By Will Sturgeon, 19 January 2005 15:10
NEWS The problem of spyware on home and corporate desktops is reaching epidemic levels according to many in the security industry, but with much of it going undetected it is still very much a silent killer.
And such terms are no exaggeration, with one spyware expert telling silicon.com that the high levels of rogue data traffic and the crippling clutter of spy applications on infected systems will see many PCs simply grinding to a halt.
Putting a positive spin on such grim predictions, Roger Thompson, director of content research for CA's eTrust Pest Patrol and Anti-Spyware solutions, said: "The good news is that if it's left unchecked users' computers will just start grinding to a halt. As we saw with spam this will mean users and businesses simply cannot continue to ignore the problem. They will have to deal with it in order to get anything done."
Security consultant Neil Barrett said this prediction is very much "worst case scenario", but added "I totally agree that if spyware continues to grow as a problem at the current rate it will become a serious issue by the end of the year".
Barrett said the large amounts of memory on most machines and increasing bandwidth mean 'gridlock' is unlikely, but that's not to say the underlying message in Thompson's comments - that the impact of spyware will have a considerable impact on the running of PCs and networks - is too wide of the mark.
"The really damaging stuff is having a massive impact," said Barrett. "But as it becomes evident users' systems are running lots of other applications users will have to start taking the problem seriously."
Barrett likened awareness of spyware to that seen with the problem of spam. While it was only a personal issue it wasn't treated too seriously. When it became a corporate problem some started to take note and when it became a global, network problem everybody woke up.
"By next year spyware could have become a global network problem," said Barrett.
Many spyware applications, such as "ad-herding" tool bars and pop-up launchers are very obvious to the user but there is also a plague of more covert tools which are finding their way onto users' machines.
Among the methods identified are lines of code which sit on websites waiting to commit a 'drive-by' downloading, dropping onto users; machines as they navigate the web. Many are left on sites which have been created solely for that purpose, using content users might be looking for as a lure. Traditionally this has been associated with pornographic websites and those in the darker corners of the internet, but now even seemingly innocuous sites could be infecting users.
silicon.com has learned that even websites which purport to offer spyware removal tools are actually loading the very things they claim to remove onto unsuspecting users machines.
Comments
There are 14 comments. Join the discussion
1. Richard Stiennon
It almost sounds like this could have been written January of 2004. Spyware is already creating grid-lock. Our end user audits are showing the average PC has more than 2 pieces of adware and 14 out of a hundred machines have system monitors.
2. Paul Williams
Using an alternative browser (Firefox), a Firefox extension called "adblock", a Linksys firewall/router and by being choosy about what I download, I have been spyware and virus free for over a year with NO VIRUS OR SPYWARE SCANNER. I know this because I do periodically scan for this malware.
If people spend a small amount of time thinking about what they are doing while online, the result is quite impressive. Most "virii" require user action (or neglegence) to spread. The adoption of a few basic protections (the firewall/router) and a moment to think about what they're doing (Would Great Aunt Beatrice really send me an excel spreadsheet?) most headaches can be avoided.
3. Brian Sharland
A cousins machine without internet security had 47 spyware items and 5 viruses. Also it had been comprised by a remote user and had been sending thousands of e-mails hourly. When she bought the machine she wasn't offered any advice regarding internet security and not being remotely "techie" she was completely unaware of the risks of the internet. My point is that more eduction of computer users is essential in bringing these problems under control. PC vendors seem to assume their customers don't need to be warned!
4. anonymous
I had cause to examine a friend's machine at the weekend which had got so bad it wouldn't run Norton AV or open a Word document.
I ran two adware removal/blocking tools (Lavasoft AdAware & SpyBot S&D) and found over 400 items of malware (not including cookies).
The source? The Google and Yahoo! pop-up blocking toolbars the user had loaded to 'protect himself'. Be warned...
5. Simon
Paul, your comments about not having any virus or spyware scanner software is pretty scary. It sends out the very wrong message to anybody who reads it that it must be fine to not take these precautions.
Well tell me how can you be certain that you dont have any spyware or viruses if you dont use scanners ? can you really manually scan for the many thousands of spyware apps yourself ?
Did you consider that if you catch just one single virus it could trash your machine in seconds as you dont have a scanner in place to stop it ?
Do you really think the router stops spyware ? It may help with some viruses but does nothing for spyware.
I think you're living on a knife edge and if you worked for my company your pc would not be allowed to touch my network.
Good Luck.
6. Patrick
I have just received the latest Silicon newsletter. I find it very interesting that the first two articles mentioned are:
"CIO Jury: Apple 'irrelevant' to businesses"
followed by:
"Will spyware cause system gridlock within a year?"
Monopolies are a bad thing, the easiest and most effective thing people can do today to help prevent the spread of this malware is to stop using IE, and stop using OutLook. Keep Windows if you like but use an alternative browser and email client.
7. Rob
It's obvious why these situations occur when we have software engineers like Paul that should know better. I, like others that have posted, fix friends and families' PC's, I don't take this responsibility lightly when I consider the fact that these people look to me for advice and security of their personal data.
I too have a Linksys Router/Firewall, I also have a Anti-Virus product that is installed on my small home network that monitors the network itself and I still get viri. One particular PC and to be reinstalled after some malware left open a hole that attracted even more. Without my Anti virus constantly monitoring they would have gone unchecked and my PC would be a bot for spammers by now.
8. Stephen Rifkin
A more basic problem is that each tool looks at spyware differently, contains different criteria and scans and/ore removes different things. So you can easily run a gaggle of different tools and derive incomplete results. I typically use 4 different tools: Ad-aware, Spybot, Xcleaner and CWShredder and every single one yields different results - PLUS - I can run all of them then go to any number of free online scanners and still be told there is an odd chunk of spyware on the machine. Some of which even tells me that certain things are in effect - non removable, except of course to the tool they are trying to sell me.
So the whole thing stinks of snake-oil salesmen and hucksterism even if what they're telling me is more or less accurate. What they need is at least the level of standardization that virus tools have.
Moreover we need a more comprehensive approach to account lock down. In the Windows world you can't do much of anything w/o Administrator privilege, so everyone gets it and then the machine is basically exposed to the world by an 'administrator' who doesn't know anything. What we need is the ability to lock down machines so that things simply can't get installed just because the browser tells you to do it.
9. Anathae
"silicon.com has learned that even websites which purport to offer spyware removal tools are actually loading the very things they claim to remove onto unsuspecting users machines."
...
And how long did it take silicon.com to figure this one out? This trend is at least six months old.
10. anonymous
Business is funding spyware!!!
Just think how many businesses are paying huge sums of money to Overture for pay per click who is affiliated with gator.
Seeing as this article likens spyware to adware and ad popups, I think this falls into gators remit along with hidden code in their suite of "Useful" utilities.
Next time you top up your Overture account cast a thought to who is benefitting.
11. Ian Savell
These comments reveal how poorly understood the adware problem is.
It is serious, but you don't have to suffer. Like many others, I stay clean because I use a firewall, a virus scanner, install the latest Windows security fixes, treat everything online with a degree of caution and use Firefox where possible.
I've spent many a frustrating hour cleaning other PCs and what is certain is that none of this stuff, no matter how impressive the company supplying it sounds, is legitimate. Legitimate software doesn't have to install itself silently or hide it's function in a long EULA and it doesn't have to make itself difficult, inconvenient or almost impossible to uninstall.
If your company advertises with one of these organisations tell them to stop. They are funding an illegitimate trade.
Oh, and the Google Toolbar is not malware by any definition - nor does it load malware. It tells you clearly what it does at every stage and is readily uninstalled. I'm sure the Yahoo product is equally legitimate.
12. John B.
I use Ad-Aware 6.0 to check for this stuff, and lately Norton AV has been finding viruses in the Ad-Aware directories when I run it Ad-Aware.
Bit confusing, really.
13. anonymous
"...Google Toolbar is not malware by any definition..."
How does Ian S think that the company gets paid for creating and deploying this 'tool'?
There's no such thing as a free lunch, and nobody anywhere is going to write software, or give you umpteen megabytes of mail storage, for nothing just 'because they like you'. There's always a quid-pro-quo.
Pop-up blocking toolbars will block pop-ups of course - except their own, that is...
14. anonymous
I built two PC's recently, both identical in every way, one for myself, one for my brother. I installed Xoftspy and Spybot on both machines, but my brother insisted on having Norton so-called-Internet Security on his.
Within a month, his machine had completely ground to a halt, and his browser was hijacked so every attempt to visit a website resulted in being redirected to a porn search engine.
I ran Spybot on his machine and it found 285 malwares, including a dozen or so browser hijackers fighting for control of his browser, plus countless tracking cookies. Once I removed all of this he said it was like having a new PC again.
So much for Norton. Personally I wouldn't touch any Symantec 'security' product with a ten foot pole...
My advice to anyone is get Ad aware, get Spybot, get whatever anti spyware tools you can and run them regularly. Get a good firewall, or preferably two, make sure you apply any and all Windows updates and get a *decent* anti virus product (not Norton). If you can't afford to pay a subscription for AV, use AVG Free from Grisoft.