Failing Grades For Most Anti-Spyware Tools

serbach writes "Steve Gibson posted this link to a superb test of about two dozen top Anti-Spyware programs: Eric L. Howes conducted the test over a two-week period in October. The results surprised me: only 3 ASW programs had a 'batting average' of better than .500 when it came to eradicating the broad range of spyware in the test. Freeware star Spybot Search & Destroy came in a distant 7th with an average of only .376. The top three? Giant Anti-Spyware, Spy Sweeper, and Ad-Aware. These test results are well worth your time."

Personal experience with anti spyware tools

[Phidoux]

I've been using a few different anti spyware tools in parallel because it seems as if there isn't a single tool that can reliable remove all spyware.

Ad-Aware and HijackThis

[krumms]

I've always found a combination of Ad-Aware and HijackThis do an excellent job of keeping all things spyware under control. Ad-Aware for more frequent scans, and the odd hit of HijackThis when things seem screwy. Admittedly, I don't know how much spyware I actually miss but it seems to keep XP happy for most part :)

if you don't log and analyze traffic

[Sai Babu]

you never know where your internet connected peecee might be sending it's bytes.

hmmm why is that activity LED blinkin?

Re:none here

[Lord Kano]

I dont use any, and have no problems.

That's kind of the point. If spyware broke your computer immediately, you'd know it's there and would be able to remove it.

If you've never checked for spyware, it might be on your system.

You can declare that you know you don't have a disease because you were never tested for it.

LK

Re:none here

[26199]

What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone.

Unfortunately that's a long way from the truth. But I think you should blame the engineers and computer scientists, not the end users.

Re:Is Windows fit for the internet?

[Skyfire]

As much as we like to say bad things about Windows' security here on /. (and I won't argue with the poor security of Windows), I don't really think that most spyware is a security issue. Most of the spyware that gets installed is installed hidden in amongst other downloaded programs, and the only warning that the user has might be one or two lines in the EULA, which no one bothers to read. I think that the real culprit behind spyware is the companies that play these dirty tricks, and also to some extent the users that blindly click every little button. I've learned to carefully look through the installer instructions on random programs that I download, and I very rarely have problems with spyware.

Re:none here

[Lord Kano]

I don't have spyware cuz I check processes for new things that pop up (XP Pro).

What about programs that appropriate the names of legitimate windows processes? Or ones that take advantage of the shortcomings in the font used in the task manager to look like a legitimate process?

LK

Re:none here

[bloodredsun]

A decent browser, good av software and a patched os will protect you from most things but the reality is that most people will click on the okay button of the "Can I please install malware on your computer" dialogue box! Users are exposed to so many dialogue boxes during the day for puerile reasons, they become conditioned to mindlessly clicking on things to get to their destination. So that when one pops up for a decent reason, they click on the damn thing anyway. Non-techies out there have no idea of cyber-hygiene, which in todays environment is the equivalent of not using a condom while you bang crack ho's while mainlining H from a shared needle (almost)!

Re:It's interesting

[Anonymous Coward]

no they are not 'happy' with all that crap. that's why the developers go to such extreme lengths to get make the damn things next to impossible to remove without dedicated removal tools (which even then, as we see in the article, often fail).

if your program had a smooth uninstall that actually did something, was called WarningNastyEvilSpyware.exe, flashed up a new warning everytime it ran that evil crappy spyware it installed, and clearly documented everything it did, then I guess it was ok (though you'd have to pay me to use it).
otherwise you were working for evil.

(and what made you think you'd get karma for admitting to writing spyware?)

Re:Is Windows fit for the internet?

[Anonymous Coward]

I'm not pretending this is feasible but you have to wonder what the net would be like if only relatively secure OS's were allowed to use it.

Windows is a relatively secure OS if you know how to run it. Unfortunately, most people who run it are dumbasses who install all programs they find and click YES to every prompt they see. If you run it with a decent firewall (whether that be software or hardware), antivirus software, and diligence then Windows won't give you any problems.

BTW I recommend Ad-Aware and Spybot: S&D for clearing out just about any crap if the spyware does somehow "install themselves" onto a system.

Horses for Courses

[One Childish N00b]

The anti-spyware game is a real case of horses for courses - one tool will detect some spyware and miss others, while another will find all the bits the other missed, but miss off a couple it didn't. There really is no 'definitive' spyware removal tool and it's foolish to say there is. I advise people to run both Ad-Aware and Spybot with latest updates at least once a week to ensure almost all spyware is found and removed, as I've had too many instances of one of the two missing out five or six items on every sweep that the other one found straight away.

You could probably get even better performance by running more than those two, but I'm not going to harrass my clients to start running half a dozen programs just to remove spyware and it's a pretty rare thing to come across a piece of spyware, even a humble cookie, that both of those two miss. Anyway, my point is this; You can't just run Ad-Aware or Spybot and think you're protected. Until an anti-spyware tool has a 100% record against all known spyware, I won't consider them anything near a definitive tool, or a licence to behave recklessly on the net, something which too many naive people seem to do.

The problem with anti-spyware tools is three-fold;

a) They are made by private companies and individuals who's credentials and/or decency cannot be guaranteed. They could easily take kickbacks from spyware companies in exchange for 'excluding' their programs from the scan list. Sure, it might not be happening now, but what's to stop Lavasoft suddenly to start taking kickbacks to let the less insiduous spyware through? Unless you're on the inside of a company like that, you can never be sure. I'm sure Lavasoft aren't doing anything like that, as these results prove, I'm merely using them as an example - any anti-spyware app people trust is in an immensely powerful position on the user's computer, and any money-seeking company can theoretically be bought out.

c) When they remove a spyware .dll that a program the user makes use of hooks into, the program may stop working, and who would get blamed? the anti-spyware vendor. Hey presto, Spybot looks like pure evil because they just killed off Joe User's cool new P2P app because keylog32.dll got wiped. This happened a lot when Kazaa was big - naive users getting told by techy types to run Spybot every now and then to clear spyware ended up bitching because it nuked the spyware that Kazaa checked for before starting up. They didn't seem to care about privacy when protecting it stopped them getting their MP3s and porn.

c) People do, as I mentioned above, use them as an excuse to behave recklessly on the internet - they will install random .exes, they will visit dodgy sites and they will do all manner of things because they believe they are safe. They don't understand that spyware blockers only work against known types of spyware, not all spyware in total. Naive users seem to think it's an agreement between spyware vendors and anti-spyware companies when it is, to all intents and purposes, an arms race which the anti-spyware groups will always in second place.

Anyway, what was my point again? Oh yes, that these statistics are misleading for naive users. Ad-Aware and the others are now going to start shouting from the rooftops about how they're one of the top 3 anti-spyware apps on the market, and thousands of lusers will trust themselves to it implicitly solely because of that blurb, while the reality is Ad-Aware still misses stuff, and it is more than fallible. That 'lowly' Spybot has turned up half a dozen items Ad-Aware failed to find at least three times for me, but I wouldn't run that on it's own either - Everybodyb knows it's a good idea to get a second opinion, especially when it's free.

Also, does anybody else find it funny that /. are now serving ads to the Microsoft 'Get the Facts' campaign? Is this Slashdot putting one over on Microsoft by taking the money they throw at them when they know no-one here will believe it, or have they reached a new low, actually showing not just Microsoft ads, but ones that feature blatant FUD against FOSS?

Arguments to the contrary...

[Spoing]

Oh, not from me. While the failure rate is much higher than I'd expect, that they do fail on a regular basis is not a surprise.

The reasons seem to be simple;

1. Spyware detectors find and remove known spyware.
2. Spyware creators know about the spyware scanners. If they decide that being detected is a big enough problem, they work on ways to not be detected.
3. As the new spyware revision comes out, they are discovered and the spyware detectors are updated.
4. Rinse and repeat.

Yet, the test results show that the spyware detectors aren't in the arms race against spyware that I described above. Instead, many spyware revisions aren't detected at all. Either they don't know about the spyware revisions, the spyware is not being tested for, or the spyware is being ignored on purpose.

Right now, the bar that the spyware creators have to leap is very low. Both social engineering and direct injection onto systems make spreading these things fairly easy to do for the spyware maker. Tie that in with many spyware detectors not detecting completely, and not being used consistantly, and I don't see an end to this problem soon for most people.

What to do? I'll leave that to others for now. I have my own lists. It is a security issue so the systems should be considered to be on hostile networks and hostile users. I consider 2 hours to lock down a Windows XP system to be a reasonable minimum amount of time to spend on each system -- unless automation tools are used.

Re:none here

[rudy_wayne]

What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone. Unfortunately that's a long way from the truth. But I think you should blame the engineers and computer scientists, not the end users.

It's that attitude that's the problem. The computer IS NOT supposed to be a 'generic consumer product'. That's marketing bullshit. For years, companies that sell computers have been pushing the idea of the computer as an appliance. You don't need to know anything ... you just push a button ... just like your toaster.

User stupidity is still the number one security problem.

Nonsense.

[brunes69]

A car is a generic end-user product as well. But if the engine catches on fire because the owner hasn't changed the oil in 12 months, despite the car manual prescribing a change every 5,000, documentation from the dealer saying the same, and red blinking light in the dashboard, no one blames the engineers. The exact same thing is true of sypware and viruses - it is a well known problem, the user's companies and ISPs tell them not to open the attachments, Windows XP even issues a warning prompt, but they do it anyway.

You can engineer many problems, but you can never engineer away human idiocy. There will always be some idiot who will find a way to kill themselves with a pair of dull safety scissors.

Re:It's interesting

[RedBear]

Ahem... Why are you pretending all /.ers are as bad as each other?

On the one hand, some /.ers do find it reasonable for spyware like yours to exist in the world, as long as it notifies the user clearly that they are selling personal information in exchange for the "free" use of this software. On the other hand even those folks will usually still class your software in the same category of the junk that unknowingly violates your privacy and bogs down your computer.

It's difficult for most people to come to the conclusion that there is such a thing as "good spyware" a.k.a. "direct advertising software", just because there are idiots in the world ready to willingly give up their rights to information privacy for money or free junk software goodies. In the end, users like that and software like yours simply chip away at our ability to keep our personal information private. Therefore all spyware is considered somewhat of a menace whether they are "legitimate" or not.

On the gripping hand, of course, if your software were really totally honest and straightforward about what it does, it wouldn't really fit the definition of "spyware", now would it? I don't know of any such software, but I will concede that it could exist. Personally I would still disapprove of it, but people have to make their own decisions about giving up their personal information.

The general public would probably give up lots of other rights in exchange for free stuff. That usually doesn't make it OK for them to do so, nor does it make it OK for someone to try to get them to do so. Even if it happens to be legal.

Re:I don't get it

[isdfnmo]

No, friend, you really don't.

The point is not that we technically proficient people can deal with SpyWare but rather that the 99% of computer users who are not technically adept can use their computers, the internet and their email without having to fight a constant battle with unwanted intrusion.

What other mass-produced, home appliance can you think of that requires a deep understanding of its inner workings? We, as the technicians, should be hanging our heads in shame that we have failed, in over 20 years of trying, to devise a machine and an interface and a secure environment that allows the end-user to enjoy the internet or office suite or any other application with such carefree abandon as they do their TV or Dishwasher or Microwave.

Sure people need to be careful, just as they do when driving or using a blender, but surely it is not beyond the wit of man to hide the complexity of the system. Surely a better use of our time and effort, rather than trying to play catch-up with 'the man' is to start finding common ground upon which we can progress best practices... Let the Corporations then compete on price and feature-sets from that good and solid foundation rather than firing off in their own directions with their own agendas and muddying the already dirty waters.

We have a lot of work to do, I'm afraid.

Re:It's interesting

[Erik Hensema]

• spyware almost always hides its true intentions deeply into some EULA nobody reads
• spyware usually is very hard to uninstall

Especially the last point is important. If my browser is infected with spyware, I simply want to go to controlpanel->software, select the program and uninstall it. Nearly always this is completely impossible. Lots of spyware nowadays actively combats uninstalling. And when software does that, it always is written by the Bad Guys.

Unfortunately you don't say what product your company was/is making, but I guess that was to be expected.

Re:It's interesting

[asadsalm]

Of course!

They would be really happy to install these free utilities and games. They really wouldn't care why their computer takes 30 minutes to start, and keeps crashing every so often, randomly. They wouldnt care, because they dont "know".

Its absolutely wrong to create awareness, since ignorance is bliss isn't it? For them, all they need to do when their computer becomes a constantly-rebooting over-sized paperweight is to call me and spend a day to have it "formatted".

I mean, c'mon, the funny-little-desktop-buddy is OK. All it does is reduce my computer to a 0.5 frame per second 1956 batch-processor.

Its funny how, when your bread comes from a shady source, that source becomes morally right. Like, for example, in my religion, interest based financial transactions are not allowed. The only people who say its ok are bankers!

Re:none here

[dapendragon]

Until engineers and computer scientists can make computers idiot proof, I don't see why we should consider computers a 'generic consumer product'. You need a license to drive a car, since the car is by no stretch of the imagination idiot proof. If you try driving a car in traffic without any sort of training you'll most likely end up hurting yourself and others.

Similarily, using a computer with a broadband connection to the Internet without at least some idea of how to make the computer secure (i.e. antivirus software/firewall) will most likely result in a computer infected with trojans and spyware, causing problems for the owner. What's worse, his computer will probably infect other computers as well.

Sometimes the concept of an "Internet license" similar to the driver's license actually seems like a good idea. A driver's license doesn't stop car accidents from happening, but a least you're keeping some of the worst morons off the road.

Review Format

[Donny Smith]

While we should be grateful for the work done by the reviewer, I cannot but notice that the results are hard to find out.

I, for one, would like to see some conclusion or recommendation or rating (Anti-Spyware A - goog; Anti-Spyware B - shit; Anti-Spyware C - excellent).
I know the article focuses on falling efficiency, but still, it's a bit overwhelming to go over those huge tables.

Re:Ad-Aware and HijackThis

[Anonymous Coward]

(this is written under the assumption that you're cleaning your own system with SW scanners)

There is only one real solution to spyware: be very careful what you install.

Like worm scanners, Spyware scanners are damage control. They try to clean, as much as possible, a compromised environment from from within that environment, after the fact. If you need a virus or SW scanner, its already too late.

A lot of bullshit reasons to use Free Software are thrown around on this site. Spyware is one of the legit, and often overlooked reasons. One doesn't even need to switch to GNU/linux; there is plenty of Free Software for windows. As long as one is willing to exorcise a little restraint, spyware scanners are redundant.

Re:none here

[RedBear]

The general public is composed of people who literally can't tell the difference between Adobe Photoshop and Adobe Acrobat Reader, or Mozilla Firefox and Mozilla Thunderbird. This is no hyperbole, I know many people with this problem and I'm sure you've met some yourself. They'll call and say, "I'm having a problem with my Adobe." Or ask you repeatedly which application you're in right now when you're both looking at the screen, even though the applications present completely different interfaces. The person usually will have been using the applications in question for months or years, and still can't tell them apart without thinking about it really hard.

Is it simple ignorance? No, that could be easily corrected. Is it sheer stupidity? No, these people are otherwise of average intelligence or better. It's some kind of weird mental blindness that comes over people whenever they are faced with a computer screen. It's conditional stupidity, and it's one of the main problems with the general public. Most of them will never learn to be careful until you hook up a car battery to their earlobes that gives them a physical notice whenever they do something stupid. Otherwise they just don't seem to be equipped mentally to grasp the concepts involved in using a computer responsibly. The software industry hasn't exactly been helping matters, but they have a monumental task ahead of them. I think computers are just too abstract for a lot of homo sapiens sapiens to deal with.

End User License Agreements and Privacy Policies

[NoMercy]

"Moreover, users should learn to practice safe computing habits, which include avoiding web sites and programs of unknown or dubious provenance and carefully reading End User License Agreements and Privacy Policies."

Am I the only one who doubts that will come true any time soon, we all know how to click on a button as a reflex action, reading a lengthy EULA full of lawyerspeek... that's a headache.

Well, here's IMHO what's wrong with them

[Moraelin]

I've said this before, but here goes again: what's "wrong" with non-nerds is that they're used to the Real-World "security model". The real world doesn't work like computers do.

In the real world, you don't have to have an absolutely-unbreakable titanium-plated vault door to your house, nor bullet proof windows. If anyone wanted to hack your front door down, it's worth a maximum 5 minutes with an axe.

Real world locks also aren't supposed to be unbreakable. Au contraire. By computer security standards, they're a catastrophe. Most allow 1-pin-at-a-time attacks, which in computer security is the worst anti-pattern. Locks with master keys allow easy escalation of privileges too.

It's all documented vulnerabilities (or exploits) and they've been known for ages, and never fixed.

But they work IRL anyway. Yes, any kid could lockpick your front door, or hack it down, or just throw a brick through the window to get in. But people still use locks, doors and windows.

Why? Because the IRL (In Real Life) you don't live in a lawless no-man's-land where any kiddie with a lockpick is l33t and free to pick your lock. IRL your real defense isn't the lock, but the law.

The lock or the door just markers. They just say "you're not supposed to be past this point uninvited, and if we find you inside, we'll throw your sorry ass in state jail."

(If you're a die-hard gun fanatic, feel free to replace by "if I find you in, you'll get a gut full of buckshot." Same idea: there'll be repercursions. The door just marks the point beyond which the thief is not supposed to go, not _the_ deterrent itself.)

And people instinctively expect the same kind of rights and protection to apply to the online world too. "This is my computer, you're not supposed to be on it. Your playzone ends at the ISP, and this side is my private property."

Unrealistic expectation? Maybe. But it exists nevertheless.

Unreasonable expectation? Not at all.

Re:none here

[dasunt]

What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone.

That would work if a computer had about the same features and abilities of a toaster.

Unfortunately, a computer is mixture of hardware and computer software that can do office tasks, multimedia, file sharing, communications, and gaming. The feature set is easy to upgrade and expand through software installations.

In addition, due to most computers being connected to the rest of the world, the cost benefits of spyware/viruses (creating spamming relays is big money) and the fact that trying to infect an individual computer is effectively free, the problem is apparent.

Any product with a ton of features and abilities requires user training. Its possible to easily design a car that doesn't require knowledge to drive -- as long as everyone will only go to the mall or the grocery store. But people use their autos for many destinations, over many different roads, and thus we require people to learn how to use cars.

A computer is no different.

Want to write documents? A typewriter works. Some of the electric ones were quite nice. Want to send text messages? SMS over mobile phones. Want to send documents? Fedex. Games? A console. Music? A radio.

Want to do all of the above, and more, with the ability to extend the features and easily upgrade for less cost? Okay. But it will require some training.

If you disconnect yourself from the internet, and lose that feature set, you will probably be secure. Even disconnected, not knowing what you are doing will have consequences. If you are lucky, the only consequence will be wasting your own time. If you are unlucky, you will be frustrated by fighting with the computer all the time to do what you want, how you want it.

Do you want to connect to the net? Congratulations, now you are exposed to the worst people in the world. Would you be cautious walking down a street in Romania with your credit cards in your wallet? Why aren't you cautious while you are online, making purchases, connected to the same network as a Romanian hacker?

I'm sorry, but we can't not create an idiot-proof box. We can't even make a box that requires zero knowledge to run. Our best bet is education.

A hardware solution to Spyware

[SoupIsGood Food]

You could simply buy an iBook and look at it as a peripheral for your cryo-cooled 1337-gamerboi PC.

You use the PC for playing "City of HalfEverDiabloCraft III" and for generating dubious overclocking benchmarks and storing your MP3's on your terrabyte RAID with the windowed 250gb SATA disks.

You use the Mac for web surfing, email and IM, to store critical documents you don't want eaten by Virii (making sure to back them up to CD-R every now and again) and generally Doing Usefull Stuff.

That way, your precious game time is uninterrupted by Microsoft's Keystone Kops approach to secuirty and monoculture attacks. Let's face it... you ain't never gonna be able to lock down your Windows box, no matter how much money and third party utilities you throw at the problem.

Alternatively, OpenBSD on any old laptop is another way to dodge the spyware bullet, if your Unix Fu is the stronger.

SoupIsGood Food

Re:Thank God...

[a24061]

But someone has to be connected as administrator to do Windows updates, just as I have to have an internet connection while I'm root to use apt-get.

One of the main stupid things in Windows is that you have to log in to the whole GUI mess as administrator---whereas in proper systems (where the GUI, e.g. X, is an optional part of the OS) you open an xterm and use su so that only the processes run from that xterm have root privileges. There's little temptation to run a web browser or word processor as root.

Re:Is Windows fit for the internet?

[fishbot]

Windows is a relatively secure OS if you know how to run it. Unfortunately, most people who run it are dumbasses who install all programs they find and click YES to every prompt they see.


Unfortunately, Windows is designed so that any dumbass can run it. Any OS which demands any kind of technical comprehension is labels 'elitist' and stays relatively obscure.

The only reason Linux is gaining ground is that the latest desktop environments and installers allow you to be a total eejit and still get a halfway working system...

Re:Spyware

[GigsVT]

You apparently don't have to go clean up loser's computers at a company where they have little in-house talent or IT management.

It's not unusual to find a computer so laden with spy and adware that it crashes during boot, every 10 minutes, or serious parts of the OS are damaged.

An example, there was a computer I worked on, so laden with spyware that IE couldn't pop up the download dialog box, and since Windows doesn't include useful utilities, I couldn't wget or anything like that either. The CDROM was broken so I couldn't boot into linux either.

It really is as bad as everyone says here. People use it because they don't know better, and because those shiny boxes in Best Buy contain software for it. They don't realize there's a whole other world out there where software doesn't come in shiny boxes, and you don't pay "per user" for permission to use your own hardware.

Re:Spyware tips I've picked up

[esarjeant]

End users also need to be disabled from performing administrative tasks on their computers.

From my limited experience with spyware, by simply removing the user from the Administrator group you effectively cripple the majority of spyware tools. If you do not have access to modify the %SystemRoot% or make any changes to %ProgramFiles% you'll be a much safer user overall.

I would never logon to my box using root for daily activities. While spyware may be able to make modifications to the current user they will at least be unable to affect the overall system.

Re:It's interesting

[khrtt]

Yeah. But Windows application programmers have to do a consious non-trivial effort to make the program uninstall cleanly. Guess what - this is very low on the list priorities for most developers. If they don't, the program leaves crap behind - files, registry entries, etc. Entries with obscure names, scattered around several system directories, each with several tens of thousands of entries with even more obscure names. A luser can't deal with that! You, a knowledgeble person, can't really deal with it either, unless you have too much free time on your hands.

This system is really easy to fix. All you need is, well, something like RPM, that manages contents of installation packages without effort on the part of the app developer. Unfortunately, a good installation system is not high on Microsoft's list of priorities either. Also, I'm not sure the shit in HKCR could be made easy to get rid of without a complete system overhaul.

What do they use for settings on Mac? Hope they don't have a registry..

Nothing works completely.

[vspazv]

I've been doing spyware removals for customer's at my job for over a year now. At first it was easy, just run Ad-Aware and you're done. Now some of the spyware programs are getting much more deceptive and can actually startup in safe mode making it nearly impossible to remove.

At this point the first thing i do for a scan is use a USB adapter and connect the hard drive to my test station then clear all temp folders and run spysweeper and adaware to find any files. Then i reconnect the drive adn boot directly into safe mode and rerun both programs to clean out any registry entries. Finally i go through with hijackthis to repair any damage to the browser.

Ive tried out Giant spyware and it seems to work fairly well but the stupid tray app WILL NOT GO AWAY even after haing all of its startup options unchecked.

Also, the new version of Pest Patrol from eTrust keeps detecting a small text file in my 3 year old compressed video drivers as a keylogger :)

Cycles

[argStyopa]

I'm not surprised Spybot did badly.

These things go in cycles, kind of like the Darwinism that didn't work quickly enough on the germ plasm that somehow evolved into the amoral mockeries of humankind that write spyware/malware.

Adaware was widely used for a while, then I started noticing that it wasn't working so well.
Then Spybot is/was hugely popular and extremely effective, so I've started to notice that it too is missing stuff now (or is unable to remove what it finds).

Virus...er...spyware writers are working against these programs, and it's only natural that they are evolving their code to defeat at least the most successful/widely used anti-spyware programs out there.

You wouldn't expect the flu inoculation from 5 years ago to protect you this year, would you? Spyware - and it's counteragents - are the same.

And there's really no defense

[Sycraft-fu]

I used to think that what Windows needed was an SU ability, so you'd run as a normal user, and enter the admin password when needed. I still think that's a good idea, but I've come to realise it won't do shit to stop spyware.

For those that don't know, Mac OS-X does just this. You run as a user, and it asks for root when something requires root to execute. Good idea, don't want to be running as root full time. So I'm hanging out in a recording studio, chattering with the engineer, who is also piddling around on his computer while we talk. He's doing something, a box popos up and asks for root and almost before I can see what it wants he whips off the root password and goes back to talking to me.

I asked him about this and he said well EVERYTHING requires it. Anytime you install any app, it needs root. It's just part of the install process.

Well I realised that would be the attitude most non-tech users would take. Installs need root. It's even correct in most cases. So the spyware that's piggybacking on whatever app they want gets root through the install, and then you are back to where you started. The extra verification step isn't any good since people just give it without checking.

I still think it's a good system for those of us that would be suspicious when some little app with no DLLs/libraries to install whines for root, but a normal user isn't going to know the difference. They'll give it root, and get spyware'd.

Re:It's interesting

[clodney]

For trivial programs (an exe, a few DLLs, collateral files), an uninstaller is indeed trivial, and is usually created automatically by the installer provider (MSI/Installshield/Wise, etc.)

For larger apps or ones that have more complicated installs, an uninstaller takes some work, but nowhere near the scope required to write the program, or even to do the installer.

And it may be low on the priority list for most developers, but that is no excuse for writing a crappy product.

Re:It's interesting

[shokk]

Yeah, they're really happy to see security holes opened on their system, and how they are unable to use that brand spanking new 3.4GHz system as the CPU is fully consumed running hundreds of unwanted processes. I saw 800+ at one victim's system before applying the double-whammy of Spybot and Ad-Aware (non-commercial user). I'm going to check out SpySweeper to see how it fares vs the other two for keeping on my USB keychain thumb drive for when I visit friends. Since they have a Corporate Edition of Spy Sweeper I'll see about a demo for our company.

I encourage everyone else to do the same: test these tools and see what fits your environment and wallets. Even though these don't cost all that much per-seat, the cost adds up across a few hundred seats. Start small and see if you can get buy-in from small departments. Sales groups are especially vulnerable since they provide the proper combination of really needing to check out every email for leads and some good ol' fashioned "duh, which end of the mouse is up." Next sprinkle in a few secretaries/AAs. You may not even need to move beyond that to stem the tide of unwanted software.

Re:Is Windows fit for the internet?

[HermanAB]

Windows is reasonably secure only if it is behind a Linux firewall...

If Windows was secure, then Linux would have been behind Windows firewalls and all the little Linksys and Dlink firewall routers in Best Buy would have been running WinCE.

Nuff sed.

Re:Spyware

[blackest_k]

first of all who's professional? Some readers of slashdot may be professional but I am certain a lot are not. your asking a lot of a readership that has a number of posters who just post for creating havoc if you read slashdot at -1 you will soon see that comments on slashdot pump through the site like raw sewage with the occassional gem which moderators reach in and retrieve.

While you may be able to run a windows operating system without getting infested with spyware it seems to be the case that many people can't.
perhaps if people could be educated into looking for "open source" instead of "free" when looking for a tool or utility then they might improve their Pc's health.

Spyware often uses two parallel processes to maintain control of a pc, when you go to kill one process the partner process restarts it. these tricky beasts can be killed by booting in safe mode and finding the programs on the harddrive and deleting them. These are the most common ones I have to deal with once I have educated users to run spybot and adaware to remove the easy stuff.

It doesn't help that users like to run things like kazaa instead of kazaalite as an alternative and seem clueless and overly trusting of the files they download- often not even running an up to date antivirus program such as avg (free edition).

Finally while windows is a mess of worms trojans and spyware, suggesting that these same users run linux instead, is pointless they struggle hard enough with windows. linux isn't friendly to clueless users ect...

Maybe a Mac is the real answer for these people but few will migrate to another o/s or buy new hardware so the problem will remain.

perhaps it might help if it was possible to launch linux from within the windows environment. similar to the experience of running amiga os under emulation.
then users can venture into linux as and when they find applications to run under linux and don't have to reboot into windows to run something which doesnt have a linux alternative.

To be objective you can't look at windows and say it is not vunerable to these problems (no matter how well you look after your system). It is equally valid to say Linux isn't a pain free alternative yet.

hope you find this post a little more balanced.

Re:none here

[airjrdn]

Well, first of all, they don't have to do anything to use the airbags, they're there by default.

As for the locks, it's not really that simple. It's like being on your own to locate and/or purchase locks for your car after the initial car purchase. Every 4th street corner has some guy peddling locks, and there's no governing entity stating which locks work and which locks don't.

From there, you not only have to decide which lock or locks to use, but you have to figure out how to install them, as well as maintain them. How often have you had to do maintenance to the locks on your car?

For you and I and the bulk of the /. crowd it isn't so bad. We're interested in this stuff so we're in-the-know about it. Most people (our parents, siblings, friends, etc.) simply aren't.

Re:It's interesting

[Nopal]

When you loan an amount on INTEREST, you always make a profit. The more money you have the more profit you can make. The rich get richer - faster.

No, you are missing the point of interest. When you loan an amount with interest, you are accounting for the future value of money since money tends to depreciate due to inflation. It's simple microeconomics: $1,000 20 years ago is not the same as $1,000 today. $1,000 20 years ago is equivalent to roughly $1,500 today, assuming a very conservative 2% yearly inflation compounded yearly. That doesn't take into account the amount of money that the lender can make with that $1,000 if he invested it in a business for 20 years instead of lending it.

So in any type of free market society, loans would be fiancial suicide if interest could not be charged. As the incentive to loan, the interest rate is designed to yield a small profit. Banks make money because in essence they create money (due to the money supply multiplying factor), so they can make a small profit on loans because they expand and contract the money supply and thus keep both runaway inflation and runaway recession under some level of control. You'd be surprised how thin the profit margins of banks actually are. If you are a bank, it's extremely easy to go into bankrupcy if you aren't paying very close attention. The risks they take and the services they provide is in essence how and why they get paid.

I suggest that you read a little bit about Keynesian macroeconomics and how modern free markets couldn't exist without banks because of the effect that banks have on the money supply due to interest loans. A measured amout of what you call "greed", my friend, has in a sense made possible the computer and the Internet that you are using to read this, and has brought a higher standard of living to the world than almost any other force, including religion, and I say that while being deeply religious myself.

Re:Spyware

[_Sprocket_]

What the heck are you on about? I run Windows, and I've had no problems with spyware ruining my PC or crashing it.

Years ago, I ran nothing but Win9x. My own home systems were fairly stable and usable. I had no interest in anything but a Windows world. Then I became a "professional".

As a payed IT cog, I had to deal with OTHER people's Windows machines. I got a full sample of Murphy's Law and Microsoft. And then I began to understand some of Microsoft's detractors.

It's not that Windows is absolutely unusable. But each iteration has had, and continues to have, serious issues (bad user decissions aside). And those issues DO, in fact, affect people - sometimes with considerable impact.

No system is perfect. But there are, in fact, very viable alternatives to Windows. For all your talk of objectivity and profesionalism, it is generally rather rare to give fair consideration to a Windows alternate. Even in an environment where it makes very good sense.

Re:It's interesting

[berzerke]

Who's fault is it they didn't read the agreement r look into what "data" was being collegcted? The user's, ultimately.

Of course, that's why most of these spyware programs that *DO* have a license agreement (not many IMHO; how many drive-by downloaders have a license agreement at all?) are designed to be as unreadable as possible. You need a law degree to understand most of them. And at many, many pages long, why bury the "good" stuff down near the bottom? Why not put it right at the top in clear language? Maybe because the spyware programs are trying to hide what the programs do???

Ultimate WinBlows nuisance user solution

[EXrider]

Here's what I do in these situations...

First, it requires a windows machine (NT,2K,XP) using the NTFS filesystem. FAT32 won't work because it don't do ACLs

1. Create a new local administrative account to work under (this is important read the whole thing here!)

2. Run Ad-Aware, Spybot S&D, and Hijack This, under this new admin account keep all the directories the spyware created, or make note of them so you can re-create them later.

3. Now, delete everything contained in these folders, then you start changing permissions on all these folders to deny Everyone access (including administrators), and take ownership of all these directories, when spyware trys to re-install itself it will fail. This method works real well when nuisance kids come back and try to re-install kaazaa, iMesh, etc. If you deny access to the kaazaa folder it won't come back unless they're smart enough to take ownership back and change permissions, or install it in a different directory.

4. This is the kicker: Install Firefox to replace IE, and Firebird to replace Outlook/Outlook Express. Run a search (F3) for iexplore.exe and msimn.exe and change permissions on them just like we did with the spyware folders.

5. This is my favorite: Now delete the IE icon and Outlook icons and change the Firefox and Firebird Icons to look just like IE and OE (MUHAHAHA).

6. Now login as Administrator and delete the user account we just created to do all this stuff.

If nuisance user must have IE to access a dumb banking website that's coded in shitty client side ASP or something like that; write a VB script, or batch file or whatever to use the runas command (similar to sudo in unix) to launch iexplore.exe under a less privileged account; point this back to the normal IE icon and it becomes seamless for the user.

You can take it even farther and deny write access to all the Run keys in the registry to keep crap from getting loaded in the System Tray. You can also deny write access to the Root of the Program Files folder, if you deny access to the whole folder including subdirectories and files it will break a number of applications that love to write metadata, temp files and such in the Program Files folder, like Microsoft Office 2000 (let's not even get started on how many Microsoft developers don't know where temp files and metadata belong). Of course if you do these things the user won't be able to install programs. If the user isn't running as an administrator they won't be able to write to the root of Program Files anyways, but they still can put stuff in their own Run key and the global Run key!

Sorry this is so hacked together, I'm in a hurry, want to go eat lunch NOW...

Re:Nonsense.

[Sique]

Here's how to stop a computer needing maintenance, ever: put all the programs you're going to need in ROM. Clear RAM whenever you reboot.

There. That wasn't hard, was it?

Yes. No persistant data storage. No way to actually create new programs. No way to use remote ressources. No protection for so called active content (program builtin languages) not running havoc. What you create is a quite limited type of computer, similar to a game console or an early '80ies home computer without external storage.

We are talking about computers you actually want to work with.

So now lets talk about the real components such a computer needs: verified hardware (where the correct implementation is mathematically proved), verified compilers, verified operating system, verified applications, verified protocols for remote usage.

Four out of those five requirements are already accomplished or on its way to accomplishment. There is hardware (CPU, memory...) where there is a mathematical proof that the implementation is an actual representation of the specification. There are verified compilers where there is mathematical proof, that the object code they put out is mathematically equivalent to the source code you are feeding it. There is work in progress to prove the correctness of an operating system (I should check with my old operating system group if they are finished yet). There are lots of network protocols whose correctness is proved for both the protocol itself and an actual implementation of the protocol.

So there is one big block remaining: verified applications. And there we are back at Step 1. No one hinders us to implement a hardware layer or a complete operating system at application level (You don't believe me? Look at VirtualPC [OS] or VMware [hardware layer]).

Any application that has a Turing complete subsystem (like most Office suits with their application specific languages) can be host system for the same thing: You could even create a Linux being hosted by Microsoft Word (write an C Compiler in VBA and then port the Linux kernel. Simulate a simple framebuffer device on the Word canvas in VBA and port X11 etc.pp.).

So having verified applications still doesn't warrant a maintenance free computer. Even the data the applications get feed with has to be verified. And that's the point where a computer turns from a useful tool into a completely verified and maintenance free but even so completely unusable piece of junk, because you have to mathematically prove the correctness of your own data.

Again, Nonsense.

[brunes69]

Cars are not computers, yes. Computers are not cars, yes. You get a gold star.

But both computers and cars are complex multi-purpose devices. They are not commodity television sets or VCRs whose software only perform one basic function (watching a channel, recording a channel).

The more you can lock down and restrict the software on a device, the more secure and useable it can be. This is why crashes in phones and PDAs are so much less common than PCs.

The instant you give the user the ability to install whatever they want, all bets are off.
Flexability and Idiocy-proofness are inversely proportional for any complex system. There is no way around it, you can't have your cake and eat it too.

No I don't expect that Joe user should know how to swap out a DIMM. But I do expect that he should read the manual. I also expect him to read and heed warnings from his ISP about malware. If they can't do that then either

a) They can't complain when they get malware / virii
b) They shouldn't use a PC, since they won't take the time, they should use a locked down Internet Appliance.