Failing Grades For Most Anti-Spyware Tools 517
serbach writes "Steve Gibson posted this link to a superb test of about two dozen top Anti-Spyware programs: Eric L. Howes conducted the test over a two-week period in October. The results surprised me: only 3 ASW programs had a 'batting average' of better than .500 when it came to eradicating the broad range of spyware in the test. Freeware star Spybot Search & Destroy came in a distant 7th with an average of only .376. The top three? Giant Anti-Spyware, Spy Sweeper, and Ad-Aware. These test results are well worth your time."
Personal experience with anti spyware tools (Score:2, Insightful)
Ad-Aware and HijackThis (Score:5, Insightful)
if you don't log and analyze traffic (Score:3, Insightful)
hmmm why is that activity LED blinkin?
Re:none here (Score:2, Insightful)
That's kind of the point. If spyware broke your computer immediately, you'd know it's there and would be able to remove it.
If you've never checked for spyware, it might be on your system.
You can declare that you know you don't have a disease because you were never tested for it.
LK
Re:none here (Score:3, Insightful)
What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone.
Unfortunately that's a long way from the truth. But I think you should blame the engineers and computer scientists, not the end users.
Re:Is Windows fit for the internet? (Score:5, Insightful)
Re:none here (Score:2, Insightful)
What about programs that appropriate the names of legitimate windows processes? Or ones that take advantage of the shortcomings in the font used in the task manager to look like a legitimate process?
LK
Re:none here (Score:2, Insightful)
Re:It's interesting (Score:4, Insightful)
if your program had a smooth uninstall that actually did something, was called WarningNastyEvilSpyware.exe, flashed up a new warning everytime it ran that evil crappy spyware it installed, and clearly documented everything it did, then I guess it was ok (though you'd have to pay me to use it).
otherwise you were working for evil.
(and what made you think you'd get karma for admitting to writing spyware?)
Re:Is Windows fit for the internet? (Score:5, Insightful)
Windows is a relatively secure OS if you know how to run it. Unfortunately, most people who run it are dumbasses who install all programs they find and click YES to every prompt they see. If you run it with a decent firewall (whether that be software or hardware), antivirus software, and diligence then Windows won't give you any problems.
BTW I recommend Ad-Aware and Spybot: S&D for clearing out just about any crap if the spyware does somehow "install themselves" onto a system.
Horses for Courses (Score:5, Insightful)
You could probably get even better performance by running more than those two, but I'm not going to harrass my clients to start running half a dozen programs just to remove spyware and it's a pretty rare thing to come across a piece of spyware, even a humble cookie, that both of those two miss. Anyway, my point is this; You can't just run Ad-Aware or Spybot and think you're protected. Until an anti-spyware tool has a 100% record against all known spyware, I won't consider them anything near a definitive tool, or a licence to behave recklessly on the net, something which too many naive people seem to do.
The problem with anti-spyware tools is three-fold;
a) They are made by private companies and individuals who's credentials and/or decency cannot be guaranteed. They could easily take kickbacks from spyware companies in exchange for 'excluding' their programs from the scan list. Sure, it might not be happening now, but what's to stop Lavasoft suddenly to start taking kickbacks to let the less insiduous spyware through? Unless you're on the inside of a company like that, you can never be sure. I'm sure Lavasoft aren't doing anything like that, as these results prove, I'm merely using them as an example - any anti-spyware app people trust is in an immensely powerful position on the user's computer, and any money-seeking company can theoretically be bought out.
c) When they remove a spyware
c) People do, as I mentioned above, use them as an excuse to behave recklessly on the internet - they will install random
Anyway, what was my point again? Oh yes, that these statistics are misleading for naive users. Ad-Aware and the others are now going to start shouting from the rooftops about how they're one of the top 3 anti-spyware apps on the market, and thousands of lusers will trust themselves to it implicitly solely because of that blurb, while the reality is Ad-Aware still misses stuff, and it is more than fallible. That 'lowly' Spybot has turned up half a dozen items Ad-Aware failed to find at least three times for me, but I wouldn't run that on it's own either - Everybodyb knows it's a good idea to get a second opinion, especially when it's free.
Also, does anybody else find it funny that
Arguments to the contrary... (Score:5, Insightful)
The reasons seem to be simple;
Yet, the test results show that the spyware detectors aren't in the arms race against spyware that I described above. Instead, many spyware revisions aren't detected at all. Either they don't know about the spyware revisions, the spyware is not being tested for, or the spyware is being ignored on purpose.
Right now, the bar that the spyware creators have to leap is very low. Both social engineering and direct injection onto systems make spreading these things fairly easy to do for the spyware maker. Tie that in with many spyware detectors not detecting completely, and not being used consistantly, and I don't see an end to this problem soon for most people.
What to do? I'll leave that to others for now. I have my own lists. It is a security issue so the systems should be considered to be on hostile networks and hostile users. I consider 2 hours to lock down a Windows XP system to be a reasonable minimum amount of time to spend on each system -- unless automation tools are used.
Re:none here (Score:5, Insightful)
User stupidity is still the number one security problem.
Nonsense. (Score:3, Insightful)
You can engineer many problems, but you can never engineer away human idiocy. There will always be some idiot who will find a way to kill themselves with a pair of dull safety scissors.
Re:It's interesting (Score:3, Insightful)
On the one hand, some
It's difficult for most people to come to the conclusion that there is such a thing as "good spyware" a.k.a. "direct advertising software", just because there are idiots in the world ready to willingly give up their rights to information privacy for money or free junk software goodies. In the end, users like that and software like yours simply chip away at our ability to keep our personal information private. Therefore all spyware is considered somewhat of a menace whether they are "legitimate" or not.
On the gripping hand, of course, if your software were really totally honest and straightforward about what it does, it wouldn't really fit the definition of "spyware", now would it? I don't know of any such software, but I will concede that it could exist. Personally I would still disapprove of it, but people have to make their own decisions about giving up their personal information.
The general public would probably give up lots of other rights in exchange for free stuff. That usually doesn't make it OK for them to do so, nor does it make it OK for someone to try to get them to do so. Even if it happens to be legal.
Re:I don't get it (Score:5, Insightful)
The point is not that we technically proficient people can deal with SpyWare but rather that the 99% of computer users who are not technically adept can use their computers, the internet and their email without having to fight a constant battle with unwanted intrusion.
What other mass-produced, home appliance can you think of that requires a deep understanding of its inner workings? We, as the technicians, should be hanging our heads in shame that we have failed, in over 20 years of trying, to devise a machine and an interface and a secure environment that allows the end-user to enjoy the internet or office suite or any other application with such carefree abandon as they do their TV or Dishwasher or Microwave.
Sure people need to be careful, just as they do when driving or using a blender, but surely it is not beyond the wit of man to hide the complexity of the system. Surely a better use of our time and effort, rather than trying to play catch-up with 'the man' is to start finding common ground upon which we can progress best practices... Let the Corporations then compete on price and feature-sets from that good and solid foundation rather than firing off in their own directions with their own agendas and muddying the already dirty waters.
We have a lot of work to do, I'm afraid.
Re:It's interesting (Score:5, Insightful)
Especially the last point is important. If my browser is infected with spyware, I simply want to go to controlpanel->software, select the program and uninstall it. Nearly always this is completely impossible. Lots of spyware nowadays actively combats uninstalling. And when software does that, it always is written by the Bad Guys.
Unfortunately you don't say what product your company was/is making, but I guess that was to be expected.
Re:It's interesting (Score:5, Insightful)
They would be really happy to install these free utilities and games. They really wouldn't care why their computer takes 30 minutes to start, and keeps crashing every so often, randomly. They wouldnt care, because they dont "know".
Its absolutely wrong to create awareness, since ignorance is bliss isn't it? For them, all they need to do when their computer becomes a constantly-rebooting over-sized paperweight is to call me and spend a day to have it "formatted".
I mean, c'mon, the funny-little-desktop-buddy is OK. All it does is reduce my computer to a 0.5 frame per second 1956 batch-processor.
Its funny how, when your bread comes from a shady source, that source becomes morally right. Like, for example, in my religion, interest based financial transactions are not allowed. The only people who say its ok are bankers!
Re:none here (Score:3, Insightful)
Similarily, using a computer with a broadband connection to the Internet without at least some idea of how to make the computer secure (i.e. antivirus software/firewall) will most likely result in a computer infected with trojans and spyware, causing problems for the owner. What's worse, his computer will probably infect other computers as well.
Sometimes the concept of an "Internet license" similar to the driver's license actually seems like a good idea. A driver's license doesn't stop car accidents from happening, but a least you're keeping some of the worst morons off the road.
Review Format (Score:3, Insightful)
I, for one, would like to see some conclusion or recommendation or rating (Anti-Spyware A - goog; Anti-Spyware B - shit; Anti-Spyware C - excellent).
I know the article focuses on falling efficiency, but still, it's a bit overwhelming to go over those huge tables.
Re:Ad-Aware and HijackThis (Score:2, Insightful)
There is only one real solution to spyware: be very careful what you install.
Like worm scanners, Spyware scanners are damage control. They try to clean, as much as possible, a compromised environment from from within that environment, after the fact. If you need a virus or SW scanner, its already too late.
A lot of bullshit reasons to use Free Software are thrown around on this site. Spyware is one of the legit, and often overlooked reasons. One doesn't even need to switch to GNU/linux; there is plenty of Free Software for windows. As long as one is willing to exorcise a little restraint, spyware scanners are redundant.
Re:none here (Score:5, Insightful)
Is it simple ignorance? No, that could be easily corrected. Is it sheer stupidity? No, these people are otherwise of average intelligence or better. It's some kind of weird mental blindness that comes over people whenever they are faced with a computer screen. It's conditional stupidity, and it's one of the main problems with the general public. Most of them will never learn to be careful until you hook up a car battery to their earlobes that gives them a physical notice whenever they do something stupid. Otherwise they just don't seem to be equipped mentally to grasp the concepts involved in using a computer responsibly. The software industry hasn't exactly been helping matters, but they have a monumental task ahead of them. I think computers are just too abstract for a lot of homo sapiens sapiens to deal with.
End User License Agreements and Privacy Policies (Score:5, Insightful)
Am I the only one who doubts that will come true any time soon, we all know how to click on a button as a reflex action, reading a lengthy EULA full of lawyerspeek... that's a headache.
Well, here's IMHO what's wrong with them (Score:5, Insightful)
In the real world, you don't have to have an absolutely-unbreakable titanium-plated vault door to your house, nor bullet proof windows. If anyone wanted to hack your front door down, it's worth a maximum 5 minutes with an axe.
Real world locks also aren't supposed to be unbreakable. Au contraire. By computer security standards, they're a catastrophe. Most allow 1-pin-at-a-time attacks, which in computer security is the worst anti-pattern. Locks with master keys allow easy escalation of privileges too.
It's all documented vulnerabilities (or exploits) and they've been known for ages, and never fixed.
But they work IRL anyway. Yes, any kid could lockpick your front door, or hack it down, or just throw a brick through the window to get in. But people still use locks, doors and windows.
Why? Because the IRL (In Real Life) you don't live in a lawless no-man's-land where any kiddie with a lockpick is l33t and free to pick your lock. IRL your real defense isn't the lock, but the law.
The lock or the door just markers. They just say "you're not supposed to be past this point uninvited, and if we find you inside, we'll throw your sorry ass in state jail."
(If you're a die-hard gun fanatic, feel free to replace by "if I find you in, you'll get a gut full of buckshot." Same idea: there'll be repercursions. The door just marks the point beyond which the thief is not supposed to go, not _the_ deterrent itself.)
And people instinctively expect the same kind of rights and protection to apply to the online world too. "This is my computer, you're not supposed to be on it. Your playzone ends at the ISP, and this side is my private property."
Unrealistic expectation? Maybe. But it exists nevertheless.
Unreasonable expectation? Not at all.
Re:none here (Score:5, Insightful)
What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone.
That would work if a computer had about the same features and abilities of a toaster.
Unfortunately, a computer is mixture of hardware and computer software that can do office tasks, multimedia, file sharing, communications, and gaming. The feature set is easy to upgrade and expand through software installations.
In addition, due to most computers being connected to the rest of the world, the cost benefits of spyware/viruses (creating spamming relays is big money) and the fact that trying to infect an individual computer is effectively free, the problem is apparent.
Any product with a ton of features and abilities requires user training. Its possible to easily design a car that doesn't require knowledge to drive -- as long as everyone will only go to the mall or the grocery store. But people use their autos for many destinations, over many different roads, and thus we require people to learn how to use cars.
A computer is no different.
Want to write documents? A typewriter works. Some of the electric ones were quite nice. Want to send text messages? SMS over mobile phones. Want to send documents? Fedex. Games? A console. Music? A radio.
Want to do all of the above, and more, with the ability to extend the features and easily upgrade for less cost? Okay. But it will require some training.
If you disconnect yourself from the internet, and lose that feature set, you will probably be secure. Even disconnected, not knowing what you are doing will have consequences. If you are lucky, the only consequence will be wasting your own time. If you are unlucky, you will be frustrated by fighting with the computer all the time to do what you want, how you want it.
Do you want to connect to the net? Congratulations, now you are exposed to the worst people in the world. Would you be cautious walking down a street in Romania with your credit cards in your wallet? Why aren't you cautious while you are online, making purchases, connected to the same network as a Romanian hacker?
I'm sorry, but we can't not create an idiot-proof box. We can't even make a box that requires zero knowledge to run. Our best bet is education.
A hardware solution to Spyware (Score:3, Insightful)
You use the PC for playing "City of HalfEverDiabloCraft III" and for generating dubious overclocking benchmarks and storing your MP3's on your terrabyte RAID with the windowed 250gb SATA disks.
You use the Mac for web surfing, email and IM, to store critical documents you don't want eaten by Virii (making sure to back them up to CD-R every now and again) and generally Doing Usefull Stuff.
That way, your precious game time is uninterrupted by Microsoft's Keystone Kops approach to secuirty and monoculture attacks. Let's face it... you ain't never gonna be able to lock down your Windows box, no matter how much money and third party utilities you throw at the problem.
Alternatively, OpenBSD on any old laptop is another way to dodge the spyware bullet, if your Unix Fu is the stronger.
SoupIsGood Food
Re:Thank God... (Score:3, Insightful)
One of the main stupid things in Windows is that you have to log in to the whole GUI mess as administrator---whereas in proper systems (where the GUI, e.g. X, is an optional part of the OS) you open an xterm and use su so that only the processes run from that xterm have root privileges. There's little temptation to run a web browser or word processor as root.
Re:Is Windows fit for the internet? (Score:3, Insightful)
Windows is a relatively secure OS if you know how to run it. Unfortunately, most people who run it are dumbasses who install all programs they find and click YES to every prompt they see.
Unfortunately, Windows is designed so that any dumbass can run it. Any OS which demands any kind of technical comprehension is labels 'elitist' and stays relatively obscure.
The only reason Linux is gaining ground is that the latest desktop environments and installers allow you to be a total eejit and still get a halfway working system...
Re:Spyware (Score:2, Insightful)
It's not unusual to find a computer so laden with spy and adware that it crashes during boot, every 10 minutes, or serious parts of the OS are damaged.
An example, there was a computer I worked on, so laden with spyware that IE couldn't pop up the download dialog box, and since Windows doesn't include useful utilities, I couldn't wget or anything like that either. The CDROM was broken so I couldn't boot into linux either.
It really is as bad as everyone says here. People use it because they don't know better, and because those shiny boxes in Best Buy contain software for it. They don't realize there's a whole other world out there where software doesn't come in shiny boxes, and you don't pay "per user" for permission to use your own hardware.
Re:Spyware tips I've picked up (Score:3, Insightful)
From my limited experience with spyware, by simply removing the user from the Administrator group you effectively cripple the majority of spyware tools. If you do not have access to modify the %SystemRoot% or make any changes to %ProgramFiles% you'll be a much safer user overall.
I would never logon to my box using root for daily activities. While spyware may be able to make modifications to the current user they will at least be unable to affect the overall system.
Re:It's interesting (Score:3, Insightful)
This system is really easy to fix. All you need is, well, something like RPM, that manages contents of installation packages without effort on the part of the app developer. Unfortunately, a good installation system is not high on Microsoft's list of priorities either. Also, I'm not sure the shit in HKCR could be made easy to get rid of without a complete system overhaul.
What do they use for settings on Mac? Hope they don't have a registry..
Nothing works completely. (Score:2, Insightful)
At this point the first thing i do for a scan is use a USB adapter and connect the hard drive to my test station then clear all temp folders and run spysweeper and adaware to find any files. Then i reconnect the drive adn boot directly into safe mode and rerun both programs to clean out any registry entries. Finally i go through with hijackthis to repair any damage to the browser.
Ive tried out Giant spyware and it seems to work fairly well but the stupid tray app WILL NOT GO AWAY even after haing all of its startup options unchecked.
Also, the new version of Pest Patrol from eTrust keeps detecting a small text file in my 3 year old compressed video drivers as a keylogger
Cycles (Score:4, Insightful)
These things go in cycles, kind of like the Darwinism that didn't work quickly enough on the germ plasm that somehow evolved into the amoral mockeries of humankind that write spyware/malware.
Adaware was widely used for a while, then I started noticing that it wasn't working so well.
Then Spybot is/was hugely popular and extremely effective, so I've started to notice that it too is missing stuff now (or is unable to remove what it finds).
Virus...er...spyware writers are working against these programs, and it's only natural that they are evolving their code to defeat at least the most successful/widely used anti-spyware programs out there.
You wouldn't expect the flu inoculation from 5 years ago to protect you this year, would you? Spyware - and it's counteragents - are the same.
And there's really no defense (Score:3, Insightful)
For those that don't know, Mac OS-X does just this. You run as a user, and it asks for root when something requires root to execute. Good idea, don't want to be running as root full time. So I'm hanging out in a recording studio, chattering with the engineer, who is also piddling around on his computer while we talk. He's doing something, a box popos up and asks for root and almost before I can see what it wants he whips off the root password and goes back to talking to me.
I asked him about this and he said well EVERYTHING requires it. Anytime you install any app, it needs root. It's just part of the install process.
Well I realised that would be the attitude most non-tech users would take. Installs need root. It's even correct in most cases. So the spyware that's piggybacking on whatever app they want gets root through the install, and then you are back to where you started. The extra verification step isn't any good since people just give it without checking.
I still think it's a good system for those of us that would be suspicious when some little app with no DLLs/libraries to install whines for root, but a normal user isn't going to know the difference. They'll give it root, and get spyware'd.
Re:It's interesting (Score:2, Insightful)
For larger apps or ones that have more complicated installs, an uninstaller takes some work, but nowhere near the scope required to write the program, or even to do the installer.
And it may be low on the priority list for most developers, but that is no excuse for writing a crappy product.
Re:It's interesting (Score:3, Insightful)
I encourage everyone else to do the same: test these tools and see what fits your environment and wallets. Even though these don't cost all that much per-seat, the cost adds up across a few hundred seats. Start small and see if you can get buy-in from small departments. Sales groups are especially vulnerable since they provide the proper combination of really needing to check out every email for leads and some good ol' fashioned "duh, which end of the mouse is up." Next sprinkle in a few secretaries/AAs. You may not even need to move beyond that to stem the tide of unwanted software.
Re:Is Windows fit for the internet? (Score:3, Insightful)
Windows is reasonably secure only if it is behind a Linux firewall...
If Windows was secure, then Linux would have been behind Windows firewalls and all the little Linksys and Dlink firewall routers in Best Buy would have been running WinCE.
Nuff sed.
Re:Spyware (Score:4, Insightful)
While you may be able to run a windows operating system without getting infested with spyware it seems to be the case that many people can't.
perhaps if people could be educated into looking for "open source" instead of "free" when looking for a tool or utility then they might improve their Pc's health.
Spyware often uses two parallel processes to maintain control of a pc, when you go to kill one process the partner process restarts it. these tricky beasts can be killed by booting in safe mode and finding the programs on the harddrive and deleting them. These are the most common ones I have to deal with once I have educated users to run spybot and adaware to remove the easy stuff.
It doesn't help that users like to run things like kazaa instead of kazaalite as an alternative and seem clueless and overly trusting of the files they download- often not even running an up to date antivirus program such as avg (free edition).
Finally while windows is a mess of worms trojans and spyware, suggesting that these same users run linux instead, is pointless they struggle hard enough with windows. linux isn't friendly to clueless users ect...
Maybe a Mac is the real answer for these people but few will migrate to another o/s or buy new hardware so the problem will remain.
perhaps it might help if it was possible to launch linux from within the windows environment. similar to the experience of running amiga os under emulation.
then users can venture into linux as and when they find applications to run under linux and don't have to reboot into windows to run something which doesnt have a linux alternative.
To be objective you can't look at windows and say it is not vunerable to these problems (no matter how well you look after your system). It is equally valid to say Linux isn't a pain free alternative yet.
hope you find this post a little more balanced.
Re:none here (Score:2, Insightful)
As for the locks, it's not really that simple. It's like being on your own to locate and/or purchase locks for your car after the initial car purchase. Every 4th street corner has some guy peddling locks, and there's no governing entity stating which locks work and which locks don't.
From there, you not only have to decide which lock or locks to use, but you have to figure out how to install them, as well as maintain them. How often have you had to do maintenance to the locks on your car?
For you and I and the bulk of the
Re:It's interesting (Score:2, Insightful)
No, you are missing the point of interest. When you loan an amount with interest, you are accounting for the future value of money since money tends to depreciate due to inflation. It's simple microeconomics: $1,000 20 years ago is not the same as $1,000 today. $1,000 20 years ago is equivalent to roughly $1,500 today, assuming a very conservative 2% yearly inflation compounded yearly. That doesn't take into account the amount of money that the lender can make with that $1,000 if he invested it in a business for 20 years instead of lending it.
So in any type of free market society, loans would be fiancial suicide if interest could not be charged. As the incentive to loan, the interest rate is designed to yield a small profit. Banks make money because in essence they create money (due to the money supply multiplying factor), so they can make a small profit on loans because they expand and contract the money supply and thus keep both runaway inflation and runaway recession under some level of control. You'd be surprised how thin the profit margins of banks actually are. If you are a bank, it's extremely easy to go into bankrupcy if you aren't paying very close attention. The risks they take and the services they provide is in essence how and why they get paid.
I suggest that you read a little bit about Keynesian macroeconomics and how modern free markets couldn't exist without banks because of the effect that banks have on the money supply due to interest loans. A measured amout of what you call "greed", my friend, has in a sense made possible the computer and the Internet that you are using to read this, and has brought a higher standard of living to the world than almost any other force, including religion, and I say that while being deeply religious myself.
Re:Spyware (Score:3, Insightful)
Years ago, I ran nothing but Win9x. My own home systems were fairly stable and usable. I had no interest in anything but a Windows world. Then I became a "professional".
As a payed IT cog, I had to deal with OTHER people's Windows machines. I got a full sample of Murphy's Law and Microsoft. And then I began to understand some of Microsoft's detractors.
It's not that Windows is absolutely unusable. But each iteration has had, and continues to have, serious issues (bad user decissions aside). And those issues DO, in fact, affect people - sometimes with considerable impact.
No system is perfect. But there are, in fact, very viable alternatives to Windows. For all your talk of objectivity and profesionalism, it is generally rather rare to give fair consideration to a Windows alternate. Even in an environment where it makes very good sense.
Re:It's interesting (Score:3, Insightful)
Who's fault is it they didn't read the agreement r look into what "data" was being collegcted? The user's, ultimately.
Of course, that's why most of these spyware programs that *DO* have a license agreement (not many IMHO; how many drive-by downloaders have a license agreement at all?) are designed to be as unreadable as possible. You need a law degree to understand most of them. And at many, many pages long, why bury the "good" stuff down near the bottom? Why not put it right at the top in clear language? Maybe because the spyware programs are trying to hide what the programs do???
Ultimate WinBlows nuisance user solution (Score:2, Insightful)
First, it requires a windows machine (NT,2K,XP) using the NTFS filesystem. FAT32 won't work because it don't do ACLs
1. Create a new local administrative account to work under (this is important read the whole thing here!)
2. Run Ad-Aware, Spybot S&D, and Hijack This, under this new admin account keep all the directories the spyware created, or make note of them so you can re-create them later.
3. Now, delete everything contained in these folders, then you start changing permissions on all these folders to deny Everyone access (including administrators), and take ownership of all these directories, when spyware trys to re-install itself it will fail. This method works real well when nuisance kids come back and try to re-install kaazaa, iMesh, etc. If you deny access to the kaazaa folder it won't come back unless they're smart enough to take ownership back and change permissions, or install it in a different directory.
4. This is the kicker: Install Firefox to replace IE, and Firebird to replace Outlook/Outlook Express. Run a search (F3) for iexplore.exe and msimn.exe and change permissions on them just like we did with the spyware folders.
5. This is my favorite: Now delete the IE icon and Outlook icons and change the Firefox and Firebird Icons to look just like IE and OE (MUHAHAHA).
6. Now login as Administrator and delete the user account we just created to do all this stuff.
If nuisance user must have IE to access a dumb banking website that's coded in shitty client side ASP or something like that; write a VB script, or batch file or whatever to use the runas command (similar to sudo in unix) to launch iexplore.exe under a less privileged account; point this back to the normal IE icon and it becomes seamless for the user.
You can take it even farther and deny write access to all the Run keys in the registry to keep crap from getting loaded in the System Tray. You can also deny write access to the Root of the Program Files folder, if you deny access to the whole folder including subdirectories and files it will break a number of applications that love to write metadata, temp files and such in the Program Files folder, like Microsoft Office 2000 (let's not even get started on how many Microsoft developers don't know where temp files and metadata belong). Of course if you do these things the user won't be able to install programs. If the user isn't running as an administrator they won't be able to write to the root of Program Files anyways, but they still can put stuff in their own Run key and the global Run key!
Sorry this is so hacked together, I'm in a hurry, want to go eat lunch NOW...
Re:Nonsense. (Score:3, Insightful)
There. That wasn't hard, was it?
Yes. No persistant data storage. No way to actually create new programs. No way to use remote ressources. No protection for so called active content (program builtin languages) not running havoc. What you create is a quite limited type of computer, similar to a game console or an early '80ies home computer without external storage.
We are talking about computers you actually want to work with.
So now lets talk about the real components such a computer needs: verified hardware (where the correct implementation is mathematically proved), verified compilers, verified operating system, verified applications, verified protocols for remote usage.
Four out of those five requirements are already accomplished or on its way to accomplishment. There is hardware (CPU, memory...) where there is a mathematical proof that the implementation is an actual representation of the specification. There are verified compilers where there is mathematical proof, that the object code they put out is mathematically equivalent to the source code you are feeding it. There is work in progress to prove the correctness of an operating system (I should check with my old operating system group if they are finished yet). There are lots of network protocols whose correctness is proved for both the protocol itself and an actual implementation of the protocol.
So there is one big block remaining: verified applications. And there we are back at Step 1. No one hinders us to implement a hardware layer or a complete operating system at application level (You don't believe me? Look at VirtualPC [OS] or VMware [hardware layer]).
Any application that has a Turing complete subsystem (like most Office suits with their application specific languages) can be host system for the same thing: You could even create a Linux being hosted by Microsoft Word (write an C Compiler in VBA and then port the Linux kernel. Simulate a simple framebuffer device on the Word canvas in VBA and port X11 etc.pp.).
So having verified applications still doesn't warrant a maintenance free computer. Even the data the applications get feed with has to be verified. And that's the point where a computer turns from a useful tool into a completely verified and maintenance free but even so completely unusable piece of junk, because you have to mathematically prove the correctness of your own data.
Again, Nonsense. (Score:3, Insightful)
But both computers and cars are complex multi-purpose devices. They are not commodity television sets or VCRs whose software only perform one basic function (watching a channel, recording a channel).
The more you can lock down and restrict the software on a device, the more secure and useable it can be. This is why crashes in phones and PDAs are so much less common than PCs.
The instant you give the user the ability to install whatever they want, all bets are off.
Flexability and Idiocy-proofness are inversely proportional for any complex system. There is no way around it, you can't have your cake and eat it too.
No I don't expect that Joe user should know how to swap out a DIMM. But I do expect that he should read the manual. I also expect him to read and heed warnings from his ISP about malware. If they can't do that then either
a) They can't complain when they get malware / virii
b) They shouldn't use a PC, since they won't take the time, they should use a locked down Internet Appliance.