Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Spyware –are we winning this war? Not yet.

July 7th 2005 in Uncategorized

A group called the “Pew Internet & American Life Project” (PIALP) has released a report examining the effect that spyware has had on (an American’s) behaviour when on the Internet.


 


The report is available in PDF format here:
http://www.pewinternet.org/pdfs/PIP_Spyware_Report_July_05.pdf


 


The media release can be seen here:


http://www.pewinternet.org/PPF/r/108/press_release.asp


 


To summarise PIALP concluded that:


 


52% of home internet users say their computer has slowed down or is not running as fast as it used to.


51% of home internet users say their computer started freezing up or crashing, requiring them to shut down or reset.


25% of home internet users say a new program appeared on their computer that they didn’t install or new icons suddenly appeared on their desktop.


18% of home internet users say their internet home page changed without them resetting it.


 


In an attempt to stem the flow of spyware or adware onto their computers, those surveyed reported taking the following preventative steps:


81% of internet users say they have stopped opening email attachments unless they are sure these documents are safe.


48% of internet users say they have stopped visiting particular Web sites that they fear might deposit unwanted programs on their computers.


25% of internet users say they have stopped downloading music or video files from peer-to-peer networks to avoid getting unwanted software programs on their computers.


18% of internet users say they have started using a different Web browser to avoid software intrusions.


 


PIALP then goes on to say that 43% of those surveyed reported spyware or adware had managed to get onto their machines and that 60% did not know where it had come from.


 


I’m not surprised that so many do not know the source of malware on their machine – there is a GLARING omission in the above list, that being, what percentage of users have stopped downloading and installing advertising supported freeware (adware).


 


Unfortunately there is nothing that can be done to prevent a user from consciously downloading and installing adware or spyware.  Anti-spyware software can detect malware or spyware during or after installation, but (just like anti-virus protection) such programmes are only as good as their last update.


 


According to the survey, only 1 in 10 people surveyed believed that clicking through an EULA is sufficient notification for the purposes of obtaining permission to install adware, yet an EULA is the primary defence (nay, excuse) given by adware companies when challenged about their wares.  Personally I’m sick of adware suppliers and bundlers hiding behind long winded, and sometimes difficult to understand, disclaimers and disclosures (whilst ignoring the fact that the person installing their wares may be legally too young to agree to an EULA anyway – as happens far too often with ‘toy’ freeware such as fun cursors, IM client add-ons etc).


 


I have seen one installer that forces a user to scroll to the end of an agreement before allowing the ‘next’ button to be clicked – and that is the OpenOffice installer.  More programmers should start doing the same thing.  I acknowledge that forcing a user to scroll through an EULA will not force them to actually read what they’re seeing, but when combined with the judicious use of colour and bolded text the salient points can be made very obvious.


 


Bearing in mind that this telephone survey consulted only 1,336 people some other points really concern me.  For example:


 


Only 68% of broadband users use a firewall (compared with 44% for dial-up users);


9% of those surveyed said they did not know if their anti-virus updates automatically, and 18% (of those that do know?) do not know how often it updates;


Fully 20% of those who attempted a fix [of spyware] said the problem has not been solved.


 


Viruses, trojans and worms are not the only risk that such unprotected machines face.  Broadband connected PCs are at grave risk of being hijacked by spammers looking to steal bandwidth, phishers looking for somewhere to set up a fake financial institution web site, or script kiddies looking for unprotected hard drive space to spread their wares.  It is simply unacceptable that so many PCs are unprotected, but how do we address the problem?  Users cannot be forced to upgrade to a new operating system, nor can they be forced to use firewalls and anti-virus.


 


The only silver lining that I can see at the moment is my belief that the drive-by adware and spyware downloads will slowly die out as Internet Explorer continues to be security hardened, and Windows XP SP2, and later Longhorn, slowly replaces older operating systems.  Windows XP with SP2 was the first time the Windows Firewall was enabled by default, and the new Security Centre ensures that computer users know if their firewall or anti-virus are not working, or if the anti-virus is not up to date.


 


But, that being said we MUST NOT depend on Microsoft, computer manufacturers, ISPs or any of the other popular targets in the spyware debate to protect us from ourselves.  Knowledge is power – not only self education but educating those we have contact with.


Comments are closed.

The Longhorn RSS team have started their own blog – the best place to keep up to speed on the latest public information about this new ability in IE.
http://blogs.msdn.com/rssteam/
 

Previous Entry

This vulnerability (otherwise known as Bloodhound.Exploit.40) affects the Microsoft Java VM (which has been ‘out of circulation’ for quite a long time, but may still be on older operating systems).
 
Carefully read this article:
http://www.microsoft.com/technet/security/advisory/903144.mspx
 
My recommended (and the least disruptive) workaround is the first one – “disable the javaproxy.dll COM object from running in IE”.
 
Some antivirus programs are […]

Next Entry

Archives