[GoatIronMaidn]

I may be a little slow when it comes to spyware. Maybe just a little confused. Why is everything being called spyware now? I get the WinXP newsletter and now there is a big deal about WMP 7 having spyware because it is set, by default, to receive auto updates and because other sites that use it can access it's certificate without promting? I'm not sure about that being "spyware".

I have always considered spyware to be something that is secretly put on my comp, that retrieves my info and sends it off to some spam laboratory. Or at the height of my paranoia, something that allows others to control my comp at a whim.

I understand that there is spyware that I really need to be concerned about. I currently run NAV 2000, but I run it every other week and then uninstall it because it leaves too much crap running in the background, even when off. I run AdAware every couple of days, and always find a few things. I used to run BlackIce Defender, but it is too complicated, I probably wasn't even using it right. I was feaking out because I was being probed every few seconds and didn't know that almost all of it was normal.

So, tell me. What is spyware? And how much of it do I really need to be worried about? And, is there a single program out right now that can completely eliminate it?

[Amadeus]

There's a bunch of different definitions of spyware. The most common is, as you said, something that will allow your information to be sent somewhere. Pretty much anything that can run auto-updates and stuff like that can also retrieve certain pieces of info from your machine. 99.9999999 percent of spyware has nothing to do with controling your machine. It's all about marketing information. There are, of course, pieces of code out there that have been designed to send your passwords and stuff to someone else, allowing them control, but the chances of you downloading that, even by accident, is pretty minimal.
As for how much of it you should worry about, depends on what you consider worrying. If you don't care if some company knows some of the sites you visit, or that you do some online shopping at WalMart, then I wouldn't worry too much at all. As far as I know, there isn't ONE single app to eliminate all spyware, but I could be wrong. There are many little scripts out there that will eliminate certain peices of spyware, but it all depends on what they were programmed to find and delete.

[Trakker]

What about those pop-under windows that don't have a title, don't show anything, and when you restore them, move beneath the taskbar? i close those as soon as possible cuz i think the thing is monitoring me

[GoatIronMaidn]

I'm not very concerned with anyone tracking my surfing habits, they would find that pretty boring. While I do shop online occassionally, I am somewhat secure that the transaction will be routine and My credit card info will not be used maliciously. I guess we have to trust Verisign, not much of a choice if you want to buy things online.

The popups concern me because they seem to have the ability to leave traces of things on my comp. If I visit a site with popups after running AdAware, the cookies from the popups are right back where they were. I know popup killer software has become popular recently, but I haven't tried it yet. I just don't need anything running in the background which could slow things down, even if it is for my own benefit. Hopefully these retarded ad companies will see that they do no good and companies will stop using them...yea, right. Perhaps M$will put an ad likker in IE7 when it comes out. It is too much of a pain to block them all as it is now with IE6. Besides they change addresses constantly.

I suppose what concerns me is stuff like the big hoopla with Morpheus having the spyware which would allow that company wo "awaken" your computer and use it while you are not there. From what I read about it the company (the name slips my mind at the moment) was not actually at the point where they could pull that off, but they were close.

I guess for someone like me, on cable, without a router, M$ XP firewall turned off, the best I can do is just get into the habit of doing my weekly cleanings with AdAware and NAV.

[Vetritus03]

to turn your computer on remotely you'd have to at aleast have a NIC with Wake on Lan capability. most cheapies don't support that and most that do have it disabled by default. that's pretty much the only way your computer is going to be able to just turn itself on... at least by remote control. then think of the complexity of what you're talking about.
first, as the programmer you are writing code that... lets say is able to change BIOS settings to have your mobo enable its WOL feature (if it exists). and you're also able to assume that the person you are attacking has a NIC with WOL ability which you might also have to be able to turn on. just with the mobo and NIC factors you're looking at high-end personal users or corporate users who might need WOL if they need to remotely turn on computers on the network for updates. right there you can pretty much eliminate the threat of you getting hacked in that sort of malicious manner as you have to know your target moderatly well or have really robust code to get the basics done.
now, after that you have to gain access to this newly booted computer. lets assume you have WinXp... just an NT derivative. now, wiith XP you have a tool called remote desktop (not remote assistant) that lets you remotely use another machine. well, it's disabled by default and in some installations requires the XP CD and a restart to install. good luck pulling that one off with out detection. assuming you do you can then use another cool item in NT: the Administrator account. now, since most people don't re-name the Admin account you can almost bet it'll be there. then, most admins use cocky passwords like 'GOD' and 'KiNg" so you can start with those. then again, if you wrote really robust code that has already snagged all the accounts and passwords and e-mailed them to you... you could be already in.

do you see how hard this is? and that is just theory i pulled from my bum. the question you have to ask yourself is... what do i have on my system that others would want? would you care if they had it? if someone was able to take control of my system for 5 minutes, what could they accomplish? what's the worst that could happen? they format your drive and you lose data? well, it should have been backed up.
mostly spyware is for marketing... and as long as you don't go to donkey-kiddie porn sites or sites that teach you how to take control of passenger jets for malicious use... you don't have much to worry about from hackers of the FBI. don't store information on your computer that you wouldn't want to get out CC #s and your SSN. stuff like that.

ok, i lost my thought pattern. i'm out.

[SlashRaid]

Vetritus03, on Aug 30 2002, 02:07 AM, said:

do you see how hard this is? and that is just theory i pulled from my bum. the question you have to ask yourself is... what do i have on my system that others would want? would you care if they had it? if someone was able to take control of my system for 5 minutes, what could they accomplish? what's the worst that could happen? they format your drive and you lose data? well, it should have been backed up.

Then again, think of the possiblity an attacker would have.

How would you like to get a call from the FBI saying that your PC or IP had been used in a DOS attack? You could lose your hardware to an investigation.

I know of to cases within a 55 mile radius of me that this has happened... In retrospect to the argument though. Both of those machines where on cable connects and always on.

Something to consider.

[GoatIronMaidn]

Well what I'm wondering is how unlikely is it to happen? I know that several months ago the article was circulating about the Kazaa P2P software having the ability to use your computer's resouces and such. I thought it was Morpheus, but it was actually Kazaa. For those that have a memory like mine (bad), I found the article:

http://www.zdnet.com...es/st...2859775,00.html

I know the hardware precautions I take can stop it. I always turn the computer off and put my cable modem on standby so it is unpingable. But there are times when the kids leave it on all day. I understand that technically there is no immediate threat because, from what I gather, it is not technically possible yet. But I don't see it being that far off in the future.

[Vetritus03]

i guess... moral of the story being: don't be an easy target.