The Average PC is Infested with Spyware 556
WoodenRobot writes "This article claims that Earthlink have discovered that the average user's PC has 28 spyware programs on it. More details can be found on Earthlink's spyware auditing page." Compare to a university study. The FTC is hosting a Spyware Workshop.
Earthlink? How ironic. (Score:5, Funny)
That's not fair, of course. For example, try searching for spyware removal software [google.com] like "Spybot Search and Destroy [safer-networking.org]." Almost all the links you'll find are for imposters that are themselves spyware. Evil.
Earthlink has their own spyware removal sofware, but I'm amazed it doesn't get caught in an infinite loop installing and removing itself, since Earthlink's software includes spyware.
--- JRJ [jrj.org]
Re:Earthlink? How ironic. (Score:5, Informative)
I used to be on Earthlink, until I became disgusted with their "support." The only spam I ever get now is from my old address with them. I don't know what their spyware removal is based on, but I know it didn't catch gator running on a friend's PC. Between that and the spam, I don't see myself going back to them in the future, or recommending them to anyone I know.
Re:Earthlink? How ironic. (Score:4, Insightful)
Not far from truth (Score:3, Interesting)
So I've removed it and installed Google. At least in Google you can explicitly set the option so it does not collect any information (hopefully, Google is more trustworthy in this respect).
Re:Not far from truth (Score:5, Informative)
Re:Not far from truth (Score:4, Interesting)
In a related note, a friend who uses AOL and IE, and had the install for only 1 (one) year. After one year of usage, Adaware turned up three thousand things it deemed as "bad."
Re:Not far from truth (Score:3, Interesting)
Me too. And so far, everyone that's switched has loved it - including completely non-technical users.
You can go into the Preferences menu and have it ask you if you want to accept a cookie. I deny cookies unless I know I'm going to need them to log in, like to slashdot. Like this, I've been free for a long time.
You know, this is something that is a kind of strange thing. I'm more annoyed by the message coming up asking if I'd like to accept the cooki
Re:Not far from truth (Score:3, Informative)
You are mistaken, Spybot Search and Destroy *IS NOT* spyware.
Here is a list of *SAFE* Adaware and Spyware removal tools.
*Free*
Spybot Search and Destroy [safer-networking.org]
Adaware [lavasoftusa.com]
*Not Free but Good*
Pest Patrol [pestpatrol.com]
Re:Not far from truth (Score:3, Interesting)
i'd like to recommend Opera [opera.com]; blocks popups if you want it to, turn off javascript, plugins (like flash. goodbye flash ads), and cookies at will, all within the incredibly useful menu that pops up when you hit F12. also warns you when sites try to set "illegal" cookies. gorgeous browser and very customizable.
Re:Zealots guide to using Internet Explorer safely (Score:3, Interesting)
Re:Not far from truth (Score:4, Interesting)
Internet Explorer is a terrible browser. I'm amazed why so many people, even those knowledgeable about computers, use it. Just because it's built it doesn't mean it is better than the competition.
Re:Earthlink? How ironic. (Score:5, Interesting)
is it spyware... (Score:3, Insightful)
I use S&D, and it don't tell nobody what I found.. so how come earthlink knows?
the proof is in the subject, THEY KNOW HOW MANY THEY FOUND....
Comment removed (Score:5, Insightful)
Re:Earthlink? How ironic. (Score:5, Insightful)
Most people don't think they have the time to become less ignorant, this stuff looks (and is) very complicated, and they don't know how they'd even go about it. It's really easy to overlook just how much more you know than the average person does, and it's easy to forget how much time it took you to accumulate this knowledge.
Re:Earthlink? How ironic. (Score:5, Insightful)
And the same thing would probably be true if people took the same attitude toward keeping their computer running that they do toward keeping their car running. People accept that cars are complicated and require routine service. They understand that if they're not competent to do the service themselves that it makes sense to pay a professional to do it for them. They're willing to plunk down some serious coin to get the thing fixed if/when it breaks.
The problem is that many, if not most, people don't take the same attitude toward computers. They're encouraged to believe that computers are so easy to use that anyone can use and maintain one with little or no training. When problems do come up, they tend to try to solve them by asking a friend who is supposed to know this stuff what to do rather than spending money on a professional. Combine that attitude with deliberate attacks against computers by things like worms and spyware, and it should be no surprise that the average car is much better maintained than the average computer.
Re:Earthlink? How ironic. (Score:5, Insightful)
I didn't care. That car did what I needed it to do for as long as I needed to do it before I could afford a better one. In other words, it was exactly like a computer to most people.
Re:Earthlink? How ironic. (Score:5, Insightful)
Yes, they do. They know that if smoke starts coming out from somewhere else than the exhaust pipe, they'd better stop and get out of the car, fast. They know that if lights start flashing in the dashboard with no apparent reason the car needs to be serviced. They know that they must not pour water into the gasoline tank, and that if the tires are flat they need to be reinflated, and so on. They also know that it's a good idea to lock the doors when you leave the car.
On the other hand, people don't know that you shouldn't open strange e-mail attachments, that you should run a firewall, and that you should install updates at least weekly (which is not difficult - both Linux and Windows come with automatic tools that search, download and install the neccessary updates at your command).
So basically, people do know what to expect from a car, and can reognize when something is wrong with it. On the other hand, people do not know what to expect from a computer, and when something is wrong with it (and thus can't have it fixed).
Computers are not like other tools, nor will they ever be. People expect to use them without understanding any of the concepts and theory behind them, and then get angry and frustrated when they can't make the computer understand what they want. It is absurd.
Personally, I think every computer should ship with a 200-page book explaining the basic concepts and theory behind the computers. And I mean basic theory, not "install a new printer this way". All support should be denied before this book has been both read and understood.
Anyone who is incapable of understanding how computers work shouldn't be using them without supervision, for his sake and everyone else's. Harsh, but the only solution sort of running a truly sentient AI in every computer.
Re:Earthlink? How ironic. (Score:4, Insightful)
This is one reason why many new cars (and lawn mowers, etc.) come with VHS tapes, but even those are ignored.
The trick is to make everything so simple that performing tasks are easy enough for the uninformed person to figure out quickly. To do that, you have to do lots of role analysis, use cases [craiglarman.com], and user testing [amazon.com].
Re:Earthlink? How ironic. (Score:3, Insightful)
Re:Earthlink? How ironic. (Score:3, Insightful)
There are two things about computers, however, that really make this metaphor break down.
If I had to understand how a car worked, I'm sure I could. A car is orders of magnitude simpler than a computer. In fact, I'll bet Internet Explorer alone has more complexity than the average car, and the
Re:Earthlink? How ironic. (Score:4, Insightful)
The "Spyware" reported consists of cookies. Not trojans, backdoors, browser redirectors etc - cookies. Cookies can track you but they don't exercise code, and the ones that this software reports are not even fully researched. They're "potential" spyware - which is the same as finding a kid with three marijuana seedlings and charging him with posession of "potential" street value of $3 million.
Why would Earthlink do that? The Arstechnica article suggests it is because Earthlink advertise their Spyware-blocking service right next to the page that shows you the incredible amounts of spyware found on your system! Hmmm....
I don't know why I bother with slashdot. It must be a reflex built into my fingers or something but it certainly has turned to shit.
Now mod me down, editors. Show us how you censor those who disagree.
Re:Earthlink? How ironic. (Score:5, Informative)
Now, if you eliminate the "adware cookies" as dubious, you're still left with the headline "The average PC contains 5.4 instances of "Adware, System Monitors, and Trojan Horses." Still tabloidish enough to get a rise out of most slashdotters.
Re:Earthlink? How ironic. (Score:5, Insightful)
Re:Earthlink? How ironic. (Score:3, Funny)
Good effort to fight spam and malware (Score:2, Informative)
It really doesn't surprise me to hear that the average computer has 27.8 instances of spyware on it. Most users have no idea what they're doing; I constantly remove that kind of junk from my family's computers.
Earthlink has been doing a good job [dailywireless.com] of fighting spam and spyware on the internet. I think it's a valiant effort.
Comment removed (Score:5, Interesting)
Re:Good effort to fight spam and malware (Score:4, Funny)
Next, show her Mozilla. It can remember all her passwords, sans spyware.
Re:Good effort to fight spam and malware (Score:3, Insightful)
A few days later, something goes wrong, and all they say is "well, it didn't do this before you touched it!" To which I usually reply: "Okay, I almost never have problems with my computers, and your computer worked well af
Re:Good effort to fight spam and malware (Score:3, Interesting)
Of course this solution won't help those techies who's friends always call them or those with family that do not want to learn because "it's too complicated" or "I'm not the technichal type".
The ace in your sleeve: a Mac. Any non-tech type comes up to me and asks me what computer to get, I tell them to get a Mac. If they ask for help on a PC they already own, I tell them to ask the person who recommended it how to fix it; I may end up fixing it anyway, but then I recommend a Mac. Anyone who has not f
Re:Good effort to fight spam and malware (Score:5, Interesting)
There's no doubt the survey is accurate - as an independant consultant, I deal with this all the time. I run Ad-Aware on badly behaving Windows boxes and show their 'owners' just what a mess they have. Record so far is 500+ items tagged by AdAware. Unreal.
This problem is on par with SPAM and viruses, and consumes serious IT cycles to manage. My usual couse of action for any new client is: SOPHOS AntiVirus, pop-up blocker, AdAware, alternative browser (eg Netscape, Firebird), alternative email client (eg. thunderbird). Not to mention religious use of Windows Update, a strong permiter firewall and replacing NT/2000 servers with Linux boxes running SAMBA, themselves fully hardened agaisnt attack. Of course, SpamAssassin is a must on the mail server.
It's a war. And I fight to win.
Re:Good effort to fight spam and malware (Score:3, Funny)
Re:Good effort to fight spam and malware (Score:5, Interesting)
Not to mention religious use of Windows Update...
The scary part is that there are IE/Windows exploits for which no patches currently exist, so Windows Update can't possibly protect you in those cases. What's even worse is that those exploits are being used NOW.
During the time when I naively thought IE would be perfectly safe with all patches, I came across an ad popup that downloaded and ran an executable. Yes, I was fully patched, I even checked afterwards. Turns out the popup got through using an exploit that currently lacks a patch. Luckily, file permissions saved my ass that time, but I'm switching to Firefox to be safe.
Re:Average this, average that (Score:3, Informative)
Anyway, the Earthlink sample size was over 1 million
Re:Average this, average that (Score:4, Informative)
You defined the arithmetic mean, which is commonly known as the average.
Mode is the item in the sample that occurs the most frequently. The item with the higest value is called the maximum.
The median is the value that occurs midpoint in the list of values when they are sorted in ascending (or descending) order. If the list has an even number of values, the median is the average of the two middle values.
Dork.
slightly misleading... (Score:5, Informative)
There's still a LOT of junkware/spyware/adware/malware/whatever out there, far more than there should be IMO, but it's not quite as bad as they let on. :-)
Re:slightly misleading... (Score:5, Insightful)
That's not "slightly" misleading, that is *extremely* misleading. The BBC article makes no mention of "cookie". They do say "average of 28 spyware programs", but isn't a Cookie generally more benign then a "program"? A program is usually active; a cookie sits there.
By the way, the BBC sets a Cookie on your system. Perhaps we should sue?
Re:slightly misleading... (Score:4, Informative)
I've never, for example, seen Ad-Aware tag a Slashdot cookie as a privacy risk, but I have seen it tag Doubleclick and other crap from when I have to use Explorer (which I use for really uncompromising, cookie-laden sites).
Re:slightly misleading... (Score:3, Interesting)
The cookies they do nothing... (Score:5, Informative)
slashdot.org / 31 Apr 2004 user 621112::jrLk8rfhJlszg7DMS6cI83
Your webbrowser will provide that information to the server (slashdot.org) at a later time (before the expiration, 31 Apr in this case). In this way the server can "remember" who you are by storing whatever it would have otherwise forgotten as that cookie which is saved to your hard drive. In this case it's remembering that "user" equals 621112...blah blah blah. When slashdot sees me trying to load the front page, it gets that cookie, which it looks up and figures out maps to "Ayanami Rei" and shows me my Slashdot homepage as opposed to the generic one.
Here's the thing. Your web browser justs sends ALL the cookies that the webserver ever left everytime you fetch a URL from that server since it can't tell which one it might want... the server ignores the ones it's not intereseted in.
So whenever you see an ad banner coming from some site like doubleclick.net, you can be sure that it's setting and checking a doubleclick cookie. The thing that makes it dangerous is that it can also tell (from Referer headers also graciously provided by your browser) what page that ad was referenced from (and hence what page you were browsing!) So doubleclick.net can track you between sites that use their ad banners.
Etc. Some websites concerned about tracking traffic insert invisible images that fetch and set cookies from centralized webservers to get statistics. While cookies only get and set themselves to servers with the same name, that doesn't mean a bunch of websites can't subscribe to one tracking service. (And they often do...)
So while I wouldn't call it spyware, you need to be aware of the potential privacy implications and you need to carefully inspect your cookie files or cookie permissions. Mozilla lets you block access to cookies by originating sites, so you can control who can and can't use your cookie storage.
Re:The cookies they do nothing... (Score:5, Funny)
Small Issues (Score:5, Interesting)
Plus some spyware scanners flag any kind of push technology as spyware. The theory is that vendors can use push software to force you to download stuff. Well duh -- any network-aware software runs that risk.
Spyware has gotten so bad I never download closed-source software except from certain extremely reputable sources. And even so (I'm ashamed to admit) there's a bit of spyware that I can't seem to track down. Fortunately it only runs when I reboot (no it's not in any startup lists) and all it does is re-install a program called "readme shim.exe" (yes, that's a blank in the name) which itself is just a stealth spyware downloader. Fortunately, I can simply terminate "readme shim.exe", and not worry about it until I have to reboot (I hibernate when I'm not using the machine). No point in deleting the file -- it'll just come back. Scary that spyware vendors can get that clever!
Re:Small Issues (Score:5, Informative)
Do a Google search for "sted380.zip" (you don't want the ones after that, they disable themselves after a while). It lets you see exactly what programs your computer loads via the numerous startup methods, and delete them. Short of your particular problem somehow running as an actual device-driver, this would let you kill it.
Also, you might want to make sure you don't have any strange-looking services running - I've seen a number of difficult-to-remove programs that work by letting you kill them easily, but they don't remove an associated service that just reinstalls them at the next reboot.
Re:Small Issues (Score:5, Insightful)
It doesn't handle services, but it covers most everything else, except maybe autoexec.bat. And it's a lot faster than digging through the registry.
Re:Small Issues (Score:3, Informative)
(Disclaimer: I am not Mike Lin)
Re:Small Issues (Score:3, Interesting)
It doesn't have to be this way... (Score:5, Insightful)
While most spyware is adware-related and relatively benign, it's disturbing that over 300,000 of the more serious system monitors and Trojans were uncovered
I don't think most adware is benign since it eats into available RAM. Some adware also affects application performance, or, worse yet, prevents applications from running. Anyway, I am, again, preaching to the choir.....
Happy Trails!
Erick
No problem for me... (Score:2, Interesting)
Re:No problem for me... (Score:4, Interesting)
Granted more spyware is written for the Win32 systems, but with the increase usage of Linux and the way tracking cookies work...I wonder if there has really been an in depth look at if and how spyware can infect a system running Linux.
You know it won't be able install any system services (unless your running as root), but what keeps things from making changes to ~/.Xsession or simular user level logon scripts?
Re:No problem for me... (Score:4, Insightful)
In addition, with Linux, you can have distributions aimed at neophytes which prevent this sort of thing, and then other distributions for experienced users who just want to be uber-productive.
Re:No problem for me... (Score:3, Interesting)
I think the culture is what really makes it so different. In Windows, it's very common for users to download various little closed-source applications and install them. Of course, lots of these things (like Gator) are spyware. The whole idea of open-source, community, etc. are totally alien in the Windows environment, where everything is about users being consumers and paying for most things they use. Of course, lots of open-source programs are available for Windows, such as
Re:No problem for me... (Score:5, Funny)
Re:No problem for me... (Score:3, Interesting)
Tracking cookies will work on Linux - however it's easy to write a shell script that runs as a cron job that will eliminate those. It's a little more convenient than using the browser to control cookie persistance. Something like this:
#!/bin/csh
#/home/eric/.mozilla/eric/zidis8bu.slt/cookies. t xt
#copy yesterday's cookie file. We put it in tmp for now, because we want to
#compare it later with the last cookie file
cp ~/.mozilla/eric/zidis8bu.
Re:No problem for me... (Score:5, Insightful)
I'm certain that Linux isn't 100% safe, but I reckon it's a lot safer than Windows for the following reasons.
There are other reasons that will only hold true until Linux becomes more popular. So these are good reasons for now, but won't hold true forever.
Typical. (Score:5, Interesting)
Most people see a certificate pop up, even if security features are turned on, and accept it as a matter of course. Most people don't even comprehend the concept of Spyware, the idea that clicking links in spam is a Bad Idea or that wearing a tinfoil hat won't protect you from the alien mind control rays.
How did they do this study? (Score:5, Funny)
The thundering noise you hear... (Score:5, Funny)
Claims Overhyped? (Score:4, Interesting)
Confirms the obvious (Score:5, Interesting)
This Is NEWS?! (Score:5, Insightful)
one solution is... (Score:5, Insightful)
Re:one solution is... (Score:5, Interesting)
I tried searching google to find it again, but the only thing I'm finding is a page in german, which I'm not entirely sure is what I'm talking about.
If I were one of my users, I would have clicked Install, because I'd be jawdroppingly retarded.
The XPInstall functionality is a tradeoff between security and convenience, but just like IE's install feature, it's going to be abused.
Hopefully standard unix security stems the tide.
Re:one solution is... (Score:3, Funny)
"Lyrics", huh? :) Is that what it's referred to as now? :)
Re:one solution is... (Score:3, Insightful)
Bullshit (Score:5, Informative)
Firefox is not MUCH more secure than IE. Wanna proof? What's the fucking difference between IE's box asking about installation and Firefox's one? Yes, I'm talking about .xpi files. How long it would take before spyware will distribute itself as .xpi files and users will happily click "yes" in these boxes?....
I love mozilla. It's a very good browser. But don't think that it's a magic cure for all spyware.
Re:whoa! (Score:4, Informative)
http://forums.mozillazine.org/viewtopic.php?t=6
for more detail + links to other posts.
Re:whoa! (Score:3, Informative)
I've seen pretty bad ones (Score:5, Informative)
It really should be a violation of the wiretap laws to put this crap on someone's machine. These poor non-technical users' machine was an Athlon 2200 that ran like a 486. Once we took the crap off, it zoomed.
Lets hear your records... (Score:5, Funny)
The unfortunate soul was a windows ME box, so it wasnt destined for greatness even without the spyware.
By the time i got there, opening a browser would cause the machine to reboot, and there was no "System" icon in the control panel. Oh yea, he was running AOL too...
Beat that
Re:Lets hear your records... (Score:5, Interesting)
I do. We're a small shop, we'll fix your PC even if you're the one who f'd it up by installing Kazaa. Our current record, as reported by Ad-Aware 6.181 with a then-current reference file, is 1354. It's on a whiteboard near our workbench. This record has held for over a month now; the previous record was "merely" 950-something.
Correction: (Score:5, Funny)
You can guess what the average AOL user's machine has.
I don't doubt it (Score:3, Interesting)
Spyware nuking my site! (Score:5, Funny)
216.194.67.61 [216.194.67.61]
Now the rate of spyware/adware requests is down from 2 per second to only 0.3 per second over the last few days :)
Bwhahaha, doing my part in teaching the public :)
Numbers are not surprising (Score:5, Interesting)
Really, I don't consider tracking cookies to be much worse than, say, RFID tags in all my $100 bills or Walmart purchases. It's a public network, people are going to watch.
That reminds me... time to run Adaware again.
Worst I've ever seen Part 1 (Score:5, Interesting)
Using Ad-Aware, it found, and I kid you not: 22,485 units of spyware.
The machine was so infested, it couldn't connect to the Internet (throough the university T-1 lines) because of all the pop-ups, redirects and what not.
In defense of the machine, 11 users had profiles on it, which under Win98, merely copied everything (spyware and all) to the new user. But it was astounding all the same.
part Two
Same university, brand spanking new P4 3.0 Ghz Dell for a big-shot professor.
8,000 units. The professor would click "yes" to every pop-up that came her way, not knowing/caring/reading, what it did. Then complained why the brand new machine was slow and needed a new one.
After removing the spyware, and explaining what had occured, she nodded sagely, and went about her business.
Next day I get a call from her...same issue, tons of popups.
She hadn't listened after all.
It's times like these I wish people like that would be given a Mac or BeOS machine.
Re:Worst I've ever seen Part 1 (Score:3, Informative)
The average PC also has... (Score:5, Funny)
Internet Explorer
Outlook or Outlook Express
Microsoft, when contacted, insisted there was no relationship
3 programs.. (Score:5, Informative)
SpywareBlaster [javacoolsoftware.com]
SpywareGuard [javacoolsoftware.com]
I use these three programs (in the above order) on lots of spyware infected machines and so far, haveh a LOT of success removing and keeping spyware off those systems. Infact, earlier today, I ran that combo on a system and reduced RAM usage by 100MB, not to mention a huge speed increase (of course, I did some other housecleaning such as disabling startup items & removing some other non-spyware search bars & annoyances).
I just tell my friends one word ... (Score:4, Informative)
It just works
On one machine on which I installed it, it found and removed more than 256 spyware components (bad cookies, spyware registry keys, etc.). That friend installed it on her brother's PC (according to her, he's a <sarcasm>"Really Bright Guy"</sarcasm>) and it cleaned out more than 1,000 Bad Things(TM).
Re:I just tell my friends one word ... (Score:5, Interesting)
Ad-Aware is great stuff, however you need to be careful recommending in beacause of the low life scum at Ada-Ware. I had one of my friends install that by mistake.
Correct me if I'm wrong... (Score:4, Insightful)
If that's the case, how many of these cookies (or actual programs) are variations on that theme? Would Earthlinks audit utility see a Spybot S&D cookie and count it as spyware, when it's really not?
If that's the case, then if you've Immunized your computer with S&D, you have every known spyware cookie on your computer according to the audit. This would inflate those numbers dramatically.
Illegal (Score:5, Insightful)
Re:Illegal (Score:4, Informative)
I always recommend (Score:5, Informative)
No need to RTFA... (Score:5, Informative)
I also had a bad run in with new.net. My thoughts about those people would land me in jail if put into action. Read about these scumbags along with removal instructions here [cexx.org]. I spent an hour trying to extricate it out of my mom's computer before finding this link. This thing has a DLL that literally ties itself into the TCP/IP stack of Windows, so removing it will disable TCP/IP. Just a slight problem, don't you think? Nothing like an untrusted third party app intercepting your TCP/IP calls and doing god knows what with them.
I should mention that a different co-worker picked up CoolWebSearch, a particularly evil spyware app that resurrects itself even after you try to remove it with Ad-Aware. An awesome app called CWSShredder is available at http://www.spywareinfo.com/~merijn/downloads.html [spywareinfo.com]
Also located there is a HiJackThis, which scans regkeys commonly used by spyware and allows you to remove them. Be very careful with this app though, as legit keys are listed too.
In light my experience, I shudder to think what Joe Sixpack must have on his system....
Last thought: What gets my goat is how everyone's going after virus writers, but no one's touching these asshole spyware programmers. These programs DO interfere with system operations, are difficult to remove (some even actively interfere with ad-removal software), and run without the user's knowledge. I'm probably preaching to the choir here, but I simply must vent.
Spyware (Score:3, Flamebait)
Did this list include Microsoft products like Windows XP and Windows Media PLayer? Surely that is just as much spyware as any of the stuff that people download off the net.
Lies, damn lies, and statistics. (Score:4, Informative)
Thank God Mom Has A Mac (Score:4, Insightful)
Not only the average PC... (Score:5, Informative)
Most PCs had 100s of registry key compromises (Alexa being the most usual), and lots of spyware...some even had trojans and worms, even if Norton Antivirus is installed to all PCs as a company policy.
I recently changed my boss' internet explorer with Firefox, and replaced all desktop IE links with firefox.
I have made the habit of running Spybot - S&D and Lavasoft's Ad-Ware at least once a week, as well as having Antivirus on at all times.
Has anybody calculated the cost of malware ? it could be thousands of billions of dollars. So much time spend cleaning Windows installations, doing system scans, reboots, registry restores and cleanups...not to mention compromized servers and server downtime.
How much, if Microsoft was charged, would they have to pay society for the damage ?
Well, duh! (Score:3, Interesting)
Well, duh! You don't need to tell slashdotters that, you need to tell the technically illiterate clowns who don't read slashdot, and can't find any website that doesn't end in .com. They used to get quite a shock trying to find the White House!
Analysis of the tool... (Score:5, Informative)
Being somewhat bored on a Friday afternoon, I decided to take a quick peek at
this software from Earthlink, and found some rather disturbing results. In
fact, it's ill-represented, borderline illegal, and about as intrusive as
RealPlayer (and that's saying a lot).
I ran my machine through their quick'n'dirty scan, which reported
1 Trojan,
5 Adware programs,
65 Adware cookies
Given that the combined might of one internet security expert, Ad-Aware,
HijackThis, Spybot Search-and-destroy, and Network Associates Antivirus (all
with the latest updates - me included!) found nothing, I got somewhat intrigued
and looked a little deeper. My (american) fiancee has an Earthlink account, so
I borrowed, that, downloaded the software, and (several reboots and updates
later), ran their proper spyware detector.
This showed up that it had found 123search, Alexa Toolbar, Bonzi Buddy,
OpenSite, and Netbus(!!) on my system. Every one of those apps would be found
by at least three of the apps which I regularly run, and every one of them would
have been found in the manual checks which I periodically run as well. So I
went a little deeper...
Once the checks had been run, I paused a little before allowing the tool to fix
the items it had found. In the meantime, I fired up regmon and filemon,
allowing me to see *everything* that the tool was doing.
This turned out to be not a whole lot. No files outside of either the Earthlink
install folder or the system registry were modified in any way. The only
registry keys which were deleted we for Netbus settings (OK, I fiddled with it
for a project about a year ago, but a registry key isn't exactly the same as
having it installed!) and a few random CLSID's that could have been anything.
Not exactly convincing evidence - especially considering that I know none of
those other apps have ever been anywhere near this machine...
So, having "fixed" everything, I ran the quick'n'dirty scan again. Surprise!
My machine was clean. So, I uninstalled the proper software (its ONLY saving
grace - it uninstalls cleanly), rebooted, ran the quick scan again, and was not
entirely surprised to find that it now listed no trojans or adware, but 18
tracking cookies. Despite only accessing the Earthlink site (and El Reg) since
it reported that I was clean. And still, Ad-Aware and Spybot report nothing...
Essentially, it looks like this is reporting large numbers of problems in order
to convince you to pay Earthlink for their software, which then magically
"fixes" all the problems (which never existed in the first place). They're
trading off the FUD associated with Spyware, and it's ethically and (probably
legally) wrong. Their product may be of benefit to people who know no better,
but I'd stick with Spybot S&D and Ad-Aware - two very good (and free) apps
which, when combined with a decent AV scanner (and maybe a personal firewall, to
boot) give you all the protection you need from spyware, and a whole lot else.
I have screenshots, logfiles, etc...
Distorted numbers (Score:4, Insightful)
A badly-spyware-ridden machine could have thousands of those items.
Now, if only one computer out of 10 has Gator, you'll still find that on average, each computer has 15 items. Most typically - specially in corporate environments - you'll find a few machines with thousands of spyware items and a lot of computers with no spyware - since employees aren't _all_ fucking around with company time.
So, um, another ignorant Slashdot story. Grr.
This is why I hate Windows (Score:3, Insightful)
average 28? (Score:3, Interesting)
Lockdown ActiveX on IE (Score:3, Insightful)
The secret to my success is to lock down ActiveX and restrict scripting. Most of these spyware apps do drive-by installations through ActiveX applets, so if ActiveX is disabled then spyware cannot be installed.
I have included many websites in the Restricted zone, where scripting and ActiveX are both disabled. The default setting for new websites is to prompt for ActiveX, and I always say No unless I know in advance what the ActiveX control is.
I have to say No several times a day, but this is no more onerous than closing a popup, and if it annoys me I could always disable ActiveX.
I also scan with Adaware and Spybot Search and Destroy periodically, and I use a popup blocker and Zonealarm. Not much gets through all of that.
Re:So which is it? (Score:5, Funny)
Re:So which is it? (Score:3, Insightful)
"Lurking "spyware" may be a security weak spot [newscientist.com]," the New Scientist article mentioned in the prior Slashdot post [slashdot.org], reported on an effort to locate only four specific spyware programs:
Do what I do... (Score:4, Informative)
The primary topics are:
* Cutting & pasting (get them out of the habit of typing URLs manually)
* The browser is just a program, the internet is out there *points* all the browser program does is talk to the other computers.
* This is a URL, this is what the bits of it mean. These are TLDs, these have their registration controlled (mil, gov, etc.), these don't (com, org, etc.).
* You CANNOT trust everything you read online! (*uses google to find conspiracy theories, instructions on making tinfoil hats*)
* This is Google. Don't bother with the other search engines. Here is how we use its features...
* You should NEVER use the following programs unless you HAVE to, due to their insecurity:
- Internet Explorer
- Outlook [Express]
* You SHOULD use the following, free programs:
- Mozilla (replaces IE + OL, I don't want to confuse them by telling them to try Firefox, it's name might change before they could get it).
- Adaware
- Spybot Search & Destroy (NB: we use Google to find these; I warn them to beware the impostor programs)
- AVG Antivirus (Out-of-date AV programs are nearly useless. I know that you don't want to pay $$$ for constant updates. This is free for personal use [but not business use!], here is where you go to install it).
As you can see, I have it pretty well down pat by now. If any of you have free time, talk with your local library about setting up free classes like this for the community. We reserve one of our computer labs for this one, and I teach a class every week.
Most computer users aren't as stupid as they are uneducated. We cannot fix stupidity, but we can fix ignorance. Teach them and the messages will spread; hopefully they will also share their knowledge, mitigating the problems caused by poorly educated computer users.
Re:Firefox for HTML, what about for email? (Score:3, Informative)
Re:True true (Score:3, Funny)