Fog Creek Software
g
Discussion Board

Auuuggghhh!  Adware & Spyware are Driving Me Nuts!

Is anyone infected?  What are you doing about it?

bob
Tuesday, April 20, 2004

Use Ad-Aware from http://www.lavasoftusa.com/

Tom
Tuesday, April 20, 2004

or Spybot S&D ( http://www.safer-networking.org/ )

a cynic writes...
Tuesday, April 20, 2004

I have zero spyware and zero adware and have never had a problem with them.

Here is a good procedure to follow:

1.  Do not use Internet Explorer as your web browser.  There are several alternatives that are as good or better.  There simply is no excuse for using that piece of rubbish.

2.  Be careful about what you click on.  *THINK* before you install or accept anything.

3.  Read #1 again

4.  Read #1 again.

My Cousin Vinniwashtharam
Tuesday, April 20, 2004

My Cousin Vinniwashtharam,

Can you elaborate on those points 1,3 and 4? I have been running IE ever since 4.0, and I have not had any spyware problems? Is there a problem I am not aware of?

Just me (Sir to you)
Tuesday, April 20, 2004

"Is there a problem I am not aware of?"

Probably ;^)

Anyway, at home I use Konqurer on FreeBSD. No popups, no spyware, no viruses. And it also came with an *awesome* office suite, compilers, dbms, webserver, etc, etc...

Tom H
Tuesday, April 20, 2004

Bob, if you're using IE: go to Tools/Internet Options/Security tab/click on "Internet" zone icon/click "Custom Level" button/scroll down to "Download Signed ActiveX Controls" and check "disable", and right below that "Download Unsigned ActiveX controls" check "disable". If those were "enabled" that is how much of your spyware probably got in.

With those off you can use IE and shouldn't have the spyware problem as long as you're careful about what you install like somebody mentioned. Do not assume people or companies give away neat, useful software for free because they love humanity.

Adam
Tuesday, April 20, 2004

"Do not assume people or companies give away neat, useful software for free because they love humanity."

That's great. 
Basically always say no when a website asks if you want to install a plugin.  I use IE and don't have any problems.  And check your IE settings - at the very least you want IE to ask you before installing anything or running stuff.

K
Tuesday, April 20, 2004

Simply browsing the web with IE will not infect your computer with spyware (assuming you haven't screwed with your security zones).

Clicking "Yes" when IE prompts you to install "Free Pr0n dialer" however WILL infect your computer.  The computer only does what you tell it to.

A lot of spyware detectors will classify cookies as "spyware", which I find very dissapointing.  It perpetuates the myth that cookies are somehow a bad thing.

Myron A. Semack
Tuesday, April 20, 2004

Advanced Uninstaller from http://www.innovative-sol.com/ can uninstall:

- IE plugins
- IE toolbars
- IE BHOs

It also has other features.

Helpster
Tuesday, April 20, 2004

>>Simply browsing the web with IE will not infect your computer with spyware (assuming you haven't screwed with your security zones).

That's not true.  I was browsing just last week and got a toolbar installed.  I wasn't even on any porn sites.  And, I was never prompted to install anything.

I have "download signed ActiveX" enabled because my wife logs onto her company's email almost nightly, and the email client requires it.  (For some reason, setting it to prompt hangs it, so I seem to be stuck.)

Anyway, Ad-Aware found and destroyed it.

anon
Tuesday, April 20, 2004

A couple of points.

1. IE requires more work to secure. Not necessarily because of bugs/exploits (every sw suffers from those), but because of the permissive defaults MS has set in place. This may have changed (I haven't used IE since version 4, except to test our apps at the office); if it hasn't, it probably will with WinXP SP2.

2. As far as exploits are concerned - IE users make up the vast majority of web surfers. This means malware authors will try to target IE users above anyone else, since it'll bring the highest ROI, thus IE gets the rap for being an insecure, bug-ridden browser.

Point #2 is the reason why I've changed browsers. Sometimes, it's great to be in the minority :)

Paulo Caetano
Tuesday, April 20, 2004

I second the suggestion to dump IE...

Me I just use Firefox : http://www.mozilla.org/products/firefox/

Keep my adblock list updated from sites like  http://home.san.rr.com/denbeste/adblock.html. No flash animations, no annoying popups, no spyware BHO's, No ActiveX crapola and more importantly for me the "find as you type" feature not to mention built in google and dictionary searching. 

Code Monkey
Tuesday, April 20, 2004

Don't install any open source or free software, most of that stuff is infected with spyware.

Philo
Tuesday, April 20, 2004

"Don't install any open source or free software, most of that stuff is infected with spyware."

I don't agree with this, but even if it were the case, I could understand it. After all, I'd supposedly be getting something for nothing, and, as Adam says above, this isn't always true.

What if find extremely annoying is the phone-home "feature" in software I paid for, usually accompanied by the sentence "It's good to our users".

Paulo Caetano
Tuesday, April 20, 2004

"Don't install any open source or free software, most of that stuff is infected with spyware."

um, what?

I will not feed the trolls, I will not feed the trolls...
Tuesday, April 20, 2004

"That's not true.  I was browsing just last week and got a toolbar installed.  I wasn't even on any porn sites.  And, I was never prompted to install anything."

"I have "download signed ActiveX" enabled because my wife logs onto her company's email almost nightly, and the email client requires it.  (For some reason, setting it to prompt hangs it, so I seem to be stuck.)"

Like I said, if you DON'T MESS WITH THE DEFAULT SETTINGS, nothing gets installed without your permission.  The defult security setting for IE is "Medium".  Under medium, unsigned controls are blocked, and signed ones will not be installed without your permision (default is Prompt).

Myron A. Semack
Tuesday, April 20, 2004

Use FireFox or get a Mac.

Anonymous
Tuesday, April 20, 2004

Myron the MS apologist. 

.
Tuesday, April 20, 2004

anon... put your wife's company site in the "trusted sites" list, because those (by default) allow ActiveX downloads. But for the internet category, disable downloading.

I don't even know why MS allows that option in non-trusted sites... why would ANYBODY want to allow all web sites to automatically download and execute arbitrary code on the user's machine, completely behind the scenes? If they just greyed out that option it would solve a whole slew of security and virus problems... I bet people "enable" it thinking it's a feature of some kind.

Adam
Tuesday, April 20, 2004

I agree with everyone else. This is my standard protocol for dealing with spyware on an infected computer.

1. Install & Run Spybot Search & Destroy (be sure to get the latest updates).
2. Install & Run Ad-Aware.
3. Install Zone-Alarm & teach the person how to use it.
4. Install & Run An Antivirus (AVG is free).
5. Install FireFox & explain that IE is a target for viruses & spyware because it's the #1 browser, so something a little less known will be better.
6. Update your "hosts" file with a freely available list of advertisers/spammers/etc. This is just a nice to-have.

I've done it to two "infected" computers and they work fine now.

www.MarkTAW.com
Tuesday, April 20, 2004

Myron,

It's a brand new PC and I hadn't messed with the settings. They're still the default. Unfortunately, I hadn't setup any other security measures yet, either.

As for ActiveX, download is still prompt.  What I should have said is "Run ActiveX controls and Plug-ins" and "Script ActiveX marked safe for scripting" (which are default settings) were still enabled.

anon
Tuesday, April 20, 2004

If you really had your security setup to the defult (which is Medium), and you got a toolbar automatically installed on your computer, I'd like to see the site you visited.  Can you post the URL?

Now you said it's a brand new computer.  Was Windows installed by the OEM?  I've seen a few OEMs that tweak the security settings.

Myron A. Semack
Tuesday, April 20, 2004

Having Adaware, Zonealarm and an AV running? That hardly seems an improvement to a fully infested setup.

Im running without any of these and never have problems. My mail provider has server based AV on incoming mail, I keep up with the patches on the software I run, I don't run P2P and I just don't say "yes" to the "do you want to hand over this machine to 37331DuDE5, pretty please?" prompts.

But hey, I am sure your friend that runs Firefox, clicks ignore to every "this attachment is going to eat your system for breakfast", has installed 3 AV products and 2 spyware detectors and updated the signatures as recently as 1999 and gets all his software for free from the reputable warezRus.ru has even less problems.

Just me (Sir to you)
Wednesday, April 21, 2004

"Having Adaware, Zonealarm and an AV running? That hardly seems an improvement to a fully infested setup."

I have no "adware-hunt" apps, and I don't update the AV as much as I should, but I won't live without Zonealarm.

Security-wise, it's the most useful piece of software I have on my PC.

Paulo Caetano
Wednesday, April 21, 2004

I use MyIE2 from http://www.myie2.com/

It's a tabbed browser, but it's fully IE-compatible.

Yes - it is vulnerable like IE, but at least I don't have to use an incompatible browser such as Opera or Netcrash Navigator to get the tabs.

Long live IE!

In the time when Netscape crashed-crashed-crashed and was slow and had poor quality, Microsoft has given us a stable, high quality, fast browser!

Helpster
Wednesday, April 21, 2004

"In the time when Netscape crashed-crashed-crashed and was slow and had poor quality, Microsoft has given us a stable, high quality, fast browser!"

In the time when Windows crashed-crashed-crashed and was slow and had poor quality, Linux has given us a stable, high quality, fast Operating system!

Touche
Wednesday, April 21, 2004

Just me (Sir to you),

What's wrong with AdAware, ZoneAlarm and AV? (you forgot Spybot) Unlike an "infested setup" it won't pop up some page every time you try to search in Google, or slow your system to a dead crawl, or try to steal your credit card numbers. Set up your AV to update the virus definition every day while you sleep and perform a full system scan at least one a week. What's so bad about that? Run AdAware & Spybot only if you think you have to.

As for your fallacoius ad hominem attacks on my friends, I'll let you keep those. However they got infested - I'm not judgemental - the fact is they are, and it sucks. Yes, you're superior because you never had any spyware or viruses, and don't have any security software whatsoever. Now let's get back to the Real World (TM) where people aren't towering geniuses like you are.

www.MarkTAW.com
Wednesday, April 21, 2004

Whohow, Mark,

I didn't want to rustle your feateres there. Sorry if it upset you. I was not commenting on "your friend" in paticular there.
In my experience I have seen systems completely ruined by AV installs (McAffee in particular), and others slowed to a dead crawl. as I said my incomming email is scanned through the provider. On top of that I usually run the free online Panda Activescan  http://www.pandasoftware.com/activescan/com/activescan_principal.htm about once in a blue moon (let's say 2-3 times a year). It never turned up anything positive.
Spyware: I learned to stay away from dubious companies (Real and Mirabilis (now AOL?)) and "free downloads", especially in the P2P type categories. All of my software seems to come from quite reputable sources, that I have not seen turn up in any "spyware scandals".
I have a default IE config, always say no to prompts for installs (except from stuff I trust e.g. the Activescan control, Windows Update or the MS Certificate Web Service etc.).

Realy, what bugs me is that people seem to believe that they will be secure because they install some product. Products can help, but it is the security attitude and process that is 10x more important. If people just blurt out  complete stupidities like "no IE", they are just selling snake oil.

Just me (Sir to you)
Thursday, April 22, 2004

btw, to the original poster, here is some good advise:

http://www.microsoft.com/security/articles/spyware.asp

Just me (Sir to you)
Thursday, April 22, 2004

I use Advanced Uninstaller Pro from http://www.innovative-sol.com/uninstaller/ to uninstall IE plugins and other programs which somehow hook IE. The good thing is that it has generic uninstall routines for them.

Jackson
Sunday, June 27, 2004

*  Recent Topics

*  Fog Creek Home