Slashdot Log In
Every 5th Call At Dell Is Spyware-Related
Posted by
timothy
on Sun Oct 17, 2004 05:41 PM
from the yes-ma'am-that's-a-feature dept.
from the yes-ma'am-that's-a-feature dept.
prostoalex writes "Financial Express quotes a Dell executive saying that spyware is installed on roughly 90% computers out there. Right now 20% of all Dell phone support calls are spyware-related. University of Washington research this March published a moderate estimate of 5.1% PCs running spyware."
This discussion has been archived.
No new comments can be posted.
Every 5th Call At Dell Is Spyware-Related
|
Log In/Create an Account
| Top
| 559 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
|
2
Okay (Score:5, Funny)
Re:Okay (Score:5, Insightful)
(http://www.snika.uklinux.net)
Actually, it could be 5% or 90%. I look after machines in the towns round here for home users and businesses. Over the last few months about 90% of the jobs I have done for home users have been removing spyware or viruses, but only 5% or 10% of jobs for businesses have been spyware related.
The Interpretation (Score:4, Funny)
M$: So?
Dell: It all came from IE, your browser. Now we have to bundle Firebox and disable IE for all shipped Dell products.
M$: No. IE is superior. Windows is superior. Suck my left nut.
Dell: What?
M$: Get back to work or we take away windows licensing.
Dell: Ok. Would you like some coffee sir?
Re:Okay (Score:5, Informative)
(http://www.cbserviceslondon.com/ | Last Journal: Thursday August 14 2003, @01:12PM)
Re:Okay (Score:4, Funny)
you almost pray someone will call you that has deleted random registry keys or doesn't know how to use a mouse.
:
Well 10%.... (Score:4, Insightful)
(http://www.mrbrown.net/)
Re:Well 10%.... (Score:4, Funny)
Re:Well 10%.... (Score:5, Informative)
(http://www.blurbco.com/~gork/ | Last Journal: Friday February 13 2004, @01:34PM)
Re:Well 10%.... (Score:5, Informative)
Re:Well 10%.... (Score:4, Informative)
(http://xptical.org/)
Some of the better ones even recognise \myapp\iexplorer.exe as being different than \yourapp\iexplorer.exe. Even if someone tried to write an app named the same as one allowed to access the internet, they still couldn't get through.
I am worried, however, about an app using system calls to route itself through explorer.exe without actually launching it.
Re:Well 10%.... (Score:5, Insightful)
(http://lp.org/)
IMO, more than 20% if well maintained systems... (Score:5, Informative)
(http://www.metatrontech.com/ | Last Journal: Monday November 19, @08:51PM)
Spyware is the chronic disorder of Windows today (Score:5, Insightful)
(Last Journal: Saturday January 29 2005, @08:51PM)
A worm outbreak today is an acute disorder -- the bulk of the damage is done in one day, even a handful of hours or minutes. Even though recovering a business or department from it can take longer, the outbreak itself burns through the vulnerable population pretty quickly, and starves itself. Spyware, because it's rooted in long-standing bad security practices both by Microsoft and by Windows users, is a chronic disorder -- it doesn't just shut you down for a day or so; it degrades your online life over a long, nasty time.
To extend the analogy perhaps too far: A flash worm is like Ebola: it kills its victims quickly and messily and leaves a disgusting corpse. Everyone knows when it's in town because of the gory sacks of flesh lying around the streets. Spyware is like cirrhosis of the liver. It comes from doing something bad over a long period of time. It doesn't spread to others materially, though long-term excessive drinking (which causes it) can "spread" memetically in a population, as do bad Windows security practices. And, eventually, it causes the affected organ to be overwhelmed and just shut down.
The spyware situation today is one created by a nexus of influences:
The first two are well-known and I will not address them further. The latter are not.
What I call contract date-rape is the evil represented by so-called "end-user license agreements" and other documents which purport to represent agreements between software publishers and computer owners. The unethical business practice of software publishers is as follows: The computer owner buys a piece of software and installs it, only to find that it is designed so that it cannot be run without "accepting" an "agreement" which waives the owner's rights -- such as resale rights, rights to a refund for defective merchandise, or even free-speech rights. Then, when the software does something harmful and the owner seeks recourse, he is told that he "consented" to whatever harm was done, simply by the act of using what he purchased.
It is contract date-rape which puts the lie to that old FUD about open-source software: "But whom do you sue when it breaks and doesn't get fixed?" The owner of a computer using proprietary software under a Microsoft-style EULA does not have any enforceable rights against the publisher. Windows does break in many ways that Microsoft doesn't fix, but nobody is suing Microsoft for it. Why? Whether the EULA is in fact legally binding or not, both Microsoft and computer owners regard it as leaving Microsoft with no obligations.
(Of course, software was not always sold on "as-is" terms that were intended in law for used and defective products. Nor was it sold on terms that used copyright law as a cudgel with which to deprive users of rights such as fair comment and resale. Contract date-rape is not an endemic problem of proprietary software; it is one that proprietary software publishers have chosen for themselves.)
And it is the methodical use of contract date-rape which leads to the situation we have with spyware today. Spyware gets into a computer owner's property unannounced, alongside some piece of (presumably) desired software. It is a Trojan horse in the original sense -- sooner or later, it bursts open and out pour the soldiers of the enemy, who go about merrily burning w
In defense of M$FT - have to disagree on one item (Score:5, Insightful)
The spyware situation today is one created by a nexus of influences:
I can't argue with 3) or 4). But as for 1) [and it touches a little on 2)], we've been running Windows NT & Windows 2000 for more than five years now, and we've NEVER had a SINGLE piece of spyware installed on any of our systems. [Never had a virus or a worm either, although I hope I didn't just jinx myself by saying that.]
You know why? BECAUSE NONE OF OUR END-USERS LOG ON AS ADMINISTRATORS!!! That's it - it's that simple. They don't have Administrative rights, and they can't install spyware [or viruses, or worms]. [Of course, yours truly installs the latest security patches as soon as they appear, and has always had all of his users behind a fire wall, but that's not the important point here.]
If you surf the web as an Administrator [Root] on OSX, or if you surf the web as an Administrator [Root] on Linux, you're every bit as prone to this stuff as any Microsoft user surfing the web as an Administrator [or you would be, if those operating systems had large enough market share for the spyware people to be bothered with writing spyware for them].
I tried (Score:5, Insightful)
I tried to set my friends up that way. It isn't hard, XP comes with that ability, even in the home version. Setting up is easy enough. Making it work is another matter though. Nearly half of the programs my friends want to run do not work correctly without administrator rights. This includes software for XP from Microsoft!
In the end I gave up, ideally they wouldn't use the administrator account except when needed, but practically their computer didn't work without it. Switching users takes time and is a pain. Not hard, and it doesn't take long, but annoying enough that I can't call it a solution.
Remember this is a home environment, not a work environment. They don't have someone checking out software from various competitors to see if it meets requirements. If Best Buy sells it they buy it, and expect it to work. (note that you can almost never return software after finding out that it doesn't work without administrator rights)
Re:Spyware is the chronic disorder of Windows toda (Score:4, Insightful)
I absolutely agree with you that spyware is without doubt the most grevious problem afflicting home Windows user today. However, it is not only the shear numbers of spyware and lack of unified solution to these problems that makes spyware the critical problem it is, but the threat and damage that can be caused by spyware, in my opinion far exceeds what I would consider aggrevation.
Although I am a fulltime workstation administrator for a tech company and often times pick up home user workstation support on the side and they are almost always problems related to spyware. I recently agreed to work on a women's computer that was no longer able to connect to the internet as well as set up a home wireless network for her. She told me that it was "her daughters toy and as long as she can get connected to the internet and chat at night it keeps her daughter out of her hair" they both remain happy. The daughter is 13 years old and has taken to chatting with her friends at night, passing around links to salacious little horoscope programs, gossip programs, ad nauseum . . . After two hours of working on the computer I had removed over 500 instances of spyware (files, reg keys, programs, etc NOT INCLUDING COOKIES!). My obvious diagnosis was that Windows XP home needed to be reloaded but for now she could get back on the internet. When I returned a week later after recovery disks had been obtained there was even more spyware than before & a mysterious bridged internet connection that I assumed was being used to turn the machine into a slave for God knows what. Additionally, I found approx. 5000 illegal song downloads (automatic prison time there), limewire and kazaa and an AIM add-on that was keeping documented records of all IM conversations. I quickly learned that this could not possibly have been the daughters choice as the one converstation I opened while investigating revealed explicit discussion of sexual activities. To me, the potential for abuse in this case goes far beyond the loss of data, or even identity theft. A hacker with access to this machine would be able to know all of this girls personal information, name, address, appearance, school schedule and what place her volleyball team achieved at districts. Needless to say, I did my very best to try to educate this women about the dangers of these surfing habits even referencing the recent
Hello (Score:4, Funny)
Re:Hello (Score:5, Funny)
-Apu
Re:Hello (Score:4, Insightful)
(http://aol.com/)
And besides, there is some truth to it. The problem is we in India, though are tought english from the first grade, rarely use it in everyday converstaion , so our conversation skills are limited.
We can't create simple short meaningful sentences. We use words like "basically", "actually", "technically" etc. ad nauseam and all at wrong places.
If we really want to keep these "outsourced" jobs we need to buckle up and improve our skills , rather than accuse Americans of being racist.
From my prespective we should rather do RnD stuff, for our own benefits rather than pacify some pissed of customer 7 seas across, who can barely figure out what we are speaking.
In that case... (Score:3, Interesting)
(http://205.205.253.95/Crackster | Last Journal: Wednesday September 22 2004, @09:57PM)
Re:In that case... (Score:5, Funny)
(Last Journal: Wednesday January 15 2003, @08:09AM)
BWAHAHAHAHAHAHAHAH!!!!!
I wouldn't trust the average user to make toast without burning down the house.
Re:In that case... (Score:5, Insightful)
(http://www.snollygoster.com/ | Last Journal: Thursday January 15 2004, @03:49AM)
Re:In that case... (Score:5, Funny)
(http://www.metlin.org/ | Last Journal: Friday July 20, @01:58PM)
Funny thing, I read that article and a popup for spyware comes up, defying even Firefox's popup blocker. Ironically, the popup said that the computer has spyware installed.
Eh.
Re:In that case... (Score:5, Insightful)
Once installed an extension can do anything the user can do. Normally that might be to stick a button onto the browser, but there's nothing to stop the extension searching your drive and uploading data, acting as spyware or installing a root kit etc.
Just like ActiveX, XPI files are meant to be signed so you can establish trust. But no one digitally signs their Firefox extensions! Therefore users are 'trained' to install untrusted XPI extensions. Untrusted means you have no idea who wrote it, or if it's been tampered with.
Firefox 1.0pr1 has introduced a small band-aid. Now have to indicate you 'trust' a site before you can install an XPI from it. It's better than nothing but it still won't authenticate or repudiate the XPI as being from that site - someone could have replaced the genuine XPI with a malicious one, or intercepted the entire site entirely.
The XPI model either needs to enforce certs and give contributors a way to get them conveniently and cheaply. Or it should move over to PGP signatures and a web of trust model. In some ways the latter is more beneficial since people don't have to fork out ludicrous sums to Verisign to authenticate that they wrote the extension.
In any case, I'm just indicating that a naive user could install something on Linux that they would later regret.
Re:In that case... (Score:5, Funny)
(http://www.blixel.com/)
You pull up in your drive way and everything seems normal. But then you walk in the house and see a hot girl sitting on your couch. She walks over and gives you a passionate kiss and tells you dinner is ready. You know something is seriously wrong the universe.
In this parallel world, *your* favorite Linux distribution is King. As is your favorite Window Manager, toolkit, and so on. 90% of the world runs it.
Now my question is - what would prevent spyware authors from writing and sucessfully deploying spyware on your Operating System?
Lets make the assumption that people in this parallel universe are just as careless as they are in the real universe.
Re:Perhaps Dell should pre-install less spyware. (Score:5, Informative)
Re:Perhaps Dell should pre-install less spyware. (Score:4, Informative)
(Last Journal: Friday September 24 2004, @01:13AM)
The very fact that you have been modded informative serves to demonstrate that Dell + RedHat is not an obvious option and most people remain blissfully unaware that it exists.
Dell only offer Linux as an option to appease the Linux crowd. They certainly don't want to be hit by a backlash from the rabid Linux fanboys. But at the same time they are keeping on BillG's good side by sticking "Dell recommends Microsoft® Windows® XP" graphics all over their webstore and ensuring that the Linux option is kept pretty much hidden from the general publics view.
Try going to the Dell website and browsing to a PC with Linux. Don't do a site search for Linux, as that defeats the purpose. Joe Average won't be doing that after all. I just tried looking around for a few minutes. You would think that if you were to check out the "Learn more about operating systems" links on most of their store pages you might see a mention of the Linux option?. No, there is no mention of Linux in there, just descriptions of XP Home vs XP Professional. Yay! It's as if Linux doesn't even exist.
Dell might technically sell you Linux if you ask for it, but they sure go out of their way to make sure you don't ask about it.
Dell saves $$$ pre-installing firefox (Score:5, Insightful)
20% is only the call volume from Dell (Score:3, Insightful)
(http://www.musecube.com/l0ungeb0y/ | Last Journal: Monday February 09 2004, @06:38PM)
Remember, people only call when they are aware of a problem.
And even then, most people will "get by" until the problem is so pronounced they are forced to do something about it.
85% of all support calls I get are from spyware (Score:3, Insightful)
I think Dell is going to do some small case studies of selling the average user a machine loaded with linux and see if it becomes cheaper to support them.
It's not cheaper (Score:5, Insightful)
Oh, and if your customers buy new hardware and it doesn't work, you can't pawn them off on the manufacturer (no Linux support, you see). Yeah, hardware Dell didn't sell you isn't supported. Try telling that to the average jerk who just bought a $30 dollar digital Camera. He's not gonna care if you support it or not, and he's just gonna get pissed and buy a Windows PC next time.
You're underestimating the value that $50 bucks buys an OEM.
Re:85% of all support calls I get are from spyware (Score:5, Interesting)
I have been using DOS then Windows since 1984 and have never had spyware or a virus either. In fact I don't even run checkers constantly, just every few weeks to double check. (And for the record I have been doing Linux since late 1991 and not had anything there either).
If you are prepared to put the time and effort into it, it is all pretty easy. You don't blindly run or view stuff from other sources, you don't steal software (if you don't have the originals then you have no idea what you are actually getting), you pay attention to the dialog boxes that various programs display etc. Heck I even read the contents of those dialog boxes with legal agreements in them before clicking Ok or Cancel. Most people just don't do that, and as a result their computers end up with more "helpful" software than they otherwise anticipated.
To say that Linux by design is invulnerable is nonsense. It doesn't take too much to infect an individual user (remember they aren't reading those dialog boxes either). And notice how on many Linuxen, when you try to run an admin tool on your ordinary user desktop, prompt for your (sudo) or the root password and which then leaves a key icon in your panel. That is one thing that can be abused to go from ordinary user to root. In many cases a piece of malware could probably just prompt and the average user would type in the necessary password.
Quite frankly I don't know the answer. Signing stuff doesn't work. User education is futile - why should someone have to know about the internals of their computer, operating system, access and authorisation models? It probably comes down the programmers and user interface. Every time the software has to ask a question, it is being stupid. We need to continually work on the software meeting the user's goals without needing to be babysat, and especially without them having to make these decisions all the time.