Forgot your password?
typodupeerror

Most Web Users Unable to Spot Spyware 399

Posted by samzenpus
from the masters-of-disguise dept.
Ben writes "According to a Spyware Quiz conducted by McAfee SiteAdvisor , a staggering 97% of Internet users are just one click away from infecting their PCs with spyware. One interesting conclusion from this study showed that even users with a high "Spyware IQ" have a nearly 100% chance of visiting a dangerous site during 30 days of typical online searching and browsing activity."
This discussion has been archived. No new comments can be posted.

Most Web Users Unable to Spot Spyware

Comments Filter:
  • Wait... (Score:3, Insightful)

    by cshank4 (917540) on Wednesday April 26, 2006 @10:50PM (#15209609)
    That has to be wrong, somehow. A lot of the people I know only go to trusted sites, virus-scan everything, etc etc. It only takes common sense and a slightly focused attention span to keep your machine clean.
    • Re:Wait... (Score:5, Insightful)

      by topham (32406) on Wednesday April 26, 2006 @10:52PM (#15209624) Homepage
      The correct way to look at it is to say that it only takes a split second of distraction to get a machine infected.

      • Re:Wait... (Score:5, Informative)

        by Mistlefoot (636417) on Wednesday April 26, 2006 @11:23PM (#15209767)
        I've said it before and I'll say it again.

        Maintain an up to date hosts file - the best I've found is from here - http://www.mvps.org/winhelp2002/hosts.htm.

        Blocking a site from loading prevents - well prevents if from loading. What more can you ask for? If you keep your file up to date (their most recent hosts file is 6 days old) you certainly are preventing a lot of the risk.
        • by EmbeddedJanitor (597831) on Thursday April 27, 2006 @12:01AM (#15209915)
          ... for most www users.

          Most www users are not geeks and cannot tell the boundary between their computer and the internet, let alone know how to drive a hosts file etc. Any advice of this form is completely useless to most www users. If the computer says "click on this" they will. Don't expect them to tell the difference between something from MS or the OS and a phishing scheme or other attack.

          It is also not reasonable to say that people should know this stuff to use the www. Nonsense! Do you need to know the difference between a knit and purl stich to wear a sweater? Do you need to know what advance and retard are to drive a car? Why the hell should you know what a hosts file is to use the www?

          • Given that he posted this on Slashdot it's a perfectly practical suggestion for the target audience. I've been using this particular hosts file for a while with great results. I keep it updated on my wife's and daughter's computers as well.
          • by Dr Tall (685787) on Thursday April 27, 2006 @12:32AM (#15210036) Journal
            It is also not reasonable to say that people should know this stuff to use the www. Nonsense! Do you need to know the difference between a knit and purl stich to wear a sweater? Do you need to know what advance and retard are to drive a car? Why the hell should you know what a hosts file is to use the www?

            Because sweaters and cars work just fine without knowing much about their inner workings, and computers don't. Maybe it would be nice if the www didn't require competent users, but unfortunately it does.
            • No, computers *can* work fine without knowing their inner workings. Ever used a Mac?

              Cars no longer require competent users, despite initially if you wanted a car you needed to understand everything in it. Nowadays the on-board computer deals with everything except steering (And some even compensate for bad driving here).

              Computers are like cars. You can become the 'mechanic' and understand everything and keep your computer running. Or you can be the everyday user and just point it in the right direction. Som
        • For sites that direct your browser to an IP address URL this hosts file does nothing. (http://123.22.33.44/grabyoubytheshorthairs.php)
        • Re:Wait... (Score:5, Insightful)

          by phlipped (954058) on Thursday April 27, 2006 @01:19AM (#15210197)
          Using host files to avoid certain sites is a kludge.

          While it may be simple and effective, the hosts file is not the right place to block access to certain sites.

          Blocking should be done by the browser itself or by a firewall, proxy, or some other software gatekeeper expressly designed for the purpose. Such an agent is theoretically able to perform a multitude of functions related to site blocking, such as temporary unblocking, content filtering (ie allow the HTML through but nothing else, or strip out javascript, or whatever), authentication for unblocking, management of blocked groups (eg separate black lists for porn, spyware, anti-chinese-government content).

          Hosts files don't allow any of these functions, and are easy to bypass by using an ip address instead of a domain name. By skewing their function into a server filter, you are more likely to run into problems and frustrations, esp when you also want to use the hosts file for its intended purpose - to map names to ip addresses. It's going to be pretty annoying when someone makes a typo in the hosts list and you can no longer get to some site because the "connection was refused".

          In short... Hosts file as a filter is an effective kludge for now, but a better solution is to use a ... better solution designed for the purpose of filtering (if one exists).
        • by @madeus (24818) <slashdot_24818@mac.com> on Thursday April 27, 2006 @05:39AM (#15210762)
          No, that's the wrong approach entirely (a little knowledge can be a dangerous thing indeed), you can't possibly hope to keep track of all the hosts required, it's a losing battle.

          The correct approach is to use better software, that blocks Spyware by design.
    • Re:Wait... (Score:5, Insightful)

      by Jerf (17166) on Thursday April 27, 2006 @12:50AM (#15210097) Journal
      A lot of the people I know only go to trusted sites,...

      A sibling to this post points out it only takes a split second of carelessness. This is literally true.

      The combination of
      1. Internet Explorer and several silent install vulnerabilities (are you sure they're all gone? Is everybody's IE up to date?)
      2. The user, and thus IE, running as Administrator (OR any priv. escalation exploit), and
      3. bots that register typo-domains en masse
      adds up to a situation where a single innocuous typo in your Location bar could trigger a rootkit install.

      For this reason, I consider IE mortally dangerous, and until we go for some period of years without seeing a silent install vulnerability, I won't lift this assessment. This has nothing to do with hating Microsoft, and shouldn't be dismissed as such; I think it's a perfectly rational assessment of the situation. I think the only thing stopping more people from seeing it this way is the fact that most people are dependent on Microsoft and simply don't want to see something that means they are going to have to do a lot of work to switch.

      I don't think Firefox has had a "silent install" vulnerability yet. Corrections welcome. It's just too darned easy to get infected, and all the anti-virus software, software firewalls, and spyware detection software is just closing the barn door after the animals escaped, especially as the rootkits are passing the point where you can even pretend to remove them without a full re-load of the OS from the bottom. (And it's only a matter of time before the rootkits go back to the old trick of infecting all executables like the viruses of the olden days, so you have to completely rebuild the machine from scratch...)

      (I remember there was some changes made to the extension download process to make it harder to mindlessly click through, but I'm not counting that. I would consider a silent extension install to be a silent install vulnerability, because extensions get full access to the machine. The same for an install process that isn't "silent", but isn't able to be stopped short of cutting power to the machine; ISTR an ActiveX vuln that had the behavior of installing even if you said "no" to the trust dialog.)
    • FTFA:

      According to the first-ever Spyware Quiz conducted by SiteAdvisor, a staggering 97% of Internet users are just one click away from infecting their PCs with spyware, adware or some other kind of unwanted software.

      If we accept this statistic, then we accept that the non-windows OSes share 3% of the market. OK, I know OS X and Linux each have a small market share, but they're splitting up 3%? I don't think so.
      • Re:Bogus Statistic (Score:3, Insightful)

        by orangesquid (79734)
        If you're not on windows, you're probably not going to be visiting mcafee's site.

        it should read "3% of visitors to mcafee's site who took a spyware quiz are unable to spot every spyware site from a screenshot of part of the webpage."
    • Take the test (Score:5, Insightful)

      by SmallFurryCreature (593017) on Thursday April 27, 2006 @02:51AM (#15210447) Journal
      I was suprised with my own results.

      The reason is simple. The test is loaded.

      You are asked to choose between various free sites and have to judge just buy a screenshot wich one is save. That of course is very hard to do. Worse is that you can't choose the answer "none of the above" wich I think is the only real answer.

      Frankly I wouldn't trust any screensaver or smiley site. Period full stop end of story.

      Oh and as for people using virus scanners. Well yeah. Because others have hit them over the head and tied them to a chair and then installed the virus scanner for them and then trained them with a cattle prod not to remove it. They still go out of their way to make live hard for the virus scanners and still basically just get it.

      Virus scanner == safety belt. Wearing a safety belt doesn't make you a safe driver.

      It only takes common sense to keep your machine clean. Right the same common sense that tells you to limit your speed in dangerous road conditions?

      Common sense is a misnomer because whatever it is it sure as hell ain't common.

  • And let me guess (Score:5, Insightful)

    by Anonymous Coward on Wednesday April 26, 2006 @10:50PM (#15209612)
    McAfee will sell me the software to help save me.
    • "And let me guess ... McAfee will sell me the software to help save me."

      It's a remarkable fact that people will buy all sorts of apps to protect themselves against third party exploits, yet it never seems to occur to them that security has to be against the vendors too.

      So this "McAfee SiteAdvisor" is going to monitor every site you visit and check with some central DB to give ratings? Well, at least the buyer knows that's what it's doing, and installs it voluntarily, but those are not criteria in my def

  • 100% thing... (Score:2, Insightful)

    by jigjigga (903943)
    Well, I wager that even though 100% of these "high IQ" users may visit one of these sites, 99.99% don't become infected by it.
  • VMWare (Score:2, Interesting)

    by foundme (897346)
    That's why I'm using VMWare's non-persistent feature so that my internet-facing OS is always the same, except after updates have been installed.
    • Re:VMWare (Score:3, Informative)

      by svallarian (43156)
      Sandboxie works really, really good for this purpose. You can sandbox IE (or any other app for this purpose) and even if you get infected by spyware, as soon as you close IE, all is gone.

      http://www.sandboxie.com/ [sandboxie.com]

  • Sorry (Score:5, Insightful)

    by Rick Zeman (15628) on Wednesday April 26, 2006 @10:52PM (#15209621)
    But Mac and Linux users comprise more than 3% of Internet users!
    • are using OpenBSD on SPARC, and we prevent viral code execution by removing the CPU.
    • Still got the answers wrong. About half in fact. Granted in real life I would have given the answer to "wich of these sites do you think is safe to visit": "NEITHER"

      But that was not an option.

      Anyway perhaps linux users are even worse. How many of use just install packages from your distro without ever checking who actually wrote them? Just because no-one included a spyware package yet doesn't mean you are being safe. Just lucky.

      • Anyway perhaps linux users are even worse. How many of use just install packages from your distro without ever checking who actually wrote them?

        Who cares who wrote them? The packages should be signed by the distributor. Presumably you trust the distributor or you wouldn't be running that distribution.
  • Bad quiz (Score:5, Insightful)

    by samtihen (798412) * on Wednesday April 26, 2006 @10:52PM (#15209622) Homepage
    The quiz in question has you choose which of two sites, based on screenshots, has spyware. The sites were all for things like screen savers, song lyrics, and free game downloads. That is a terrible, terrible way to judge a users capability to determine if something has spyware.
    • Re:Bad quiz (Score:3, Insightful)

      by Anonymous Coward
      The quiz in question has you choose which of two sites, based on screenshots, has spyware. The sites were all for things like screen savers, song lyrics, and free game downloads. That is a terrible, terrible way to judge a users capability to determine if something has spyware.

      No crap. In some of the screenshots, you can't even see the whole screen, to say the least of not interacting with it. In many of the choices, I wouldn't visit either site.

      It's also worth noting that the quiz is by a major commercial
    • Re:Bad quiz (Score:5, Insightful)

      by SocietyoftheFist (316444) on Wednesday April 26, 2006 @11:01PM (#15209656)
      When I saw the first question I laughed out loud. I guess they may be going on the domain name but the quiz is really bad. I took it and got 4 out of 8. I guess you are supposed to go research the sites because there reasonings for answers couldn't be gleaned from the screen shots. Funny, I've never had a virus or spyware on my machine, I don't allow automatic anything, and I failed! What a joke.
      • No kidding. (Score:5, Informative)

        by Zerathdune (912589) on Wednesday April 26, 2006 @11:44PM (#15209849) Journal
        I got a 5 of 8, and that's cheating by having heard of kazaa and emule. I doubt few people would have seen through the "NO SPYWARE" label that was 2nd in size only to the word Kazaa, without prior knowledge, but I bet a lot more would have been able to figure it out from seeing the actual site, not a 798 x 600 screenshot (what a random number,) and I bet even more are smart enough to not touch it if they don't know what it is, but this quiz doesn't account for any of that, and it pics the kind of sites that are visited mostly by the segment of the population who ISN'T educated about this stuff. screen savers, smilies, and pretty much anything that says it's free, but doesn't say open source - stay away or be very freakin' cautious.

        let's go through the quiz (if you want to see for yourself untainted, do so before reading this):

        the first 4 questions have you determine which of two sites is safe, based on screen shots.

        question 1: choose between two screen saver distrobution sites. like all the others, it's just a screenshot, and doesn't even show the whole front page, let alone users look at other pages. the only decernable difference is that the first one looks more professional, so heeding the remarks in the article that said most users seem to think that means it's safe, and "reading between the lines," I picked the other one, since there was no logical way to decide. I was wrong.

        question 2: smilies. the one on the right looked more professional, and said "NO UNWANTED SOFTWARE" in a very easily spotted location, with big letters, and the other in regular sized font, in the bottom right, had a half cut off message that pretty clearly stated (even with incompete sentances) that it contained spyware, so I picked the one on the right, this time with some actual info to go on. I was right.

        question 3: free games. the sites had no noticeable differences in professionalism, no warnings or advertising of spyware freeness either way, nothing to go on that really made any sense to actually use, so I decided that TotallyFunFreeStuff was trying to hard, and was probably hiding something, and picked the other. I was right.

        question 4: Lyrics. important to note that this one used active X, so it's irrelevant to anyone who's not dumb enough to still regularly use IE anyways, which now that I mention it, I think I'll soon put a rant about McAffee and that that in my Journal (will be a first entry,) but it's to much of a tangent for this post. anyways, the one on the left looked more professional, and the one on the right had a "firefox blocked a popup" message on it, so I picked the left (entirely because of the message, I continue to mention the professionalism because the article made a stink about it.) I'd like to note that the thing I took as a tip off wouldn't be availible if I were seceptable to this at all, as it's a firefox message, which doesn't do active X. In any case, I was wrong.

        the last 4 questions had you determine whether a file sharing program was safe based on the usual screenshot of the webpage.

        Bearshare: site looks professional, there's a link for a "FREE Sponsored version," sponsored sets off a red flag in my mind, I say no. I'm right.

        eMule: worst site design of the four astheticly, says it's open source, I've heard of it, I say yes. I'm right.

        blubster: pretty sleek front page design, though it feels like a splash screen, so there's almost no information. nothing to go on really except that it says it's 100% free, which given the fact that OSS/Free software tends to advertize itself as such, and they didn't, probably meant add supported, but for some incomprehensible reason I still picked yes. I'm wrong.

        Kazaa: slick page, big "NO SPYWARE" label on the font page, there's a main section for the privacy thing, which I bet a lot of people would have looked at if it were a page, not a picture, but instead just trusted it because the label was all they had to go on. I was familiar with the software though, so

        • Screen savers, smilies, and pretty much anything that says it's free, but doesn't say open source - stay away or be very freakin' cautious.
          That's very good advice, one I've been applying - and giving not-quite-as-geeky friends - when looking for "shareware-type" apps: Just add "GPL" to the search query.
        • Re:No kidding. (Score:5, Insightful)

          by Joel from Sydney (828208) on Thursday April 27, 2006 @02:19AM (#15210378)
          I get the sense they rigged the thing just to premote the software. it's such a poorly designed a survey that I would have supsected it even if they had no mention of the software anywhere near the survey.
          I got pretty much the same feeling from doing the test, and I got a 6 out 8 (go me!). The first choice (between screensaver sites) was just an absolute joke, there was literally no information on which to base your choice! Except of course that one site looked like it was designed in NetObjects Fusion, and the spyware site looked like a "Learn HTML in 21 minutes!" special.

          The only other thing I'd add to your comments is that the presence of a forum seems more likely to indicate safety. Most of the "safe" sites had a forum section, most of the "unsafe" sites don't. Obviously this isn't a hard and fast rule, but a forum where people can complain about the spyware they just downloaded would tend to scare prospective victims away.

        • Re:No kidding. (Score:3, Insightful)

          by Ford Prefect (8777)
          I scored eight out of eight. I'd never heard any of the sites before, beyond the eMule and Kazaa ones - and those I've never used. All I used was information presented to me in the screenshots.

          It was an easy test, and was full of clues.
          • Screensavers: One site gives the licence for each download, and usually the price if it's shareware - the 'Order Now' link at the top suggests this is how the business makes its money. The other just provides downloads - and doesn't have any ads. How does this service make i
    • Re:Bad quiz (Score:4, Insightful)

      by jonnythan (79727) on Wednesday April 26, 2006 @11:15PM (#15209720) Homepage
      Ummmmm..... I think that's the point.

      You sometimes can't tell what software will have bundled spyware or adware, (especially in such an obviously biased quiz) which is why you're going to need to purchase McAfee's anti-spyware software.

      Hello, McFly...
      • Re:Bad quiz (Score:3, Insightful)

        by rmdir -r * (716956)
        Seconded. And while there are some sites that do drive-by downloads if you've got the wrong browser/OS pair, there is essentially no way you can know that ahead of time.

        Anyway, look at the `quiz'. It's a collection of screenshots. There is no data you can use except `this site looks too corporate', or `I've heard bad things about kazaa'.

        It's not a quiz of your mad spyware spotting skillz, it's a marketing attempt. And did anyone else find it funny that their copy of firefox had the little `update me!' red

      • Re:Bad quiz (Score:3, Insightful)

        by Brandybuck (704397)
        No, the point is that sites for free screensavers, games, and lyrics are all full of spyware.

        It's like saying users can't tell which scraggy whore has the clap, so they should all buy new McAfee Anti-Itch cream so they can keep on screwing scraggy whores with the clap. If you compare users with the clap to users without the clap, you notice a strong correlation to choice of partner.
        • Stay away from the scraggy whores (sites offering binary executables) and you're at least somewhat safe. Give in to temptation, and you're certainly doomed.
    • Re:Bad quiz (Score:2, Insightful)

      by PatriceVignon (957563)
      So where do I click for the "none of the above" answer? Everyone who downloads screensavers, games, ... or has turned ActiveX on in his browser just deserves to get infected with spyware!
      And, what a surprise, the test is run by McAfee, who wants to sell me "protection" against spyware. Protection as in "catches 97% of the spyware that has been out for more than a month" (just made up those numbers). No thanks.
    • If they gave you the tools to find out what the hell was going on, you might pass, and then their idiotic marketing gimmick wouldn't work.
    • Re:Bad quiz (Score:5, Insightful)

      by quentin_quayle (868719) <quentin_quayle&yahoo,com> on Wednesday April 26, 2006 @11:41PM (#15209839)
      Right. It's more like "Assuming you are going to download an exe of some frivolous applet, and install it as Administrator on Windows, on a whim, which site will you get it from?"

      If this applies to you, you've already flunked the real-world test. If they had a third option "I'll get software only when it's important, and then only from sources I've thoroughly researched and have objective reason to trust" - then this quiz would be a public service. As is, it just encourages the proliferation of Windows malware.

  • Sure (Score:5, Insightful)

    by TheRealMindChild (743925) on Wednesday April 26, 2006 @10:52PM (#15209623) Homepage Journal
    One interesting conclusion from this study showed that even users with a high "Spyware IQ" have a nearly 100% chance of visiting a dangerous site during 30 days of typical online searching and browsing activity.

    Sure, we like to visit places like http://www.cracks.am [cracks.am], who actually write their own spyware. But I am not so sure that qualifies me as ever installing any of their garbage.
  • How? (Score:2, Interesting)

    by AnalystX (633807)
    How exactly does that matter if less than 97% can get infected with spyware, or were they only testing people with systems that didn't safeguard against such? I would assume more people are careless about such things because they have anti-spyware software installed or are running an OS other than Windows.
  • by TechnoGuyRob (926031) on Wednesday April 26, 2006 @10:53PM (#15209630) Homepage
    *Click*
  • Follow the money (Score:3, Insightful)

    by Roachgod (589171) on Wednesday April 26, 2006 @10:54PM (#15209632)
    Clearly the message is to just give up and pay the anti-virus/anti-spyware people a bunch of cash.

    The real way to combat this is to hold website owners responsible if they are hosting such malware.
  • by TheSpatulaOfLove (966301) on Wednesday April 26, 2006 @10:55PM (#15209637)
    Free pr0n? Free laptop? Free Ipod? Yes!! *clikc*click*click*! 97% of internet users think free truly means free.
  • by MalleusEBHC (597600) on Wednesday April 26, 2006 @10:58PM (#15209647)
    This is just like a "spot the phishing email" quiz I saw. Just looking at a picture gives you no context. Did you get the link from a reliable source? What OS/browser are you running. (I'm definitely more willing to check out something suspicious in Safari than Internet Explorer.) Are you dumb enough to download and run something from the site.
  • by aussersterne (212916) on Wednesday April 26, 2006 @11:02PM (#15209661) Homepage
    It contains no technical information or interactivity whatsoever. No status bar information, no ability to view page source, just screen grabs of random web sites.

    This is a completely invalid, unsound test, as there is no technical way to determine the presence of malicious software simply by looking at a page as it initially loads in the absence of any ability to interact with it or at the very freaking least scroll up or down or hover a mouse... sheesh...

    It's like blindfolding someone and then blaming them for not being able to catch a baseball pitch, facing away from the thrower, with their bare hands. Of course they won't be able to, if you take away every single useful tool for them to accomplish the task.
    • It contains no technical information or interactivity whatsoever. No status bar information, no ability to view page source, just screen grabs of random web sites.

      This is a completely invalid, unsound test, as there is no technical way to determine the presence of malicious software simply by looking at a page as it initially loads in the absence of any ability to interact with it or at the very freaking least scroll up or down or hover a mouse... sheesh...


      Your criticism is completely valid, and for t
  • Flawed quiz (Score:5, Insightful)

    by siwelwerd (869956) on Wednesday April 26, 2006 @11:02PM (#15209663)
    This quiz doesn't measure anything. Where's the option for "Both of these look suspicious and I wouldn't go near either of them"?
  • by jZnat (793348) * on Wednesday April 26, 2006 @11:04PM (#15209670) Homepage Journal
    Since the quiz requires JavaScript, and since I have that by default disabled, I think I passed the test.
  • by Digital_Quartz (75366) on Wednesday April 26, 2006 @11:07PM (#15209686) Homepage
    The quiz (http://www.siteadvisor.com/quizzes/spyware_0306.h tml [siteadvisor.com]) asks questions like "Which of these smiley download sites is safe?" The answer I'd pick is "I don't care which one is safe, I wouldn't ever download something so pointless and high risk to begin with", but that option isn't available.
    • by ucblockhead (63650) on Wednesday April 26, 2006 @11:51PM (#15209888) Homepage Journal
      Exactly. It's like saying "One of these prostitutes as herpes and the other is clean! If you can't tell the difference, you need to buy one of our prostitute STD test kits before leaving the house or you WILL be infected!!!"
      • Exactly. It's like saying "One of these prostitutes as herpes and the other is clean! If you can't tell the difference, you need to buy one of our prostitute STD test kits before leaving the house or you WILL be infected!!!"

        Clean... That's a way to put it. The one that doesn't have herpes has AIDS!

        (Yes, so their "safe" sites may actually also be infected. It just means that they haven't detected that malware or weren't looking for that type of malware...)

  • Missing Poll Option (Score:5, Informative)

    by rcw-home (122017) on Wednesday April 26, 2006 @11:09PM (#15209694)
    For questions 1-4: None Of The Above!

    Seriously, is McAfee trying to imply that some executable code you download off the Internet from people/organizations of unknown repute is safe?

    BTW, if 3% of people answered their questions correctly, that means that 5 of 8 questions effectively had 50% odds. For example, if 50% of people were able to get questions 5-8 correct, and everyone just flipped a coin to answer questions 1-4, you'd get a 3% all-correct rate.

    • Indeed. They gave me a score of 3 out of 8 even though I only answered three questions. The answer to the other five was, of course, "I wouldn't trust either of these sites".
  • by Parallax Blue (836836) on Wednesday April 26, 2006 @11:14PM (#15209718)
    Give users a cool, savvy looking test that makes them choose between two equally suspicious looking webpages, then reveal their horrible results. Oh no! But with SiteAdvisor, never fear... you'll have a handy site report to base your decisions off of!

    Yes, easy to see what the purpose of this test REALLY is... promotion promotion promotion! I'd even point to the fact that this is on /. as an indicator it's a shameless plug for their product, except the majority of intelligent Slashdotters is hardly prone to falling for this.

    Then again, what do I know? I got a 5 out of 8 on the quiz. Boy, am I a dumb intarweb user! Better go install that SiteAdvisor after all...
  • by jonnythan (79727) on Wednesday April 26, 2006 @11:17PM (#15209730) Homepage
    I love it.

    McAfee claims that one of the lyrics sites has "delivered adware through ActiveX" via Firefox.
    • It's not the best decision to make, but this critter provides ActiveX in Firefox.

      Mozilla ActiveX Project [www.iol.ie]
    • Though perhaps for them it almost does- one of those screenshots had a little arrow-and-IE logo, which I believe is part of an extension allows you to forward pages to Internet Explorer if you use firefox on windows.

      So for specific users, it might tangentially be true- they can launch IE from Firefox and get pwnd by ActiveX!

  • FireFox (Score:5, Informative)

    by OctoberSky (888619) on Wednesday April 26, 2006 @11:17PM (#15209734)
    Notice the Top Right of any pic. Thier FireFox is out of date.

    And that is just another reason I don't use McAfee.
  • I'm thinking most people are surfing for stuff that I never think to. In 20 or so years of using a computer, and 15+ years of being able to access the internet, I don't believe I've ever had a single virus, malware, spyware, or whatever.

    Then again, I don't want animated cursors, free screen savers, or any of that stuff.

    Then again, I primarily surf from a Mozilla with no plugins enabled, prompts for cookies, and a hosts file to block everything. So I'm probably not the typical web-user.
  • The Twelfth step in TrustABLE IT [blogspot.com]

    [12] Governments, organizations and individuals are becoming increasingly concerned about software compatibility, conflicts and the possible existence of spyware in the software applications they use. If you have access to the source code, then you can check it and compile it for yourself. This is not an option for closed source proprietary applications, and not everyone has the resources to check each line of source code. One solution for these issues is to employ a tru

  • by ezratrumpet (937206) on Wednesday April 26, 2006 @11:23PM (#15209768) Journal
    I came across a 7th grader who managed to load up a Win98 machine with 14 different pieces of spyware with 1 click in IE. We wiped the machine with an industrial strength removal program, installed Firefox, locked it down, and asked her to go out to the same website. NOTHING - not one single piece of spyware - got through on Firefox. At that moment, I converted for life.
  • So I took the quiz, and the first 4 questions didn't have the correct answer as an option. The correct answer is "do not download binaries from unknown sources."

    Seriously, if you're asking which smiley or screensaver site is "safe", you've completely missed the point. Downloading binary files from arbitrary sources is inherently unsafe. Build from source, or do without whatever it is.

    • Downloading binary files from arbitrary sources is inherently unsafe. Build from source, or do without whatever it is.

      So you'd have to do without your build environment...
      • So you'd have to do without your build environment...

        I didn't get my build environment from an arbitrary source. I got my original toolchain from my distribution and checked the signatures against the GPG keys available from multiple keyservers. The theoretical danger there is so much less than the danger of downloading a screensaver from some site off the Internet that I don't even see a point in making the comparison.

  • I got four out of eight wrong, but then I don't use any of the P2P programs listed, so I'm not up on the current ones as to which has spyware embedded. Of course, I KNEW Kazaa did, so that one was easy. I've never used BearShare or eMule and never heard of the other one.

    Since I run Firefox with no ActiveX, and on the Windows side I run at least four antispyware programs, I'd say my performance on the quix isn't terribly relevant.

    Also, the fact that the SITE has downloads with spyware doesn't necessarily mea
  • by ScrewMaster (602015) on Wednesday April 26, 2006 @11:28PM (#15209791)
    Most Web Users Unable to Spot Spyware

    Well, I guess that's why they call it spyware, don't they. I mean, what kind of spy would be easy to spot? Wouldn't be a very good spy, now would he.
  • by geobeck (924637) on Wednesday April 26, 2006 @11:33PM (#15209808) Homepage

    Most web users are unable to tell what browser they are using. Or operating system, for that matter.

    Support: What web browser are you using?
    User: Microsoft Excel.
    Support: Okay, what operating system are you using?
    User: Um... Dell?

  • I went to each one of the sites before answering. I still missed two of them.

    First I missed the lyrics sites. One of them supposedly installs activeX adware. I couldn't tell this since I'm using Firefox in Linux.

    Then I missed one of the P2P software sites. I incorrectly decided that Blubster was safe, even after looking through the site. They do mention that they take information given when you fill out a contact form, but I didn't see any mention in the terms of use or privacy policy regarding anything in
  • Anyone else that took the quiz notice that their Firefox window had some unapplied updates? Also, a screenshot of a website can't provide much information, especially when you can't even do as much as scroll down to see what their privacy policy is.
  • In a test of slashdot editors 97% were unable to differentiate between news or a corporate press release. Successful identification dropped to 0% if either Google or a Microsoft competitor supplied the article. When asked about his editors incompetance Rob "Cmdr Taco" Malda explained "We just pick the articles with pretty colors, as we really don't have time for anything other than wacking of to pictures of Linus Torvolds and sending resume's and cover letters to Sergie Brin"
  • Dumb quiz (Score:3, Insightful)

    by Bootard (820506) on Thursday April 27, 2006 @12:21AM (#15209993)
    By analogy, this quiz is the rough equivelent of having people pick from a group of crack-head prostitutes the one without disease, and when they fail, telling them they know nothing about safe sex. Safe sex, like safe browsing, ended before the the first question on the test. There is no safe sex by trying to pick only the disease-free crackhead prostitutes. There is no safe browsing by trying to pick the free smilies site that won't blow your computer up. There is value in mininimizing risk where it's found, but to me, safe browsing and downloading FREE SMILIES!!! from some popup window are mutually exclusive activities. That said, their product does have merit, probably. I just wished it was marketed as what it is: "You're a dumbass, and are going to do dumbass things. Maybe you need a net."
  • by SirCyn (694031)
    I passed the quiz, no real surpise. It's quite easy just looking at the pictures, when you know what you're looking for.

    Every single "safe" site had a "Support" or "Forums" button. None of the "unsafe" sites did.

    That's because the unsafe sites support would have the FBI on them in a second from this guy [slashdot.org].
  • 97% of Internet users are just one click away from infecting their PCs with spyware.

    And what is that one click? Infect me now [nyud.net]

  • by dindi (78034) on Thursday April 27, 2006 @12:37AM (#15210052) Homepage
    I get the point that when you go to a screensaver site and see 2 menupoints and 4 screensavers, that is suspicious,
    but in most cases they seem to tell me, that a simple design vs bling means that the simple design will sell you spyware ....

    dunno, i think any download is a potentional spyware, especially the spyware programs (that my wife installed on her mom's computer adter a popup : your computer mught be infected ,,, )
    well at home she uses linux so did not get a clue......

    ohh that crap also has the important message: all p2p programs are spyware laden....

  • I'm just one commandline away from "rm -Rf /". Having typed it into this Slashdot submission form, I'm just a click away from pasting it into a terminal window.

    Yet somehow, I don't feel like I'm peeking off the ledge of a 50 storey building into tiny traffic below.
  • by suv4x4 (956391) on Thursday April 27, 2006 @12:41AM (#15210063)
    1. We present you with a 32x32 pixel cropped screenshot from two sites. One of those contains dangerous spyware! Which one is it!

    *click*

    Ahahah, it's both you loser!

    Now go buy our software.

    2. Next question: what you see is 32 bytes from two EXE files. Which one of those installs adware?...
  • i work for a major broadband company (in fact, im working right now), doing technical support. I would say that this is definately true--almost one quarter of the call volume that we get has to do with a user contracting some form of malware, usually spyware. The thing is, most people are too beligerent to realize that they contracted something, thinking instead that their systems are perfectly impenetrable.

    -Cypheros [cypheros.com]

  • A very bad survey. (Score:5, Insightful)

    by Yaztromo (655250) <yaztromoNO@SPAMmac.com> on Thursday April 27, 2006 @12:44AM (#15210076) Homepage Journal

    I took my usual paranoid route. For the first four questions, I didn't select either site (which, as it asks which site you trust, seems to me to implicitly state that I don't trust either site). For the last four sites, I specified that all of them potentially had spyware.

    My result? Well, acccording to this "survey" I only scored 3 out of 8, as my not trusting sites which didn't have spyware (as they could find) counted against me, and I distrusted one site which the survey claims has no spyware. So apparantly, because I don't trust ANY of the 8 sites referenced in the survey, I'm "At Risk", and my "...answers would have infected your PC with adware and spyware many times over.".

    Uh huh. Not trusting any of the 8 sites is putting me at risk? Spyware and adware many times over? Let's ignore for a moment that I'm running Mac OS X, and that I wouldn't visit any of those sites in the first place, and don't download screensavers, wallpapers, or smilies, but apparantly according to SiteAdvisor my distrust of all their sites puts me at risk.

    And that right there is enough to tell you the quality of this so called "survey".

    Yaz.

  • by gvc (167165) on Thursday April 27, 2006 @08:30AM (#15211183)
    In a recent study, a major condom manufacturer showed photos of men and women to internet users. Surprisingly, most people were not able to distinguish those with an STD from those without.

    Conclusion: most internet users are in serious danger of contracting AIDS.

    [note to moderators. this is a parody.]
  • WTF? 3 out of 8? (Score:3, Interesting)

    by catdevnull (531283) on Thursday April 27, 2006 @09:31AM (#15211527)
    I chose that ALL sites were unsafe (take no chances) and assumed they were risky.

    Then the stupid quiz told me I was at risk. I call bullshit on the results--it doesn't account for "paranoid" mode.

Although the moon is smaller than the earth, it is farther away.

Working...