General discussion

  • Creator
    Topic
  • #2191472

    Is spyware replacing the virus?

    Locked

    by Anonymous ·

    Hi guys. I’m going to go out on a limb and say that the computer virus would have to be outdated now since spyware seems to be more destructive. I find that with my job, I spend more time on security jobs where I have to remove spyware than I do on removing viruses. A virus usually does one thing and masquerades as a system file. Spyware on the other hand can be annoying and quite dangerous, especially to your hip pocket. Spyware such as Spy Falcon and WinFixer, which are easy to remove, just annoy the hell out of users and try to trick them into paying for software they don’t actually need and does nothing in the end. I setup a clean system and knowingly put Spy Falcon on it and within the first few minutes it was telling me my system was infected and that I should pay up to protect my system, even though I knew it was clean. Spyware effects range from pop-ups, email address catching and browser hijacking right through to getting you to pay for something that does nothing or doesn’t even exist. I’ve the latter seen it happen three times to customers over the past two weeks.

    This is a serious issue and while we bust our guts and clean the systems and install software to protect the customer, the spyware makers just keep coming up with new versions of spyware that can’t be removed or take longer to remove, or if removed , render the OS inoperable. Granted most spyware is made for and targeted at Windows users but I’d like to hear what people have to say on this, do you think Spyware is now a bigger threat than viruses and what do you think the worst spyware for is for Windows, Mac, *nix and other OSes.

All Comments

  • Author
    Replies
    • #3266217

      For Windows

      by neil higgins ·

      In reply to Is spyware replacing the virus?

      it has to be programs such as,Gator/GAIN/Claria and Grokster.
      Also Adopt.Hotbar.com which tracks web use patterns.
      Download Accelerator Plus,can change browser settings,and transmits info to home base,without your permission.And of course “illegal” peer to peer software,with all the nasties that brings.

      • #3075115

        Maybe the simplest trick

        by nappy_d ·

        In reply to For Windows

        The first foremost thing you should do is remove the users’ admin privileges.

        In my corporate environment, none of my users are given admin privileges. I have never had any malware or spyware because of this.

        If I am correct, many of these applications require administrative privileges to install there files to your Windows directory or to add key to the [HKEY_LOCAL_COMPUTER] section of the registry; “no permission, no install”.

        Also since no premissions, many ActiveX controls will not run.

        With ActiveX controls, if you have an Active directory infrastructure, only allow administrator approved ActiveX controls; this link will give you ammo to config controls that you trust –> http://searchwindowssecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid45_gci1015063_tax299589,00.html?bucket=ETA

        Finally, if you trust the “signed” ActiveX controls that are out there already, you can take a leap of faith and enable the GPO that woulld allow you to accept and trust signed controls for downloading to your computer.

        If you have stand alone machines not in an Active Directory environment, you can run from the run window to make these same local changes.

        I have been doing these things for about 4 years now on w2k and XP and have never had a bout with spyware and malware.

        PS, stop(if you are doing this) installing the freeware, smilies, dancing baby etc, these are also a major source of these things. Your users don’t need them. If you can justify your case to your CFO, CIO or whomever, you will be much better off.

    • #3266107

      Reply To: Is spyware replacing the virus?

      by cmanas ·

      In reply to Is spyware replacing the virus?

      how do I get rid of this pest from my machine? I can’t find them.

      • #3074990

        removal aid

        by noorman ·

        In reply to Reply To: Is spyware replacing the virus?

        try XsoftSpy (Pareto Logic)

        It ‘s auto-updating its program & its database (if you choose to) and it finds over 43000 of them …

        I ‘ve been using it for about 2 years; I ‘m very happy with it.

        I also use the freeware Spywareblaster to try and PREVENT spyware from getting to me.
        The freeware has to be updated manually; the program isn’t ON all the time. It ‘s just used to update the database and install its data where it ‘s needed. So, NO resources lost there.

        hope this helps.

        • #3076707

          xoftspy IS spyware

          by dr dij ·

          In reply to removal aid

          http://www.spywarewarrior.com/viewtopic.php?t=2678

          they may recently have changed but they started as a bogus spyware removal company that lied about effectiveness and may have installed spyware itself

          It’s kind of a pyramid scheme scam – they get a whole bunch of bogus websites promoting it and making money off it, kind of like zombie religious fanatics.

      • #3076581

        SpyBot, Adaware, AdAware

        by mintol1 ·

        In reply to Reply To: Is spyware replacing the virus?

        I would storngly recommend Spybot (Search and Destroy) for spyware removal. Despite the childish subtitle, it does a great job for FREE. Another free spyware removal software I recommend is AdAware – free and fast with many options. If you find your browser hijacked (going to wherever it wants as you click links on any site) you will find HijackThis to be a very powerful tool. You have to be careful when you work with HijackThis, bc it has the power of removing malicious registry keys.

        All of those need to be updated manually.
        With all those 3 pieces of software ran every couple of days, your PC should be clean.

        Good Luck.

        • #3076845

          Use all the free ones

          by dr dij ·

          In reply to SpyBot, Adaware, AdAware

          I’d add trendmicro’s free online spyware scan, found a keylogger that m$ had not.
          here’s link
          http://www.trendmicro.com/spyware-scan/free_spyware_scan.asp

          m$ antispyware – now called somethign else. not sure if still free.

          and ca has pest patrol free online scan

          spysweeper is #1 rated but you can only use it for 30 days as trial vsn; I’ve had it find stuff adaware didn’t

        • #3163676

          no doubt

          by meson.storm ·

          In reply to Use all the free ones

          spysweeper and adaware search for different types of malware
          use this setup for at home use or for wondering teens (all free prograns)

          AVG Free edition (Better than everything available except f-prot)
          Adaware SE
          Spybot S&D
          Spyware Guard
          Spyware Blaster
          Zone Alarm Free edition
          Windows Defender BETA (as long as it is free)
          Clean Up
          KEEP YOUR OS UP TO DATE WITH ALL PATCHES OR UPDATES.

          Use of these programs will help you avoid having to use programs like High Jack This (but if you need it, it works great.)

        • #3076620

          I agree with that combination!

          by jaymanson ·

          In reply to SpyBot, Adaware, AdAware

          I’ve always found that using a combination of Spybot (Search & Destroy), AdAware and Hijack This keeps the spyware in check on my PCs. Obviously make sure these free programs are regularly updated, and make good use of the logfile scanner at http://www.hijackthis.de as an inexperienced user can make some destructive changes using this program!

          Get them for free at:

          Spybot – http://www.safer-networking.org
          AdAware – http://www.lavasoftusa.com/software/adaware/
          Hijack This – http://www.merijn.org/downloads.html

        • #2610313

          Be careful with Freeware, you get what you pay for

          by djpo001 ·

          In reply to SpyBot, Adaware, AdAware

          I had been using Spybot (Search and Destroy) for many years and noticed a steady degradation of my system’s speed on the net. Then it finally happened, my son went to a site and ended up with spyware that couldn’t be removed by Spybot. I am an IT professional and now specialize in Information Security, so I knew to update as often as I could and made it a habit to do so weekly. It still didn’t do any good. That was when I went over to the dark side and paid for my first Spyware removal program and was exceedingly pleased when it found and removed 136 different iterations of spyware. Moral of the story is in the title of my reply.

    • #3075255

      Reply To: Is spyware replacing the virus?

      by andrew06 ·

      In reply to Is spyware replacing the virus?

      Id totally agree with you.

      Viruses have alot more identifiable malicious strings of code than spyware/adware does. Windows seems to be alot more trusting towards files that require administrative access or rights to certain files.

      I think that vendors like ZoneLabs and Microsoft are taking steps to preventing programs and files that require access to certain files. I know for a fact that if a program is requiring certain rights to write to a folder or file, ZoneAlarm alerts me straight away.

      I think it will only get worse from here, and it’ll be up to OS vendors to keep on the ball

      • #3075251

        Removing protecting against Spyware/Addware

        by mò chara ·

        In reply to Reply To: Is spyware replacing the virus?

        After experiencing spyware infections on several systems (especially XP)the only successfull way I have been able to remove/prevent is using a combination of XP SP2 & Microsofts Anti spyware program.XP contains a pop up blocker which is enabled by default on install.The MS anti spyware program in my experience is the only program that removes the spyware/addware permanently, and bonus is its free.Prerequisite is that you have XP SP2 installed (which took an hour to install)…The other anti spyware programs seem to only temporarily remove the infection & seem to miss alot that MS antispyware detects.Thats my experience anyway.

        • #3075230

          MS Antispyware

          by phinnant ·

          In reply to Removing protecting against Spyware/Addware

          I generally agree with you that MS A/S and it’s Beta descendant MS Defender are effective, however, lately I’ve had a few machines that had MS A/S come up with some odd errors. I used http://www.ewido.net and it discovered things that MS A/S did not. I don’t think there is any one comprehensive package that can eliminate or protect against all spyware so we use a combination of software. Most of the companies we support don’t want to buy Anti-Virus and Anti-spyware software so we use free A/S software on most. Can anybody recommend a paid version of A/S they like?

        • #3075226

          My No. 1 Choice

          by mccmike45 ·

          In reply to MS Antispyware

          By far, out of the 4 products I have used, CounterSpy from Sunbelt-Software has to be the best. It does a bang up job in cleaning an infected system, and it has a firewall type function to help prevent new infections in the data stream. You can get a free 15 day trial. The cost is $19.95 per year and if you buy in increments of 2, you can get the second copy at half price.

          I just used the new version of Ad-aware SE Plus and it has improved over the last year. It also has the firewall type blocker.

        • #3075223

          Alternative to MS Antispyware

          by quiet_type ·

          In reply to MS Antispyware

          CounterSpy is based on the same original technology from Giant Software that Microsoft is. Microsoft purchased Giant a couple of years back, but before they did, Sunbelt Software licensed the Giant technology. Giant was the recognized leader at the time in effectiveness at the time. Since the purchase of Giant, Sunbelt has actually improved on the original product and has several times been an “Editors’ Choice” at PC Magazine. Microsoft’s version, on the other hand, has slipped in the ratings, and usually trails CounterSpy, Spy Sweeper, and Spyware Doctor. I personally like Spyware Doctor for its consistent effectiveness, its interface, and the array of active monitors it features.

        • #3076598

          SpySweeper is the best

          by mikelis8 ·

          In reply to Alternative to MS Antispyware

          I’ve used them all and although i loved Counterspy in the past, even their 1.5 version
          trails SpySweeper in what it finds. I’ve done a side-by-side comparison.

        • #3076464

          Spysweeper not that great

          by ds4211a ·

          In reply to SpySweeper is the best

          I use SpySweeper because it seemed to work pretty well. However, I run other programs like SpyBot or SpyWare Doctor after I run SpySweeper and always find more spyware that SpySweeper missed. This whole spyware business is a real pain in the butt.

        • #3076313

          Use more than one AntiSpy

          by mintol1 ·

          In reply to Spysweeper not that great

          You would be wrong to assume that one AntiSpyware package will take care of it all. You really need to use more than one.

          I fully support ds4211a’s view on SpySweeper.

        • #3075014

          The Combo

          by haxer18 ·

          In reply to MS Antispyware

          Your right, using a combination of porgrams is your best bet. I would suggest, Lavasoft, “Adaware” with MS Antispyware or it’s descendant “MS Defender” are a good combo to use. Also, Spybot Search & Destroy is good too. Another decent program is called Spyblaster, it is a program that you can run after your machine is clean that will prevent spyware from being installed on your machine. I’m sure there are a million other programs out there that claim to remove spyware, but the above mentioned programs are some of the best I’ve used, and best of all, they are all free. Alot of times, in order to wipe all traces of the spyware, you need to disable the system restore feature, and rescan your computer. Also, sometimes it is neccessary to dig around your system registry. But I wouldn’t suggest that one, unless you are an advanced user.

        • #3076571

          Add to the Combo

          by mintol1 ·

          In reply to The Combo

          I strongly agree with haxer18 – I would add XoftSpy and HijackThis to the mix. XoftSpy 4.2.1 is fast and has easy interface.

          HijackThis 1.9 ia a good last resort tool for those who are at least a little familiar with registry. HijackThis shows you eactly which registry items are suspected of suspicious activity.

          SpySweeper is good too, it detects a lot – but its very slow and takes up A LOT of resources.

          I believe there is a time for every piece of antispyware software – depending on how much time you wish to devote to maintenance on you PC.

        • #3075191

          My suggestion? Use SafeSystem 2006 along with your antispyware.

          by van morris ·

          In reply to Removing protecting against Spyware/Addware

          As I have mentioned in several previous posts, I think the best protection is to prevent the spyware infiltration in the first place. Currently, I use (and recommend) a security tool called SafeSystem 2006 for that purpose. This program protects my system regardless the kind of (known or unknown) virus, spyware or malware is trying to get into it. In fact, it simply doesn’t allow any program to be installed or copied to my system while I’m surfing the Web, reading my emails or working with my computer. Sincerely, this gives me a lot of piece of mind because my system is always protected no matter if my antivirus and antispyware are updated or not. Don’t forget that perhaps they are updated but they just don’t recognize the virus or spyware which is trying to get into my system.

          I found SafeSystem at: http://www.gemiscorp.com/english/safesystem/info.html
          Also, you can see a good PR about this program at: http://www.prweb.com/releases/2006/1/prweb339444.htm

          IMPORTANT: I want to clarify that I don’t have any direct or indirect relation with the company that owns the product I’m suggesting, so my posts shouldn’t be considered SPAM.

        • #3075969

          Through perseverance…

          by Anonymous ·

          In reply to Removing protecting against Spyware/Addware

          I have actually found that a combination of three spyware programs will remove and keep a system clean. The very popular, and now no longer downloadable for a free trial, SpySweeper from webroot can really remove almost anything out there. Back that up with a secondary scan from Adaware and Windows Defender, then remove the trial version of SpySweeper and viola! A clean system that is then protected from future spyware infections.

          However I did find recently that SpySweeper could not remove the latest version of SpyFalcon (a nasty piece of work) and all my manual attempts to remove it also failed. Seems it was hiding itself in a new place and would re-infect on boot. Defender also couldn’t remove it nor could Adaware, though this may have changed since two weeks ago though.

        • #3264203

          Which Software to use?

          by themathwizard ·

          In reply to Removing protecting against Spyware/Addware

          I go on a lot of calls were spyware/malware is the culprit of the incident. My favorite used to be Ad-Aware but recently they are missing infections that it used to find. Spy Bot finds a whole lot more but has a hard time removing the offending files or registry entries, even in safe mode. MS Defender seems to be the only program that I know of that takes a lot if not all spyware out. I don’t know any program that can check its reliability. Does any one know of any other programs?

        • #3265836

          I know I’m repeating myself…

          by dennis_london ·

          In reply to Which Software to use?

          I use McAfee VirusScan Enterprise 8.0i with the Anti-Spyware add-on module. It scans and cleans everything from the machine to include items in the registry as well as cookies.

          Worth every penny I spent and I would gladly spend more to keep this level of protection.

    • #3075254

      IT ALWAYS HAS BEEN

      by compsale ·

      In reply to Is spyware replacing the virus?

      Spyware has always been the greatest threat. Viruses have only been a threat to those who do not back up their system and are stupid enough to open obviously questionable attachments. The problem was it got the media publicity. On the other, spyware is subtle, it is invisible and invades our very privacy, broadasting it to the world. This is the threat and it has been there long before the virus really became fashionable

    • #3075252

      Practical debate.

      by whistl3r ·

      In reply to Is spyware replacing the virus?

      The most trivial of all are pop ups and advertisements.

      It’s most certainly hit IT for many years, spyware has been around for ages (as long as virus’) and the only way to combat it, practice proper security methods, as you would a virus.

      Though, what you’ve explained relates to phishing not as much to spyware, per se, gathering up personal information without your knowledge or consent.

      In some cases, virus’ and spyware are good. They help us understand insecure networks and flaws in an OS. Overall, they help secure policies that need to be created. Heck, if viru’s / spyware never existed… most of the IT field would not be employed.

    • #3075237

      Obviously

      by pete1978 ·

      In reply to Is spyware replacing the virus?

      spyware is the bigger threat. A virus treatens to, at the worst, destroy your data and cripple your PC. When that happens, you realize it (because the data is gone) and you should be able to recover the PC and then restore the data from backups. Spyware, on the other hand, delivers information about you, perhaps very confidential information, into the hands of other people. You do not know what information they have or how they will use it. It is possible for them to cause far more damage with the information than the virus can by destroying data. And when spyware has already hit you, you cannot run a restore to keep the information out of someone else’s hand … they already have the info.

      Well over a year ago, a CTO colleague at a technical college told me that spyware was by far the biggest threat he had to deal with. I don’t believe that in the time since, this has changed.

    • #3075234

      My Network Protection

      by jjenni_viper ·

      In reply to Is spyware replacing the virus?

      Of course you can do everything right and still not keep the junk out but you can take a stab at it with proper software. i maintain a domain with around 65 pc’s and growing. we are just moving out of nt4 domain to win2003 domain. i am taking a locked down local pc aproach with terminal services for all the users access to company resources. even with the locked down local pc’s i run norton av corp and webrrot spysweeper corp on all pc’s that log on to the domain. this so far has been keeping both virus and spyware off our pc’s. of course there has been challenges to configure the two programs to work together without stressing the pc but there is no all in one solution out there. i looked at the best in the different catagories and tried them out. now it does cost about 2 grand a year for lic renewal subscriptions but it is a small price to pay for not having a single day interrupted by a user getting infected and causing a network wide problem for the last 4 years as i am a one man network admin but this is just my 2 cents. every person in the world will have a different aproach to virus and spyware protection based on experience but each network is unique so try different combinations until you find one that works for you fits your bugdget etc. above all you have to have end user protection and internal protection on each server. then look at outer edge protection. there is 3 key areas to be concerned with. i took the end user first then the server and i am now looking at the outer edge of protection at the gateway to increase protection to 3 layers.

      • #3075071

        Au Contrair Mon Freir

        by black-eyed pea ·

        In reply to My Network Protection

        I used to think there was no all-in-one solution out there too…that is, until I found Fortinet. Ever heard of UTM (Unified Threat Management)? Fortinet allows the following from one FortiGuard device: firewall, antivirus, antispyware, intrusion prevention, antispam, VPN, virtual domains, traffic shaping, and Web content filtering.

        It can act as a router or you can use it transparently so it doesn’t appear as a trace route hop. The FortiGuard-A devices even act as wireless access points. You don’t have to take my word for it. Just go to http://www.fortinet.com and check them out. On PC’s you install Fortinet client software that protects at the PC level and which you can use for a VPN client. What’s more is that it only costs about 5 bucks per software client!!!

        I don’t know about you birds, but I get sick of using four or five different antispyware apps to remove this crap. Spyware IS ABSOLUTELY more of a threat than virii. If you haven’t noticed, the lines between malware have become blurred and it will become progressively harder to differentiate. That is why there are so many names for it: crapware, scumware, adware, spyware, malware, etc. Spyware, in general, has become more malicious.

        With virii, you have one or two files to quarantine and delete. With spyware, you may have hundreds of files and registry entries and you can’t be sure that the computer is entirely clean unless you write zeros to the hard-drive and start over from scratch. IT pros can’t afford to strike the “out-of-sight-out-of-mind” pose. If you think the spyware is gone, just run another antispyware app and you’ll find out you’re wrong, sucker!

        We buy all these utilities and devices and waste countless hours cleaning machines. I got sick of it and we bought UTM via Fortinet. Now I can do what I was hired to do.

        • #3074981

          Single point of failure?

          by trdgyrl ·

          In reply to Au Contrair Mon Freir

          Fortinet is a good solution – I just hope you’re using it in conjunction with other layers of defense as well. A device that handles ALL of these functions is clearly a major risk as it presents a single point of failure.
          Furthermore, if you’re relying on Fortinet to provide all the signatures for AV, anti-spyware, etc. you may miss something that layering “competing” manufacturers solutions may find.
          Just thinking through the inherent risks – its what I’m paid to do 🙂

        • #3076508

          Pick Your Poison

          by black-eyed pea ·

          In reply to Single point of failure?

          Dear Turd Girl,

          Thanks for bringing that up. Layers of security are good, but sometimes they are bad. Humor me with this typical modern network scenario: You have only a few overworked, underpaid, and undertrained network and system administrators (or perhaps only one) running the show. The administrators would like to have antivirus, antispyware, firewall, VPN, IPS, URL filter, and antispam – if they are lucky they do have those things. If they are “normal”, they have a few of those capabilities and some sit right on top of Microsoft Windows…others perhaps on outdated equipment. In this typical scenario, the layers of security may be failing and nobody knows it or they know it too late.

          If the group of lucky administrators have boxes for each of those capabilities, then you have an enormous amount of complexity – plus, each one of those boxes seperately may cost as much (or more) as one FortiGuard. The operational cost must also be considered as one guy may not have the time and/or expertise to manage all of them. In addition, these separate devices may not communicate with one another.

          So pick your poison. We’ve picked ours and I think I may not even get a bellyache. Our architecture includes redundant FortiGate boxes, running in active/passive mode. If one is knocked out, the other one kicks in. Since the FortiGate boxes also route, we will have redundant routers. Now how many organizations have redundant routers??? Most do not. The other layer of security is the FortiClient software that sits on top of workstation OS’s.

          Here are the advantages of Fortinet: minimized downtime from individual threats, comprehensive security approach, reduced number of vendors and appliances, simplified security management, coordinated alerting, logging, and reporting, and improved detection capabilities.

          You can add layers of protection and management with the FortiManager, FortiAnalyzer, and FortiMail products. All the Forti gear have the same Web interface, so it is easy to manage multiple boxes.

          One more thing. There is nothing to prevent you from running additional boxes from other vendors. We still have some on our network, but they are now pathetically obsolete, in my opinion. I’m betting the rest of the industry will follow the lead of Fortinet in Unifed Threat Management.

        • #3076370

          You are dead wrong

          by silversidhe ·

          In reply to Pick Your Poison

          but I’ll let you find out (or not) on your own. You do sound like a running ad and I really didn’t appreciate you calling a fellow TechRepublic member “Dear Turd Girl”. I wish I could be there to see your face when your single product solution blows up in your face. One of the rules to live by is never trust like expectations you can’t be dissapointed without them. I bet you think you can be secure with wireless as well.

        • #3076281

          Oh Really?

          by black-eyed pea ·

          In reply to You are dead wrong

          Hey, look…that person is the one who picked the moniker trdgyrl. Split that up and say it to yourself. It sounds like Turd Girl to me.

          At any rate, time will tell if I’m “dead wrong.” Nobody has to run Forti gear without other layers of defense. There is a layer of security above us in our organization’s eschelon with a different solution. They can manage their solution and I will manage mine.

          For organizations low on funds and manpower with requirements for antivirus, firewall, antispam, etc., it is a great inexpensive solution.

          Do what you want. Unless you are blind or uninformed, you must see that the IT security industry is moving in the direction of unified threat management. Other vendors ARE catching on. Internet Security Systems has a UTM device called the Proventia M50. SonicWall has the Pro 5060c. Symantec has their Gateway Security 5460 appliance. Secure Computing developed the Sidewinder G2 Security Appliance Model 2150. I could go on…

          So, if you’re worried, use more than one UTM.

        • #3076255

          Kickbacks?

          by trdgyrl ·

          In reply to Oh Really?

          Sounds to me like they’ve got you completely brainwashed. Or perhaps you’re getting kickbacks?

          Clearly, you prefer the easier solution on all issues. I mean, really “Turd Girl” – you didn’t even try to be creative. Are you familiar at all with Toyota Racing Development? Could you have even considered an alternative to TRDGyrl that WASN’T base and crude?

          Regardless, I wish you luck and sincerely hope you never suffer a failure with this one stop solution – it will be catastrophic.

    • #3075232

      What I do to clean up systems on an almost daily basis

      by mccmike45 ·

      In reply to Is spyware replacing the virus?

      I have a computer repair center working on consumer and small business systems. Over the past year, the majority of our business can be attributed to adware / spyware whereas it used to be viruses. Viruses are now a very small percentage. I get systems in that are so slow, that you can’t do anything with them. The first thing that I think of is viruses.

      Since there is no single product which detects all of the viruses, I have 3 anti-virus programs that I use and 4 anti-spyware/adware programs.

      I first pull the hard drive and scan for viruses to eliminate that possibility. Then, I replace the drive and boot in safe mode. On Windows XP, the CD-Rom is still active in safe mode, so I will use Hijack This that I have on CD-ROM and remove suspicious applications from automatically starting on boot up(If you have never used Hijack This, you can really damage your system. Do not use this unless you know what you are doing since this can modify the registry). Next, I reboot and install CounterSpy from Sunbelt-Software. This app removes approximately 75-90% of the malware. The remaining two apps usually gets the rest. They are Ad-aware SE Plus from Lavasoft and XoftSpy from Pareto Logic.

      Like I said, using these 4 apps, I get about 99.5% sucess. About .5%, they do not get and by that time, I have spent enough time to justify a reload.

      • #3076503

        Dude, Try Fortinet

        by black-eyed pea ·

        In reply to What I do to clean up systems on an almost daily basis

        Bro, you need to read my earlier post about Fortinet. I was just like you. To remove spyware, I have used Spybot S&D, Ad-Aware, Spy Sweeper, Spy Subtract, MS Antispyware, HijackThis, BHO Demon, Pest Patrol, AVG, McAfee, Symantec, Panda, Hijackthis, and Trend Micro Housecall.

        To prevent spyware, I would use AD Group Policy software restrictions, WebSense, IE-Spyad, HOSTS files with dead entries, Spyware Blaster, Spyware Guard, and any spyware prevention bundled with the spyware removal apps.

        Enough! These methods of network management stink! It is a losing game and deep-down, you know it!

        Get a FortiGuard at the gateway and FortiClient software on your nodes.

        • #3075965

          Black-eyed Pea

          by Anonymous ·

          In reply to Dude, Try Fortinet

          You know something? I think you don’t know anything at all. You have been brainwashed. You solution to everything and everyone’s posts seems to be, “Use FortiGuard! NOW!”.

          Quit it. I would like to see you banned because you are starting to flame.

          Granted you’re entitled to your opinion but say it once, don’t keep ramming it down everyone else’s throat please. Now back to the discussion.

      • #3076400

        Ever get damage from Adaware or Spybot?

        by rpridenh ·

        In reply to What I do to clean up systems on an almost daily basis

        I’ve gone through similar (time-consuming) iterations rescuing computers for my clients. However, on some occasions I’ve had systems develop serious problems after running Adaware or Spybot S&D, and could not recover them.

        When this happens it is usually not cost-effective to try to recover the OS and so I end up doing a system restore or OS re-installation.

        Have you (or anyone else) encountered this? And how do you go about safe-guarding against such occurances?

        • #3076365

          probably not Ad-Aware or Spybot –

          by silversidhe ·

          In reply to Ever get damage from Adaware or Spybot?

          some of the malware sets its hooks deep in your system and removing the spyware can damage your system. Have you been taking notes on when this happens? If you can figure out what infections are causing this I’m sure others would like to hear about it.

        • #3076326

          Double-check yourself if you don’t trust AntiSpyware Software

          by mintol1 ·

          In reply to Ever get damage from Adaware or Spybot?

          Spybot is capable of cleaning up the registry. I have used spyot and adaware for long now, and I never had problems afterwards. I used to do that on 10-20 PC/Laptops a day and never had a problem due to Spybot’s or AdAware’s activity.

          I guess there is a slight chance of removing a vital registry key during the cleanup. Since the clean up is not automatic (you decide what to remove in the end) you should double-check you selection before you click “Fix selected problems” (Spybot) or “Next” (Lavasoft’s anti-spyware).

          If you used HijackThis – the chance of removing a good registry key is much higher. You have to really carefull IFF you use HijackThis.

    • #3075217

      I agree that spywre is a bigger problem

      by seegel ·

      In reply to Is spyware replacing the virus?

      Anti-virus programs do a good job on combating old threats and automatic updates help to curb the new ones. However, updates for anti-spyware are not automatic and most do not have any real good realtime protection. Partly because no antispyware covers the entire domain of this problem.
      Taching people not to click on items that just sound good, (both at home and in the corporate environment) is an uphill battle. I have had to clean spyware from the same computers several times. It seems that they just never learn.

    • #3075216

      It goes to show

      by mill3502 ·

      In reply to Is spyware replacing the virus?

      It seems to me that the virus writers were kids compared to the spyware pros. I’d totally agree with. The worse part is that it seems that it’s infinitely more difficult to catch and remove spyware than it is viruses. Maybe it’s just a money thing. the virus writers have found out that they can get paid to do this stuff and corporate america is paying for it.

    • #3075199

      similar definitions?

      by jefftucker ·

      In reply to Is spyware replacing the virus?

      This is a very good topic. I was a system administrator for a large network for just under 19 years until I left recently. Through the years we got some hits from viruses. If it was not for my education of the users we would have probably been hit more. We got an enterprise managable solution for anti virus early on so we became more protected. Then spyware came out. It all changed. Some of the security companies now flag ‘threats’ instead of ‘viruses’ or ‘spyware’. Spyware in my opinion have at least a few of the same actions that are used to define viruses. One is they are software that is (usually) loaded on one’s machine without their knowledge or authorization. Two is they take away from a PCs resources for their use. And three they hide making them hard to eradicate. I am personally grateful that security folks are starting to see that spyware are as bad as viruses.

    • #3075192

      A Bigger Threat on the Way

      by evisscerator ·

      In reply to Is spyware replacing the virus?

      After reading your post, I gave careful consideration of what you said and came up with a worse threat than most people would ever imagine.

      A Virus or Spyware that could be coded from mulitple files that are sent out seperately, hidden in many other programs or sites, that once the code/program is run, it goes out on the net and searches out and pulls in the other parts of the code needed to complete the virus/spyware, compiles in the background and then runs it autonomously.

      This type of cryptic invasion and infestation would and could wreck havoc on your pc, office network or even the internet itself because no one could contain all parts of the virus/spyware. There would be way too many sources to even begin to contain it and closing the internet would probably be the only viable option to keeping it from spreading and propagating itself.

      It is highly unlikely that Symantec or other anti-virus/anti-spyware software vendors would be able to manufacture and manifest a control mechanism to stop the infestation.

      This is what I would fear most.

      Someone will do this I’m sure.

      It’s just a matter of time.

      • #3074977

        The sky is falling?

        by paul.byford ·

        In reply to A Bigger Threat on the Way

        Really now, are you serious? A spyware app that goes out to the internet to get the other bit’s-n-pieces needed. I am fairly confident when I say that my ZoneAlarm Pro would alert me that an application was attempting to access the internet. I am equally confident that I would never allow any application to access the internet unless I was the one to initiate the application and know that it specifically needs internet access (ie Netscape, email etc.)

        I know I have lots to learn, and I agree with many of the comments here regarding ‘no one solution’, but I am also looking into the suggested one stop solutions.

        …but on the other hand, I love a good story.

      • #3075964

        Yes it is a matter of time…

        by Anonymous ·

        In reply to A Bigger Threat on the Way

        But if you thought of this then the anit-spyware/virus software makers have also thought of this and it would probably already be protected against.

        What’s not to say that it hasn’t already been done or is in effect right now?

        Hmm… this is some food for thought.

    • #3075190

      Spyware is worse

      by jsnow ·

      In reply to Is spyware replacing the virus?

      If you do any researxh at all over the internet, spyware is probably a higher risk than a virus. The spyware can eat resources and be as hard to remove as a virus. Unfortunately, some of the spyware was created to collect data for legitimate purposes, that is what makes it so insidious. A virus is out and out malicious. Spyware hides, in some cases, under a pseudo-respectability. Consequently, there is more of it around which in turn makes it more a of problem technically and a great waste of time for both businesses and private citizens. I would lump pop-up advertisements in with the spyware as well.

    • #3075182

      SPYWARE IS Positively Dangerous

      by benjamin.rhoads.ctr ·

      In reply to Is spyware replacing the virus?

      Spyware not only damages computer operating systems, but in most cases steals the users Identity for nefarious uses that can only mean harm to the user….Protection against this form of spyware whether it be keylogging software or simply benign cookie type tracking needs to be gotten rid of and especially those that track your online activities, and log your keystrokes.

      Benjamin

    • #3075151

      Both are controllable…

      by tracyf ·

      In reply to Is spyware replacing the virus?

      …if you are aware of it. Most people don’t even have updated definitions on their included antivirus & have no clue how to update or run it.

      Education will be the key. Once you make someone aware if the problem, & explain how to run the required programs, they’ll be fine- assuming that they listen & take the issue seriously.

      Spyware is costing a lot of people a lot of $$$. When it becomes clear that the system is too far gone to clean & a reinstall must be done, well, at that point you’ve already got a couple of hours of labor to pay.

      My usual is to first get personal data off, kill system restore, & then run the basic scans. If it appears that most are gotten- there’s a good chance of a cleaning. If, on the other hand, pop-ups continue at reboot & removed files return- then I just reinstall the OS. In the long run, you have to decide fairly fast so you don’t end up having to charge for hours of spyware searching.

      Once a system is clean or reinstalled- I make an image to CD/DVD. That’s insurance that is invaluable for next time- & you KNOW that there will be a next time.

      • #3076240

        Agreed

        by bond1973 ·

        In reply to Both are controllable…

        I’ll run two basic, quick utilities (usually spybot and adaware if I can get it to run without crashing)…if it’s still acting up….format, reinstall /all Create an image of it once it’s rebuilt and the next time goes a lot quicker. I have no desire or patience to screw around with crapware.

    • #3075135

      NIC should ban sites that host spyware..

      by gprinsloo ·

      In reply to Is spyware replacing the virus?

      I think that like the spam filtering that is put in place, NIC or another controlling body should blacklist sites that host spyware, or even beter shut them down. It is not to the benefit of the internet users at all and should be erradicated.

      Other than being in violation of practicaly every country in the world’s constitution as an invasion of privacy which makes it criminal. I think that charges should be filed by all affected persons against those bodys which can control or stop this for abaiting and aiding a criminal.

      Alternativly have the hackers post some nice advice as to how we can send these creeps bogus information in mass to flood their servers and make the info they gather meaningless and unmanagable.

      • #3076689

        Nice thought but

        by dr dij ·

        In reply to NIC should ban sites that host spyware..

        not terribly practical. WHether a site has spyware can change daily. Some are on purpose, others are sites that have been hacked.

        Any site such as geocities that hosts individual sites for free tends to get alot of spyware web pages, probably on purpose. At other times, major internet sites have been hacked so that their ads or other pages spread spyware.

        It would have to be done on a private basis.
        Such as blocked sites lists now available for spam.

        Siteadvisor (goto download.com and type this in)
        has iE and firefox helpers that give checklist on websites, green if tested OK, ? if untested, red if site is known (via their servers browsing to site and seeing if it installed spyware) to be a thread.

        and software like (spyblaster?) have lists of sites they block from your browsing for same reason.

        Some kind of blocking would help but there has to be some kind of reward to the telcom companies if we want them to do this. Block from DNS entries? possibly. but like I said, major sites can host spyware if hacked into. there would have to be mechanism for removal after spyware free.

        This is why best not a govt body, they are not known for fast reponses or doing anything that could be ‘controversial’. Spyware companies actually lobby and protest at various NGOs and govt bodies. So private company could be less influenced by this.

        • #2610325

          nother thought

          by Anonymous ·

          In reply to Nice thought but

          What we may call spyware another user may find desirable. Are we ready to dictate what users find desirable like M$?

    • #3075127

      Not Sure….

      by james speed ·

      In reply to Is spyware replacing the virus?

      Yes, Spyware is a terrible threat. It causes all kinds of problems with PC’s and more and more service calls are spyware related. However – Viruses cause more damage and most replicate themselves over entire networks rendering some completely dead in the water. Some viruses are so bad that entire hard drives are wiped out. I view spyware as a “Pain in the A**” not a killer like a worm or virus is. We must fight both of these threats recognizing that anything that interferes with our users is to be taken seriously.

      • #3076497

        Ever Heard of Blended Threats?

        by black-eyed pea ·

        In reply to Not Sure….

        From the Spyware Guide glossary: Blended attacks combine the characteristics of viruses, worms, Trojan Horses, and malicious code to transmit data.

        I don’t know why we’re splitting hairs on which is worse between viruses and spyware. I’m battling blended threats all the time at work. The guys who write malicious code would laugh at this discussion since they already combine the capabilities of viruses, worms, Trojans and other types of malicious code to exploit software vulnerabilities.

        A blended threat typically includes:

        – More than one means of propagation
        – Exploitation of existing vulnerabilities
        – The opening of backdoors
        – The intent to cause harm
        – Automatic increased spreading and reinstalling

        I have seen all those characteristics exhibited on a machine-by-machine basis. I have not yet experienced malicious code that includes all these characteristics and worms its way through the network from one computer to the next, but I think it is only a matter of time.

      • #3075960

        Reply To: Is spyware replacing the virus?

        by Anonymous ·

        In reply to Not Sure….

        Quoted from jspeed “However – Viruses cause more damage and most replicate themselves over entire networks rendering some completely dead in the water.”

        That may be true but data in most cases can be recovered from some form of backup and can be rebuilt. What you loose from spyware/malware or whatever you like to call it, can be used against you in real life. The information gathered by this type of security threat is far more worrying than loosing data to a virus that’s wiped your HDD. At least if the virus wiped your data, you know someone else doesn’t have any of your personal info that was on your HDD, where as spyware can give the makers whatever they want to get from you while you’re on-line.

    • #3075124

      Not so sure

      by andrew.gilmour ·

      In reply to Is spyware replacing the virus?

      Hey Angus,
      I’m not so sure, yes spyware is a huge pain, both in downtime due to slow machines and the time taken to remove them. Perhaps we have just been lucky if you can call it that, as all the tons of spyware we have had to kill has not harmed the machines too badly but a couple of viruses got in and caused some right havoc. A seriously malicious new virus if undetected can cause huge damage. In my experience spyware is more of a pain but has caused us less damage than virus attacks have.

      Andrew G

    • #3075113

      Consider the vector….

      by trdgyrl ·

      In reply to Is spyware replacing the virus?

      It is absolutely essential to consider the threat vector when comparing the risk posed by viruses and spyware. Both spyware and viruses are insidious and make our lives a living hell in a variety of ways. I’ve spent years on this battlefield – in the private world as well as the corporate/enterprise world and have decided that spyware is worse for one reason alone: TCP port 80.

      The very fact that this threat presents itself over the most commonly used port gives it #1 nasty status in my book.

      I think, for the most part, we’ve got anti-virus management under control. We know what to look for, where to find it and how to deal with it. Not only in the corporate/enterprise environment but also in the home. The numbers of people educated about what it takes to prevent virus infection is significant. They’ve installed and maintain antivirus apps on their home PCs. And I’m sure we’d be hard pressed to find a corporate environment in this world NOT running an active A/V program. So, it seems we’ve (collectively) got a pretty good handle on battling viruses. Many people are even getting to a point of running personal firewalls (thanks in part of Microsoft’s insistence) which is a good thing. More and more people are taking responsibility for actively protecting themselves.

      Spyware presents new challenges. My preference for battling spyware is multifold. 1. Education. Know where you surf and where spyware typically comes from: advertisements, etc. and just don’t click there!! 2. Install, maintain and RUN the anti-spyware program of your choice. 3.Consider installing and running a web content filter! We know that the bad stuff comes over TCP 80 and you don’t want to shut that entirely down – you might as well just unplug from the internet at that point. However, we do know WHERE on the internet the spyware typically originates from – and with a filter you DO have the opportunity to stop it.

      No doubt about it, IMHO, spyware is worse than viruses. That doesn’t mean we’re powerless against it – we just have to become more educated and learn to use additional tools. The same way we did when viruses were the new bully on the block.

    • #3075082

      Three Pronged Attack

      by kent5150 ·

      In reply to Is spyware replacing the virus?

      First, update the hosts file with a pre-built hosts list. This will block any site that is malicious and save quite a bit of time fighting off spyware. Also, install and use SpyBot and Spyware Blaster. With these two programs (and the host file updates), I guarantee you will not have a problem with spyware.

      • #3076494

        Hate to Burst Your Bubble

        by black-eyed pea ·

        In reply to Three Pronged Attack

        Bro, that is old school and it isn’t good enough. I’ve done all that and more. See my earlier posts in this discussion.

    • #3075066

      Haven’t been a problem on Solaris

      by dasein42 ·

      In reply to Is spyware replacing the virus?

      I ditched my PC (gave it to my wife actually) and enjoy my web browsing and other things on an UltraSparc with Solaris 10. With Firefox popups blocked and no other measures I haven’t had a single problem with spyware, or virii for that matter.

      • #3074942

        virii?

        by bob g beechey ·

        In reply to Haven’t been a problem on Solaris

        PLEAS, PLEASE find the guy who invented the non-word “virii” and shoot him. The plural of “virus” is “viruses”. Even if English did permit Latin plurals in NEW words (which is not normal practice), the plural would be “viri”. Say after me – VIRUS VIRUSES

    • #3075064

      Yes, and no

      by dbucyk ·

      In reply to Is spyware replacing the virus?

      As an IT technician, I do combat more and more different types of spam, malware, adware. I do however come across more people that have viruses.

      What I do see as an emerging trend is malware and adware have viruses embedded in them.

    • #3075063

      Install URL Filters / Proxy Systems…

      by pscottc ·

      In reply to Is spyware replacing the virus?

      I agree that there are a lot of ways to get rid of spyware once you get it, but the best way is to keep it out from the start.

      I read another post from a user who does not give his users local Admin access on the PC’s. This is a great way, if you can do it. I have worked on a large number of proprietary applications that require local admin privilage, and won’t work with out it.

      My suggestion is to integrate a URL filter with your existing Firewall, or setup a Proxy server to filter traffic. There’s a product called WebSense that integrates with Cisco PIX and Checkpoint Firewalls. Also consider SurfControl (if they are still out there).

      We use a hosted proxy solution from MessageSecure. Their product is a FW/IDS/Proxy combined solution, and they provide the reporting and support.

      • #3076489

        Finally Someone that Understands!

        by black-eyed pea ·

        In reply to Install URL Filters / Proxy Systems…

        Kudos to you, dude. We do need to secure networks at several levels, including the gateway. I manage a WebSense/Cisco securestack and it has helped prevent spyware from coming down port 80 as well as stopping infected computers from calling home to the mothership computer in cyberspace. WebSense also tracks all this so you can pinpoint infected computers and get them off the network quickly.

        We found Fortinet several months ago and are in the process of implementing it across a 1300 node organization. Fortinet combines the benefits of URL filtration, firewall, and more (see my earlier posts). When our WebSense subscriptions run out, we are saying Buh-Bye to that solution.

    • #3075036

      More Spyware than viruses

      by kel_stevens ·

      In reply to Is spyware replacing the virus?

      Spyware at the large corporation that I work, tends to only affect people that decide to install software from the internet or CD-ROM from a friend. We have anti-spyware installed called Spy-Sweeper and have used Ad-Adware in the past, but they do not always get everything. We find the best thing is to do after spyware infection is to backup of all local data and re-image the PC or laptop. It takes more time, and the user is left out of production for a few hours, but that seems to be a plus for us and not a negative. Users all the way up to senior executives need to have their PC taken from them for installing freeware that has spyware in the license aggreement. This down time from the PC makes even the smuggest senior executive appreciate their LAN Admin.

      I have seen supervisors install the smiley icons(spyware related) and then get their desktop re-imaged and restored only to re-install the smiley icons and spyware again the next week. After a second 1/2 day rebuilding, they did not install the smiley icons again.

      Re-imaging works!

      • #3076557

        It is all the same insidious production block

        by 2ktech ·

        In reply to More Spyware than viruses

        I feel that, collectively, spyware is far worse than viruses. My corporation, which has about 2000 pcs, rarely gets any viruses, largely because of our enterprise security and anti-virus. Unfortunatly our company hasn’t been willing to spend the bucks to get anti-spyware software so we spend a lot of time cleaning up or reimaging machines. On the other hand, we only see about 10% that get spyware, but that’s still 200 machines, which makes for a constant thorn in our side.

        Sometimes simply deleting all profiles handles a good percentage of it, and makes the remaining cleanup with adaware, etc. much faster. (All users are supposed to keep their files on a network drive.)

        Contrary to what a previous writer stated, not giving admin rights only blocks certain user installable stuff. None of our users have admin rights and we still get the spyware. When users go out and get free crap such as backgrounds, icons, weather monitors, and go shopping on line during lunch, they get all of this adware that ends up making the PCs so slow. The worse machines are mult-user machines that are used around the clock. Because us techs handle it, the company is still reluctant to get harsh with internet monitoring.

        Out techs have gotten pretty good at handling viruses and even going into the registry and cutting out what adaware, spybot, etc., doesn’t find. But 2+ hours x 200+ users is a lot of wasted time, not to mention lost or reduced production time of the users before they get fed up enough to call us.

        On another note, I personally have had my own irritation with anti-virus companies that milk you for their yearly licenses for anti-virus protection and cop out by ignoring spyware, malware, or whatever cute name anyone decides to call it. Fortunately Microsoft and Symantec have finally took a plunge into this are, so there is some hope towards more competent all-in-one software.

        But I have to say, that all of this is created by
        EVIL intentioned people that are invading business and personal spaces for their own purposes. So please don’t ‘defend’ spyware as being nicer than viruses. It is all meant to damage, disrupt, or slow us down. And I have more than enough job security without needing any of this EVIL crap to justify my job as someone implied. What balogna, to put it nicely.

        • #2610317

          One problem I see.

          by Anonymous ·

          In reply to It is all the same insidious production block

          “…so there is some hope towards more competent all-in-one software.”

          As an example of why you may not want an integrated solution: Older Versions of Zonelabs products were suseptible to the Mutex Virus. When encountered with a slightly different ID string it would invade your entire system and all your Zonelabs solutions were powerless.

          While integration is nice, it offers new problems once a way is found around it.

          While I use integrated solutions, I do not depend on them and back them with other checks. As examples: On my XP boxes I use ZoneLabs Internet Security Suite, this is backed up by weekly checks with LavaSoft’s Commercial Ad-Aware and with Trojan Hunter, then I do bi-monthly scans with RootKit Revealer.

    • #3075024

      You make a good point

      by thomasclark ·

      In reply to Is spyware replacing the virus?

      I agree to a certain extent. Spyware can be more damaging than spyware but not always. Part of the problem is that many users do not know enough about spyware to prevent infection so they many time invite the critters onto their system. These same users do not use active spyware peotection on their machine so they find the spyware after the fact when it hardest to remove. This is simular to the problems when viruses can on the scene. It took a long time for Norton and other viruses software manufactures to come up with solid ways to detect and remove viruses. We will see the same curve for spyware.

      A second problem with spyware that has pretty much been resolved with viruses is that no industry wide definition of what is spyware, what is ad ware and which should be removed. This make is hard for the software manufactures to create a software package detects and removes all spyware and spyware objects and confuses the user focring them to use multiple spyware software packages to remove all spyware.

      Because of these issues spyware seems to unpredictable and dangerous compared to viruses but both are equally dangerous for your data if you get infected.

      TSC

    • #3075015

      Browser

      by webkiller ·

      In reply to Is spyware replacing the virus?

      Spyware is heading their threats at IE.. I have two browsers and onlywith Microsoft Internet Explorer I have all related problems… Opera is secure (for now)…

    • #3075003

      Spyware is the next invader……..Oh Dah!

      by psalm45 ·

      In reply to Is spyware replacing the virus?

      You will never know if anything you download for FREE or PAID for has some tricks in it.
      We common folks are always at risk………. Big Brother is always devising new tools. Hate to tell you “if this it isn’t prophetic, it should be”.

    • #3075001

      The WORST & the BEST!!!!

      by dcarr ·

      In reply to Is spyware replacing the virus?

      I see several home user p/c’s per week that are infected with Spyware/Malware/Adware. They are infected with up to several thousand pieces of Spyware (worst to date had approx 7,000 infections). The problem is FAR WORSE than the Virus problem has ever been. With names like CoolWebSearch, Interent Optimizer, WinTools, Bargain Buddy, SaveNow, 180 Search assistant, etc. etc. and the like, the average user thinks these are GOOD things to have on their system.

      The average home user does not understand what spyware is, and how important it is to protect themselves (ie: keyloggers)from it.

      Some of the worst offenders are SpyAxe and Spyware Strike, (both are from the same company, and the websites are identical)which are SCAMS, and are extremely difficult to remove.

      I have tried most of the products out there, and to date the best product I have found is Spyware Doctor. Its ability to block incoming threats is superior, and FREE products like AdAware & SpyBot just don’t do the job anymore. Best defense is to educate users. I also believe we need some Law Enforcemant on companies like the sleaze that market SpyAxe & Spyware Strike to put them out of business and in jail!!!

    • #3074997

      How about bandwidth issues?

      by trdgyrl ·

      In reply to Is spyware replacing the virus?

      I’ve been reading all the posts and one thing just jumped out at me… everyone seems to be in agreement that spyware is a pain in the backside at the USER LEVEL. But, up to this point I’m not seeing much conversation about how much bandwidth is consumed by these little monsters.

      Viruses (and i’ve been assuming that we’re lumping Worms and trojans in this category) are evil. No doubt. And yes, they can take down entire networks BUT, generally speaking we’re fairly well protected on several levels against these threats.

      Spyware also has the potential to “take down” your entire network if your enterprise is so saturated that bandwith consumption becomes an issue. Yes, spyware could cause a DOS situation. As many here have already pointed out – it IS causing DOS situations at the individual user level. How many individual machines can be off the network/out of production at any given time for re-imaging without being considered in the Denial of Service category? How many spyware-infected machines can be operating at a crawl or not at all before business productivity is impacted?

      • #3075954

        trdygyrl has a good point…

        by Anonymous ·

        In reply to How about bandwidth issues?

        I didn’t even think of mentioning it at the time as excessive bandwidth usage goes hand-in-hand with spyware that I put it all under the one banner. But trdgyrl is correct. Just last week, a spyware job I did was related to that very issue. The customer had a $700 net service bill, which was reversed by the ISP after an explanation was given, and it all came down to spyware. Of the top of my head I can not remember which partiucular piece of spyware it was, but needless to say it was the cause. Since then bandwidth has dropped right back.

    • #3074989

      Spyware is the bane of my life

      by master_yeti ·

      In reply to Is spyware replacing the virus?

      Yes personally I think spyware and adware have become the new “virus” of the modern day. In the last 5 years I have had to deal with at most a dozen true virus infections and none were badly destructive. As for spyware and adware I have lost count of the numbers of computers I have had to try and clean. It can reduce a computer to a standstill in minutes and is notoriously difficult to remove, even with the right tools. They don’t always get all of it and one false move brings you back to where you started. Last Thursday I had a user at work who’s computer took me nearly 1 ? days to clean completely. Users can be totally unaware even when educated about it until all of a sudden their computer grinds to a halt and I get a call saying my computer won’t work. Yes I truly believe that spyware and adware are the virus of the 21st century. As for which is the worst, as far as I am concerned they are all as bad as one another.

    • #3076602

      Pay me now

      by a_head ·

      In reply to Is spyware replacing the virus?

      I am just wondering if it ain’t some kind a Mafia acting stuff. “You can pay me now or you can pay me later!” Seeing how that certain spyware/adware is cleaned by specific cleaners that you have to buy.

    • #3076590

      Protecting

      by shea.mason ·

      In reply to Is spyware replacing the virus?

      i find the best thing to do is to build spybot search and destroy into my images, and use the immunize function first. this stops a lot of the spyware from being able to be installed right from the start.

    • #3076577

      SPYWARE v. Virus attacks

      by genethomas ·

      In reply to Is spyware replacing the virus?

      Clearly SPYWARE is worse than virus attacks ever hoped to be, hands down.

      Most everyone has heard of virus attacks and generally has an anti-virus application or at least tries to steer around the virus bullets.

      A single application of your choice (even a free one, like AVG) will keep you free of virus attacks of most all types.

      Virus attacks generally do not produce much ‘income’ for the virus authors. They are in it for the sport.

      SYPWARE attacks are not that well known, most people I know think I am over stating the case and generally stay focused on the virus enemy.

      This attitude gives the various authors of spyware a head start and a great opportunity to truly score.

      Ther is no one single application, free or not that will intercept ALL spyware. You must run many different applications to intercept a very amazingly diverse population of spyware attacks.

      You will not know where, how or when you caught the spyware. You will not know the spyware is active and working on your PC. It is truly silent and deadly.

      I run 6 different spyware applications (5 are free and highly rated) and catch spyware everyday that I have no clue where it came from.

      SPYWARE is a true money maker and cash cow for the suthors.

      SPYWARE is king for its authors.

    • #3076519

      Spyware…

      by uncle opie ·

      In reply to Is spyware replacing the virus?

      Unwanted Software is exponentially far more of a problem than viruses. I handle tech support over the phone for consumers and I come in contact with spyware, adware, junkware, etc on a daily basis. I have come in contact with a virus maybe once in the last 6 months. Of course there are those problems which don’t get resolved on the phone. They may be viruses or just very nasty spyware, who knows?

      Most don’t understand about spyware, are totally amazed when you tell them they don’t have to do anything in particular to get infected, and generally don’t want to spend a dime to protect themselves. It’s no wonder that the stuff survives and spreads. The isp usually takes the heat for slow speeds, ie not working etc rather than Microsoft for making it so easy to sneak stuff on a computer.

      I generally avoid most spyware by avoiding the sites that put it on your computer. Don’t download anything free unless I know the site is reputable and I keep my firewall, antivirus, & antispyware on & up-to-date. And, of course I don’t use music sharing software :).

      • #3076500

        Finally … a Major culprit is finally Identified

        by ken e ·

        In reply to Spyware…

        It took 52 posts before music swapping was mentioned. Give “Uncle Opie” a huge cigar! Prevent music [file] swapping software Kaaza, Napster, etc. from being loaded to your machine and you have killed the highway-to-heaven for most of this malicious crap we [should not] have to deal with. It would be interesting to know if the music “industry” is behind the propagation of any malware on these sites. They seem to be a tad overzealous.

        A mixture of Microsoft Defender, Ad-Aware, SpyBot Search and Destroy [TeaTimer Enabled], and Norton A/V + Internet security will take care of most of the rest. Careful rebate shopping of Norton products will allow this combination to be used year after year for FREE.

        Norton updates are automatic. The others are manual, but take very little time to do. Just update and run a different one each night as you browse the web. Protection is done in the background and you didn’t waste any [more] time waiting for it to happen.

        Thank Goodness for the kind folks at HighJack This! for their donated time and talents. They are real lifesavers and their software is capable. Just use with a large dollop of caution because you can mess things up far worse than they are if you miss-use it. If you have not made a voluntary $ contribution to the organization, you should do so now! Unless you are a corporate wonk, you will probably need their advice at some point in time.

    • #3076514

      IE=Ineternet Exploitable!

      by ni70 ·

      In reply to Is spyware replacing the virus?

      The number one reason for spyware/adware/malware is because of a web browser that is so full of holes its pitiful! Why not use an alternative web browser such as Firefox or Opera for every day web browsing and only use IE for corporate websites that are authored specifically for IE? I’ve been using Firefox since it was known as Phoenix and the only spyware I get on my home system is because someone uses Internet Explorer. I’ve tried taking the temptation away from my kids and their friends by removing any links to IE, and so far it works! I also use Avast Antivirus and Zone Alarm. I will occasionally run Spybot S&D as well as Adaware SE, just to be safe. I’ve also found that Awil Software has a nice CD what they call their BART CD – Bootable Antivirus and Recovery Tools CD, which scans for viruses and spyware/adware/malware.

      IMHO anyone still using IE deserves to have the headaches of all the *ware out there. I’ve converted many people to Firefox simply due to the fact that it defends against the *ware.

    • #3076441

      NOBLE PC

      by nojoe45-webnews ·

      In reply to Is spyware replacing the virus?

      I can say that I remove spyware, malware and viruses every day from my customers computers. Go to http://www.noblepc.us look at my helpful tools page and download two free spyware removal tools and get a free antivirus program too. Then install zonealarm while your there.

      John@NOBLE PC

    • #3076423

      Virus Writers and Spam Writers have united – for the love of money

      by carlmorris3 ·

      In reply to Is spyware replacing the virus?

      Absoluetly. Its a fact that many network admins overlook.

      Viruses – that blue screen systems and took down networks – are now a thing of the past. Virus writers used to do this for notoriety – for fun – now its all about MONEY.

      Spam writers began making money..

      Spam writers and virus writers have since merged – became one – to make money – creating trojans/malware to infect systems and make money off of this.

      Network admins for 1000 user networks will think they are fine because they have had no ‘virus outbreaks.’ Well these new virus writers DO NOT WANT you to know you have a virus in your network. One machine with spyware – either acting as a zombie, sending out thousands of spam messages across the internet, or popping up ads to buy software, or emailing out personal information to specific email addresses, or keylogging sites and emailing info out, etc. – all these purposes they make money, and they don’t want you to know its in your corporate network.

      AntiVirus and AntiSpyware ALONG with AntiAdware is converging.

      I could go on and on. Its very interesting.. its a never ending black market.. I’m surprised there aren’t more articles on this… so many network admins don’t realize this..

      Anyway.. I’d definitely recommend an antivirus program that protects against all malware, including spyware.. Sophos is a good one.. but the point is.. antivirus that catches only 80% of malware is no longer good enough…

      Good luck in your battle,
      Carl

    • #3076406

      Thanks to spyware I get a paycheck

      by swlchris ·

      In reply to Is spyware replacing the virus?

      I work in a small commercial shop here that deals with a lot of personal use computers as well some small businesses.
      I look up on the shelf every morning, the service tags all read , os won’t boot, spyware infested, popup’s,dialer won’t connect.
      Nine times out of ten, I go into msconfig and there must be 20 or 30 programs sitting there being cranked up as soon as you hit the power button.
      There is a point where you have to make a decision.
      If you are charging a flat fee for service, yet have to spend hours and hours rooting out god knows what out of the drive,you just lost money.
      If you charge by hour or even half hour in some instances, the customer is going to freak out when they get a estimate of how long it will take to yank all that crud out.
      If it’s really bad situation where drivers and program files have been corrupted it could take awhile to redo the whole machine back to factory defaults. Either way it’s lost money, either by the company or by the customer.
      I would guess that it would just be easier to make a backup of all documents and just wipe the drive,then scan the backup and reinstall than to spend hours attempting to clean it all up.The only thing is , customers think you can just back up all their programs and all and that’s just not going to happen. So , education comes into effect here. I would bet 90 % of my customers didn’t have a clue that as soon as they got that brand new Dell in the morning and hopped online that by evening time there would be at least 3 spywares running inside their new box.
      I figure if I have to spend more than a half hour jacking around with various programs , I’m better off financially to just wipe and start over.The customer is better off as well cause then they don’t get a huge bill.A little education goes a long ways also.

      • #3075946

        Actually…

        by Anonymous ·

        In reply to Thanks to spyware I get a paycheck

        SWLChris,

        The company I work for charge by the hour, we tell the customer up front that it can take as little as 2 hours minimum for spyware removal and anything up to 4 hours. (I’ve done a four spyware removal job). If we inform the customer why it takes so long then they’re happy to pay, so long as they know they’re getting rid of the crap. And in every long spyware removal job I’ve done, it has been a huge wake-up call to the customer and we never see spyware on their pc again because they learnt the lesson of “If it’s so good as to be free to download, then it must be spyware and I’d better check up before I download it.”

        Oh and flat fee fixing is wasting your time and the customers, because a) You don’t want to spend all that time on it and get paid one flat fee, and b)You probably don’t care enough to spend all that time so will just take the easy option. Oh and I’ll through in a c but it’s a different topic for another area of TR, c) Flat Fee’s are not good for business survival.

    • #3076384

      Rootkits

      by silversidhe ·

      In reply to Is spyware replacing the virus?

      get my vote for worst threat – how the hell do you know if you got them all esp. with windows? I have to admit I’m at a loss; all I know to do is to reformat and reinstall because how do you know for sure?

    • #3076378

      Spyware

      by wellie51 ·

      In reply to Is spyware replacing the virus?

      I am in total agreement with Angus, I spend more time searching for and trying to remove spyware than I ever did with Virus’s. Most Spyware seems to be able to hide itself extremely well on the system and takes up many hours trying to weed it out. I have taken to restoring a saved image of a clean system at least once a month just to stay ahead of the Spyware.

      • #3076299

        should not reach out for re-imaging

        by mintol1 ·

        In reply to Spyware

        In bad cases of SpyWare issues I end up monitoring the list of processes in Task Manager while using a combination of Spybot, AdAware and HijackThis. One of those will show you where the nasy process is running from. If you can not get rid of the malicious file, you can kill all “odd-looking” processes from the list of tasks and continue the cleanup.

        It may take two or three attempts before you finally get rid of all little components of your spyware headache, but you will not have to re-image.

        Re-imaging may take you to a point at which some drivers for new cutom hardware may have to be reinstalled or a new software package may have to be re-installed. You are risking a big waste of time.

        I was always able to recover from Spyware without re-imaging – in a place where I had to clean up about 5-10 PC’s a day. Rather than getting a good handle on wider range (sort) of Spyware issues you are just practicing re-imaging. You may be going in circles.

        • #3075945

          I’m with mintol1 on this…

          by Anonymous ·

          In reply to should not reach out for re-imaging

          I’m not for taking the easy way out and reaching for the image when it seems to be getting to hard. I will do all I can for a system until I can do no more. If at that point I need to re-image or backup data and format/reinstall then I will. This process happens very infrequently thankfully as it can be a boring process of re-imaging or reinstalling and the customer always questions that activity, no matter how well you explain “Why” to them.

      • #3076278

        Add Inconvenience factor…

        by pscottc ·

        In reply to Spyware

        I use both RIS and Ghost (depending on need) for system imaging. If you’re not already using them, I suggest you invest time in them…

        But really, for users who consistently get spyware on their systems, it should be inconvenient for them. Take away their systems for several hours or a day or two. Give them a spare from the junk pile (P3-667 should do) and take your time rebuilding the system. The spare system should only have the bare minimum for the user to make it through the day… Browser, productivity suite, and email. No special or unique programs. Users should equate bad behavior on the internet with loss nicely functioning equipment with all of their favorite software.

        But don’t make it inconvenient for yourself. Get yourself set up with an imaging product that you’re comfortable with. Lastly, consider getting WISE or InstallShield and repackaging all of your one-off applications for quick installation with all of your standard tweaks (and make the installs silent). These factors together can drop your system build time from 3-6 hours to 1 hour.

        Good Luck!
        PSC

    • #3076211

      Spyware

      by gameal.hassan ·

      In reply to Is spyware replacing the virus?

      A few things you can do to help combat spyware:
      Use FireFox browser instead of internet explorer
      Dont use any programs like Adaware Away or Ad-Aware, infact any programs like these in my opinion seem to make things worse. Last thing, BE CAREFUL WHAT YOUR CLICKING ON when surfing the net

    • #3076175

      spyware is the bad seed

      by carlosd ·

      In reply to Is spyware replacing the virus?

      No question that spyware is the nasty in the list of poisons available. No only because of the constant innovations, but also the adaptability to any cure you can apply. As I can see the problem, it boils down to eliminating impulsive downloads completely. Users have to learn to research information on any offer, no matter the source, to insure that the gift they are being given is really one they wish to get.

    • #3076095

      With so many opinions…hope you don’t mind one more

      by dennis_london ·

      In reply to Is spyware replacing the virus?

      At this point I’m a little tired of reading simply because most of you are saying the same thing. Layering the protection, malware is bad, blah blah blah.

      Yes, malware is the newest, biggest, and baddest threat. But we cannot fool ourselves into thinking viruses aren’t still a big threat. Viruses, worms, and trojans are still a large threat with the potential to do catastrophic harm.

      Spyware and adware use other malware as transport and propagation methods. You still have to protect from the basics. The reason spy/ad-ware is being talked about so much is because it is so prevalent. Did you know that the AV vendors are still receiving hundreds of new viruses every week? Sometimes they get hundreds in one day.

      As for any particular product, I personally prefer the McAfee solution for our enterprise. With VirusScan 8.0i and the AntiSpyware module we are protected from just about everything, to include most hacking utilities. The buffer overflow protection and access protection rules integrated into the product have eliminated the need for hasty patch deployments. When we team these products with the rest of their offerings (IntruShield for Network IPS, MHIPv6 for host, SCM for gateway) we have a complete proactive solution. Yes it is a bit expensive and yes we need some training but with their management solutions we don’t need a “team” of engineers to administer it. Oh yeah, did you notice the word PROACTIVE? McAfee is the only proactive anti spyware/adware solution on the market. Everything else is reactive and relies on the detection of a modification to a registry, system setting, file or folder.

      If you haven?t looked at these offerings, I highly recommend you at least evaluate them individually or as a complete solution.

      In my opinion there is nothing on the market that can provide this level of protection. Don?t believe me, ask McAfee?s CIO about it. Obviously he uses all the McAfee products, but what you may not know is that McAfee is the second most attacked corporation with Microsoft being the first.

      • #3076052

        Just a Moment of Your Time …..

        by evisscerator ·

        In reply to With so many opinions…hope you don’t mind one more

        While you support the McAfee products in your argument, I must remind you that McAfee’s products have caused lots of frustration over the years with their products. Personaly, I found Symantec products working the best (without slowing the system down) and for Anti-Spyware, I rely upon 3 products, each with their own level of protection (Microsoft Defender, CounterSpy 1.5 and Spybot 1.4). No one solution is the everything answer for every problem.

        • #3076808

          My opinion isn’t an argument…

          by dennis_london ·

          In reply to Just a Moment of Your Time …..

          First off, I was offering my opinion not arguing with anyone. But if you want to argue this I would be more than happy to setup a webex meeting for us and anyone else that wanted to join.

          I do feel very strongly that McAfee provides the best protection…and I have the proof to back it up.

          Every customer I know who has for one reason or another switched from McAfee to something else has always called saying they made a mistake. On the AV side, those who went to Symantec, CA, or Trend have all had outbreaks in which McAfee customers were not impacted. For the AntiSpyware/Adware market McAfee is and I repeat is the only proactive solution. Everything else revolves around detecting a system change.

          Now I know part of your argument might be that McAfee’s signature base for spyware/adware only consists of about 6000 whereas the others are over 100K. That is because the ohers have to write a signature for every piece (driver, reg entry, file, folder, etc). McAfee writes their signatures the same way they do for their virus signatures. They encompass all aspects (files, dlls, reg entries, etc) into one signature. This along with their hueristic detection capabilities for the most part eliminates having to write new signatures (DAT files) for every iteration or variant of an existing threat.

          I hope you for your sake you aren’t basing your decisions on performance only since that is what you refer to as “working the best” in your comments.

          My opinion on Symantec is that they missed the boat. They had the best opportunity to really take the AV space when McAfee was floundering with what to do back in the Network Associates days. That time has since passed and Symantec along with the rest missed their chance. McAfee is stronger than ever and their core focus is security. That is all they do whereas Symantec is trying to be the next IBM.

          Good luck and good night.

        • #3100412

          I appreciate your opinion…

          by pscottc ·

          In reply to My opinion isn’t an argument…

          Hey Dennis —

          …But can you really say that a single vendor solution is really in the best interest of a company that has more than, say, 500 computers? This introduces a major single point of failure in the network. With the speed that new virii and malware come out, wouldn’t you agree that there is a risk that one vendor may fail to update in a timely manner, or produce a definition that causes the software to fail? I personally believe that one vendor should be used for servers and a separate one for desktops. I can’t say that I usually get my way on this, but I usually have at least 2 different AV solutions in front of my mail system, since mail has been the leading point of entry for virii and worms in the last couple of years.

          It’s been about 18 months since I last reviewed McAfee’s products. The last time I had looked at it, e-Policy orchestrator (2.0) was kind of clunky. Are all McAfee products fully integrated into this management console now? This is my biggest complaint about most software companies. I think that Microsoft finally got it right with the MMC architecture for their own products. Symantec: servers and workstations in one console, exchange in another. Trend: different consoles for workstations, servers, AND exchange. And its not just AV vendors… I have this problem with CommVault, EMC, and other vendors. If a vendor offers a suite of software whose set of tasks are related, all of those packages should be managed by the same console framework. To date, the only AV vendor I have seen with a fully integrated console was Panda. The problem is that I don’t like their product very much, and that they are not ranked as highly as McAfee, Symantec, or Trend.

          I do, however, strongly agree with your general assertion that prevention is better than repair. The overall theme of this thread really shows the scope of the problem and its effect on the industry as a whole. I believe that home users should protect themselves with the best integrated solution on the market. I also feel that Corporate administrators should spend more time restricting access to the internet through the use of proxies or URL filters, and stopping the influx of e-mail based worms.

          Good to see you out here fighting for the cause, Chip.

          –P. S. Chapman

    • #3076068

      Biggest (inter)national security threat

      by onephatcat ·

      In reply to Is spyware replacing the virus?

      Adware and spyware are the biggest threat to national security there is. Young brats who write viruses get lots of press as the FBI travels the world to arrest them for stupid silly exploits, but the real evildoers, are ignored largly because they are commercial entities.

      Adware and spyware have infiltrated all levels of government computers.

      What would an individual who did that be charged with if they were caught? Many of the companies who write these programs have addresses and telephone numbers.

      Spyare and adware companies are commiting acts agains the governments and people of the world in plain view. Many have addresses and phone numbers.

      Why are they not tracked down and prosecuted like the kids who write viruses? This is a travesty. A kid who writes some stupid computer virus out of curiosity and boredom is really far less of a security threat than someone who engineers a product to invade computers and extract data on its users.

    • #3076632

      Yes, spyware & MicroSoft are both the problem

      by wforkner ·

      In reply to Is spyware replacing the virus?

      If I create a wiggit, if I market the wiggit, if my wiggit harms others due to flaws in making my wiggit available to others, then do I have a responsibility to my customers to make my product safe to everyone? Not if your name is M/S.

    • #3075706

      Warning

      by dr dij ·

      In reply to Is spyware replacing the virus?

      today’s article in computerworld (and information week) warns of several drive-by installs via wmf flaw (so having disabled activex won’t help you). I tried trend micro’s online free scanner and found keyloggers on 2 pcs at work and two at home! changed my bank online pwd. suggest all you try and scan for these nasties at
      http://www.trendmicro.com/spyware-scan/free_spyware_scan.asp

      • #3264983

        This is exactly what I’m talking about!

        by dennis_london ·

        In reply to Warning

        With McAfee installed and using the buffer overflow protection piece within it, I don’t have to worry about this. They have provided me protection against this before it was even known to be a vulnerability or threat. I don’t have to go out and scramble to get a patch or update and deploy it to any of my machines.

        I think of McAfee as Pedro from the movie “Napoleon Dynamite” who has offered me his protection. Quiet, shy, just goes about doing what needs to be done with little to no fanfare.

    • #3100243

      Spyware is Almost as bad as Viruses

      by critter22z ·

      In reply to Is spyware replacing the virus?

      I still feel that viruses are worse for the system as to the troubles they can cause (deleting files, moving them around, and even attaching themselves to system files so once you remove the virus you also remove the system file). But as for the worst, that would be SpyAxe.

    • #3265604

      Evolution of the Common Virus to Spyware/Adware

      by djdodger_ ·

      In reply to Is spyware replacing the virus?

      Although not necessarily correct, I’d tend to agree with what you are saying. It is the newest chapter in the book of information technology/digital manifestations. Common computer viruses evolved (due to crackers, spammers, grey-hat hackers, script-kiddies and other shady characters) into superbugs that hurt systems and organisations whether through resources, time or funding. Much like us unfortunately, the viruses have evolved into a much larger manifestation, this, I give you Spyware/Adware.

      Once thought only a rumor (during the transition from the late 90’s to 2004) to keep customers and crackers in line to stop piracy, Spyware has now evolved to create much more unneeded chaos for everyone. This new chapter of manifestations, which is still in its infancy mind you, will evolve much more as crackers/programmers/script-kiddies update code of previous spyware and create new adware applications.

      As the last line of defense, IT departments need to keep on top of updates for the latest spyware and malicious commercial programs as they surface. As for platform developers and programmers (both software and hardware), they need to keep on top of these threats before they hit the wild.

      My greatest concern is, if spyware/adware evolves (quickly) to accomodate an inbuilt trojan engine that can create more hassles. This will no doubt happen, but if they start cropping up very soon, then we’ll all be in for a very big scare.

    • #3264150

      Question of hardening

      by georgeou ·

      In reply to Is spyware replacing the virus?

      Virus defenses have hardened to the point at the gateway level that it’s fairly easy to contain. People are only catching up with spyware tactics so of course spyware is a bigger problem. But try turning off your AV defenses and see how long you hold up against viruses.

      • #3265833

        Exactly!!!

        by dennis_london ·

        In reply to Question of hardening

        You hit the nail right on the head. A few others have said the same thing but differently, you managed to state it so precise, even my boss’ boss could understand it.

        Thank you

    • #2624983

      hmm…

      by nicbob1989 ·

      In reply to Is spyware replacing the virus?

      i don’t really care, as long as i can keep my computer clean. I’ve been keeping it clean the whole time (my new pc) and some idiot logs on into it and somehow manages to infect it with spyware… I would like to know if their are any websites that you can report these websites that give spyware to your computer

Viewing 49 reply threads