General discussion

  • Creator
    Topic
  • #2275022

    Spyware

    Locked

    by pctech ·

    One may ask why I would start this discussion about spyware under the Security topic. Simple, I see spyware as a possible security threat. If not now, certainly in the very near future.
    The term “spyware” is becoming more and more ambiguous. At it’s conception, spyware was nothing more than a cookie placed on your computer to collect rather benign information about your system and your preferences on how a page was displayed when you visited a website. This is no longer the case. The only true distinction between viruses and some spyware is that the spyware does not conatin a “harmful” payload that could damage your system. Once spyware does carry a harmful payload it is then reclassified as a virus or a worm. Even this distinction is becoming muddied because spyware can have a direct effect on system performance and your ability to use your computer reliably.
    So, as techs, what do we do about it? We are not limited in what we can do to rid systems of spyware. One at a time. We can do this by using the very valuable, and very free tools we can download off the intenet. As good as these applications are, they are not the definitive answer to the problems of spyware. This process is simply too slow and is more and more an ineffective method, for too many systems remain infected. Using this tactic, spyware wins. Hands down. We, as techs, must also be information sources to end users and let them know of the problems spyware creates and how to keep their systems clean. Our chances improve with this method but, too few voices to be heard by too many ears. Some lack the skills to use the tools we can help them obtain. We must teach the use of these tools as well. All for free for any true impacts to be realized in the war against spyware. I do not imply that the initial service of “cleaning” their systems should not be without a charge but, teaching them how to avoid future infections and cleaning of their own systems in the future should be a free service we provide to them. We need to inform users that some of the “tools” available to them also are spyware within themselves. Trickery is a standard practice for spyware programmers.
    We can have better success as consumers. We, as consumers, need to let these advertisers know that their products will NOT be used from any company that employs the use of spyware to sell their products. A larger and more effective voice that advertisers will have to pay heed to. For this to have an impact, consumers must be resolved to stand firm in their commitment to avoid buying products sold by these companies. This method of fighting the war on spyware will have a better chance of succeeding.
    What about as members of society? What can society itself do to combat the onslaught of spyware? This will take legislation. Strong, very effective legislation. Society will need to decide what is just treatment for those that invade and take over our computers. I have my own proposals but, I can not speak for society.

    Mike Rankin

All Comments

  • Author
    Replies
    • #3367696

      Take Ghost images of HD

      by garion11 ·

      In reply to Spyware

      That will fix everything. You got spyware, No problem, lets ghost it. Back up their personal files because as far as I know Spyware doesn’t “infect” personal files (thank god for that) and image it. Don’t give ordinary users Admin rights, advise them on which sites are trustworthy etc (an IE installation popup from Macromedia is safe so to speak…etc)

      At this point, I think Spyware is as bad as Viruses are, if not worse. These aren’t innocent cookies anymore, they are full blown malicious programs which submit personal information to a remote server (god knows where it is) and are pretty much impossible to remove unless you format the HD and reinstall the OS.

      • #3367675

        Work arounds

        by pctech ·

        In reply to Take Ghost images of HD

        Garion,
        What you suggest is vaible for only a few. The few that are able to use GHOST. Even with this, it is a work around against the problem and is not a solution to the problems associated with spyware. How long are you going to be willing to GHOST an image back to your hard drive? This imagine did not keep the spyware out before and certainly will not now. You end up chasing your own tail. We need to attack the problem and not its symptoms.

        • #3367664

          I agree

          by garion11 ·

          In reply to Work arounds

          totally. But mine was more of a temporary solution. But as I keep thinking about this, Spyware doesn’t have to be used just for commercial purposes as it is being used right now. A hacker can make it “act like a Virus” by having personal, financial information be sent to his/her server.

          Another solution would be to deny the users Admin rights, EDUCATE users (home and corporate,yes visit your porn sites, just don’t install plug-ins etc,), install an desktop side firewall if that stuff helps…etc.

        • #3367663

          Temporary

          by pctech ·

          In reply to I agree

          Garion, you are also correct that temporary measures must be used until a viable solution can be found. I can not and will not disagree with this. You comments on spyware being used for more than corporations wanting to flood you with their offers is exactly why I started this topic under the security topic. We are now being confronted with spyware that will not go away no matter our efforts for it to do so. I see this as another crucial step towards what you suggest on security concerns. We need to discover viable answers to this problem now and not later. I think a lot depends on this and spyware is fast becoming more than a mere annoyance.
          A desktop firewall will help to some degree. Zone Alarm started the industry with not only blocking incoming attacks but, also, checking outgoing traffic as well. My ISP gives me a dynamic IP address for my cable modem. This helps, to some degree, to make my system a moving target. My system is behind a NAT router and I have Zone Alarm as well. These people are getting smarter for I have had Zone Alarm disabled and corrupted on my computer from the outside, either through a direct attack or by a worm that got in and disabled it. Well, the attack did not have its desired effect for once Zone Alarm gets corrupted, there ain’t nuthin’ getting out. I uninstalled Zone Alarm and reinstalled it with a password. A few more tweaks and they may obtain their desired effects. That bothers me.

        • #3367542

          I agree too

          by oz_media ·

          In reply to I agree

          Yes Garion, I agree. It is my DUTY to visit porn sites throughout my day, especially the cracked ones, as it gives me a good idea of how they work, where the password lists are stored and what they use to track visitors and earn money.

          It is actually something I may add to my next contract renewal in 2006. “3 Hours per day investigating porn sites and becoming aware of the dangers of farm animals and miscellaneous foreign objects.”

        • #2698993

          The Wrong Approaches

          by donaldcoe ·

          In reply to I agree

          In today’s environment the key phrases are immerging as: Admin Rights – Educate Users and Lock Down the Internet. No matter what road you decide to take the Human factor will be the deciding factor. I have found limiting Admin Rights creates a whole new set of problems where the user is unable to perform the most basic of house cleaning measures – defrag or clearing out Internet Temp Files or cookies. You say educate users to many users do want to be educated (the human factor) needing education means you might have a lack of intelligence.
          My phrase is Spare the Rod – Spoul the Child, treat you server like it is a War Zone. When a New User arrives and wants access They sign the Does and Don’t Roster, next invest in multiple Spyware scanners running 24/7, next Set up Network Anti-Virus applications to grab Definition Updates daily if they are available – set every workstation to have daily scheduled system scans. NOW Be willing the Spank That Offending Hand of those that want to test the resolve once your users find out that errors have consequences they will be hammering down your doors to be EDUCATED.

        • #2713283

          Spyware & Viruses BIG $$$$$$

          by kimscomputing ·

          In reply to The Wrong Approaches

          While I too am tired of viruses and spyware. It must be a big chunk of the technology economy. Nobody buys much software any more but everyone buys anti-virus software. Removing it is a good part of my business. It is sad that it has come to this but right now spyware and viruses are big $.

        • #2702622

          Small Scale Operations Hit Hard

          by eriksblues ·

          In reply to Spyware & Viruses BIG $$$$$$

          It is interesting to read all these comments as XPSP2 is downloading. I presently work in graphics and we use 4 whole computers (essentially a home network setup). Access to the internet is a must…and with it comes spyware, malware, viruses, and whatever else. Desktop Publishing software is expensive, along with the mandatory Microsoft Office (clients use it). With every operating system upgrade it has gotten more and more expensive and the so-called “free” adware/spyware/virus removal programs don’t cut it (even in safe mode). Because of compatiablity issues(client needs) one machine has to run Windows 98SE, the others XP. This makes for fun. I used to work for a company that built laptops and would rather deal with the issues of simply building systems than keeping them operating (budget restraints lol). It is great to hear Lan Adminstrators express their knowledge. But small operators and home users are also being hit hard and they do not have the knowledge base that administrators do.

        • #2709242

          The Offending Hand

          by parisok1 ·

          In reply to The Wrong Approaches

          The problem especially on a large network is when the offending hand and the problem users are all way above you in the food chain. Without support from the top the problem can never go away due to inability to enforce the rules.

      • #2699081

        Would be Nice

        by americium ·

        In reply to Take Ghost images of HD

        It would be nice to be able to afford a license for Ghost for each workstation. But at around 24 bucks a pop, it’s just not feasible.

        • #2712934

          AdAware Enterprise Version

          by jagibbo ·

          In reply to Would be Nice

          Lavasoft is currently developing an enterprise version of AdAware that will allow IT to remotely control and protect PC’s from spyware, much like Symantec’s System Center Console. Lavasoft estimated that this product will be available by late 3rd/early 4th quarter of next year.

        • #2709663

          Only (1) got Through in (3) Months

          by joeandre1 ·

          In reply to AdAware Enterprise Version

          Maybe I’m Crazy here but I’ve read of Crazier souls out there. I’m running XP Home with NO Updates of any kind, Panda AV, built-in XP firewall, Spybot to initially destroy spyware, and Spywareblaster to completely keep them out since Spybot doesn’t keep Anything out. Without Spywareblaster just 24 hours after getting rid of them they’re all back in full force. As far as I’m concerned Spywareblaster is the most effective tool out there in this war.
          In 3 months time only (1) has gotten by but it’s never been back. And concerning Updates I re-installed XP 3 months ago to get rid of all the garbage we seem to collect over time, and have never installed even one of them, and my computer has never run better.
          Personally I think the biggest breach of our personal privacy and security, is the fact that untold numbers of people out there know your name, address, s.s.#, yearly income, and All has been led to believe that they can safely do business over the internet using their credit cards. Sure their numbers may be somewhat safe being delivered over the web, but how safe is it once it gets there. You might not trust your kids with it but here you are blindly trusting a total stranger with the keys to your bank account.
          And doesn’t anyone ever wonder why these online companies absolutely insist on you using one or you don’t get what they have to sell. For instance, I don’t and won’t use credit cards for many, many reasons and last month I tried to purchase access to an online radio station. Can you beleive that they actually refused me even after offering them a full years payment , in advance with a Cashiers Check ? I don’t know about everyone else but it really makes me wonder what they are really selling here. Think about it. Joe

      • #2699043

        Would be Nice, but….

        by mbaumli ·

        In reply to Take Ghost images of HD

        1. Ghost software costs around $50 or more per PC depending on the licening that you use.

        2. Very few applications happen to work in limited accounts. My list includes, Lotus Notes Client, 5250 Emulation, Lansa Client. Basically anything that doesn’t have Microsoft’s name on it.

        3. Customized settings that take place by the user over time. IT can not handle every specific application or they would have a 1 to 50 admin to user ratio. Which is the Corporate world is why to small.

        4. Training end users to ghost their PCs everything they make a modification, and hoping that they don’t get spyware in there as well.

        5. Getting PCs with sufficient hardware such as a spare drive or CD burner. In which case, alot of blank CDs.

        I would have to agree with the fact that some spyware is so bad that Computers cease to boot. I have witnessed this many times and have even made some money fixing PCs because of this.

      • #2698664

        No such a thing as FREE!

        by hebel ·

        In reply to Take Ghost images of HD

        One time a friend asked me, if I could help him figure out what was wrong with his computer. When I asked what?s going on, he said, that his computer takes forever to boot, despite the fact that he has 800 MHz, 512 MB Pentium 3 Gateway with Win XP Home Edition.
        Right there I knew that his computer didn?t lack the power to boot up, but was dragging with Spyware.
        I went there, downloaded Spybot (Search And Destroy) from Downloads.com and started to do some cleaning. I could not believe that Spywares could and will take over your system so badly one would be a fool not to call them Virus or Worm.
        The Task manager was totally disabled by them, Ctrl-alt-Del was absolutely useless. Spybot did clean what it could even tried to reboot the system so spybot would delete them before they register with system boot, but all came and went in vain and lost hours without progress.
        I finally realized that the OS was beyond repair. We saved what we could as far as his personal files go, on CDs and end up formatting the drives.
        As we were battling with Spywares we kept on coming across to some so-called ?Sharewares? and ?Freeware? like Kazaa PTP and Wave To MP3 Converters. I said who downloads these? He said; my kids. He even had poker and casino software that he said were free in the system, some lousy screen savers that he said were free were there too. I keep shaking my head and said to him; who in his/her right state of mind would spent so much time programming software so you could have it for free?
        There is no such a thing as free; you have to pay for everything one way or the other. But this time I will pay for what your kids downloaded. Next time there will be charge.
        Most people (Employees, Kids) loooooooooove to download stuff. Who can resist watching the download bar go zoooom?

        • #2713808

          Re: Spyware

          by smartstuff ·

          In reply to No such a thing as FREE!

          I too have had problems in the past with Adware, mainly. But also Spyware. I think it got onto my computer when I installed Kazaa.

          After using a Spyware Remover (from http://noadwares.1found.com) the problems along with the Spyware and Adware were gone!

          AND I’m still running Kazaa.

        • #2709835

          Websense will help

          by psx ·

          In reply to No such a thing as FREE!

          Purchasing a corporate filtering software such as Websense will help you restrict access and, with the latest versions, block certain network protocols from being used by certain clients and/or sections of your network.

          I do use Spybot for my home and company network but deploying and maintaining this software on a corporate network is such a pain. Hopefully AdAware Corporate edition will help once it comes out.

      • #2713354

        Why me

        by g.m.bakker (cne, self employed) ·

        In reply to Take Ghost images of HD

        If I have to make the image, so do several million others, a GODD..N wate of time…I say kill theis systems, hunt them down and flush the machine, same shit they do to us!

    • #3367685

      Cost of “free” software

      by thechas ·

      In reply to Spyware

      Spy-ware and Ad-Ware are just the latest tactic that some web site operators and free software producers and distributors are using to recover their costs.

      On a corporate level, the easiest way to deal with these programs is to lock users out of installing software and restrict websites that deliver mal-ware payloads.

      With the escalation of money making tactics since the days of banner ads, I wonder what’s next?

      As with many web based problems, the only way to stop mal-ware is to remove the profit motive that entices web-site operators to use or allow it.

      A nifty system would be to tap into the data the spy-ware collects and change the data to useless or bogus data.
      If the data collected by the spy-ware has no value, then there will be no profit motive for creating spy-ware.

      At the present time, legislation blocking spy-ware will not work. The spy-ware producers will simply cross borders and be out of the reach of the law.

      Chas

      • #3367676

        Crossing borders

        by pctech ·

        In reply to Cost of “free” software

        Chas,
        Escaping across borders may allow them to escape prosecution from any laws placed on them here. Refusing to buy the products of those that use spyware to gather their info to target sales to us can not escape across borders. They can run, but they can not hide.
        Spyware users can be traced quite easily. End the sell of their products and it matters not what borders they reside in. They are history and one less user of spyware for us to contend with. Those that do not get the message, from the collapse of a business using spyware, may soon face extinction as well. Virus writers are hard to find and harder to prosecute. This is not the case for those that use spyware. Their identity can be easily discovered. Yahoo’s software use to be laced with spyware. They soon learned, through complaints and users refusing to use their products, that they were facing hard times if they did not remove it. Yahoo learned not to infuriate people. The others will learn as well, or cease to exist. Either way works for me. Learn or the company dies is all I have to say to the companies that use spyware.

        • #3367674

          End users

          by pctech ·

          In reply to Crossing borders

          Chas,
          I agree with you that corporations can take better control of their systems and they are doing so. Locking out installations and restricting which websites that the end user has access to works well within a corporate environment. This does nothing to help solve the problem on personal computers. You can not lock users from installing software on their personal systems nor can you restrict which websites they choose to go to. This is their system and not a corporation’s. Herein lies a much bigger problem than that of corporate users.

        • #2699141

          Free Tools

          by gpartridge ·

          In reply to End users

          Unfortunately the free versions of Adaware and Spybot only remove the spyware and do not give ongoing protection.
          I would expect in the future most PCs will be running antispyware software as well as antivirus software.

          I would like to see Nai etc release antivirus software that also protects against spyware.
          The problem is, at the moment, probably worse than the threat from viruses in terms of support costs to companies.

          I feel that companies like Lavasoftusa can’t invest the same amount of money for researching new threats as larger enterprises such as NAI.

        • #2699137

          Problem is with education

          by jcp ·

          In reply to Free Tools

          I find that with many of these issues… and there are related issues like the abuse of instant message services … there are sufficient users who are unaware of the larger impact of the problem that they will do little or nothing about it.

          This allows the problem to propagate.

          I also find it really condescending of people like you PCTech to talk about denying admin rights to users… the problem is eased when we ALL deny ourselves admin rights. We should be taking a unix-like view of admin rights. To wit, something to you only use when you absolutely have to.

          This is not easy. The way many programs operate does not make them work properly in a Microsoft world. To give a very small example – I have had to stop using a simple Disk drive temperature monitor program – DTemp, because it does not have sufficient access rights to read the drive when I am the Superuser ( and I would really prefer to run as a USER ) to avoid viruses etc.

          But I prefer to stop using DTemp to rebuilding my computer thanks to viruses, or having all my data visible on the web through Spybots.

          The Unix feature that Windows 2000 does not have that would allow administration to be a lot more sensible (and I am not a Unix advocate at all ) is the ability to slip into superuser rights, perform a task at that level and drop back down to normal rights level. This would minimise exposure to all the problems by encouraging all of us to run at the lowest access rights that we need to do our job, thus denying the virus, and spyware of the high-level access to the computer.

          Security really starts at home, and I am as guilty as anyone. It has been hard for me to break the habit of setting myself up as an administrator. I lose a lot of access rights and therefore convenience.

          John.

        • #2699114

          Absolutely

          by arleenw ·

          In reply to Problem is with education

          You can go and clean a home user’s system, but once you leave you have no control over what they do. Leaving them with regular user rights only causes problems with functionality which results in phone calls. It is not a viable solution to put restrictions on a computer for a home user. It’s not the same as a corporate network where you have daily interaction and control over the environment.
          Quite frankly, it is the users responsibility to understand how to use a computer, it’s vulnerabilities and how to implement best practices. Security works in a Unix environment because the people that use Unix are geeks who like this kind of stuff. Most home users just want the computer to integrate into thier lives so they can be productive – they don’t care how it works. Microsoft has marketed their products to this audience by making their products seemingly easy to use. Unfortunately, that is inaccurate because in order for your system to run properly, you must educate yourself.
          I personally will not make myself responsible for what the client does with their computer. I will give them the all information they need, but I cannot make them learn it or practice it. I can fix the problem for the moment, but they are on their own once the computer leaves my control. They have to learn the consequences of their behavior.
          Recommend Mac to home users, migrate to Linux in the workplace. Use alternative browsers.

        • #2698746

          Ever tried Linux?

          by black-jack ·

          In reply to Absolutely

          I run Linux on my home computer, even though I am a Windows XP shop system administrator at work.

          At work, users are constantly getting spyware and sometimes a virus, even though we have users with limited access, a corporate firewall, and McAfee anivirus with daily updates.

          My wife and I botrh have Linux machines without anti-virus protection (not needed) and have not had any infections since installing the software (more than a year).

          What was that about MS being more secure than Linux/Unix?

        • #2699082

          Amen Y’all!

          by dumbuser ·

          In reply to Problem is with education

          Couldn’t agree more. Users have to learn how to use their machines, and putting them in a playpen when they can’t screw the machines up is only enabling them to remain ignorant.

          Heck, if we applied this same kind of logic to cars, only certified mechanics would have keys to the hoods of cars.

        • #2698973

          If cars were driven by the web…

          by jtorres ·

          In reply to Amen Y’all!

          Since the analogy was brought up, wouldn’t it be grand if you were wanting to drive to Target only to have your car take you to Wal-mart, or the strip club downtown? I have gone to many of my users home to unhi-jack their and or their kids pc because no matter what they do, their browser takes them to some porn site or other site besides their wanted home page. Not all users are ignorant or computer illiterate and they still struggle with malware or scumware such as this. Asking your casual home user to take preventative measures to prevent this is not as easy as it sounds. Many of us know we can use programs like Ad-Aware and Spybot S&D to help us with this problem. How are you aware of these programs? Most of us monitor sites such as this to be well informed about what is going on and what resources are available; it’s our job to do so. How would your spouses or children fare if they needed to load some software on their TV so they are not constantly redirected to the risqu? channels on your TV because it was hi-jacked. The computer industry, as well as Microsoft, portrays the modern computer as a utility they just plug in and it just works, much like a TV. Microsoft has created many of the problems we are having now simply because it did not or refused to consider that leaving their browser and OS so open for advertisers to “push” information “you want” would have caused such a nightmare. Remember when Microsoft thought that the web was just going to be a short-lived trend. They had no interest in it until they figured out that they could make money with advertisers by giving them the tools to advertise on their OS. So much did they realize this cash cow, that they single handedly did everything they could to monopolize the browser market. I feel strongly a few things need to be done that would greatly help in this situation. First, Microsoft must stop trying to play to the advertisers and secure their OS. Second, laws need to be put in place to give people the power to stop this thing from being allowed in the first place. Realize that pretty much everything you subscribe to automatically ops you in to buying or agreeing to something. You do not have to click or say yes for them to do it. This has been a problem with the sales industry in general. How many offers have you gotten that say, ?If you don?t want this just let us know and we?ll cancel you. Otherwise we will only bill you $50 a month?? This opt-in BS is what gets you if you don?t send the EULA to your lawyer for review. And of course, we all read and understand every EULA that pops up. Third, more anti-malware tools need to be made available in stores to the general population to help fight this just like anti-virus software is available. Jump out of your tech shoes for a moment and get into your mothers shoes. That is what our biggest problem is. Our perception of the problem needs to be from her point of view not ours or not ours.

        • #2699053

          Education only works for those that want to be educated.

          by arahigihs ·

          In reply to Problem is with education

          I have the priviledge of working for a company whose main staple of computer users are from the generation that saw the first PC. Bluntly, they are computer illiterate. Which can add copious amounts of hilarity to my day. Don’t get me wrong, they know how to do what they need to do and they do realize the setbacks that we face by allowing mal-ware free reign. Realizing this, the Board of Directors has set strict guidelines for users. If they don’t need it, they don’t get it.
          For instance, many of the people in our Call Center don’t need access to the internet so they have had IE removed from their PC. Some can only visit certain websites. Others don’t need email. The list goes on.
          Although this “workaround” is time-consuming, it has proven to be highly effective as we have been able to isolate the PC’s that have virtually un-hindered access to the internet. And though it doesn’t solve the problem, it eases the workload for our IT dept. considerably.

        • #2699036

          What about?

          by scott.quillen ·

          In reply to Problem is with education

          >The Unix feature that Windows 2000 does not have
          >that would allow administration to be a lot more
          >sensible (and I am not a Unix advocate at all ) is
          >the ability to slip into superuser rights, perform
          >a task at that level and drop back down to normal
          >rights level.

          The “Run As” feature in 2k/XP/2k3 accomplishes this, doesn’t it? Right-click any application, select ‘run as’ and enter your administrative credentials… It’s not the easiest thing to do, but it does work.

        • #2699006

          Education is only a part of it

          by ottersmoo ·

          In reply to Problem is with education

          I disagree that end users in a corporate environment are responsible for knowing how to fix their own computers or even troubleshoot them. They are responsible for knowing how to do their jobs which sometimes require a computer. It is our job, as techs, to keep those machines running so that they can do their jobs. Therefore, the problem of spyware falls squarely on our shoulders.

          Education is a PART of it and you can give them tips on how to “surf safe” but that will not work for everyone, nor will it stop everything because they secretly install and use trickery that can fool even a very savvy user.

          The problem of spyware is in it’s infancy and if you think back to when viruses were very new, these very same discussions were raging in every IT department across the country. The tools to fix it have not caught up to the technology yet. The other issue is that most of what we call spyware is actually adware. And perfectly legal. Which is why companies like NAV and McAfee are hesitant to develop software that blocks these ads and remove these products. They could get sued.

          So here we techs stand in a sticky situation. We’re having to onesie-twosie it and remove spyware one infection at a time using free tools, that while they are very good, they don’t catch everything.

          As I said before, education is a part of this but that is only one weapon in this very ugly war. The other is software tools to clean it, which have yet to come into their own. The third front we are fighting on is the legality of what these programs do. There is legislation in the works but it’s coming at it from the wrong angle. We should legislate software behavior. For one example, it should be illegal to create a software program that resists removal from a corporately owned, or a personally owned computer. That computer is property that does NOT belong to the company that covertly installed it’s program. I should be able to take ANY program off my machine with EASE and confidence that it is COMPLETELY removed. I should be able to do whatever I want with my computer because I paid for it. It’s my property.

          If you want to get more information about the legislation that is in both the House and the Senate, go to http://www.spywareinfo.com. This site is the frequent recipient of DOS attacks so please be patient. He’s got some great information on that site and discusses the problem in a very intelligent and multi-faceted manner.

        • #2713014

          I Did Not Say Fix Computers

          by jcp ·

          In reply to Education is only a part of it

          offersmoo, I think your response, if it was to my comment that Education was necessary (as it’s title implies) is not really following what I said.

          I did not imply that users need to be trained to to become responsible for fixing, or trouble-shooting their computers.

          All I said was that there is more education necassary, partly because the primary OS that is used (Windows in it’s various versions) needs more Training/Education than most users have.

          I also said that Microsoft could be a little more helpful in making life easier for ordinary users when it comes to keeping spyware, and virues, off their desktop computers.

          Please do not put words in my mouth as you submit your comments.

          Thank you.
          John.

        • #2699130

          Ideas to help

          by justinr ·

          In reply to Free Tools

          I am a Resident Tech at a Staples in Canada and I have been running into this issue more and more over the last year. Viruses are no longer the reason people bring computers in for repair; it is Spyware/Adware. Mainly people deal with them but when hijackers take over their web surfing and programs start to damage DNS resolution; they are unable to continue working with their PCs. Up until recently we have only been able to remove the spyware and not protect against it. Lavasoft has their Pro version but this isnt something that I can effectivly market to the customer. Customers are bringing PCs in every so often becuase they figure that once I removed the junk, it should stay off for a long time. They do not understand that what I spend hours to remove could very well be thrown back into the system in a matter of a few clicks.

          I have just started marketing a bundle ‘Tune-up’ to the customer that includes the removal as well as prevention of spyware with the help of Mcafee’s AntiSpyware. And with the release of Mcafee 9.0 (NA says they are focusing strongly on not only the removal of spyware but the PROPER removal of spyware in that release) we have more options available to us to help protect our customers. I believe that once we get these big companies behind us; it might just make it easier to at least dull the roar of spyware. (I am focusing on the Mcafee software because, as many of you most likely know, Symantec’s software has taken a deep plunge off the top. Installations go bad 9 times out of ten, etc)

          What do you think about these companies venture into the prevention/removal of spyware?

        • #2699054

          Symantic

          by ironsiren ·

          In reply to Ideas to help

          I’m am not sure about what Mcafee has been doing but as I mentioned I think NAV 2004 Pro has done a good job of incorporating their spyware remover into there virus protection. If you enable autoprotect a popup actually comes up in the bottom corner of your screen telling you when a scan is being initialized so you can try and avoid those websites and such in the future.

          I’m sure Mcafee’s solution will be along the same lines as the one symantic has come up with.

        • #2698979

          Ideas to help – Norton works

          by krogelr ·

          In reply to Ideas to help

          Like any of the tools it is not perfect but we have used this NA product for thousands of workstations. We do not have failure rates anywhere near yours. It is not perfect but it is not that bad either.

          Ron

        • #2698900

          Norton fail rates

          by justinr ·

          In reply to Ideas to help – Norton works

          I am finding that I can have great success with Norton on a clean install or windows with all patches applied. But the issue is that being in the repair business, you rarely get machines that are clean installs and no customer would really want to format just to install Norton.

          I would love to have total control over the machines I fix. But I cant.

        • #2698603

          O Good, Tools not tirades

          by bhunsinger ·

          In reply to Ideas to help

          Great to see an answer that does not involve the answer that only mechanics should wash cars and change CDs. We have a lot of that comming into the shop now also. Three months ago, we were advising customers that NAV 03 was adequate, now we offer Norton AV 04. It may not remove them all, but it does a good job of finding them.
          Also, I have a seperate issue with AdAware; it seem to ad its ownere spyware when installed-that 180 thing. Comments? I especially liked the comment about Kazaa and other programs not being free while using shareware like spybot and adaware!
          Finally, whatever you use, I have discovered that running it in safemode greatly enhances the programs ability to find and remove this stuff. I now routinely set IE to delete temporary intternet files when closing and install the google toolbar to stop popups. Deleting cookies can help as well.

        • #2699062

          NAV

          by ironsiren ·

          In reply to Free Tools

          You mentioned that antivirus programs should incorporate antispyware protection into their software. If you find a copy of Norton Antivirus 2004 Professional it actually has this option built into it. I also have a copy of Adaware Professional installed on my pc and home and found that NAV actually did find programs lavasoft didn’t. I also use a registry cleaner to though, I have found that although programs like Adaware claim to search your registry a good registry cleaner always finds a few extras which helps to keep my system clean. The best part is many of these tools only take a minute to run and can either be set as scheduled task to during days while I’m at work or many have the option of running on startup. I have found the most effective way to clean the system is in safe mode though. Sometimes if these spyware bots are running adaware finds them but is unable to remove but in safe mode none are running hence a more through cleaning.

        • #2699013

          An Enterprise solution

          by a7v8x ·

          In reply to NAV

          The spyware epidemic that afflicts 90% of consumer PCs presents real-world threats to corporate resources.

          * Compromised security of corporate information, data and intellectual property
          * Diminished workstation performance
          * Increased service burden on IT staff
          * Reduced employee productivity
          * Increased bandwidth consumption

          Anti-virus software and firewalls do not FULLY address the full spectrum and barrage of spyware attacking companies today.

          I found a programme that I think does a good job – until the next release. Webroot Spy Sweeper Enterprise effectively protects, detects, quarantines and deletes all forms of spyware.

          WSSE is equipped with a comprehensive set of features to effectively protect, detect, quarantine and eradicate even the most devious and malicious spyware. The centralized console makes deployment, administration and maintenance a snap.

          Have a look at webroot.com

        • #2698899

          Sounds great

          by justinr ·

          In reply to An Enterprise solution

          I love SAV corp because you can admin everything from one machine. If this is anything like that, I am sold.

        • #2699061

          Spybot and ongoing protection

          by dnsb ·

          In reply to Free Tools

          Spybot does offer an immunize function which keeps several forms of spyware from re-infecting a system. Spywareblaster and Spywaregide’s blocklist also offer further protection from known bad Active-X controls. The key, of course, is known bad.

          The main problem, for me, is not the corporate desktop which is always behind our firewall but the laptop users who almost seem to enjoy collecting malware and bringing it to work with them. Educating them is an ongoing process.

        • #2698976

          Too bad you can’t use Linux

          by linuxinlibraries.com ·

          In reply to Free Tools

          It’s too bad that there aren’t enough viable alternative software programs that people could switch to Linux. While this would not COMPLETELY solve the problem, it sure would knock a big dent in both virus and spyware activity. I use Linux on a few of my computers and never have these issues.

        • #2698695

          Just a matter of time before it gets hit

          by myndebox ·

          In reply to Too bad you can’t use Linux

          Its just a matter of time before they start writing code to effect a linux box. theres no point in writing apps for an OS that no one really uses, I mean average joe. If everyone moved to linux or mac or whatever it may be…they [the spyware companies] will adapt too. The best way to solve all network problems… make a ghost of your drive, and automate a format across the network on the weekend. monday morning, its all back to new, they trash it by friday and friday night its all back to normal. 🙂

        • #2698758

          There is ongoing protection… of a sort

          by pearce-kilgour ·

          In reply to Free Tools

          In spybot you do have the option to immunize against bad websites which which contain spyware. I find the only problem is that the spyware enthusiasts seem to have the uppperhand in putting out more websites than the anti-spyware can update their listings for immunization.

      • #2713199

        read the fine print

        by mustang221 ·

        In reply to Cost of “free” software

        The number one method to avoid spyware packaged with “free” software is to read the fine print, also know as the EULA. You can’t read assume that it’s the same old verbage of “we’re not responible for any damage…” I see the EULA when going to some web pages on the dialog for Active X controls. If you get tired of it, stop going to that web page.

    • #2699140

      The chickens are coming home to roost

      by i.hilliard ·

      In reply to Spyware

      Spyware is just another result of the majority of computers in the world running software that lacks real security. Moreover, because a lot of software doesn’t work properly unless the user has Administrator privileges, what security there is, is often bypassed.

      Microsoft’s total lack of interest in security, as something that is not marketable, is now having an effect on all facets of computer usage. In a recent article in Computer it was clear that Microsoft is still of the same opinion. There will only be a real improvement in basic computer security when clients make it clear to Microsoft that security IS an issue. This of course may mean looking at alternatives.

      Nothing effects a company’s thinking faster than the bottom line.

      Ian

    • #2699139

      Removing Spyware in XP

      by format19 ·

      In reply to Spyware

      Hi Guys,
      I run a computer shop where we deal mainly with home users repairing and upgrading PC’s etc..
      We spend approx 90% of our time scanning for both Viruses and Spyware.
      With every Job it is the 1st thing that we have to do before attempting to fix the problem which it came in for.

      The biggest problem is with Windows XP and Multiple profiles. The security is so good that each profile is effectivly a totaly seperate PC.
      To remove all of the spyware you must log into each profile and scan.

      Taking the hard drive out and slaving onto another PC WILL NOT WORK!!!!!

      I have contacting about 7 companies (Webroot, Adaware etc..) about this problem and they have NO way around the problem.

      If any one knows of a way round it or of a utill to do it please please please email me…
      mark@cscfermoy.com
      Thanks

      • #2699104

        Re: Removing from XP

        by techsoeasy ·

        In reply to Removing Spyware in XP

        You didn’t mention if you were in a domain environment or not, but if you are, I’d suggest making all your profiles roaming. That way you can just delete the ones on each individual PC.

        All of my clients operate with a SBS2003 network, and that has been the best way for me to keep up with it all. Basically, the workstations are locked down for any type of install. (via group policy, no toolbars, no bho’s etc). All individual files are stored on the server using active directory and folder redirection.

        All software updates are driven via SUS, so no need for any workstation to download anything.

        Except… the only thing I generally have to worry about are downloads from personal web emails (which have been allowed due to company policies). In addition to using ISA for help there, I’ve also been using Avast anti-virus which has a decent webmail client that generally catches those pesky java trojans.

        If you aren’t in a domain environment, I’d strongly suggest looking into SBS2003!

        TechSoEasy!

        • #2698986

          huh?

          by kst ·

          In reply to Re: Removing from XP

          He’s running a repair shop. He’s not a sys admin.

        • #2698620

          HaHaHaHa..

          by bloodyusername!! ·

          In reply to huh?

          Sometimes the ability to think of less than a 20 unit network eludes people .
          Seriously, I have exactly the same problem. What I usually try to do is see whether all the profiles are necessary. One client that comes to mind had 7 profiles, one for each member of the family. All internet users. I wound up setting up 1 profile for all internet use, then blocked all others with the firewall(with the Parents knowledge and approval). It seems to have worked for now, but I just know I’ll be seeing the machine again….

    • #2699134

      Possible Defense Against Spyware

      by harry.landau ·

      In reply to Spyware

      I’m not a lawyer, but I have been wondering if it might be possible to take Spyware and Adware companies to court under trespassing laws. They are entering our businesses and homes without out permission.

      Any lawyers out there that think this is a possibility?

      • #2699096

        Read the EULAs

        by luke_klink ·

        In reply to Possible Defense Against Spyware

        I’m not a lawyer either, but what alot of users don’t do when downloading freeware or paid for applications is read the End User License Agreement. If a company states in their EULA they may collect information regarding your Internet browsing habits, etc. If they do not disclose this, not sure if you can take legal action or not.

        • #2699035

          Reply To: Spyware

          by scott.quillen ·

          In reply to Read the EULAs

          No, you can’t. the EULA clearly states that the software will gather information, monitor web habits, etc., etc. As soon as that’s agreed to, the liability is removed from the provider. They tell you what they’re going to do, and the users (who don’t read the agreements) say “Ok, please do that to me”.

    • #2699132

      CleanSlate

      by quiet_type ·

      In reply to Spyware

      As far as tools to fight spyware go, Fortres Grand makes a product called “CleanSlate” that does a good job of protecting a system against unauthorized changes, including changes made by spyware, and even viruses. CleanSlate caches all changes and, on reboot, discards any modifications made except those made by programs authorized by the administrator. So, if spyware installs itself during a Web surfing session, on restart, it’s simply gone. We use CleanSlate in a school setting, where young students are always messing around with the desktop, or going to game sites sponsored by adware and spyware.We had some problems with an earlier version on WinXP, but that seems to have been taken care of in the new version. CleanSlate is certainly worth the time it takes to test it for yourself.

      As a technician, I appreciate the fact that spyware currently presents us with more problems than any other single cause. I work hard to educate our staff people about the dangers of the Internet, and how they can help protect themselves at home and on the job. I’ve found that the average user, including the one who has been using computers for many years, simply doesn’t have a clue where it comes to dealing with spyware. Many don’t even know what it is. So, I constantly harp on the subject in memos and newsletters, and I have seen some improvement over the past year.

      As for combating spyware at the source, I would appreciate strong penalties for offenders who cause spyware or adware to be installed to users’ machines without full disclosure of the nature and purpose of the software, and a way to opt out. Of course, you have to make a distinction between legitimate adware, such as that installed by free versions of Opera or Eudora, and real spyware, such as backdoors installed by some virus programs, drive-by installations, etc.

      Anyway, good luck to all of you fighting this problem.

    • #2699129

      Reply To: Spyware

      by justinr ·

      In reply to Spyware

      I have found that dumping IE for Firefox (or others) can greatly increase a computer’s ability to with stand spyware.

      And with programs like Javacools SpywareBlaster that add a level of permanent protection; I dont get a single bit of junk on my home system.

      Customer’s computers is another issue…

      • #2714605

        I agree to dump IE

        by shawn_wood ·

        In reply to Reply To: Spyware

        I only use firefox at home and I do not get any pop up windows! I have even gone a step further at home and use a smoothwall firewall with an adzap mod that kills a very large percentage of adds at the firewall so even if I used IE, I would not get many ad’s and pop ups. The combination of this mod for smoothwall and firefox, I have yet to get spyware! I scan once a week and the only thing I ever find are cookies. I have also started editing the host file for some of my more “internet happy” users and that seems to help a bit. I am trying to get a company wide rollout of Firefox.

    • #2699126

      No Solutions, Only Mitigation

      by mehawinct ·

      In reply to Spyware

      At the risk repeating many useful comments, the key to the spyware problem is that malicious code writers/info harvesters rely on two solid — and unlikely to change — things: human nature and MSFT’s insecurity.

      What we do is manyfold (although it’s not enough):

      – run Windows 2000
      – keep patches up-to-date
      – keep anti-virus software up-to-date
      – install and update SpyBot and AdAware at initial set-up
      – have users run as “Users” in Win2K

      The CleanSlate program mentioned in another post is an interesting idea and may be a useful addition to the spy/malware fighter’s toolbox. There are many other things that can be done, but they are certainly more involved, like:

      – having a enterprise-class imaging system and just re-image problem PCs (and keep all user-created docs on a central server) (we are implementing Novell’s ZenWorks)
      – deploy an application level filter at the network edge and stop viruses, worms, trojans, etc. before they get in (this relies, of course, on up-to-date definitions)
      – deploy an intrusion detection system (IDS); however, IDSs are sophisticated and require careful setup and maintenace
      – develop Group Policy restrictions (in Win 2K/XP) to _lock down_ PCs (that can cause other problems though)

      Unfortunately, many of the mitigation techniques are 1) not complete and 2) not available to the small shop. For the small folks, only constant updating of the available tools will help — at all. Training/educating end-uers is of some, but ultimately little, value as they will focus on their jobs, and not worry about what to click and not click.

      Wish I could be more hopeful, but with MSFT’s dominance, insistence on features over secuirty, and continued unwillingness to truly tackle security, we are in for a continued mess (although I hope my suggestions, and the ideas of others can help make lives a bit easier . . . )

      Good Luck!

    • #2699125

      Shameless Plug? or model for the future?

      by kahuna ·

      In reply to Spyware

      Like many of you, the past two years of my “spare time” has been taken up by doing spyware and adware catching for friends and family.
      I did it so much that I formed a partnership with another guy, and we’re pursuing it as a second line of business.
      At this moment, it’s just getting started by word of mouth and a crude website, but we are VERY encouraged by the response by home users and small businesses.
      I don’t want to break any forum rules by posting my website address, but any who’d like more info can email me, I’m actually to the point where I need more techs.
      kahuna@harpervance.com

    • #2699116

      Go on a diet

      by mollenhourb9 ·

      In reply to Spyware

      Just don’t accept cookies. That is where it all starts. If people stop accepting cookies, then companies will stop producing them. If they want your business, they will do what the public wants them to do.

      • #2698675

        Just say no…

        by gaijinit ·

        In reply to Go on a diet

        Cookies seldom are of any use to me too. If I find a site interesting enough to return to, I simply bookmark it. This might not be suitable for everyone (maybe they do online marketing research for their 9-5), but it works for me.

        I surf the web like I shop – I generally know what I want, let Google find it, save the related web pages as html docs until I finish with them, then log off. I have my home browser set to accept NO cookies.

        My ISP takes care of viruses (I still keep McAfee Internet Security Suite running as a backup) and SPAM for me for an extra $4/month – well worth it.

        But maybe not everyone is aware they can refuse cookies. Spyware isn’t really targeting computer-literate people, they are after the home user who has a computer for their kids’ homework and emailing/on-line shopping. At least they are not cutting down forests to cram your snail-mail box full of unwanted crap, just creating a monster traffic jam on the info highway.

        But like it or not, commerce drives the engine, so it is not likely to go away anytimer soon.

    • #2699111

      Spyware

      by thakurnitin ·

      In reply to Spyware

      It?s a good idea to have war against spyware as consumer. If we as consumers decide not to use any product from which uses spyware for sells.
      More awareness can created by having a website displays name of the companies uses spyware for their sells.

    • #2699110

      Consititional misinterpretation allows spyware to flourish

      by jf555 ·

      In reply to Spyware

      Although I don’t have first hand evidence, i was told by intelectual property lawyers that the reason spyware flourishes in the US, is the mis-interpretation of the first amendement. Apparently, the marketeers who want to collect all the info about you, have won a supremene court lawsuit which ruled that under the First Amendment, the marketeers have the UNDENIABLE RIGHT TO DEPOSIT SPYWARE ON YOUR COMPUTER WITHOUT YOUR KNOWLEDGE OR PERMISSION! As a compromise to the Fourth Amendment, the user can remove the undesirables if it is a DELIBERATE AND CONCIOUS ACT ON BEHALF OF THE USER, i.e., just as you have to sort your physical junk mail, you have to update the anti-spyware files manually and then scan manually and then remove the junk manually. It is well known that there is freedom of speech in other countries yet the antispyware programs such as PestPatrol, Ad-Aware, SpySubtract, etc. work in the AUTOMATIC MODE, THEY UPDATE THEMSELVES, SCAN THEMSELVES AND REMOVE THE UNDESIRABLE THEMSELVES. So the fight against spyware has to be coordinated from a mlti-point approach: end user education, federal legislation, consumer boycott, OS security improvment to the point that OS files are locked and can be modified only with cerain keystroke combo which can’t be programmed into the spyware, i.e., Cntl-Alt-Del or similar. Yo may aslo be aware that ther is a bill in the house under consideration which would make the computers “private property” and says that “since i paid for it, it is mine, keep you hands out of it”, needless to say, guess whi is opposed to it? yes, they claim that it would interfere with their business. My reply is: there is no consitutional mandate requiring the spammers or marketeers to be in business!, So there.

      • #2699085

        Here, Here

        by fswalef ·

        In reply to Consititional misinterpretation allows spyware to flourish

        I like it! “coordinated from a multi-point approach: end user education, federal legislation, consumer boycott, OS security improvment to the point that OS files are locked and can be modified only with cerain keystroke combo which can’t be programmed into the spyware”

      • #2698964

        business sucks

        by krogelr ·

        In reply to Consititional misinterpretation allows spyware to flourish

        To me this business model sucks just about as bad as a cheap 3 dollar whore. Making money in this fashion is at the lowlife level of society. While it may always be around they can limit it legally. I just wish congress and the courts had the gonads to say no to companies sometimes and just do the right thing.

      • #2713352

        No protection like that available

        by nixon_public ·

        In reply to Consititional misinterpretation allows spyware to flourish

        There is NO keystroke that cannot be programmed in. WinVNC & Symantec PCanywhere both have “soft” CTRL-ALT-DEL available on the remote menus to access the host PC taskman.

    • #2699106

      What can be done, what must be done

      by roger99a ·

      In reply to Spyware

      This is a corporate view to the problem. Home users can use both Adaware AND Spybot for their own protection.
      Right now I use a proxy server at work which allow me to see where the end users are sending internet traffic. I use it to block URLs and IPs that spyware programs use to gather data. A firewall can do this, too. IF we moved everyone to thin clints the servers could be scanned and cleaned daily. What MUST be done is for some companies to build or incorporate anti-spyware into their anti-virus products. This is beginning to happen but is not yet effective. I fear the legislative approach because it threatens the freedom of the internet. Government intrusion always leaves a bad taste. Spybot does have a limited methos of protection. The “Immunize” feature rewrites your hosts file to block bad sites it has discovered. This hosts file can be distributed to client computers with a simple script file at startup, an easy thing to do with Active directory and updates from themaster host file will be updated automatically. This is the best suggestion I have for now.

      • #2699100

        PS

        by roger99a ·

        In reply to What can be done, what must be done

        Marketing people won’t quit and you can’t change human nature. Advertising works. The internet is too big for governments to police. It’s up to internet users to protect themselves. And for those of you who cry “Microsoft!” it’s not their fault. No one from Microsoft comes to my place of business and clicks YES when the GAIN installation box pops up. Some of us have to use IE and Windows to get along with the rest of the world anyway.
        We’ll find out how secure Linux is when it’s on 30% of home users desktops.

    • #2699102

      WinPatrol

      by ebob2k ·

      In reply to Spyware

      Until spyware is eliminated, WinPatrol, when used in conjunction with Ad-aware, is the most effective anti-spyware program I’ve found. It can be used to kill spyware that is in Startup or running and also help prevent system changes and the reinstallation of spyware. The spyware Cookies found by Ad-aware and entered in WinPatrol’s Nuts section will not be seen again. These are the features in the free version. The PLUS feature in the paid version allows the full interrogation of any application to see if it’s spyware.
      Free or paid, this program is as much a must-have as an antivirus program.

    • #2699094

      Get absolute control with Cyber Secure hardware

      by dennis ·

      In reply to Spyware

      http://www.valtx.com manufactures Cyber Secure Hard Drive Adapters that give you absolute control automatically eliminating Spyware, Hacker attacks, Viruses, unauthorized changes etc. As a hardware device it is impervious to attack itself. Also provides Real time Encryption, Pre boot authentication, multi-boot drives from a single drive, allows testing of patches/upgrades with clean instant rollback.

    • #2699092

      PestPatrol Corporate Edition

      by bpeddicord ·

      In reply to Spyware

      I’ve recently installed the Corporate Edition of PestPatrol. It allows me to scan user machines and update the pattern files for the active protection installed on each machine from a central location (without having to visit each machine). We’ve only got about 40 machines on the network, and it works pretty well. Like all of the spyware tools, it might not find everything. If you run AdAware after a scan, it may detect something else. I’ve never been able to clean a really badly infected machine (one brought from home by a parent with kids) using just one tool, so I don’t see that as a problem.

      • #2699021

        Legislation in the USA will have very little effect.

        by sauerb01 ·

        In reply to PestPatrol Corporate Edition

        I work for a large corporation and we have a program underway to track the spyware to it’s sources. There are ways to do this if you have the resources. We do. Over 90% of the malware attacks we have experienced have their roots in European and Far Eastern countries. One of the biggest offenders right now is Russia. Any laws passed in the USA will have absolutely no affect on these sources. So in affect you can only hope to stop about 1% of malware attacks through legislation in the USA. It would just be a waste of time and money. The best way to fight it would be to release the names of the companies paying these malware companies for advertising. In the end it all comes down to money. They lose market share and they stop feeding thepockets of the malware producers. The media is the most instrumental way of getting the word out on these companies and I see some day soon that this will start happening. There is already a buz in the media communities on how to report these occurences.

    • #2699091

      Concurrance is unanimous

      by fswalef ·

      In reply to Spyware

      I just picked up a new laptop and by the time I finished configuring it I got hit with 107 hits of spyware and 1 download.trojan. Mike hits the nail on the head! The question is do we lobby for the Government to step in and initate a “Do not spyware us ” program. I have, since cleaning and disinfecting the new laptop” loaded and am running one anti spyware program, one anti virus program, one firewall and one pop-up blocker – all which by the way are, as you know, using vital resources that could be used for real processing. Educating users on programs is well and good provided it does not require the users to get into the technical realm, I still have to deal with current questions concerning the firewall block notifications – is this good or bad. As stated in the opening paragraphs what started as something simple, cookie placements has certainly started to crumble (pun intended). I with you guys. Educate users and lets start a campaign against spyware, pop-ups or the next evolution will be internet accessing via “tunnelling” with concrete on and off switch firewalls. I stand before you, to stand behind you to take the next step together.

      Fred Swalef

      • #2699077

        Educating Users Often Fruitless

        by americium ·

        In reply to Concurrance is unanimous

        You can educate users; but spyware links that users click on often install even when the user clicks ‘no’ to ‘do you want to install.’

        You can educate the users to click the ‘x’ or use alt-F4 on a popup window; but spyware often installs itself anyway.

        Putting files on my computer that I don’t want without my permission should be illegal. With cookies, I can choose to accept them if I want a site to work. But I can also block them when I’m going to a site that I want to ‘buzz off’ from MY information.

    • #2699089

      Enterprise Solution???

      by luke_klink ·

      In reply to Spyware

      We have just begun to evaluate two enterprise-targeted products: PesPatrol Corporate Edition 5.0 and Webroot’s Spy Sweeper Enterprise. Industry experts state there will be no great enterprise solution until mid 2005. Has anyone out there tested/implemented these very new products? What are your finding thus far?

      • #2699063

        Stop it before it gets to the computer

        by lakefire ·

        In reply to Enterprise Solution???

        We use Fortinet’s line of firewalls to stop virus’s and with the release of version 2.8 now all types of grayware (spyware, malware, hijacks, etc) before it even reaches a computer inside. I also would recomend TrendMicro’s OfficeScan Corperate for host based virus and grayware protection. We use this combination for ourselves as well as all our clients and have not had a single virus for over 7 months at any site. We are just starting to roll out version 2.8 of Fortinet’s firmware and hope that we will see the same results with the grayware as we have with the viruses.

      • #2699044

        PestPatrol 5.0 Implementation

        by bpeddicord ·

        In reply to Enterprise Solution???

        I implemented PestPatrol 5.0 in early June. It’s a lot better than going to every machine to run/update Version 4.4 or AdAware. Like all the spyware cleaners, it won’t get everything. If you run Adaware after it says a machine is clean, it may come up with something else. I’ve noticed two things about it since the install. You’ve got to be sure that the user of the administration console is setup as an administrator on all the other machines, or it won’t work because it can’t acquire the administrative share. Also, if you have real-time virus protection installed on the machine, the PestPatrol scanning may cause the virus software to also scan everything it touches. This extends the PestPatrol scan time as well as loads the processor more than you might want. It doesn’t seem to be a problem on the newer/faster machines, but it drags the older (less than 1Ghz) ones down pretty good.

    • #2699088

      Anything but legislation

      by tfarm2001 ·

      In reply to Spyware

      Though I agree that “something” needs to be done about spyware, I am quite certain that interference by government is the wrong solution.

      By the very nature of governance, legislation would be used as one more nail in the coffin of free speech and free enterprise, the very concepts that make the internet so very special.
      Unfettered communication, free of government censorship and enforced propaganda should be the goal of all techno-geeks responsible for the propogation of ‘Cloud Internet’.

      So instead of asking for government to become more obtrusive and intrusive, let us put our heads together in the private sector and educate our users and develope innovative software/ hardware solutions independent of Big Brother’s all seeing eye.

      • #2699028

        Propaganda / AOL as Big Brother’s first wave?

        by paymeister ·

        In reply to Anything but legislation

        All, I do NOT want to start another Jesus-is-great/Christians-are-jerks thread – please don’t take it there. This probably isn’t the forum for either (speaks a Christian who would like to avoid being a jerk).

        But you might be interested to know that AOL, theoretically a “provider” rather than a “propagandizer”, is pushing its own agenda: anti-Christian, anti-Bush, and pro-Kerry. You may like this – it is not my point here to evaluate the stance – but the FACT that they’re DOING it (with ANY agenda) bothers me a lot. And may God help us if the government gets involved…

        See http://www.businessreform.com/article.php?articleID=10659 for the article.

        • #2698994

          The benefits of freedom

          by ottersmoo ·

          In reply to Propaganda / AOL as Big Brother’s first wave?

          The good news is, that if you don’t like AOL’s message or leanings, you can stop using their service.

          Heck, I choose not to watch Fox.

          Where spyware is concerned, they’re damaging my property. That should be a crime and has NOTHING of the “big brother” connotations. The patriot act is big brother.

        • #2698945

          The benefits of freedom

          by ottersmoo ·

          In reply to Propaganda / AOL as Big Brother’s first wave?

          The good news is, that if you don’t like AOL’s message or leanings, you can stop using their service.

          Heck, I choose not to watch Fox.

          Where spyware is concerned, they’re damaging my property. That should be a crime and has NOTHING of the “big brother” connotations. The patriot act is big brother.

        • #2698784

          WTF did that come from?

          by ttoe ·

          In reply to Propaganda / AOL as Big Brother’s first wave?

          Interesting article there… Where’s that bot again? I have a few questions to ask it… 🙂

          But really, you said you don’t want to start an offtopic thread, so why bother with this? There’s plenty of sites on the internet that you can talk about those topics…

          …and I’m the sucker that read it hoping to find some spyware info in there… Yeah right…

        • #2713329

          Defense (but no spyware stuff here)

          by paymeister ·

          In reply to WTF did that come from?

          Why bother? The post I was replying to made a remark about government intervention in the spyware problem. My post was using a religious and political situation to illustrate how heavy-handed even a probably well-intentioned intervention can be. If this is what happens at AOL, government involvement would surely be worse.

          Sorry for wasting your time, for wasting it reading THIS post (though I DID label it), and for appearing stupid or (worse) as though I really WAS trying to start an off-topic thread. I’m fairly new to these discussion groups, and have been flamed badly for poorly-written but well-intentioned posts.

        • #2698614

          Hail Satan, now piss off to where this belongs!

          by bloodyusername!! ·

          In reply to Propaganda / AOL as Big Brother’s first wave?

          I hate bots.

        • #2698611

          Hail Satan, now piss off to where this belongs!

          by bloodyusername!! ·

          In reply to Propaganda / AOL as Big Brother’s first wave?

          Bill Gates is Satan. Satan is God. God is good. Good is Gates. Am I making sense yet. Neither did you.
          I hate bots.

        • #2713326

          Huh? (reply to flamer – no Spybot info here)

          by paymeister ·

          In reply to Hail Satan, now piss off to where this belongs!

          Bots? I’m afraid I don’t know the term. I assume that you’re calling me a robot that mechanically dumps out various versions of prior religious programming.
          1) Please see the “Defense” post, above.
          2) Please re-read your own post – did it contribute more or less than mine did to this sub-thread regarding legislative involvement?
          3) Consider your own response in terms of the “bot” definition above – sounds like you’re at least as robotic in your desire to dump on me.
          4) How ’bout re-reading my post? I really WAS trying to make a point about intervention, and I really WAS trying to avoid creating a religious discussion. (Frankly, I’m sick of BOTH sides of the shallow religious rants on these forums.)
          5) Sure, my world-view comes out – that’s who I am. I expect you to voice your world view, too – it’s who YOU are. But I won’t post without there being some credible link to the discussion at hand. Anything else is discourteous and, in case you are interested in some religious support for your flames, a violation of the Ninth Commandment (false witness), in that I would be falsely implying that my comments have something to do with the technical issue at hand.

          Bottom line? Sorry I stepped on your toes. I’m doing my best not to, and thought I covered myself better than I really did. My fault. -Tim

      • #2698885

        True

        by elama ·

        In reply to Anything but legislation

        I definitely agree with you! No more nails in liberty’s coffin.

    • #2699086

      Spyware Guard

      by dumbuser ·

      In reply to Spyware

      I used to find a ton of spyware on my machines with Spybot S&D and Ad-Aware, then I downloaded (the free) SpywareGuard. Now, when I scan with Spybot and/or Ad-Aware, nothing shows up. An ounce of prevention is indeed worth a pound of cure.

      I set it to run as a start up item, and it’s worked really well for me.

      The solution is not always “lock out the user!”

      • #2699075

        “Ounce of prevention” applies to browser, too

        by mark.smith ·

        In reply to Spyware Guard

        I currently use both Spybot S&D (free version) and Ad-Adware (for-pay subscription for updates). I went to roughly 16 “new objects” (Ad-Aware’s term) per week to about 2/week when I mostly stopped using IE and switched to Netscape 7.1. I did this when the publicity of the latest potential exploits in IE (a few weeks ago) prompted a number of industry columnists to advise users to stop using IE.

        I reluctantly did so — there are financial sites I visit that won’t work without it. So there are times I have to use it anyway.

        The security experts’ profiles of the potential exploits make it clear that even when running under anything-but-IE, many of these holes remain. Theoretically, yes. But until these adware and malware writers go to the trouble of “porting” to these different browsers, there is considerable mileage from just this simple step.

    • #2699072

      Spyware Removal Virus

      by eric ·

      In reply to Spyware

      Someone needs to write a virus that would remove spyware from machine then send itself to everyone in your address book. Just like a worm or virus.
      Like Sasser.
      It would look for machines that have the spyware and infect that machine and remove the spyware.
      Can we not learn from these virus writers activities, to create something good.

      • #2699030

        Reply To: Spyware

        by scott.quillen ·

        In reply to Spyware Removal Virus

        You mean like W32.Welchia? Bad idea – first off, how do you know the ‘virus’ is really a ‘good’ virus?, second, it’s still unauthorized code on your boxes, and third – these types of things create as much bandwidth problems as any other virus.

        • #2698998

          Bad Bad Bad

          by virtualgardener ·

          In reply to Reply To: Spyware

          No virus is good. Sounds good on the face of it, but you sasser worm, while seemingly benign, still brought several major networks including a major airline in Canada to it’s knees. Bandwidth hogs kill networks, even when they don’t mean to.

      • #2698616

        You must be joking

        by qldtechie ·

        In reply to Spyware Removal Virus

        Not good. What about bring commercial interests who are invading users PCs under control.

      • #2698607

        Why not? We already have a Spyware Addition Virus!

        by bloodyusername!! ·

        In reply to Spyware Removal Virus

        It’s called Internet Explorer.

        • #2711985

          BLAH BLAH BLAH, BloodyUsername

          by jrats_revenge ·

          In reply to Why not? We already have a Spyware Addition Virus!

          You, my friend don’t seem to have any direction whatsoever in your posts. From your participation in the previous posts above, I should have known better than to expect something of clarity come from you. Instead of knocking AOL, Christianity, Goverment, and MS IE, why not try a novel approach and make additional comments about this discussion that make a contribution. In my opinion you are just another holier-than-thou DLU.

    • #2699066

      HOSTS file for partial local protection

      by tech ·

      In reply to Spyware

      There are a few places out there that have been collecing URLs of known spyware companies for some time. By adding these URLs to your hosts file, and having them point to localhost, spyware may get in, but has no route to get out. Some places often make an updated hosts file available to you on a weekly basis so all you need to do is overwrite the old file (though you need to make sure you don’t have any usefull entries in HOSTS already). While certainly not a huge fix, it can at least stop the biggest offenders from getting your information. While not terribly practical in a corporate environment, this may be useful to some home PCs, especially if they are sans firewall.

      • #2698897

        Reply To: Spyware

        by justinr ·

        In reply to HOSTS file for partial local protection

        I have seen this in the KazaaLite program as an option.

        What we need now is one of these spyware removal programs to autoupdate and install new HOSTS files.

    • #2699037

      Publish home addresses

      by gfblack ·

      In reply to Spyware

      I don’t think the spyware purveyors fully appreciate how their infections affect emotions.

      A website listing their home addresses and phone numbers would enable incensed individuals to reply in kind. Or kinder.

      Does anyone know of research being done in this regard?

      • #2712898

        Phone Home

        by kaldanzia ·

        In reply to Publish home addresses

        This would be awesome. I know that approach has worked around here with an issue we were having with our state Department of Transportation a couple of years ago. The workers at one of the road construction areas were putting up roadblocks during rush hours, and causing all sorts of traffic problems due to lack of common sense.

        The mayor got really mad and put up a huge sign (right where everyone sitting in the jams during rush hour could see it and call on their cell phones) with the state DOT commissioner’s personal phone numbers (including cell) to call for complaints (the mayor had tried everything else to get the problem solved). It was absolutely amazing how quickly things straightened up.

        Maybe he should be in charge of the war on spyware?

    • #2699034

      government involvement = HIPAA

      by pvdcats ·

      In reply to Spyware

      The government may already be “involved” with spyware. A recent publication indicated that a pc with spyware on it could be a HIPAA security violation. If spyware is capable of sending your personal information to the source of its origin, what’s to stop it from sendng your patient/client’s information that is protected under HIPAA?

      • #2699002

        HIPAA data

        by mike ·

        In reply to government involvement = HIPAA

        Encrypt HIPAA data.

        A few rules to use programs to access sensitive data:

        1. NEVER leave an application that accesses sensitive data running unattended on a PC screen.
        2. NEVER leave ANY application running when not in use. (like when you leave for the day.)
        3. Log-off at the end of the day (or if you go to lunch.) Even if it’s your personal home computer!!

        Basically, a logged in computer/application is a potential security risk and an unattended logged-in computer/application is a disaster waiting to happen.

    • #2699032

      I get none at all now

      by beemersteve ·

      In reply to Spyware

      I use a combination of Adaware 6.0, Spywareblaster, and CookieWall and have had zero infections in my last 9 scans. Works good as long as people update.

    • #2699027

      Firewalls, Proxies, Strict User Control, and Possible Software

      by dmurawsky ·

      In reply to Spyware

      What if a community group got started and created a real-time blacklist? (Does one already exist?) It should be easy to block anything from *.gator.com at the firewall or proxy level. We block everything from sites like doubleclick on principle (saves a ton of bandwidth too, although it can mess up some page layouts). More advanced rules could even be created to search for specific files, as opposed to domains. Last I checked, squid has the ability to filter out content… it should be simple to script the updates. This could even be a viable business to be marketed as a black box solution (hey Spybot guys! You reading this? I want my 10%)
      Further, why let your users install software on their machines? As convenient as it can be at times, in general it is a bad idea. I’m sure there are certain situations where it is necessary to grant this ability to users, but it?s not the best practice from a security point of view.
      Lastly, the new generation of antivirus software seems to acknowledge the fact that spyware is a big problem. My company recently upgraded to Trend Micro?s Client/Server Messaging Suite for small and medium business, and it offers centralized management and scanning of both viruses and spyware. As more companies realize the threat of spyware, you can expect more products like these to come out. But in the mean time, use the tools that are available in fun new ways.

      Oh, and I don?t want government butting in any more then they already are. They don?t seem to understand much about technology or how it should be governed, and I don?t want to give them an invitation to start legislating now. I mean, taxing VoIP? What are they thinking? We already pay taxes for the lines that VoIP runs on!

      • #2717091

        spyware & dns

        by ssaady ·

        In reply to Firewalls, Proxies, Strict User Control, and Possible Software

        As effective as hosts files are with ads, they seem a little less effective at blocking spyware, because SW is a more dynamic field.
        It seems DNS was invented to streamline hosts files. I just downloaded Gorilla Design Hosts file. The thing is over 500k.

        It seems to that any software that does not have a very noticeable and voluntary installation and privacy notification should have it’s own DNS domain. I know that may sound radical …

    • #2699024

      Users have no installation access

      by norby ·

      In reply to Spyware

      As a Network Administrator for a healthcare organization, and the new HIPAA regs, we really can’t afford to have any applications on our systems that might be transmitting information to third parties without our knowledge. So, our users have no write access to the hard drives. In addition, since our policies state “no downloading programs, no installing programs”, I have blocked certain types of files at the firewall, including .exe and .cab files. Since we put these procedures into place, I haven’t seen any spyware crop up.

    • #2699022

      Free things for NetAdmins

      by scott.quillen ·

      In reply to Spyware

      I think that the perception of how to mitigate the problem differs greatly depending on the admin/client/customer relationship. I run an enterprise, so it’s somewhat easier for me to prevent infections, through use of user rights, group policy, filtering/proxying, and active scanning for infections, as well as well-documented and enforced policies that regulate what users can and cannot do on our machines.

      Of course, if you’re a small shop (or not so small) dealing with customers who bring in PC’s that are ‘running slow’, it’s a lot harder to do much more than clean the machine, try to educate the user, and then send them back out into the world.

      While I don’t want to advocate for any particular commercial product, something for smaller admins and maybe even repair shops to consider is the IE-Spyad set of filters from the University of Illinois.

      It’s basically a frequently updated set of registry settings that loads spyware/malware/ad-ware sites into the IE restriced sites zone, preventing software installation, scripting, etc from those sites. It also includes a batch-file installer, to make it very easy for anyone to grab it and drop it in. Check it out here: https://netfiles.uiuc.edu/ehowes/www/main.htm

      I also can’t help but echo the comments of someone else on the thread – if you can do away with IE and move to an alternate browser (we’re currently pushing Firefox), do it.

      • #2698794

        This link is interesting…

        by comptech3 ·

        In reply to Free things for NetAdmins

        I like the info you gave. Thanks for the tip.

        I already use Firefox to browse and Thunderbird for email. Both have been a pleasure to use.

    • #2699005

      What also has failed to be mentioned…

      by jrats_revenge ·

      In reply to Spyware

      I know for a fact that many supposed spyware removal tools such as “spyware nuker” to name one are in fact spyware themselves. I think that it is sickening how these pigs make use of the most common social engineering tricks to lure those that are not knowledgeable into the trap. I, for one, will be standing in that line to pop a cap in the head of the first one caught and wrangled to his knees. Just my 2 cents worth.

    • #2698996

      Growing threat matrix

      by krogelr ·

      In reply to Spyware

      Spyware and adware are growing threats that need to be dealt with on all fronts. The law does need to make many of these tactics illegal but generally do not for fear of free enterprise issues. And I feel they tend to lean liberally. It is an election year but Iraq and terror will keep this on the back burner for years to come unless something major (financial loss) happens.

      In a hospital environment you can imagine the issue of one where every one of you may have at one time or another had a need to enter a medical facility. Do you want your private medical data released?

      That is one example. A big one many worry about are the financial data. On a personal and a business level this should be a concern.

      Security unfortunately costs money, both in hardware costs, software costs, training and ongoing training, enforcement, etc. Most companies do not see this as true need until it is to late. It doesn’t appear to enhance the bottom line. Just a big expense.

      So I for one have to resort to a lot of freeware tools. We do the whole host of things to solve the problem. A variety of freeware tools (one never does all), multiple firewalls, user lockdowns, site blocking, registry hacks, and on and on.

      In the past year I have noticed a large increase of user disconnects from remote Citrix sessions. These are 128 bit SSL based sessions. The combination of ticketing expiry and SSL provides a good amount of security for remote users. Problem is most of those disconnects usually end up we find due to remote machines and adware/spyware.

      My hope is we can have Symantec and the other large players quickly build in these features to antivirus products. Having 4 or 5 tools running is just not feasible. Another thing that I want is a good remote access policy that enforces rules to ensure remote nodes meet criteria for access.

      A lot of work needs done. I know some of the tools exist (remote access policy enforcement via SSL VPN for example). Now I like everyone else have to shake the money tree just to see the money required not fall down.

      Please post the freeware tools you have tried. Also list bad tools and why they are bad. I for one will be checking this thread daily and looking for new tools. Thanks.

      Ronald Krogel

      • #2713438

        Tools Request

        by black_eyed_pea ·

        In reply to Growing threat matrix

        Ronald,

        I included a list of tools within my post yesterday. If you haven’t looked it over, you might want to now.

        I agree there needs to be one highly-reliable, enterprise tools for malware prevention and removal. Until then, we have to brainstorm with one another and improvise.

    • #2698995

      Stop it at the Perimeter – don’t trust users

      by natem ·

      In reply to Spyware

      We used to have the same problems, massive amounts of who knows what running in the background wrecking havoc and bringing the system to a near halt. We didn’t give anyone admin rights but a lot of the stuff still seemed to be able to be installed. I locked down our firewall severly and it hasn’t been a problem since. Our firewall does not allow ActiveX or Javascript and uses a content filter that updates on a weekly basis. We disallow access to all but two of the catagories in the content filter. I also locked down outgoing traffic. Nothing is allowed out unless it is necessary for business operations. If a user needs to access a site that the firewall is blocking, I manually enter the site into the ‘trusted’ list of the firewall and it is no longer blocked.
      -nate

    • #2698992

      XP SP2 and Spybot

      by virtualgardener ·

      In reply to Spyware

      Service pack 2 for XP promises to end a lot of this. Only time will tell. Of course, once the major holes are plugged, these guys will just start looking for new ones.

      The best setup I have seen so far is WinXP with SP2 and Spybot. Spybot is a fantastic program free to anyone and everyone, corporate or home users. It can be scheduled to run automatically on system startup, and you can even tell it to update automatically at the same time. A truely awesome program.

      Please though, if you do plan to use it, try and send the guy a donation. He is doing some really great stuff out of the goodness of his heart, and I personally don’t want to see him quit!!!

    • #2698967

      Network Assoc TVD

      by philwills ·

      In reply to Spyware

      McAfee VirusScan 7.1 detects spyware, but in my experience it has a hard time removing it. When it is detected I run Ad-Aware to remove it.

    • #2698937

      Trend Micro’s product

      by james schroer ·

      In reply to Spyware

      I know that Trend has releaced it’s OfficeScan product this month (July) that addresses this issue. I haven’t implemented it yet but I’m sure it will help some. I also believe they have some home products that will also work. I see the future of antivirus companies also addressing this issue. Another quick fix is using a browser other than IE. I mainly us Netscape at work and IE at home and I notice a huge differance in the amount of spyware.

    • #2698915

      McAfee Virusscan Enterprise 8.0

      by sluster67 ·

      In reply to Spyware

      McAfee’s newest virusscan enterprise edition includes an “Unwanted Programs Policy” that theoretically is supposed to stop such headaches as “spyware” “adaware” “dialers” “password crackers” etc. etc. And this is an on-access process as opposed to a product like “Adaware” that scans your PC after the fact. Mcafee is what we use here at work, so we have been testing the beta version for about a month now. I believe the new enterprise edition is available at the beginning of August. But don’t quote me on that because they have already bumped back the release date once. I’m not saying Mcafee is any better or any worse than NAV or any of the others. It just happens to be the virus protection we use here. Mcafee also has a “Buffer Overflow” protection. So these companies are at the least starting to recognize the other dangers of the Internet. It’s not just foolishly opening suspicious email attachments anymore. So if you are looking for an Enterprise solution, this is always one way to go. Just my 2 cents people.

    • #2698892

      Life is a BITCH

      by thumper1 ·

      In reply to Spyware

      Spyware is a bigger threat to networks and business productivity than viruses. I have never had a virus make it past our AV software, but I have spent a lot of hours cleaning up spyware and browser hijacking.
      The biggest issue for me is that fact that users are going to places on the Internet not business related. If I had my way, that would stop. (Not practical, though)

    • #2698888

      No Government Intervention

      by elama ·

      In reply to Spyware

      As an IT Professional I can also see the problems with Spyware, but don’t want any more government interference. The lawmakers in this country don’t understand how spyware, trojans, viruses, and worms work and they really don’t care; they simply want votes. They also will not take the time to find out, they’ll just put together a bunch of bills that only erode the freedom of the hones. Let’s face it the criminals who write the stuff will find a way to get around it. Take the phone solicitation issue. The people hollered, so congress wrote a bill against it. Now they send it to your fax and email address. What’s the difference, you’re still being inundated with spam. So thousands of dollars were wasted, and halted nothing.

      I personally agree with Ben Franklin, “They that can give up essential liberty to obtain temporary safety deserve neither liberty nor safety.”

      We should let Economics work it’s way through this. If there is enough money to be made by stopping spam and spyware, someone will step up to the plate and design a way to do it.

      • #2698825

        Too late

        by fswalef ·

        In reply to No Government Intervention

        The quote of Ben Franklin, “They that can give up essential liberty to obtain temporary safety deserve neither liberty nor safety.”
        is a little too late and unheeded to make a difference now. Don’t you think.

    • #2698877

      What’s in your utility kit

      by Mark W. Kaelin ·

      In reply to Spyware

      The software to remove spyware is one thing I think we can all agree needs to be an a recovery/utility disk. But what else?

      I started a discussion to get a consensus, I’d love to your opinion:

      http://techrepublic.com.com/5208-6230-0.html?PromoFeature=discussion&PromoByPassed=1&forumID=3&threadID=156350

      • #2698782

        My little black bag

        by jm ·

        In reply to What’s in your utility kit

        I keep a CD and Thumbdrive of some ‘Special’ programs that I use when repairing PC’s and Networks. Some the most useful are:

        MWAV.EVE – Single file, self contained virus scanner for quick and dirty cleaing in safe or standard mode.

        XCleaner – Quick and dirty spyware removal, also has a few other neat tricks in the freeware version.

        Spybot S&D – Of course.

        Adaware – Use if Spybot won’t fix the problem.

        AVG Antivirus – Free full fledged virus scanner. I only install it if the customer doesn’t want to pay for McAfee 8.0

        McAfee Stinger – Quick & dirty virus cleaner for the latest 40 viruses.

        Bootable Win98 disk with fdisk, sys, format, edit, attrib, etc…

        GFI Languard – Awesome network IP, Netbios, security scanner.

        And many others.

        What do you use?

        • #2698719

          100% cleaning and stable !Take that Spyware!!!

          by admin ·

          In reply to My little black bag

          I run a computer repair shop in South Jersey, 85% of our work is related to spyware and virus infiltrations!It’s a pleasure to see a normal hardware problem anymore…We have become very adaptive to this Combo threat! We have taken it to the next level with education for the customer, with support after the fact.
          Noticing that the affected machines are all running windows, using IE, most have multiple users and almost ALL are downloading music!
          Have noticed a hybrid type of trojan, one that normal virus scanners DO NOT PICK UP, be afraid if your running MCafee, Norton, AVG. Our tests reveal these are very inefective fixes/prevention for this scenario.
          http://www.pandasoftware.com/activescan step 1 (if ya can’t get online go to step 2 then come back)
          http://www.nod32.com install a REAL resident AV!Protection at the winsock level, even picks up spoofs and code red attacks(free trial no cost to install)
          Hijack this! to fix the users internet connection problem, and hijacking.
          Some people miss the most obvious place to look for this crap…good old fashined safemode regedit, msconfig, killing the temp folder(s), cookies and history, reseting IE security settings, and reseting web browser defaults..Neglect to do this and on a reboot it will replicate
          then comes adaware and spybot, must be used together.
          If for some reason the threat is not gone, I use an OLD program called VALET (created in 1982)that runs in DOS mode that bypasses ALL windows security and file in use problems. Go in head first and rip them suckers out.
          Then obviously all windows updates, and we are just now useing the MSN tool bar for anti popup solution.
          We have been extremely successful in repair so we do not have to format.
          After the fix, NOD32 is sold, Blackice firewall, and instructions on how to use adaware and spybot.
          For us, this is great! general repair time is less than 3 hours per PC at 15-20 incomming a day, it’s like an assembly line.
          I am not ashamed to say, we have this nailed down.
          Just for kicks, if your running mcafee or norton, and you think your safe, try the panda scan, i’ll bet you will cry when it finds a virus!

        • #2713338

          Money

          by g.m.bakker (cne, self employed) ·

          In reply to 100% cleaning and stable !Take that Spyware!!!

          Sure it generates cash, but it’s not the way to come about. I am sure some customers complain, since they didn’t know what hit them. I try to keep it simple and help them for a special fee if they bought from me, however I still feel like someone broke into my house. I’d rather shoot the criminal than have to replace the locks every week, and believe me it will get worse and worse if we don’t kill their business, which is less effort! There’s nothing better than a dead spammer on the BarBQ

        • #2713334

          Same stuff (almost)

          by g.m.bakker (cne, self employed) ·

          In reply to My little black bag

          Yeah almost the same stuff, add winsockfix just for repairing the IP stack after some malicious code screwed thad up. I also have a usb stick with a write lock, just because som virus caught me there and washed it clean (infected every executable) I still think we should try and hack their sites just to piss ‘m off. Earning money this way is like running a funeral arrangement, it’s not fair!

        • #2713333

          Same stuff (almost)

          by g.m.bakker (cne, self employed) ·

          In reply to My little black bag

          Yeah almost the same stuff, add winsockfix just for repairing the IP stack after some malicious code screwed thad up. I also have a usb stick with a write lock, just because som virus caught me there and washed it clean (infected every executable) I still think we should try and hack their sites just to piss ‘m off. Earning money this way is like running a funeral arrangement, it’s not fair!

    • #2698705

      Try this program it works !

      by info.med ·

      In reply to Spyware

      download SpywareBlaster from this site:

      http://www.javacoolsoftware.com/spywareblaster.html

      It really stop spyware from installing itself ou just need to update it’s database and apply the protection and VOIL? the known spyware more than 3000 will be stopped !

      • #2713005

        Spybot S&D v1.3 checks for >15000

        by rdondelinger ·

        In reply to Try this program it works !

        known spyware entities. Immunize feature stops re-infections. But as was mentioned earlier, stopping KNOWN spyware is only part of the battle.

        We are starting to incorporate the Google Toolbar as well to prevent pop-ups. All this on top of Symantec Antivirus Corporate Edition.

        And yet, there are those few PCs I have to re-image to eradicate some really nasty spyware that I’ve come across.

        – Ron

    • #2712983

      There is a way to resolve this problem

      by howards ·

      In reply to Spyware

      There is a way to stop spyware from being a problem. Have you ever considered that spyware like viruses generate income? If you want to know how to help this situation feel free to email me directly.

      hcohen

    • #2712834

      Spyware is Malicious Code

      by bmacleod ·

      In reply to Spyware

      Ok, ok, so some spyware technically tells the user what it is going to do, buried deep within the EULA. Bottom line is it is rare to find someone who would really install this stuff if they really knew what it was going to do. Since this is code that is doing something that it wasn’t “supposed” to do, it is malicious code in my book. As such, I pay huge amounts of money to Trend to stop viruses. Lately, they only tell me about some of the spyware without successfully keeping it off the system. HEY AV COMPANIES! Do your job and keep unwanted code off of my boxes as promised. And don’t even think you can charge more for a different module or program to accomplish this task. If your software was doing what it was supposed to do, the spyware shouldn’t have been able to be installed. In this regard, I think spyware may be the downfall of the non-progressive AV companies.

    • #2712703

      This Program does it much better

      by noorman ·

      In reply to Spyware

      I am using ‘Spybot Search & Destroy” for a long while now. Very recently I came accross this one though ‘PAL Spyware Remover’ (www.palsol.com) that seems to find Spyware that others don’t: f.e. a ‘Cydoor Adware’ in a version of CD_CLINT.DLL (KazaaLite) that wasn’t reported before and a ‘LimeWire Spyware’ in a USERDATA.DLL of another program.
      It even detected a ‘LimeWire Spyware’ in the popup.exe of Popup-Stopper …
      In total 13 items on my main rig after all other programs had done their thing !

      It only isn’t ‘FREE’, like the formentioned ‘Spybot’ and others.

    • #2713355

      Hackem to death

      by g.m.bakker (cne, self employed) ·

      In reply to Spyware

      I’d prefer to hackem to death, attack their service and services. And when you do get in, clean the disk and rewrite the pasword, even worse start a task that will destroy the machine. Preferably after office hours, just before the weekend so you have plenty of time to take the gut out of the machine….I tell you, this does work. Another thing that works is getting something on their system to gain continuous access to wipe out incoming mail instantly. Just Hack’em to death!

    • #2713315

      Workable Browser

      by head-tech ·

      In reply to Spyware

      I don’t know what is so hard about having an internet browser that just runs within itself and doesn’t touch your working machine. A browser is for surfing web sites and if you need to download something use FTP.

      Personally I’ve given up on trying to fix my system so I installed a clean copy of XP and I then installed virtual PC and then installed a clean standalone copy of Windows 98se as a session. I use the latest updated version of IE6.01 and Outlook express as well as NAV. When I want to cruse the internet I start a virtual session and go for it. When I finish I just close the session without saving it and the next time I start up its back the way it was when I configured it. Anything that I want to save goes to my CDRW. Since this session is on a seperate network than the rest of my local network it has no way of interfering with it.

      By the way having an old Win98se system around allows me to play some of the old games that are still fun to play.

      • #2713248

        VM is good idea

        by krogelr ·

        In reply to Workable Browser

        I also employee this method. VMWare is about a $200 download. It started out as a way of keeping a lab of servers from heating my house but works very well for a security tool. Most users can’t afford this but under some circumstances this is the best method to use bar none. Even if the virtual machine does get trashed it is easy to have a static backup running in minutes.

    • #2714013

      Server Solution

      by rrandor ·

      In reply to Spyware

      I know nothing about the technology involved but wouldnt a server solution be a better approach than relying on thousands of individual users? In other words have the servers scan their internet traffic for viruses, spyware, etc. It would slow down traffic but the savings in time for each individual who doesnt have to clean their machine, would be tremendous. Users could pay a little more for their ISP handling the problem for them.

    • #2714583

      Good old mainframe

      by tutor4pc ·

      In reply to Spyware

      Game over – the PC is a waste of time and a danger to companies. That is the view of an old hacker – involved in microcomputers since they exist and in mainframes befor that and parallel to the PC craze. Forget this darn internet and create safe networks. Don’t patch the current mess: It’s useless. Rethink the best approach. Employees in general are not loyal and look for their own satisfaction. Give them a finger and ….. Only a tightly controlled environment will do. That can also repel terrorists threats.

      Just listen to an old guru – you won’t regret it.

      Jo

    • #2714449

      Spyware Removal/Prevention Checklists

      by black_eyed_pea ·

      In reply to Spyware

      Spyware Removal Checklist

      1. Boot into Safe Mode with Networking (some spyware can only be removed in Safe Mode).
      2. Open Add/Remove programs and remove any application that both you and the principal user do

      not recognize or deem to be spyware.
      3. Launch HijackThis and click the Scan button. (WARNING: Reference the HijackThis tutorial

      at http://www.spywareinfo.com/~merijn/htlogtutorial.html before removing anything.)
      4. Install Spybot Search & Destroy, update it, and run it on the infected system.
      5. Install Ad-Aware, update it, and run it on the infected system.
      6. Reboot and run both Ad-Aware and Spybot again until the system is clean.
      7. Launch Internet Explorer and browse the Web to verify Winsock was not broken while removing

      spyware. If you cannot browse the Web, run the WinSockFix utility and perform another Web

      test.

      Spyware Prevention Checklist

      Consider using Firefox for all web browsing unless functionality of business critical web

      applications require Internet Explorer. If you can use Firefox exclusively, then steps 2, 3,

      5-9, & 11-15 still apply.

      1. Open Internet Explorer, click Internet Options, click the Security tab, and click Default

      Level on each Security Zone.
      2. Install all Windows Critical Updates.
      3. Install Spyware Blaster and click the link to Enable All Protection.
      4. Install a recognized popup blocker such as the Google Toolbar.
      5. Either manually disable the Messenger service or run GRC’s Shoot the Messenger applet.
      6. Either manually disable the Universal Plug & Play service or run GRC’s Unplug & Pray applet

      (Windows XP Only).
      7. Run GRC’s DCOMbobulator, click the DCOMbobulate Me! tab and then click the Disable DCOM

      button.
      8. Execute DSOStop2 and click the Protect Internet Explorer button.
      9. Execute HTAStop and click the Protect Internet Explorer button (Windows XP Only).
      10. Install IE-Spyad.
      11. Run GRC’s SocketLock utility.
      12. Test browse the Web.
      13. Rename the default Windows Hosts file located at %windir%\system32\drivers\etc and place

      the Gorilla Design Hosts file in the same directory.
      14. Test browse the Web. If it is significantly slower than the first test, do not use the

      Gorilla Design Hosts file.
      15. Educate the principal user on Internet best practices.

      Ad-Aware – http://www.lavasoftusa.com
      CWShredder – http://www.spywareinfo.com/~merijn/downloads.html
      DSOstop2 – http://www.wilders.org/downloads.htm
      Firefox – http://www.mozilla.org/products/firefox/
      Google Toolbar – http://www.google.com/options/index.html
      Hosts File – http://accs-net.com/hosts/get_hosts.html
      HTAStop – http://www.wilders.org/downloads.htm
      IE-Spyad – http://www.pcworld.com/downloads/file_download.asp?fid=23332&fileidx=1
      Shoot The Messenger – http://www.grc.com/freepopular.htm
      SocketLock – http://www.grc.com/freepopular.htm
      Spybot Search & Destroy – http://www.safer-networking.org/en/download/
      Spyware Blaster – http://www.javacoolsoftware.com/spywareblaster.html
      Unplug & Pray – http://www.grc.com/freepopular.htm
      WinSockFix – http://www.spychecker.com/program/winsockxpfix.html

      • #2709376

        Another tool

        by jsandvick ·

        In reply to Spyware Removal/Prevention Checklists

        A tool that I didn’t see listed is Webroot’s Spy Sweeper. It has a “Shields” section kind of like Spybot’s Immunize. It seems to find alot of stuff that the others don’t find. So far, we take a layered approach here in running multiple tools.

        I think Spyware guard and Spyware blaster are both made by the same company if I remember correctly. I think it is javacool.

        I also use AvantBrowser just to be able to control all of my browser activities like pop-ups, scripts, etc. from one place. Even though it is basically just IE with some toys added, it is pretty good. It(the browser) seems to hang once in awhile but it comes back within 30 seconds or so.

        MajorGeeks is a good tools site.

      • #2717466

        Gorilla Design Hosts file.

        by ssaady ·

        In reply to Spyware Removal/Prevention Checklists

        Is Gorilla Design Hosts file maintained and up to date?

        • #2721250

          Not Regularly

          by black_eyed_pea ·

          In reply to Gorilla Design Hosts file.

          They don’t regularly update it or at least they don’t release the updates very quickly. The last release was in February of 2003.

          I have customized and added host entries myself whenever I browse the web and see an advertisement come through.

    • #2717414

      LOAD RUNNER KEY

      by gesh_007 ·

      In reply to Spyware

      if u know that LR key, please provide the above add.

      thanks and regards

    • #2716785

      Ad-Aware & Spybot

      by ghlbeyerlein ·

      In reply to Spyware

      I’ve used Ad-Aware and Spybot with a lot of success, as many others have. I use Spybot’s IE Tweaks & Teatimer to lock down the Internet Options window and to check to see when a new program is installed.

      At work, our OCIO does a pretty good job at keeping the machines free of viruses and ad/spy/mal-ware, but as was mentioned in another reply, the laptop users could bring a lot of snasties in.

      Most frustrating part to me is that I can clean a system on Monday and by Friday, it’s loaded again. Even with setting the Pop-up and Ad-blockers in Firefox and Avant, they still manage to get through. The Yahoo, Google & Alta-Vista toolbars do a nice job too for those users who won’t use anything but IE (not an SP2 shop yet).

      Anyone know if there is a way to set Ad-Aware & Spybot as regular tasks in Windows? Probably looking right passed it (feel free to bonk me upside the head and point to the big red button – Set as regular task). Might be easier to keep the boxes clean if the two run at regular intervals…. Then again, that may just scan for the snasties, not clean them out……

      Thanks for the Discussion topic Mike. It’s been a big issue with my family’s computers and my colleagues’ home computers.

      Not to advertise another forum, but CastleCops.biz (formerly ComputerCops.biz) may be another good place to look for discussions on ad/mal/spyware: http://castlecops.com/.

      – Greg

Viewing 48 reply threads