As many of you know, I’m an active participant in the Academy of Information Technology at Dieruff High School. One of the academy’s main function is to provide a service to school, computer repair. Teachers will bring their troublesome home computers to us and we diagnose the problem, and do what’s needed to get things up and running again.
Being in this position, I’ve seen my share broken computers, and what gets me every time is the issue always seems to be related to spyware. Teachers will come to me saying their CD-ROM drive won’t open or they can’t print, and you know what the real problem is? Their computers is so bogged down with bloat that the CPU can’t spend the time needed to do the task they require, leading them to believe that that task is not functioning correctly. Spyware is a major issue with Windows computers, and it’s about time that people learn that.
Alright, the news is slowly getting out there, but the problem is a lot of people are misinformed on the subject. They don’t know how spyware infects their system, so they don’t know how to prevent against it. The majority of people don’t even know the symptoms of a spyware infection, leading them to believe their computer is slow.
What I’m finding even worse than the people who are clueless are the people who know just enough to be dangerous. They install these bonsai spyware cleaners that they saw on TV or was recommended to them by a friend, and they think they’re safe. They don’t realize that the program isn’t going to do anything unless they manually run it. They also don’t know that spyware programs need to be updated, just like an antivirus. A false sense of security is always worse than no security at all.
So what do we do about the problem? Try harder at informing people about the dangers of the internet? That’s not going to work; people always think that it doesn’t apply to them. What needs to happen is action at the source, the computer manufacture.
Companies selling Windows preloaded on their computers need to take spyware as seriously as viruses. Computer manufacturers have been very good at bundling anti-virus software for years. With anti-virus background scans and automatic updates, as long as the user continues to pay for the antivirus software definitions, they’re relatively safe. This is what needs to be done for spyware. Companies need to bundle spyware programs with their computers; programs that scan in the background and automatically update. I’m sure even if the user had to eventually pay for the program, the majority of users would pay to maintain a program that is essential to their computer’s operations.
Another offensive measure computer manufactures can take is to include alternative browsers, such as Firefox, by default. The average PC user only uses the browser that comes with their computer, which is always Internet Explorer. Internet Explorer is plagued with holes that make spyware a reality. While alternative browser can infect a system with spyware, it’s less likely and will usually have to be out of a computer user’s ignorance. If a more secure browser is installed by default, the average user won’t know the difference, and use it just like they did Internet Explorer on their previous system.
Now the spyware task isn’t entirely up to computer manufactures. Microsoft is just as responsible for their users computers. Luckily Microsoft has realized this and are already taking offensive measures. Windows Vista will have ActiveX, a major player in spyware infections, disabled by default. On top of that Microsoft will be bundling Windows Defender, an anti-spyware program, with the operating system. While Windows Defender certainly isn’t the best anti-spyware application, its definitely better than nothing.
It’s sad that it has come to this point, but you got to do, what you got to do. Computers users aren’t handling it themselves, so PC manufactures must take over. Even just the slightest change by a computer manufacture could help put the spyware battle to rest. Sure, spyware is always going to be a problem for some computer users, but the days of spyware infecting everyone need to come to an end. With a little help from PC manufactures and Windows Vista, spyware can slowly be annihilated.
13 Comments
Interesting write up, Ron. But there currently is no cure for ignorant people. You could explain things until you are blue in the face or develop software to remove the spyware, but people are dumb. Spyware will always be around because stupid people need to have cool animated mouse cursors or new smiley faces in their email. Switching operating systems will not help either because it will be the same uneducated people using them.
There is no patch for human stupidity, eh Ron?
education _does_ work… slowly, perhaps, but people eventually get there…
don’t believe me? just send me your name, address, telephone number, and credit card information and i’ll prove it to you…
of course you won’t send me those things because you know better, but that knowledge isn’t innate… society as a whole has learned over time how dangerous giving that kind of information out is and so they no longer do unless they’re dealing with someone they think they can trust… the same happens with malware - once upon a time most people didn’t even know they needed anti-virus software but now the need for anti-virus software is fairly well established in the public eye…
kurt,
i been using antivirus software since 1994. and people do give out their information, and it’s not because they are dumb, its bc they are naïve. even ron himself was victim of being phished. just because somebody made paypals website hardly anyone looks at the URI.
i was careful in the way i phrased this - “unless they’re dealing with someone they think they can trust”… people know not to give out the info willy-nilly, but that doesn’t mean they can’t be tricked into thinking an untrustworthy person is trustworthy…
the phishing example is an interesting one in that it’s new relative to some of the tricks and threats that society has more or less adapted to… it’s also a one that has a fairly high barrier to widespread adaptation… people will eventually adapt, though, and as technology for detecting phishing advances it will help hurry that adaptation along… and the same goes for more conventional malware threats…
the real issue is can people keep up with all the new emerging threats that technological advance makes possible… by the time society adapts to the threats of today there will be more than enough newer threats that they’ll be in just as much trouble if not moreso unless that adaptation takes an ever increasingly generic path (so that a lesson learned from one type of threat can actually be applied to others as well)…
No amount of teaching the public of the dos and don’ts of spyware will help solve the global spyware issues.
Unless they public understands how Malware / Riskware / Spyware / Phishing work on backend, they will never fully understand what to look for. The Malware industry (yes… it IS and industry) is a dynamic organism that flows with changes in real-time. The sites and programs and code written to take over your identity is being carefully crafted by some of the greater minds on the net.
This is why we need to work with the anti-spyware groups on the net… put our heads together and come up with a solution. Groups like Secure Science, SecuriTeam, LURHQ, CAIDA, & F-Secure.
We have to remember that the general public doesn’t want to have to understand how the internet works. It’s human nature to want to trust others.
Just my 2cents
i think you’re looking at the problem wrong… you’re right that education won’t actually solve the problem, but neither will technology… we are talking about a problem that is fundamentally unsolvable…
that said, both education and technology can and will make the situation with our current malware problems better… even unsolvable problems can be partially addressed…
both education and technology have a part to play, they work better together than apart, and advances are made in both regardless of personal opinions on either’s efficacy… security doesn’t work without thoughtful, intelligent, and informed decision making on the part of the user… security is not a product, it’s a process, and that process is carried out in large part by the user… the users may want security products that don’t require any thought, but they sell their security short by making such choices and they invariably reap the consequences (and eventually learn)…
Hmmm Sad but its the truth me.. I don’t much about spyware but I do check my computer why my spyware protection crap.. And like Tony said There’s the way to block stupidity.. only way to finish it off is sending people with low IQ (Which is like 50% latinos including me, 48% blacks, and 2% whites like some teachers and those football players with Hollister shirts You can also include Cheerleaders but we can teach them how to use our joystick i guess…. )
sending them where!? well duh to the bermuda Triangle!:roll:
well i also agree with ronald on windows is too permissive. yes u dont see these problems or at least as much on Mac or Linux its because not the user is smarter (well probably with linux) but its because they are designed better. Micro-Soft has never until recently put security as a function but as an after thought. when netscape was taking the world by storm, MS said oh fuck. and they did it pretty well at first, esp for an after thought. but i have been always a smart surfer even when surfing was still new. though the BS wasnt there then, when stuff did crop up yea i got stuff, only bc i intentionally go to shady sites..but the os needs to be less permissive and in allowing you to do things. everyone in win logs in as root essentially! this is horrible!
no… the reason you don’t see these problems as much on macs and linux is that there are fewer people using those platforms and so the platform is a less desirable target…
that’s not to say there are fewer *nix boxes, but there are fewer deployed as desktop systems… security is only as strong as the weakest link and usually that link is the user - desktops are being used directly by users more frequently than servers or other types of computers so desktops are the low hanging fruit that attackers go after… since there are far, far more microsoft desktops than mac or linux desktops the population density of interconnected desktops is highest on that platform and therefore the chance of any platform specific threat taking hold and being successful is highest…
the attackers aren’t stupid - in general they want the greatest rewards for the least amount of work and that means attacking the microsoft platform… there are examples of attacks against linux and even macs as well but those are examples where the attacker has more specific motivations/goals… the osx/leap virus (almost certainly created so that the author could say s/he made the first osx virus) was seen in the wild (ergo succeeded) despite the better default security of the OS, because once again the user was the weakest link…
Both viewpoints are valid really.
Yes, Windows is more popular, so there’s more malware written for it.
But at the same time, *nix (including MacOS), does not give everyone administrator/root access by default. It does not tie a web browser into the core GUI shell of the OS. It’s really sad that a screwed up web browser (IE) can take down the entire OS.
So yeah, MS has a lot more crap thrown at it, but it’s due to their own programming stupidity that this crap is allowed to do what it does.
To comment on the article, I don’t think manufacturers should be responsible for much, outside of provide appropriate drivers for their hardware.
They didn’t write Windows, they don’t control the bad behavior of users or the OS or 3rd party developers.
A lack of anti-spyware products is not the problem. It’s the insecure-by-default state of windows that creates the problem.
Now, they *could* include alternative browsers… but then they piss of MS. MS then changes the pricing for volume licensing of Windows to that mfgr. Suddenly they pay twice as much for their OEM version of Windows as their competitors.
Just one of the ways MS keeps their stranglehold monopoly going. Computer manufacturers are scared to piss them off.
It will get worse. Now that MS has it’s own anti-spyware, and it’s own anti-virus service (OneCare), manufacturers will be faced with even more pressure to NOT include other companies’ ASW and AV software bundled on their hardware.
One Trackback/Pingback
[...] Spyware State: Misinformed? [...]
Post a Comment