posted 09-04-2003 02:45            

But over the course of six months this year, the Kiblers noticed their computer displaying some odd behavior. The automatic weekly scans by Norton AntiVirus mysteriously stopped, and when Mr. Kibler tried to run the software manually, the program would shut down before he could execute commands.

By the middle of the summer, the Kiblers' computer had grown so phlegmatic that the family considered replacing the machine, a powerful Compaq desktop of recent vintage, with a new one.

After many hours of computer forensic work performed by a friend, it turned out that a virus program called Klez was sapping the computer of 90 percent of its processing power. Adding to the burden was a host of strangely named files discovered on the list of programs installed on the hard drive. All of them had entered the machine from the Internet, producing a blizzard of pop-up ads.

The Kiblers' experience is hardly a rarity. More and more PC owners are discovering software lurking on their computers that they had no idea was there - software that can snoop, destroy or simply reproduce itself in droves.

The SoBig and Blaster worms that have been invading computer systems worldwide for several weeks are slowing down. But the two intruders left behind software that could linger undetected for months.

"Both SoBig and Blaster have components that are actively trying to communicate or reach out to master servers without the knowledge of the user," said Vincent Weafer, a senior director at Symantec Security Response, part of the software company that makes Norton AntiVirus.

The alien programs extend well beyond viruses and worms - so named because of the way they spread, as the most familiar carriers of malicious code - to new categories known as spyware and adware. Indeed, the number of home PC's that are infested with alien software that comes in over the Internet and installs itself without the knowledge or consent of the PC user is increasing at an alarming rate.

Richard M. Smith, a computer security expert in Brookline, Mass., estimates that one in every two Windows computers has unsolicited software lurking within.

"I'm the official computer maintainer in my extended family, and I have seven computers to keep up and running," Mr. Smith said. "With the exception of my computer, they've all been whacked." He was spared, he says, only because of his extreme vigilance.

The programs hide in the recesses of the machine and seldom announce their presence. They can enter the machine by way of a virus that has attached itself to an incoming file. Or they can be downloaded unawares by simply clicking on, say, a pop-up ad. Mr. Smith said such assaults were called "drive-by downloads."

"These programs are small and can be downloaded within seconds on a broadband connection," he said. "Once it's started, there's no way to stop it."

Until symptoms appear, the user knows nothing of the unwanted software's presence. Spyware, which may piggyback on another downloaded program, often operates in the background, sending information back to a remote site and displaying pop-up ads tailored to the user's online habits, or harvesting e-mail addresses to sell to spammers.

Adware is similar but more benign, or at least better encased in euphemism; its defenders say that it is something that consumers consciously agree to download. More insidious programs, perhaps better described as annoyware, redirect the computer's browser to pornographic Web sites, often to pump up those sites' traffic figures or commandeer the machine's modem to dial 900 numbers at the computer owner's expense.

PC owners are just beginning to become aware of the extent of such lurkware, and antivirus companies are beginning to expand their products to notify users of its presence.

McAfee Security, a division of Network Associates that makes antivirus products, estimates that 60,000 viruses are in circulation, and some experts say that perhaps 200 new ones are created each month. No comparable figure is available for spyware and adware, said Bryson Gordon, a senior product manager at McAfee, but their growth has mirrored the surge in spam and in music-file-sharing programs like Napster and KaZaA, which link the hard drives of thousands of users into something resembling one big co-op.

Spyware programs are easier to create than a virus, Mr. Gordon says, and some Web sites even offer spyware and adware toolkits.

Some software requests the user's permission before installing itself. Such is the case with the Gator Corporation, a company in Redwood City, Calif., that delivers Web advertising to people who click on an end-user license agreement in which they agree to receive the ads in exchange for a free program. This can include Gator's own e-wallet (a program that automatically fills in Web forms with log-ins and passwords), the downloadable DivX video player or a simple calendar program.

About 100 million copies of Gator have been downloaded to date, said Scott Eagle, chief marketing officer at Gator. He and other Gator officials make a point of insisting that their product is adware, not spyware, and that the distinction is crucial.

"Spyware is stuff that you don't know how it got on your computer and it doesn't add value," Mr. Eagle said. "It could be a program that's specifically designed to seek out information like credit card information or e-mail information but you have no idea how you got it, there's no permission and there's no way of removing it."

Adware, on the other hand, Mr. Eagle said, is something that consumers agree to download. Once Gator is installed, it tracks a user's Web travels and delivers what he called "highly relevant, highly branded" ads. "Users are very much aware that they have this ad-supported software on their computer,'' Mr. Eagle said.

Yet the line between informed consent and naïve clicking can be thin. Although Gator requires permission from users before it is downloaded, people often have no recollection of having agreed to its terms.

One of the programs Mr. Kibler had on his computer was Gator, which he did not recall having consented to.

Lavasoft, a company in Sweden that makes security software, sells a popular program called Ad-Aware, which alerts users to the presence of programs like Gator, as well as others that track Web browsing habits and collect information to use for targeted advertising.

Mike Wood, a spokesman for Lavasoft, said that most PC users fail to take the time to understand exactly what was being downloaded to their machines and frequently click straight through the fine print of end-user license agreements.

Those who fight spyware and adware engage in escalation wars similar to the ones facing antivirus companies. No sooner do Lavasoft and others discover a new form of adware and spyware than the makers of such software turn around and develop another one.

"It's turned into something of a minor cold war," Mr. Wood said.

Mr. Kibler suspected that his 14-year-old daughter, Carly, and her frequent use of the free version of KaZaA, known for installing adware on people's computers, might have had something to do with the problem.

"The minute you install KaZaA you have three or four questionable things on your computer," Mr. Smith said.

In the end, the Kiblers theorized that the troubles may have originated with a program attached to one of Carly's MP3 files. Or it could have been a malicious file sent as an e-mail attachment and downloaded accidentally by any member of the family.

Douglas Berman, a computer specialist in Berkeley, Calif., who works in health care, said he noticed a few months ago that whenever he used his home PC to do a search on Google, a different screen appeared underneath the Google page. The unsolicited page offered up an entirely different set of search results, all of them ads thinly disguised as Google pages.

When Mr. Berman examined the contents of the machine more closely, he found a half dozen or so Gator files on the hard drive.

The Berman family computer resides in the kitchen, perhaps the most heavily trafficked room in the house. Not only do Mr. Berman, his wife and their 10-year-old daughter use the computer, but visiting neighbors, relatives and house guests often gravitate to it as well.

Although Mr. Berman has no doubt that someone at some point gave permission for the software to be installed, he wanted it off the computer.

"I'm not conscious of any benefit I'm getting from having it," he said. "Then there's the question of, 'What's it opening the door for?' " With a few simple instructions from Gator, Mr. Berman was ultimately able to remove the software that created the Google look-alike pages.

Todd Jones, a senior at the University of California at Berkeley, also found himself plagued by spyware. The programs reconfigured his computer, changing his toolbars and installing new favorites in his browser and shortcut icons on his desktop, all of which linked to adult Web sites.

"I thought that in order for you to have a program on your computer, you had to install it yourself," Mr. Jones said. "Now I know that's obviously not true."

Vulnerabilities in Microsoft software have only made matters worse. People who use the Macintosh or Linux operating systems are safer, as are those who use Netscape Communicator. Some spyware exploits security holes in Internet Explorer, both because it has more flaws, said Mr. Smith, the computer security expert, and because it is the most widely used browser on the market.

Microsoft officials say it is not the holes in its software but the people who write spyware and viruses that are the problem. The end user, they say, is ultimately responsible for what gets downloaded onto a hard drive.

"We need to do everything we can to make our software more secure than it is," said Amy Carroll, the director of product management in Microsoft's security business unit. "We are constantly addressing the core software. But the Internet is a really powerful tool, and there are bad actors out there who will take advantage of that."

The antivirus companies, meanwhile, are adding to their quarry. The latest version of the Norton program, called Norton AntiVirus 2004, scans for a host of so-called "expanded threats," or security threats that are not necessarily viruses. The new Norton program also scans for adware like Gator.

And last month, McAfee released a version of its VirusScan software that includes spyware and adware detection. Since then, the program has found that results from 660,000 computers using the new version showed spyware on 20 percent of the machines, said Mr. Gordon, the McAfee product manager.

But that kind of help came too late for John Harrington, a semi-retired communications consultant in Fairfax, Va.

All the recent news about the Blaster and SoBig worms prompted Mr. Harrington to run his McAfee program. It identified not those particular scourges, but nearly a dozen others, with names like adware-wind.dr.

The McAfee program was unable to delete the files, and a call to the support line did no good.

"She asked me if I had heard of spyware or adware, and I said no," Mr. Harrington said.

Mr. Harrington eventually downloaded the Ad-Aware program from Lavasoft, and it removed the files.

"I was surprised they were on my computer because I thought I had perfect protection through McAfee," he said.

Even with the additional help, people feel overwhelmed by the abundance of software they have not asked for, especially when it comes to monitoring, managing and safeguarding against it.

Mr. Kibler's wife, Stephanie, said that it was hard to keep up with all the new threats, and that computer companies did not make it simple enough for the average user to deal with problems like the ones that afflicted her family's machine.

posted 09-04-2003 05:41           

------------------
St. Ganjacontin

posted 09-04-2003 11:15         

Windows is so useless at security, it's pathetic.

ZoneAlarm has been cracked recently and also is useless until a decent update is made. Along with Norton and McAffee, since they are direcly targeted by blackhats.

If you must use Windows, also use:
- Ad-aware.
- A good lesser known AV, like AVG Free from Grisoft.com or F-prot from f-prot.com (Linux version available too!).
- Sygate firewall.
- TDImon to physically see the packets as they go in/out of your computer if you suspect something.
- REGmon to see the registry in action if you suspect something (Better than Dr. Watson).
- RegCleaner (NOT the M$ one, the freeware one) that basically translates RegEdit into human terms.
- MailWasher to prescreen emails in pure text mode and delete suspect ones off the server before you download them.

All freeware, all downloadable.

Oh yes, do not, do not do not use IE or OE. Mozilla and Opera are about the best and for a mail client, nothing beats Eudora. Usenet users can use Free Agent or Xnews, both can be set to not execute any attachments, including pictures (.jpg's can contain landmines!).

Just my experience in security folks

posted 09-04-2003 14:40           

------------------
St. Ganjacontin

"Amen am I f00kin' ripped!"

posted 09-04-2003 17:09           

------------------
St. Ganjacontin

posted 09-05-2003 02:28            

Research on the various security sites can really wake one up to just how bad Windows is in this area. Glowbug couldn't have said it better. It really is a shame you shell out the big bucks for an OS to still have to patch all the security holes yourself. I literally changed the way my IE window title reads to "Bill Gates $hitty Browser".

posted 09-05-2003 03:29         

quote:

---

Originally posted by Al Fansome:
Actually, Microsoft is not that bad. They have been sending me security patches via email, so all I have to do is click on the attachment and I am up to date! Very convenient.

---

That's very kind of them. You must have a special relationship with them since they don't "NORMALLY" do that. Are you sure its from microsoft or is it one of those scam emails?

posted 09-05-2003 16:15           

quote:

---

Originally posted by James Brownyard:
Yeah Captain, switch to Sygate. I did so last week. I also noticed Zone Alarm to freeze up systems running ME during boot. I never had any problems with ZA on my machine with XP, but I ridded of it anyway.

Research on the various security sites can really wake one up to just how bad Windows is in this area. Glowbug couldn't have said it better. It really is a shame you shell out the big bucks for an OS to still have to patch all the security holes yourself. I literally changed the way my IE window title reads to "Bill Gates $hitty Browser".

~JB

---

As for Sygate, I downloaded that one last night mannnnnnnn. I think I'll install it today after I get back offline, and see how I like it. I'm just leaving ZA installed for now, but not running it. The last time I tried uninstalling ZA, (it wouldn't work right with AO-Hell which I got rid of too after that) it took other important files with so my computer was f00ked up and I had to do a system recovery. Anyways, I'm looking forward to trying Sygate today.

------------------
St. Ganjacontin

posted 09-05-2003 23:57            

1. There is no such thing as firewall *software*. A firewall is a piece of hardware.

2. The terms "spyware" and "adware" are greatly overblown. While there are indeed some such programs, most of what is termed "spyware" really isn't. "adware" programs that display an ad until you pay for the program aren't a form of spyware, nor are they dangerous. Folks who want to sell you software to "detect" or "remove" them are dangerous, they're the real crooks.

3. Windows is so full of holes you're an idiot if you run a broadband connection without a real hardware firewall/router inbetween you and the modem, with everything blocked, unless you know exactly why you want a certain incoming port enabled.

4. Linux, for all it's hype, is not much better. The default installations turn a bunch of services on. (or they used to, maybe this has been fixed) BSD is a much more secure unix. It's also been around a heck of a lot longer than linux, which is, contrary to popular opinion, not the first free unix. It's really the new kid on the block.

posted 09-06-2003 06:55         

quote:

---

Originally posted by ChrisSmolinski:

4. Linux, for all it's hype, is not much better. The default installations turn a bunch of services on. (or they used to, maybe this has been fixed)

---

Yes, starting with kernel 2.4.14 and up and with most distrobutions of RH and Mdk 7+.

But these vulnerabilities you speak of are old - very old. There has always been a 1000:1 security enhancement in Linux over Windows (including the NT flavours).

The main problem is root vs. user. Windows programs run as root. Even though an NT or XP user may not have root priv's, the proggies run as root. Almost zero Linux programs run SUID root. The desktop managers do, but they by default, shut off their TCP/UDP ports for listening.

As for hardware vs. software firewalls, yes, a hardware firewall is the ticket.

Once again, in software, there is important differences between *nix and Windows.

Windows:
Internet > Winsock > Firewall > Computer

Corrupt the Winsock and it's game over for Firewall/AV. There currently are 15 (as of this morning) virii/worms/trojans NOT covered by Norton that can do this.

*nix/BSD:
Internet > Firewall > Daemons > Computer > Kernel

The firewall comes before the internet daemons for routing throughout the computer. I have treated the kernel seperately, because it too, has its own security systems/firewalls in place.

And with any system, Windows, *nix or BSD, your security is only as good as your last update

posted 09-06-2003 17:10           

------------------
St. Ganjacontin