Sunday, July 17, 2005

How and why people get spyware 

Sometimes someone says things so well I just have to quote them. The quote below came from a forum for nerds, so let me start by defining some of the jargon:

Claria: a company that sues people who call its products spyware
drive-by download: software that installs itself without asking or notifying you, usually through a security flaw in Microsoft Internet Explorer
EULA: End User License Agreement, the text to which you click "I agree"
NTP client: a program that sets your computer's clock accurately from a reference on the net
Spynet: Microsoft's collection of reports from Microsoft Anti-spyware users.

Re:Sadly, no surprise.
by bhtooefr (649901) on Thursday July 07, @07:05AM
( http://score5ot.blogspot.com/ )

Typical infection process of a Claria app, if it's downloaded legitimately (I don't recall Claria's stuff doing drive-by downloads):

1. User sees "Free password manager", "Free calendar thingy", or "Keep your computer clock up to date" (on the last one, not knowing that their XP box has a built-in NTP client, and easy to set up, too)
2. User downloads, and installs, not reading the EULA (as they've been taught - it's all legalese BS, after all, but there's often a string of legalese in the EULAs of these apps that boils down to "this is spyware")
3. User wonders why computer is running so slow, so he/she calls a friend over to remove the spyware. Said friend mentions something about "Claria junk", and removes it.
4. User sees that their little clock thingy isn't working right, and redownloads it.
5. User again realizes that their computer is running slow, but hears about this "Microsoft AntiSpyware" thingy that helps it go faster, so they download it.
6. On the first scan, it says "OMG! There's Claria on here!" (not really, but that'd be the general gist of the screen to a user). The user remembers that when the friend cleaned stuff off, Claria was the thing that when removed, broke the clock thingy, so he/she tells it not to erase. Default behavior is to send the actions to SpyNet, so it went to SpyNet that he/she chose to keep it.
7.


Does that sufficiently explain it?

# posted by Frederick @ 8:33 AM Email to a friend:
|

This page is powered by Blogger. Isn't yours?