Most Web Users Unable to Spot Spyware 399
Ben writes "According to a Spyware Quiz conducted by McAfee SiteAdvisor , a staggering 97% of Internet users are just one click away from infecting their PCs with spyware. One interesting conclusion from this study showed that even users with a high "Spyware IQ" have a nearly 100% chance of visiting a dangerous site during 30 days of typical online searching and browsing activity."
Wait... (Score:3, Insightful)
Re:Wait... (Score:5, Insightful)
Re:Wait... (Score:5, Informative)
Maintain an up to date hosts file - the best I've found is from here - http://www.mvps.org/winhelp2002/hosts.htm.
Blocking a site from loading prevents - well prevents if from loading. What more can you ask for? If you keep your file up to date (their most recent hosts file is 6 days old) you certainly are preventing a lot of the risk.
Completely impractical (Score:5, Insightful)
Most www users are not geeks and cannot tell the boundary between their computer and the internet, let alone know how to drive a hosts file etc. Any advice of this form is completely useless to most www users. If the computer says "click on this" they will. Don't expect them to tell the difference between something from MS or the OS and a phishing scheme or other attack.
It is also not reasonable to say that people should know this stuff to use the www. Nonsense! Do you need to know the difference between a knit and purl stich to wear a sweater? Do you need to know what advance and retard are to drive a car? Why the hell should you know what a hosts file is to use the www?
Re:Completely impractical (Score:3, Insightful)
Re:Completely impractical (Score:5, Funny)
Because sweaters and cars work just fine without knowing much about their inner workings, and computers don't. Maybe it would be nice if the www didn't require competent users, but unfortunately it does.
Re:Completely impractical (Score:3, Interesting)
Cars no longer require competent users, despite initially if you wanted a car you needed to understand everything in it. Nowadays the on-board computer deals with everything except steering (And some even compensate for bad driving here).
Computers are like cars. You can become the 'mechanic' and understand everything and keep your computer running. Or you can be the everyday user and just point it in the right direction. Som
Re:Wait... IP addresses in links (Score:3, Insightful)
Re:Wait... (Score:5, Insightful)
While it may be simple and effective, the hosts file is not the right place to block access to certain sites.
Blocking should be done by the browser itself or by a firewall, proxy, or some other software gatekeeper expressly designed for the purpose. Such an agent is theoretically able to perform a multitude of functions related to site blocking, such as temporary unblocking, content filtering (ie allow the HTML through but nothing else, or strip out javascript, or whatever), authentication for unblocking, management of blocked groups (eg separate black lists for porn, spyware, anti-chinese-government content).
Hosts files don't allow any of these functions, and are easy to bypass by using an ip address instead of a domain name. By skewing their function into a server filter, you are more likely to run into problems and frustrations, esp when you also want to use the hosts file for its intended purpose - to map names to ip addresses. It's going to be pretty annoying when someone makes a typo in the hosts list and you can no longer get to some site because the "connection was refused".
In short... Hosts file as a filter is an effective kludge for now, but a better solution is to use a
Wrong approach, bad advice (Score:4, Insightful)
The correct approach is to use better software, that blocks Spyware by design.
Re:Wait... (Score:5, Interesting)
You try to go to www.screensaver.com, for example - and you can't. What a wonderful sounding place to get a screensaver - but apparently it offers spyware or tracks you - don't believe and want to go anyhow? Turn off your hosts file or comment out the line. Simple.
You can read every entry. Nothing hidden. Simple. Preventative. Free. And nothing to install. What more can you ask for?
Re:Wait... (Score:5, Insightful)
Re:Wait... (Score:3, Funny)
Re:Wait... (Score:4, Insightful)
Next week "how water is wet".
Question 9 (Score:3, Insightful)
I found the test to be a classic push poll approach.
This is like lining up 16 Nigerian hookers, two at a time , and asking you you to screw one and see if you get AIDS. Well, statistically one in four has AIDS, so by the 16th hooker, you have AIDS -- guaranteed.
But, would you actually screw a Nigerian hooker? Not if you had any knowledge of what you're getting into.
Anyone who goes to a free screensaver website deserves every single virus
Re:Wait... (Score:4, Insightful)
That said, I'm starting to get concerned about closed source applications such as Diamond Crush [kde-apps.org] showing up on apps.kde.org. Some of these are much more appealing to geeks. Also, I have wondered what sort of peer review is done on packages at repositories such as www.slacky.it or www.linuxpackages.net. It's nice to be able to download precompiled binaries of open source products that don't come with your distro, but....when I download something from slackware.com or vectorlinux.com, I don't have the same sense of worry about unpleasant easter eggs.
Cheers.
Re:Wait... (Score:3, Insightful)
If the study is taken at face value (which I think might be reasonable if you're on crack), then all its saying is that you'll remove the screensaver.com block from your hosts file.
My personal opinion is no study was needed; if there is a something-for-nothing proposition, and you take it without being 100% sure of multiple, non-associated sources stating that it really is something-for-nothing (like a good freeware app like Blender, or a
Re:Wait... (Score:5, Insightful)
However, the notion of "trusted web sites" is bogus and dangerous (e.g. in web site security, "evil sites are not to be trusted" may be true, but the converse is not necessarily true -- web sites that are not known to be inherently evil are also not "trusted". Companies that build them and run them and put them on the internet for you to puruse don't even trust them. They put them on "sacrificial hosts" in a "DMZ". The *owners* of these web sites don't trust them. Why should anyone else?
The notion of the "trusted web site" is dead. Stone cold it's not pining for the fjords because if it hadn't been nailed there it would be pushing up the daisies, dead.
Re:Wait... (Score:5, Insightful)
A sibling to this post points out it only takes a split second of carelessness. This is literally true.
The combination of
- Internet Explorer and several silent install vulnerabilities (are you sure they're all gone? Is everybody's IE up to date?)
- The user, and thus IE, running as Administrator (OR any priv. escalation exploit), and
- bots that register typo-domains en masse
adds up to a situation where a single innocuous typo in your Location bar could trigger a rootkit install.For this reason, I consider IE mortally dangerous, and until we go for some period of years without seeing a silent install vulnerability, I won't lift this assessment. This has nothing to do with hating Microsoft, and shouldn't be dismissed as such; I think it's a perfectly rational assessment of the situation. I think the only thing stopping more people from seeing it this way is the fact that most people are dependent on Microsoft and simply don't want to see something that means they are going to have to do a lot of work to switch.
I don't think Firefox has had a "silent install" vulnerability yet. Corrections welcome. It's just too darned easy to get infected, and all the anti-virus software, software firewalls, and spyware detection software is just closing the barn door after the animals escaped, especially as the rootkits are passing the point where you can even pretend to remove them without a full re-load of the OS from the bottom. (And it's only a matter of time before the rootkits go back to the old trick of infecting all executables like the viruses of the olden days, so you have to completely rebuild the machine from scratch...)
(I remember there was some changes made to the extension download process to make it harder to mindlessly click through, but I'm not counting that. I would consider a silent extension install to be a silent install vulnerability, because extensions get full access to the machine. The same for an install process that isn't "silent", but isn't able to be stopped short of cutting power to the machine; ISTR an ActiveX vuln that had the behavior of installing even if you said "no" to the trust dialog.)
Re:Wait... (Score:3, Informative)
It has had several. The vulnerabilities highlighted in pink on the security advisory page [mozilla.org] are those that allow remote code execution (some, but not all, of them are only potential remote execution issues that haven't actually been shown to allow execution). For example: Privilege escalation using crypto.generateCRMFRequest [mozilla.org].
Bogus Statistic (Score:2)
According to the first-ever Spyware Quiz conducted by SiteAdvisor, a staggering 97% of Internet users are just one click away from infecting their PCs with spyware, adware or some other kind of unwanted software.
If we accept this statistic, then we accept that the non-windows OSes share 3% of the market. OK, I know OS X and Linux each have a small market share, but they're splitting up 3%? I don't think so.
Re:Bogus Statistic (Score:3, Insightful)
it should read "3% of visitors to mcafee's site who took a spyware quiz are unable to spot every spyware site from a screenshot of part of the webpage."
Take the test (Score:5, Insightful)
The reason is simple. The test is loaded.
You are asked to choose between various free sites and have to judge just buy a screenshot wich one is save. That of course is very hard to do. Worse is that you can't choose the answer "none of the above" wich I think is the only real answer.
Frankly I wouldn't trust any screensaver or smiley site. Period full stop end of story.
Oh and as for people using virus scanners. Well yeah. Because others have hit them over the head and tied them to a chair and then installed the virus scanner for them and then trained them with a cattle prod not to remove it. They still go out of their way to make live hard for the virus scanners and still basically just get it.
Virus scanner == safety belt. Wearing a safety belt doesn't make you a safe driver.
It only takes common sense to keep your machine clean. Right the same common sense that tells you to limit your speed in dangerous road conditions?
Common sense is a misnomer because whatever it is it sure as hell ain't common.
Re:Wait... (Score:3, Informative)
It's a basic function of most rootkits.
And let me guess (Score:5, Insightful)
Re:And let me guess (Score:2)
"And let me guess ... McAfee will sell me the software to help save me."
It's a remarkable fact that people will buy all sorts of apps to protect themselves against third party exploits, yet it never seems to occur to them that security has to be against the vendors too.
So this "McAfee SiteAdvisor" is going to monitor every site you visit and check with some central DB to give ratings? Well, at least the buyer knows that's what it's doing, and installs it voluntarily, but those are not criteria in my def
Re:IT's a FREE firefox extension (Score:3, Interesting)
And this for astalavista
http://www.siteadvisor.com/sites/astalavista.box.s k [siteadvisor.com]
I think it looks very good and can give a good insight if a site is safe.
The agreement:
How SiteAdvisor Works and How we Protect Your Privacy
As you use SiteAdvisor's software, it checks ou
100% thing... (Score:2, Insightful)
VMWare (Score:2, Interesting)
Re:VMWare (Score:3, Informative)
http://www.sandboxie.com/ [sandboxie.com]
Sorry (Score:5, Insightful)
The rest of us... (Score:2)
So? I took the test on opera/linux (Score:3, Interesting)
But that was not an option.
Anyway perhaps linux users are even worse. How many of use just install packages from your distro without ever checking who actually wrote them? Just because no-one included a spyware package yet doesn't mean you are being safe. Just lucky.
Re:So? I took the test on opera/linux (Score:3, Insightful)
Who cares who wrote them? The packages should be signed by the distributor. Presumably you trust the distributor or you wouldn't be running that distribution.
Bad quiz (Score:5, Insightful)
Re:Bad quiz (Score:3, Insightful)
No crap. In some of the screenshots, you can't even see the whole screen, to say the least of not interacting with it. In many of the choices, I wouldn't visit either site.
It's also worth noting that the quiz is by a major commercial
Re:Bad quiz (Score:5, Insightful)
No kidding. (Score:5, Informative)
let's go through the quiz (if you want to see for yourself untainted, do so before reading this):
the first 4 questions have you determine which of two sites is safe, based on screen shots.
question 1: choose between two screen saver distrobution sites. like all the others, it's just a screenshot, and doesn't even show the whole front page, let alone users look at other pages. the only decernable difference is that the first one looks more professional, so heeding the remarks in the article that said most users seem to think that means it's safe, and "reading between the lines," I picked the other one, since there was no logical way to decide. I was wrong.
question 2: smilies. the one on the right looked more professional, and said "NO UNWANTED SOFTWARE" in a very easily spotted location, with big letters, and the other in regular sized font, in the bottom right, had a half cut off message that pretty clearly stated (even with incompete sentances) that it contained spyware, so I picked the one on the right, this time with some actual info to go on. I was right.
question 3: free games. the sites had no noticeable differences in professionalism, no warnings or advertising of spyware freeness either way, nothing to go on that really made any sense to actually use, so I decided that TotallyFunFreeStuff was trying to hard, and was probably hiding something, and picked the other. I was right.
question 4: Lyrics. important to note that this one used active X, so it's irrelevant to anyone who's not dumb enough to still regularly use IE anyways, which now that I mention it, I think I'll soon put a rant about McAffee and that that in my Journal (will be a first entry,) but it's to much of a tangent for this post. anyways, the one on the left looked more professional, and the one on the right had a "firefox blocked a popup" message on it, so I picked the left (entirely because of the message, I continue to mention the professionalism because the article made a stink about it.) I'd like to note that the thing I took as a tip off wouldn't be availible if I were seceptable to this at all, as it's a firefox message, which doesn't do active X. In any case, I was wrong.
the last 4 questions had you determine whether a file sharing program was safe based on the usual screenshot of the webpage.
Bearshare: site looks professional, there's a link for a "FREE Sponsored version," sponsored sets off a red flag in my mind, I say no. I'm right.
eMule: worst site design of the four astheticly, says it's open source, I've heard of it, I say yes. I'm right.
blubster: pretty sleek front page design, though it feels like a splash screen, so there's almost no information. nothing to go on really except that it says it's 100% free, which given the fact that OSS/Free software tends to advertize itself as such, and they didn't, probably meant add supported, but for some incomprehensible reason I still picked yes. I'm wrong.
Kazaa: slick page, big "NO SPYWARE" label on the font page, there's a main section for the privacy thing, which I bet a lot of people would have looked at if it were a page, not a picture, but instead just trusted it because the label was all they had to go on. I was familiar with the software though, so
Re:No kidding. (Score:2)
Re:No kidding. (Score:5, Insightful)
The only other thing I'd add to your comments is that the presence of a forum seems more likely to indicate safety. Most of the "safe" sites had a forum section, most of the "unsafe" sites don't. Obviously this isn't a hard and fast rule, but a forum where people can complain about the spyware they just downloaded would tend to scare prospective victims away.
Re:No kidding. (Score:3, Insightful)
It was an easy test, and was full of clues.
Re:Bad quiz (Score:4, Insightful)
You sometimes can't tell what software will have bundled spyware or adware, (especially in such an obviously biased quiz) which is why you're going to need to purchase McAfee's anti-spyware software.
Hello, McFly...
Re:Bad quiz (Score:3, Insightful)
Anyway, look at the `quiz'. It's a collection of screenshots. There is no data you can use except `this site looks too corporate', or `I've heard bad things about kazaa'.
It's not a quiz of your mad spyware spotting skillz, it's a marketing attempt. And did anyone else find it funny that their copy of firefox had the little `update me!' red
Re:Bad quiz (Score:3, Insightful)
It's like saying users can't tell which scraggy whore has the clap, so they should all buy new McAfee Anti-Itch cream so they can keep on screwing scraggy whores with the clap. If you compare users with the clap to users without the clap, you notice a strong correlation to choice of partner.
excellent analogy (Score:2)
Re:Bad quiz (Score:2, Insightful)
And, what a surprise, the test is run by McAfee, who wants to sell me "protection" against spyware. Protection as in "catches 97% of the spyware that has been out for more than a month" (just made up those numbers). No thanks.
Re:Bad quiz (Score:2)
Re:Bad quiz (Score:5, Insightful)
If this applies to you, you've already flunked the real-world test. If they had a third option "I'll get software only when it's important, and then only from sources I've thoroughly researched and have objective reason to trust" - then this quiz would be a public service. As is, it just encourages the proliferation of Windows malware.
Sure (Score:5, Insightful)
Sure, we like to visit places like http://www.cracks.am [cracks.am], who actually write their own spyware. But I am not so sure that qualifies me as ever installing any of their garbage.
How? (Score:2, Interesting)
This looks like an interesting article (Score:5, Funny)
Follow the money (Score:3, Insightful)
The real way to combat this is to hold website owners responsible if they are hosting such malware.
Re:Follow the money (Score:3, Insightful)
Re:Follow the money (Score:2)
Besides, the natural result of a globe-spanning technology that can send a packet from here to there (where there can be any place on the entire planet) in milliseconds is a near-total lack of accountability on the part of malefactors. Nothing much is going to change that
Free pr0n yes! (Score:3, Funny)
Stupid quiz as usual (Score:5, Insightful)
This is an idiotic quiz. (Score:5, Insightful)
This is a completely invalid, unsound test, as there is no technical way to determine the presence of malicious software simply by looking at a page as it initially loads in the absence of any ability to interact with it or at the very freaking least scroll up or down or hover a mouse... sheesh...
It's like blindfolding someone and then blaming them for not being able to catch a baseball pitch, facing away from the thrower, with their bare hands. Of course they won't be able to, if you take away every single useful tool for them to accomplish the task.
Re:This is an idiotic quiz. (Score:2)
This is a completely invalid, unsound test, as there is no technical way to determine the presence of malicious software simply by looking at a page as it initially loads in the absence of any ability to interact with it or at the very freaking least scroll up or down or hover a mouse... sheesh...
Your criticism is completely valid, and for t
Not quite kosher. (Score:2)
I completely agree that most users don't have the technical skill to spot a spoof email or determine whether a link actually goes where it says it does... so there was NO NEED for this rigged,
Flawed quiz (Score:5, Insightful)
Re:Flawed quiz (Score:5, Insightful)
1) How many people will stay interested enough to finish the quiz.
2) Free focus group when article is posted on
Requires javascript. (Score:5, Funny)
Not sure I agree with their methods (Score:5, Insightful)
Re:Not sure I agree with their methods (Score:5, Funny)
Re:Not sure I agree with their methods (Score:3, Funny)
Clean... That's a way to put it. The one that doesn't have herpes has AIDS!
(Yes, so their "safe" sites may actually also be infected. It just means that they haven't detected that malware or weren't looking for that type of malware...)
Missing Poll Option (Score:5, Informative)
Seriously, is McAfee trying to imply that some executable code you download off the Internet from people/organizations of unknown repute is safe?
BTW, if 3% of people answered their questions correctly, that means that 5 of 8 questions effectively had 50% odds. For example, if 50% of people were able to get questions 5-8 correct, and everyone just flipped a coin to answer questions 1-4, you'd get a 3% all-correct rate.
Re:Missing Poll Option (Score:2)
Think of it as another way to advertise! (Score:3, Funny)
Yes, easy to see what the purpose of this test REALLY is... promotion promotion promotion! I'd even point to the fact that this is on
Then again, what do I know? I got a 5 out of 8 on the quiz. Boy, am I a dumb intarweb user! Better go install that SiteAdvisor after all...
ActiveX in Firefox? (Score:4, Funny)
McAfee claims that one of the lyrics sites has "delivered adware through ActiveX" via Firefox.
Re: (Score:2)
Re:ActiveX in Firefox? (Score:2)
So for specific users, it might tangentially be true- they can launch IE from Firefox and get pwnd by ActiveX!
FireFox (Score:5, Informative)
And that is just another reason I don't use McAfee.
Man ... (Score:2)
Then again, I don't want animated cursors, free screen savers, or any of that stuff.
Then again, I primarily surf from a Mozilla with no plugins enabled, prompts for cookies, and a hosts file to block everything. So I'm probably not the typical web-user.
Solution : Trusted Build Agents (Score:2)
Firefox when secured.... (Score:5, Interesting)
Re:Firefox when secured.... (Score:3, Funny)
I think she has a bigger problem than spyware, you perv.
Re:Firefox when secured.... (Score:3, Interesting)
Re:Firefox when secured.... (Score:3, Funny)
fdisk?
I'm confused (Score:2)
So I took the quiz, and the first 4 questions didn't have the correct answer as an option. The correct answer is "do not download binaries from unknown sources."
Seriously, if you're asking which smiley or screensaver site is "safe", you've completely missed the point. Downloading binary files from arbitrary sources is inherently unsafe. Build from source, or do without whatever it is.
Re:I'm confused (Score:2)
So you'd have to do without your build environment...
Re:I'm confused (Score:2)
I didn't get my build environment from an arbitrary source. I got my original toolchain from my distribution and checked the signatures against the GPG keys available from multiple keyservers. The theoretical danger there is so much less than the danger of downloading a screensaver from some site off the Internet that I don't even see a point in making the comparison.
Not that great a test (Score:2)
Since I run Firefox with no ActiveX, and on the Windows side I run at least four antispyware programs, I'd say my performance on the quix isn't terribly relevant.
Also, the fact that the SITE has downloads with spyware doesn't necessarily mea
Well, that's not too surprising, after all. (Score:5, Funny)
Well, I guess that's why they call it spyware, don't they. I mean, what kind of spy would be easy to spot? Wouldn't be a very good spy, now would he.
In other news... (Score:5, Funny)
Most web users are unable to tell what browser they are using. Or operating system, for that matter.
Support: What web browser are you using?
User: Microsoft Excel.
Support: Okay, what operating system are you using?
User: Um... Dell?
6 of 8 after researching all the sites (Score:2, Insightful)
First I missed the lyrics sites. One of them supposedly installs activeX adware. I couldn't tell this since I'm using Firefox in Linux.
Then I missed one of the P2P software sites. I incorrectly decided that Blubster was safe, even after looking through the site. They do mention that they take information given when you fill out a contact form, but I didn't see any mention in the terms of use or privacy policy regarding anything in
Anyone else notice (Score:2)
Most slashdot editors can't identify news. (Score:2)
Dumb quiz (Score:3, Insightful)
Passed (Score:2)
Every single "safe" site had a "Support" or "Forums" button. None of the "unsafe" sites did.
That's because the unsafe sites support would have the FBI on them in a second from this guy [slashdot.org].
One click!? Which one? (Score:2)
And what is that one click? Infect me now [nyud.net]
nice design no spyware? (Score:3, Insightful)
but in most cases they seem to tell me, that a simple design vs bling means that the simple design will sell you spyware
dunno, i think any download is a potentional spyware, especially the spyware programs (that my wife installed on her mom's computer adter a popup : your computer mught be infected
well at home she uses linux so did not get a clue......
ohh that crap also has the important message: all p2p programs are spyware laden....
You Just Clicked (Score:2)
Yet somehow, I don't feel like I'm peeking off the ledge of a 50 storey building into tiny traffic below.
Buy our software (Score:5, Funny)
*click*
Ahahah, it's both you loser!
Now go buy our software.
2. Next question: what you see is 32 bytes from two EXE files. Which one of those installs adware?...
Yes, I would say that this is pretty accurrate... (Score:2, Insightful)
-Cypheros [cypheros.com]
A very bad survey. (Score:5, Insightful)
I took my usual paranoid route. For the first four questions, I didn't select either site (which, as it asks which site you trust, seems to me to implicitly state that I don't trust either site). For the last four sites, I specified that all of them potentially had spyware.
My result? Well, acccording to this "survey" I only scored 3 out of 8, as my not trusting sites which didn't have spyware (as they could find) counted against me, and I distrusted one site which the survey claims has no spyware. So apparantly, because I don't trust ANY of the 8 sites referenced in the survey, I'm "At Risk", and my "...answers would have infected your PC with adware and spyware many times over.".
Uh huh. Not trusting any of the 8 sites is putting me at risk? Spyware and adware many times over? Let's ignore for a moment that I'm running Mac OS X, and that I wouldn't visit any of those sites in the first place, and don't download screensavers, wallpapers, or smilies, but apparantly according to SiteAdvisor my distrust of all their sites puts me at risk.
And that right there is enough to tell you the quality of this so called "survey".
Yaz.
Which of these [face shots] has an STD? (Score:5, Funny)
Conclusion: most internet users are in serious danger of contracting AIDS.
[note to moderators. this is a parody.]
WTF? 3 out of 8? (Score:3, Interesting)
Then the stupid quiz told me I was at risk. I call bullshit on the results--it doesn't account for "paranoid" mode.
Re:My Score (Score:4, Funny)
So close (Score:2)
Re:Is there any suprise about that? (Score:2)
I think clamping down on their testicles with a pair of electrodes hooked to a neon transformer would be just about right.