Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Microsoft

Does Spyware Damage Windows Networking? 52

Posted by Cliff from the removing-the-stealth-riders dept.
DerBryGuy asks: "I work for an ISP in Canada. Recently we have had a rash of customers whose computers can connect via DSL, but cannot browse, or often even ping. Invariably it turns out that there is some spy ware of some sort installed on the customers machine - usually New dot Net or the other drek that comes with Kazaa. About half the time if this is removed correctly (manually or by using ad-aware) then the machine will regain http access. However the other half of the time the only option we have found is to format and reinstall the OS. So I am wondering, are other ISP's seeing this? What do they do when they get a similar complaint and they detect spyware on the machine. Is there any recourse for the customer? I mean most of these people had no idea what New dot Net was when their kid installed Kazaa, and now they are stuck with a computer store bill for reinstalling their machine."
This discussion has been archived. No new comments can be posted.

Does Spyware Damage Windows Networking? More

Does Spyware Damage Windows Networking?

Comments Filter:

  • New versions of antivirus software (Score:3, Informative)

    by Halvard ( 102061 ) on Monday July 01, 2002 @02:51PM (#3802153)


    We seen this but not with spyware. Customer calls saying they no longer can access the internet. Invariably, they have updated their antivirus software and it now includes a personal firewall. Said firewall doesn't allow ports 80, 25, or 110. We've seen this with McAfee and with a less well know brand the name of which escapes my memory at the moment.


    We have seen spyware cripple the performance of a machine though.

    • It wasn't Norton's? I just fixed a friend's computer with dead Windows networking, partially I think it was a dead ZoneAlarm but also Norton AV seemed to have created a c:\windows\hosts file with something like
      127.0.0.1 pop.nortonav.com
      • That is for the e-mail monitoring. If I recall correctly, the mail is downloaded into Norton's "mail server", scanned, then downloaded into Outlook, Eudora, whatever. That line should not effect performance and is used by Norton's to run correctly.
        • Entries in that file take precedence over your other settings (eg before looking at DNS servers). The line for for pop3.nortonav.com to 127.0.0.1 redirects anything for pop3.nortonav.com to your local machine. What's the point of that? Doesn't doing this mean that normal applications trying to access localhost won't be able to? Okay probably not. At any rate it is a lazy and inefficient way to send packets from an application to the same machine's mail service that fucks with bits of Windows it shouldn't touch. IMHO.
          • It's an accepted practice and it doesn't mean apps can't access localhost. It only means that pop3.nortonav.com is automatically resolved to 127.0.0.1 without doing a DNS lookup. Adding hosts like ads.aol.com and other ad sites to your hosts file in this manner is a nice way to prevent banners from being loaded.

  • Apparently you're not the only one (Score:1, Informative)

    by Anonymous Coward
    I quote from http://cookiewhore.net/archives/00000009.html [cookiewhore.net]
    Gah.. for 2 days my connection wasnt working, I kept getting the "Line was busy" error which is really ANNOYING I'm telling you. Then just now, my comp really freaked me out because I can't even restart it! New.net kept giving an error, something about dll error and it took me an hour to figure out what happened and what I should do. After I've done system restore, scandisk bla bla bla, I FINALLY thought of deleting new.net folder (if some of you didnt know, new.net is the spyware that came with kazaa) but if I delete that, I risk of corrupting Kazaa (this has happened before). So I thought I better risk of corrupting kazaa than having my comp not working at all so i deleted it and it works fine now! my comp AND kazaa.. ok time to work on my website..ciao
    I suppose I'm relieved; new dot net can't be too effective as spyware if it prevents any connection at all from happening.
    • If you really want KaZaA, but without the spyware, you should checkout KaZaA lite (kazaalite.com [kazaalite.com]). Be sure not to allow KaZaA to update itself (like now with the 1.7 version), as it will install the Sharman Networks version with said spyware. A nice p2p-program without spyware is WinMX [winmx.com], too bad there are no Linux clients for it. (for their own network, that is.. Opennap clients enough.)
      • http://linmx.sourceforge.net/ [sourceforge.net]
        The project doen't appear to have released anything yet, but at least someone is working on a Linux WinMX project.

      • A nice p2p-program without spyware is WinMX [winmx.com], too bad there are no Linux clients for it.

        Maybe it doesn't have any spyware (even though I oculd have sworn it did), but WinMX did a pretty good job of pissing me off up until the latest version. I installed it and decided it wasn't for me, and when I went to hit the uninstall button there was a big X over the icon. When I clicked on it a message would pop up about uninstalling the program, then it would just exit. I had to wait until the newest version that just came out a few weeks ago was released, install that, and then procede to uninstall the program. Definitely soured me on the whole WinMX experience.
      • too bad there are no Linux clients for it.

        The latest CVS version of Lopster [sourceforge.net] does WPNP [infoanarchy.org] as well as OpenNap. Here are instructions [216.92.168.89] on building it and getting connected to the WinMX network.

    • I've seen a few PC's affected by New.net, although it was really hard to trace, as the PC could access network neighborhood but couldn't access anything else. When we finally noticed it and removed it, the PC worked like normal again...
    • Two words: Kazaa Lite.

      http://www.kazaalite.com

      Kazaa Lite has no spyware. Some guy got really happy with a hex editor on it.

  • Install Kazaa Lite not Kazaa (Score:1, Insightful)

    by Anonymous Coward
    Really i wish the people behind Kazaa Lite [kazaalite.tk] would have used some name that didn't have the word kazaa in it, what the heck am i supposed to tell people to install? Kazza LITE, not Kazaa, very important.

  • This problem (Score:2, Troll)

    by brsmith4 ( 567390 )
    I have experienced the same problem where I work at my school. Many of our users can dial-up, but they cannot access web sites or ping anything. I have not been able to fix this except with Windows ME or XP, both of which have the System Restore function. I thought that it could be spyware and I warned others in my staff about it. They told me basically that I was full of crap and that there was no way spyware could damage someone's network settings. I always thought that spyware on a windoze box had the power to do whatever it felt like. Maybe now that they see this on /., they might take me seriously or no, I am probably still full of crap.
    • I always thought that spyware on a windoze box had the power to do whatever it felt like.

      Unlss you've set up seperate users' accounts, the default user has Administrator privledges. Any installer s/he runs can do anything it wishes to the system given a little ingenuity.

      Single user systems are evil. I'm the only one that ever uses the machine I'm currently running, yet it has 3 accounts... root, serious work, and a leasure account. This way, I protect myself from myself.

      Macromedia Fireworks (I can'tremember which version) can't run in an unpriveledged account. I set up my GF's machine properly and then started pounding my head on the table because Macromedia was forcing her to do everything I just told her not to do. It makes me wonder what thier QA people do all day. Appearently they never tested it on a multi-user system. Oh well.

  • Window's DNS is somewhat finicky. If you have a virus, or spyware that tries to make DNS lookups while you're connecting to your ISP, it can prevent DNS from working once you do connect.
    • Any way to back this up? I too have sometimes problems with my dailup DNS. But how do i prove this is the problem and not my provider has a loose running modem.

      Where did you get this info from?
  • From Duke university: [duke.edu]

    Kazaa weighs in as a heavy weight of spyware/adware installing applications. It installs two pieces of spyware without consent.

    New.net Domains

    Filters all web address requests through the DNS servers of New.net.

    This program can cause your internet connectivity stop altogether.

    The New.Net plugin is known to cause compatability problems with some other products. Leaves a new.net .dll file on your computer which may interfere with your Internet connection after removing the program

  • Send out an email (Score:3, Insightful)

    by gmhowell ( 26755 ) <gmhowell@gmail.com> on Monday July 01, 2002 @03:19PM (#3802345) Homepage Journal
    I'm sure that using that crap is against the TOS. Send out a bulk email to all customers saying that there is a grace period of 30 days where you will help them through uninstalling Kazaa and all that rubbish. After that, it will be either a $100 per incident fee to do it, or you will be on your own.

    Yeah, probably wouldn't work unless you were AOL or someone like that. Being a small ISP must really suck at times.

    • That's a bit prentious, what if your kid never pays attention to that, installs KaZaa anyway, and now you're fucked with no way out? That's just bad customer service man. If support personell can't deal with an issue like this, Fuck'em, fuck'em up the ass with a rubber dick. then break it off and ebat them to death with it.
  • "they are stuck with a computer store bill for reinstalling their machine"

    So now spyware makers/bundlers are going to justify their actions by saying that they create third-party jobs and help strengthen the economy... great.
  • I have had machines unale to connect to our lan because bonzi buddy had hijacked his networking some way or another. Same with a few other odd connectivity problems that cleard up once ad aware was run on the machine.
  • I've talked several buddies through disabling the AOL installed "Compuserve WAN Device" whatever that is. It prevents a lot of SMB network services like file and printer sharing, from working in Windows NT/2000/XP. It seems to re-enable itself occassionally.

    Is AOL installing this thing as spyware?

    • This reminds me of another problem with Windows 9x. There is a limit to the number of TCP/IP bindings you can add before TCP/IP quits working. (I think the limit is aroud four.)

      Anyway, sometimes I've seen computers that already had a NIC, a dial-up adapter, a VPN client, and a DSL modem. Then the owner installs AOL. The extra virtual device breaks one or more of his other bindings. The worst part is that Windows claims that everything is working great, but things aren't working!

  • I've been on several different levels of ISP tech support and fully agree that spyware causes A LOT of problems. New dot Net, especially, seems to affect not only DSL but dialup as well. It replaces the winsock files with its own versions, which causes the inability to browse. Many times, though, extracting native winsock dlls off the installation disk will restore browsing. Something to consider before reinstalling the entire OS.
  • OK, I don't know for a fact that spyware does this, but I don't find the idea hard to fathom. In fact, I'd be suprised if this hadn't happened.

    I first developed an awareness of this problem when discovered I started experiencing strange random slowdowns and hangs, and started killing background processes until the problem went away. This narrowed the problem to a spyware component that seems to have been trying to extract really detailed usage information from Windows Explorer. Every since then, I've been running Ad-Aware every time my system seemed to lag -- usually with positive results. The alternative is to give up downloading any Windows software ever. Which I suppose I could do, but only as a last resort.

    And if spyware vendors are going to snoop on what programs you have installed (I thought my problems with the installer applet was simple feature bloat!), there's sure as hell gonna snoop on what web sites you access. And if they destroy the very thing they're trying to profit from -- well, that just makes them a kind of spammer, doesn't it?

    I would recommend running Ad-Aware before you re-install the OS. It's quite good at finding those spyware components. And you can't beat the price!

  • I've been having a weird problem on my WinXP machine where when it gets disconnected, then automatically reconnects, none of its http access works. Connecting manually works 100%, though. I've already taken of all my spyware a while ago, though. Lasting effects?

    By the way, check out Gnucleus, the open-source (and spyware-free) gnutella client.
  • Have the customer install Lavasoft [lavasoft.de]'s wonderful Ad-aware [lavasoft.de]. This freely available program should remove any spyware that is installed.

  • New.Net / Webhancer (Score:2, Informative)

    by |<amikaze ( 155975 )
    These screw with the HKEY_LOCAL_MACHINE/Services/Winsock2 keys and make things break. It's not easy to remove them until you get used to it. We had to request several times from New.Net to get removal instructions.

  • webhancer (Score:2, Insightful)

    by pyite ( 140350 )
    Some things install webhancer. They're evil. They modify the TCP/IP stack so that it won't work when Ad-Aware removes their files. Programmers that do stuff like this should be destroyed.

Slashdot Top Deals

fortune: cpu time/usefulness ratio too high -- core dumped.

Close