Forgot your password?
typodupeerror
Privacy

Given Up to Spyware? 733

Posted by CowboyNeal
from the unset-passwords-and-publicly-writable-shares dept.
Khuffie writes "Wired has an interesting article about how some people have given up to spyware, knowing that the software they're installing virtually takes over their internet connection. What's even more ironic is that they claim it's a necessary evil for free software, when things like the Google Toolbar virtually replace Gator, and there are many spyware-free P2P programs available."
This discussion has been archived. No new comments can be posted.

Given Up to Spyware?

Comments Filter:
  • Download.Com (Score:5, Interesting)

    by metlin (258108) * on Tuesday December 07, 2004 @12:37AM (#11014651) Journal
    I'll blame sites like Download.com that started this trend.

    Download software foo from us, but it would come with Gator and a whole shitload of spyware. And then, everyone else started following suit.

    I still remember times when spywares and trojans were hacker-only. Greedy corps brought it to the masses, and now it's become an accepted part of the "Internet experience."
    • Re:Download.Com (Score:5, Interesting)

      by wyldeone (785673) on Tuesday December 07, 2004 @01:03AM (#11014888) Homepage Journal

      Download.com is definitely a big problem.

      On their download page for Azureus [download.com] there is an editor's note saying that it contains spyware, and about half of the comments say that it installed malware on their computers. Probably the half that actually downloaded it from CNet.

    • Re:Download.Com (Score:3, Interesting)

      by Bill_Royle (639563)
      Download.com is part of CNET, but Slashdotters submit articles from News.com - also owned by CNET. If Download.com is so irresponsible, why then do we provide such a company with recognition and traffic?

      Sometime to think about the next time you consider going there.
    • Re:Download.Com (Score:4, Interesting)

      by Anonymous Coward on Tuesday December 07, 2004 @02:41AM (#11015409)
      Working for an ISP, I get to see a lot of the effects of these fun programs. One of the trends that we've seen is the fact that spyware/adware/malware is unfortunately becoming more stable and able to interact with each other: passing information appropriately from layer to layer. Previously, a single spyware program on your Windows box meant constant IE lockups, incorrect URL parsing, or just general BSOD fun.

      Point being, now that this has become an apparently viable way of advertisement and data mining, developers of these types of programs are just becoming better at what they do, making the addition of a redirector plus various URL harvesting tools (etc) on your system not as much of a issue because you don't see the effects of such. (hows that for a run-on).

      These will also be the same people complaining that their internet connection is running slow.

      "I'm sorry sir, Yahoo.com isn't down, its the 14 other sites you have to connect to before getting there that are giving you trouble."
    • Re:Download.Com (Score:5, Insightful)

      by ArbitraryConstant (763964) on Tuesday December 07, 2004 @03:47AM (#11015664) Homepage
      This probably hurts open source software...

      Gator says "free", Firefox says "free". To someone without access to additional information, there's nothing to tell them apart. To people that are savvy enough to not just install ramdom crap, it probably holds back adoption.
  • by Anonymous Coward on Tuesday December 07, 2004 @12:38AM (#11014653)
    Spybot [kolla.de]
    Adaware [lavasoftusa.com]

    Oh, and Linux [linux.org].
    • by l810c (551591) * on Tuesday December 07, 2004 @01:11AM (#11014945)
      I clean up PC's all the time for friends. Got one here just tonight. I charge one 12-pack of beer per 500 infections :)

      Now a couple of things about those programs. I do install each and most importantly Run Them For Each User account on a XP PC. Adaware I believe has a larger database/scope and catches more things. Spybot is able to get things running in memory by running first thing on reboot. One other free tool that I find very useful is this [mlin.net] control panel applet that is what msconfig should be.

      There are Many things that these programs do Not catch even when updated. I ran into reaIplay.exe tonight. I had to boot into Safe Mode command line to manually delete it. A couple of weeks ago I had to delete a file from an alternate Windows file Stream. There exists this netherworld of alternate data in XP that is not accessable via any of the regular tolls.

      And the last thing I do is install Firefox and tell them to Use It Damnit or I'm upping the charge to a case per 500 infections.

      • by mankey wanker (673345) on Tuesday December 07, 2004 @02:24AM (#11015334)
        Ummm...what's wrong with using the registry instead? Try regedit, you'll like it...

        [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\C ur rentVersion\Run]
        [HKEY_LOCAL_MACHINE\Software\Mic rosoft\Windows\Cur rentVersion\RunOnce]
        [HKEY_LOCAL_MACHINE\Software \Microsoft\Windows\Cur rentVersion\RunServices]
        [HKEY_LOCAL_MACHINE\Soft ware\Microsoft\Windows\Cur rentVersion\RunServicesOnce]
        [HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit]

        [HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu rr entVersion\Run]
        [HKEY_CURRENT_USER\Software\Micro soft\Windows\Curr entVersion\RunOnce]
        [HKEY_CURRENT_USER\Software\M icrosoft\Windows\Curr entVersion\RunServices]
        [HKEY_CURRENT_USER\Softwa re\Microsoft\Windows\Curr entVersion\RunServicesOnce]
        [HKEY_CURRENT_USER\So ftware\Microsoft\Windows NT\CurrentVersion\Windows]
  • bad idea (Score:3, Insightful)

    by Chuck Bucket (142633) on Tuesday December 07, 2004 @12:38AM (#11014659) Homepage Journal
    This is a horrible trend; it will reward the 'marketing' groups that dream this crap up. I've got my mom working against all this crap via GoogleToolbar, Spybot, etc. It's a joke that she has to do that, but on dial up a few well laid spyware apps make her system un-surfable.

    What will it take to break the back of Spyware? Spyassassin? ;)

    PCB@
    • Re:bad idea (Score:4, Insightful)

      by Ron Bennett (14590) on Tuesday December 07, 2004 @12:47AM (#11014742) Homepage
      Google Toolbar itself is not much better than outright spyware - so you may want to rethink suggesting that one; Google corp is changing for the worse, so it's only a matter of time before they "enhance" their toolbar with more "features".

      Ron Bennett
    • Re:bad idea (Score:5, Funny)

      by grozzie2 (698656) on Tuesday December 07, 2004 @01:02AM (#11014876)
      I'm torn between what's worse, spyware, or ponzi schemes trolling for free ipods...
  • It's called apathy (Score:5, Informative)

    by lordkuri (514498) on Tuesday December 07, 2004 @12:39AM (#11014663)
    People just don't care... they can't be bothered to think about it. I've talked to so many people, "yeah.. I need to get a new computer, this one's slow" their system gets hosed, they just get a new computer. wtf is with that?
    • by Anonymous Coward on Tuesday December 07, 2004 @12:47AM (#11014743)
      No, it's not apathy. It's more ignorance. People assume that their computer will work like a dishwasher or a vaccuum cleaner. No unwitting computer user actually thinks that there are things inside their computer that are actively destroying it.
    • by insomnyuk (467714) on Tuesday December 07, 2004 @12:50AM (#11014771) Homepage Journal
      they just get a new computer. wtf is with that?

      People are rationally ignorant. They don't have time to fiddle with something they don't understand. I had to fix my grandparents computer once, and when I tried to explain what I was doing they just said, "honey, we don't care."

      As for people just getting new computers, at school I see far more students just put up with the spyware that debilitates their system. They'll bitch about it occasionally but they won't bother to do anything about it. Its amazing the threshold for bullshit some people put up with for computers.
      • by gcaseye6677 (694805) on Tuesday December 07, 2004 @01:25AM (#11015025)
        I think you just hit the real reason in that last sentence. People are used to putting up with computer related bullshit (crashing software, software/hardware incompatibilities, lost passwords, etc.) that they have conditioned themselves to the reality that computers aren't perfect. Those that don't understand how they work don't know what kinds of bullshit they have to put up with and what kinds can be fixed. They just put up with things as long as the computer is still usable. Kind of like driving a car with plastic bags in place of windows; it just doesn't bother some people enough to make them fix it.
      • by GospelHead821 (466923) on Tuesday December 07, 2004 @02:14AM (#11015291)
        I haven't yet had to fix my grandparents' computer. It helps that as soon as my grandfather's free two months with AOL expired, he decided the internet wasn't worth all that much to him. Not being online is like abstinence for computers, so their machine is clean. I've had several other people come to me for help though and their computers were simply filthy with junkware.

        Like your experience with your grandparents, when I started to explain to them what had gone wrong and what I had done to fix it, they wanted to tell me, "I don't really care." I'm sure it would be uncomfortable doing what I did to one's grandparents, but I let those people have it. I told them that they'd better start caring because the sorts of problems they were experiencing could be prevented with a little bit of due caution. Further, since I never demanded payment and actively tried to turn down compensation (since these people are friends of the family), I refuse to fall into the trap of being obligated to repair their computers when they break them. Obviously, I can't teach all of them everything there is to know about computer maintenence, but I've managed to train several of them on the use of Ad Aware and on responsible internet use.

        As an aside to that, I'd like to note that sometimes the problem isn't apathy, but nor is it strictly . I suppose it's a kind of ignorance, but it takes the form of naivety. These people don't realize that the offer for free games or assisted browsing aren't benevolent offers or even just benign advertisements. They trust that whomever has caused these offers to appear on their screen is dealing with them fairly. A little bit of cynicism is valuable in this case. The first thing I've taught my users is that if they haven't asked for something to appear on their screen, don't trust it; and if they haven't specifically sought a good or service, don't accept it.
        • by killjoe (766577)
          Unfortunately it's become fashionable in the US to profess your ignorance and stupidity. Although most people would still be ashamed to admit it if they were illiterate they proudly proclaim that they "know nothing about computers" or "can't do math".

          Of course it does not help that the chattering classes continually sneer at the "intellectual elite" and bash the educated every opportunity they get. These days having an "east coast education" is out of fashion but listening to Toby Keith CDs all the rage.
        • by hajihill (755023)
          This brings up some really good points.

          I was recently in a situation where a guy I know, who actually makes money doing tech services by just consistently networking with people he knows, was working on a mutual friends computer while I was in the area. Kinda hanging around, only paying minimal attention (I don't like to advertise any skill with tech matters, it makes for boring conversation and tons of stupid requests) allowed me to see this guy make some serious errors and oversights, eventually ending
      • by killjoe (766577) on Tuesday December 07, 2004 @02:36AM (#11015391)
        "People are rationally ignorant."

        There is a better word for it. Sucker!. People are suckers. Suckers are there to be fleeced. My friend had a poster that said "Life is tough, it's tougher if you are stupid".

        To be honest I love suckers. The world needs the suckers to click on ads, punch the monkey, don't mail in the rebate, buy the shiny objects next to the loss leaders, etc.

        The rest of us can take advantage of them getting fleeced by mailing in the rebates and only buying the loss leaders.

        The suckers click on ads so I get free internet content and filter the ads out.

        "Its amazing the threshold for bullshit some people put up with for computers."

        Life's tougher if you are stupid.
      • by Ephemeriis (315124) on Tuesday December 07, 2004 @02:40AM (#11015407)
        But what I find truly amazing is the fact that people don't try to fix it, they just throw the thing out.

        I've seen people get infested with spyware or viruses...and rather than fix the computer they just throw it away and get a new one.

        Imagine if your car was running poorly... Had a flat tire, or the alternator was going... Rather than take the car to the mechanic (or fix it yourself) you just throw the thing away and buy a new one.

    • by Anubis350 (772791) on Tuesday December 07, 2004 @12:51AM (#11014784)
      unlike you or me they don't have the technical know-how to fix their computer or the knowledge to know how easy it really is to do. So they think that they have to take it to $300/hr specialists to fix it. At those rates they decide its cheaper to order a cheap new dell. I have a friend who did this a couple weeks before meeting me a while ago and she explained the whole process to me after I fixed her machine with a combination of spyware balster, spybot, adaware, and a couple registry tweaks. I did it for a soda :-P
      • by Anonymous Coward on Tuesday December 07, 2004 @01:03AM (#11014884)
        Next time ask for...something a bit more personal
    • they just get a new computer. wtf is with that?

      People like to buy computers.

      They're fun purchases and whenever you buy one it's nicer than the last one you had. The spyware is just an excuse.
  • Marketscore (Score:3, Insightful)

    by Kizzle (555439) on Tuesday December 07, 2004 @12:39AM (#11014667)
    Even data entered on secure websites -- such as passwords, credit card numbers and bank account numbers, information that is supposed to be viewable only by the sender and the intended recipient -- is accessible to Marketscore, since the company has developed a method that allows it to view encrypted information.

    How does Marketscore view encrypted packets? Is it just monitoring your keystrokes? I doubt they are cracking all your traffic.
    • Re:Marketscore (Score:5, Insightful)

      by OldMiner (589872) on Tuesday December 07, 2004 @12:54AM (#11014812) Journal
      How does Marketscore view encrypted packets? Is it just monitoring your keystrokes? I doubt they are cracking all your traffic.

      If they are indeed "routing all internet traffic" through them, they may be operating as your proxy for HTTP and HTTPS. When you try to make a secure connection to a site, you tell them. They make an HTTPS connection to the site, their connection is encrypted to the site. The make an HTTPS connection to you. The connection between you and them is encrypted. They see the unencrypted data. So do you.

      </wild speculation>.

  • by Zeromous (668365) on Tuesday December 07, 2004 @12:40AM (#11014680) Homepage
    You know...what's disturbing about the theme of this article, is there is so much free software out there that doesn't require spyware, and all of these people are completely unaware.

    • by Apreche (239272) on Tuesday December 07, 2004 @12:49AM (#11014766) Homepage Journal
      yes, it is disturbing. I imagine that a significantly large portion of the Internet is dedicated to free/open-source software. It completely boggles the mind how you can be on the net and not notice it. It's as if you went on a trip to New York City you stop in the middle of Times Square and ask someone "Do they have Taxis here?"

      Firefox is spreading well enough, but other things like aim clients amaze me. I use gaim, and some people say they prefer trillian or something else of that nature. But the number of people using the AOL AIM client is astounding. I mean, seriously.
    • by TheBurrito (767042) on Tuesday December 07, 2004 @12:55AM (#11014820)
      I tried to get my dad to switch to Firefox for months before he recently gave in. His reasoning: "I just don't trust it... They can't be up to any good if they're not asking for anything in return".

      He's actually demanding spyware, despite his constant paranoia that the boogeymen are invading his machine. The idea of good, free software is completely foreign to the majority of users (in my experience).

      • My mother thought the same thing. I didn't even deem to answer her though. I know if I told her that some people just enjoy the work, or do it to hone skills, or for common good, she would just give me a funny look. Perhaps we can compair it to art? Fine art is the art that you don't make for people, but for yourself, as compaired to kische, which is made for the people and your profit...

        Perhaps I should call my mom, and tell her either I rationalize free software, or she installs FF... Hmmmm....
    • The disturbing part is that the article doesn't mention this is a Windows-only phenomenon. Nowhere does it mention that these problems don't exist on Mac and Linux.
    • by gad_zuki! (70830) on Tuesday December 07, 2004 @01:46AM (#11015153)
      The problem is communication and perhaps marketing.

      How is Joe User supposed to know Bearshare is spyware but eMule isn't?

      Software writers need some sort of certification process with a familiar big ass logo that says "Spyware Free." Sort of how TrustE works, but you know, without all the sucking.

      The problem just keeps getting worse. Marketscore shoots all your traffic through their proxies. What the hell is that about? They can just sift through EVERYTHING. If their proxies are slow, then all that money spent on that fat bandwidth connection is wasted. Most trojans arent this nasty.
  • Education (Score:5, Insightful)

    by bonch (38532) on Tuesday December 07, 2004 @12:41AM (#11014686)
    Quite simply, this is a situation that can be addressed with education. Since we don't have access to big media, we have to do it by word-of-mouth. This means spreading Firefox and other crap-free alternatives, even free plugins for IE if someone chooses to use that browser. It's also important not to force things on people in our typically annoying geek ways. Educate people, so that they can decide for themselves and realize that there is a world of software in which this stuff is frowned upon and actively fought against. Someday with enough effort, spyware will become an amusing memory.
  • Not a good sign (Score:5, Interesting)

    by MasterB(G)ates (718264) on Tuesday December 07, 2004 @12:41AM (#11014688)
    Oh great so now these authors of these spyware programs are going to think that we don't actually mind about their takeover of our pc's.

    Spyware makers hear us - we do NOT like your damned "software".
  • by TheLoneIguana (126589) on Tuesday December 07, 2004 @12:42AM (#11014692)
    They're called morons.
    • They're called morons.

      Or shills.

      I'm reasonably certain that at least some of those people in forums chiding users that complain about spyware are not actual users. They'd probably be an employee of either the spyware firm, the software firm, or a PR firm hired by one or the other of them. One guy with multiple identities could put on quite a show of support for spyware being the price of "free" software, if the forum is operated by on behalf of the software company then admin and editorial access coul

  • TCO (Score:5, Insightful)

    by randmairs (587360) on Tuesday December 07, 2004 @12:43AM (#11014699)
    Shouldn't all this anti -virus, -spyware, -malware, etc. software be added to the TCO for a Windows license both in cost and time?
  • by erroneus (253617) on Tuesday December 07, 2004 @12:44AM (#11014713) Homepage
    Foolish notions are stated, repeated and believed. Things like "if you haven't done anything wrong, you have nothing to fear" and "you get what you pay for" ring through their heads. These faiths are unshakable... might be easier to convince them there is no god.

    I've had people swear up and down to me that I couldn't use OpenOffice.org in a business setting even when the software's license specifically states otherwise. People believe the craziest things. It will just take some getting used to... this whole free software thing.
  • by Anonymous Coward on Tuesday December 07, 2004 @12:44AM (#11014714)
    Personally I just format my sister's comp every 3 months or so, I don't know how she does it, but she manages to fill it up with more spyware/adware/free smilies than I thought possible, so I just save her important data, and format. I used to try and stop it all, and try to educate my sister, but that didn't go too well.
  • by Geckoman (44653) on Tuesday December 07, 2004 @12:44AM (#11014719)
    It's not really a trade-off between privacy and free software, it's a trade-off between privacy and convenience. Many people have made the value judgment that the time and effort necessary to fight spyware and find non-treacherous alternatives is worth more to them than the privacy they give up.

    The cost of the privacy lost is invisible and (apparently) non-intrusive, while the cost of the time and effort is obvious and immediately quantifiable.

    Think about how many times you've heard someone say things along these lines: "Can you believe I spent 6 hours cleaning spyware off my system and had to reinstall Windows twice? Then I had to find new software with a privacy policy acceptible to me, and it took hours to download and install it all."

    Compare that to how many times you've heard someone say something like: "Wow! I had spyware all over my system. It was tracking my shopping and browsing habits, reporting my computer usage stats to ad agencies, and sending my IP and passwords to a scam company in Russia!"

    The cost former is obvious to even the most ignorant users, while the cost of the latter requires much more insight and knowledge.

  • by dangermen (248354) on Tuesday December 07, 2004 @12:47AM (#11014748) Homepage
    Someone needs to make spyware illegal unless someone actively buys a PC sponsored with the crap. ie. those 'free' bannered PCs from years ago. The average computer user just is not capable of keeping this crap off of their computer. Windows is becoming more and more useless as a plaform because of this 'stuff'.

    All I can say is THANK YOU KDE for kiosk mode. I now have my parents surfing with a crap free computer, dynamic DNS, auto-updates, and has been running bug free for months now. 8)
    • In the UK, spyware is illegal. From the Computer Misuse Act:

      1.--(1)A person is guilty of an offence if--

      (a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer;

      (b)the access he intends to secure is unauthorised; and

      (c)he knows at the time when he causes the computer to perform the function that that is the case.

      Distributing spyware clearly breaches this since it accesses data on a computer on a computer without the owner's express per

    • I now have my parents surfing with a crap free computer

      So, don't leave us hanging ten. How are those PCB's holding up to the saltwater and wave action?

  • by Tackhead (54550) on Tuesday December 07, 2004 @12:49AM (#11014764)
    > What's even more ironic is that they claim it's a necessary evil for free software, when things like the Google Toolbar virtually replace Gator, and there are many spyware-free P2P programs available."

    To quote a few users from the article [wired.com] :

    "I had a good idea what the Marketscore software does, though I didn't read the entire user agreement"
    "I can't surf the web and I can't trade files if I uninstall the spyware."
    "I can't afford a subscription to keep my antivirus software updated. Marketscore doesn't charge any fees."
    "They said they'd opted to install it on their computers because they wanted the eWallet application that stores passwords and credit card numbers, entering them into web forms with one click. The users said you have to get the adware if you want the eWallet."
    "In Hungary, many people who grew up under communist rule came to accept government interference in every aspect of their lives as inescapable. They were too tired to fight anymore, so they convinced themselves that communism was OK and even a benefit."

    For those of you on the "Steam Rules" side of the debate: "Any of that sound familiar?"

    THIS is the reason those of us on the "Steam Sucks" side of the HL2 debate have taken the stand we've chosen to take. We're not warez d00dz. And we recognize that Vivendi are a bunch of middlemen who aren't worthy to fellate a goat. And we acknowledge that Valve has gone to the dark side (as Kazaa and the other P2P apps did) of spywaredom - at least not yet.

    But we see Valve's solution as a cure that's worse than the disease of piracy. And we see the main arguments of Steam's proponents as eerily reminiscent of the examples of clueless luserdom shown in the Wired article. And we ask: can your system's integrity be that easily sold?

    Every time a Steam defender speaks, he or she should take a very close look at his or her argument... and the arguments presented by the spyware defenders in the Wired article, and ask yourself: but for the grace of Gabe, there go ye?

    • by Zeddicus_Z (214454) on Tuesday December 07, 2004 @01:32AM (#11015070) Homepage


      And we ask: can your system's integrity be that easily sold?

      Oh fer $*#@ sake...

      Look, if you're running closed-source 3rd-party binaries you've already compromised your system integrity. Just because they're from a (currently) reputable company doesn't mean the danger is in any way less than running (say) Bonzi Buddy.

      Heck, it's the same even if you're running totally Open Source software! Unless _you personally_ have gone through every .c and .h file to verify the code, that latest version of BitchX you just installed (or even the latest source-based security patch!) has potentially compromised your system integrity.

      At the end of the day we live in the real world. Cliché's aside this means a level of trust _must_ exist between the end user and the software vendor. Even the most rabid OpenBSD security nuts (not that that's a bad thing) implicitly trust the OpenBSD developers in choosing to run their code.

      Steam is a different issue; it has nothing to do with "system integrity". Steam is useful from two perspectives:
      1. It reduces sofware piracy (online check and all)...
      2. It allows pre-loads and _instant purchase_ without the user ever having to leave their computer.
      While many of us may not be happy with the first feature (reference MS Windows activation), Valve clearly are. And dodgy contract dealings/lawsuits aside, I don't think anyone would argue the worth of being able to do instant purchase/play of new games.
    • Except all of these people are giving up significantly more than steam asks. I think you're making false analogies.

      I personally don't mind the loss of privacy in steam because it means I don't have to worry about lost / scratched media ever again (and I ALWAYS forget to make backups). That alone is worth it to me. Plus, I hate draggin my ass out to the store to buy games.

      I compromise my system integrity regularly. When I patch the un-Steamed Unreal Tournament 2004 I don't dissasemble the binaries and make
  • by TheUnFounded (731123) on Tuesday December 07, 2004 @12:49AM (#11014767)
    What we need is a good hacking job on one of these companies. Every now and then we hear "Amazon.com/newegg.com/etc Hacked, millions of credit card numbers stolen". But Amazon.com has deals with Visa, Mastercard, etc. and they happily protect their customers. What would happen if a company like this was hacked, and tons of information was stolen? Maybe people would wise up to the fact that no, its not OK for these people to monitor your activities, even if "it's not like there's anything interesting or criminal in my e-mail.""
  • "People are dumb" (Score:5, Insightful)

    by wviperw (706068) on Tuesday December 07, 2004 @12:50AM (#11014775) Homepage Journal
    What these people who accept spyware don't seem to realize is just how much it screws with their computer. Even if they DON'T care that some random shady company is stealing their private information, the spyware can still bring their computer to a stand still.

    I work in the IT department at my college and 99% of the problems that students have in the dorms is spyware/adware related. I've seen brand new Dell computers literally slowed down to a halt as a result of the crap that has been installed on them within a few days. Students somehow manage to get used to the unbearably slow speed at which their 2-3ghz computers run at, never associating the slowness with the plethora of file-sharing programs, toolbars, and search tools they have installed on their computer.

    So yeah, I can't believe that some people actually think that spyware is a necessary evil of free software. That paints a sad picture of the current state of the Internet, IMO. I want to say "People are dumb," but that wouldn be neither fair nor valid. People are simply uneducated in these matters and do not care enough to become educated.
  • Valid points (Score:5, Insightful)

    by Donny Smith (567043) on Tuesday December 07, 2004 @12:52AM (#11014798)
    As horrible as it may seem to some /.ers most people don't really care about their privacy - convenience is more important. Hence this acceptance of spyware and reluctance to switch from Windows to a less spyware-prone system.
    No wonder many prefer spyware-infested Windows box to a clean Linux system - it's more convenient that way.

    The other day I installed Firefox extension SearchStatus 1.0.4 - the main features being display of PageRan and Alexa rank of pages browsed. Of course soon afterwards I realized in order for it to work the extension sends all URL I visit to Alexa.com (and Google, which is indicated in their toolbar privacy-related help pages).
    This is how convenience wins over privacy (I disabled the Alexa Rank only).

    I've heard from several ISPs that some customers complain when all spam is blocked - they LIKE to receive spam because they're bored or like "specials".
  • by Sheetrock (152993) on Tuesday December 07, 2004 @12:56AM (#11014825) Homepage Journal
    I don't understand why spyware isn't seen for what it is -- a commercial take on malicious programming. Any virus scanner worth its salt should scan for and remove this stuff as it's often worse than the viruses one will encounter, but the only one I've seen that'll do it is Avast!'s antivirus software.

    There may be some question about what the user wants and doesn't want, but that doesn't excuse antivirus manufacturers from dodging the problem. If the ability to prevent spyware from installing was ubiquitous (as are virus scanners nowadays) we'd be winning the war. Nobody should have to accept this as an industry practice; things have been getting way too lax with EULAs and intrusive copy protection methods as it is, but this is over the line and we should treat the people who distribute it as we would those who distribute viruses or worms.

    • by deaddeng (63515) on Tuesday December 07, 2004 @01:20AM (#11014993) Homepage
      It's actually worse than you portray-- the worst spyway is not even a minimally legitimate commercial venture-- it is theft, run by international criminals and organized crime. So-called "legitimate" spyware and adware have conditioned people to think that a windows box encrusted with this shyte is normal.

      The newest stuff is delivered by a trojan downloader, that also installs a keylogger--or several. The browser hijackers they install do one--or several things--to send you to their fake websites so they can steal your credit card, or even your identity:

      -- They take over your HOSTS file so that legitimate urls are translated into THEIR IP addresses, not the real ones.

      -- They add THEIR fake banking, paypal, amazon, etc. sites to your "trusted sites" list.

      -- They may even change your proxy settings to accomplish or reinforce the same thing.

      If you try to clean this crap off with AdAware or Spybot S&D, the trojan downloader--which also disable your AV software and/or Spybot--will NOT detect the trojan downloader, and it will reinstall the malware faster than you can clean it.

      Some of these were spread the old fashioned way-- email attachments. Others used the Windows RPC 445/tpc buffer overflow exploit, or the latest IE IFRAME exploit, or one of the 16 other exploits out there for IE alone that MS has not patched.

      This shit crossed a line about six months ago from being a commercially-oriented nusiance to being outright theft, run by the same criminals that run phishing scams.

      I clean up PCs as a sideline, and the trend is very ominous-- the utility of the PC as a productive tool is threatened, as is the integrity and trust of the Internet.

      Thanks, Microsoft. I'd like to see the Dept. of Homeland security take your ass to court for criminal negligence.
  • by saskboy (600063) on Tuesday December 07, 2004 @12:56AM (#11014828) Homepage Journal
    I used to use Bearshare, and still would today, if it weren't infested with things like NetDotNet.
    It would be so nice if Kazaa would just work, instead of clinging to kazaa lite k++.

    And I'd pay a one time fee for a product like MSN Messenger with working voice and camera functions, but they know they can make way more money long term by selling ads to me for the rest of my MSN-using-life.
  • by Barto (467793) on Tuesday December 07, 2004 @12:57AM (#11014833) Journal
    It's people like those interviewed for the article that are the reason spyware and adware exist. People who are CLUELESS, in general and specifically with computers, that don't see the irony in installing a program that records your user/pass combinations and web history to get a "free" "antivirus" "scanner".

    Just like Nigerian scams, enlarge your penis spam, etc.
  • by Weaselmancer (533834) on Tuesday December 07, 2004 @01:05AM (#11014896)

    ...because we know a lot about tech, and most people don't. We don't tolerate our computers being screwed over with spyware. But - it's only because we know what it is, how bad it is, and what's at stake.

    But to put it in perspective - I'm sure a professional mechanic would think I'm exactly the same kind of lunatic if he were to have a look at the brakes on my van. I know there's a problem, and I haven't made it a priority to fix it. The mechanic (bein a pro and knowing what you can and can't get away with) would probably think I was insane.

    • by Dogtanian (588974) on Tuesday December 07, 2004 @07:50AM (#11016497) Homepage
      But to put it in perspective - I'm sure a professional mechanic would think I'm exactly the same kind of lunatic if he were to have a look at the brakes on my van. I know there's a problem, and I haven't made it a priority to fix it.

      You know there's a problem with your brakes, and you choose to ignore it?

      This is *worse* than the people who have zombified PCs spewing spam, and don't care; it's on a par with drink-driving.

      It wouldn't be a problem if you were the only person at risk from such dangerous behaviour. Heck, some people might suggest it was a good way of cleaning up the gene pool. Unfortunately, like the drink-driver, you aren't alone on the road.

      Do us all a favour, and get your brakes fixed, or at least have the grace to wrap your van (and yourself) round a lamppost on some unused road in the middle of nowhere.

      (Okay, I'm aware that this probably sounds sanctimonious- my apologies for not phrasing it better).
  • by Anonymous Coward on Tuesday December 07, 2004 @01:14AM (#11014954)
    I just returned from Sierra Leone, likely the poorest country in the world.

    A good internet connection is 8kbs and that's when the power hasn't failed or you have petrol for your generator and the phone system delivers a dial tone.

    Even so, the 8kbps costs $200 a month in a country where an OK wage for a laborer is $2 a day -- when a job can be had at all.

    When time after time I see 30-50 percent of that 8kbs bandwidth wasted by spyware, it really makes me angry.

    Spyware hurts entire developing countries.

  • by WD (96061) on Tuesday December 07, 2004 @01:25AM (#11015020)
    alt.privacy.spyware

    It's like watching a group of people exchanging tips for what ointments work best for when they light themselves on fire. Over and over again.
  • by jaeson (563206) on Tuesday December 07, 2004 @01:35AM (#11015089) Homepage
    Here is an interesting article [mediapost.com]

    This is one of my two favorite parts from this article:
    "...a clause inserted by Claria about 3,000 words into a 5,936-word licensing agreement. It reads: 'You agree that you will not use, or encourage others to use, any unauthorized means for the removal of the GAIN Adserver, or any GAIN-supported software from a computer.'"

    Of course the only "supported" way is through Add/Remove Programs, and NOT through the use of Spybot, etc.

    And here is the second tidbit (also from the linked article):
    "Edelman also found that Claria's licensing agreement tries to prohibit users from deploying network monitors to inspect and report transmissions made between their computer, their local network, and the GAIN servers."

    Fucking Asshats.
  • by Neo-Rio-101 (700494) on Tuesday December 07, 2004 @02:08AM (#11015264)
    One of the more disturbing trends I've seen out on the net, is the trend that malware people take to Open Source programs.

    In the case of Peer Guardian, they took the entire source code, and made a similar program loaded with spyware, and then dumped in on certain free/shareware sites.

    What's worse is the dreaded spyware that respawns itself. My PC caught a strain of that and even thourgh Ad-aware caught it and wiped it, somehow it just regenerated itself and continued to try reconnecting my PC to the net when I had pulled the ethernet plug on the system.

    You just about can't trust anything you put on your PC these days, and THAT is the real problem.
  • by A Red Pikmin (829779) on Tuesday December 07, 2004 @02:08AM (#11015269) Homepage
    ...but it's still our problem. If people stopped using {spy,ad,mal}ware, those who make it would likewise stop. But while its true that uneducated people are the ones who truly perpetuate all this, it is the task of people who know more to try to educate the ignorant on alternatives. I mean, if we don't use it to help others, what's the point in having knowledge in the first place? So what we more technologically-minded folks can do to help is simply keep plugging away with the educational stuff. After all, community education is what got Open Source projects started in the first place. "There's a better way to do this..." has to be our motto if we want to contribute to fixing this problem. [My first Slashdot post, by the way. :^) ]
  • by Anonymous Coward on Tuesday December 07, 2004 @02:23AM (#11015331)
    OK, how many of you play the role of tech support for your ignorant friends and family members? I do it, and I hate it, as I'm sure many of you do also. So, here's what you do.

    First, compile a list of good books for beginners to teach them about their computer. Many of the Dummies books are good places to start. Just get your list together.

    Now, the next time that big support call comes...you know the one...the one where the computer is really hosed, take a copy of your list with you and present it to your ignorant user. Tell them that you're going to fix their computer for free one last time, and this is that time. If they want any more, and I mean any more support from you, they must get to work on your reading list the following day. Occasionally, you're going to check in with them and see what they've learned so far. If they stop educating themselves, the support stops, period. No more reformats, no more virus/spyware cleanups, no more help formatting a word processing document. Nothing.

    If they look at you dumbfounded, put it to them this way. Most likely, their biggest investment is their home, followed by their car, followed by their computer. There's no good reason that they shouldn't spend some of their time learning how the thing works, especially since you're spending your valuable time fixing it for them. They don't ask you to come over and change their oil, clean their gutters, or unclog their sink, so there's no reason to expect someone to continually fix their computer.

    If your plan works, you'll surely get some questions as the person starts to read, but at least they're starting to educate themselves. As for those who won't listen, a couple of trips to the local computer store, at $50 an hour, will sober them up.
  • by MichaelCrawford (610140) on Tuesday December 07, 2004 @03:33AM (#11015612) Homepage Journal
    I had the symantec antivirus product on my win98 box, but after the free trial expired I uninstalled it. Despite my best efforts to remove every trace of the program I couldn't find a way to keep it from showing a window at every login that tried to convince me to pay for a subscription.

    In the long run it stopped being a problem when the hard drive Symantec's adware was installed on dropped dead.

    Nowadays there's a much better virus scanner, very simple to use. For *nix boxes, for example to integrate with your email processing, there is Clam AntiVirus [clamav.net]. It's GPLed Free Software, has a great mailing list, its virus database is updated regularly. There is an automated tool called "freshclam" that gets database updates.

    I use ClamAV when I download my mbox files from my hosting service. At one point I was getting 400 MB of email a day, almost entirely viruses, and clamav was very simple to use to delete the virus-infected messages, so the combination of legitimate mail and spam was just a couple meg each day.

    For scanning your hard drive under Windows, there is a GUI program called ClamWin [clamwin.com], based on the clamav engine with the same virus database, and automatic updates. It's a very simple program, with a minimalist user interface. It's very easy to use and effective.

    What I can't figure out though, is how to satisfy WinXP SP2's insistence I get a virus checker. It doesn't recognize clamwin as being one. I would imagine all the virus scanner publishers had to pay microsoft for the privilege of being a recommended virus tool. Or maybe it's just that Microsoft doesn't want to admit a Free Software solution is superior to any of the proprietary ones.

  • by antdude (79039) on Tuesday December 07, 2004 @04:04AM (#11015735) Homepage Journal
    it would be good for us who make money to fix their computers. :)
  • by MichaelCrawford (610140) on Tuesday December 07, 2004 @04:45AM (#11015881) Homepage Journal
    Every now and then I see consulting contract gigs offerred on the job boards (Hotjobs, Monster, Dice, etc.) where the deliverable is obviously a piece of spyware.

    One that I remember specifically was on guru.com, where the client was asking for a program that would set the, uh, "user's" homepage to a URL to be specified by the client, and then prevent the user from ever changing it to anything else.

    You would think the job board staff would forbid such contract offers from ever getting posted, but I'm pretty sure that once someone has paid for a recruiter account at one of the boards, that he can pretty much post anything he wants without ever having to get it reviewed or approved.

  • by MichaelCrawford (610140) on Tuesday December 07, 2004 @04:52AM (#11015898) Homepage Journal
    So it seems that people who use windows think they have to accept spyware in order to get free software. You can demonstrate to them that that doesn't have to be the case.

    What you do is buy one of those spindles of 50 blank CD-Rs, they'll cost you, what? 50 cents a disk or less.

    Download the ISO of TheOpenCD [sunsite.dk], and burn it onto some of those CD-Rs.

    Hand them out to all your Windows-using friends and relatives, pointing out that it's not only Free Software, it doesn't come with any spyware.

    Urge them all to duplicate the CD for all their friends and relatives, and point out that such copying is not only legal, but encouraged, as I'm sure is documented in ReadMe files on the CD.

    If you don't feel you can afford the cost of the blank CD-Rs, you can ask for a donation of a dollar or two to cover the media and your time.

  • by ajs318 (655362) <sd_resp2NO@SPAMearthshod.co.uk> on Tuesday December 07, 2004 @05:54AM (#11016122)
    It's entirely possible that these people who are singing the praises of spyware on message boards are paid shills. "It's not so bad! Come and join us!" Somehow it makes me think of some evil character in a fairy tale, trying to persuade the protagonist to turn to sin.

    Of course it's perfectly possible to have Free Software without intrusive advertising. Ask Linus. Ask ESR. Ask RMS. Ask Vixie. Ask any of the millions of us around the world, who use and create Free Software! I don't see spyware in my kernel, my mail transport, my compiler, or my command scheduler. I don't see adware in my HTTP server, my FTP server or any of the clients I use with them. And if anyone tried to put it there, I'd just comment it right out of the source code -- and then post the diff files on the Internet, so other people could comment it out too. If I was feeling particularly bothered, I'd actually hack it right open, and make it post lots of bogus information to their servers. I'd post that hack far and wide, too -- and make sure the spyware authors knew I wrote it, so they would have proof of what I thought of them.

    Just how difficult is it to block out this spyware, anyway? Can't you just patch the source, or edit the Makefile or whatever Windows uses in place of that, so the spyware portions don't even get compiled? Or do Windows downloads work somehow totally different to Linux and BSD ones?
  • iMesh Forums (Score:4, Interesting)

    by vistic (556838) on Tuesday December 07, 2004 @06:13AM (#11016165)
    I posted some noticed about iMesh's spyware, Marketscore, getting coverage here and in Wired... (iMesh Forums [imesh.com])

    and each time a moderator just deleted it...

    My last post read:

    The notice says that posts containing links to sites with "illegal content" will be removed... iMesh's spyware, Marketscore, has recently gotten coverage in Wired magazine, and on Slashdot.org (Dec 6, 9:34PM article)... neither of these sites contain illegal information. Wired's article is even pseudo-supporting iMesh's tactics (did you know that Marketscore can view your creditcard information even on secure websites? Wired magazine notes that it all your internet activity is routed through their servers and they have this ability, which you might not even know you agreed to in the License). However someone does not want you to even be aware that such a thing as Marketscore even exists... and so this post will be removed promptly as all the others have been which mention iMesh's little secret.

    I challenge a moderator to post a thoughtful reply to this instead of just removing it... this is certainly related to Security, General information, User Support, as well as iMesh's P2P Revolution


    And I wonder how long until they are deleted as well.

  • by ReKleSS (749007) <rekless&fastmail,fm> on Tuesday December 07, 2004 @07:49AM (#11016491)
    That's the only way to get users to do anything about it. Scare them. Tell them that their credit card numbers, bank details, personal details, and the like could all be stolen if they're not careful. Instruct them how to protect themselves. If they still refuse to do anything after that, they're beyond help, Give up. It's not the most pleasant way to coerce people to action, but it's effective, and a few less zombie computers (well, close enough...) on the internet won't be doing any harm.
    -ReK
  • A New Law (Score:3, Funny)

    by Jameth (664111) on Tuesday December 07, 2004 @09:18AM (#11016905)
    Jame's Law of Good and Evil:

    If you believe an evil is necessary, you are an idiot.

The Force is what holds everything together. It has its dark side, and it has its light side. It's sort of like cosmic duct tape.

Working...