Failing Grades For Most Anti-Spyware Tools 517
serbach writes "Steve Gibson posted this link to a superb test of about two dozen top Anti-Spyware programs: Eric L. Howes conducted the test over a two-week period in October. The results surprised me: only 3 ASW programs had a 'batting average' of better than .500 when it came to eradicating the broad range of spyware in the test. Freeware star Spybot Search & Destroy came in a distant 7th with an average of only .376. The top three? Giant Anti-Spyware, Spy Sweeper, and Ad-Aware. These test results are well worth your time."
It's interesting (Score:4, Interesting)
I used to work for one of the companies that distributed a "spyware" program through download.com, and we had continual PR problems with being lumped in with the worst offenders of the spyware world. We didn't do drive by installations, or hide our intentions: we just traded our customers data for use of our program. What, exactly is wrong with that? Why is Slashdot pretending all of us are as bad as each other, as if in this, as with all fields, there isn't a spectrum of behaviour?? Even some linux users are bad, just look at the DDOS at sco.com. I'm sure noone here would condone that behaviour.
(Posted anonymously, not interested in karma bonus.)
Interesting... (Score:2, Interesting)
Re:none here (Score:2, Interesting)
Never is a loooong time. Even Sean Connery learned Never to Say Never Again.
Re:Spyware (Score:3, Interesting)
I just use Firefox's cookie handling. I disable cookies and choose to allow only certain sites to set cookies (such as gmail, online banking etc).
Is Windows fit for the internet? (Score:5, Interesting)
Re:It's interesting (Score:1, Interesting)
hitman pro (Score:3, Interesting)
http://www.freedownloads.nl/hitman_pro.htm
It's dutch and it runs Ad-aware, Spysweeper , Spybot S&D, Stinger, Spywareblaster , ect...automaticly....
Re:It's interesting (Score:5, Interesting)
If the company doesn't want them to use the tool without the spyware then make it break without it and inform the user they removed the spyware which collects their details and would they like to reinstall it or remove the free "tool".
Sure some spyware is worse than others, but the user deserves the choice.
Re:none here (Score:3, Interesting)
I just ran Ad-Aware for the first time in a while (it told me my definition file was 109 days old), and it prompted me to go download an upgrade. Ironicly, it launched IE for this (firefox is definately set as default). Once it finished updating and running a full scan, it found 4 whole 'bad' things, which in this case were IE tracking cookies (doubleclick.net, etc). 2 of those 4 had a creation date of today, meaning they were picked up in the process of downloading that adaware update...
Re:none here (Score:4, Interesting)
Re:It's interesting (Score:5, Interesting)
Sure your actions are still legal?
Re:It's interesting (Score:4, Interesting)
First of all, your program probably didn't disclose to the users that it was collecting personal information, or if it did, it was buried near the bottom of the license, which is to say you may as well not have disclosed it.
You may not have hid your intentions, but I'll bet you didn't show them either. How many of your users would have installed your program if you said right on the first screen "We collect your personal information and do whatever the hell we want with it"? Uh huh, that's what I thought.
There's a huge difference between a banner ad on someone's site and your typical spyware program.
Re:Spyware (Score:4, Interesting)
There are PLENTY of things people can do in windows to protect themselves as much as they want. Suggesting moving to another operating system shows your real intentions here.
I apologise if this sounds pretty harsh, but I'm pissed off with the lack of professionalism or objectivity on this site.
Re:It's interesting (Score:5, Interesting)
I don't have problem with that myself.
I _hate_ one little, clever company named Limewire. Limesoft to be exact.
Those assholes recently tested SPYWARE on Mac OS X knowing the fact that mac users aren't so advanced on such things.
They used same tactic as they did on Top Moxie, on Win32 years ago. Coded it so system part (java.exe) will run it and if user runs an advanced firewall (not usual on mac too!) , Java will ask for permission to connect to net, NOT the spyware itself.
Advanced users figured it (thank god) and that "Adam" guy from Limesoft (boss) said "they were testing technology on macintosh, its pulled from installation now"
Do I remember that kind of answer and shameless response from somewhere? YES! It was same deal on Win32 topmoxie!
Notice something, I use "spyware" for Limewire, not whatever your product is. If you show users your intentions, you won't get much protest from them.
BTW, as mac users turned out to be "not that stupid", they removed "limeshop control panel" installation from later releases.
Limewire, on mac, while doing such "great inventions" as first spyware on OS x is currently number 1 on download.com mac edition...
When are you bundling your shit again Adam Fisk?
Re:It's interesting (Score:5, Interesting)
I think I met one dude who didn't care then the spyware kept multiplying. Afterall these vendors don't care about their customers, in fact they are hostile to thme, so why not abuse the system and turn that one downloaded app into more installs during an "update."
On top if it, a lot of these apps append the sig line in your mail client and professionally its makes the users who use email for work look bad. It makes them look stupid and incompetent. This kind of thing embrasses them quite a bit, and rightly so. A client is going to see a email full of multicolor characters with 4 links to GAIN and think, 'This guy is a moron.'
>Especially when you step outside the parochial echochamber
And once you step out of your "people are stupid/ignorant and dont deserve disclosure" stage you'll understand.
I am very glad both socially (people deserve disclosure and a legalese 10 page EULA isnt) and personally (Im sick of fixing computers) that spyware/adware is the kiss of death and now in the same league as spam and other scams.
Re:none here (Score:3, Interesting)
What surprises me is... (Score:3, Interesting)
You'd think that the hosts of "Innovators of Wrestling" would yank it if it were downloading crap onto people's computers without their knowledge - in violation of the LAW!
But then again, I've seen how well most System AdminDUHstrators manage their sites; perhaps my surprise is simply the result of my moring coffee not kicking in yet.
And here is a question for the class to consider: Given the difficulty of removing spyware in a machine which is running the spyware, why has somebody not taken Knoppix, Wine, the NT filesystem wrapper code, and a virus cleaner, and created a boot disk that would
Granted, for me this question is of academic interest only - I don't run Windows anymore. But for those of us who have relatives still stuck in purgatory, this might be a better way to run.
Re:Spyware (Score:3, Interesting)
I can install apps x, y, z and utilities p, q & r.
The apps update themselves without my intervention.
There's no crap to put up with. I don't update my software, my software updates itself. This is what I mean - you're not telling the truth here. You're saying Windows is at the state it was 5 years ago, when it clearly isn't. As for spyware, just install adaware, and it'll protect you perfectly. Heck, I still use IE, and my computer is still mine, running without any spyware at all, with no intervention from me whatsoever.
It clearly is MS bashing if you misrepresent the truth on such a massive scale. From your post, a newcomer to computers would assume it's impossible to run an MS windows box without having to manually update ever single thing on it. That it's insecure and will become compromised within minutes. It's pure FUD, and not in the least bit true.
Re:It's interesting (Score:0, Interesting)
PRINCIPLES OF ISLAMIC BANKING
An Islamic bank is based on the Islamic faith and must stay within the limits of Islamic Law or the sharia in all of its actions and deeds. The original meaning of the Arabic word sharia was 'the way to the source of life' and it is now used to refer to legal system in keeping with the code of behaviour called for by the Holly Qur'an (Koran). Four rules govern investment behaviour:
1. the absence of interest-based (riba) transactions;
2. the avoidance of economic activities involving speculation (ghirar);
3. the introduction of an Islamic tax, zakat;
4. the discouragement of the production of goods and services which contradict the value pattern of Islamic (haram)
In the following part I explain these four elements give Islamic banking its distinctive religious identity.
Riba
Perhaps the most far reaching of these is the prohibition of interest (riba). The payment of riba and the taking as occurs in a conventional banking system is explicitly prohibited by the Holy Qur'an, and thus investors must be compensated by other means. Technically, riba refers to the addition in the amount of the principal of a loan according to the time for which it is loaned and the amount of the loan. While earlier there was a debate as to whether riba relates to interest or usury, there now appears to be consensus of opinion among Islamic scholars that the term extends to all forms of interest.
In banning riba, Islamic seeks to establish a society based upon fairness and justice (Qur'an 2.239). A loan provides the lender with a fixed return irrespective of the outcome of the borrower's venture. It is much fairer to have a sharing of the profits and losses. Fairness in this context has two dimensions: the supplier of capital possesses a right to reward, but this reward should be commensurate with the risk and effort involved and thus be governed by the return on the individual project for which funds are supplied.
Hence, what is forbidden in Islamic is a predetermined return. The sharing of profit is legitimate and that practice has provided the foundation for Islamic banking.
Ghirar
Another feature condemned by Islamic is economic transactions involving elements of speculation, ghirar. Buying goods or shares at low and selling them for higher price in the future is considered to be illicit. Similarly an immediate sale in order to a void a loss in the future is condemned. The reason is that speculators generate their private gains at the expense of society at large.
Zakat
A mechanism for the redistribution of income and wealth is inherent is Islam, so that every Muslim is guaranteed a fair standard of living, nisab. An Islamic tax, Zakat (a term derived from the Arabic zaka, meaning "pure") is the most important instrument for the redistribution of wealth. This tax is a compulsory levy, one of the five basic tenets of Islam and the generally accepted amount of the zakat is one fortieth (2.5 per cent) of Muslim's annual income in cash or kind from all forms of assessed wealth exceeding nisab.
Every Islamic bank has to establish a zakat fund for collecting the tax and distributing it exclusively to the poor directly or through other religious institutions. This tax is imposed on the initial capital of the bank, on the reserves, and on the profits as described in the Handbook of Islamic Banking.
Haram
A strict code of 'ethical investment' operates. Hence it is forbidden for Islamic banks to finance activities or items forbidden in Islam, haram, such as trade of alcoholic beverage and pork meat.
Furthermore, as the fulfilment or materials needs assures a religious freedom for Muslims, Islamic banks are required to give priority to the production of essential goods which satisfy the needs of the majority of the Muslim community, while the production and marketing of luxury activities, israf wa traf is considered as unacceptab
RTFS (Score:2, Interesting)
I am genuinely curious as to what motivates people to run software knowing that they are not allowed to look at the source code. Fair enough, you may not understand it yourself. But people are not islands, and you probably know someone who could understand it, if you really needed it understood. And more to the point, if they won't show you the source code, why not? What don't they want you to see?
The only way you can ever know for certain what a piece of software is doing, is by reading the source code. If the suppliers don't want you to read the source code, that suggests to me that they have a problem with you knowing what it does. Which further suggests that it's probably dodgy.
Watch out for newer spyware's startup routines... (Score:4, Interesting)
If it hasn't already become obvious I'm all in favor of dropping large objects on the scumbags that make this kind of stuff. Say, a super-large special order 1000 ton ACME anvil, to start?
Re:none here (Score:2, Interesting)
These are also the same people who argued that Windows ME was the same as Windows 2K, because the Millenium was in 2000.
Nephilium
Slab: Jus' say "AarrghaarrghpleeassennononoUGH" -- Detritus' war on drugs Terry Pratchett, Feet of Clay
Why isn't this illegal? (Score:3, Interesting)
What I do not understand is how can this be legal. To me this is no different than a trojan (the viral type not the condom.) Maybe it does not self-replicate and spread, but it still hijacked my friends computer. I thought that the malicious or destructive control of a computer without the users consent was illegal according to federal law. Why is it the the government will go after script kiddies, but does not go after the corporate goons who are no better? Oh, wait, I forgot. Script Kiddies do not make political contributions. I'm going to email my congressman.
Re:Spyware (Score:3, Interesting)
Why are you spouting this FUD about microsoft?
My father and one of my brothers have windows machines. One is a locked down corporate XP pro SP1 laptop that is remotely administered by professionals. The other is a Windows ME home computer used for web surfing, e-mail, and video games.
About every other time I go to visit them, I walk them through spyware removal to make their machines run at a reasonable speed again. About once every three months, one of them calls me because their machine has become too bad to use and I talk them through it on the phone. They are both average, clueless users. If I could switch either of them to linux or the mac, I would in a heartbeat. My mother only calls for help with her imac when she forgets how to delete things in her webmail or she accidentally kicks the power cord out of the wall.
It is my professional opinion that anyone who does not actually need windows should switch, if they can afford to.
Re:none here (Score:2, Interesting)
Computer science shows us that it's impossible to accurately detect a virus (some combination of undecideability and Rice's theorem, I'm thinking). Spyware is a "virus" in this sense, and since we can't detect viruses, we can't get rid of them. In theory, then, it's impossible to have a secure computer program (because even if it did, we couldn't detect that it had achieved such security).
Obviously there are heuristics that antivirus (and antispyware) programs use to "detect" viruses, but ultimately the virus-maker-versus-virus-detector problem is an arms race: virus-detectors try to keep up with virus-makers by discovered new heuristics to "detect" viruses, and virus-makers keep trying to outwit these new heuristics with ever-more-clever viruses.
In practice, a human being can detect the difference between a legitimate application and an unwanted application (hence the popups from firewalls and antivirus tools asking, "Do you want to allow this activity?"), but also in practice, many human beings do not exercise this ability. My grandmother, for example, sees those questions as a nuisance and simply clicks the left-most button no matter what the question asks.
Both in theory and in practice, this is an arms race and ultimately an impossibility.
Re:It's interesting (Score:3, Interesting)
spyware almost always hides its true intentions deeply into some EULA nobody reads
spyware usually is very hard to uninstall
In other words, spyware like most spam depends on a business model based upon deception. Using deception in a business model is also known as fraud.
fraud (n.) -- A deception deliberately practiced in order to secure unfair or unlawful gain.
Fraud in the US is illegal.
Therefore, most spyware and spam are alread illegal in the US.
Look lawmakers you can give yourself another raise and take the rest of the day off. Your work is already done!
Re:none here (Score:2, Interesting)
And a close second, or perhaps tied at number one, is the negative attitude of a lot of knowledgeable types. They're very quick to assume the average user is "stupid" because he doesn't know how to format a floppy disk, for example. I actually heard a couple of techs laughing about this behind someone's back the other day. Well, those two guys probably had to use DOS to format disks back in the day, but when's the last time you went to the store and bought an unformatted disk? The current crop of "average" users has never had to deal with that, so why would you assume that when such a situation arises, they're just going to know what to do? And when all they encounter is derision and ridicule when they ask questions, how likely is it that they're going to continue to ask questions so that they can learn?
And then there's the nerd factor. A lot of people, particularly young women, are terrified that if they display any computer-centric knowledge beyond the bare minimum needed to get by from day to day, they'll be tagged as a Poindexter and ostracized. Sure, you can tell them that they shouldn't give a rip about what other people think, but never underestimate the power of peer pressure. I had an interesting conversation about this topic with someone from some educational institution a couple of years back, and she said that it was such a problem that it was causing many young people to think twice about taking computer-related courses -- and that was leading to a shortage of qualified IT staff. This may have changed a bit today, but not a lot, I'd wager.
Recent case in point: after dropping the phone on my desk for the umpteenth time while tucking it between my neck and shoulder, so that I could look up something on the PC while talking to someone, I asked my manager for a phone headset. He figured that would be a good idea, and asked the young (20-ish) woman on the other side of the office if she'd like one, too. Her reply: "Ohmigod, I'd look like a NERD!"
Some time ago, this same person was asked by another employee how to perform some sort of basic (to you and me) operation one one of the other PCs in the office. She gave him some instructions, and tagged them with "Gee, I hope you don't think I'm a NERD for knowing that."
I doubt she's a prime candidate for reading up on what spyware is, how to avoid it, and then finding, downloading and installing something like Ad-Aware -- much less telling anyone else how to do so. And I think she's representative of a lot of "average" users.
Re:It's interesting (Score:3, Interesting)
I started it in safe mode went to the startup menu, and fell in the floor laughing. The only thing wrong with it, besides the fact that it had ME on it, was that my cousin had d/l so many spyware/malware/tollbar crap that the computer didnt have enough processing power to get it all started.
after disabling all that crap and running spybot and adaware it started just fine.
Re:none here (Score:2, Interesting)
There were something like two or three dozen spyware entries in the programs list. 90% of them were 'allowed'. And they were all manually configured! That means that Zone Alarm popped up "awojethk.exe wants to access the internet" warnings, the person clicked the "Remember this setting" box, and clicked yes!
Argh!