MIT Startup Tests Top Million Sites for Spyware 243
torrentami writes "An MIT startup called SiteAdvisor has downloaded over 100,000 programs from the top million Web sites and tested them for adware and spyware using an automated system they've built. They've got a blog entry where they dissect 5 of the worst adware bundles they found. There is some amazingly invasive stuff in there."
What about the rest? (Score:5, Interesting)
Re:The major lesson of all this. (Score:2, Interesting)
As ignorant users move to other operating systems you will get spyware and adware on linux and mac also. Rootkits have a long history with unix don't they?
Do what we say, not what we do? (Score:4, Interesting)
They wouldn't bundle an unnecessary license with useful data just after writing about bundling unnecessary software with desired applications, would they?
It is useful outside the US, though, so this is actually a but tongue in cheek.
No reason to be vulnerable to spyware. (Score:5, Interesting)
I was recently asked to set up some computer systems at a seniors home. Now, many of these people have never used a PC. So we were able to acquire several used PCs for almost no cost, and I installed Kubuntu on their systems. We got them set up so that they could check their email, browse the WWW, use various instant messengers to chat with relatives, and even play games (bridge and backgammon were big favourites).
Now, why did I go with Kubuntu? Mainly because it is free, and it is quality software that is quite easy to use. But more importantly, I wanted these systems to always be available to these people. I know that they might visit malicious sites. I wouldn't want that resulting in their systems being compromised just because of that.
You may deny it, but the fact of the matter is that Linux systems won't get infected with spyware at this time. Sure, that may change in the future, but I'm doubtful about that. The basic (yet significant) differences in code quality and architecture are enough to leave Linux (and other non-Microsoft) systems far more secure and usable, even in the fact of malicious software.
Re:End Users Beware (Score:3, Interesting)
It doesn't solve everything like the recent WMF exploit but it does stop what I lovingly refer to as "dumbfuck user" syndrome, which exhibits such symptoms as the inability to read, lack of intelligence and an inherent lack of cognitive reasoning.
Unforunately the company I work at are currently locked into some bespoke software that REQUIRES lock admin rights. I'm currently trying my utmost to get all windows machines onto XP so I can atleast get IE and Outlook running in reduced priveleges mode using dropmyrights. (if anyone knows of a way to do the same under Win 2k please let me know)
Oddity... (Score:3, Interesting)
Re:The major lesson of all this. (Score:3, Interesting)
I know that after trying MacOS, Linux and various flavors of Windows, I find MacOS X much easier to use than Windows - but at lot of this is just that MacOS X doesn't move their preferences around constantly between OS versions.
In the end, though, my preference for MacOS is more aesthetic than anything else - I like the huge amount of work that's gone into making it slick and designer-friendly. There's also the ability not to have to worry constantly about virii and spyware.
I do think more people would work on spyware for MacOS X if it was more popular, but it's hard for me to believe people haven't done it and are not working on it even in its current state. After all, if someone can get their spyware on the Mac, there are still millions of machines to infect and they might be the only infection on the machine instead of one of fifty or so as in the Windows world.
It's quite possible that Mac users are more knowledgeable about their computers, or at least tasteful enough not to download 600,000,000 free smiley faces with hideous background art including 20 new spyware programs. Or perhaps having to type your password after downloading software gives people an idea that downloading software just might be dangerous
D
Exokernel Guys (Score:5, Interesting)
They worked on delivering high throughput for video with their superior OS technology. It interoperated with Windows, allowing them to make money.
This project looks surprisingly un-technical and uncomplicated in comparison, given how competent and accomplished they are.
Here's an exokernel link:
http://pdos.csail.mit.edu/exo.html [mit.edu]
Re:No reason to be vulnerable to spyware. (Score:3, Interesting)
So damn true. As Rich Cook once said:
Re:Flame me. You know you want to (Score:2, Interesting)
It has been my experience that most Windows systems that end up with this crap installed end up having to be reloaded, wasting hours of time backing up data, reloading, reconfiguring the system. Now in the unlikely event that one of my systems got hold of one of these imaginary UNIX spyware apps, it would leave me having to run a total of 2 commands.
# userdel -r kernelpanicked
# useradd -m kernelpanicked
I'm really not seeing your point here.
Re:No reason to be vulnerable to spyware. (Score:4, Interesting)
I haven't heard anything from them regarding cameras and other devices which did not work. I did, however, hear of one grandson bringing over his camera and taking pictures of the seniors so they could email them to their relatives. One of the grandparents who had some PC experience as a secretary told me that she was really surprised how easy it was to get the camera to work. All they did was plug it in, and the storage device on the camera was automatically mounted. They could copy over the files without problem. The kid was reportedly stunned that the seniors could use the system so effectively.
Insult inexperienced users all you want. Frankly, I think that a well-designed system can easily avoid the problems caused by unwitting users. Indeed, any quality software system would be designed in such a way as to completely minimize the harm that an inexperienced user could do. Linux and much open source software appears to do this quite well, and as such spyware just isn't a problem when dealing with Linux systems.
I don't get it (Score:2, Interesting)
It seems like what this company is trying to add into the mix is automated testing, but it's doubtful that identifying spyware is the limiting factor right now in eliminating it. It also seems doubtful that automated testing is, ultimately, going to be effective or reliable.
Re:What about the rest? (Score:5, Interesting)
Has someone done this? It seems so obvious now that I've thought about it.
Re:The major lesson of all this. (Score:2, Interesting)
stop advertising for MIT (Score:3, Interesting)
Please stop it with the name-dropping. It's irritating and insulting. The article has plenty of merit on its own, and is indeed a fine bit of information to put on slashdot.
However, the fact that it was started by two MIT alum is completely irrelevant. If this was the direct result of research being done by a group of MIT students or professors, it might be appropriate to place a reference to MIT in the blurb (but probably not the title). We're not an MIT related publication, as hard as that may be to believe (Wired is also a terrible offender of this).
It reminds me of my psychology textbook, which would always drop the name of the institution responsible for a certain piece of research: "Harvard Professor Shelly cline worked with Yale Psychologist Howard Walken to refine Pavlov's theory....." and so on, provided that the institution was in the Ivy League. Flipping through the pages, I found a few references to only Ivy Leavue Universities and overseas institutions (specifically Cambridge and Harvard).
Now, I'm not going to deny that a great deal of mighty fine research comes out of MIT and the Ivy League, but I'm also going to remind everyone here that other institutions also churn out a great amount of significant research, and they are hardly ever credited for it. My tiny public liberal arts school even churns out a fair bit of good research.
So, slashdot. Please stop shamelessly plugging these name-brand schools. They've done nothing wrong, but by publicizing them in such a way, you're dragging down the other 99% of the educational system that the rest of us have to utilize.
(To be fair, I did RTFA, and sideadvisor seems genuinely cool)
At what point (Score:3, Interesting)
I'm suprized garbage sites aren't being blocked by WebSense. If Maddox's site is blocked (as tasteless humor), why aren't known adware/spyware sites being blocked?
Firefox needs an MSI installer and some Group Policy mods to take off in a corp. enviroment.
I disagree as well. (Score:1, Interesting)
There will be spyware for *nix, but it will be a minor problem, since who needs to click on "FREE! FREE! FREE! WEATHER REPORT ON YOUR TASKBAR FREE DOWNLOAD CLICK HERE!" when you have distro-supplied (safe) software for the same thing?
The problem lies with shareware software whose authors have decided that shareware registration fees aren't giving them the profit they were lead to believe would be theirs (by the windows culture) and who decide to sell a little ad-space inside their software's installer.
*nix programmer and user culture places respect and reputation higher than cash, so you're not likely to see a massive problem like this ever without some fundamental changes. Commercial companies that want to make a living with *nixes must realize that here they will thrive or starve on their reputation (hello SCO!), and bundling spyware is the kiss of death.
not just ignorant, but also... (Score:4, Interesting)
i can't tell you how many times i've expressed the dangers to people. if you don't have anti-spyware, anti-virus, firewalls, and etc these are the risks. and they don't beleive. if you look at the large campaigns (at least in certain areas of the U.S.) to get people to wash their hands on a regular basis, it appears that people are disbelieving of germs also.
how do you fix this?
there is amazing evidence that the use of seat belts in autos reduces your probability of dying in a colision. but we still have to make laws to make people wear seat belts.
so far there has been no real cost to a computer user for being stupid. with the exception of lost data, nothing bad is going to happen. if laws get passed that state your are responsible for your computers actions in dos attacks or if your computer is hijacked and made into a child porn depot, things might change.
eric
Re:Can't agree (Score:2, Interesting)
Mac developers avoid asking for the admin password as much as they can. Bigger apps tend to ask it more because they need to modify the System folder for some reason.
On OS X, programs rarely need to do that, most applications (even big ones) are contained in a single icon you can drag to your application folder without needing an installer.
Re:What about the rest? (Score:2, Interesting)