Spyware: Gridlock within a year?

[whatthe]

http://news.zdnet.com/2100-1009_22-5542133.html

"The good news is that if it's left unchecked users' computers will just start grinding to a halt. As we saw with spam this will mean users and businesses simply cannot continue to ignore the problem. They will have to deal with it in order to get anything done."

Is that good news for eveyone or just the people who work for anti-spyware firms? I wonder how many man/woman hours are lost solely by the user's computer running slow?

Another related link

http://news.zdnet.com/2100-1009_22-5541802.html

[Soda_Popinsky]

They will have to deal with it in order to get anything done.

Or prevent it!

Windows update, Firefox, firewall, view emails as text.

[thehorse13]

This isn't a surprise to me. I see anywhere from 1500 - 2500 spyware hits an hour on my network of roughly 10,000 hosts. Spyware, in my opinion, is far worse than viruses/worms/Trojans. The sad thing is that I don't see a short term effective solution coming from anyone. Spyware removal is the new hook that salesmen will use to suck your budget dollars away. I've seen this pitch pick up in popularity 10 fold over the past 3 months. Does anyone remember the CA commercials where the vendor is a cardboard cutout that slips under your door? LOL. Simply change the words over to Spyware solution and that'll be the new breed of salesmen coming to a door near you.

--TH13

[JPnyc]

Well I can speak from some experience after having cleaned out the pcs of some fairly savvy users, whose machines had slowed to a crawl. I took 80+ instances of spyware off one such user's laptop alone. They had no clue about spyware, yet weren't what I'd call pc illiterate beginners.

[Und3ertak3r]

Spyware, in my opinion, is far worse than viruses/worms/Trojans

Yes.. besided the problems that the Spy/adware Parasites directly cause, ie system slowdowns, and internet/network connectivity issues, they appear to become a backdoor to the conventional malware. what is becoming common is the Kernel Hijack, and it seems to start with the adware trojans.

I would add one extra tool for selfdefence, an adblocking Hosts file..

cheers

[XTC46]

now a days, removal of spyware/adware take up most of my hours on the job. Its noly now getting the recognition it deserves as a hazard, and I know that even the most savvy of users can/do fall victim to it. yesterday I cleaed one of our sales peoples laptops, there were well over 1000 instances of adware, and I have pulled well over 15000 instances off a single computer before.

[whatthe]

There seems to be a lot more spyware infections pop up solely through casual web surfing.

There's also a lot of ads for anti-spyware software and when people go to the link they get infected.

[Tiger Shark]

OK... If you'll keep it a secret I'll tell you what I did for a solution to the spyware problem... What it leaves me with is the difficult stuff but all the normal stuff disappears....

First set up a logoff script that deletes all the users temporary files.... That get's rid of a fair bit of the 'lowly' crap.

Then I purchased three copies of a popular anti-spyware program that has a set of command line options that allow me to run it silently, in the background and in "unstoppable" mode and placed them on three servers that are strategically placed, from a bandwidth perspective, throughout my network. Then I scribbled startup scripts that run the anti spyware proggie from the appropriate servers. I added a sub-OU to the various OU's I have called Spyware cleanup and added the scripts to the login scripts.

Then I downloaded and implemented the Bleeding Snort Malware rules, (amongst others), and implemented them on my internal sensors - giving me the internal IP of the infected boxes. When a box shows as infected it gets moved into the Spyware Cleanup OU and guess what happens....

Just to be sure I place the startup script in the "standard" OU's once every six weeks or so for two to three days....

I also enforced, through group policy, no ActiveX and scripts to prompt.

Where I used to get about 1000 Bleeding Snort Malware rules violations a day and tried to chase them all down I now get, maybe, 50.... They are much easier to chase down....

Am I a "bad" boy... Yeah.... Am I expedient.... Yeah.... But I try to do it in "good spirit".... That and the fact I don't have cash.... I'm a non-profit.... remember.... But it works.... and if I could afford more licenses I would buy them... But I paid for them out of my own pocket....

[Edit]

Oh, I forgot... You need to run each install from a local or remote machine every week or so and accept the opportunity to update the definitions otherwise you will run forever with old defs....

[/Edit]

[ric-o]

Great tip Tiger Shark. I was fooling around with a script which would scan firewall logs periodically throughout the day looking for any activity to known spyware IPs (using various lists out there) but I like the Snort idea much better. It provides a quicker discovery and probably is more accurate (wont miss as much).

I'm dling Fedora Core now and will try that out with Snort. Any good resources you recommend? I'm pretty much new to Linux at least installing and configuring it...I use it semi daily but the system was already installed by one of my peeps.

Thanks again.

[Tiger Shark]

ric-o: Ahh... I can't help you with *nix... I'm a windows chap.... The windows binaries for everything you need for Snort are available and always up to date... The Bleeding Snort rules for malware are available at www.bleedingsnort.com.