Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Privacy

On the Prevalence and Removal of Spyware? 38

Posted by Cliff from the removal-of-those-pesky-spytraps dept.
oo7tushar asks: "There's a lot of spyware out there these days. As a Windows/Linux user I'm concerned about what spyware is installed on my machines and I'm very concerned about this issue when it comes to Windows. A few questions for the masses: What are the most common spying applications that are installed? How do I get rid of them without getting rid of the parent application? Have you encountered spyware on Linux?"
This discussion has been archived. No new comments can be posted.

On the Prevalence and Removal of Spyware? More

On the Prevalence and Removal of Spyware?

Comments Filter:

  • Removing Spyware (Score:5, Informative)

    by Innomi ( 566928 ) on Wednesday April 03, 2002 @07:32AM (#3276052)
    There is a program called AdAware which will automaticly remove spyware from your system. Some programs though, refuse to run if thier spyware is missing. Adware: http://www.winsite.com/bin/Info?5000000038314

    • Re:Removing Spyware (Score:3, Informative)

      by |_uke ( 158930 )
      This is good software. I have used it for about a year now. There are a few things that it wont detect but it generally does a good job.

      Ad Aware does the following, plus more:

      * Removes registery settings belonging to Ad software.

      * Removes Ad software

      * Removes cookies from ad sites

      etc

      it works pretty well

    • Re:Removing Spyware (Score:2, Insightful)

      by Hard_Code ( 49548 )
      Yes. End of story. Move along people.
    • Here's the link to AdAware [winsite.com] for the lazy and cut & paste impaired.

    • Re:Removing Spyware (Score:3, Informative)

      by OctaneZ ( 73357 )
      I can't say enough good things about AdAware, I have recommeneded it or installed it on all of my friends machines (who for all intents and purposes I support). NEarly every "average" user has installed something that came with spyware. Some people noticed marked improvements in their systems speed after having 20-30 spyware aps removed. AdAware is developed by Lava Soft [lavasoftusa.com].
      -OZ

    • AdAware is cool, but... (Score:4, Informative)

      by fm6 ( 162816 ) on Wednesday April 03, 2002 @12:16PM (#3277245) Homepage Journal
      Some programs though, refuse to run if thier spyware is missing.
      Not the clever ones. Gator just goes ahead and re-installs the spyware. Which is why I'm back to filling in my own forms.

      I'm actually pretty sloppy about privacy. But a lot of spyware -- including Gator's -- hooks into Explorer and other shell programs at a very basic level. Results range from an irritating loss of response to maddening crashes and lockups.

      AdAware is quite good. But you also need Ref-Update (to keep your AdAware signature file current) and Ad-Search (to help avoid downloading spyware in the first place). All three available here [lavasoft.de].

  • Watching for Spyware (Score:5, Informative)

    by jayers ( 161663 ) on Wednesday April 03, 2002 @07:48AM (#3276082) Homepage
    Spyware needs to communicate what it is spying. A personal firewall on your machine and some understanding of what your machine should be sending out to others and receiving in can be surprisingly effective in telling you about things happening on your machine. A good one lets you set up default acceptance for your normal stuff and so you see only exceptions.
    • jayers has and excellent point here. I'm running zonealarm [zonealarm.com]. One of the free personal editions, and it has worked wonders on letting me know who is trying to get out of my system. And we'll just say that this is a good thing(tm). I sure don't want MS to know what I really use media player for :). Also you could set up ipchains or whatever the *BSD variant is, it slips my mind at the moment, and only allow through what you allow through, and most of everything that tries to connect over no standard port will be stoped. If you set it up that way.

      • Re:Watching for Spyware (Score:4, Insightful)

        by dschuetz ( 10924 ) <davidNO@SPAMdasnet.org> on Wednesday April 03, 2002 @10:49AM (#3276661)
        and most of everything that tries to connect over non standard port will be stoped

        Yeah, but if you were writing a spy-ware program, would you use a non-standard port to send it out?

        I'd just send it over HTTP on port 80. Or better yet, HTTPS on 443, so no content-sniffing could be done on it. Would you be willing to stop all web browsing traffic leaving your home/site/corporation?

        The only way, then, to stop this would be to block traffic to particular sites, but if the traffic goes to microsoft.com, you're hosed 'cause you *need* to go there at least monthly to fix whatever's currently broken. :) Plus, now you need a community-contributed and -distributed blackout list (of known spyware URLs), and at that point, you might just as well be using AdAware.

        If these programs aren't already doing this, then they're even dumber than I thought. Unless *I* am dumber than I thought (and I admit I can be pretty stupid at times) and I've missed something obvious here.
        • I was specifically speaking about if the maching in question with the spyware is a *inx, or *BSD machine, for the reference to ipchains, etc. But you have an excellent point. Sending spyware data out over https/443 would be the way to go. Thinking about it even further they could use any high numbered port that isn't reserved, or if this is a windows world grab a low numbered port on boot, and send data over this encrypted and the server that the spys are listening on decrypt there. This would be an waste of CPU cycles but if you are writing sypware you really don't care about who's cycles you are wasting, as long as they aren't yours.

        • Re:Watching for Spyware (Score:2, Informative)

          by Anonymous Coward
          Yeah, but if you were writing a spy-ware program, would you use a non-standard port to send it out? I'd just send it over HTTP on port 80. Or better yet, HTTPS on 443, so no content-sniffing could be done on it. Would you be willing to stop all web browsing traffic leaving your home/site/corporation?


          Your malware still won't work. The better Windows firewalls (ZoneAlarm and Tiny Personal Firewall) do an MD5 check on the executable before allowing traffic. If you patch the executable or try to access a port which is allowed to only one process, the activity will be blocked and/or logged, depending on your firewall rules.

          This is one added layer of security that an external firewall cannot have. Only client-native software can authoritatively check the process generating the network activity. External firewalls block only behaviour, not process-owners. Ideally, you want both, but for a Windows client, both ZA and TPF work well.
  • "Spyware" is too feeble a word for the nastiness these hidden programs get up to. We should start referring to them as "Cancerware". Essentially, they act like cancer, destroying the productivity and aecurity of your machine by infesting it with backdoor software.

    And the harsh connotations this name conjures up shall help to remind the layperson of the seriousness of this problem.

  • Try Who's Watching Me (Score:4, Informative)

    by YoshiR ( 516680 ) <yuichirorNO@SPAMyahoo.com> on Wednesday April 03, 2002 @08:40AM (#3276188)
    Spyware detection software. www.trapware.com
  • ...just did a story about this. Can't find it online, but it's in libraries now.

    • Re:PCMagazine... (Score:3, Informative)

      by Eagle7 ( 111475 )
      Just remembered, one of the products they recommended was Evidence Eliminator [evidence-eliminator.com] by Robin Hood software.
      • my ISP hosts that site, talk about traffic!
      • Dude, I don't know about you, but the last thing I would want to have on my machine when the Feds came and served a no-knock warrant at 3 AM is a program listed in Add/Remove programs called "Evidence Eliminator"--that alone would be enough to intimidate someone into copping a plea. Imagine the prosecutor telling about it to the jury: "The defendant, an obvious hacker|child molestor|software pirate|cracker, covered his tracks using this program (insert description of what it does." Instant conviction.

      • Re:PCMagazine... (Score:3, Informative)

        by daviddennis ( 10926 )
        Read this before you buy or use the program:

        http://www.radsoft.net/resources/software/review s/ ee/

        They're notorious spammers, and tests showed it's not all that effective.

        D

  • Yeah whatever (Score:3, Funny)

    by TRACK-YOUR-POSITION ( 553878 ) on Wednesday April 03, 2002 @11:29AM (#3276918)
    Guys, you just need to follow these seven steps [microsoft.com] to secure your windoze machine!!!
  • This website [cexx.org] has an excellent information on SpyWare. It tells what SpyWare is, gives examples of SpyWare they've found so far and how to remove it manually. If you don't want to remove it manually there are linkts to commercial software to remove it.

    I used this website to kill several SpyWare programs on my Windows machine at work. So far they don't mention any SpyWare software for Linux.

  • I think that companies like Symantec and McAfee should include these types of programs in their Virus definitions, because after-all, they're a type of Trojan. This is the most logical way to rid the earth of these applications.

    At the very least, they should be identified to the user during a virus scan.

    Just because the user "agreed" to some insignificant and cryptic blurb in a 14-page EULA, it doesn't mean that this type of software is legitimate. I'd guess that less than 0.1% of users actually READ the EULA anyways. Some of the less legitimate ones don't even have an EULA or "spyware" clause.

    MadCow.
    • Good call... in fact, the cexx.org folks say that this is already happening in some cases. To complement this, I would also suggest a campaign for concise and comprehensible EULAs that explicitly list any and all of these 'extras'. These 'extras' should, of course, then be readily and entirely uninstallable, and not a requisite for the functioning of whatever program the user has downloaded.
  • Get a Mac?

  • Flood 'em (Score:3, Insightful)

    by raju1kabir ( 251972 ) on Wednesday April 03, 2002 @07:53PM (#3280657) Homepage

    Someone needs to reverse-engineer the protocols used by these programs and start shoving gigabytes of bogus data down their throats.

    In short order they'll either cut your IP range off, in which case you've done a fine service for your ISP's fellow customers, or they'll start aggregating clearly bogus data which will decrease its marketability to their clients.

    Are they going to take you to court and say "Your honor, we were secretly spying on this person and he's started lying to us about what he was doing online..."?

  • a google search for 'spyware list' turns up some relevent results. http://www.google.com/search?hl=en&ie=UTF8&oe=UTF8 &q=spyware+list&btnG=Google+Search some are better than others. almost all that i have been in contact with are responsive to input as well if you find some new spyware. what i'm not sure about is if there is a master repository that has all spyware on it.

Slashdot Top Deals

"Little else matters than to write good code." -- Karl Lehenbauer

Close