Given Up to Spyware? 733
Khuffie writes "Wired has an interesting article about how some people have given up to spyware, knowing that the software they're installing virtually takes over their internet connection. What's even more ironic is that they claim it's a necessary evil for free software, when things like the Google Toolbar virtually replace Gator, and there are many spyware-free P2P programs available."
Download.Com (Score:5, Interesting)
Download software foo from us, but it would come with Gator and a whole shitload of spyware. And then, everyone else started following suit.
I still remember times when spywares and trojans were hacker-only. Greedy corps brought it to the masses, and now it's become an accepted part of the "Internet experience."
Re:Download.Com (Score:5, Interesting)
Download.com is definitely a big problem.
On their download page for Azureus [download.com] there is an editor's note saying that it contains spyware, and about half of the comments say that it installed malware on their computers. Probably the half that actually downloaded it from CNet.
Re:Azureus doesn't.... (Score:3, Funny)
I was wondering why perl had spyware by default and so did some html editors.
Turned out I downloaded it from download.com.
BASTARDS!
Re:Azureus doesn't.... (Score:4, Insightful)
Re:Azureus doesn't.... (Score:3, Informative)
Seems there were sites distributing a spy/malware version of Azureus to people (this includes download.com, shame on them). I hope people wise up.
Just look at this user comment:
"one of the worst bittorent program I ever had. yes, this program can download fast, but it's filled with so many spywares. This program will kill your computer! made my pc ran like turtle and had to reformat it."
Have any of you had this problem? Not me.
It's sad that people would d
Re:Azureus doesn't.... (Score:3, Funny)
If not, let the FSF sort it out.
FSF versus scumbag malware distributors. Can't wait...
Re:Azureus doesn't.... (Score:3, Insightful)
Or just formatting and reinstalling behind a firewall till all the patches are in?
Re:Azureus doesn't.... (Score:4, Insightful)
There may have been other ways, but the reformat is still the quickest and easiest in some cases. The people I feel real sorry for are the ones who don't even know how to reformat and end up buying another computer (yes, I have met people who have done this).
Re:Azureus doesn't.... (Score:5, Insightful)
This statement is not founded upon facts.
I work in tech support. These days spyware calls are the largest number of calls we get. Let me tell you a sampling of the problems we face:
1. Customer's system is slow, gets loads of popups and shutting it down takes ages.
2. We try starting it up in safe mode after shutting down non-essential services via msconfig. Many times, though not all, mouse and keyboard freeze and we are unable to proceed in that mode. (No I didn't stop MS services)
3. We uninstall all suspicious programs from control panel (after researching and confirming they are indeed malware). Sometimes it takes the crap out, sometimes it just comes back.
4. It is reported that (though I am not sure) that there is a symbiotic relationship between some spyware and trojans. So if you take a spyware out and the trojan is still present, the trojan pulls back the spyware the next time you go online and similarly spyware pulls back trojan if you take trojan out.
5. Some customers lose internet connectivity. Depending upon the savvy-ness of the customer, we may sit from half-an-hour to 2 hours fixing their Winsock - walking them through registry settings, deleting winsock keys, adding TCP/IP protocol, etc.
You can see that by this time, we have spent quite some time with the customer. And this assumes that everything has gone smoothly. However, in real life, what happens is:
"Sir, please click your start button and then click run."
"I can't find Start button. Oh there it is. Now what is it you wanted me to click?"
and so on...
6. Sometimes, spybot and adaware find hundreds of problems/critical objects (as they call them). You fix them. But the system is still slow. There are no popups but performance is still atrocious. What do you tell the customer now?
7. Repair install or restore *does not* fix the problem. Spyware is insidious enough to remain there.
At this point the customer gets very frustrated. He has typically spent several hours on the phone, first with his ISP and then with us spread over a period of several days sometimes.
I would never call such a person lazy!
So at this point he just wants the problem fixed. Throw the PC out the window or reformat. Clearly, reformat is much less painful than going through hours of registry cleanups, reboots, waits, frustration and lost productivity.
Morever, these people aren't stupid, they just don't know about computers. Lack of knowledge of a particular field does not equal stupidity. For example, many of our customers are doctors, economists, journalists, etc. (One was a very nice old lady trying to get her email working so she could email her grandkid serving in Iraq).
Hence it is my considered opinion that to call people stupid or lazy without having more information is incorrect.
Re:Download.Com (Score:5, Insightful)
Being a zealot about a thing is fine, but not at the cost of being pragmatic. A computer is just a tool, and sometimes Windows works and sometimes Linux works. As simple as that.
Re:Download.Com (Score:3, Interesting)
Sometime to think about the next time you consider going there.
Re:Download.Com (Score:4, Interesting)
Point being, now that this has become an apparently viable way of advertisement and data mining, developers of these types of programs are just becoming better at what they do, making the addition of a redirector plus various URL harvesting tools (etc) on your system not as much of a issue because you don't see the effects of such. (hows that for a run-on).
These will also be the same people complaining that their internet connection is running slow.
"I'm sorry sir, Yahoo.com isn't down, its the 14 other sites you have to connect to before getting there that are giving you trouble."
Re:Download.Com (Score:5, Insightful)
Gator says "free", Firefox says "free". To someone without access to additional information, there's nothing to tell them apart. To people that are savvy enough to not just install ramdom crap, it probably holds back adoption.
Re:Download.Com (Score:3, Funny)
For the uninitiated... (Score:5, Informative)
Adaware [lavasoftusa.com]
Oh, and Linux [linux.org].
Re:For the uninitiated... (Score:5, Informative)
Now a couple of things about those programs. I do install each and most importantly Run Them For Each User account on a XP PC. Adaware I believe has a larger database/scope and catches more things. Spybot is able to get things running in memory by running first thing on reboot. One other free tool that I find very useful is this [mlin.net] control panel applet that is what msconfig should be.
There are Many things that these programs do Not catch even when updated. I ran into reaIplay.exe tonight. I had to boot into Safe Mode command line to manually delete it. A couple of weeks ago I had to delete a file from an alternate Windows file Stream. There exists this netherworld of alternate data in XP that is not accessable via any of the regular tolls.
And the last thing I do is install Firefox and tell them to Use It Damnit or I'm upping the charge to a case per 500 infections.
Re:For the uninitiated... (Score:4, Informative)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
[HKEY_LOCAL_MACHINE\Software\Mi
[HKEY_LOCAL_MACHINE\Softwar
[HKEY_LOCAL_MACHINE\Sof
[HKEY_LOCAL_MACHINE
[HKEY_CURRENT_USER\Software\Microsoft\Windows\C
[HKEY_CURRENT_USER\Software\Micr
[HKEY_CURRENT_USER\Software\
[HKEY_CURRENT_USER\Softw
[HKEY_CURRENT_USER\S
Re:For the uninitiated... (Score:5, Funny)
Why sure, I would encourage someone who didn't even know how to use ad-aware to go anywhere NEAR regedit. That is, in the odd case that I really, really didn't like them but they still trusted my advice.
Re:For the uninitiated... (Score:5, Informative)
1. Run AdAware SE, updated to most recent definitions. Detect 400+ hits (my record so far).
2. Run Spybot S&D, updated to most recent definitions. Detect 100+ hits AdAware missed, and reboot.
3. Wait 30 minutes whilst Spybot scans again, and turns up a solitary bit of Gator. Go through Spybot's advanced mode settings and clear out their Run tools to dump all sorts of run-on-start crud that Compaq/Packard Bell etc. stuck on there - bloated keyboard-multimedia-button utilities et al.
4. Run HijackThis! (which isn't really an antispyware tool, just a system startup editing tool with knowledge about really obscure system startup Registry keys and IE settings) and get rid of the really obscure spyware toolbars and other run-on-startup fun that AAW and Spybot missed.
5. Go through the root, Program Files and Windows directories manually and delete the 10+ dialers and other unwanted crap that's made their way into the system, plus hosts file.
No-one ever asked for this stuff to be installed on their system (and in case you're wondering why I believe them, take a look at this [benedelman.org]). I put it down to ActiveX exploits; inevitably, the worst infected systems I see are Win9x/Me systems which haven't ever had a Windows Update run. This routine - plus installing Firefox - usually helps fix their problems, but these shouldn't have happened in the first place. I don't blame Microsoft as much as I blame the prevaling culture that it is better to make more money than it is to have ethics - thus allowing for Gator/Claria [benedelman.org], WhenU [benedelman.org], 180solutions [benedelman.org], all the fake 'anti-spyware' vendors [spywarewarrior.com] et al. It's amazing that we can allow these people to go on.
bad idea (Score:3, Insightful)
What will it take to break the back of Spyware? Spyassassin?
PCB@
Re:bad idea (Score:4, Insightful)
Ron Bennett
Re:bad idea (Score:4, Informative)
How about not allowing me to mass-delete the 151,095 messages in my Spam folder? I'm sure as hell not going to manually delete them out of Gmail 100 at a time.
How about keeping messages dating back to September in my Trash folder, and messages dating back to October in my Spam folder, despite clearly stating that "Spam messages more than 30 days old will be automatically deleted" and "Trashed messages more than 30 days old will be automatically deleted?" How about when the combined messages in Spam and Trash are using 906 MB (91%) of my Gmail storage?
There's nothing I can do to purge them, unless I want to click through more than 1,500 pages worth of spam listings, waiting for each page of 100 spams to load, hitting Select All, and selecting Permanently Delete. It's not going to happen, and there's no reason anyone should have to do that. AOL's mail interface is more intuitive than this, for god's sake.
At Yahoo Mail, I can empty the entire Bulk folder permanently with one click and the drive space is immediately credited back to me. Sure, I don't get a gig of storage there, but seeing as how I have control over what does and doesn't get stored, I don't need it. Gmail is unusable to me until there is a way to mass-delete the contents of the Spam folder all at once.
Re:bad idea (Score:5, Insightful)
B-E-T-A.
Google adds stuff to gmail all the time, but whining about it on Slashdot gives little result. Drop them a mail.
I did about POP and SMTP, and they served up secure POP and SMTP when enough people suggested it.
Re:bad idea (Score:4, Interesting)
1) Most people already have an existing e-mail account and most of their spam is already in those accounts, leaving them to selectively give their gmail account out to only those people they trust.
2) 906 MB worth of spam? DUDE WHAT ARE YOU SMOKING? I don't know what you do with your e-mail account, but I've been averaging about 1 spam mail every 3/4 days, if that.
That being said, you're right, the 'select all' feature ain't implemented very correctly yet, thus as so many people before me have said the operative word is 'BETA'. All you have to do, is ask for that. Finally, gmail is also being opened selective for pop mail access. So quit your whining and use a regular mail client. Now even after all of this, I still don't see how anybody can objectively say that gmail sucks, considering what the competitiors offer. At worst, gmail is probably as good as the rest. Now I just have to figure out how I turned into a gmail fanboy, and we're done...
Re:bad idea (Score:5, Funny)
It's called apathy (Score:5, Informative)
Re:It's called apathy (Score:5, Insightful)
Re:It's called apathy (Score:5, Interesting)
People are rationally ignorant. They don't have time to fiddle with something they don't understand. I had to fix my grandparents computer once, and when I tried to explain what I was doing they just said, "honey, we don't care."
As for people just getting new computers, at school I see far more students just put up with the spyware that debilitates their system. They'll bitch about it occasionally but they won't bother to do anything about it. Its amazing the threshold for bullshit some people put up with for computers.
Re:It's called apathy (Score:5, Insightful)
Re:It's called apathy (Score:5, Insightful)
Like your experience with your grandparents, when I started to explain to them what had gone wrong and what I had done to fix it, they wanted to tell me, "I don't really care." I'm sure it would be uncomfortable doing what I did to one's grandparents, but I let those people have it. I told them that they'd better start caring because the sorts of problems they were experiencing could be prevented with a little bit of due caution. Further, since I never demanded payment and actively tried to turn down compensation (since these people are friends of the family), I refuse to fall into the trap of being obligated to repair their computers when they break them. Obviously, I can't teach all of them everything there is to know about computer maintenence, but I've managed to train several of them on the use of Ad Aware and on responsible internet use.
As an aside to that, I'd like to note that sometimes the problem isn't apathy, but nor is it strictly . I suppose it's a kind of ignorance, but it takes the form of naivety. These people don't realize that the offer for free games or assisted browsing aren't benevolent offers or even just benign advertisements. They trust that whomever has caused these offers to appear on their screen is dealing with them fairly. A little bit of cynicism is valuable in this case. The first thing I've taught my users is that if they haven't asked for something to appear on their screen, don't trust it; and if they haven't specifically sought a good or service, don't accept it.
Re:It's called apathy (Score:3, Insightful)
Of course it does not help that the chattering classes continually sneer at the "intellectual elite" and bash the educated every opportunity they get. These days having an "east coast education" is out of fashion but listening to Toby Keith CDs all the rage.
A Bimodal Culture?? (Score:3, Insightful)
I was recently in a situation where a guy I know, who actually makes money doing tech services by just consistently networking with people he knows, was working on a mutual friends computer while I was in the area. Kinda hanging around, only paying minimal attention (I don't like to advertise any skill with tech matters, it makes for boring conversation and tons of stupid requests) allowed me to see this guy make some serious errors and oversights, eventually ending
Re:It's called apathy (Score:5, Insightful)
There is a better word for it. Sucker!. People are suckers. Suckers are there to be fleeced. My friend had a poster that said "Life is tough, it's tougher if you are stupid".
To be honest I love suckers. The world needs the suckers to click on ads, punch the monkey, don't mail in the rebate, buy the shiny objects next to the loss leaders, etc.
The rest of us can take advantage of them getting fleeced by mailing in the rebates and only buying the loss leaders.
The suckers click on ads so I get free internet content and filter the ads out.
"Its amazing the threshold for bullshit some people put up with for computers."
Life's tougher if you are stupid.
Re:It's called apathy (Score:3, Funny)
If I had some mod points this one'd be at +5. It almost makes dealing with the masses of morons appear worthwhile.
Re:It's called apathy (Score:5, Insightful)
I've seen people get infested with spyware or viruses...and rather than fix the computer they just throw it away and get a new one.
Imagine if your car was running poorly... Had a flat tire, or the alternator was going... Rather than take the car to the mechanic (or fix it yourself) you just throw the thing away and buy a new one.
Re:It's called apathy (Score:5, Insightful)
Re:It's called apathy (Score:4, Funny)
Re:It's called apathy (Score:5, Funny)
Re:It's called apathy (Score:5, Interesting)
I finally had to install Netscape for my father, because he would have nothing to do with FF because some radio people said that FF is geek chic, and in his mind that meant complicated. But Netscape has name-recognition (albeit from 10 years ago). (And on my side, it is based on Moz, so I know it won't kill his sys, only slow it down further)
Also, there comes a point in every geeks life, where we have to say enough is enough. I'm sick of doing the routine cleaning, and having some moron stand behind me either asking what I'm doing, and ignoring me, or telling me not to delete that little casino app. They ask for help, but take no advice. The only people I will help now are the people willing to LISTEN to me, and not just smile at my work, and come back a week later.
Re:It's called apathy (Score:3, Insightful)
People like to buy computers.
They're fun purchases and whenever you buy one it's nicer than the last one you had. The spyware is just an excuse.
Re:It's called apathy (Score:4, Insightful)
The difference is that cars inherently need periodic maintenance, whether you do it yourself or pay somebody else. Computers don't inherently get slower and less usable over time, and there are relatively simple ways to protect yourself from hostile software. I don't know much about cars, but if there were a way to eliminate the need for oil changes by slightly changing my driving habits, I'd certainly investigate it.
Marketscore (Score:3, Insightful)
How does Marketscore view encrypted packets? Is it just monitoring your keystrokes? I doubt they are cracking all your traffic.
Re:Marketscore (Score:5, Insightful)
If they are indeed "routing all internet traffic" through them, they may be operating as your proxy for HTTP and HTTPS. When you try to make a secure connection to a site, you tell them. They make an HTTPS connection to the site, their connection is encrypted to the site. The make an HTTPS connection to you. The connection between you and them is encrypted. They see the unencrypted data. So do you.
</wild speculation>.
SSL, man-in-the-middle, and admin access (Score:4, Insightful)
Of course, SSL has provisions against such proxying, which it considers a man-in-the-middle attack, but after five seconds it came to me that if Marketscore's proxy installs stuff on your machine as administrator, it's probably installing Marketscore's root certificate as well.
Somone get these ppl some free software! (Score:5, Insightful)
Re:Somone get these ppl some free software! (Score:4, Interesting)
Firefox is spreading well enough, but other things like aim clients amaze me. I use gaim, and some people say they prefer trillian or something else of that nature. But the number of people using the AOL AIM client is astounding. I mean, seriously.
Re:Somone get these ppl some free software! (Score:5, Insightful)
He's actually demanding spyware, despite his constant paranoia that the boogeymen are invading his machine. The idea of good, free software is completely foreign to the majority of users (in my experience).
Re:Somone get these ppl some free software! (Score:3, Insightful)
Perhaps I should call my mom, and tell her either I rationalize free software, or she installs FF... Hmmmm....
Re:Somone get these ppl some free software! (Score:3, Interesting)
Re:Somone get these ppl some free software! (Score:5, Insightful)
How is Joe User supposed to know Bearshare is spyware but eMule isn't?
Software writers need some sort of certification process with a familiar big ass logo that says "Spyware Free." Sort of how TrustE works, but you know, without all the sucking.
The problem just keeps getting worse. Marketscore shoots all your traffic through their proxies. What the hell is that about? They can just sift through EVERYTHING. If their proxies are slow, then all that money spent on that fat bandwidth connection is wasted. Most trojans arent this nasty.
Education (Score:5, Insightful)
Not a good sign (Score:5, Interesting)
Spyware makers hear us - we do NOT like your damned "software".
There's a name for these people. (Score:5, Funny)
Re:There's a name for these people. (Score:3, Interesting)
Or shills.
I'm reasonably certain that at least some of those people in forums chiding users that complain about spyware are not actual users. They'd probably be an employee of either the spyware firm, the software firm, or a PR firm hired by one or the other of them. One guy with multiple identities could put on quite a show of support for spyware being the price of "free" software, if the forum is operated by on behalf of the software company then admin and editorial access coul
TCO (Score:5, Insightful)
It's the common-man's mentality (Score:5, Interesting)
I've had people swear up and down to me that I couldn't use OpenOffice.org in a business setting even when the software's license specifically states otherwise. People believe the craziest things. It will just take some getting used to... this whole free software thing.
Formatting.. (Score:3, Funny)
Re:Formatting.. (Score:4, Interesting)
Listen to the parent of this post. Get her a iBook (the 14" ones are $1400 with a 1.33 GHz G4 and built in Airport Extreme), she'll be amazed at how little it slows down because there isn;t a bazillion malware programs hitting it at the same time. Just get her to at least 512 MB of RAM (I have 640 MB on my iBook), otherwise it could run a bit slow at times.
Hidden vs. Visible Costs (Score:5, Informative)
The cost of the privacy lost is invisible and (apparently) non-intrusive, while the cost of the time and effort is obvious and immediately quantifiable.
Think about how many times you've heard someone say things along these lines: "Can you believe I spent 6 hours cleaning spyware off my system and had to reinstall Windows twice? Then I had to find new software with a privacy policy acceptible to me, and it took hours to download and install it all."
Compare that to how many times you've heard someone say something like: "Wow! I had spyware all over my system. It was tracking my shopping and browsing habits, reporting my computer usage stats to ad agencies, and sending my IP and passwords to a scam company in Russia!"
The cost former is obvious to even the most ignorant users, while the cost of the latter requires much more insight and knowledge.
Someone needs to make spyware illegal (Score:5, Insightful)
All I can say is THANK YOU KDE for kiosk mode. I now have my parents surfing with a crap free computer, dynamic DNS, auto-updates, and has been running bug free for months now. 8)
Re:Someone needs to make spyware illegal (Score:3, Informative)
Distributing spyware clearly breaches this since it accesses data on a computer on a computer without the owner's express per
Re:Someone needs to make spyware illegal (Score:3, Funny)
So, don't leave us hanging ten. How are those PCB's holding up to the saltwater and wave action?
But for the Grace of Gabe... there go ye? (Score:5, Interesting)
To quote a few users from the article [wired.com] :
"I had a good idea what the Marketscore software does, though I didn't read the entire user agreement"
"I can't surf the web and I can't trade files if I uninstall the spyware."
"I can't afford a subscription to keep my antivirus software updated. Marketscore doesn't charge any fees."
"They said they'd opted to install it on their computers because they wanted the eWallet application that stores passwords and credit card numbers, entering them into web forms with one click. The users said you have to get the adware if you want the eWallet."
"In Hungary, many people who grew up under communist rule came to accept government interference in every aspect of their lives as inescapable. They were too tired to fight anymore, so they convinced themselves that communism was OK and even a benefit."
For those of you on the "Steam Rules" side of the debate: "Any of that sound familiar?"
THIS is the reason those of us on the "Steam Sucks" side of the HL2 debate have taken the stand we've chosen to take. We're not warez d00dz. And we recognize that Vivendi are a bunch of middlemen who aren't worthy to fellate a goat. And we acknowledge that Valve has gone to the dark side (as Kazaa and the other P2P apps did) of spywaredom - at least not yet.
But we see Valve's solution as a cure that's worse than the disease of piracy. And we see the main arguments of Steam's proponents as eerily reminiscent of the examples of clueless luserdom shown in the Wired article. And we ask: can your system's integrity be that easily sold?
Every time a Steam defender speaks, he or she should take a very close look at his or her argument... and the arguments presented by the spyware defenders in the Wired article, and ask yourself: but for the grace of Gabe, there go ye?
Re:But for the Grace of Gabe... there go ye? (Score:5, Insightful)
And we ask: can your system's integrity be that easily sold?
Oh fer $*#@ sake...
Look, if you're running closed-source 3rd-party binaries you've already compromised your system integrity. Just because they're from a (currently) reputable company doesn't mean the danger is in any way less than running (say) Bonzi Buddy.
Heck, it's the same even if you're running totally Open Source software! Unless _you personally_ have gone through every
At the end of the day we live in the real world. Cliché's aside this means a level of trust _must_ exist between the end user and the software vendor. Even the most rabid OpenBSD security nuts (not that that's a bad thing) implicitly trust the OpenBSD developers in choosing to run their code.
Steam is a different issue; it has nothing to do with "system integrity". Steam is useful from two perspectives:
- It reduces sofware piracy (online check and all)...
- It allows pre-loads and _instant purchase_ without the user ever having to leave their computer.
While many of us may not be happy with the first feature (reference MS Windows activation), Valve clearly are. And dodgy contract dealings/lawsuits aside, I don't think anyone would argue the worth of being able to do instant purchase/play of new games.Re:But for the Grace of Gabe... there go ye? (Score:3, Informative)
I personally don't mind the loss of privacy in steam because it means I don't have to worry about lost / scratched media ever again (and I ALWAYS forget to make backups). That alone is worth it to me. Plus, I hate draggin my ass out to the store to buy games.
I compromise my system integrity regularly. When I patch the un-Steamed Unreal Tournament 2004 I don't dissasemble the binaries and make
What we need is a good hacking job (Score:5, Interesting)
"People are dumb" (Score:5, Insightful)
I work in the IT department at my college and 99% of the problems that students have in the dorms is spyware/adware related. I've seen brand new Dell computers literally slowed down to a halt as a result of the crap that has been installed on them within a few days. Students somehow manage to get used to the unbearably slow speed at which their 2-3ghz computers run at, never associating the slowness with the plethora of file-sharing programs, toolbars, and search tools they have installed on their computer.
So yeah, I can't believe that some people actually think that spyware is a necessary evil of free software. That paints a sad picture of the current state of the Internet, IMO. I want to say "People are dumb," but that wouldn be neither fair nor valid. People are simply uneducated in these matters and do not care enough to become educated.
Valid points (Score:5, Insightful)
No wonder many prefer spyware-infested Windows box to a clean Linux system - it's more convenient that way.
The other day I installed Firefox extension SearchStatus 1.0.4 - the main features being display of PageRan and Alexa rank of pages browsed. Of course soon afterwards I realized in order for it to work the extension sends all URL I visit to Alexa.com (and Google, which is indicated in their toolbar privacy-related help pages).
This is how convenience wins over privacy (I disabled the Alexa Rank only).
I've heard from several ISPs that some customers complain when all spam is blocked - they LIKE to receive spam because they're bored or like "specials".
Demand spyware scanning in your virus scanner. (Score:5, Insightful)
There may be some question about what the user wants and doesn't want, but that doesn't excuse antivirus manufacturers from dodging the problem. If the ability to prevent spyware from installing was ubiquitous (as are virus scanners nowadays) we'd be winning the war. Nobody should have to accept this as an industry practice; things have been getting way too lax with EULAs and intrusive copy protection methods as it is, but this is over the line and we should treat the people who distribute it as we would those who distribute viruses or worms.
Re:Demand spyware scanning in your virus scanner. (Score:5, Informative)
The newest stuff is delivered by a trojan downloader, that also installs a keylogger--or several. The browser hijackers they install do one--or several things--to send you to their fake websites so they can steal your credit card, or even your identity:
-- They take over your HOSTS file so that legitimate urls are translated into THEIR IP addresses, not the real ones.
-- They add THEIR fake banking, paypal, amazon, etc. sites to your "trusted sites" list.
-- They may even change your proxy settings to accomplish or reinforce the same thing.
If you try to clean this crap off with AdAware or Spybot S&D, the trojan downloader--which also disable your AV software and/or Spybot--will NOT detect the trojan downloader, and it will reinstall the malware faster than you can clean it.
Some of these were spread the old fashioned way-- email attachments. Others used the Windows RPC 445/tpc buffer overflow exploit, or the latest IE IFRAME exploit, or one of the 16 other exploits out there for IE alone that MS has not patched.
This shit crossed a line about six months ago from being a commercially-oriented nusiance to being outright theft, run by the same criminals that run phishing scams.
I clean up PCs as a sideline, and the trend is very ominous-- the utility of the PC as a productive tool is threatened, as is the integrity and trust of the Internet.
Thanks, Microsoft. I'd like to see the Dept. of Homeland security take your ass to court for criminal negligence.
Spyware has ruined several apps for me (Score:4, Interesting)
It would be so nice if Kazaa would just work, instead of clinging to kazaa lite k++.
And I'd pay a one time fee for a product like MSN Messenger with working voice and camera functions, but they know they can make way more money long term by selling ads to me for the rest of my MSN-using-life.
These people are why spyware exists (Score:5, Insightful)
Just like Nigerian scams, enlarge your penis spam, etc.
It's only strange to the Slashdot crowd... (Score:5, Insightful)
...because we know a lot about tech, and most people don't. We don't tolerate our computers being screwed over with spyware. But - it's only because we know what it is, how bad it is, and what's at stake.
But to put it in perspective - I'm sure a professional mechanic would think I'm exactly the same kind of lunatic if he were to have a look at the brakes on my van. I know there's a problem, and I haven't made it a priority to fix it. The mechanic (bein a pro and knowing what you can and can't get away with) would probably think I was insane.
Knowingly faulty brakes == Drink Driver (Score:4, Insightful)
You know there's a problem with your brakes, and you choose to ignore it?
This is *worse* than the people who have zombified PCs spewing spam, and don't care; it's on a par with drink-driving.
It wouldn't be a problem if you were the only person at risk from such dangerous behaviour. Heck, some people might suggest it was a good way of cleaning up the gene pool. Unfortunately, like the drink-driver, you aren't alone on the road.
Do us all a favour, and get your brakes fixed, or at least have the grace to wrap your van (and yourself) round a lamppost on some unused road in the middle of nowhere.
(Okay, I'm aware that this probably sounds sanctimonious- my apologies for not phrasing it better).
Spyware in Developing Countries (Score:5, Informative)
A good internet connection is 8kbs and that's when the power hasn't failed or you have petrol for your generator and the phone system delivers a dial tone.
Even so, the 8kbps costs $200 a month in a country where an OK wage for a laborer is $2 a day -- when a job can be had at all.
When time after time I see 30-50 percent of that 8kbs bandwidth wasted by spyware, it really makes me angry.
Spyware hurts entire developing countries.
For a view into the masochistic, check out.... (Score:5, Funny)
It's like watching a group of people exchanging tips for what ointments work best for when they light themselves on fire. Over and over again.
May be a bit off topic, but... (Score:5, Informative)
This is one of my two favorite parts from this article:
Of course the only "supported" way is through Add/Remove Programs, and NOT through the use of Spybot, etc.
And here is the second tidbit (also from the linked article):
Fucking Asshats.
Comment removed (Score:3, Insightful)
Maybe it's someone else's fault... (Score:3, Interesting)
How to support your ignorant friends and family (Score:5, Interesting)
First, compile a list of good books for beginners to teach them about their computer. Many of the Dummies books are good places to start. Just get your list together.
Now, the next time that big support call comes...you know the one...the one where the computer is really hosed, take a copy of your list with you and present it to your ignorant user. Tell them that you're going to fix their computer for free one last time, and this is that time. If they want any more, and I mean any more support from you, they must get to work on your reading list the following day. Occasionally, you're going to check in with them and see what they've learned so far. If they stop educating themselves, the support stops, period. No more reformats, no more virus/spyware cleanups, no more help formatting a word processing document. Nothing.
If they look at you dumbfounded, put it to them this way. Most likely, their biggest investment is their home, followed by their car, followed by their computer. There's no good reason that they shouldn't spend some of their time learning how the thing works, especially since you're spending your valuable time fixing it for them. They don't ask you to come over and change their oil, clean their gutters, or unclog their sink, so there's no reason to expect someone to continually fix their computer.
If your plan works, you'll surely get some questions as the person starts to read, but at least they're starting to educate themselves. As for those who won't listen, a couple of trips to the local computer store, at $50 an hour, will sober them up.
ClamAV: Open Source Antivirus Scanner (Score:3, Informative)
In the long run it stopped being a problem when the hard drive Symantec's adware was installed on dropped dead.
Nowadays there's a much better virus scanner, very simple to use. For *nix boxes, for example to integrate with your email processing, there is Clam AntiVirus [clamav.net]. It's GPLed Free Software, has a great mailing list, its virus database is updated regularly. There is an automated tool called "freshclam" that gets database updates.
I use ClamAV when I download my mbox files from my hosting service. At one point I was getting 400 MB of email a day, almost entirely viruses, and clamav was very simple to use to delete the virus-infected messages, so the combination of legitimate mail and spam was just a couple meg each day.
For scanning your hard drive under Windows, there is a GUI program called ClamWin [clamwin.com], based on the clamav engine with the same virus database, and automatic updates. It's a very simple program, with a minimalist user interface. It's very easy to use and effective.
What I can't figure out though, is how to satisfy WinXP SP2's insistence I get a virus checker. It doesn't recognize clamwin as being one. I would imagine all the virus scanner publishers had to pay microsoft for the privilege of being a recommended virus tool. Or maybe it's just that Microsoft doesn't want to admit a Free Software solution is superior to any of the proprietary ones.
Since people don't care... (Score:4, Insightful)
Spyware-coding contract gigs on job boards (Score:3, Informative)
One that I remember specifically was on guru.com, where the client was asking for a program that would set the, uh, "user's" homepage to a URL to be specified by the client, and then prevent the user from ever changing it to anything else.
You would think the job board staff would forbid such contract offers from ever getting posted, but I'm pretty sure that once someone has paid for a recruiter account at one of the boards, that he can pretty much post anything he wants without ever having to get it reviewed or approved.
You can supply GOOD free software to Windows users (Score:4, Insightful)
What you do is buy one of those spindles of 50 blank CD-Rs, they'll cost you, what? 50 cents a disk or less.
Download the ISO of TheOpenCD [sunsite.dk], and burn it onto some of those CD-Rs.
Hand them out to all your Windows-using friends and relatives, pointing out that it's not only Free Software, it doesn't come with any spyware.
Urge them all to duplicate the CD for all their friends and relatives, and point out that such copying is not only legal, but encouraged, as I'm sure is documented in ReadMe files on the CD.
If you don't feel you can afford the cost of the blank CD-Rs, you can ask for a donation of a dollar or two to cover the media and your time.
Downloading Spyware? (Score:4, Insightful)
Of course it's perfectly possible to have Free Software without intrusive advertising. Ask Linus. Ask ESR. Ask RMS. Ask Vixie. Ask any of the millions of us around the world, who use and create Free Software! I don't see spyware in my kernel, my mail transport, my compiler, or my command scheduler. I don't see adware in my HTTP server, my FTP server or any of the clients I use with them. And if anyone tried to put it there, I'd just comment it right out of the source code -- and then post the diff files on the Internet, so other people could comment it out too. If I was feeling particularly bothered, I'd actually hack it right open, and make it post lots of bogus information to their servers. I'd post that hack far and wide, too -- and make sure the spyware authors knew I wrote it, so they would have proof of what I thought of them.
Just how difficult is it to block out this spyware, anyway? Can't you just patch the source, or edit the Makefile or whatever Windows uses in place of that, so the spyware portions don't even get compiled? Or do Windows downloads work somehow totally different to Linux and BSD ones?
iMesh Forums (Score:4, Interesting)
and each time a moderator just deleted it...
My last post read:
And I wonder how long until they are deleted as well.
You need scare tactics (Score:4, Insightful)
-ReK
A New Law (Score:3, Funny)
If you believe an evil is necessary, you are an idiot.
Re:Link is incorrect (Score:3, Informative)
Re:Link is incorrect (Score:5, Funny)
This phenomenon is known as slashdotting a site to death. You must be new here? ;)
next time take a router, (Score:4, Informative)
open ports one at a time.....
just having a 1 port router will keep most of the fresh install vulnerabilities off line to the net, and allow you to get what you need.
Re:next time take a router, (Score:5, Informative)
Comcast is a monopoly where I and many others live. Let's hope the Supremes force them to open their cable lines to competitors. The result of them forcing BellSouth to do so has resulted (finally) in my recent switch to an unlimited local and long distance provider for $45/month.
Re:next time take a router, (Score:3, Informative)
They don't do tech support on the routers because they don't know how you've set them up. If your router is the cause of a problem (you've blocked all outgoing traffic, asked-for or otherwise, for example), they don't want to waste the time on you. That doesn't mean they don't support routers on their network (as in, routers won't work). They do. If you know your router is fine, next time lie to them. They can't tell.
Re:next time take a router, (Score:5, Insightful)
You shouldn't need to get another piece of hardware to protect a computer that's perfectly capable of protecting itself, running the right software.
Performing workarounds for Windows is what leads to acceptance of worms (just buy a hardware firewall) what leads to acceptance of viruses (just buy an antivirus) and what leads to acceptance of spyware (just buy an antispyware) and what leads to acceptance of systems so bogged down by combinations of the above (just reinstall every 6 months).
It's a bit like living in a really bad neighbourhood and denying it's a problem. "Oh we're OK, we live in a safe area. As long as you put bars on all your windows, don't leave the house when it's dark, put up bullet proof windows, and don't make eye contact with the neighbours you're perfectly safe"
Apart from how it's broken, it works perfectly
Re:not me atleast! (Score:3, Informative)
Re:"Free software"? (Score:3, Funny)
OSS has freedom from beer?
Does this mean that I can't drink when working on open source software?
Funny, but pertinent (Score:3, Insightful)
Re:Reep the benefits (Score:5, Insightful)
We Mac and *nix users should worry about this. The Internet has gotten much worse over the last five years. The sad thing is that users think that this is part of the normal computing experience. They believe that it is okay for strangers to steal their credit card information. They believe that it is okay for their computer to dial long distance to shady places. They believe that whenever they browse the Internet, hundreds of popups should suddenly appear on the screen, and that software magically installs itself. The worst thing is that people are now starting to distrust free software, which will further set back the deployment of free, open-source software in many places.
It is sad and rediculous to see that the maker of the most common operating system in the world has failed at general security this badly. I would have never imagined a few years ago that Windows would get this bad. It's kind of like that Lion King scene (only analogy I can remember) when Simba returns to the Pride Land after leaving there for many years, watching the destruction of the land that he grew up in. Yet lots of users are still stuck in Windows land and don't have a clue about the outside world. They have been conditioned over the years, first to accept instability (2000 and XP fixed that), and now to accept insecurity. Something needs to change on the computing scene in the next year or so.
How about signing blank checks for them? (Score:3, Insightful)
Somewhere recently I read (maybe it was here) that fraud resulting from phishing, spyware and the like was costing the credit card companies and banks ten billion dollars a year. That's pretty serious, much more serious than allowing a marketing agency to know what websites you like to visit.
You are obviously not married (Score:3, Insightful)
At least she was willing to use Mozilla, so the problem was not as bad as it could have been, but when her WinXP laptop started crashing recently, I scanned it, and found a bunc