Web surfers battling “spyware” face a new problem: So-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase. Though the companies that fail to disclose this practice are facing an outcry from consumers and watchdogs, there is little people can do to defend their systems, security firms say.
Spyware Cures May Cause More Harm Than Good
2004-02-05 Privacy, Security 48 Comments
its not uncommon for scum to take advantage of a incressed demand for a product, pop-up blockers/spyware removers/spam filters, ect. Ive been getting spam from spammers asking me to buy anti spam products for years, same with pop-up stopers, when i dont use a pop-up stoper about 1 in 4 adds are for a pop-up stoper. It sucks that you have to spend lots of time researching downloads before you download them, I miss the good’ole days of the internet when a anti-virus tool is all you needed
never had any problems with SpyBot and it’s donationware
Some spyware removal tools are spyware, and?
AFAIK ad-aware and spybot are still clean.
HijackThis is good for IE hijacks.
I also use Hex Workshop to figure out what some files are.
>>>Spyware Cures May Cause More Harm Than Good
after reading that title, I expect a pretty thorough run down of the latest offenders.
adaware and spybot are good. why is anyone using anything else?
after clicking through to a few links and then going halfway down an unorganized site, here is a *partial* list. lord knows where to go to get the updated/most current:
just guess, i suppose.
AdWare Remover Gold
BPS Spyware Remover
Online PC-Fix SpyFerret
TZ Spyware-Adware Remover
anyway. i predominantly surf the net, and check email with linux, konq, kmail.
today’s an exception.
but i’m still on moz, locked down.
that’s not defending yourself, it’s just running away. It will catch up later on!
Like QuickClean by McAfee. Does more harm than good.
tada! common sense
the main problem is, that educating people how to avoid these things rarely helps, they will go out and take a bite of the forbidden fruit the next day anyway.
Spyware distributers are scum. The programs “Spybot Search and Destroy” and “AdAware” are excellent, reliable methods of dealing with the problem. LavaSoft, the makers of Ad-Aware used to have a small utility named “AdSearch” that would tell you if the program you were about to install was known spyware.
Two problems with the article. First, it left the impression that people shouldn’t trust free software. That’s unfair to the hundreds of freeware authors and open source groups that create original, high-quality, no-cost software. The article should also mention that high-quality download sites do NOT distribute spyware. NoNags, OnlyFreeware, Freeware Home, and Son of Spy Freeware are examples of honest download sites where users can safely download hundreds, or thousands, of free software titles.
The second problem is that spyware can sometimes be found on commercial software bought at retail stores. The eGames products commonly seen at WalMart are an example of this.
The irony is that CNET actively distributes Spyware on it’s download site, then writes “news” about why spyware is harmful. They have begun writing disclaimers, including this one for Kazaa: “Third-party applications bundled with this download may record your surfing habits, deliver advertising, collect private information, or modify your system settings.” But 322 million people have downloaded it anyway…
Download and install two spyware removal tools. If one happens to be spyware, the other will catch it! 🙂
I spend my days doing tech support. One of the products I support is a spyware remover (and more). I take the heat whenever something slips through (which is often), and I sit there wondering why anyone uses IE.
Mozilla on Mac and Linux, Mozilla Firebird on Windows (because Windows can’t seem to run full Mozilla without crashing). No pop-ups. No spyware. No adware. No Active-X evilness. Life is good.
Huh? It seams fine on my boxes?
It’s called blackmailing, FUD.
””If people feel as though their privacy has been violated by a company that claims to be protecting them, that clearly is an unfair and deceptive practice,” said Ari Schwartz, an associate director of Washington-based CDT. “You would think that an antispyware company would hold itself up to the highest standards.””
HAHAHA don’t make me laugh, what a plain fallacy a-la Reichstag. Basically he claims humanity is bad, or something.
A company can very well do like “provide X for free (beer) which gives good service” and “provide Y for money which gives more service” where X or Y can be software, consultancy, and a lot more. Free (beer) isn’t good or bad by default.
Now, if that company delivers some program for free, which removes spyware, it benefits the user’s privacy. And, disbenefits the company which wanted to earn money because of his/her privacy (which is linked again to ie. spamming).
It could be possible some companies and/or software which claim to remove spyware are actually harmful too, and if such is found out i’d hope such information would become public. But just claiming they all are like ARI SCHWARTZ and the headline do, is plain “guilty by association”.
Makes me wonder what ARI SCHWARTZ his interest is by saying that?
Cause when i still used Microsoft Windows and LavaSoft AdWare, it helped me for certain. Now, if ie. AdWare “steals” my privacy too, then please show me how it does! Please, proof! I apply innocent until proven for a program which deletes software types it has investigated as “spyware”. “Spyware”, which i don’t want. If i still needed that you were not gonna change that, dear Ari Schwartz.
Anyway, sad that a) News.com.com posts this article and it makes me wonder why they do that (Bob already posted a possibility) b) people are gonna believe earlier mentioned person’s FUD.
So please when you know some anti-spyware program which itself is bogus, doesn’t do what it claims to do, sends private info, then please tell the internet about it with nuance so the internet knows which program they can and which program they can’t use. Or consult a friend to become aware, etc, but don’t ditch anti-spyware software by default.
That some humans lie, is nothing new…
tada! common sense
If common sense was common, wouldn’t everyone have it?
the main problem is, that educating people how to avoid these things rarely helps, they will go out and take a bite of the forbidden fruit the next day anyway
Amen to that…
The only solution to this is open source software. It’s really quite obvious. Unless you want to run a router with tcpdump or a similar utility and parse all your network activity to be sure you aren’t running any sort of spyware open source software is the only solution.
Wow, sounds like you aren’t thinking very hard. There are plenty of other solutions. Like only running software from trusted sources, adjusting the security settings on Microsoft Internet Explorer, not using Microsoft Explorer, not using Microsoft Windows, installing and maintaining trusted protective software (Spybot, AdAware), not connecting to the internet, not using a computer.
Maybe you just mean, “I want everyone to use this solution.”
There are plenty of other solutions. Like only running software from trusted sources, adjusting the security settings on Microsoft Internet Explorer, not using Microsoft Explorer, not using Microsoft Windows, installing and maintaining trusted protective software (Spybot, AdAware), not connecting to the internet, not using a computer.
Your suggestions range from incorrect, to accurate to amusing!
“Trusted sources” only means that “trusted sources” can send you adverts or spyware.
Most of your other stuff is good advice! The last two are funny.
Telling people that avoiding using IE will free them from spyware is a bit misleading. I mean, it is definitely possible to install 3rd party apps that will install spyware on your machine, even if you use Mozilla or Opera as your primary browser.
As far as open source goes, it is a solution so long as there is an open source ‘alternative’ for whatever app you happen to be using that contains spyware.
Yeah right. Hell, people would install open source spyware even! I run IE (at least the backend), and I never get spyware. Why? I don’t click on crap and don’t have it on install by default.
Open source will do *nothing* to stop joe user from clicking and running “Get open source smilies in your e-mail now!” type programs. Imagine if Linux were popular. So joe user want to install Kazaa linux edition. Installer says “Run as root to install” because, duh, you need to be root to install stuff no matter *who* you are. Kazaa linux edition then goes and installs all sorts of extra gunk along with it, and it can, because it’s running as root now. And before you say “if Kazaa linux edition was open source we’d know about hte spyware and people wouldn’t use it, but rather alternatives!”. Yeah, like Kazaa Lite right? We alreay *know* kazaa has spyware, even though it’s not open source. It doesn’t stop people from running it anyways, regardless of the existance of kazaa lite!
Yay open source. Quite obvious indeed.
Why do people always bookmark windows as the problem?
Do they not realise whichever OS that has the greater market share would suffer equally?
“How to defend yourself? Easy. Don’t use IE. Don’t use windows.”
Ummm…I’m not sure about that… Suppose everyone suddenly migrates to Linux. We would see Linux users having this problem, and thus the easy way to defend against it would be going to Apple or Windows, right? I only run Windows and IE, and I have absolutely no problem with spyware on my systems. Educating computer users of spyware would the best way to combat it, IMO.
Educating computer users of spyware would the best way to combat it, IMO.
Right after we educate users how to use and update their anti-virus software, proper hard drive maintenance and good backup habits?
The solution is not educating. It’s fixing the problem at the source (code that is).
So, good luck educating every one to only use open source software. Or maybe you would propose something a little more radical (ahem, revolutionary), like outlawing closed source software?
I’m not sure how changing browsers would help. These programs are installed on the users’ computers and connect to the internet just as any legitimate program would. I don’t think they even require a browser be installed, as long as an internet connection is configured. People with always-on internet wouldn’t even get a dial-up notice.
Now a firewall is definitely a good idea, and can protect from Spyware. Say someone has a spyware app installed that they *think* they can’t live without (Kazaa serves as a good example). The bundled spyware can collect any information it wants, but without access through the firewall it can’t send the collected data anywhere.
OT: Whatever happened to KazaaLite being sued by Kazaa? As I understand, KazaaLite is an unauthourized distribution of the same program, but with the spyware component replaced by same-named dummy files.
Here’s a third omission from the article: the complete mess that spyware can make of a computer. The overloaded Temp files, the crammed registry, the loss of system resources caused by spyware running constantly in the background… While not the focus of the article, it certainly should have been mentioned.
“Do they not realise whichever OS that has the greater market share would suffer equally?”
Apple users are safe then.
Joke! Joke! Put the pitchforks down.
Anyway your logic *assumes* that marketshare is the governing factor of security. By that token Apache instead of IIS should be suffering equally. What about the other OSS that has greater marketshare than the MS equivalent? Were’s their “suffering in equality”? I’ll leave it to you to figure out why reality doesn’t agree with your version.
“Now a firewall is definitely a good idea, and can protect from Spyware. Say someone has a spyware app installed that they *think* they can’t live without (Kazaa serves as a good example). The bundled spyware can collect any information it wants, but without access through the firewall it can’t send the collected data anywhere.”
The whole issue ultimately is about “trust” Technological solutions can only go so far when it comes to trust.
Anyway your logic *assumes* that marketshare is the governing factor of security.
it’s not really about security in the sense of professionals or external attacks, it’s about bonehead users installing kazaa, morpheus or whatever… or clicking on stuff they shouldn’t.
it would be fairly easy to put a spyware daemon(or modify .xinitrc, or path statement, or whatever) in an rpm(or whatever form of installer) and a lot of users wouldn’t see it. bonehead users are proportionate to marketshare, unfortunately.
that should probably read directly proportional.
My experience with “educating” other users about spy/ad/malware has been pretty fruitfull so far. They all have been running XP:Home on their cookie cutter boxes and all came to me with the same problem: “DUDE, my computer is TOOOOOOOTALY (f-word!)ed up! Dude seriously liek doubleyoo tee eff, mate! ^^”
And after going over to their houses and installing and running Adaware, I’ve sat down with them and said, “Alright, let me tell you a little story about free software that tells you what the weather is without looking out a bloody window, and the diseases it brings with it.”
After a quick rundown on what I had done to their computer, and how they could prevent it from happening in the future, they NEVER had a problem with it again. They ran Adaware once a week, and as I had told them to, they would scan through the results, and they started to recognize where the problem software was coming from, and they’d stop downloading it.
It really was as simple as that.
I’ll agree that a lot of users can be sat down and explained what they did and what not to do in the future, but even after that there are a LOT of people out there who will STILL download pointless spyware.
“Oh look, 400 FREE smilies! Come on, that can’t be spyware! It’s just a fun little program!”
They just don’t recognize malicious software, no matter how many times I have to fix their machines and then point out which apps caused the trouble.
Hell, a lot of people are thrown by those popups that look like error windows (ala “YOUR COMPUTER IS RUNNING SLOW!”), and get sucked into downloading some crap “speeding up” tool (You know, I’ve never actually seen what the hell those things are supposed to do. Increase virtual memory? cache more things?) because they thought it was a legitimate system tool. Hell, one person though it came from Microsoft.
An interesting way of removing spyware apps and such may be to have automatic removal built into anti-virus programs (But, hrm, people never update those either…). A window popping up saying it was removed, or perhaps a Y/N box, which explains what it’s removing and most importantly WHY. It has to be written properly though, you have to tell the user that it’s adverseley effecting the system performance, hogging ram, all in simpler terms of course. Otherwise they’ll think “Oh, it’s trying to remove my ‘Cute kitten of the day’ program for no reason!” and say no.
windows xp itself an operating system you go out and purchase contains spyware run adaware and notice the registry keys it removes one of which is built in directly into windows xp, alexia, they record your browsing habits.
Thankyou very much microsoft. So what do you expect from windows ? if embeded within the os itself is spyware not to mention the fact that everytime you connect to microsoft servers when you go to update they get more information than they need, shows you how much of a greedy inconsiderate company microsoft is..
You must to pay for the pro (a real good one) but when you have to clean everyday are less 3 pc’s of very bad spyware you can pay that money…
Is the best
install spybot, and have it immunise your pc, now, go to http://members.msn.com and do a search for members.
every single page that comes up, includes Avenue A.
whats the story with that ?
why do you ms fanboys continue to support a company that does things like that ?
Did you read the other thread about Linux zealots?
I see only 1 fanboy here.
LavaSoft AdAware… it’s free, it has regular pattern updates, and it works really well.
I don’t visit pr0n sites or warez sites, I don’t accept HTML email, I’ve got pop-up windows disabled, and I don’t do anything stupid while surfing… and I’m surprised at the number of spy cookies and whatnot that still appear on my system every couple of months.
Of course, killing off the pop-up windows (I’ve been using the lovely and talented Firebird instead of IE6 for some time now) has really cut down on the amount of evil crap that appears on my systems.
why do you ms fanboys continue to support a company that does things like that ?
If you’re talking about Windows users in general, most of us hate MS just as much as the next guy. We just use their OS because that’s where all the best apps are – it’s as simple as that.
Want to solve all “spy” woes. Buy a Mac.
That’s like saying “You live in a big city. Wanna solve your traffic problems? Move to bumf**ked Egypt.” Yeah, well … that would work, but not necessarily the optimal solution. Not saying that Macs won’t solve the problem, but Macs are the end-all, be-all solution to every single Windows/PC problem that comes down the pipe.
I use Ad-Aware 6, Spybot S&D 1.2, and System Mechanic 4 on my Windows XP PC, and if one doesn’t catch spyware, the others will.
Crap, I think this is one of the gimmicks sponsored by the Spyware companies. I have used Adaware and never faced a problem. Use Mozilla you dont have to worry about crap spyware installing with them phony licence agreement.
I use two programs:
I have no problems with spyware. The one thing to watch with Spywareblaster is you have to manually check for updates that need blocking. I also use XP and IE.
I would also like to add that John, the witer of the article, needs to talk to the Cnet higher-ups. With all the apps that Cnet’s Download website offers, they are part of the problem. They need to clean up the apps they serve, especially the ones with embedded spyware, then they end up being part of the solution. Leaving the “bad” apps on the Download site just compounds the issue.
@You can call me Al
>> Why do people always bookmark windows as the problem?
Maybe because it is true? Microsoft Windows makes these software really easy to get into your system unoticed, plenty of places to hide… etc.
>> Do they not realise whichever OS that has the greater
>> market share would suffer equally?
You say so because you haven’t used any other system before.
On any other system the user can check transparently what his computer is running, you run by default on a non-administrative mode, you can kill any task you desire without stupid limitations… etc.
I’m not saying that spyware can not be designed to run on Linux, but it is certainly more difficult and open to public scrutiny.
That’s like saying “You live in a big city. Wanna solve your traffic problems? Move to bumf**ked Egypt.”
Well, not quite. If you truly, truly *have* to use Windows apps, then stick with Windows and put up with the spyware, adware, email worms, and the rest of the Windows experience. Most of what people use computers for is available via either Mac or Linux. For those who “need” a particular Windows-only app, think back to how long you have used that app, and what you did before it was available. For me, I “need” Windows only for Quicken and TurboTax, and I put up with booting into Windows solely for these apps. For general purpose web surfing and email, using Windows is asking for trouble, even if it is the easiest thing to do. People can save themselves a lot of trouble by using Windows *only* for Windows-specific apps, and using something else (most commonly Linux, but the *BSDs would serve as well) for a general purpose OS. Seriously, head on over to http://www.debian.org, read up a little bit, split off a couple gigs on your HD, and say goodbye to Windows headaches. If you are uneasy about partitioning, you can open the case and stick in a second 20 gig HD for around $20 and devote the whole thing to Linux or FreeBSD.
I don’t think this is really off topic. The answer to avoiding Windows malware is simple, just don’t use Windows for web browsing and email. The anti-spyware/anti-virus stuff is like using a condom so you feel safe frequenting the red light district, instead of steering clear of risk-laden behavior altogether.
>>I would also like to add that John, the witer of the article, needs to talk to the Cnet higher-ups.
They definitely need to talk to someone in their advertising sales dept. If you follow 2 of the sponsor links at the bottom of the article, you’ll be taken to sites which feature SpyHunter and SpyKiller. Two examples of the phony spyware-killing applications the article talks about.
“emmm, how ?
Spyware running steathily on a “linux” box, hmm I would love to see that.”
Which part of you sentence doesn’t say Linux?
There are also many people who attack the company, balance is healthy is it not? just because people don’t agree with you doesn’t make them idiots?
“You say so because you haven’t used any operating system before.”
I don’t need to proove anything here but perhaps you should look for justification before you speak.
I do agree it’s harder to find running processes in windows
out of the box.
For anyone who’s interested here’s a tool I use to help..
Face the facts, as long as there is Windows there will always be spyware! This is a windows-only problem, so why mod down posts saying the best solution is to switch OS? I just don’t get it! If people don’t like so many things about windows (spyware included), why do they keep using it? :/
I agree. Most of the best solutions are in the mod downs.
This is one of the most serious reason that I have to switch to Linux, but at the same time, can anyone confirm that a Linux system will not be affected by spyware?
I have look around and cannot find a definetly answer to this.
Hey, my post about how to defend yourself got modded down. A first for me. I’m so proud. Ironically it wasn’t a troll, I honestly *don’t* use IE for that very reason, and since I’m a MacOS X user, I could.
I run basically a publicly-funded ‘net cafe and I’m thinking of putting Firebird on all the computers I admin at work, with an IE theme, and changing all the shortcuts so they point to it instead of IE. Leave IE with the default security settings and some moron just blindly clicks “Yes” when the “Do you want to install Gain Offer Companion?” window comes up. Increase the security settings, and people whine because it breaks some embedded content-infested site they’re addicted to. Security by obscurity, while certainly a stopgap measure, sure looks a lot more attractive than the alternatives.
Hey, Microsoft, you want to know how you could eliminate the bulk of the spyware problem? Howabout a clean up of the dozen or so different methods for running apps on startup that spyware can hide itself in? Or better yet, how about not allowing software installers to set apps to run on startup unless the user explicitly allows it?
Of course, some of Microsoft’s own applications, both past (findfast) and present (MSN Mess), exhibit this annoying behaviour as well, so I doubt I’ll see that happening anytime soon.