Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Scaremongering over Spyware?

Zonk posted more than 8 years ago | from the grains-of-salt-available-to-your-left dept.

Security 196

Dynamoo writes "The BBC is reporting that PCs in the UK are infected with over 20 pieces of spyware on average. A frightening statistic, if it is to be believed. In fact, the figures come from Webroot - an anti-spyware firm with a commercial interest in playing up the spyware threat." From the article: "In Poland, 867 of every 1,000 domestic PCs have been infected by trojans, unsolicited programs that can allow remote users to control the machine. It is this international reach that concerns those in authority trying to combat the spread of spyware. "

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


True number or not, way too common.. (4, Insightful)

luvirini (753157) | more than 8 years ago | (#14686645)

Regardless of how mch the actual numbers given there are over the top, the actual numbers of PCs having spyware infections is way too many.

Slowly people that I know start to have things in order as I have managed to make them change habits, install tools and such, but not everyone has such aquintances, and even then, the number of times I have cleaned spyware from someones computer is way high...

Re:True number or not, way too common.. (3, Interesting)

HermanAB (661181) | more than 8 years ago | (#14686827)

Every Windows PC I get to repair has at least 10 pieces of spyware running.

Re:True number or not, way too common.. (1, Funny)

PowerBert (265553) | more than 8 years ago | (#14686846)

I think most of the people on slashdot could tell similar stories.
My favourite (and fashionable) spyware cleaner at present is Ubuntu Linux. In my experience it's been 100% effective!

Re:True number or not, way too common.. (3, Insightful)

Xerp (768138) | more than 8 years ago | (#14686874)

This isn't just down to people's habits - poor quality software is also to blame. Microsoft Windows PCs are top of the spyware tree. Even with changing "habits" and installing a list of "security" bolt-ons as long as your arm, the poor quality of the Microsoft software is still going to let you down. Both at work and in the home, even the most well looked after Microsoft Windows machine is going to get infected. Take for example by PHB's machine. Microsoft Windows XP SP2, Microsoft anti-spyware, McAfee Anti-virus, fully patched.. last scan with Spybot S&D - 81 red entries. Sure, 56 were just cookies but also in the list was some really nasty malware. Then there is good old mum. Just browing using a 56k modem. Bless. Windows 2000 - can't patch as she only has a modem. Thing stopped working. It was so hosed the only way to recover was to use Knoppix to copy her files off. Of course, as it was my mum, I had full control over the situation. I upgraded her to Linux (Slackware 10, to be exact) - its now been 8 months and her PC is still spyware free. Not a single virus. Not one single problem. Mum isn't a techie and she loves not having to worry about "spybot" "mcafee" "norton" and a load of other things that mean nothing to her. She tells her friends how she is using Linux at home and how good it is. What amazed me, is that her friends had even heard of Linux. I mean, they're all over 60. Needless to say, they all want it too now. Sure, Linux on the desktop at work = a lot of corporate hassle. Linux on the desktop at home for non technical users who just want to browse, email and message = 100% perfect - and spyware free.

Re:True number or not, way too common.. (0)

Anonymous Coward | more than 8 years ago | (#14687180)

Would she have been able to install it on her own? I doubt it. Linux is still a configuration file nightmare. No casual computer user is going to pick up "grep" and "/etc" without lots of help.

Re:True number or not, way too common.. (1)

qwijibo (101731) | more than 8 years ago | (#14687208)

No casual computer user is going to be able to install Windows or configure it well either. Why do you think there are so many Windows machines with so many self-inflicted problems? There is a point at which people accept that they can't do everything and ask for help.

Re:True number or not, way too common.. (0)

Anonymous Coward | more than 8 years ago | (#14687407)

Yes. Thats exactly the point. Windows is not only wide open to spyware (and all sorts of other nasties), but even if the casual user is aware of these things, they are not going to be able to do anything about it. Chances are they are only using Microsoft Windows because someone else installed it for them. Chances are it has never been patched since. Or had a defrag. Any any forms of security update. Heck, the 90-day trial version of Norton probably stopped working years ago (but still has a nice pop-up). Without constant maintenance, a Windows system will eventually become unusable. Thats a fact.

Thing is, once someone has set up a Linux system for a casual user the job is done - and it will run for a long, long time before anything needs to be done again.

On top of that, as the OP stated, _even a well-kept Microsoft Windows system_ is *still* going to get infected. Its the way Microsoft software "works". And once that happens, it can be real pig to disinfect.

I'd also like to add - in a compnay, when a Microsoft Windows system get infected and starts dishing out corporate secrets, who is to blame? The systems guy - even though he did the best job he could? The person who uses the pc? The software supplier? The software manufacturer? Yup. Its the systems guy who gets the blame.

Re:True number or not, way too common.. (1)

Deathlizard (115856) | more than 8 years ago | (#14687266)

I work for a Small Private College. We have a laptop program for students as well as maintain some computer labs with desktops (roughly 80 Machines). The labs have had the same Operating system (XP) on them for over two years under heavy usage and not one of them ever had spyware/viruses or any of the other happy fun "screw your box" exploits that seem to plague every laptop 15 minutes after we hand it to a student. Why? Because we protect the Lab PC's that's why, and not with some exotic "erase the drive every time" solution like Clean Slate or the Shared Computer Toolkit. In fact the only security program on them is F-secure Internet Security with only the antivirus and spyware modules install, and the spyware scanning was recently installed about 6 months ago when it was included with the latest F-secure version.

All we use is the built in security protections and policies to protect the PC's from what would basically be described as PC hell. On the laptops, the Students have admin access and can have a field day installing every porn and P2P Program they find, and they get spyware filled almost immediately. I seriously had a Laptop come in and it scored 17079 on Adaware. I've yet to see adaware score anything above 50 cookies on any of the lab boxes because they can't install anything on them because of the guest/user setup that we use in the labs.

Re:True number or not, way too common.. (1)

Ravenscall (12240) | more than 8 years ago | (#14687422)

That is a good point, but the average user does not know how to configure a Windows box for security out of the box. My girlfriend's Windows box has been clean for over six months because we both are pretty security conscious, but every so often a piece of malware does get through.

However, when I was doing end user DSL support, I found myself explaining to them over and over again that all these security programs mean nothing if they click every popup they get and then do not run the scans.

Re:True number or not, way too common.. (0)

Anonymous Coward | more than 8 years ago | (#14687677)

Nice story man...about your old lady:-) I think these are also the steps most linux users should take too. Try to influence people around you about the merits of open source software. I'm also tired to go to friends houses and be busy removing spyware and virus. Will start spreading the open source option by installing as much of Ubuntu for them as possible.

Re:True number or not, way too common.. (1)

The Spoonman (634311) | more than 8 years ago | (#14687686)

even the most well looked after Microsoft Windows machine is going to get infected

Depends on who's in charge of them. We have some 13,000 Windows computers, none of which has any spyware on them.

Re:True number or not, way too common.. (3, Insightful)

Se7enLC (714730) | more than 8 years ago | (#14686935)

The numbers don't surprise me too much. The typical response from people I interact with seems to be "My computer is running slow, acting strangely, crashing. Maybe I'll look into fixing it at some point". People just don't have the urgency anymore as virii/spyware aren't targetting their own machine anymore.

It's not like the good old days when a virus just trashed your machine, so you had to act immediately. Now it just lies in waiting and uses your machine to launch attacks on others and collects personal information silently. People just don't care enough to fix spyware until it directly prevents them from using their precious web browser, email, and instant messenger.

Re:True number or not, way too common.. (1)

NewKimAll (923422) | more than 8 years ago | (#14686940)

You didn't hear this from me, but at the place that I work a certain department used Windows Terminal server and also deployed user desktops. Even with anti-virus software in place, Spyware started crippling the system and eventually exploited security holes that brought the system down.

It was determined that NOBODY was checking to make sure the anti-virus updates were running AND some Windows desktops were not configured to automatically install OS updates when they were released. After two weeks of pure hell, they are ALL now running Linux terminals and the applications that must use Windows (because of no Linux alternative) are severely locked down.

No data was lost or corrupted once they were able to clean-up the Terminal Server to the point where a back-up could be performed, but the Operating System was totally trashed and couldn't be trusted.

My advice if you are running Windows is to make sure your Anti-Virus Definitions are regularly updated, your download OS patches when they come out and you run some kind of firewall. Either ZoneAlarm or a hardware firewall. ZoneAlarm is much easier to use.
In this case, Windows Security flaws meant moving to Linux.

Why not? (3, Funny)

rahrens (939941) | more than 8 years ago | (#14686646)

Why shouldn't the anti-spyware companies do it? The anti-virus people over hype the threats all the time anyway. The press plays along cause it sells newspapers and ups the ratings...

Re:Why not? (1)

rahrens (939941) | more than 8 years ago | (#14686663)


Not to denigrate the threat - its real, and is a lot more criminal now than it used to be, but I think these companies over play the numbers like this to sell and for no other reason.

Re:Why not? (1)

Cat_Byte (621676) | more than 8 years ago | (#14686773)

I wish that were true. I was contracted by a legal firm to update all of their systems and run a couple of new network connections. I found over 500 spyware programs on their 10 pc's. This is in a place where a couple of them already ran Ad-Aware or spybot. Unfortunately, they had good intentions but thought you just installed it and it ran in the background like antivirus does. It was outdated and hadn't been run in months.

Yes I know spybot has the taskbar thing, but it really doesn't work that well for average users. It just warns you about changes, but most people don't know what triggered it and don't know if they should click accpt or deny.

Re:Why not? (1)

k12linux (627320) | more than 8 years ago | (#14687461)

The anti-virus people over hype the threats all the time anyway.

That's just not true. A plague of linux viruses is just on the horizon and will probably strike any day now!

And when it does, both people who get infected will be mighty pissed they didn't buy anti-virus software!

Seems like a statisticians nightmare (4, Insightful)

antifoidulus (807088) | more than 8 years ago | (#14686650)

How can you really tell how many people are infected with spyware? It's not a question like, "do you support proposition 84?" where you can call people at random or talk to them on the street. I would be afraid of the guy who came to my door asking if he could test whether or not my computer was infected with spyware(doubly so since I use a mac :P), and if you just ask people, 9/10 they won't know but will probably make up a answer anyway. They could use the numbers sent to them by customers, but that isn't random at all. Their customers are much more likely to have spyware infections or else they wouldn't be seeking their help.
So yeah, it's a number, but not a very convincing one...

Re:Seems like a statisticians nightmare (1)

voice_of_all_reason (926702) | more than 8 years ago | (#14686769)

Not too hard. Just ask a few computer repair centers to run scans before working on the machines and report their findings for a modest fee.

Of course, the results would be slightly skewed. Not from a pool of all computer users, but from all users that encounter severe problems && lack the skill to fix it themselves

Re:Seems like a statisticians nightmare (4, Funny)

LiquidCoooled (634315) | more than 8 years ago | (#14686783)

I wouldn't be surprised if they have installed a little program on peoples machines to monitor and upload the stats about how much spyware a person has on their machine.

Re:Seems like a statisticians nightmare (2, Insightful)

tdemark (512406) | more than 8 years ago | (#14686922)

I would be afraid of the guy who came to my door asking if he could test whether or not my computer was infected with spyware(doubly so since I use a mac :P), and if you just ask people, 9/10 they won't know but will probably make up a answer anyway.

It's funny you mention this. Last year (Sept, 2005), Consumer Reports had an issue dealing with personal computers. This is an actual quote from the article:

Only 20 percent of Mac owners surveyed reported detecting a virus in the past two years, compared with 66 percent of Windows PC owners. Just 8 percent of Mac users reported a spyware infection in the last six months vs. 54 percent of Windows PC users.

There is NO WAY those Mac results are accurate. I think what happened is that these Mac users got occasional pop-ups saying "Your machine is infected with (spyware|viruses). Protect yourself now by clicking here". So, they did and the problem "went away". As far as they were concerned, they were infected.

I wouldn't blame the users as they shouldn't have to know better. I would blame CR for a faulty survey - if you ask questions that either require specialized knowledge (how many Mac users know what spyware is) or could generate a false positive (such as a user confusing an infection with a pop-up), then you really aren't doing a good job providing accurate results.

- Tony

Oh James... (3, Funny)

digitaldc (879047) | more than 8 years ago | (#14686652)

The BBC is reporting that PCs in the UK are infected with over 20 pieces of spyware on average...It is this international reach that concerns those in authority trying to combat the spread of spyware."

Quick, get Q on the line, I think we are going to need the services of 007 for this one!

Here we all have license to kill -9 (0, Funny)

Anonymous Coward | more than 8 years ago | (#14686918)

... not only 007

And, typical of scaremongering tactics... (4, Insightful)

Caspian (99221) | more than 8 years ago | (#14686657)

...they are (probably deliberately) confusing the terms "trojan" and "spyware". Is it any wonder that the average user doesn't know the difference between a "virus", "spyware" or "adware", doesn't know the umbrella term "malware", and thinks that any antivirus program is all they need to stay safe?

To this day, most end-users I talk to think that "spyware" is something good, since they hear people talking about "Spybot", which they think is "a program that gets rid of the viruses".

When will we get some REAL end-user education in this topic? Public schools have Sex Ed classes where they teach you how to reduce your risk of getting HIV and the Clap... how about Computer Safety classes where they teach you how to reduce your risk of getting viruses or spyware?

Re:And, typical of scaremongering tactics... (3, Insightful)

luvirini (753157) | more than 8 years ago | (#14686782)

The problem is, with the threat environments changing so fast, schools are definitely not the best place to teach this, as schools should give lifelong skills.

Anything they would teach about spyware today could very well be moot in 5 years if most people use secure systems.

More proper thing would likely be going the route of licencing.. that is in order to allow use of a computer that is connected, you need a computer lisence, the same way you need a drivers license to drive a car on roads. That lisence could then be limited in duration and you would need to get updated on newest things, from behavior to threaths.

Ofcourse that would bring many other problems in itself...

Re:And, typical of scaremongering tactics... (1)

Opportunist (166417) | more than 8 years ago | (#14686793)

Because you'd first of all find someone who knows more about the topic than the kids AND is taken serious by them.

Forget your average teacher. Best he could do is slap together some buzzwords and hope and pray that the kids won't ask questions. Unlike sex ed, where you could prolly get snickered on by your peers for asking questions ("Hey, Jimmy wanna get boned in the butt!"), kids could actually ask questions about security issues and, hell, they will have a LOT more detail at hand than your average teacher.

Now, inviting an expert for the topic could do it, but then, where do you get one, preferably for free? You might get one from organisations like the BSA, but then they'll hear more about software licensing and other crap they don't want to hear.

And they won't listen.

So the idea is good, just the question is, how do you want to teach something nobody is appearantly interested in? First of all, you gotta raise the awareness that it IS a problem.

Re:And, typical of scaremongering tactics... (1)

argStyopa (232550) | more than 8 years ago | (#14686957)

Even further, how are they defining 'spyware'?
I run spybot on my mom's computer, and I get 50 items that need cleaning. Of course 40 are simply icky cookies that need to be swept, 8 are bad links that show up in her cache, and only a couple are what I would actually call something suspicious.

Yes, malware is a problem, but the numbers are just meaningless statistics meant to startle people who don't really understand it anyway.

Re:And, typical of scaremongering tactics... (1)

edenapple (953123) | more than 8 years ago | (#14687127)

They are also likely including questionable spyware in the study. Most of these programs report certain cookies as "spyware".

Re:And, typical of scaremongering tactics... (1)

hobo sapiens (893427) | more than 8 years ago | (#14687486)

ah, yes, time tested rhetorical devices! You see, "spyware" will make your PC's motherboard melt, it will cause your kid to worship the devil, it will cause you to smell funny, et al.

Then, ironically, companies like AOL can advertise anti-spyware software thereby totally obfuscating the fact that AOL's software is just about every bit as malicious as any spyware you can install.

Use secure software, such as Mozilla and Open Office, resist the overwhelming temptation to install the "Next Generation of Free Smileys!", and you can ignore this silliness.

But then again, this whole article is a bit suspect, I mean, this is kind of like publishing the results of an "independant" study which claims Microsoft software saves money and is like really nifty and stuff. Of course guys like webroot want you to be scared.

Not necessarily that much scaremongering (5, Insightful)

DagdaMor (518567) | more than 8 years ago | (#14686658)

When I help out none-techies with their crippled system, they often have in excess of 100 pieces of various malware. I can well believe as an average of the uk that 21 would not be a too unreasonable figure.

Re:Not necessarily that much scaremongering (1)

tinkerghost (944862) | more than 8 years ago | (#14686750)

I think 21 might be low, there are several out there that run multiple instances under different names so they can restart them when someone shuts one down. I know my son had 1 with 4 seperate instances running & if you shut one down it would restart in under 5 seconds.
Nice how something that starts under your std user can infect the admin account too.

Re:Not necessarily that much scaremongering (1)

mdwh2 (535323) | more than 8 years ago | (#14686833)

Indeed, this is a classic problem of mean averages being misleading. The "average" PC may well be free of spyware, with a minority of machines that are poorly maintained being infected with hundreds. A median average would probably be a better indicator...

When you say 100 pieces... (0)

Anonymous Coward | more than 8 years ago | (#14686836)

Are you counting, are you counting every single file, every single registry key, every single directory and every single cookie as "a piece?"

Thats like having a dinner party and counting the total amount of bones that the invitees have...

More Information (4, Informative)

TripMaster Monkey (862126) | more than 8 years ago | (#14686660)

From TFA:
If the FTC gathers evidence of a crime, it can - and does - launch prosecutions. Last month two companies were ordered to hand back more than $2m (£1.14m) garnered through selling fake anti-spyware products.
More information regarding those settlements can be found here [ftc.gov] .

Re:More Information (1)

pipingguy (566974) | more than 8 years ago | (#14686891)

selling fake anti-spyware products.

This needs to be punished even more than the actual spyware, for obvious reasons.

Spyware?? (4, Interesting)

Anonymous Coward | more than 8 years ago | (#14686662)

Well it would all depend on what was being classed as spyware. Are they including tracking cookies, in which case anyone using google with cookies turned on will be infected.

And why oh why can't the BBC specify "Windows" users. Why do they report every piece of Malware as being a threat to PC users. It's not. Most malware is operating system specific. if it affects Windows, say Windows.

Sloppy journalism...slipping standards, blah blah...

Cookies (1, Funny)

Anonymous Coward | more than 8 years ago | (#14686665)

It is not scare-mongering, it is real and I am surprised it is only 20 pieces of spyware. Pretty much any website will usually drop a half dozen advertising tracking cookies.

Re:Cookies (2)

rahrens (939941) | more than 8 years ago | (#14686711)

Tracking cookies in and of themselves are not malware. Spyware is an app, perhaps in java, that specifically targets user's info and sends it independently back to a parent server/site. It may be stand-alone, or it may be part of another app, but a tracking cookie in and of itself is NOT spyware!

Tracking Cookies might be malware and spyware (1)

Gary W. Longsine (124661) | more than 8 years ago | (#14687670)

Well, tracking cookies may not be executables, but it's probably reasonable to consider many of them to be spyware, at least to the extent that they may be part of or coopted by a larger adware system which may identify a particular user and their web surfing history.

spyware and fear mongering (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14686674)

There IS a lot of fear mongering over spyware. For instance, some packages labeled "spyware", such as new.net [new.net] aren't spyware at all - and if you visit the site, you'll notice the little logo by the respected accounting firm of PriceWaterhouseCoopers, LLC. I've been running this package for the past year, and it has exhanced my internet experience in ways I could have never imagined. DNS lookups are lightning fast now, and it provides a set of DNS extensions which I think you'll find quite indispensable.

And yet, this completely free enhanced DNS lookup system will get removed by most spyware utilities. It's ridiculous, and ought to be illegal...

Don't take my word for it, go out and download it and try it - you'll be thanking me.

Re:spyware and fear mongering (0)

Anonymous Coward | more than 8 years ago | (#14687394)

umm, go to hell...?

Yes, (1)

techefnet (634210) | more than 8 years ago | (#14686676)

This is bad. What we need is better education of the users I think. And of course better operating systems. *g* Well, a step forward is that Microsoft is now including their spyware-scanner by default, if I remember correctly.

Education is key (3, Insightful)

gihan_ripper (785510) | more than 8 years ago | (#14686701)

Education is the real key to computer protection, not the purchase of spyware removal tools.

I've only ever had one piece of malware, which was ten years ago (the Tai Pei virus). In the meantime, I've learned good computer habits. These include being cautious about downloading and installing software, using the free firewall which comes with Windows XP, and employing the Mozilla range of browsers / email clients.

If users don't learn to be cautious when using a computer, they're going to run afoul of phishers, which will be much more of an incovenience that a bit of adware.

Re:Education is key (0)

Anonymous Coward | more than 8 years ago | (#14687523)

I work in education.

I teach GCSE and A level ICT. some of my students can parot fashon use the interne t to look at stuff and playt flash/java games. But educating them to the fact that a mouse is an input device and a monitor is an output device has me crying at times. I fear for the future. Education would be the ideal solution except for two problems

1: attempting to educate the un educable
2: attempting to educate people who "don't want to understand how it all works, the just want it to work".


However... (2, Funny)

inphinity (681284) | more than 8 years ago | (#14686707)

Isn't it also true that most spyware that these programs detect are somewhat-benign tracking cookies for sites like FastClick? I wouldn't necessarily classify those as spyware.

However, if they are, then I'm sure most of the computers I own (Linux, OS X, Win) will have at least a dozen such "spyware" infections...

Obligatory Polish joke (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14686708)

How many [censored] does it take to remove trojans & unsolicited programs?

I could easily believe that. (2, Interesting)

edunbar93 (141167) | more than 8 years ago | (#14686710)

Hell, I've seen computers that would push that average *way* up all on their own.

You have: 10,489 viruses on your computer

No, I did not make that up. There are actually people out there (many, in fact) that think that the computer is running really slow because it's getting old, and not because there's three billion pieces of crap bogging it down. It just never occurs to them.

Re:I could easily believe that. (1)

rahrens (939941) | more than 8 years ago | (#14686745)

I can understand. I do desktop support, and I've seen PCs with over 400 spyware items we've had to remove, and that's behind a professionally maintained firewall. The user HAD to get that stuff by visiting sites where it was downloaded.

We are now locking down the desktop for our users to cut back on this crap.

Re:I could easily believe that. (1)

voice_of_all_reason (926702) | more than 8 years ago | (#14686797)

We are now locking down the desktop for our users to cut back on this crap.

That's just going to make them try a little hard to find away around the block, and make you work a big hard to keep patching things.

Never underestimate the combination of a fool with too much free time on his hands.

Re:I could easily believe that. (1)

DjLizard (951040) | more than 8 years ago | (#14687174)

If they want to keep bypassing security and visiting sites that they shouldn't while at someone else's company, perhaps they should no longer be employed.

Re:I could easily believe that. (2, Informative)

walt-sjc (145127) | more than 8 years ago | (#14686751)

You have: 10,489 viruses on your computer

I've seen similar, although generally it's ONE virus infecting 10,489 files...

Re:I could easily believe that. (1)

jayloden (806185) | more than 8 years ago | (#14686980)

Back when I still did Windows support at a help desk level, we had one virus that came out that was infecting anywhere from 20,000 to 50,000 files and up. (I think it was a MyDoom variant?) The thing would make copy after copy of itself, infect files, all kinds of crap. We'd scan the computers with McAfee and it'd sit there just constantly finding more files.

It used to be almost fun fixing all the computers back then, because I was good at it and I could get just about anything cleaned up. Now these things are turning into these nasty rootkit-based nightmares that make me oh so glad I'm not in that business anymore. I've since moved to a completely Linux-based platform for everything I do and I no longer do desktop support (Although I do maintain an antivirus tool). I can't imagine how much it would suck to be still back at the support center; I'm sure they'd just end up reformatting everything. Granted, it's not impossible to clean these new variants, but at a certain point you:
a) Go beyond the technical capabilities of the student workers at the help desk to fix
b) Go beyond a reasonable time limit to get this computer fixed so you can move on to the fifty other computers in the queue
c) give up in frustration

its a concern (2, Interesting)

dotpavan (829804) | more than 8 years ago | (#14686720)

sometimes it concerns me as to how much of valuable resources get wasted in trying to remove these malicious progs. It is sheer ignorance, utter haughtiness and no intention to prevent damage to systems from the users that cause such stats to occur.

On the other hand, doesnt it lead to waste of:

(*) valuable time, because every now and then you have to scan/remove/update/etc

(*) valuable comp resources/processing because you HAVE to have your anti-****(whatever)-ware ALWAYS on, which are generally bloated and eat up memory/processing (*) and imagine the rebooting and re-installing

Its sad that the 'wonderful pc experience' has now come to a stage that the price one pays is getting heavier. And with some very basic steps/prevention measures (as explained by many at /. during such stories), it could be enhanced many times.

Calling cookies of simple webcounters spyware (0, Insightful)

Anonymous Coward | more than 8 years ago | (#14686726)

A lot of anti-spy/adware tools are targetting the cookies of webcounters. These are not spying on people but just used to destinguish between visitors that are visiting a site once or a steady visitor. This cookie information is also used to give more reliable statistics and this information is used to improve the website.

This has nothing to do with spy- and ad-ware.

Please don't call a cookie spyware unless it is used over different sites or it contains personal information.

I believe it... (1)

thatoneguy_jm (917104) | more than 8 years ago | (#14686732)

Over Christmas I "cleaned up" my parents computer - and found well over 600 instances of spyware.

It was a wonder the thing was even running....

Gotta get away from MS (1)

slackaddict (950042) | more than 8 years ago | (#14686738)

Unfortunately, the current versions of Windows are too exploitable and unmanageable. The average Joe User isn't going to know how to set up a firewall or disable services he doesn't need. What we need is a fundamental shift from the current MS way of doing things.

Re:Gotta get away from MS (1)

dc29A (636871) | more than 8 years ago | (#14687048)

Unfortunately, the current versions of Windows are too exploitable

I beg to differ about Windows being too easy to exploit. Run Linux with root access and you are just as vulnerable. Windows, since Win2K has a very good security framework. The problem is not Windows itself, but the shoddy practices of Microsoft by letting everyone and their dogs run as root (hopefully Vista will change this).

I haven't had an Anti-Virus nor Anti-Spyware installed, ever. I only install one for shits and giggles to see if anything got through. Guess what? Nothing got through. You have to do few basic security steps and your Windows installation is pretty rock solid security wise, most importantly: DO NOT run Windows with root security and use as much as possible open source applications for your needs. Create yourself a non root account. Oh and ditch IE. Common sense will make any Windows installation secure.

For Joe User, nothing will change unless Joe User is educated about security. You can give him the best firewall with Star Trek like AI built into it, if he decides to execute an email attachement that flushes his own files or massemails crap to people on his address list, nothing is there to stop him.

Re:Gotta get away from MS (1)

Ravenscall (12240) | more than 8 years ago | (#14687357)

I beg to differ about Windows being too easy to exploit. Run Linux with root access and you are just as vulnerable.

Well, seeing as how most Linux distros do not make root access and Windows does......

Also, I have yet to see one piece of malware (tracking cookies excepted) that will actually affect Linux.

So, vulnerable to hacking yes, but see my comment on default access.

Depends on your definition of "spyware" (5, Interesting)

Opportunist (166417) | more than 8 years ago | (#14686741)

I'm working for an antivirus company (and you have NO idea, the problem with spyware is not that you couldn't remove it, it's the legal issues around removing it and labeling it spyware), and from my perspective, there are 2 kinds of spyware out there.

The kind that comes in the form of a cookie like doubleclick. It's tracking you, so it is technically spyware, even though it does not modify anything on your PC, does not have any negative impact on your stability or anything else. All it does is to monitor your browsing behaviour.

If you count this kind of spyware then yes, the infection rate is crippling. 99% I'd wager. And 20 on average is reaching kinda low.

If you only count those pesky popups that come as BHOs and other installed services, then my count would be a LOT lower. Still way too high but WAY lower.

And yes, the average infected computer carries a tremenduous load of spyware. If you have one, you have them all. If I didn't know better, I'd say they download each other. :)

Re:Depends on your definition of "spyware" (-1, Flamebait)

Anne Thwacks (531696) | more than 8 years ago | (#14686904)

it's the legal issues around removing it and labeling it spyware

DONT GIVE ME THIS BOLLOCKS. Ask the csutomer if he wants the stuff or not. You know he doesnt want stuff from 180 solutions, even if he doesnt. However, if the user makes the determination that he doesnt want something, you cannot be held to blame. And if you think cant defend yourself in court against these scumbags, then maybe you should consider suicide. - This IS flambait. Mod it whhere you want it!

Re:Depends on your definition of "spyware" (1)

ScottCooperDotNet (929575) | more than 8 years ago | (#14687532)

I had guessed that, which is why I use the free AntiVIR [free-av.com] since it doesn't bother with legal issues (being EU based) and removes whatever it finds.

It's hard to recommend Norton when they require manual removal of malware files that aren't in memory. C'mon Symantec, that helps nobody!

20 Spyware Packages? (4, Informative)

bmo (77928) | more than 8 years ago | (#14686743)



Them: "Dude, my computer is slow and it's got some sort of popup that comes on when I turn it on"

Me: "You're infected"

Them: "But how? I don't go to any porn sites...." yadda yadda yadda.

And when I get to the sick peecee, I see that not only does it have _one_ piece of malware, but it barely boots from the hundreds (sometimes thousands) of evil packages all fighting for control of the poor machine.

It's a losing battle. No, it's not scare mongering. It's reality.


The aweful truth (3, Insightful)

Opportunist (166417) | more than 8 years ago | (#14686842)

It doesn't matter where you surf. It doesn't matter what you open in mail. It doesn't matter if you keep your system updated.

What matters is the combination of it all!

You have to do EVERYTHING to stay clean. No shady porn sites, no clickyclicky on shady mail, daily updates, up to date virus killer, well configured firewall, ...

"Gaaaaah... too much work!" is the answer you'll get from Joe Schmoe Average. "All I wanna do is surf, I don't wanna worry about system stability, Browser plugins and antivirus."

Well, all I want to do with my car is drive around. And still I gotta worry about red lights and directional lanes. Why the heck do I? It makes me slower and keeps me from getting right where I want to be!

Oh. Right. I enjoy being alive and have an operational car.

Re:20 Spyware Packages? (2, Interesting)

Esion Modnar (632431) | more than 8 years ago | (#14686845)

it barely boots from the hundreds (sometimes thousands) of evil packages

When I first start to clean a PC, I don't even try to boot it. I just yank the HD, put it in an external USB case, then plug it into a malware cleaning workstation to run a whole slew of programs against it: AVG, Spybot, AdAware, Spysweeper, etc. By the time I replace it in the original box, what few evil programs that remain have been so crippled that finishing the job is a breeze.

I also get a printout of the list of evil programs and hand it to the customer. Helps the customer's sense of value of my services.

Re:20 Spyware Packages? (0)

Anonymous Coward | more than 8 years ago | (#14687538)

And yes ... people still install software like iMesh everyday.

"Pieces?" (0)

voice_of_all_reason (926702) | more than 8 years ago | (#14686748)

What kind of half-assed shit is this?

A single spyware application (ex. Gator) will have several files and registry keys that need to be cleaned. An anti-spyware program will need to highlight each of these for deletion. This is not the same as 20 individual processes on average for machines.

Re:"Pieces?" (1)

HermanAB (661181) | more than 8 years ago | (#14686867)

Well, of the three Peecees I cleaned up last week, each had more than 10 different malware apps running - nevermind the hundreds of tracking cookies and registry entries.

Here's a solution (2, Insightful)

eyepeepackets (33477) | more than 8 years ago | (#14686800)

They can give Microsoft an additional $50 American every year, that should fix their PC problems post haste: Who better than Microsoft to fix Microsoft products?

Now if you'll excuse me, Guido the wheel man is at the door wanting his $20 American for not trashing my wheels when I'm not using them -- he calls it "assurance" while I call it "insurance" but it's really just plain old extortion. You see, Guido sold me the wheels and tells me he can only keep them working if I pay him forever, otherwise something nasty is sure to happen and it will cost me even more money to get it fixed.

If the woman in this article is such a heroic professional, why is she only cleaning off the malware and not getting the users off Microsoft OSes? Surely she has figured out by now that the cleaned machines get trashed again. Maybe she just really likes being needed. Maybe this is PR trash planted by some Microsoft goon.

Maybe Mac and Linux folks are laughing like crazed loons after reading this "heroic" article.


Re:Here's a solution (0)

Anonymous Coward | more than 8 years ago | (#14687134)

Force customers to a different OS they DON'T want? Yeah, that's the ultimate solution-for-all alright!

Fact is, stop using IE, pick a GOOD browser (Firefox, Opera, whatever) and spyware will be a thing of the past (unless you willingly install kazaa or whatever). A bit of common sense can't hurt either (don't open attachments from weird spam emails you shouldn't be opening anyways, etc).

No need to force people to switch OS'es whatsoever. I look after a 2000+ computer corporate site in a country-wide MAN, got a dozen PCs at home, have lots of friends and family members relying on me too, and somehow spyware is never an issue...

Re:Here's a solution (1)

trparky (846769) | more than 8 years ago | (#14687257)

YES! FINALLY, A NON-"switch to Linux and your issue is solved" REPLY! OH YES! COMMON SENSE!

Thing is, I run Windows XP Professional and yes, I admit, I run as Administrator all the time, but I don't get crap.

What browser do I use? Yeah, that's right, FireFox. I can't remember when I had a virus or spyware, it has been too long ago.

True, I have an antispyware application installed on my machine and it scans nightly, but you know what? All it ever finds is tracking cookies.

Re:Here's a solution (0)

Anonymous Coward | more than 8 years ago | (#14687588)

Why would spyware companies write software for *nix machines, when 95% of the public doesn't use *nix, and that other 5% knows not to install their crap?

There's no spyware on Linux machines, not because it's more secure, but because it's not a target.

Re:Here's a solution (2, Insightful)

Mistshadow2k4 (748958) | more than 8 years ago | (#14687242)

Maybe Mac and Linux folks are laughing like crazed loons after reading this "heroic" article.

Yes, we are. Seriously though, phishing is growing into a problem for *nix-users these days, and so far as I know, the only state in the US in which phishing is illegal is California (I might be wrong there, though). You'd think "well, they should be smarter" but the phishers can be very clever, such as sending you an email that looks for all the world like it's from your ISP. (Yes, I was smart enough to check with my ISP before clicking that link, but I'm not gonna blame the people who didn't think of that. After all, if looks like a duck and quacks like a duck.....) So no matter what OS you're using, you should be paranoid.

How to solve the spyware problem on Windows? Well, Peer Guardian [phoenixlabs.org] can help block tons of it. Besides anti-p2p, it has a spyware list and uses little memory to run in the background. It also updates itself automatically unless that is disabled. And you can keep only the spyware list checked to block, nothing else, if you want.

Another thing that can help is a router. I worked on a guy's computer that was loaded with spyware and had a few viruses to boot. He had a software firewall, Kerio I think, plus Avast antivrus and ran Ad-Aware twice a week. So why was he still getting all this crap? His ISP. They had no filters whatsoever. Their servers were set to allow anything to come through. Combined with an older computer with 128 mb RAM plus a fast DSL connection and it literally just couldn't keep up with all the malware pouring through from his ISP's servers. So he got a router and poof! After a fresh reinstall of Windows along with Avast, Ad-Aware, Spybot and PG his computer ran fine. But still.... from a *nix-users point of view, it seems ridiculous to have to spend so much money and effort just for basic protection that a more secure OS automatically provides.

But spyware is always going to be a problem on Windows because of MS's bad security model. If they fixed it so remote users can't install, run or modify anything on your computer without your express permission, it would go a long way towards fighting spyware and a lot of viruses - I know from experience that you don't need to download or click anything to get spyware or a virus, many download themselves straight to your computer. And Windows just lets them do anything it wants. This ability for a remote user to modify your system without needing permission is called a FEATURE by Microsoft, as demonstrated by Active X and the recently-patched .wmf vulnerability. People say "well if these *nix OSes were as widespread in use as Windows they'd have all the same problems", but if that were true, where are all the Unix viruses? If MS changed Windows so that it requires an admin to password to modify the registry, install anything, or for a remote user to run anything on your comptuer you'd see a marked improvement right away.

Re:Here's a solution (1)

trparky (846769) | more than 8 years ago | (#14687314)

If MS changed Windows so that it requires an admin to password to modify the registry, install anything, or for a remote user to run anything on your comptuer you'd see a marked improvement right away.
That is what is happening with Vista.

There will be a system in which users will be able to run as Administrator, but in reality, it isn't Administrator. Any time software wants to modify the system, a big nasty message box will come up telling you that something is trying to modify the system and that allowing it is potentially dangerous. It would then ask for the Administrator (the true Administrator) account password.

What does this sound like? Oh yeah, SUDO in Linux!

EASILY believable (3, Informative)

Short Circuit (52384) | more than 8 years ago | (#14686839)

Here at GRCC [grcc.edu] , Computer Club runs a monthly event called PC Clinic where we fix machines for free. We've serviced more than 60 machines over the course of the three events we've run. We easily average more than 100 pieces of spyware on each machine we test.

Three or four machines had over 1000[sic] pieces of spyware, and one machine had over three thousand pieces, plus several variants of either Sasser or Sobig. (I forget which...that machine came in the door on our first day.)

We don't just service the machines of the elderly...we get a lot of uninformed college students and their parents, as well.

If you have any questions, drop me an email. I'd be happy to answer them. I'll respond to /. comments later, after class. :)

There is a very strong loby to use exclusive MS sw (0)

Anonymous Coward | more than 8 years ago | (#14686851)

Due to this, most people as well as companys just trust too much over and over again on IE and other MS unsecure software.

Once again money talks higher than world sanity :(

I just wish the ones that take care about this could live in peace, but nobody cares if computers are a mess and mess up the world.

Maybe ISP's could create a paralel clean internet, and when strange network activity was detected it would be pluged to the messy-internet for a week or so after last incident.
Isn't google trying to do somehing like this?

Fight it, don't clean it off (2, Insightful)

Simonetta (207550) | more than 8 years ago | (#14686883)

The emphasis on preventing spyware from infecting a PC is misplaced. The problem is best addressed by defining what is acceptable and what is not. Then punishing the people who exceed the limit.

    Who will define what is acceptable? We will, of course. We are the technological elite. It's time that we start making the parameters about what is acceptable behavior on the net.

    So the spyware makers pay off the politicians to allow some country to engage in aberant conduct and give them a save haven? Shut off the country from the web.

    It's time that we stop assuming that in the evolving information age that the politicians have more control over society than the technical elite. We control the web, and we need to take responsibility for the assholes and criminals who use it to prey on society. That means shutting down the 419 chuckleheads also.

    We created the environment that allows viruses and spyware to exist. It's time that we and not the politicians put an end to it. And if what we do goes against some jerks 'right' to sell access to your PC for his own profit, then so be it.

Irony? (1)

Syberghost (10557) | more than 8 years ago | (#14686915)

Is it just me, or does anybody else see the humor in this coming a few articles after the EFF warning people not to use Google Desktop?

On the Average, we're all 90% dead. (1)

Ancient_Hacker (751168) | more than 8 years ago | (#14686937)

The concept of "average" can be very useful. For instance, you can say the average temperature in HAwaii is 68 degrees F. Or the average tinfoil hat liner size is 6 3/4.

The concept works just swell for data that doesnt vary much, like the two numbers above, and forms a bell-shaped curve.

The concept doesnt work at all,k and in fact is highly misleading, when the data tends to be at one extreme or the other. Such as, oh, number of spyware apps on a compuiter.

IMH experience, computers either have 300+ items of spyware (if they've never been scanned), or they have ZERO (if they have a spyware scan program or three, or have no outside Web access).

So saying the average number is XXXX is a misleading statistic. More than likely, a certain percentage have ZERO, the rest have many hundreds.

In My Humble Experience.

Re:On the Average, we're all 90% dead. (1)

renrutal (872592) | more than 8 years ago | (#14687347)

IMH experience, computers either have 300+ items of spyware (if they've never been scanned), or they have ZERO (if they have a spyware scan program or three, or have no outside Web access).

Really, if you want to have Zero malware in your PC, all you need is a trained working brain.

Works all the time, helps in real life too.

cookies (1)

gEvil (beta) (945888) | more than 8 years ago | (#14686946)

How many of those 20 pieces are those horribly nasty tracking cookies? I'm not a fan of them, but I'm also well aware that they're not nearly as malicious as many users think they are...

No wonder... (1)

Arthur B. (806360) | more than 8 years ago | (#14686951)

the UK has the lowest rate of usage of firefox in europe.

Re:No wonder... (0)

Anonymous Coward | more than 8 years ago | (#14687123)

That would give an intresting statistics of spyware on machines with and without Firefox... or maybe more acurate results (but this would be harder to catch) number of spywares detected on:
- machines that browse the web exclusivly with firefox;
- machines that don't use Firefox exclusivly for web browsing.

Then we could place a banner on MS website like "forGOT this FACTS?" :)

Absolutely not surprised!! (1)

dentar (6540) | more than 8 years ago | (#14687020)

I routinely scan XP machines all the time. I see numbers in the hundreds. If the UK only has that few, they're lucky!

Spyware hype or scare? No, it's reality!

Not Impressed (1)

reachums (949416) | more than 8 years ago | (#14687119)

My friend was going to get rid of his computer because he didn't think it was running right. I told him to let me look at it first. I ran some virus software and some spyware/adware software on it. I found upwards of 100 viruses and over 400 peices of spyware/adware. His computer runs like a dream now.

Englands average of 20 does not impress me!

over hyped but possibly true. (1)

ssand (702570) | more than 8 years ago | (#14687156)

While these numbers are overhyped, it's certainly not nessesarily unrealistic. More and more sites are including drive by downloads, including the spyware that's pretending to be anti-spyware. We see this with many sites, such as ebaumsworld (which unfortunately steals all of its content) and has recently added the winfixer spyware to its list of trash. I would guess a large amount of people will infect themselves for a little entertainment.

Windows! (0)

Anonymous Coward | more than 8 years ago | (#14687183)

According to the latest figures from Webroot, there are more than 21 online spies for every Windows PC in the UK, the highest figure in Europe.

No problems on my OS X or Linux! It's amazing that a company would write insecure software and then have the nerve to sell protection is amazing. If Windows was secure there wouldn't be a need for Mrs Brothwood to be named a Most Valuable Professional by Microsoft for her (volunteer/free) security work!

Doesn't surprise me (0)

Anonymous Coward | more than 8 years ago | (#14687370)

As someone who works for the IT department of a university cleaning up student laptops (Windows XP and 2000 mainly), I see stuff like this all the time. I've seen Adaware go over 5,000 before. If anything, the average student has more than 20 pieces of spyware usually. Thankfully Spybot, MSAS, HijackThis, Adaware, Sysinterals Auto Runs, a good virus scan and the ability to turn off system restore make fixing them not so difficult.

Even having 1 Spyware is too many... (1)

Pi55edOff (938166) | more than 8 years ago | (#14687411)

I don't think that it is played up as I have seen very well how well Webroot's SPY SWEEPER cleans up computers where all other Anti-Spyware fail miserably.
"In fact, the figures come from Webroot - an anti-spyware firm with a commercial interest in playing up the spyware threat." I strongly believe this as a lot of people have NO Clue about protecting their computers at all.
I just did 10 computers convincing our clients to switch to webroot's spy sweeper and I was able to show them how inferior the other products were compared to this one. Spy Sweeper even stops ALL POPUPs including ones that are run by spyware software outside of IE/Firefox.

I would recommend that others try spy sweeper out and compare it to your other Anti-Spyware software. This software is worth the money when they get it working 100% of the time vs the poorly made competition.

lies, damn lies, and statistics (1)

buddyglass (925859) | more than 8 years ago | (#14687447)

What counts as a "piece" of spyware? If a particular malware application entails five files, is each of those a "piece"? Are they counting each tracking cookie as a "piece"? Without detailed definitions, "20 pieces" is meaningless.

Cookies (1)

Cromac (610264) | more than 8 years ago | (#14687477)

Anti spyware companies also have an incentive to tout cookies as some huge spyware threat too. How many of those 87% of "infected" machines had nothing more than a doubleclick cookie on them?

Education is NOT answer (0)

roe-roe (930889) | more than 8 years ago | (#14687544)

As per the slashdot article that I happen to agree with ( it ran a month or so ago) Education is not the answer, locking the user out of abilities and controling what they can do and what they can't do is the answer. Most IT people should agree that the fewer things their employees do on their computer that isn't work related (ie download FWD attachemnts, install software, blah blah blah) the better shape the computer is in. Things like spyware and adaware whatever malware should not be able to be installed on a computer in the first place. Until that happens the is always going to be a multibillion dollar market (which may be the point)

Easy for me to see! (2, Insightful)

StarWreck (695075) | more than 8 years ago | (#14687566)

This number is easy for me to see as an "average". Either people are at least mildly educated about spyware like us on /. and have absolutely no spyware or are completely unedcuated and have several thousand pieces of spyware!!! Those with several thousand pieces when averaged with those who have none what-so-ever can easy come up with 20 pieces on average.

Warning: Webroot Software Destroys .ZIP Files! (1)

Teddy_Roosevelt (757045) | more than 8 years ago | (#14687570)

WARNING: Webroot's anti-spyware scanning software (Spy Sweeper 4.5.8, build 683)destroys .ZIP files that were created with the "encrypt filenames" setting turned on. It truncates the files to 1 KB each, deleting all other data, without warning or notice.

I lost 19 GB of data in the first scan. They were barely responsive when I told them about this.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account