Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Privacy

The Spyware Inferno 437

An anonymous reader writes "Ever thought there should be a scale for quantifying the evil Spyware does? In an editorial article at news.com.com, a Silicon Valley Venture Capitalist uses the levels of hell in Dante's Inferno to do just that. The article also goes into depth on how vendors, and Claria in particular, make money - of particular interest, 31% of Claria's revenue came through Overture. This may explain why Yahoo took so long to list Claria as Adware in its anti-spyware toolbar."
This discussion has been archived. No new comments can be posted.

The Spyware Inferno

Comments Filter:
  • Remember Kids... (Score:5, Informative)

    by romper ( 47937 ) on Tuesday August 17, 2004 @03:37PM (#9995014)
    Claria is Gator is Spyware.
    • by sik0fewl ( 561285 ) <xxdigitalhellxx&hotmail,com> on Tuesday August 17, 2004 @03:41PM (#9995059) Homepage

      .. is apparently a good way to make cash.

      I think people should be forced to take classes or seminars before using the Internet, teaching them how *not* to be fooled to install adware and spyware. They should also be told not to use Internet Explorer.

      Of course, with this seminar, everyone would get a free software CD with Claria included.

      • by ratamacue ( 593855 )
        I think people should be forced to take classes

        Sure, we'll hold them at gunpoint and educate the bastards! (What exactly do you think the word "force" means?)

        And we'll make the taxpayers fund it all, whether they like it or not! ("Force" implies government, and we all know how government gets its revenue.)

        But hell, if you're in power, what do you have to lose?

    • by arhar ( 773548 ) on Tuesday August 17, 2004 @03:57PM (#9995237)
      I think every time Claria is mentioned, it should be mentioned on the same page - hell, in the same sentence that Claria IS Gator, and their company name, names of everyone connected to the company, their significant others, and descendants down to the fifth generation, should be recorded in human history as worthless scum and vilified forever.
    • Why hasn't Apple/Claris sued for the obvious typo-subterfuge intended by Gator's selection of Claris^Ha as it's re-invention name?

      Hmmm?
      • Re:Remember Kids... (Score:5, Interesting)

        by bjohnson ( 3225 ) on Tuesday August 17, 2004 @04:57PM (#9995765)
        Because Apple "eats their own dog food"?

        None of this crap targets Macs, or Mac browsers, so it's entirely possible that they haven't even noticed how much of a problem it is, or ever heard of the company.

        The only reason I ever notice spyware is when I have to clean it out of yet another luser's system.

        Spyware Schmyware. I use Firefox on OS X.

        Problem solved.
      • by 0racle ( 667029 )
        And while their at it they can sue Clarica [clarica.com], because obviously everything that starts 'Clari' must belong to Apple since they have a piece of software called claris. In fact, why don't we just give Apple ownership of the letters c,l,a,r,i, and s so they can sue everyone who uses them.

        How in gods name was the parent modded interesting when its perfectly obvious why Apple doesn't sue, there's nothing to sue over.
    • by Alien54 ( 180860 ) on Tuesday August 17, 2004 @05:58PM (#9996221) Journal
      Spyware removal can be a pain. Here is a repost of something I posted earlier, along with some added details
      He went down the merry path of trying to rescue the system in order to keep customer data intact. The story is typical of someone who is entering the fray without have their tools prepared in advance. The solution always looks easier than it really is.

      In his case, he needed

      • a CD with all of the relevent tools and updates
      • a windows boot disk with CD support
      • an understanding of the windows command line in order to copy a subset of these tools to a convenient folder on the hard drive from the CD
      • The knowledge to run these tools from Safe mode, and how to get there in the first place
      • Include in the subset of tools one that can fix the broken LSP setup.

        [LSP or Layered Service Provider is a piece of software that can be inserted into the Windows TCP/IP handler like a link in a chain. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, rendering the user unable to access the Internet. Spyware is good at this, and some cleaners leave a broken LSP behind.

        With the correct tool, the fix takes seconds. Without the tool, you need to uninstall and re-install the winsocket, or else the same with the entire network support. Otherwise you fall into the trap this poor bloke got into.]

      tips - I deal with this stuff all of the time. The best data on this stuff can be found in articles at spywareinfo.net - the forums are not bad either, although spywarewarrior.com also has good forums. also good to have is this list of known rogue spyware cleaners [spywarewarrior.com] [spywarewarrior.com], along with this list of Anti-Spyware Orphans & Outcasts [spywarewarrior.com] [spywarewarrior.com]

      My current recommended free antivirus is Avast! Home Edition [avast.com] [avast.com], which is very low maintenance for the home user, and requires registration for the free license. It also protect a number of common Instant Messenger clients, as well as several common P2P clients. It is better than AVG in my opinion, and detects many trojans as well as spyware.

      You can get a system that is so hosed that it will not boot, not even into safe mode, even under XP. The solution there to remove the hard drive, drop it into an external drive enclosure, and hook it up to another system where you can use scanning software to do a basic clean so you can boot in the original configuration. Once it boots you can install cleaners from safe mode, and then run cleaners from inside every user account. Note that you still need to run the clean from inside each user account because otherwise things will hide in the seperate user folders.

      Re: the LSP chain break -- HijackThis can sometimes fix it. Otherwise, Spybot can fix it. Xblock will also fix it. [xblock is an excellent first pass cleaner, with a freeware version available). (Spybot second, AdAware third)I always use more than one scanner, and scan multiple times.] Immunisers such as SpywareBlaster are also nice. All of these packages are mentioned at spywareinfo.com [spywareinfo.com], which sometimes goes under due to DDOS problems from people who do not like the services they provide. (insert obligatory plug for someone to help them out, one way or another.)

    • Re:Remember Kids... (Score:4, Informative)

      by TheSpoom ( 715771 ) * <slashdot@@@uberm00...net> on Tuesday August 17, 2004 @06:22PM (#9996357) Homepage Journal
      I had a caller recently who I was doing technical support for, and I believe the issue was that they were getting some sort of error message when they booted up. I was going through MSCONFIG and unchecking startup items as she read them to me, and the conversation went something like this:

      Her: "CMESYS."
      Me: "Uncheck that, it's spyware."
      Her: "Isn't that Gator?"
      Me: "Umm... yes."
      Her: "Oh, I pay for that, I don't want that removed. It fills in my passwords for me!"

      Apparently she paid $30 / yr. for the "service" that the Gator eWallet was providing. She had called them (and in hindsight I should have asked for the number) before and they assured her that the paid version doesn't come with their normal great advertising code. I was considering banning her from the internet, but I would have been fired. :^(
    • by AndroidCat ( 229562 ) on Tuesday August 17, 2004 @07:12PM (#9996663) Homepage
      Adware anxiety gives Claria cold feet [com.com] The decision by adware leader Claria to postpone its initial public offering comes as the fast-growing business of advertising-supported software is increasingly coming under pressure.

      For years, millions of people have acquired adware as the price of using free applications such as file-trading software from the likes of Kazaa. The adware, designed to track Web-surfing behavior and deliver targeted ads such as pop-ups, has become profitable enough to draw investors' interest. (snip)

      Poor babies. I hope their public offering is a burnt one.
  • by VAXGeek ( 3443 ) on Tuesday August 17, 2004 @03:38PM (#9995028) Homepage
    What's the difference between advertising supported software which gathers marketing demographics and spyware?

    Sweet sweet kickbacks to Yahoo, that's what.
    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Tuesday August 17, 2004 @03:41PM (#9995071)
      Comment removed based on user account deletion
      • by saintp ( 595331 ) <{stpierre} {at} {nebrwesleyan.edu}> on Tuesday August 17, 2004 @04:09PM (#9995341) Homepage
        When was the last time you read an EULA in full? What about your grandma? Name the last EULA she read in full.

        Disclosure really doesn't matter when "NiftyFreeWebApp" buries the fact that it requires the sacrifice of your firstborn on page 972 of a EULA written in obfuscated legalese.

        • Addendum: Mentioning spyware in the "license" does not constitute meaningful disclosure.

          Schwab

        • by afidel ( 530433 ) on Tuesday August 17, 2004 @04:39PM (#9995619)
          You don't have to bury it in the EULA and install spyware through the back door to do ad supported software. ICQ, Opera, and many shareware products incorperate ad sponsorship into the product in a manner that most users do not find offensive and which does not completely destroy the usefullness of the computer on which it is installed.
          • by saintp ( 595331 ) <{stpierre} {at} {nebrwesleyan.edu}> on Tuesday August 17, 2004 @04:58PM (#9995766) Homepage
            I'm aware of this. I use Opera (and love it!), used NetZero for the brief time that it was free, and other ad-supported software. Most of those practice true disclosure: You're getting a service in exchange for your eyes. And I'm fine with that.

            But if someone is hawking something like EUniverse or Claria, then they're not going to be upfront and forthcoming about it, because their service isn't valuable enough. Opera is (or was; Firefox is gaining ground) a nice enough browser that I'm willing to put up with some ads, so I accept the EULA precisely because they're upfront about being ad-supported.

            In contrast, no one would ever install a 404-redirect program if they knew what it would do up front. Instead, somewhere in the EULA is a paragraph explaining in euphemism a mile deep that the app hijacks your browser.

            I'm not anti-ad-supported software; I think it allows some outstanding software to get into the world for free. (Obviously I'd prefer they GPL'd Opera, but I'll take what I can get.) I'm saying that forcing disclosure is basically masturbatory.

          • by Chanc_Gorkon ( 94133 ) <.moc.liamg. .ta. .nokrog.> on Tuesday August 17, 2004 @05:38PM (#9996066)
            This needs to be modded up. Big time. I run Weatherbug. It's ad supported and I know it installs the My Search toolbar as well. It also does not mind at all if you go into Add/Remove and remove it. Weatherbug continues to function after that. It tells you right upfront what it's installing and does not sneak it in. Claria probably doesn't do this sometimes.

            One way we have prevented our Mom and Dad's from installing this stuff it to give them explicit instructions...now mom, everyday, you use this limited account and when you need to install something, either call me or use this Administrator sign on but DO NOT use this signon for anything but installing applications. Do not browse with it. This seemed to cure my little bro in law from having to go help his mom get rid of a virus or spyware. He also has scanners for virus and spyware installed as well and since he has to go pick his son up there every once in a while, he will do a sweep which is short instead of 3-4 hours removing spyware and viruses. Until most users adapt a UNIX like way of using their Windows machines, they will not be able to combat crap like Claria. If it starts to not work, then Claria will ahve to find another way to stay in business. Being vigilant in this battle will help us win...but being stupid and clicking OK whenever you see it WITHOUT READING THE BOX will kill you.
        • When was the last time you read an EULA in full?

          Never

          What about your grandma?

          No, I haven't read her in full either.

    • by NoMercy ( 105420 ) on Tuesday August 17, 2004 @03:56PM (#9995223)
      Disclosure is one point, the other is advert supported programs have nice little boxes and parts of the GUI they fill with an advert.

      Spyware tends to work out what your doing tells it's servers that and then optionally feeds you with replacement adverts or popups, so youre looking at a shop which sells trading cards and an advert pops up for another store which claims lower prices say.

      But then more and more advert supported software is going back to plain old demo/shareware/timebomb arangements (case in point getright).
      • One of the trends I pointed out to the article (yes, I rtfa'd a while ago) is that spyware and adware models are endgangered by another trend-- the rise of what I call "black marketing" or marketing products via international cybercryme syndicates. We already have viruses which help to relay spam, and some of these (particularly online gambling and pornography) may have ties to organized crime. Remember that there *is* a connection between human trafficking and pornography but not all pornography is bad i
    • AIM is advertising-supported software because it displays its ads in the AIM window.

      Kazaa is adware because it displays its ads while you use Internet Explorer. Pop-up adware often makes it difficult for users to tell what application the ads sponsor, which IMO is the point at which it becomes evil. I don't know whether Kazaa's ads say "This ad is shown using Claria technology to sponsor your use of Kazaa. To stop seeing these ads, uninstall Kazaa". I'm not going to install Kazaa to find out.
  • Cliche (Score:5, Insightful)

    by dmayle ( 200765 ) on Tuesday August 17, 2004 @03:40PM (#9995046) Homepage Journal
    It's like the old detective cliche, follow the money. The problem with both spyware/adware, and spam, is that they're profitable. Beating this stuff with technological measures alone is never going to be easy. If we really want something done, we've got to find ways to make sure these people and/or companies can't make money doing it...
    • Re:Cliche (Score:4, Insightful)

      by ciurana ( 2603 ) on Tuesday August 17, 2004 @03:50PM (#9995158) Homepage Journal
      Way to go, dmayle.

      The URI in your .sig leads us to what at first sight seems to be a iPod pyramid scam. I find myself hard pressed to take your comments on the current topic seriously.

      Cheers,

      E
      • Re:Cliche (Score:3, Informative)

        by dmayle ( 200765 )

        The URI in my .sig is not a pyramid scam, but it is a marketing thing. If you're not interested, don't go there. This is very offtopic, but for anyone who wants to know what it is without clicking in my sig, it's a marketing company who gives rewards for getting other people to try out the services of their clients. It's not a scam, as it doesn't require you to put any money into it, and you're not getting paid off by other people. Marketing companies pay money for customer acquisition, and this marketi

    • Re:Cliche (Score:4, Insightful)

      by gl4ss ( 559668 ) on Tuesday August 17, 2004 @03:51PM (#9995167) Homepage Journal
      *The problem with both spyware/adware, and spam, is that they're profitable*

      well, actually, they don't even need to be profitable. it just needs to APPEAR profitable for some people to try it, which will fuel other people into trying it because 'it must work since someone is doing it'.

      true, mega corps like claria are on a bit different level but anyways..
      • Re:Cliche (Score:3, Informative)

        by DeepHurtn! ( 773713 )
        During goldrushes, it was very seldom the prospectors that actually made any money -- the people who really got rich were the shopowners who sold supplies to the people who actually looked for gold. I think that spam, at least, is like that -- the real business is probably selling the tools of the trade to idiots who will go out of business in half a year.
    • Re:Cliche (Score:5, Interesting)

      by kneecarrot ( 646291 ) on Tuesday August 17, 2004 @03:52PM (#9995187)
      Well, I've been watching the spam lately and to my eyes it looks like technology is slowly making spam less profitable. Spam filters are becoming so effective that spammers are being forced to litter their messages with nonsense words and mispellings. These nonsense words and mispellings make the receiver of the spam less likely to purchase anything. And so (hopefully) the cycle will continue.
    • Re:Cliche (Score:3, Interesting)

      by foobsr ( 693224 )
      If we really want something done, we've got to find ways to make sure these people and/or companies can't make money doing it...

      What about something along the lines of feeding fake data back - I remember to have read an article/comment on that, but cannot remember how I found it & not in the mood to look for it again.

      The key point is/was to boost processing cost on the noise side.

      CC.
  • dante (Score:4, Interesting)

    by websensei ( 84861 ) on Tuesday August 17, 2004 @03:40PM (#9995047) Journal
    (mods, this is a bit of an aside, but ontopic/relevant given the author's use of dante's levels of hell in his ranking system. consider it a footnote)

    I stongly recommend reading N. Tosche's "in the hand of dante" as a circuitous but gratifying way to learn about the author and the divine comedy.
    plus it's a terrific read.

    • Re:dante (Score:3, Informative)

      by pilgrim23 ( 716938 )
      Dorty Sayers, the Author of the Lord Peter Whimsey series of murder mysteries is also a noted translator of the Divine Comedy. Highly recomended. The mystery novels are also a ripping good read!
  • So... (Score:5, Funny)

    by Edmund Blackadder ( 559735 ) on Tuesday August 17, 2004 @03:40PM (#9995054)
    Which circle do Cilicon Valley venture capitalists go to?
  • lol... (Score:5, Funny)

    by jmrobinson ( 660094 ) on Tuesday August 17, 2004 @03:40PM (#9995057)
    she called us "the slashdot crowd."

    but...down to business
    All right...who told her we would actually get off our asses and burn someone at the stake?
  • No... (Score:5, Interesting)

    by Anonymous Coward on Tuesday August 17, 2004 @03:41PM (#9995062)
    I am a windows developer of a small program with about 4000 users. Without spyware I would not be in business, since most people crack my s/w and dont pay after the trial.

    Thanks to spyware, I am still make a living.
  • IDS's (Score:5, Informative)

    by kc0re ( 739168 ) on Tuesday August 17, 2004 @03:41PM (#9995065) Journal
    I run IDS's for about 9 different Class C's and a handful of Class B subnets out there. I would say Gator, (to include all of it's baddies, stuff like, PrecisionTime and PrecisionDate), are about 60% of the signatures that alert on those IDS's. Not much I can do about it except report to the SA's which in turn choose to ignore me or run with it, but malware in general is becoming more of a prevalent problem. And frankly it's annoying.
    • Black hole them (Score:5, Interesting)

      by router_ninja ( 584254 ) on Tuesday August 17, 2004 @03:57PM (#9995242)
      it's a work around, and it's not pretty, but black hole the traffic before it hits the segment you have your ids's on (if possible). Example of known spyware destination ips (google): 4.4.23.227 4.8.104.90 4.18.162.102 4.21.117.158 4.36.44.3 4.38.98.140 4.43.44.32 4.43.44.128 4.65.105.109 12.14.172.204 12.29.97.96 12.30.241.70 12.30.241.74 12.30.241.106 12.30.241.242 12.36.78.54 12.37.62.0 12.39.105.80 12.47.196.49 12.98.204.163 12.99.231.36 12.129.72.201 12.129.198.41 12.129.201.99 12.129.204.6 12.129.204.99 12.129.204.107 12.129.204.122 12.129.204.125 12.129.204.158 12.129.204.160 12.129.204.183 12.129.204.197 12.129.204.204 12.129.204.208 12.129.204.219 12.129.205.102 12.129.205.105 12.129.205.120 12.129.205.162 12.129.205.167 12.129.205.171 12.129.205.206 12.129.205.220 12.129.211.125 12.129.225.165 12.129.229.191 12.129.248.48 12.129.248.128 12.130.12.30 12.130.12.106 12.130.91.7 12.145.139.160 12.148.21.23 12.148.209.196 12.153.20.152 12.153.20.157 12.158.80.10 12.168.32.90 12.168.33.58 12.168.33.194 24.1.248.148 24.3.113.25 24.7.145.249 24.27.205.221 24.30.8.185 24.42.211.66 24.57.164.38 24.57.240.53 24.58.172.230 24.71.18.34 24.72.3.189 24.90.4.150 24.90.243.203 24.101.203.184 24.104.40.39 24.104.40.52 24.106.94.101 24.108.132.26 24.125.77.118 24.126.133.124 24.141.149.114 24.151.184.187 24.173.79.235 24.207.243.16 24.218.47.171 24.222.112.75 24.229.80.135 24.235.212.163 24.242.151.203 38.113.1.80 38.113.1.111 38.113.1.151 38.113.1.155 38.113.1.159 38.113.3.122 38.113.193.6 38.113.198.80 38.113.198.132 38.113.198.136 38.113.198.176 38.113.198.235 38.113.199.63 38.113.204.182 38.114.129.148 38.117.144.27 38.117.144.30 38.117.144.50 38.117.144.162 38.117.174.2 38.117.174.20 38.118.144.180 38.119.65.135 38.119.65.137 38.170.72.194 61.8.3.212 61.16.133.250 61.43.30.91 61.78.61.223 61.115.205.23 61.129.67.141 61.129.67.149 61.129.67.151 61.129.69.190 61.135.131.23 61.135.131.31 61.135.131.36 61.135.131.39 61.135.131.42 61.135.131.128 61.135.131.174 61.135.131.237 61.139.65.222 61.145.75.227 61.145.75.233 61.149.2.221 61.152.251.25 61.177.222.222 61.213.156.128 62.13.25.201 62.13.25.209 62.23.124.88 62.23.137.170 62.26.219.11 62.27.21.101 62.27.59.227 62.27.59.245 62.39.85.0 62.39.108.98 62.39.122.20 62.56.244.55 62.57.74.14 62.58.2.5 62.65.34.64 62.65.36.136 62.65.252.93 62.65.252.226 62.69.162.144 62.69.162.171 62.75.193.84 62.93.224.242 62.96.181.197 62.97.109.50 62.101.246.77 62.104.23.56 62.115.254.26 62.118.240.27 62.118.248.72 62.118.251.0 62.119.21.132 62.119.21.135 62.119.21.150 62.119.21.157 62.119.133.10 62.119.133.11 62.121.105.75 62.146.24.251 62.146.222.65 62.148.166.3 62.149.0.12 62.149.0.140 62.149.36.64 62.150.129.118 62.153.59.95 62.160.32.0 62.161.184.96 62.172.199.20 62.178.238.135 62.181.185.37 62.181.185.44 62.189.43.224 62.189.74.144 62.189.244.232 62.193.206.144 62.210.139.48 62.210.164.83 62.212.117.198 62.219.114.145 62.233.196.72 etc. etc. etc.
  • by gbulmash ( 688770 ) * <semi_famous&yahoo,com> on Tuesday August 17, 2004 @03:41PM (#9995066) Homepage Journal
    Besides spyware, what annoys me is "user agents". Quicktime, RealPlayer, and Winamp all have little TSR's that load at start-up and eat megabytes of memory for "quality assurance" and "ease of use" purposes. I don't know how many times I've tried to disable qttask.exe or realsched.exe in my start up only to have it come back unexpectedly. Winamp's is easy to disable at setup, but Quicktime and Real require you to dig.

    I don't say they're delivering ads or sending back personally identifiable info to their manufacturers, but they are using my resources without giving me what I consider to be any perceptible advantage.

    If we're going to legislate spyware, these user agents need to be considered and the law needs to require Apple and Real to provide better notice of them and make them easier to shut down permanently.

    - Greg
    • by VAXGeek ( 3443 ) on Tuesday August 17, 2004 @03:50PM (#9995160) Homepage
      Removing the Quicktime task is really pretty simple.

      1) Find qttask.exe
      2) Rename or delete.

      Disable Real's SmartCenter by right-clicking on the real icon in your system tray (bottom right hand corner of the Windows screen) and select Disable Smartcenter.

      Hardly "digging".
    • by throughthewire ( 675776 ) on Tuesday August 17, 2004 @03:54PM (#9995199) Homepage
      I had to grin when you referred to the tray programs as TSRs. You've been doing this awhile, eh?

      One little utility I find helpful is Mike Lin's StartupMonitor. [mlin.net] It hollers at you whenever something (AIM, Real, Quicktime, etc.) attempts to register an executable to run at startup, and allows you to approve (or more to the point, deny) the attempt. Useful and educational!

      • Been doing it wrong for a while, I'm guessing, since they are not nor do they resemble TSRs. As you probably know (but this is for the audience) TSRs only leave a piece of themselves in memory and the programs which put the icons in the system tray are full-fledged processes.
        • ...TSRs only leave a piece of themselves in memory...

          Aaaand as you probably know, TSRs are real-mode DOS giblets that wouldn't run under NT and NT-derived Windows in any case.

          Thus the amusement. But we knew what he meant, no need to beat him up, eh?

      • by gosand ( 234100 ) on Tuesday August 17, 2004 @04:23PM (#9995459)
        I had to grin when you referred to the tray programs as TSRs. You've been doing this awhile, eh?

        From everything2.com:

        TSR: an acronym from the words Testosterone Sterilized (female) Rat. A TSR manifests the persistent estrus syndrome. Lacking ovulatory cycles, she is sterile. The condition is induced experimentally by injections of testosterone prior to the age of eleven days. The first five days of life are the most sensitive or critical ones. Smaller doses are then effective. The effect is life-long.

        So TSRs are sterilized vermin with teeth but no balls. Sounds about right.

      • Hehe. Starup Monitor is a TSR that loads up on startup itself! It does look pretty darn useful though. At the moment, I'm using Startup Mechanic [download.com]. Same deal, but it doesn't run as a process, it's a standalone program that you run once in a while when you suspect something weird going on. Good for those who want to run as little processes as possible.
    • by pdh11 ( 227974 ) on Tuesday August 17, 2004 @04:00PM (#9995257) Homepage
      I don't say they're delivering ads or sending back personally identifiable info to their manufacturers, but they are using my resources without giving me what I consider to be any perceptible advantage.

      Rio Music Manager has one, too, and the reason we put it there is because there are certain things that Rio Music Manager needs to do (such as send custom USB commands to portables) which can't be done by an unprivileged user under Windows. So at install time -- assuming it's installed by an administrator -- the service gets run with admin privileges, and then later, when unprivileged Rio Music Manager runs, it can send custom USB commands via the service.

      On Linux it's probably just "chmod 660 /dev/sdwhatever ; chgrp portable /dev/sdwhatever" and adding people to group portable, but on Windows it's not so easy. Not all background tasks are necessarily malicious.

      Peter
    • Can anyone say what this qttask.exe actually does? There doesn't seem to be a Mac-side counterpart.
    • by Octos ( 68453 ) on Tuesday August 17, 2004 @04:08PM (#9995332) Homepage
      Uhhhh. Did anybody in this thread bother to check the program preferences?

      In Quicktime preferences: uncheck "Quick Time system tray icon" and it will never come back.

      I haven't messed with Real player in a long time, but I recall a similar option being available if you right-click the tray icon, possibly in a preference panel.

      I'm sorry it's so easy.
      • You've turned off the icon, not the task. Also, if you delete it from the registry the little bastard puts itself back any time a quicktime is played.

        I'm tempted to just remove all the permissions on the run key so nothing can put itself there.
      • by Anonymous Coward
        The RealPlayer agent keeps running even when the option is disabled. You need to remove it from the register, by hand.

        QT agent runs when Windows boots, but shuts down quickly if the option is disabled.

        Only WinAmp actually disables the agent from starting at all -- well done Winamp!
    • by Schmucky The Cat ( 687075 ) on Tuesday August 17, 2004 @04:29PM (#9995524) Homepage
      There are several good suggestions here on how to disable recurring apps. Here are mine.

      Set NTFS rights to the file to DENY for yourself or some subgroup. Deny rights take precedence.

      For executables, setup a software restriction policy, (start, run, secpol.msc) that disables based on the path. Just enter the exe name or it has a nice handy browse button, but the path also accepts wildcards and environment variables. (Don't tell your netword administrator this, but putting %logonserver% in here prevents those annoying domain logon scripts.)

      • Set NTFS rights to the file to DENY for yourself or some subgroup. Deny rights take precedence.

        Here's a complementary tip which will work on FAT32, all versions of Windows, and most other operating systems. If an application keeps creating a file or directory you don't want it to, delete the offending file or directory, create a new one with the same name, and set its read-only attribute. On most unices, chmod 000 will do just fine; on Windows just right-click and get the properties; on a Mac (including OS

    • Quicktime is even easier than another poster described--(right-?)click on the tray icon, properties (or whatever), and uncheck 'quicktime system tray icon' in the 'browser plug-ins' settings page (which, IIRC, is the first to come up.) Or go start menu - control panels - quicktime. its in the options. no need to delete files, etc. of course, I'm sure it comes back after each update, but it's not too horrid. I agree that any intrusion is too much, but still, compared to others', it's no too bad.

      I hate real'
    • Re: (Score:3, Informative)

      Comment removed based on user account deletion
  • Helpful tools (Score:5, Informative)

    by zokum ( 650994 ) on Tuesday August 17, 2004 @03:43PM (#9995082) Homepage
    We all know spyware is a fucking waste of both resources and internet bandwidth, please do everyone a favour and install either Ad Aware from http://www.lavasoft.de/ [lavasoft.de] or Spybot Search & Destroy from http://www.spybot.info/ [spybot.info].

    If you happen to run an OS where these aren't supported (everything but win*) just ignore this post :-).
    • We all know spyware is a fucking waste of both resources and internet bandwidth

      You just made my Bonzibuddy all cross now, you horrible thing...
    • Re:Helpful tools (Score:4, Interesting)

      by aardwolf204 ( 630780 ) on Tuesday August 17, 2004 @04:13PM (#9995369)
      The guy upstairs from me asked me for computer advice, he was looking to get a new machine for college. He claimed that he wasnt very good with computers and just needed it for research / email / writing papers. I suggested a mac.

      I have never owned a mac in my life, I have only worked on them from time to time at school, and I'm probably not going to ever own a mac unless i really start making the big bucks and can afford a disposable system, and even then i could probably only justify it for its graphics and video capabilities.

      I suggested that he get a mac because I didnt want to be the guy he called when his PC got the latest crapware. I told him that from what ive read (/.) macs are great for people that want simple computers that just work. he got a ipowermacbookintosh. This morning before I left for work he thanked me and said how wonderful it was. I got in around 9 only to find 3 emails from staff infected with the latest purplemonkeytoolbarweathertellingcrap.

      Moral for the story: as a geek I can keep my windows box clean, and even not being a mac fan boy i can say that apple is right on when they say "computers for the rest of us".

      PS: When macs get 90% market share I'll suggest he gets windows because nobody writes crapware for it. Oh, yeah, this is slash, um, 2005 is going to be the year of linux on the desktop.

      --Aard
  • by GillBates0 ( 664202 ) on Tuesday August 17, 2004 @03:44PM (#9995094) Homepage Journal
    is it Spyware or spyware?
  • by Anonymous Coward on Tuesday August 17, 2004 @03:48PM (#9995134)
    Seriously, as more places try to "legitimize" their revenue by branching out what they do, it'll take longer for most companies to sit back and say "we can't do this because of your questionable business model."

    Yahoo took long enough, but they finally did.

    What users need to do is continue to keep writing in and boycotting companies that use spyware affiliated services until they stop supporting them. Overture be damned, it's still ultimately a spyware thing. After all, it's just another way to collect information and track users. When Doubleclick decided to combine all the information... I'm sure you Slashdotters remember the response it got. Privacy is a big issue and until more companies in the playing field like Yahoo get the idea... it's going to continue being a problem.

    Spyware is certainly more aggressive at this point, but ever since I installed Adaware and started using more of the extensions available for Mozilla/FireFox, it hasn't been something I've even remotely come across... unless I'm helping to clean up a friend or client's oversaturated box. I'm just wondering at this point why some of these spyware apps haven't been classified as viruses yet... they certainly act in a very similar manner: Installing without knowledge, announcement or permission... phoning home without knowledge, announcement or permission. Spreading without... ah, fook it, you get the idea. I'm just preaching to the chior here. A lot more questions than answers despite knowing exactly what is going on here. This is exactly why we shouldn't be supporting services that are running legitimately despite having that slight (or underhanded) spyware connection.
  • by TT Baker ( 806229 ) on Tuesday August 17, 2004 @03:49PM (#9995151) Homepage
    Of course, this implanting of spyware only works if you give away binary versions of your product. Open source that you compile yourself would not last long in the community if it tried to imbed spyware code. Never trust a free executable. That has been true since I got my first Amiga virus from "cracked" copy protected code, and it is true now.
  • by BubbaThePirate ( 805480 ) on Tuesday August 17, 2004 @03:51PM (#9995174)
    Quoth the site:
    http://www.claria.com/companyinfo/careers/

    "Associate General Counsel - Litigation
    Redwood City, CA

    The successful candidate must have the skills and experience necessary to assist the General Counsel in managing complex litigation involving IP law, advertising, technology, and the Internet. You will execute an agreed-upon strategy by, for example, independently managing discovery efforts, directing depositions, outlining and reviewing briefs and oral arguments, assist in preparing for trials, and generally providing overall guidance to, and closely working with, outside counsel.

    Requirements include: Leading law school, member of the California State Bar, and at least 6 years of relevant litigation experience in a nationally recognized law firm and/or an in-house legal department; Demonstrated ability and successful history of managing large scale litigation including large discovery efforts; Demonstrated familiarity working with technology and/or Internet companies and with IP law; Ability to formulate successful, complex pre-litigation and litigation strategy; Ability to operate independently, effectively and in a professional manner in various project and cross-functional team settings, and with various external contacts; Excellent organizational, project management, communication and interpersonal skills."
  • by G4from128k ( 686170 ) on Tuesday August 17, 2004 @03:52PM (#9995180)
    National governments seem clueless/powerless/apathetic with regard to malware (spyware, phishing, viruses, etc.) The current ad hoc approach - independent semi-commercialized tracking/alert/filtering services don't do a very good job, provide less than 100% coverage (of both PCs and treats), suffer from lack due process (e.g., how does a nonspammer get unblacklisted), and are purely passive (doing nothing to halt spammers, phishers, etc.)

    I wonder when the users of the internet will form their own supranational government, with a defense force and coordinated policing actvities. Taxation might be in the form of CPU cycles & bandwidth used by policing actions to DDoS convicted spammers/phishers/spyware providers.
  • by Thagg ( 9904 ) <thadbeier@gmail.com> on Tuesday August 17, 2004 @03:52PM (#9995183) Journal
    HTML doesn't have a 'rant' tag, but consider the following as such.

    I personally cannot imagine having spyware on my machine, and I similarly cannot imagine any Linux user tolerating it. Most Linux users chose it, in large part, because of the control it gives you over everything that your computer does. Having your computer hijacked by advertisers is antithetical to that concept.

    But I watch Windows users tolerate truly mindboggling amounts of adware/spamware/malware. The typical windows users tolerate 100 times what I would consider completely unacceptable.

    I know it's elitist to say this, but what happens is that Windows users will make the tradeoff of malware to allow them to steal music and other content. They don't protest, because deep down they know what they're doing is wrong.

    Linux users, typically, have no such guilt and therefore don't tolerate that kind of intrusion onto their computer.

    Thad
    • by Evangelion ( 2145 ) on Tuesday August 17, 2004 @04:12PM (#9995362) Homepage
      I know it's elitist to say this, but what happens is that Windows users will make the tradeoff of malware to allow them to steal music and other content. They don't protest, because deep down they know what they're doing is wrong.

      Not really.

      Being both a Linux user and a Windows user, I don't tolerate any kind of adware or spyware either.

      The typical windows user:

      * Does not understand that AdWare/Spyware/Malware is acutally on thier computer
      * Does not understand how AdWare/Spyware/Malware gets on thier computer in the first place.
      * When they realize it's on thier computer, they will often belive it's nessecary for software to function. (I tried cleaning up my sister-in-laws Win98 PC, and she immediately blamed me for screwing it up the first time something didn't work the same way -- that's the only real anecdote I have, as I stay the bloody hell away from that kind of job).
      * Assuming they realize that it's on thier computer, and they realize they don't have to live with it, then they can get rid of it. Once. But being able to get rid of it by getting a friend to install AdAware and Spybot S&D in no way affects thier ability to detect it on thier computer, or realize that something might be installing it.

      Comparing Windows to Linux in this regard is just ignorant. There are is basically no Malware/Spyware programs on linux (I know there's some Adware out there, but I can't imagine it being terribly successful). And Linux users as a whole are self-selecting in this regard, and are used to having to live without software that they'd like to use.

      That, and there are several pieces of very popular Adware (MSN Messenger for example) that are sufficiently useful to outweigh the cons of it being Adware.

      So, really, the windows users who put up with this garbage simply because they don't know any better and trust the companies when they claim this garbage is nessecary, or that they choose to put up with the Adware to use a program that they want to use.

      I also find it ironic that you're saying piracy is a tradeoff for running adware, when any person who is going to pirate things won't think anything of cracking adware to get rid of ads...

      BTW, if you think Linux users don't pirate media, you're on fucking crack :)
    • by Kphrak ( 230261 ) on Tuesday August 17, 2004 @05:05PM (#9995812) Homepage

      I can't believe something a post as stupid as the parent's gets modded up, even for a few minutes.

      Windows users don't allow spamware because they're guilty about piracy. Most of the users I've seen with large amounts of spyware wouldn't even download a free MP3; the only thing they download is their email or the latest forum page refresh, off AOL. They get spyware because of cluelessness about computers, not guilt.

      The 15-year-olds who install spyware-filled filesharing programs don't feel guilty either; they use them for the same reason they use Internet Explorer. They don't know any better program, and their friends all use the same thing.

      On the other hand, the savvy Linux copyright violator (not thief; copyright violation is not theft according to the law) will just use Mutella to share his MP3s, which has no weird restrictions and runs on the command line if so desired.

  • by BlueOtto ( 519047 ) on Tuesday August 17, 2004 @03:56PM (#9995218)
    As the Intern/Pc Support Help Desk guy at my work, I'd estimate that about half of the problems here are a result of spyware. However, I have a process that works MOST of the time to totally eliminate it it from a computer. It takes time (usually around 30 minutes), but being totally thorough makes sure that one piece doesn't get left behind and bring everything else back. This is what I do:

    -Run AdAware and Spybot Search and Destroy (get latest updates!)
    -Run CWS Shredder
    -Run HiJackThis and locate all curious entries and remove them
    -Run msconfig.exe and clear all suspicious or even borderline suspicious entries from startup
    -Check running processes for suspicious entries (doing this a lot makes you familiar with what is good and not good. Stuff like WhatsUp.exe -- usually bad. Or WJLHOWPDMNW.exe)
    -Try to kill the processes, and then locate and delete those files. If you cannot delete them or end the processes, write them down and boot into safe mode to delete those files
    -Finally, check Program Files for suspicious folders. That's where much of spyware hides. Apoint2K and and search bars and anything else are BAD!
  • Here's the link [com.com] - now, what in that made it necessary to be distributed as a PDF, and not as an HTML/XML document? The proliferation of PDFs for information that can be displayed consistantly in other, more compact and less processor hungry formats, is frankly disturbing.
  • by Hamster Lover ( 558288 ) on Tuesday August 17, 2004 @04:24PM (#9995474) Journal
    Others may have mentioned it, but an anti-spyware toolbar is like an anti-violence machine gun.
  • Cold Cash (Score:3, Interesting)

    by COMON$ ( 806135 ) on Tuesday August 17, 2004 @04:31PM (#9995546) Journal
    Malware companies are not the only ones generating revenue here. There are a lot of Techs out there who are raking in the cash removing all this malware. It would be interesting to see some stats on how much money is spent removing all that crap.
  • by gelfling ( 6534 ) on Tuesday August 17, 2004 @04:39PM (#9995610) Homepage Journal
    So use it and it will block nearly everything it is capable of identifying. Keep the sig file up to date and run it off the scheduler every once in a while. Blow your Browser cache away once a week. In fact blow away ALL the cookies on a regular interval.

    You will have essentially no spyware.
  • by idontgno ( 624372 ) on Tuesday August 17, 2004 @04:44PM (#9995659) Journal
    Imagine you own a peer-to-peer file-sharing application (for example, Kazaa) that is being used for copyright infringement en masse. People will do almost anything to get it, short of paying for it directly. So you get an adware distributor (say Claria, formerly Gator) to pay per installation of your application if you will bundle its adware.

    Given that:

    • (MP|RI)AA hates P2P softare;
    • Claria is subsidizing the installation of P2P software;
    • Claria is profiting from the use of P2P software;
    • (MP|RI)AA habitually sues those responsible for the availability or use of P2P software:
    Obiously, (MP|RI)AA should be suing Claria. Hard.

    *The Chronicles of Riddick

  • by jimicus ( 737525 ) on Tuesday August 17, 2004 @04:48PM (#9995688)
    I'm serious. I've never really seen much spyware.

    True, I'm an IT professional. And on my home computer I use Linux almost exclusively.

    And at work: nothing. Nada. Those few who have Internet access it's closely monitored & filtered, incoming email is thoroughly scanned and systems are locked down. And I see no spyware.

    Last time I booted Windows at home (just a NAT'ing firwall as protection), it was Win2K and I did see a premium dialler try and install. Seems to me that the malware vendors are yearning for the Bad Old Days of Windows '9x, complete with 9 levels of DLL hell and drivers written by barbary apes. So they're using whatever they can to bring those days back.

    Things like that remind me why I stopped working with Windows.
  • AOL stunned me too (Score:3, Insightful)

    by Lispy ( 136512 ) on Tuesday August 17, 2004 @05:18PM (#9995915) Homepage
    when I read the button on their homepage [aol.com]:
    "You may already have a version of AOL installed on your computer! If you'd like to check us to check for you please click here..."

    This is really sad. AOL has penetrated the whole planet with CDs for so many years that they can simply assume that there might already be some version of their adware-dialup-crap on any given machine. They admit with this button that they are well aware that most users are totally clueless of what software they are running on their computers. "Save me, AOL!"
  • Personally (Score:3, Informative)

    by odaen ( 766778 ) on Tuesday August 17, 2004 @06:50PM (#9996556)
    I don't consider Claria all that bad. It's easiesh to remove, and can be done by practically any anti-malware program (except maybe Yahoo's earlier attempts), and actually tells you *what* is installed. (At least it did when I had it on my PC)

    Possibly the most annoying ones are the anomymous ones such as 'CoolWebSearch' which you don't know what to search for to get rid of it and the ones which you have no clue how to remove 'MySearch'.

    Or the worse ones at all, the ones that break the address bar so you can't access any sites via. internet Explorer. Thankfully PC Gamer has started including Mozilla Firefox on its Cd's and I reckon a few other major magaizes will follow suite.

    Quite possibly the worse one is that piece of paid adware, the one which you have to format your entire P.C to get rid of all traces of it. 'AOL'.
  • by Philip Dorrell ( 804510 ) on Tuesday August 17, 2004 @08:02PM (#9996896) Homepage Journal

    The copyright system says that the only way you can expect to receive substantial revenue from your efforts to create useful content is to prevent free access to your content. If you provide your content in the most useful form, to the largest number of people who might find it useful, your income is guaranteed to be arbitrarily close to $0.

    Spyware/adware is a natural response to this problem. Closed source is less useful than open source to users of software, but the intellectual property regime says it is a better business model, precisely because customers don't know what is in the software. Spyware just takes this principle to its logical conclusion: if it is good for the customer not to know what is in their software, let's exploit this ignorance to the maximum extent possible.

    This will gradually kill the market for individual developers of mass-market software. Previously you had to convince your customers that it is worth the effort to download and try out your software, and then you had to convince them to pay you for it if they liked it, even though it is dead easy for them to not pay you and to keep on using the software anyway. Now you also have the hopeless task of convincing your customers that someone they have never heard of is not a spyware author.

  • by Decclan Macmanus ( 796733 ) on Tuesday August 17, 2004 @11:26PM (#9997830)
    First let me explain what I do for a living. I am a computer technician for a Networking company that handles law firms, doctor offices and such. Each of these places will have anywhere from 5 to 100 computers in their office. I would say I am forced to clean machines of spyware, malware, adware and viruses about 90% of my work orders. I have become proficient in doing so with all the practice I've had. These office employees of my clients just download everything they see. They answer yes to every question that get asked on a website. They do not read it and wouldn't understand it if they did. I am talking about EULA agreements of course. The legalese subtly hides the subject of the agreement that even the lawyers at these law firms cannot decipher it. I've done some testing on how easy it is to get infected with spyware and viruses without the consumer's awareness. I connected a freshly installed Windows XP machine to a broadband connection with no firewall in place and no spyware or virus detection programs in place. I surfed well known websites that millions of people search everyday for about five minutes. I then installed Spybot 1.3, Adaware 6.0 and Hijackthis onto the machine. In those five minutes of unprotected internet browsing the computer had over five different spyware programs installed including: VX2 Better Internet, a CoolWebSearch varient, New.net varient and some a couple of tracking cookies. This was five minutes of browsing mind you and I got three of the worse programs in their genre. I have recently found out that New.net actually has bundle parterships with several big companys including Earthlink, Net Zero and Juno. New.net has actually threatened or sued spyware removal companys like Spybot and Adaware. Spybot backed down from them and removed any New.net detection from their program. Lavasoft who makes Adaware is fightning back in court against New.net. New.net claims these companys are giving a bad name to their software by saying they are malware programs that collect data or supply ads to the end-user. New.net says it does not do that but I know first hand they are lying. I had a machine that was infected with New.net that caused AD popups, totally screwed the clients network connections. And these companys are legal businesses!! All I know is the government needs to step in and regulate these companys. The invasion of privacy they do on our computers is no different from a voyeur peeping in your house window or somebody tapping your phone or reading your mail without your knowledge. And yes Microsoft operating systems are the easy targets because a good portion of the world and mostly home users use Microsoft OS's. Mac and Linux people think they are safe but that will change. The more people use those machines the more spyware and viruses will surface. There already is some spyware programs for the Macintosh and a couple of viruses. The best thing for the home user to do is takes steps in protecting your computer. Use a good firewall, Keep your Windows updated, Use a different browser (I use Firefox) than Internet Explorer. Have a good antivirus program installed and updated everyday. New viruses are discovered nearly everyday. Use programs like Spybot, Ad-aware and Spyblaster( (protects against bad Active X downloads.) Take the time to actually learn to use these programs fully. Spybot has some extra tools that are great. HijackThis is great but you need to know what you are looking at. If you see a EULA agreement pop-up on your screen take the time to read it and also look up the company or software you are trying to install on Google.com and do some research on what people say about their programs. Pestpatrol.com is also a great site for learning about these malicous programs. The spyware developers are getting smarter as well. There are some spyware programs that run in the background but do not show a process in Taskmanager. Some variants regenerate themselves even after removal (usually by some leftover registry entries called "tricklers" or install programs that are hiding in your Te
  • by Slur ( 61510 ) on Wednesday August 18, 2004 @04:16AM (#9998961) Homepage Journal
    I can't believe how nearly everyone in this topic seems to accept spyware and adware as a fact of life, and that you accept the necessity of buying programs to detect and remove this stuff.

    Have you all been completely brainwashed by Microsoft? The existence of spyware is Microsoft's fault, and all the time you waste over this crap is owed to you by Microsoft.

    First of all, it should not be possible for software to get surreptitiously installed on your computer without your being aware of it. To the degree that this is possible it is the fault of the OS developer.

    I just don't get it. If adware and spyware started showing up on Mac OS X you can bet Apple would institute sweeping changes to prevent it from happening.

    Frankly I don't know why there isn't a huge class-action suit against Microsoft for encouraging spyware and adware development. And how much crossover is there between spyware and adware developers and the developers of detection/removal software.

    Seriously, someone explain why you put up with it?

Sentient plasmoids are a gas.

Working...