Waccoon wrote:
Uh, so just HOW does all that prove it's a Windows-only problem?
I've read through your reply, and I think that you are still not clear on what exactly I mean with spyware. Spyware to me are malignant browser extensions which take advantage of bugs in the browser to make sure you visit sites or see advertisements you normally would avoid. In addition, some spyware might track what you are doing in order to establish a user profile. Some might register keystrokes in order to capture passwords or credit card details. A select handful will jump out of the browsing environment and hack themselves into the main system. Spyware is designed to enter the system via the browser and be hard to remove for someone without knowledge of OS internals. And most importantly, it installs without your knowledge or say-so.
While equally malignant and despicable, I do not consider keyloggers on an OS level or packet sniffers (i.e., programs which are not dependent on the browser to function) to be spyware, although it is exactly what they do: spy.
That is why it is a Windows/IE-only problem: no other combination I know of allows such easy hijacking and modification of the browser by outside parties, despite you trying your best to surf cleanly and patch your system as often as you can. While I applaud your ingenuity to bypass Firefoxes built-in popup blocker, I notice that it has very little to do with the insidious means at which spyware gets into my Windows system. Bypassing a Javascript function is one thing, adding machine-executable code to the browser is quite another.
Just to give you a taste of the situation I find myself in: I run Windows 2000 SP4 with IE6. The system is fully patched. All services not critical to my daily job of using the computer have been disabled: therefore no Telnet, no NetBIOS over TCP/IP, no domain features (as this is a stand-alone machine) and much more. I do not use an Administrator account to operate the machine. I have not loosened to access permissions on \WINNT and \Program Files, despite my losing several useful utilities which assume more lenient access rights in the process. I check the event logs regularly, and have various anti-spyware tools installed: CWSShredder, HijackThis, Spybot, and thanks to your generous hint, AppPaths. (HijackThis and AppPaths are rather similar in design and do more or less the same.) I have disabled ActiveX, Java and active scripting; I only enable the latter for sites I trust (Amiga.org, a Dutch newspaper, a few forums for board games). I rarely install software, and most of it is either scientific, or a game demo from a respectable (read: trustworthy) site. I use Eudora for email. I do not look at attachments: email from senders I do not know is deleted on sight. I do not visit pr0n or warez sites. I do not use P2P-programs. Noone else uses the computer. You now have some idea about what I did to and do with the machine, I hope.
Let's continue. You seem to have built up an enviable record of holding off the crap, and based on your repairing experience, have come to realise that people are, and I quote, 'morons who allow melicious software on their machine willingly'. Let us assume for the sake of the discussion that I am such a moron. I must be, because I find spyware on my machine twice a week. Considering that my 'net behaviour on Windows 98SE/IE5.5 and Linux/Mozilla 1.4 was far more promiscuous than under Windows 2000,
and that I never got a single infection under those two systems, I am really,
really interested in hearing your opinion as to why and how it got onto my Windows 2000 system, but not the other two. As en encore, take into account that the Windows 98 system was unprotected: no virus scanner, no firewall.
If spyware gets on a Linux system, how many files do you have to check to trace all executables that run when the system is started? How do you tell if a process "CCStart" is malicious or not? What if the app hides itself by patching another executable? Do you think any "real" OS is immune to stuff like this? What about the fact that you have to log into root to install some kinds of software? Spyware can't patch system files, then?
I have yet to see it happen as easily as it does on my Windows system. I have experienced two break-ins into a Linux-cluster, and both were caused by me and another sysadmin not knowing that lpd (the printer daemon) had security issues. I have
never seen a break-in via a browser. I very, very much doubt said program would have gotten in that way, and thus it does not belong to the class of spyware I was talking about. Perhaps your definition of spyware is different from mine, as you seem to draw in much broader aspects of computer security than just the ones affecting the browser because later on you wrote:
UNIX is famous for lousy security. If you don't believe that, read some decent books on UN*X architecture. This is most definately not a Windows-only problem.
Excuse me while I laugh. If there is one OS which is famous for lousy security, it's Windows. Yes, Unix is not totally secure either, and suffered from major break-ins and worm damage. Yet most break-ins were caused by social hacking, and the last great worm which targetted Unix was many years ago. But the far more modular design makes it inherently more robust than Windows ever will be. Plus that you can see and modify a lot of the source code of the programs you use. That is
not a guarantee it is safe (find out at your own peril, I would say to anyone who believes this), but it
does make scrutiny a whole lot easier.
Unix in the hands of a newbie can be made to be very vulnerable. If you stick to the default installation of your everyday Linux distribution, a cracker just might still get in. But it will cost him a lot of effort, and it will most certainly not be via the browser.
In any case, this discussion is really way off-topic and in order to keep the noise on the forum down a little, I am willing to continue it using other channels.
