Posted
by
CowboyNeal
from the keeping-things-clean dept.
peterfa writes "Sun and Google have teamed up and started a project called Stop Badware. This project aims to expose all the spyware and adware bundled in software and the companies that are responsible. While it's funded by Sun and Google, the research will be done by Oxford and Harvard."
This discussion has been archived.
No new comments can be posted.
by Anonymous Coward writes:
on Thursday January 26, 2006 @06:50PM (#14574255)
While it's funded by Sun and Google, the research will be done by Oxford and Harvord."
Hay, I got my Computor Sciense degrie from Harvord Web Univercity! I'm an aluminumni! I lerned abowt it frum adware witch was
monitering my/. typiing skils and sugestid I enrol rite away (don't bothur enterring you're credit card, we alreddy
know it, jist hit buton and you start on yor way too hire educatoin!!!1) (My sistor is going to Oxfurd!)
I try anty spywear softwear but, itt keeps flasshing lotsa things on teh screen with WQRNINGs and stuff, so
I geussed it didn'tinstall rite so I uninstaled them all. Ihop this works betters!
Actually the research should be done as it will help the developers of OSs and apps to understand how spyware gets on systems. If most spyware arrives because someone installed Bonzai Buddy then that is different than exploits being used to install without user consent. While they are both bad I think it is vital to OS developers to know why and how this stuff gets there. -nB
Hmmm. Many Windows loopholes are well known - but the main reason for spyware gets installed are the users themselves. Either they don't fix loopholes (by running windows patches), use safe browsers or they simply can't resist the temptation to install any crap they find.
Sure - we can't blame it all on users and their badly managed/protected systems - but some safer computing with more brains could help... a lot...
agreed, safer computing is a good step, but there are vast tracts of the web that can't be accessed without some kind of 'adware' running on your system to 'authenticate' your access to the site, etc. so, the problem doesn't just lie with end users, it's the content providers who opt to rely on adware to 'profit' who wind up creating intersting but adware only supported sites, too. of course they have to make money somehow, but google manages just fine relying on the data aggregation they perform on server,
What we need is a legal precedent set to establish that, yes, a computer belongs solely to the person who shelled out the cash for it. No, it does not belong, in whole, part, or by EULA, to any idiot who manages to package their badware with some stupid search toolbar, screensaver, or desktop theme.
They could probably buy something like Spybot Search and Destroy pretty cheap and bring it's developers into their fold. With that kind of money behind them they could no doubt become the best product on the market and the existing program would give Google a big start. Spybot is pretty popular already due to it's price and fairly high quality. Polish it up a bit, opensource it, and give it away free from Google.
"They should fund some OS project to help users"
Ah, yeah, I forgot, the problem is CS, not the user behind the computer...
Can you explain how OS is going to make a lot of users understand that a program they get via email / messenger can do more then they expect?
Or are you just hoping that the lack of support of some hardware, the "use the source, Luke" and other nitfy OS extras are going to scare them away from the computer for good, so that you are again one of the 733+ UberH4x0rz?
Yeah, count me in as another person wondering why there was such a big rift:
Google gets Sun, Lenovo (IBM), WebWatch (Consumer Reports), the Berkman Center for Internet & Society and Oxford University together to form a group called "Stop Badware" that sends money to a bunch of students, who in turn setup a little website that "names and shames" spyware software. The website is to be visited by people that already understand what spyware is and how not to get it. Spyware makers to totally ignore the students strongly worded opinions.
Microsoft leads a group containing Lavasoft (Adaware), Trend Micro, Symantec, Grisoft (AVG), McAfee, Websense, Panda Software, Yahoo, AOL, Dell, HP, Aluria (Earthlink), the National Center for Victims of Crime, the National Cyber Security Alliance, the Samuelson Law Technology & Public Policy Clinic (UC Berkeley School of Law) along with another 2 dozen major security, general internet, public advocacy and legal organizations called the "Anti-Spyware Coalition". Microsoft directs this organization in a three pronged attack on spyware:
- Clearly defining what spyware is and what is does, in order to improve understanding among normal users, providing common standards for anti-spyware software, and helping to make spyware a concept that can be used effectively and accurately in legislation.
- Directly confronting spyware makers in the courts, hitting them where it hurts, their wallet. For example this week Microsoft is pulling in Washington Attorney General Rob McKenna to file a lawsuit against the makers of "Spyware Cleaner", a product that actually infects computers with its own spyware, and is advertised through misleading email and messenger spam. Microsoft has already had numerous court room victories against the spyware makers and spammers.
- Using the rigorous terminology defined in point 1, with the court precedent created in point 2, the ASC lobbies Congress to pass tough anti-spyware laws, closing the loopholes and grey areas that make spyware non-trivial to legally stop.
So to compare, one camp has declared war on spyware, and has assembled the best generals in the industry and the largest groups of regular troops, and launched a major assault on the spyware mainland, already capturing several cities. The other camp has gotten together at the local university to sit around writing beatnik poetry about how bad spyware is.
TFA is very light on details, so I went directly to the source and read the StopBadWare.org press release [stopbadware.org]
Here is how the program will work:
Internet users can visit StopBadware.org to check whether programs they want to download are infected with badware and alert others to programs they have encountered that include malicious software such as spyware, incessant pop-up ads or other obtrusive programs.
StopBadware.org will publish short user friendly reports on downloads they have identified as badware, as well as more detailed academic studies on the problem of badware.
StopBadware.org will publicize the names of companies that make up the most insidious purveyors of badware and shed light on how they make money through unethical marketing practices. For example, advertisements will spotlight the worst purveyors of badware.
StopBadware.org will seek the horror stories from Internet users who have been adversely affected by badware. It will publish these stories to raise awareness of badware's harmful affects.
To be fair to the beatniks, they have a different focus and the fact that they've got Consumer Reports on their side shows it. IMHO, Their goal is to review software & not to sue bad guys or write laws.
"...the spyware makers live. Wouldn't that be useful ?" Yes, but much more useful if they post a decent bounty and make collecting it as easy as using the local ATM. The downside is that spyware makers would be in short supply in about 72 hours. This could be defined as success.
Seriously though, the bandaid approach to computer security is never going to work. In my opinion, Microsoft is guilty of criminal neglect (amongst other even worse things) and should be prosecuted heavily. No one should be allowed to
So to compare, one camp has declared war on spyware, and has assembled the best generals in the industry and the largest groups of regular troops, and launched a major assault on the spyware mainland, already capturing several cities. The other camp has gotten together at the local university to sit around writing beatnik poetry about how bad spyware is.
Even if that were so, what's wrong with more than one group taking on the issue? Also, while MS et al have the big guns, recall that the Sony Rootkit was
Ah yes the people who profit from spyware... they'll solve the problem.
Oh wait...
In this case there is a lot to be gained by stopping spyware but not as a final solution (filling the holes, making it so it costs them bandwidth and you no time)...
Microsoft likes nice easy rollouts and they get them when people think their next OS will make their computer faster, the truth is their clogged with spyware so formatting will make them faster.
Windows 95 is the fastest MS OS... asside from compatibility the
Actually I'm sure that if I installed it on my amd64, DOS 4.0 would fly. I should probably remove Gentoo. And there is no spyware for DOS so aside from compatibility issues, it would be a major win!
I'm sure there has to a be a hole in tha reasoning somewhere though...
I recently downloaded a Firefox addon from siteadvisor [siteadvisor.com] (they have an addon for IE too) that shows me a color coded rating for the current site and for sites in google searches. They used an automated bot in a VM which went and auto-downloaded software from from millions of sites and reported any known spyware. They also auto filled forms with email addresses and tracked the amount of email recieved over a certain period. This is the kind of academic research that makes spyware tools fairly irrelevant becaus
It could be, I personally haven't noticed any decrease in speed on the three machines that I've installed it on. You should write them letting them know your specs and then try uninstalling the addon and see if the speed returns.
Yeah. It seems to me like they're just asking for enemies in this case, even though it is a pretty slick move. I just wouldn't recommend doing it at home, because having a huge company against a business I work for would not be a very good idea. Whether it's them trying to tamper with our products, customers, or just harassing and saying stuff bad about us back to the media, it doesn't always work out as well.
The article is light on how the project actually works, do users have to install some sort of detecting tools which alerts them of badware upon download and/or prior to installation?
Is this going to be like the spamm blacklists which can be subjective?
Personally I'd be satisfied with some sort of a trusted archive that allows you to research different programs/sites/companies. There's a lot of info available on the web but most of it is buried in tech forums or as come ons for dubious spyware removal programs, both of which you're never really confident about the truth. That way it wouldn't be just a yay or nay that goes on under the covers, but a place where you could find out what a program's issues are, or the track record of a developer.
Personally I'd be satisfied with some sort of a trusted archive
Personally, this [debian.org] is the only archive I trust to draw untested (by me) programs to be on my computer (companies I consult for of course frequently use "other" systems - and lose a lot of sleep and hair keeping it semi-clean). And the reason for that trust is driven by their simple, and effective, requirement to adhere Item 2 of this [debian.org].
My guess is that the CS departments of Berkeley and Stanford, being two of the best in the world, don't need handouts to do this kind of floofy pseudo-academics. I'm not denigrating it; this kind of thing is of immense importance. I'm just saying it's really not a very good academic project. Now, maybe we could use more projects like this, and less projects that typical get done at universities. That's another debate. But my guess is that Stanford and Berkeley, among others, probably turned this down.
[assorted remarks regarding detection of Stop Badware by Microsoft AntiSpyware/Onecare and vice versa, and their views towards Claria/360/assorted other 'Badware' providers and packagers who are really legitimate buisnesses with legitimate buisness models who are given a bad name by their devilish affiliates who are still mysteriously taking paychecks from aforementioned companies]
I can't see what sun can gain my pouring money into this research. It is obvious about the competitive edges Google and Lenova (left out of the summary) can get. But why is Sun in on this?
Not because google is handling funding, but that an organization that doesn't have a vested interest in such business persuits is doing the actual work.
PS: I'm waiting for Google to annouce its plan for world peace.
Google's income comes from advertising, and these spywares are showing ads, hence competiting for eyeballs, I would say Google has a large interest in squashing these competitors.
Google has a reason to keep spyware around. They make millions from selling ad space on their search results and affiliates TO the adware companies. Do a search for "smiles", "screensavers" or "Spyware removal" and you'll see lots of ads for adware/spyware!
Google should do less evil by not accepting ads from these companies.
or a white hat could just write a firefox extention to 'click through And Close' ads run by mal-ware companies. why not just bankrupt these guys i think that would be more effective.
mal-ware sites would quickly stop using adwords if enough people were running an extention that was designed to cost them money.
If you expect them to pick #2, you're a damn fool.
I don't expect them to not do that. But it would be nice if they stopped pretending to do no evil. I don't see any exemption in their statement saying that evil is OK, as long as millions are to be made.
Personally, I don't see how they're doing evil right now in the first place. If they didn't censor, they'd just be blocked like the GP said. This is something that's beyond Google's control at the moment. The best thing they can do is keep with the market so that maybe they can make a difference in the future if they so desire. Alternatively, at least the revenue that they're making in China can go to projects like this one that they're currently funding.
If they didn't censor, they'd just be blocked like the GP said.
So what? Why do they have an obligation to go into China? Why support totalitarianism?
The best thing they can do is keep with the market so that maybe they can make a difference in the future if they so desire.
Now, that's naive thinking. Google just wants to make money. What makes you think they care about making a difference? if they wanted to make a difference, they would take a stand - not act like every other apologist for China like Micr
Why do they have an obligation to go into China? Why support totalitarianism?
I never said they had any obligation to go into China. It certainly benefits them, however, so why shouldn't they? Could you tell me how a company being in multiple regions is totalitarianism?
Now, that's naive thinking. Google just wants to make money. What makes you think they care about making a difference? if they wanted to make a difference, they would take a stand - not act like every other apologist for China like Microsoft.
I never said they had any obligation to go into China. It certainly benefits them, however, so why shouldn't they? Could you tell me how a company being in multiple regions is totalitarianism?
Why shouldn't they? because they are supporting a totalitarian regime. That is unethical. I never claimed that being in multiple regions is totalitarianism. I said that helping China's totalitarian regime with their censorship is supporting totalitarianism. Do you have any reasonable argument that it does not?
Honestly, in my opinion, the media hasn't really picked up on this as big as, for instance, Google refusing to hand over records about searches and whatnot, at least from what I have been seeing on TV.
To some extent the Stop Badware project will repeat work done by some anti-spyware campaigners such as Suzi Turner and Eric Howes who maintain a list of fake products that users should be wary of.
Wow, this really reminds me of my last trip to the Dollar Store.
Project UngoodWare aims to give you a double plus good bellyfeel about your computer. The people of Harvard and Oxford will have a goodthink and make an effort to stop the many installcrimes done by the unpersons who make ungoodware.
Project Ungoodware: brought you you by the Minisry of Love.
Would something like this work better as a wiki? Sort of open-ended peer-reviewed?
Maybe it might get cluttered with junk, too, though, hmm.
I wonder if a pseudo-moderated wiki capacity for a truly open editable document might work. Weighted by the user's real time previous moderations (+5 Neutral, -5 Troll, etc).
That leads me to the point, actually -- are there specifications for an open editable moderated document that falls towards neutrality in facts?
Notice how the site has a forum, on google groups. The ADS on those pages are for adware based spyware removers!
Google makes millions if not billions from adware/spyware companies who advertise on google and google affiliates. Lots of standard searches like "screensavers" and "smilies" will bring up adware, and if you search for a spyware removal tool, you'll likely get some even worse spyware than you had before.
If Google wanted to do good (and not be evil) they would BAN spyware, adware and badware from AdSense, and they'd filter them from the listings!
Who's with me?
They don't even have to ban/censor it from the search results. They could provide a filter like with adult search. Have an option: a) I'd like search results with out Adware/Spyware b) I'd like to infect my computer from your search results, give me all the adware you got!
This is a shining example of Google innovation. There's a crapload of anti "badware" software out there already, and there's quite a good free one which coincidentally is provided by Microsoft.
I often get paid to provide tech support to friends and other people from my area (just a modest village) for a few bucks. Recently, our local ISP not only provided us with DSL, but also a special offer that includes a payment plan for a (cheap) Dell computer if you sign up for DSL for a year.
You would not believe the number of computers that went out of commission within the first month just from being overloaded with spyware/adware. I often feel the urge to tell them "Stop surfing pr0n sites. Stop clicking on everything in sight just because it tells you to click it."
But I don't. Because I know that as soon as I fix it, they'll just ask me to come over again within a few weeks. I seriously doubt they would listen anyway. As I said, easy money.
Hey it ain't the users fault and it should not matter what site you go to. No call a pig a pig, IE / Windows and the lack of security is the problem here not where the user chooses to surf. Anyone that blames a user by saying he is going to the wrong sites is just making excuses for the lack of security in MS products.
with IE some sites pelt you with permission popups such that its virtually impossible to make them go away without clicking ok and/or use other windows to cover up everything ex i've NEVER had that happen to me when using firefox (firefoxes some content was restricted bar at the top is far more sane).
Why Harvard and Oxford? Do these school have the computer science talent to really dive into this problem? Or is Google and SUN trying to look a little more fair by not always heading up the road to Stanford and giving their alma mater some kickbacks? I know that Harvard and Oxford have produced some of the greatest literary minds of the 20th century, but are they up to the challenge of figuring out how weatherBug got on my system?
Wouldn't that lead them to being sued by companies saying "oh, our software isn't spyware, its useful!" and other rubbish?
I recall reading about a few antispyware companies and/or researchers threatened with lawsuits (or even sued) because their research was "defaming" said company or "misleading" the public about their supposed "valuable" product. In this day and age, with the ridiculous litigious society we live in, how is this project going to fare? I hope they do succeed, however. I'm fed up with cr
It really should be obvious - but most of us are so used to Google by now that we might be too comfy.
Google has an enormous information gathering capability. Seen those Goooooooogle ADS everywhere? While it may not be spy-WARE per say... it certainly feeds you a cookie. Noticed how MANY of these Goooooogle ADS sites there are? Theyre just popping up everywhere arent they?! Yes they are - and you dont even give it a second thought while you throw yourself into the Google anti-spyware projects. Google dont want competitors. A Spyware program is a competitor of Google as it gathers information about the users surfing habits just like Google does - but in a much more intrusive way (well...at least if feels that way).
While I think perhaps you're being a little too paranoid concerning that evil evil cookie, you bring up a good point: the person who decides what is and is not spyware is in a prime position to abuse the system. Google now produces several pieces of desktop software, including a browser toolbar that sometimes gets installed from a checkbox during the installation of other software. They're all free. Some could in the future, become a vector for ads. It seems unlikely that Google would declare their own st
I fail to see how configuring your browser to ignore the specific parts of a specific stylesheet on a specific site that you don't like could possibly affect how anything looks anywhere else.
If you are on a Mozilla-based browser, look up "userContent.css". Otherwise consult your browser's documentation. Otherwise download the source code of your browser and modify to ignore the parts of/.'s stylesheets you don't like.
I fail to see how configuring your browser to ignore the specific parts of a specific stylesheet on a specific site that you don't like could possibly affect how anything looks anywhere else.
Because you can't disable it on a specific site only.
If you are on a Mozilla-based browser, look up "userContent.css". Otherwise consult your browser's documentation. Otherwise download the source code of your browser and modify to ignore the parts of/.'s stylesheets you don't like.
Because you can't disable it on a specific site only.
The point I failed to get across is that, yes, you can override stylesheets for specific sites! If you use Firefox, Seamonkey or similar, see http://forums.mozillazine.org/viewtopic.php?t=2868 66> for examples. For Opera, see http://my.opera.com/community/forums/topic.dml?id= 109574>. I'm sure other browsers allow similar things.
And the point I seem to fail to get across is, I don't want to have to use other browsers because some people can't figure out how to design their website properly.
This past week I've been helping one of my friends remove spyware from his computer. All he did was hook up to a relative's cable to download a large update file, and in the space of a couple of hours, his unprotected PC got loaded down with several DOZEN virii including VX2, smartloadb, Virtumundo, etc.
Google believes click fraud to be the most significant threat to the internet. This makes sense because click fraud is what makes all the malware, adware and virii PROFITABLE. What Google and Sun are doing with stopbadware.org is their answer to that. And it's an answer that is needed badly.
Why? As a very recent veteran of attempting to remove malware, I can tell you that the good side of this war is terribly, horribly disorganized. Let me explain:
If you get a massive infection of various kinds of malware, or if you want to protect yourself against all this stuff, you have to:
1. Protect yourself with a firewall (software example: Zonealarm) 2. Run or have available an antitrojan application (example: Trojan Hunter) 3. Run an antivirus program (commercial examples: Norton or McAfee; freeware example: Grisoft AVG Free) 4. Run several antispyware programs (examples: Spybot, Lavasoft Adaware, Microsoft Antispyware) 5. Use something like merijn.org's HiJackThis to find out what your system is infected with that all of the above cannot detect 6. If you're infected with something difficult like VX2 that can't be detected by ANY of the above, you may also need to hunt down very specific helper scripts and applications to deal with it, or even worse figure out how to remove it manually (which is generally VERY technical and difficult).
So, you have firewall, antitrojan, antivirus, antispyware and detection all covered by entirely different industries, most of which don't have much overlap (antivirus programs still do little against antispyware, for example). In the antispyware category, none of the legit programs can detect everything, so you need to run several of them.
You also have the fact that most of these anti-malware companies are commercial; they need to make money doing what they do, because what they do is very difficult, very technical, and has to be done VERY FAST. You see freeware versions, probably because they can't stand to see people who can't afford all these applications get run into the ground by the malware industry.
It doesn't help at all that you've got hundreds - literally, hundreds - of malware installers masquerading as antispyware, antitrojan and antivirus programs. The antispyware industry has had no choice but to put up www.spywarrior.com just so people can sort out the few good ones from the many bad ones. That site is run by one of the legit companies. That company would obviously much rather have nonprofit, noncommercial oversight declaring who is legit and who isn't - it puts a commercial company in an uncomfortable ethical position to be declaring legitimacy of other companies in its industry. But I don't see that they had any choice; to not do it would be even worse.
It looks like that is what badware.org is intended to be, and what is so badly needed - a nonprofit organization that has no base or funding from within the antimalware industries, to oversee and report on those industries.
Do you know what the process for cleaning an infected computer is right now? You post HiJackThis logs to a variety of different forums (just google "HiJackThis Logfile" for a sample) and people voluntarily, out of the goodness of their hearts, help you with incredibly technical removal procedures (google "VX2 removal" to see what I mean). If you want to look up these removal procedures yourself, you google around on various antispyware and antivirus web sites with various descriptions (often vague or assuming you have their commercial product). It's horribly disorganized, with different antivirus companies calling each virus by a different name. A good example: try and find out how to tell the difference between a Lo
There are also many informal efforts that produce utility programs to remove particular sorts of spyware and adware.
Informal?
Because the effort isn't backed by a multi-national company, it is informal?
I wouldn't classify [Your Favorite Ad/Spyware Program Here] as an informal effort. Programs like Spy-Bot and Ad-Aware are most definitely not informal. MS's spyware remover, various virus scanners, etc... most definitely not informal efforts.
Maybe the reporter was talking about those various small programs written to specifically root out certain infestations?
I'm not sure if anything like this exists already, but, this could be quite useful in some circumstances. A central source of information on downloadable programs that tells you wether or not a downloadable program is bundled with known spyware. Now, create a firefox extension that checks when you go to download a file, if that filename (and perhaps source domain) and looks it up on the central source and then warns the user that th efile is known to contain spyware. This way, you can be more pro-active in
I've been running OSX now for about 3 years. I have *NO* antivirus software. I have *NO* antispware. The really telling thing is that I also have *NO* problems! The best thing about OSX is that I just don't need any of this stuff. At this point in the game, it is completely irrelevant to me.
For all you Microsoft users who are trapped in your ActiveX hell, I feel for you. I have only one thing to say, "Free your OS and your @ss will follow!"
I just can't follow this line of reasoning. What are the majority of computer users using, PC's with Windows or MAC's with OS? What platform are most of the viruses/spyware/adware written for? PC's with Windows running on them or MAC's with OSX on them?
I enjoy the elegance and performance of MAC's, but don't try to sell me on how much more secure they are than Windows. MAC's may be more secure out of the box than Windows, but that's just out of the box. Come tell me that this still holds true after MAC's
There are so many rogue antispyware applications: http://www.spywarewarrior.com/rogue_anti-spyware.h tm [spywarewarrior.com] that all the good names have been taken. Plus it dodges the semantics issue over deciding if something is adware or spyware or malware or whatever. Just call it all badware instead.
I speak English, Spanish (and a few others) WITHOUT ANY ACCENT!! (I can also emulate scottish, german, russian, indian/arab and southern redneck style accents on English when necessary.)
I can write 3 fluent languages, as well as relatively staccato and wildly punctuated C++, PHP and a little Python...
I'm not underestimating them chief, I'm saddened that my parents chose to bring me here. To be quite honest, I'm saddened that "here" is ruled instead of represented, and that everything they based their decision to bring us here upon, was a lie, a lie meant to get very well educated immigrants to come here and swell the ranks of American Middle classers (the way we were treated our first few years was deplorable, but I digress.) I am saddened that most Americans that I've met, and heard from, and watched o
whats annoying about the google toolbar, is that once its installed, it'll modify the "run" bar if you add one to your task bar. it'll prevent launching local applications, and isntead try to search on google for what ever you type in. i find the bar quite handy for typing in simple things like "notepad" or "calc" all the time. i have no idea if google ever fixed this problem, but its an annoyance enough that i wont be running anything that has the google toolbar at all. its even more annoying that so m
"...not one mentions GNU/Linux..." It's because just about everyone in the industry has or is about to find a way to make a buck off the horrid situation we're all in due to Microsoft's garbage OS: When people start dumping Microsoft products then the easy money is over and they have to start doing some real work again.
The flip side of this same coin: Some "terrorists" or other group decides that giving a small group of Darkside hackers some serious money is an option and then one day most of our business IT
Harvord! (Score:4, Funny)
While it's funded by Sun and Google, the research will be done by Oxford and Harvord."
Hay, I got my Computor Sciense degrie from Harvord Web Univercity! I'm an aluminumni! I lerned abowt it frum adware witch was monitering my /. typiing skils and sugestid I enrol rite away (don't bothur enterring you're credit card, we alreddy
know it, jist hit buton and you start on yor way too hire educatoin!!!1) (My sistor is going to Oxfurd!)
I try anty spywear softwear but, itt keeps flasshing lotsa things on teh screen with WQRNINGs and stuff, so I geussed it didn'tinstall rite so I uninstaled them all. Ihop this works betters!
Ad-Aware-Aware(TM) approved text
Mr. Grabpot Thundergust has 600,000$AM for you!
Re:Harvord! (Score:2)
Re:Harvord! (Score:2, Interesting)
Re:Harvord! (Score:3, Funny)
Re:Harvord! (Score:2, Funny)
Re:Harvord! (Score:2)
Google Toolbar? (Score:4, Interesting)
Re:Google Toolbar? (Score:2)
What is there to research? (Score:4, Interesting)
Re:What is there to research? (Score:5, Insightful)
-nB
Re:What is there to research? (Score:4, Insightful)
Sure - we can't blame it all on users and their badly managed/protected systems - but some safer computing with more brains could help
Re:What is there to research? (Score:2)
of course they have to make money somehow, but google manages just fine relying on the data aggregation they perform on server,
Re:What is there to research? (Score:5, Insightful)
Re:What is there to research? (Score:2)
Re:What is there to research? (Score:2)
Re:What is there to research? (Score:2, Insightful)
Re:What is there to research? (Score:5, Informative)
Google gets Sun, Lenovo (IBM), WebWatch (Consumer Reports), the Berkman Center for Internet & Society and Oxford University together to form a group called "Stop Badware" that sends money to a bunch of students, who in turn setup a little website that "names and shames" spyware software. The website is to be visited by people that already understand what spyware is and how not to get it. Spyware makers to totally ignore the students strongly worded opinions.
Microsoft leads a group containing Lavasoft (Adaware), Trend Micro, Symantec, Grisoft (AVG), McAfee, Websense, Panda Software, Yahoo, AOL, Dell, HP, Aluria (Earthlink), the National Center for Victims of Crime, the National Cyber Security Alliance, the Samuelson Law Technology & Public Policy Clinic (UC Berkeley School of Law) along with another 2 dozen major security, general internet, public advocacy and legal organizations called the "Anti-Spyware Coalition". Microsoft directs this organization in a three pronged attack on spyware:
- Clearly defining what spyware is and what is does, in order to improve understanding among normal users, providing common standards for anti-spyware software, and helping to make spyware a concept that can be used effectively and accurately in legislation.
- Directly confronting spyware makers in the courts, hitting them where it hurts, their wallet. For example this week Microsoft is pulling in Washington Attorney General Rob McKenna to file a lawsuit against the makers of "Spyware Cleaner", a product that actually infects computers with its own spyware, and is advertised through misleading email and messenger spam. Microsoft has already had numerous court room victories against the spyware makers and spammers.
- Using the rigorous terminology defined in point 1, with the court precedent created in point 2, the ASC lobbies Congress to pass tough anti-spyware laws, closing the loopholes and grey areas that make spyware non-trivial to legally stop.
So to compare, one camp has declared war on spyware, and has assembled the best generals in the industry and the largest groups of regular troops, and launched a major assault on the spyware mainland, already capturing several cities. The other camp has gotten together at the local university to sit around writing beatnik poetry about how bad spyware is.
Re:What is there to research? (Score:5, Informative)
Re:What is there to research? (Score:2)
As a research project obviously.
Re:What is there to research? (Score:2)
Yes, but much more useful if they post a decent bounty and make collecting it as easy as using the local ATM. The downside is that spyware makers would be in short supply in about 72 hours. This could be defined as success.
Seriously though, the bandaid approach to computer security is never going to work. In my opinion, Microsoft is guilty of criminal neglect (amongst other even worse things) and should be prosecuted heavily. No one should be allowed to
Re:What is there to research? (Score:2)
Even if that were so, what's wrong with more than one group taking on the issue? Also, while MS et al have the big guns, recall that the Sony Rootkit was
Re:What is there to research? (Score:2)
Oh wait...
In this case there is a lot to be gained by stopping spyware but not as a final solution (filling the holes, making it so it costs them bandwidth and you no time)...
Microsoft likes nice easy rollouts and they get them when people think their next OS will make their computer faster, the truth is their clogged with spyware so formatting will make them faster.
Windows 95 is the fastest MS OS... asside from compatibility the
Re:What is there to research? (Score:2)
Actually I'm sure that if I installed it on my amd64, DOS 4.0 would fly. I should probably remove Gentoo. And there is no spyware for DOS so aside from compatibility issues, it would be a major win!
I'm sure there has to a be a hole in tha reasoning somewhere though...
Re:What is there to research? (Score:2)
Re:What is there to research? (Score:3, Informative)
Re:What is there to research? (Score:2)
Re:What is there to research? (Score:2)
How? (Score:3, Interesting)
Is this going to be like the spamm blacklists which can be subjective?
Re:How? (Score:5, Interesting)
Re:How? (Score:2)
Personally, this [debian.org] is the only archive I trust to draw untested (by me) programs to be on my computer (companies I consult for of course frequently use "other" systems - and lose a lot of sleep and hair keeping it semi-clean). And the reason for that trust is driven by their simple, and effective, requirement to adhere Item 2 of this [debian.org].
Re:How? (Score:1)
What about Stanford? (Score:5, Funny)
Stanford and Berkeley snubbed by alumni, film at 11!
Re:What about Stanford? (Score:3, Interesting)
Re:What about Stanford? (Score:2)
Include Ben Edelman in this! (Score:2, Interesting)
[witty topic] (Score:4, Funny)
I, for one (Score:1, Redundant)
Re:I, for one (Score:1)
... overlords?
Where are the overlords?
Sun??? (Score:4, Informative)
Re:Sun??? (Score:2, Interesting)
Marketting value. Somebody in the management thinks "Teaming up with Google, Oxford and Harvard" is cool.
Excellent! (Score:5, Interesting)
PS: I'm waiting for Google to annouce its plan for world peace.
Re:Excellent! (Score:5, Interesting)
Google profits from spyware (Score:5, Insightful)
Google should do less evil by not accepting ads from these companies.
Re:Google profits from spyware (Score:2)
mal-ware sites would quickly stop using adwords if enough people were running an extention that was designed to cost them money.
Re:Excellent! (Score:2)
"Google Announces Middle-East Peace Plan"
How about... (Score:5, Insightful)
Re:How about... (Score:1)
And then they could also show the information those companies have gathered...
OK, so it's quite a bit... better make it searchable...
Damage control (Score:1, Insightful)
Re:Damage control (Score:1)
Re:Damage control (Score:1)
Re:Damage control (Score:2)
Google is a business, with two options to choose from:
If you expect them to pick #2, you're a damn fool.
Re:Damage control (Score:3, Interesting)
I don't expect them to not do that. But it would be nice if they stopped pretending to do no evil. I don't see any exemption in their statement saying that evil is OK, as long as millions are to be made.
Re:Damage control (Score:2)
Re:Damage control (Score:2)
So what? Why do they have an obligation to go into China? Why support totalitarianism?
The best thing they can do is keep with the market so that maybe they can make a difference in the future if they so desire.
Now, that's naive thinking. Google just wants to make money. What makes you think they care about making a difference? if they wanted to make a difference, they would take a stand - not act like every other apologist for China like Micr
Re:Damage control (Score:2)
I never said they had any obligation to go into China. It certainly benefits them, however, so why shouldn't they? Could you tell me how a company being in multiple regions is totalitarianism?
Re:Damage control (Score:2)
Why shouldn't they? because they are supporting a totalitarian regime. That is unethical. I never claimed that being in multiple regions is totalitarianism. I said that helping China's totalitarian regime with their censorship is supporting totalitarianism. Do you have any reasonable argument that it does not?
I don't
Re:Damage control (Score:1)
4 Google stories in one day? (Score:3, Insightful)
Stop Badware, bad bad badware... go to your cage! (Score:1, Troll)
Wow, this really reminds me of my last trip to the Dollar Store.
NewSpeak? (Score:5, Funny)
Project Ungoodware: brought you you by the Minisry of Love.
Wrong format?? (Score:3, Interesting)
Maybe it might get cluttered with junk, too, though, hmm.
I wonder if a pseudo-moderated wiki capacity for a truly open editable document might work. Weighted by the user's real time previous moderations (+5 Neutral, -5 Troll, etc).
That leads me to the point, actually -- are there specifications for an open editable moderated document that falls towards neutrality in facts?
Google IS the problem (Score:5, Interesting)
Re:Google IS the problem (Score:1)
Re:Google IS the problem (Score:3, Interesting)
And the URL is... (Score:5, Informative)
Small Step... (Score:1)
Re:Small Step... (Score:1)
Missed the bota (Score:1)
What's next
Spyware is easy money (Score:5, Interesting)
You would not believe the number of computers that went out of commission within the first month just from being overloaded with spyware/adware. I often feel the urge to tell them "Stop surfing pr0n sites. Stop clicking on everything in sight just because it tells you to click it."
But I don't. Because I know that as soon as I fix it, they'll just ask me to come over again within a few weeks. I seriously doubt they would listen anyway. As I said, easy money.
It is not the users fault (Score:2)
Re:It is not the users fault (Score:2)
Re:It is not the users fault (Score:2)
Why these schools? (Score:2)
do you think... (Score:2)
Good idea but... (Score:2, Interesting)
This is a Trojan horse - No one will see it coming (Score:5, Interesting)
Google has an enormous information gathering capability. Seen those Goooooooogle ADS everywhere? While it may not be spy-WARE per say... it certainly feeds you a cookie. Noticed how MANY of these Goooooogle ADS sites there are? Theyre just popping up everywhere arent they?! Yes they are - and you dont even give it a second thought while you throw yourself into the Google anti-spyware projects. Google dont want competitors. A Spyware program is a competitor of Google as it gathers information about the users surfing habits just like Google does - but in a much more intrusive way (well...at least if feels that way).
Are we getting the picture yet?
Re:This is a Trojan horse - No one will see it com (Score:2)
Google now produces several pieces of desktop software, including a browser toolbar that sometimes gets installed from a checkbox during the installation of other software. They're all free. Some could in the future, become a vector for ads. It seems unlikely that Google would declare their own st
Right until... (Score:2)
Google made a bundle last year, one wonders if they wouldn't like to continue to do that.
[OT] Your sig & stylesheets (Score:2)
Who is forbidding you from disabling those stylesheets in your browser?
Re:[OT] Your sig & stylesheets (Score:2)
No, they should design it properly (I wouldn't be surprised if its on purpose because they hate microsoftware)
Re:[OT] Your sig & stylesheets (Score:2)
If you are on a Mozilla-based browser, look up "userContent.css". Otherwise consult your browser's documentation. Otherwise download the source code of your browser and modify to ignore the parts of
Re:[OT] Your sig & stylesheets (Score:2)
Because you can't disable it on a specific site only.
If you are on a Mozilla-based browser, look up "userContent.css". Otherwise consult your browser's documentation. Otherwise download the source code of your browser and modify to ignore the parts of
Yeah right, like i'm going to learn
You missed my point (Score:2)
The point I failed to get across is that, yes, you can override stylesheets for specific sites! If you use Firefox, Seamonkey or similar, see http://forums.mozillazine.org/viewtopic.php?t=286
Re:You missed my point (Score:2)
I get what they're doing (Score:5, Interesting)
Google believes click fraud to be the most significant threat to the internet. This makes sense because click fraud is what makes all the malware, adware and virii PROFITABLE. What Google and Sun are doing with stopbadware.org is their answer to that. And it's an answer that is needed badly.
Why? As a very recent veteran of attempting to remove malware, I can tell you that the good side of this war is terribly, horribly disorganized. Let me explain:
If you get a massive infection of various kinds of malware, or if you want to protect yourself against all this stuff, you have to:
1. Protect yourself with a firewall (software example: Zonealarm)
2. Run or have available an antitrojan application (example: Trojan Hunter)
3. Run an antivirus program (commercial examples: Norton or McAfee; freeware example: Grisoft AVG Free)
4. Run several antispyware programs (examples: Spybot, Lavasoft Adaware, Microsoft Antispyware)
5. Use something like merijn.org's HiJackThis to find out what your system is infected with that all of the above cannot detect
6. If you're infected with something difficult like VX2 that can't be detected by ANY of the above, you may also need to hunt down very specific helper scripts and applications to deal with it, or even worse figure out how to remove it manually (which is generally VERY technical and difficult).
So, you have firewall, antitrojan, antivirus, antispyware and detection all covered by entirely different industries, most of which don't have much overlap (antivirus programs still do little against antispyware, for example). In the antispyware category, none of the legit programs can detect everything, so you need to run several of them.
You also have the fact that most of these anti-malware companies are commercial; they need to make money doing what they do, because what they do is very difficult, very technical, and has to be done VERY FAST. You see freeware versions, probably because they can't stand to see people who can't afford all these applications get run into the ground by the malware industry.
It doesn't help at all that you've got hundreds - literally, hundreds - of malware installers masquerading as antispyware, antitrojan and antivirus programs. The antispyware industry has had no choice but to put up www.spywarrior.com just so people can sort out the few good ones from the many bad ones. That site is run by one of the legit companies. That company would obviously much rather have nonprofit, noncommercial oversight declaring who is legit and who isn't - it puts a commercial company in an uncomfortable ethical position to be declaring legitimacy of other companies in its industry. But I don't see that they had any choice; to not do it would be even worse.
It looks like that is what badware.org is intended to be, and what is so badly needed - a nonprofit organization that has no base or funding from within the antimalware industries, to oversee and report on those industries.
Do you know what the process for cleaning an infected computer is right now? You post HiJackThis logs to a variety of different forums (just google "HiJackThis Logfile" for a sample) and people voluntarily, out of the goodness of their hearts, help you with incredibly technical removal procedures (google "VX2 removal" to see what I mean). If you want to look up these removal procedures yourself, you google around on various antispyware and antivirus web sites with various descriptions (often vague or assuming you have their commercial product). It's horribly disorganized, with different antivirus companies calling each virus by a different name. A good example: try and find out how to tell the difference between a Lo
Re:I get what they're doing (Score:2)
Spywarrior.com [spywarrior.com] is also handy if you are looking for airline tickets or Christian singles. Yay for search portals!
"informal efforts" (Score:3, Insightful)
Because the effort isn't backed by a multi-national company, it is informal?
I wouldn't classify [Your Favorite Ad/Spyware Program Here] as an informal effort. Programs like Spy-Bot and Ad-Aware are most definitely not informal. MS's spyware remover, various virus scanners, etc... most definitely not informal efforts.
Maybe the reporter was talking about those various small programs written to specifically root out certain infestations?
Could be Useful (Score:2)
A central source of information on downloadable programs that tells you wether or not a downloadable program is bundled with known spyware. Now, create a firefox extension that checks when you go to download a file, if that filename (and perhaps source domain) and looks it up on the central source and then warns the user that th efile is known to contain spyware. This way, you can be more pro-active in
Once you go Mac, you never go back!!! (Score:3, Interesting)
For all you Microsoft users who are trapped in your ActiveX hell, I feel for you. I have only one thing to say, "Free your OS and your @ss will follow!"
2 cents,
Queen B
Re:Once you go Mac, you never go back!!! (Score:2, Insightful)
Re: (Score:2, Interesting)
MIT's Startup Advisor? (Score:2)
"hmm, google should really have this built in"
Re:Worst name (Score:2, Informative)
Only On Price? (Score:1, Offtopic)
And what keeps Apple alive? Last i heard the ipod cost more then a creative labs version..
Who is buying all these Glocks, instead of cheap kel-tecs?
Designer shoes?
Yep, we americans *only* think of price.
You bought a Glock?? (Score:2)
Oh well.
I never said we americans don't have taste, I simply said that the average layman goes to walmart to get the cheapest shit he can.
I don't shop that way, but most do.
~D
Strange... (Score:2)
I can write 3 fluent languages, as well as relatively staccato and wildly punctuated C++, PHP and a little Python...
My question is... what is THEIR excuse?
~D
Re:Yay, China is in on it... (Score:2)
I am saddened that most Americans that I've met, and heard from, and watched o
Re:Yeah... (Score:2, Offtopic)
Re:What is wrong with slashdot these days? (Score:3, Insightful)
It's because just about everyone in the industry has or is about to find a way to make a buck off the horrid situation we're all in due to Microsoft's garbage OS: When people start dumping Microsoft products then the easy money is over and they have to start doing some real work again.
The flip side of this same coin: Some "terrorists" or other group decides that giving a small group of Darkside hackers some serious money is an option and then one day most of our business IT
Re:Yeah, but it still induces cognitive dissonance (Score:2)
Ciao.