Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

How Spyware Took The Next-Gen Threat Crown (On The Internet's No #1 Threat Today MUST READ!!!)
ESecurityPlanet.com ^ | 12/20/04 | Sonny Discini

Posted on 12/21/2004 2:39:48 AM PST by goldstategop

Spyware used to be defined as applets, cookies or any other method used to collect statistics on your browsing habits. Gone are the days of such a benign interpretation. Spyware has evolved into a problem that surpasses those posed by traditional worms, viruses and Trojans.

Today, these once relatively innocuous apps have evolved from anonymous, and often invisible, traffic statistics gatherers into beasts capable of crippling your PC's performance by installing unwanted toolbars, pop-up ads, desktop icons and many other nuisances.

If that's not bad enough, some Spyware will modify system files, change security zone settings, keylog your sessions, spawn Trojans and change start page settings. Today, the term "spyware" is, in my opinion, synonymous with virus, and as usual, you have been left to deal with this on your own.

How did this happen?

Like many age-old schemes, the desire for easy money has driven spyware development into the darkest corners of the Internet. Unscrupulous individuals use flaws in the Windows operating system in combination with Microsoft's browser, Internet Explorer, to distribute their wares, or more accurately, infect your machine.

Countless types of applications, browser helper objects, cookies and bots are now competing for your finite system resources in order to pitch pop ups, report your internet activity, modify OS settings and steal personal information. Simple site statistics are no longer sufficient to sustain the beast.

Spyware companies are making millions of dollars by evading laws, finding loopholes, exploiting vulnerabilities and making their products resistant to removal. When compared to what we all know as a traditional virus, spyware is much worse because viruses are not nearly as tenacious when it comes to re-propagation or resistance to removal.

This may sound like the work of evil, globally dispersed hacking networks but many spyware developers are operating within U.S. borders without so much as a hiccup from the legal system. Although as of late, the spyware problem has generated some rumblings on Capitol Hill.

Another punch to the gut is that it is very easy to track who is benefiting from your pain. Spyware partners are typically paid on a, 'per installation' basis. This means that there is a unique ID associated with each installation so that the partner can get paid. This information is easily acquired, yet no one is doing anything about it.

To further entertain us, Spyware companies are very shrewd and typically add verbiage on their sites to make you believe that all their software is installed only with your consent. What's even more hilarious is how the worst offenders have anti-spyware animations running on their sites.

If you look closely you would almost believe that you are reading a legitimate EULA when in fact, you're reading deceptive or flat out inaccurate information. Many of them tell you that the apps can be easily uninstalled using the add/remove programs feature in Windows. In my experience, this does not work. In fact, there have been times when I have seen what appears to be a complete uninstall only to find that the Spyware is still operating in the background.

My anti-virus suite will surely help me, won't it?

No. If you look at this from the standpoint of AV providers, there is no financial benefit, thus, there is no motivation to add spyware removal features.

Many of the best removal tools are freely available for download. It does not make sense to attempt to develop something better than people already expect for free. Additionally, it is much harder to keep up with spyware than worms, viruses and Trojans because most of the aforementioned were not designed for financial gain and were typically developed by loose bands of unfunded hacking groups to prove a point.

When compared to the financial forces that are backing spyware, the cost to AV companies to keep up would be astronomical. Without a significant increase in product costs, AV companies cannot allocate resources to battle what has become the new front on the assault of your Internet experience.

I have a personal firewall and I patch my system all the time. Shouldn't I be safe?

Absolutely not. For openers, Microsoft is slow to deliver patches in relation to the speed and efficiency that malware developers disseminate their apps. Statistics show that browsing a single site can yield over a dozen infections.

What's worse is that Browser Helper Objects (BHOs) are invisible to personal firewalls. The traffic is seen as originating from your browser, not the malicious helper. Spyware developers know precisely how personal firewalls behave and their apps are written to take advantage of allowed protocols and applications. Adding insult to injury, spyware uses Microsoft's own zone security model against them by simply placing malicious sites in Internet Explorer's trusted zone.

OK so which spyware removal tool is the best?

There is no single tool out there that can rid you of your troubles. Typically, running two or three different scanners will yield different results. A popular tag team approach to vanquishing the unwelcome code includes installing both Lavasoft's Adaware and Spybot Search and Destroy.

Also, detecting spyware is completely different from removing it.

As of late, spyware makers have started delivering apps that cannot be removed with automated tools so even if you ditch IE in favor of an alternate browser you may still find yourself spending hours trying to remediate infections. Sadly, users end up lost in search engine results and scanning forums hoping to find a remediation process that worked for other poor souls.

In some cases, a complete OS reinstall is quicker than bearing this pain. You may also find yourself victimized by your own desire to remove spyware. Some crooked coders have actually developed what look to be legitimate spyware scanners, which are, in fact, spyware propagators.

What can we do?

Sadly, the funding that's fueling spyware development is far greater than the funding devoted to stopping it. Until the playing field evens out, spyware is going to continue to invade our privacy, steal information and cause financial and personal loss.

For now, the best thing you can do is visit trusted sites and be vigilant about scanning your machine with a variety of anti-spyware tools. Keep in mind that most bona fide removal tools are developed by independent groups of developers and small development firms. Paying for anti-spyware software is not an indicator that you are getting a superior product over free, open source alternatives.


TOPICS: Business/Economy; Crime/Corruption; News/Current Events; Technical
KEYWORDS: computers; exploit; getamac; internetexploiter; lookoutexpress; lowqualitycrap; malware; microsoft; patch; removalcleanup; scumware; securityflaw; sonnydiscini; spyware; threat; trojan; virus; windows; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 101-120121-140141-160161-169 next last
Comment #141 Removed by Moderator

To: goldstategop

bump


142 posted on 12/21/2004 1:46:49 PM PST by jalisco555 ("The best lack all conviction, while the worst are full of passionate intensity." W. B. Yeats)
[ Post Reply | Private Reply | To 1 | View Replies]

To: goldstategop

bttt


143 posted on 12/21/2004 1:50:29 PM PST by tje
[ Post Reply | Private Reply | To 1 | View Replies]

To: goldstategop

Thanks for posting this. Anybody want to trade a slightly used PC for a Mac (just kidding, but the thought has crossed my mind)?


144 posted on 12/21/2004 1:54:37 PM PST by Darnright
[ Post Reply | Private Reply | To 1 | View Replies]

To: goldstategop
Until we get Longhorn...

Don't expect anything to change. MS has had over twenty years to get an operating system right. Intead, they are widely known as a malware writer's best friend. Don't hold your breath.

145 posted on 12/21/2004 1:57:59 PM PST by TChris (Most people's capability for inference is severely overestimated)
[ Post Reply | Private Reply | To 15 | View Replies]

To: chronic_loser

Moved all my machines to Firefox last week. I've been telling all my friends about it. The only downside is that my default mail is hotmail (I have four addresses) and I lose a lot of formatting capabilities, especially when replying to a message.

Tough.


146 posted on 12/21/2004 1:58:58 PM PST by RobRoy (Science is about "how." Christianity is about "why.")
[ Post Reply | Private Reply | To 19 | View Replies]

To: RobRoy

actually, I have to use IE at work alot, as I am an insurance broker, and Safeco, Hartford, Progressive, GMAC, Travelers and Farmers all have activeX scripts on their websites. Progressive actually partners with MS. For right now, I am stuck at work with MS.

We need a good, open source java so we can do away with this ridiculous crap.


147 posted on 12/21/2004 2:03:45 PM PST by chronic_loser (Go to my blog: http://snarktown.blogspot.com)
[ Post Reply | Private Reply | To 146 | View Replies]

To: TChris
MS has had over twenty years to get an operating system right.

Believe it or not, that is actually part of the problem. They atarted working on their OS back in 1980 or so, long before the advent of the Internet, or even networked PCs. As a result of this environment, their OS was geared for one person at a time. Security, especially remote security, was not an issue then and they did not design for it.

Twenty-four years later, and a philosophy of backwards compatibility, and we get the mess we have now. If they had abandoned the issue of backwards compatibility sometime in the late '90s, and started afresh, they'd've had a much better OS today. Apple did that much too early (mid '80s) and lost most of their customers. MS went the other way and time will tell what will happen to their customer base.

148 posted on 12/21/2004 2:07:20 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 145 | View Replies]

To: chronic_loser

8^>

I'm still using IE at work. However, during our last conference call (my team is spread all over the country) my second level boss was mentioning Firefox as some new hot thing. There was no comment on it being inapropriate here at work. I think I'll install it.


149 posted on 12/21/2004 2:07:20 PM PST by RobRoy (Science is about "how." Christianity is about "why.")
[ Post Reply | Private Reply | To 147 | View Replies]

To: Musket

You can run Firefox like any other program. I'm typing this in Firefox running on Windows 2000. Going back and forth is no problem at all, and I have to say it's wonderful.


150 posted on 12/21/2004 2:15:12 PM PST by Windcatcher
[ Post Reply | Private Reply | To 94 | View Replies]

To: KMC1
AD AWARE PRO

That comes with the real-time AdWatch. Do you run it?

I recently bought the Pro version and installed AdWatch. However, I still seem to have gotten infected by the CoolWebSearch spyware. I had to restore my system from a backup.

-PJ

151 posted on 12/21/2004 2:24:16 PM PST by Political Junkie Too (It's still not safe to vote Democrat.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: goldstategop
Another protection is having a good backup.

A few months ago I bought Backup MyPC from Sonic. I have a CD/DVD-ROM drive and a CD/DVD RW drive. I keep a DVD in RW drive and do daily incremental backups to it. When the incremental disk fills up, I take another full backup and start another incremental disk. I currently keep three generations of backups.

I didn't see the Intermute CoolWebShredder when I got infected, so I just restored my PC from the backups to the point where I got infected.

Even with good protection, and a spyware remover, it is still good practice to keep current backups of your system.

-PJ

152 posted on 12/21/2004 2:28:38 PM PST by Political Junkie Too (It's still not safe to vote Democrat.)
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #153 Removed by Moderator

To: Happy2BMe
Doh!! Just now catching my typo - repeated multiple times due to CTRL+C / CTRL+V.

Whatca s/b "Whatcha" .....


154 posted on 12/21/2004 2:51:18 PM PST by MeekOneGOP (There is only one GOOD 'RAT: one that has been voted OUT of POWER !! Straight ticket GOP! ©)
[ Post Reply | Private Reply | To 138 | View Replies]

To: goldstategop
A good discussion of the growth of spyware into a menace that can cripple your PC's performance and compromise your safety, privacy and security online. Plus advice on how to get it off and how to keep it off. MUST READ!!!

Excellent article!
Bookmarked!

155 posted on 12/21/2004 2:52:28 PM PST by Eagle9
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
I agree in general with your analysis. However, MS could have done a much better job with the virtualization of the single-user environment with NT than they did. Once the single-task, non-networked universe was expanded, they should have started thinking differently.

Shame on MS for not taking security seriously as soon as they dared step into the server O/S market. At that moment, there should have been a profound paradigm shift from an emphasis on prettiness and ease of use to one of stability and security. It has taken a lot of hard knocks to get them to begin to realize just how far behind they are on these issues.

Dream List of New Priorities for Windows:

  1. Rock solid stability - They've made very good progress here
  2. Rock solid security - This will take an overwhelming change of attitude. Not likely.
  3. Software efficiency (i.e. Solid core functionality over a plethora of bells and whistles) - Better modular software design, less "swiss army knife" design.
  4. Greater user/administrator control - There are still far too many things changed and controlled in the background by the O/S. And who the hell thinks its a good idea for the O/S to ever tell the local administrator "Access Denied" when he/she gives it a command!? Admin is King. Period.
  5. Well-implemented, optional software features that don't change places and interfaces with every release.
  6. A modular, efficient GUI that doesn't presume that everybody wants/needs a browser-like interface for every function. Rip out Internet Explorer! It's like having a tapeworm.

Just my $0.02 worth as a 15-year DOS/Windows veteran user, developer, MCSE and LAN admin.

156 posted on 12/21/2004 2:52:36 PM PST by TChris (Most people's capability for inference is severely overestimated)
[ Post Reply | Private Reply | To 148 | View Replies]

bttt


157 posted on 12/21/2004 2:54:40 PM PST by stainlessbanner
[ Post Reply | Private Reply | To 50 | View Replies]

To: goldstategop
Internet Explorer is a secure web browser (please hold your laughs and derision :^) The problem with IE is that it's default configuration is set to "Rape Me With a 2x4 Sideways".

I have never had one problem with IE, spyware or viruses. Here is what you need to do to secure IE without any 3rd party applications:

Go into Tools--Internet Options--Security. You will see four "Zones" - Internet, Local Intranet, Trusted Sites and Restricted Sites. All websites are in the "Internet Zone" by default. This is the Zone where increased security is needed.

Click the "Internet Zone" icon and then click "Custom Level". Select "Disable" for every option where you are asked whether you want to download or run Authenticode, ActiveX, Java, Javascript or Active Scripting. Then click "OK".

The "Trusted Sites" Zone is where you list URLs that you wish to allow greater freedom to run (microsoft.com for updates, your online banking site, FreeRepublic, trusted retailers, etc.).

Follow these instructions for Internet Explorer, and your computer will never see one byte of spyware.

158 posted on 12/21/2004 7:15:15 PM PST by 10mm
[ Post Reply | Private Reply | To 1 | View Replies]

To: 10mm

O.K. I'll take your challenge.


159 posted on 12/22/2004 5:49:47 AM PST by Musket
[ Post Reply | Private Reply | To 158 | View Replies]

To: Musket
Thanks for the info. I think when I get back from visiting relatives over Christmas I will give Firefox a try.

One other question came to mind. Do you know if downloading Firefox with XP will give it to all the users on the computer, or just my user account? I know some programs install accross the board, but some seem to be specific to the user who installs/downloads them. I guess it won't really matter, but I was curious.

160 posted on 12/22/2004 7:10:05 PM PST by Pablo64 ("Everything I say is fully substantiated by my own opinion.")
[ Post Reply | Private Reply | To 97 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 101-120121-140141-160161-169 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson