, bad (Score:4, Insightful)
When they say "defective", they mean that the spyware is crap programming. Which is hardly suprising. People who distributespyware are the same kind of idiots who are responsible for most spam. It's a kind of spam, really, since it's a way of indiscriminately spreading information. The information itself, whether it's a blurb for some penis enlargment nostrum or a piece of buggy code that generates useless statistics about what sites you visit, is basically useless. How do make money distributing something that's useless? You distribute a lot!
Excuse me for speaking the obvious (Score:3, Insightful)
Damn, people need to get tough on this shit.
Re:Excuse me for speaking the obvious (Score:4, Insightful)
That's really it.
Why the hell are antivirus companies so reluctant to add anti-spyware functions? I mean, boo-hoo that Gator got so upset when they were accused of making spyware, but calling it anything less than a trojan is a lie.
Firewall products have been offering popup stoppers and activity reporting for a while now. It's really time for the AV publishers to step up and do their part by keeping these things from getting a foothold. It's not like they can get in any legal trouble for blocking someone's program, since it's up to the user whether they trust McAfee or HotBar more.
Re:Excuse me for speaking the obvious (Score:3, Insightful)
Personally I'd say stop blaming AV companies for this problem and start teaching people that they don't need Admin rights for everyday activities. I have an install user for my parents and a backup admin account for myself. Parents always use their accounts that are locked down and after six months all it had for spy
Re:Excuse me for speaking the obvious (Score:4, Interesting)
Nah, AFAIK spyware only runs on Windows and its no big deal to run arbitrary code or programs on those systems.
The funny thing is that if the system came with yet another little program that hangs out by the clock (the tray or something like that) that showed CPU utilization, maybe, just maybe the user might have a clue that _something_ is going on.
My first experience with spyware was the other day when a friend came over with his (windows) laptop and I wanted to scp a file from it to my Mac. He didn't have scp so I typed in google: "putty scp", and assumed that google would do the rest. Well, I noticed a popunder (Internet Exploder still does that) the results were sleezy sounding results like: YEAH DOWNOAD SCP HERE! Or whatever. None of the results looked like normal web sites.
I could not click on a single link, I was freaked out that this was on my network, he didn't seem to concerned though. He thought it was time to reinstall windows anyway.
Type (Score:5, Funny)
Re:Type (Score:5, Funny)
Re:Type (Score:5, Informative)
Re:Type (Score:5, Interesting)
Re:Type (Score:5, Interesting)
10% seems very low, since your script can only diagnose users who allow ActiveX and scripting from the public internet I'd expect 50%+ of such users to be infected.
Re:Type (Score:4, Insightful)
I've noticed certain people will complain and tinker with their computer all the time, no matter how well it is currently running. Most others will just *ACCEPT* popups, spam, spyware, crashing, viruses, and so forth. I have called people to let them know they have a worm (but i call it a virus for them, so they dont get confused), their computer is constantly spamming everybody with virus laden email, blah blah blah. Sometimes they say "So?" These people should not own computers. Hell, they should not be allowed to reproduce
Spyware replication (Score:3, Funny)
So, the whole labs (120 computers) were running spyware in the background. Nice.
What can one expect? (Score:3, Interesting)
A few un-ethical, a few security holes and there you have it.
Insightful my ass. (Score:3, Insightful)
Simply setting IE to not autoinstall software over the net, or REQUIRING an Administrator password to install said
Ad-Aware (Score:5, Informative)
Re:Ad-Aware (Score:3, Informative)
Anyway, both of these programs have their downsides. Neither is perfect, and often removing 'spyware' from apps cripples the apps. Spybot S&D has a bad habit of finding spyware in
Re:Ad-Aware (Score:3, Funny)
Re:Ad-Aware (Score:3, Informative)
Re:Ad-Aware (Score:3, Informative)
Ad-Aware finds tracking cookies as well. While this is good, and I am glad to let Ad-aware remove them, a statement of "22 files" can be misleading as this program will show both spyware
Spybot (Score:3, Informative)
Note the paypal link... throw the author a few bones; it's a great program.
File count. (Score:3, Interesting)
We have to clean spyware off of student PC's on campus since it screws up internet connections and F-Secure goes nuts to the point where it wont talk to the server anymore.
So far, the Ad-Aware record is 17039 from a student that had a spyware app that put 19000 internet shortcuts in her favorites directory. Number two is 1973 and number Three is 1058.
Re:Ad-Aware (Score:5, Funny)
What do they count as spyware?
Windows XP
Re:Ad-Aware (Score:3, Informative)
I know WMP 9 is not part of a freshly installed XP, but I just thought I'd point it out.
Re:Ad-Aware (Score:3, Funny)
and then run ad aware again to see if spybot installed any back doors.
Re:Ad-Aware (Score:4, Informative)
1) Wasn't detected by the newest AdAware+Definitions
2) Had a randomly named
3) Had a start\run\ registry key that when deleted, got re-created automatically.
I think what I did to fix it was to rename the registry key instead of deleting it, reboot, and then the app wasn't active. It was a challenge, though -- whoever wrote it did an excellent job of avoiding spyware detection and even manual deletion by randomizing the
Re:Ad-Aware (Score:3, Informative)
Pain in the ass to get rid of. W2k was so unstable it wouldn't even boot in safe mode.
I finally wound up booting off a Knoppix CD and removing the executables.
Heh (Score:4, Insightful)
Nice.
One in Twenty? (Score:3, Insightful)
I would have guessed one in two.
That seems like a low percentage (Score:5, Informative)
Re:That seems like a low percentage (Score:5, Interesting)
5% is WAY low. Even I got infected (an app on tucows was listed as freeware, but turned out to be ad/spyware), even if you don't coun't cookies and GUIDs..
Did I mention that AOL Instant Messenger now comes with spyware? That re-installs itself? And adds "free.aol.com" to IE's "trusted zone" so new stuff installs *without a prompt or warning*.
Only one in twenty? (Score:5, Insightful)
Though I tell people when I fix their computers from spyware, that I will do it once, put Spybot on their computers, along with Mozilla Phoe^H^H Fireb^H^H Firefox on their computers.
If they get more spyware from using IE over Firefox, then I'll charge them to take it out next time.
Re:Only one in twenty? (Score:4, Informative)
In business environments where people's computers are locked down or there are policies against installing software yourself, the rates are much lower. But in the general university/home/small business user community, I'm more surprised when I find that somebody is aware enough to NOT have spyware than when they do.
The Number (Score:3, Insightful)
Insidiousness (Score:3, Insightful)
And this just in (Score:5, Funny)
Stay tuned for the next ground-breaking story about the near 100% mortality rate suffered by humans and animals exposed to di-hydrogen monoxide!
Re:And this just in (Score:3, Funny)
Spyware Inc Press Release: (Score:4, Funny)
nearly 95% of all computers DON'T have Spyware!
To help capture a greater market, our newest
service will automatically install Perl(tm) spyware on any host posting to Slashdot, and even make it open source [slashcode.com]
We think OSS spyware is the future!
(Yes... this IS a joke)
Were the other 19 turned off? (Score:5, Interesting)
The only thing that has infected that "community" around here worse would be smoking habits.
Statistics suspect (Score:4, Interesting)
1 : 1 (Score:5, Insightful)
It's not the only program either, use a firewall and don't install software that you don't need.
Re:1 : 1 (Score:3, Informative)
Mcafee, Norton, Hello? (Score:3, Interesting)
Re:Mcafee, Norton, Hello? (Score:3, Insightful)
We really should have one bad program scanner to rule them all, and I'm starting to notice that AdAware is starting to define the major worms and viruses as something their program can clean up.
Suggestions (Score:4, Informative)
Re:Suggestions (Score:3, Funny)
Since then I haven't had ONE spyware problem! Amazing!
More like 1 in 2 (Score:3, Interesting)
It amazes me that the same people comback again and again. We have one customer who every six to eight weeks comes in complaining that her system is slow. Volia! 500 or more spyware items. Apparently she does not mind paying 50 bucks.
We also do work for a mortgage house that get this installed and wonders why their customers get so much spam for competing mortgage companies after they email the customer.
Oh well, spyware and virii are keeping us in business.
Installing a local firewall is a good idea. (Score:3, Informative)
There's a lot of software out there that tries to dial home and any local firewall that is application aware is helpful when it comes to notify you about what's going on on your computer.
Re:Installing a local firewall is a good idea. (Score:3, Interesting)
After sending an E-mail to the company
I'm not surprised. (Score:5, Informative)
- University students and staff are probably more computer-savvy than the general population.
- They were only searching for four of the who-knows-how-many spyware programs out there.
If you're running Windows, you should have Spybot Search and Destroy and Ad-Aware. Not to mention a virus scanner and firewall. And run Windows Update for goodness' sake! Just more proof that Windows isn't ready for the average user yet. (Sorry, had to get a cheap jibe in there.Recommendation ? (Score:3, Interesting)
"...Gribble says. "We do expect that companies can and should use tools to scan their networks...."
Would't it be much simpler if companies just dissallowed their employees to install applications on their machines?Allowing users to download & install 'anything' poses problems way beyond spyware.
More like 25% where I work... (Score:4, Interesting)
Out of ~3,000 computers, ~750 of them came back with at least one positive. And that's just looking for about 100 known spyware apps based on the presence of a known-bad
That's a lot of fucking spyware.
Spyware is in everything now (Score:5, Interesting)
College Dorms (Score:3, Interesting)
Really, Spyware is like the 8th deadly sin, spread the word and help people get Ad-Aware on their computer.
(As an aftertroll thougt, I should say this. I find it funny that
Spyware is out of control (Score:3, Interesting)
Microsoft needs to fix their ActiveX problems. I usually tell people to run Firefox now days.
So easy to get onto college kids machines (Score:3, Insightful)
Kazza is proving that you don't even need to promise the small payment to bundle the spyware, just free access to a P2P network which has a lot of copyrighted content (that it doesn't have license to have) on it.
The average college student is not majoring in tech. They don't understand what they're giving up when they run a service without understanding what it does. User education is not as good as it needs to be.
Only 1 in 20?! (Score:3, Interesting)
Also, no one seems to realize they have to update adaware or spybot. They're using definitions from August and wonder why they're still getting popups. They usually conclude "the program just isn't very good." The same thing goes for virus scanners too.
Anybody who's designing a new system, whether security or UI, should spend a day looking at how most people use their computers. If you haven't, you might be surprised.
Microsoft Solution (Score:3, Funny)
Study Flaw (Score:5, Insightful)
Their sample was computers at a college. You've got a highly wired place with people using them for all sorts of things, and comparatively little training on what and what not to do. Plus you've got younger users, many of which aren't old enough yet to not know everything, and feel free to ignore the warnings and admonishments (mark it flamebait if you like; I've taught such people and run a computerized lab. I know what they do and how they think, and so did I back then). Plus, you've got installs and re-installs (the common fix for everything Windozish) often being done by student workers with as comprehensive training in system security as they have in nuclear reactor operations.
How about a major ISP asking customers to allow them to scan for them? How about running a similar study on a large corporate system where downloading and installing external software is far more likely to be noticed, and results in far more than "Geez, we told you not to".
Biased sample, bad result. It may be right, but without better data, it's still bad.
Re:Study Flaw (Score:4, Insightful)
That also describes most sales & marketing departments, even at high-tech companies.
Re:Study Flaw (Score:5, Insightful)
You've got a highly wired place with people using them for all sorts of things, and comparatively little training on what and what not to do. Plus you've got younger users, many of which aren't old enough yet to not know everything, and feel free to ignore the warnings and admonishments...
That sounds like a pretty common representation of the average user to me. Although many users outside of education may not be "younger", many of the characteristics hold. In fact, I would say such a user might even be more common than locked-down corporate environments. And if a major ISP ever were able to do such a scan on their customer's hosts, it wouldn't be much different.
Is that a "biased" sample? Depends on what population you're comparing against. If you're extrapolating to corporate environments, then systematic differences from the true mean may very well exist. But if you're comparing against the population of all Internet users a potentially far more interesting and useful population to study, though more difficult as well then the bias is more difficult to measure.
What OSs were profiled? (Score:3, Interesting)
Windows itself is not fully to blame for the abundance of spyware and viruses on the internet, but it's generally the people who use Windows that allow viruses to propagate and make spyware feasible due to their ignorance of their own working environment.
If operating systems are to become more transparent, user friendly and powerful, the problems of spyware and viruses will have to be dealt with decisively.
The average Windows user has no idea that there are malicious TSRs lurking in the corners, doing whatever they please. They don't have fine grained control or access to processes, because Windows assumes (correctly) they would not know what to do with that level of control. Operating systems are complex enough without badly implemented security policies, threading models, filesystems and applications, the cruft of years of application and user backwards compatibility making them worse. I don't know if Windows will get a re-write on the level that Mac OS did. It was very important for Apple to move forward and leave the old OS behind, it's way past time for Windows to follow suit. Spyware and viruses could be eliminated if the user was aware of EVERYTHING the machine was doing. Don't give applications a way to hide, and they won't be able to.
Federal Trade Commission (Score:3, Informative)
More than 1:20 (Score:3, Insightful)
Re:More than 1:20 (Score:3, Insightful)
One fellow I did some work for had hundreds of spyware programs on his machine, as well as a ridiculous pile of browser hijacks for porn sites. He said he lived in fear of the day that he'd be showing something to a client and the machine would begin spewing advertisements for hot asian teen cunts...
Everyone ready to make a "1 in 20?" comment.. RTFA (Score:4, Informative)
The "1 in 20" figure the researchers got was not from scanning the HDDs with Spybot/AdAware/etc....they sniffed for known packets from FOUR of the significantly [spywareguide.com] more [doxdesk.com] than [cexx.org] four [pestpatrol.com] known malwares.
So, to be detected at all, the machines had to be running and the spyware loaded and actively broadcasting packets during the sampling period. Given this lack of an exhaustive check, the 1 in 20 figure doesn't surprise me. (We all know it is 1 in 1...
The actual article (Score:5, Informative)
Way low. Way, way low... (Score:5, Funny)
My current job is doing graphics and web work for a small computer services company, but at least once per week I go out on service and maintenance calls for our clients. At one place, the spyware infection rate was closer to 80%: Gator/Claria, Bonzi Buddy, Vomit Cursor, HiWire, IGetNet, BestWeb, Bargain Buddy, etc. One machine had 477 separate pieces of spyware and browser hijackers. Another had 25 instances of the same pr0n dialer. Even the ones that were relatively "clean" still had crapware like Webshots or WeatherBug that brought these commodity PCs to their knees. And don't get me started on Kazaa...
When I started doing this, I'd cut the users a lot of slack, letting them keep their Webshots or Benadryl Desktop Allergy Alerts. But after a month, the BOFH-nature possessed me. I have become an IT fascist: NO WEATHERBUG FOR YOU! NEXT!!!
Gah. Now I'm pissed. I think I'll go in tomorrow and schedule scandisks and defrags for 9AM Monday morning. That'll learn 'em.
k.
I Must Agree (Score:4, Insightful)
Often times there are odd, often random errors in applications, and it begins to get worse. Or the system even if it's fast begins to crawl. I would say that 8 out of 10 times, it's spyware. In one case I found, according to SpyBot Search and Destroy (excellent tool by the way), 311 spybots and adware shits. This particular system went from the mouse barely moving on a 2.4GHz P4 with DDR ram to what it should have been.
User education is key here. But that is a depressing role to try to be educator, because it's almost all completely ignored.
Effective combination... (Score:5, Informative)
There's not a lot to be missed after that. Process Explorer [sysinternals.com] is also good for finding processes running that might not be of obvious origin.
1 in 20? Get Real! (Score:3, Interesting)
Re:1 in 20? Thats all? (Score:3, Informative)
That's absolutely correct. According to the article they only scanned for Gator, Cydoor, SaveNow and eZula.
I manage a 50-user corporate network. (Score:5, Informative)
Some of my users like spyware. Hotbar is a good example of a program that's actually liked by a number of people. But the programs that seem to do the most harm are the ones that try to stay invisible.
There are two computers on my network that never have spyware problems. One of them is the Mac I do all my web surfing on, and the other is the PC I do no web surfing on at all.
Any company I found is going to be Mac-only. There's little point in tolerating the huge overhead associated with running a Windows network.
D
the obvious question here is (Score:3, Insightful)
Re:the obvious question here is (Score:5, Insightful)
And I really, really don't like being called every time the clock drifts on one of the PCs and someone wants me to fix it.
I have better things to do than fixing it or installing software. So I delegate the power, and as much of the responsibility as people can bear, down to the users.
And users love me, because they know I have respect and sympathy for them.
I'm never going to be a Nazi-class administrator, even though I know it would solve a lot of my problems -- by, no doubt, creating newer and more frustrating ones.
D
Re:I manage a 50-user corporate network. (Score:3, Interesting)
* Microsoft Office is in many ways an excellent product, for all the criticism it gets here, and the Mac version works great. I tried installing OpenOffice on a couple of machines, and it made a complete hash out of their Word documents.
* It's a huge aesthetic step backwards, and everyone, including me, wants their computers to be nice to look at. I don't think this is frivolous, considering all the time we spend on our machines.
The reason I can't switch to another desktop OS at my
Re:I manage a 50-user corporate network. (Score:5, Informative)
* Spyware is created for purely commercial reasons. It is not commercially viable to create this kind of software for a platform with a 5% market share. I don't expect spyware to become a problem under MacOS X unless something happens that pushes its market share radically higher.
if 99.99% of virii and spyware are writen for Windows, the Mac and Linux are far, far safer. That's not "security through obscurity"; it's pure, hard-headed commercial reality.
* Most of the tricks used for "drive-by installs" of Spyware work because Internet Explorer is integrated with the operating system. In other words, you use Internet Explorer + an ActiveX DLL to install updates to Windows. Therefore, you can use the same combination to do Bad Things.
On the Mac, there is no such integration, so the only way to install software is to, well, install it. Period.
You pointed me to a spyware removal tool for the Mac, but I have yet to hear of any Mac spyware. Until proven otherwise, I consider that program bogus.
D
Re:That's likely and understatement (Score:3, Funny)
Jamon
Re:That's likely and understatement (Score:5, Interesting)
I have always thought of spyware as a virus. Perhaps not as destructive but, a virus none the less. Thus, I have always felt that the commercial anti-virus companies should make their software to detect and remove spyware just as they do viruses. As yet they do not but, there is a major need for it.
Now, many people will start rattling off the plethora of spyware detectors and adware look alikes but, the fact is that none of these programs is capable of detecting all of the various spyware in the wild. Additionally, since they are all small companies or free projects they aren't and will not be able to keep up with the flood of new spyware as it comes out. Only the major players like the present anti-virus companies will be able to do it effectively with frequent updates to catch the latest bugs.
Of course, the immediate solution is to not use Windows but, that is not going to happen and even if it did, there would be spyware for Mac and Linux after a while. It's getting to the point that the little voice in my head keeps screaming at me to block off all port 80 traffic.
Re:That's likely and understatement (Score:3, Informative)
A large portion of my work is field service on home PCs. Spyware has actually become a more destructive problem than viruses for most of my residential clients who already have adequate virus protection.
Most people will have one or two spyware apps like Gator on their machines, which won't impact performance enough for them to notice. But if they have kids it's a different story. Kids download and install
Re:That seems low... (Score:3, Interesting)
They also mentioned that college students are more computer literate, and therefore less likely to install spyware. I call bullshit. I've seen enough college students to know they are just as dumb as everybody else out there.
Yes indeed (Score:3, Interesting)
I've rooted out more copies of Gator, Cydoor, etc from neighbors, friends, and family members... I can't even count the infections.
I typically recommend/setup the following bare minimum set of tools to avoid spyware, hax0rs, etc.
Firewall (I like smoothwall on an old PC)
Current anti-virus, set to auto-scan.
Spybot Search and Destroy run periodically.
I don't think I've ever had to look twice at a home comp
Thank you (Score:3, Insightful)
Pop-ups too common? (Score:3, Interesting)
Well, there was one on the page with the article. They wouldn't be hypocrites, now would they?
Re:One in Twenty???? (Score:3, Interesting)
Re:Gripes against IE (Score:3, Insightful)