Saturday, February 11, 2006
Where does spyware come from and how does it infect?
People like me have been publishing general impressions. A research team has turned a program loose to search the web for spyware and report back solid facts. They looked at tens of thousands of sites and have published a paper about spyware sources and distribution. I was surprised at some of their findings.
For example, I've been warning people against visiting the web's red light districts, or online neighborhoods where people in trenchcoats try to sell you Rolexes or cheap software. The researchers found another category that's really dangerous to visit: games sites! I hadn't heard of that being a problem, but my business partner points out that games are good bait, maybe even better than "adult entertainment". The study found spyware on one out of four games sites, making it the single nost dangerous category.
"Just say No"
Spyware gets on your computer two different ways. One way is invisible to you. That's the so-called "drive-by download", that installs itself by using a security problem when you do nothing but visit a web site. The University of Washington study experimented with using both Internet Explorer and Firefox to visit spyware sources. IE infected the test computers with hundreds of drive-by downloads. Firefox was immune to them all.
Much more common, though, were spyware infections that are like vampires -- they can't come in unless you invite them. The study tried two diferent programs, one that said "yes" when asked to install things, the other of which always said "no". There was a huge difference in infection rates. Some of the spyware was riding inside otherwise legitimate software, and some was pretending to be something it wasn't. Don't install cute cursors or other tools unless you know the reputation of the program (kind of like not eating sandwiches you find on the street).
How big a problem is this? How likely are you to be attacked?
"1 in 67 Web pages that we examined contained malicious content targeting browser flaws."
In other words, if you travel widely on the web, you're going to hit a web page that will try to trick your web browser program into doing something bad. You need to be able to trust your browser. Firefox has a good record. Hardly anyone's found flaws in Opera, though that makes me wonder whether anyone's looking.
80% of people have spyware infections according to a study a couple of years ago.
What else do do?
Anti-spyware programs are good but they don't catch everything. There are tools out there that keep a list of bad places on the web and block them from showing up -- the researchers found that those tools don't really work.
|
For example, I've been warning people against visiting the web's red light districts, or online neighborhoods where people in trenchcoats try to sell you Rolexes or cheap software. The researchers found another category that's really dangerous to visit: games sites! I hadn't heard of that being a problem, but my business partner points out that games are good bait, maybe even better than "adult entertainment". The study found spyware on one out of four games sites, making it the single nost dangerous category.
"Just say No"
Spyware gets on your computer two different ways. One way is invisible to you. That's the so-called "drive-by download", that installs itself by using a security problem when you do nothing but visit a web site. The University of Washington study experimented with using both Internet Explorer and Firefox to visit spyware sources. IE infected the test computers with hundreds of drive-by downloads. Firefox was immune to them all.
Much more common, though, were spyware infections that are like vampires -- they can't come in unless you invite them. The study tried two diferent programs, one that said "yes" when asked to install things, the other of which always said "no". There was a huge difference in infection rates. Some of the spyware was riding inside otherwise legitimate software, and some was pretending to be something it wasn't. Don't install cute cursors or other tools unless you know the reputation of the program (kind of like not eating sandwiches you find on the street).
How big a problem is this? How likely are you to be attacked?
"1 in 67 Web pages that we examined contained malicious content targeting browser flaws."
In other words, if you travel widely on the web, you're going to hit a web page that will try to trick your web browser program into doing something bad. You need to be able to trust your browser. Firefox has a good record. Hardly anyone's found flaws in Opera, though that makes me wonder whether anyone's looking.
80% of people have spyware infections according to a study a couple of years ago.
What else do do?
Anti-spyware programs are good but they don't catch everything. There are tools out there that keep a list of bad places on the web and block them from showing up -- the researchers found that those tools don't really work.
# posted by Frederick @ 4:29 PM Email to a friend:
Haloscan: they provide trackback