Failing Grades For Most Anti-Spyware Tools 517
serbach writes "Steve Gibson posted this link to a superb test of about two dozen top Anti-Spyware programs: Eric L. Howes conducted the test over a two-week period in October. The results surprised me: only 3 ASW programs had a 'batting average' of better than .500 when it came to eradicating the broad range of spyware in the test. Freeware star Spybot Search & Destroy came in a distant 7th with an average of only .376. The top three? Giant Anti-Spyware, Spy Sweeper, and Ad-Aware. These test results are well worth your time."
Ars Report (Score:5, Informative)
http://arstechnica.com/reviews/apps/spyware-rem
Personal experience with anti spyware tools (Score:2, Insightful)
Re:Personal experience with anti spyware tools (Score:4, Informative)
It's interesting (Score:4, Interesting)
I used to work for one of the companies that distributed a "spyware" program through download.com, and we had continual PR problems with being lumped in with the worst offenders of the spyware world. We didn't do drive by installations, or hide our intentions: we just traded our customers data for use of our program. What, exactly is wrong with that? Why is Slashdot pretending all of us are as bad as each other, as if in this, as with all fields, there isn't a spectrum of behaviour?? Even some linux users are bad, just look at the DDOS at sco.com. I'm sure noone here would condone that behaviour.
(Posted anonymously, not interested in karma bonus.)
Re:It's interesting (Score:4, Insightful)
if your program had a smooth uninstall that actually did something, was called WarningNastyEvilSpyware.exe, flashed up a new warning everytime it ran that evil crappy spyware it installed, and clearly documented everything it did, then I guess it was ok (though you'd have to pay me to use it).
otherwise you were working for evil.
(and what made you think you'd get karma for admitting to writing spyware?)
Re:It's interesting (Score:5, Interesting)
-
Who actually reads all the agreement to use the software?
-
How many of them know their personal details are being sold?
-
How many people know what is actually being collected.
-
How many people got these "tools" from a random e-mail saying look this is cool?
I can hear what your saying, but I think the user is allowed the right to remove the spyware.If the company doesn't want them to use the tool without the spyware then make it break without it and inform the user they removed the spyware which collects their details and would they like to reinstall it or remove the free "tool".
Sure some spyware is worse than others, but the user deserves the choice.
Re:It's interesting (Score:3, Insightful)
Who's fault is it they didn't read the agreement r look into what "data" was being collegcted? The user's, ultimately.
Of course, that's why most of these spyware programs that *DO* have a license agreement (not many IMHO; how many drive-by downloaders have a license agreement at all?) are designed to be as unreadable as possible. You need a law degree to understand most of them. And at many, many pages long, why bury the "good" stuff down near the bottom? Why not put it right at the top in clear languag
Re:It's interesting (Score:3, Insightful)
On the one hand, some
It's difficult for most people to come to
Re:It's interesting (Score:5, Insightful)
Especially the last point is important. If my browser is infected with spyware, I simply want to go to controlpanel->software, select the program and uninstall it. Nearly always this is completely impossible. Lots of spyware nowadays actively combats uninstalling. And when software does that, it always is written by the Bad Guys.
Unfortunately you don't say what product your company was/is making, but I guess that was to be expected.
Re:It's interesting (Score:3, Informative)
Last Friday I went over to my cousin's house and cleaned her computer. (Can't quite get her to switch to Linux... yet.) Took all evening, and I finally had to boot into DOS and remove some files that way. One of them called "Wintools" had even set the 'hidden' and 'read-only' attributes, if I hadn't remembered 'attrib' I'd have had to wipe the thing and reinstall.
One of them had screwed up shutdown; it would freeze and she'd have to power-cycle, invoking a scandi
Re:It's interesting (Score:3, Interesting)
spyware almost always hides its true intentions deeply into some EULA nobody reads
spyware usually is very hard to uninstall
In other words, spyware like most spam depends on a business model based upon deception. Using deception in a business model is also known as fraud.
fraud (n.) -- A deception deliberately practiced in order to secure unfair or unlawful gain.
Fraud in the US is illegal.
Therefore, most spyware and spam are alread illegal in the US.
Look lawmakers you can give yourself another raise a
Re:It's interesting (Score:3, Insightful)
Re:It's interesting (Score:5, Insightful)
They would be really happy to install these free utilities and games. They really wouldn't care why their computer takes 30 minutes to start, and keeps crashing every so often, randomly. They wouldnt care, because they dont "know".
Its absolutely wrong to create awareness, since ignorance is bliss isn't it? For them, all they need to do when their computer becomes a constantly-rebooting over-sized paperweight is to call me and spend a day to have it "formatted".
I mean, c'mon, the funny-little-desktop-buddy is OK. All it does is reduce my computer to a 0.5 frame per second 1956 batch-processor.
Its funny how, when your bread comes from a shady source, that source becomes morally right. Like, for example, in my religion, interest based financial transactions are not allowed. The only people who say its ok are bankers!
Re:It's interesting (Score:3, Interesting)
I started it in safe mode went to the startup menu, and fell in the floor laughing. The only thing wrong with it, besides the fact that it had ME on it, was that my cousin had d/l so many spyware/malware/tollbar crap that the computer didnt have enough processing power to get it all started.
after disabling all that crap and running spybot and adaware it s
Re:It's interesting (Score:4, Informative)
This line of reasoning is absolutely misleading. With any loan there is a significant possibility of default. Profit is not guaranteed, and the interest provides economic motivation for people with surplus cash (the "rich") to loan money to people who need it.
Furthermore, this completely ignores the benefits that the borrower obtains from loaned capital. The ability to leverage money not your own is incredibly powerful, though not without significant risk. You can borrow funds to invest in a business or real estate, and done properly you have a good chance of making yourself quite a bit more wealthy. In many cases your return will far outstrip that of your lender.
By any measure, buying stock in a company is investing in its future growth potential. The average shareholder can do very little to guarantee this return except sit around all day. Further complicating this worldview is the notion of "investing" in the bond market, which essentially involves purchasing shares in interest-bearing loans.
Delve deep enough, and you get to the core concepts of capital, investment, and return on investment. What you are essentially suggesting is that one kind of ROI is "bad" (interest) while others are "good" (dividends earned through hard work). While this is an intriguing premise, there is no logical method of obtaining this conclusion.
It should be noted that much of the utility of wealth lies in its ability to let you choose to work hard only for the things you want to. There is no great benefit in suggesting that hard work itself is moral; people can and do work very hard for extremely selfish or malicious purposes.
Re:It's interesting (Score:5, Interesting)
Sure your actions are still legal?
Re:It's interesting (Score:4, Interesting)
First of all, your program probably didn't disclose to the users that it was collecting personal information, or if it did, it was buried near the bottom of the license, which is to say you may as well not have disclosed it.
You may not have hid your intentions, but I'll bet you didn't show them either. How many of your users would have installed your program if you said right on the first screen "We collect your personal information and do whatever the hell we want with it"? Uh huh, that's what I thought.
There's a huge difference between a banner ad on someone's site and your typical spyware program.
Re:It's interesting (Score:5, Interesting)
I don't have problem with that myself.
I _hate_ one little, clever company named Limewire. Limesoft to be exact.
Those assholes recently tested SPYWARE on Mac OS X knowing the fact that mac users aren't so advanced on such things.
They used same tactic as they did on Top Moxie, on Win32 years ago. Coded it so system part (java.exe) will run it and if user runs an advanced firewall (not usual on mac too!) , Java will ask for permission to connect to net, NOT the spyware itself.
Advanced users figured it (thank god) and that "Adam" guy from Limesoft (boss) said "they were testing technology on macintosh, its pulled from installation now"
Do I remember that kind of answer and shameless response from somewhere? YES! It was same deal on Win32 topmoxie!
Notice something, I use "spyware" for Limewire, not whatever your product is. If you show users your intentions, you won't get much protest from them.
BTW, as mac users turned out to be "not that stupid", they removed "limeshop control panel" installation from later releases.
Limewire, on mac, while doing such "great inventions" as first spyware on OS x is currently number 1 on download.com mac edition...
When are you bundling your shit again Adam Fisk?
Re:It's interesting (Score:5, Informative)
Its in just couple of Limewire 3.7.2 beta and 3.7.3 releases for mac. When they figured mac forums getting reports, they immediately pulled it from installation.
I am one (c) freak guy using all original dvds, cds, programs etc. Its really funny I got infected with spyware because of Limewire I mean...
I left a friend alone with my Mac G5, knowing my root pwd and I really didn't think he could be THAT GOOD on macs or forgot how easy macs are used
Guy installed limewire to get a rare mp3 he likes and boom, I had java asking permission to connect at morning (netbarrier running here)
What drove me nuts is, I am one of the FIRST guys figured TopMoxie on Win32 and alerted press (Wired etc) about it.
They figured mac users are aware of what that thing does and pulled it.
here is a forum posting for you, on a real popular mac website.
http://forums.macnn.com/showthread.php?s=&threadi
About Top Moxie? Oh man, that thing was more evil than satan... Can't imagine how much money went to wrong hands instead of non spyware legit referrers of Amazon.com etc.
http://www.symantec.de/avcenter/venc/data/adware.
Looks like Symantec analysed a recent version. That thing is written by very advanced java authors itself, read: Limesoft. It was first bundled with Limewire/Windows and OS integrated firewalls like Symantec firewall AUTOMATICALLY granted ALL rights to it since it was using SIGNED Microsoft JView to run. So, Jview, signed app, you get alert from firewall which RECOMMENDS to enable access since its signed microsoft system part.
Understand the trick? Since its SAME trick used on Limeshop/OS X
Oh it did one "cool" thing on windows...:) You know there are poor coders, freelance authors etc making money to run their sites via referring books,cds from amazon etc? It rendered such URLs (childs toy to get current url from IE) and REPLACED it with some limewire referrer.
Looks like they changed that attitude since Amazon and major, LEGIT referrers threatened a lawsuit against them.
We _must_ keep an eye on that Limeshop and TopMoxie, especially Java fans and developers. This is one cool(!) and evil way to unleash Java "run anywhere" potential. As its written in java, imagine 1 year later we speak about J2ME (java micro edition) spyware which is installed to Cell Phones, PDA's and Nokia, Ericcson give option to their customers to DISABLE Java via firmware.
Or lets say, you see people bragging about Linux,BSD is free of Spyware? It can easily change with that java sneaky thing.
Re:It's interesting (Score:5, Interesting)
I think I met one dude who didn't care then the spyware kept multiplying. Afterall these vendors don't care about their customers, in fact they are hostile to thme, so why not abuse the system and turn that one downloaded app into more installs during an "update."
On top if it, a lot of these apps append the sig line in your mail client and professionally its makes the users who use email for work look bad. It makes them look stupid and incompetent. This kind of thing embrasses them quite a bit, and rightly so. A client is going to see a email full of multicolor characters with 4 links to GAIN and think, 'This guy is a moron.'
>Especially when you step outside the parochial echochamber
And once you step out of your "people are stupid/ignorant and dont deserve disclosure" stage you'll understand.
I am very glad both socially (people deserve disclosure and a legalese 10 page EULA isnt) and personally (Im sick of fixing computers) that spyware/adware is the kiss of death and now in the same league as spam and other scams.
Re:It's interesting (Score:3, Insightful)
Spyware (Score:3, Informative)
My reccomendation is firefox or mozilla or even opera if you prefer it.
I do however note that if you take a clean system and then visit msn.com, then run spybot etc you will find that there are little evils that appear on your system.
It now appears that the best option is to wave goodbye to MS if you can. Pick a nice linux distro (eg Ubuntu or whatever suits you) or even MacOS X and feel that little bit safer.
Re:Spyware (Score:3, Interesting)
I just use Firefox's cookie handling. I disable cookies and choose to allow only certain sites to set cookies (such as gmail, online banking etc).
Re:Spyware (Score:2)
Re:Spyware (Score:4, Interesting)
There are PLENTY of things people can do in windows to protect themselves as much as they want. Suggesting moving to another operating system shows your real intentions here.
I apologise if this sounds pretty harsh, but I'm pissed off with the lack of professionalism or objectivity on this site.
Re:Spyware (Score:4, Funny)
Your new here, aren't you?
Re:Spyware (Score:4, Insightful)
While you may be able to run a windows operating system without getting infested with spyware it seems to be the case that many people can't.
perhaps if people could be educated into looking for "open source" instead of "free" when looking for a tool or utility then they might improve their Pc's health.
Spyware often uses two parallel processes to maintain control of a pc, when you go to kill one process the partner process restarts it. these tricky beasts can be killed by booting in safe mode and finding the programs on the harddrive and deleting them. These are the most common ones I have to deal with once I have educated users to run spybot and adaware to remove the easy stuff.
It doesn't help that users like to run things like kazaa instead of kazaalite as an alternative and seem clueless and overly trusting of the files they download- often not even running an up to date antivirus program such as avg (free edition).
Finally while windows is a mess of worms trojans and spyware, suggesting that these same users run linux instead, is pointless they struggle hard enough with windows. linux isn't friendly to clueless users ect...
Maybe a Mac is the real answer for these people but few will migrate to another o/s or buy new hardware so the problem will remain.
perhaps it might help if it was possible to launch linux from within the windows environment. similar to the experience of running amiga os under emulation.
then users can venture into linux as and when they find applications to run under linux and don't have to reboot into windows to run something which doesnt have a linux alternative.
To be objective you can't look at windows and say it is not vunerable to these problems (no matter how well you look after your system). It is equally valid to say Linux isn't a pain free alternative yet.
hope you find this post a little more balanced.
Re:Spyware (Score:3, Interesting)
Why are you spouting this FUD about microsoft?
My father and one of my brothers have windows machines. One is a locked down corporate XP pro SP1 laptop that is remotely administered by professionals. The other is a Windows ME home computer used for web surfing, e-mail, and video games.
About every other time I go to visit them, I walk them through spyware removal to make their machines run at a reasonable speed again. About once every three months, one of them calls me because their machine has become
Re:Spyware (Score:3, Insightful)
Years ago, I ran nothing but Win9x. My own home systems were fairly stable and usable. I had no interest in anything but a Windows world. Then I became a "professional".
As a payed IT cog, I had to deal with OTHER people's Windows machines. I got a full sample of Murphy's Law and Microsoft. And then I began to understand some of Microsoft's detractors.
It's not that Windows is absolu
Re:Spyware (Score:3, Interesting)
I can install apps x, y, z and utilities p, q & r.
The apps update themselves without my intervention.
There's no crap to put up with. I don't update my software, my software updates itself. This is what I mean - you're not telling the truth here. You're saying Windows is at the state it was 5 years ago, when it clearly isn't. As for spyware, just install adaware, and it'll protect you perfectly. Heck, I still use IE, and my computer is still mine, running without any spyware at
Interesting... (Score:2, Interesting)
Ad-Aware and HijackThis (Score:5, Insightful)
if you don't log and analyze traffic (Score:3, Insightful)
hmmm why is that activity LED blinkin?
Is Windows fit for the internet? (Score:5, Interesting)
Re:Is Windows fit for the internet? (Score:5, Insightful)
Re:Is Windows fit for the internet? (Score:2)
Gary Grocer, Billy Butcher... (Score:5, Funny)
I think you're underplaying the seriousness of Gary Grocer's nefarious activities. After all, he's an internationally-wanted credit card fraudster who is also notorious for using zombified PCs to send spam.... that's how he makes his "extra money". (Note: There is a reward for the capture of him and his money-laundering associate, Freddy Firefighter).
"These people are scum, " says Florida's Head of Anti-Fraud Investigations, Calvin Criminal.
"Damn right, " adds his colleague, Alvin Arsonist.
And there's really no defense (Score:3, Insightful)
For those that don't know, Mac OS-X does just this. You run as a user, and it asks for root when something requires root to execute. Good idea, don't want to be running as root full time. So I'm hanging out in a recording studio, chattering with the engineer, who is also piddling aroun
Re:Is Windows fit for the internet? (Score:2)
If you change the ecosystem new species will evolve to fill the niches.
Re:Is Windows fit for the internet? (Score:5, Insightful)
Windows is a relatively secure OS if you know how to run it. Unfortunately, most people who run it are dumbasses who install all programs they find and click YES to every prompt they see. If you run it with a decent firewall (whether that be software or hardware), antivirus software, and diligence then Windows won't give you any problems.
BTW I recommend Ad-Aware and Spybot: S&D for clearing out just about any crap if the spyware does somehow "install themselves" onto a system.
Re:Is Windows fit for the internet? (Score:3, Insightful)
Windows is a relatively secure OS if you know how to run it. Unfortunately, most people who run it are dumbasses who install all programs they find and click YES to every prompt they see.
Unfortunately, Windows is designed so that any dumbass can run it. Any OS which demands any kind of technical comprehension is labels 'elitist' and stays relatively obscure.
The only reason Linux is gaining ground is that the latest desktop environments and installers allow you to be a total eejit and still get a halfwa
Re:Is Windows fit for the internet? (Score:3, Insightful)
Windows is reasonably secure only if it is behind a Linux firewall...
If Windows was secure, then Linux would have been behind Windows firewalls and all the little Linksys and Dlink firewall routers in Best Buy would have been running WinCE.
Nuff sed.
Ad-Aware Rules (Score:2, Informative)
Makes most machines usable again, and quickly.
My time is preciouss. (Score:5, Funny)
No they are not. I already burned all Windows CDs in the fire. You wan't believe how much time I gained by doing this!
Re:My time is preciouss. (Score:3, Funny)
And you're not only reading, but also posting in slashdot.
Riiiiiiiight....
I never rated S&D (Score:2)
And if they fail... (Score:5, Informative)
http://www.spywareinfo.com [spywareinfo.com]
It's arguable that they're the biggest antispyware site out there, and if nothing else, they can get the CoolWebSearch strains that even Ad-Aware and Spybot can't get (real-yellow-pages, linklist, et cetera).
(Disclaimer: I'm a Trusted Advisor there.)
Spybot S&D.. (Score:2)
I don't get it (Score:2)
Perhaps I'm in a rare position and have been lucky to be immune from such troubles, but it seems to me that checking startup items, managing what's running on your system (exe's, services, etc.) is fairly routine stuff. And if there is a problem, deleting a file, making a simple regedit, etc. can't be that hard, right?
Re:I don't get it (Score:2)
Admittedly, there are certain hotspots (HKLM\Software\Microsoft\Windows\CurrentVersion\R u n being the big one), but you don't want to regedit over there every time, do you?
No. You use tools to kill that.
You can't manage BHOs without BHODemon or XP SP2, so you use HijackThis to kill the bastards.
Services are a pain to check, but very few s
Re:I don't get it (Score:5, Insightful)
The point is not that we technically proficient people can deal with SpyWare but rather that the 99% of computer users who are not technically adept can use their computers, the internet and their email without having to fight a constant battle with unwanted intrusion.
What other mass-produced, home appliance can you think of that requires a deep understanding of its inner workings? We, as the technicians, should be hanging our heads in shame that we have failed, in over 20 years of trying, to devise a machine and an interface and a secure environment that allows the end-user to enjoy the internet or office suite or any other application with such carefree abandon as they do their TV or Dishwasher or Microwave.
Sure people need to be careful, just as they do when driving or using a blender, but surely it is not beyond the wit of man to hide the complexity of the system. Surely a better use of our time and effort, rather than trying to play catch-up with 'the man' is to start finding common ground upon which we can progress best practices... Let the Corporations then compete on price and feature-sets from that good and solid foundation rather than firing off in their own directions with their own agendas and muddying the already dirty waters.
We have a lot of work to do, I'm afraid.
Thank God... (Score:2)
The least Microsoft could have done is create a non-admin user upon installation and force users to work as that, e.g. by changing word, excel etc. to refuse to open when used by an administrator and changing IE to refuse to work on anything but windowsupdate for administrators.
That would have been far more effective than SP2 and all the gazillion tools one seems to need today to be able to use XP reasonably.
It would also have cut down on a lot of Spam.
Yes, it woul
Re:Thank God... (Score:3, Insightful)
One of the main stupid things in Windows is that you have to log in to the whole GUI mess as administrator---whereas in proper systems (where the GUI, e.g. X, is an optional part of the OS) you open an xterm and use su so that only the processes run from that xterm have root privileges. There's little temptation to run a web browser or word processor as root.
hitman pro (Score:3, Interesting)
http://www.freedownloads.nl/hitman_pro.htm
It's dutch and it runs Ad-aware, Spysweeper , Spybot S&D, Stinger, Spywareblaster , ect...automaticly....
my spyware solution (Score:2)
The best Anti-Spyware tool... (Score:2, Funny)
Seriously, I've yet to see spyware that booting into SafeMode and running HijackThis won't cure.
Spy Assassin (Score:2)
Spy Assissin is cheap, and you get a 5 PC licence for it. Certainly sorted out a few nasty popup problems on my dads PC (though he probably didn't mind some of those lovely ladies popping up, but I'm sure my mother would have if it had gone on any longer).
Spy Assissin is updated regularly, and each time you run it it downlo
Horses for Courses (Score:5, Insightful)
You could probably get even better performance by running more than those two, but I'm not going to harrass my clients to start running half a dozen programs just to remove spyware and it's a pretty rare thing to come across a piece of spyware, even a humble cookie, that both of those two miss. Anyway, my point is this; You can't just run Ad-Aware or Spybot and think you're protected. Until an anti-spyware tool has a 100% record against all known spyware, I won't consider them anything near a definitive tool, or a licence to behave recklessly on the net, something which too many naive people seem to do.
The problem with anti-spyware tools is three-fold;
a) They are made by private companies and individuals who's credentials and/or decency cannot be guaranteed. They could easily take kickbacks from spyware companies in exchange for 'excluding' their programs from the scan list. Sure, it might not be happening now, but what's to stop Lavasoft suddenly to start taking kickbacks to let the less insiduous spyware through? Unless you're on the inside of a company like that, you can never be sure. I'm sure Lavasoft aren't doing anything like that, as these results prove, I'm merely using them as an example - any anti-spyware app people trust is in an immensely powerful position on the user's computer, and any money-seeking company can theoretically be bought out.
c) When they remove a spyware
c) People do, as I mentioned above, use them as an excuse to behave recklessly on the internet - they will install random
Anyway, what was my point again? Oh yes, that these statistics are misleading for naive users. Ad-Aware and the others are now going to start shouting from the rooftops about how they're one of the top 3 anti-spyware apps on the market, and thousands of lusers will trust themselves to it implicitly solely because of that blurb, while the reality is Ad-Aware still misses stuff, and it is more than fallible. That 'lowly' Spybot has turned up half a dozen items Ad-Aware failed to find at least three times for me, but I wouldn't run that on it's own either - Everybodyb knows it's a good idea to get a second opinion, especially when it's free.
Also, does anybody else find it funny that
Arguments to the contrary... (Score:5, Insightful)
The reasons seem to be simple;
Yet, the test results show that the spyware detectors aren't in the arms race against spyware that I described above. Instead, many spyware revisions aren't detected at all. Either they don't know about the spyware revisions, the spyware is not being tested for, or the spyware is being ignored on purpose.
Right now, the bar that the spyware creators have to leap is very low. Both social engineering and direct injection onto systems make spreading these things fairly easy to do for the spyware maker. Tie that in with many spyware detectors not detecting completely, and not being used consistantly, and I don't see an end to this problem soon for most people.
What to do? I'll leave that to others for now. I have my own lists. It is a security issue so the systems should be considered to be on hostile networks and hostile users. I consider 2 hours to lock down a Windows XP system to be a reasonable minimum amount of time to spend on each system -- unless automation tools are used.
Spyware tips I've picked up (Score:5, Informative)
I run a small IT consultancy, and nearly every internet connected PC we work on has a significant spyware infection on it. It's not only our job to remove it, but to prevent it coming back. The things that I've noticed after fixing a lot of problems:
This won't stop everything by any means, but it slows down reinfection. End users need to change habits - reading EULA, not just clicking OK, using passwords - but this isn't something you can do with a couple of hours work, so people aren't willing to do it. I have no solution to that problem.
Re:Spyware tips I've picked up (Score:5, Informative)
I should ad (hoho) that one major advantage of Spybot S&D is that you can schedule it to run quietly in the background... this just isn't possible with any of the other free tools. The command that does it:
spybotsd /autoupdate /autocheck /autofix /autoclose /autoimmunize /taskbarhide
There are other tools that help massively with spyware. As a consultant, it's equally important to understand the ways and means spyware gets onto the system, so that you can prevent and cure effectively, and respond to new spyware before the automated tools do it or before it appears on the many forums.
Re:Spyware tips I've picked up (Score:4, Informative)
http://www.jankratochvil.net/project/captive/
Knoppix can find the needed DLL's and mount the drive as RW. It isn't 100% guaranteed safe, but when the system is already damaged it is definately worth a shot.
I've used it once to move data to a second drive for a customer and it worked flawlessly.
Re:Spyware tips I've picked up (Score:3, Insightful)
From my limited experience with spyware, by simply removing the user from the Administrator group you effectively cripple the majority of spyware tools. If you do not have access to modify the %SystemRoot% or make any changes to %ProgramFiles% you'll be a much safer user overall.
I would never logon to my box using root for daily activities. While spyware may be able to make modifications to the current user they wil
An ounce of prevention worth a pound of cure (Score:5, Informative)
Watch out for newer spyware's startup routines... (Score:4, Interesting)
If it hasn't already become obvious I'm all in favor of dropping large objects on the scumbags that make this kind of stuff. Say, a super-large special order 1000 ton ACME anvil, to start?
Review Format (Score:3, Insightful)
I, for one, would like to see some conclusion or recommendation or rating (Anti-Spyware A - goog; Anti-Spyware B - shit; Anti-Spyware C - excellent).
I know the article focuses on falling efficiency, but still, it's a bit overwhelming to go over those huge tables.
Comment removed (Score:5, Informative)
A couple of utilities I've found usefull (Score:3, Informative)
1. LSP Fix [cexx.org]. This program will let you see what dll's are embedded in your TCP/IP stack. Most of the time it will even detect stuff that's not supposed to be there, but you do have the option to override its judgement. Spybot S&D also has the ability to look into the stack, but you can't use it to remove offending modules, nor see their actual dll filenames.
2. Winsock XP Fix [spychecker.com]. This nifty little utility will basically reset all registry se
No mention of CnsMin? (Score:3, Informative)
Even starting in so-called 'safe mode' won't stop it. You have to boot with a CD and erase it manually.
The people who wrote it are 3721. something, and a link to it even appears on the default Chinese search page. In theory it just allows for Chinese name searches, but in reality does much more.
You have been warned - please don't visit the site.
End User License Agreements and Privacy Policies (Score:5, Insightful)
Am I the only one who doubts that will come true any time soon, we all know how to click on a button as a reflex action, reading a lengthy EULA full of lawyerspeek... that's a headache.
A hardware solution to Spyware (Score:3, Insightful)
You use the PC for playing "City of HalfEverDiabloCraft III" and for generating dubious overclocking benchmarks and storing your MP3's on your terrabyte RAID with the windowed 250gb SATA disks.
You use the Mac for web surfing, email and IM, to store critical documents you don't want eaten by Virii (making sure to back them up to CD-R every now and again) and generally Doing Usefull Stuff.
That way, your precious game time is uninterrupted by Microsoft's Keystone Kops approach to secuirty and monoculture attacks. Let's face it... you ain't never gonna be able to lock down your Windows box, no matter how much money and third party utilities you throw at the problem.
Alternatively, OpenBSD on any old laptop is another way to dodge the spyware bullet, if your Unix Fu is the stronger.
SoupIsGood Food
What surprises me is... (Score:3, Interesting)
You'd think that the hosts of "Innovators of Wrestling" would yank it if it were downloading crap onto people's computers without their knowledge - in violation of the LAW!
But then again, I've seen how well most System AdminDUHstrators manage their sites; perhaps my surprise is simply the result of my moring coffee not kicking in yet.
And here is a question for the class to consider: Given the difficulty of removing spyware in a machine which is running the spyware, why has somebody not taken Knoppix, Wine, the NT filesystem wrapper code, and a virus cleaner, and created a boot disk that would
- mount the users disk using the NTFS in the kernel
- locate the native NTFS DLL, MD5 check it, and assuming it is not corrupt use it to mount the system R/W
- Use winelib to access the registry and clean it
- Run the filescan and purge to remove the infections
. That way, you would need to reboot twice (once to boot into the CD, once back into Windows).Granted, for me this question is of academic interest only - I don't run Windows anymore. But for those of us who have relatives still stuck in purgatory, this might be a better way to run.
Here's what I do (Score:3, Informative)
I use Bart's PE Builder [nu2.nu]. In a nutshell, it's a bootable cd with a Win32 network, disk (with native NTFS support) and GUI API load. The best thing is that it's built using actual Windows dll's and the like. Of course, you have to have a copy of XP or Server 2003 to built it, and it may not be strictly within Microsoft's licensing agreement to use their IP in this fashion, but t
SINGLE BEST SOLUTION (Score:5, Informative)
Cycles (Score:4, Insightful)
These things go in cycles, kind of like the Darwinism that didn't work quickly enough on the germ plasm that somehow evolved into the amoral mockeries of humankind that write spyware/malware.
Adaware was widely used for a while, then I started noticing that it wasn't working so well.
Then Spybot is/was hugely popular and extremely effective, so I've started to notice that it too is missing stuff now (or is unable to remove what it finds).
Virus...er...spyware writers are working against these programs, and it's only natural that they are evolving their code to defeat at least the most successful/widely used anti-spyware programs out there.
You wouldn't expect the flu inoculation from 5 years ago to protect you this year, would you? Spyware - and it's counteragents - are the same.
Why isn't this illegal? (Score:3, Interesting)
What I do not understand is how can this be legal. To me this is no different than a trojan (the viral type not the condom.) Maybe it does not self-replicate and spread, but it still hijacked my friends computer. I thought that the malicious or destructive control of a computer without the users consent was illegal according to federal law. Why is it the the government will go after script kiddies, but does not go after the corporate goons who are no better? Oh, wait, I forgot. Script Kiddies do not make political contributions. I'm going to email my congressman.
Out-of-control (Score:3, Informative)
Very nearly 100% of the computers I touch are infested with slimeware. Running several commercial apps will clear most of the crap that is found but one or two apps seem to come back within a day or two (even if the user claims that they have not been on the internet). It has gotten to the point where I actually believe some of them!
I've found that what seems to be happening is that the slimeware distributors are playing a little versioning game. As soon as the major spyware removal tools are able to kill a specific version of slimeware, the slimeware authors make a new version that they then distribute.
It takes time between the release and the time that the spyware removers catch up and in the meantime, it is up to people like me to figure out how to clean up the mess. I am pretty hard-nosed and will spend a couple of hours searching the registry, booting from CD and deleting files and that kind of stuff to kill off the slimeware. Others who do similar jobs just re-image the machines. Soves the problem faster but I don't think the users are quite as happy. They have to reconfigure the machine to how they like it and there is always the risk of lost data.
I'd love to see these purveyors of filth in prison. Many of them serve up porn and put it on kids machines! They are guilty of a crime every time this happens. Why can't we do something?
Anyway, I don't blame the spyware removal people for these setbacks. They work hard to keep up but just can't.
Im my dreams, I dream of a single tool that sits on the desktop and checks for viruses, slimeware, spam, and other threats and inconveniences. I'd like the tool to be able to be programmed to block access to various applications and websites too. I'd like the same tool to have some sort of "safe recovery" feature that allows me to move back in time to a stable configuration that would not delete data.
These are just dreams but will someone somewhere please make my dream come true? Corporate IS departments everywhere would thank you with money from their budget!
Re:none here (Score:4, Funny)
I wonder what it is like...
Re:none here (Score:2, Interesting)
Never is a loooong time. Even Sean Connery learned Never to Say Never Again.
Re:none here (Score:2, Funny)
He has no secrets. I am currently logging in to his machine, if you call Windws 98 a machine. he can either pay me for real spy removal tools or I email his files to his mother.
Love,
Mr. Hacker
Re:none here (Score:3, Interesting)
I just ran Ad-Aware for the first time in a while (it told me my definition file was 109 days old), and it prompted me to go download an upgrade. Ironicly, it launched IE for this (firefox is definately set as default). Once it finished updating and running a full scan, it found 4 whole 'bad' things, which in this case were
Re:none here (Score:3, Interesting)
Re:none here (Score:5, Informative)
Talking of Java.... (Score:3, Informative)
Re:none here (Score:4, Interesting)
Re:none here (Score:2, Insightful)
That's kind of the point. If spyware broke your computer immediately, you'd know it's there and would be able to remove it.
If you've never checked for spyware, it might be on your system.
You can declare that you know you don't have a disease because you were never tested for it.
LK
Re:none here (Score:3, Informative)
Re:none here (Score:2, Insightful)
What about programs that appropriate the names of legitimate windows processes? Or ones that take advantage of the shortcomings in the font used in the task manager to look like a legitimate process?
LK
Re:none here (Score:2, Informative)
Re:none here (Score:3, Insightful)
What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone.
Unfortunately that's a long way from the truth. But I think you should blame the engineers and computer scientists, not the end users.
Re:none here (Score:5, Insightful)
User stupidity is still the number one security problem.
Nonsense. (Score:3, Insightful)
Again, Nonsense. (Score:3, Insightful)
But both computers and cars are complex multi-purpose devices. They are not commodity television sets or VCRs whose software only perform one basic function (watching a channel, recording a channel).
The more you can lock down and restrict the software on a device, the more secure and useable it can be. This is why crashes in phones and PDAs are so much less common than PCs.
The instant you give the user the ability to install wh
Re:Nonsense. (Score:3, Insightful)
There. That wasn't hard, was it?
Yes. No persistant data storage. No way to actually create new programs. No way to use remote ressources. No protection for so called active content (program builtin languages) not running havoc. What you create is a quite limited type of computer, similar to a game console or an early '80ies home computer without external storage.
We are
Re:none here (Score:3, Insightful)
Similarily, using a computer with a broadband connection to the Internet without at least some idea of how to make the computer secure (i.e. ant
Re:none here (Score:5, Insightful)
What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone.
That would work if a computer had about the same features and abilities of a toaster.
Unfortunately, a computer is mixture of hardware and computer software that can do office tasks, multimedia, file sharing, communications, and gaming. The feature set is easy to upgrade and expand through software installations.
In addition, due to most computers being connected to the rest of the world, the cost benefits of spyware/viruses (creating spamming relays is big money) and the fact that trying to infect an individual computer is effectively free, the problem is apparent.
Any product with a ton of features and abilities requires user training. Its possible to easily design a car that doesn't require knowledge to drive -- as long as everyone will only go to the mall or the grocery store. But people use their autos for many destinations, over many different roads, and thus we require people to learn how to use cars.
A computer is no different.
Want to write documents? A typewriter works. Some of the electric ones were quite nice. Want to send text messages? SMS over mobile phones. Want to send documents? Fedex. Games? A console. Music? A radio.
Want to do all of the above, and more, with the ability to extend the features and easily upgrade for less cost? Okay. But it will require some training.
If you disconnect yourself from the internet, and lose that feature set, you will probably be secure. Even disconnected, not knowing what you are doing will have consequences. If you are lucky, the only consequence will be wasting your own time. If you are unlucky, you will be frustrated by fighting with the computer all the time to do what you want, how you want it.
Do you want to connect to the net? Congratulations, now you are exposed to the worst people in the world. Would you be cautious walking down a street in Romania with your credit cards in your wallet? Why aren't you cautious while you are online, making purchases, connected to the same network as a Romanian hacker?
I'm sorry, but we can't not create an idiot-proof box. We can't even make a box that requires zero knowledge to run. Our best bet is education.
Re:none here (Score:2)
did you set firefox to be his default browser ?
otherwise clicking on links in email opens IE
installing is not enough
There are also products that use the HTML Active X control (such as EditPlus and WinAmp I think) thus by-passing your hard work.
Re:none here (Score:2, Insightful)
Re:none here (Score:5, Insightful)
Is it simple ignorance? No, that could be easily corrected. Is it sheer stupidity? No, these people are otherwise of average intelligence or better. It's some kind of weird mental blindness that comes over people whenever they are faced with a computer screen. It's conditional stupidity, and it's one of the main problems with the general public. Most of them will never learn to be careful until you hook up a car battery to their earlobes that gives them a physical notice whenever they do something stupid. Otherwise they just don't seem to be equipped mentally to grasp the concepts involved in using a computer responsibly. The software industry hasn't exactly been helping matters, but they have a monumental task ahead of them. I think computers are just too abstract for a lot of homo sapiens sapiens to deal with.
Well, here's IMHO what's wrong with them (Score:5, Insightful)
In the real world, you don't have to have an absolutely-unbreakable titanium-plated vault door to your house, nor bullet proof windows. If anyone wanted to hack your front door down, it's worth a maximum 5 minutes with an axe.
Real world locks also aren't supposed to be unbreakable. Au contraire. By computer security standards, they're a catastrophe. Most allow 1-pin-at-a-time attacks, which in computer security is the worst anti-pattern. Locks with master keys allow easy escalation of privileges too.
It's all documented vulnerabilities (or exploits) and they've been known for ages, and never fixed.
But they work IRL anyway. Yes, any kid could lockpick your front door, or hack it down, or just throw a brick through the window to get in. But people still use locks, doors and windows.
Why? Because the IRL (In Real Life) you don't live in a lawless no-man's-land where any kiddie with a lockpick is l33t and free to pick your lock. IRL your real defense isn't the lock, but the law.
The lock or the door just markers. They just say "you're not supposed to be past this point uninvited, and if we find you inside, we'll throw your sorry ass in state jail."
(If you're a die-hard gun fanatic, feel free to replace by "if I find you in, you'll get a gut full of buckshot." Same idea: there'll be repercursions. The door just marks the point beyond which the thief is not supposed to go, not _the_ deterrent itself.)
And people instinctively expect the same kind of rights and protection to apply to the online world too. "This is my computer, you're not supposed to be on it. Your playzone ends at the ISP, and this side is my private property."
Unrealistic expectation? Maybe. But it exists nevertheless.
Unreasonable expectation? Not at all.