Victimized by anti-spyware software

Longtime readers of this blog may recall that several months ago I wrote a negative review of a program called SpySweeper. Last night I got this e-mail message from a reader:

Ed…I saw your Feb 2004 review of Spy Sweeper and I’m the unsophisticated user you referred to, eg I “swept” everything an now I can’t log onto the internet and it takes forever to load Word, when it didn’t before I “swept” my computer.

On the advice of a friend, I tried several times to download AdAware, but when I unzipped it, it kept being saved as a .ref file that Windows could not open.

So, given that PCMagazine rated Spy Sweeper highly (keep in mind I was trying to use my infected computer and didn’t have time to research…I am at work now)…I installed and ran it last night.

It found a handful of adware and about 100 cookies….I knew a few of them were innocuous and eliminated them and then ran the sweep.

Well, after that, I can no long log onto the Internet with netzero at all!!!

Should I restore everything that was quarantined and hope I can at least access the internet?

My reply:

Argh, I sympathize. Yes, if I were you I would restore what was quarantined and start over. It sounds like the .exe file for NetZero was mistakenly classified as spyware or adware and the overly aggressive SpySweeper software locked it up so you can’t access it.

Btw, the AdAware “ref” files are simply the reference files, which contain data used to scan for spyware. The scanning engine is a different download completely. Unfortunately, AdAware has paid versions, and their Web site tries to steer you to those paid versions by making the free version a bit difficult to find.

For future reference, you can find AdAware Personal here, and you can download Spybot S&D (another program I recommend highly) from this link.

Spyware and so-called phishing attacks are an epidemic. Security software can help, but there are too many fake spyware fighters out there, some of which are actually infested with spyware themselves. Companies like WebRoot don’t help people when they release software that is too agressive. There’s no excuse for what happened to Carol–if the SpySweeper program had been properly tested, it would have never disabled her Internet access.

If only this were true

Dana Epp passes along a “golden opportunity” for virus writers to get hired with the FBI. All they have to do is send in an application “with a list of their most successfully deployed computer viruses.” The (fake) ad promises that “all applicants will be called in for an interview.”

Heh. Wouldn’t it be great if even a couple of the fools who write viruses fell for a sting like this?

Mozilla. Security. Oops!

So, you switched to Mozilla. And now you think your computer is secure because you’ve left behind that notoriously insecure Windows.

Oops. Multiple Vulnerabilities in Mozilla based Web Browsers.

Mozilla’s developers strongly recommend that you get the latest version of Mozilla.

Don’t get me wrong. I think Mozilla is a wonderful effort. But it is NOT a silver bullet.

Spyware removal help

If you’re looking for help getting rid of spyware, see this article from michaelhorowitz.com: How to Remove Spyware and Malware from a Windows computer.

The following is a blueprint for removing any and all malicious software from an infected Windows computer. This is not customized for a particular malware program, but applies to any and all malicious software. The intended audience for this are computer nerds and, as such, some details have been omitted. If you are not a computer nerd and think your computer may be infected (see Symptoms section below), print this page and give it to your local techie.

Lots of other good stuff at Michael’s site, too. Start at the index page and poke around.

Why I hate Kazaa

A new article in the Microsoft Knowledge Base points out an incompatibility between Kazaa and Windows XP Service Pack 2: 878485 – You cannot open Sharman Networks Kazaa version 2.52 in Windows XP with Service Pack 2.

Sadly, there’s a newer version of Kazaa available that fixes this problem. My personal experience? I have been called to work on many computers on which Kazaa was installed. Every single one, without exception, was infested with spyware and riddled with other problems. When I take on a cleanup job as a consultant, part of the contract requires that the client remove Kazaa and promise never to reinstall it.

Think I’m exaggerating? Ask Dave Winer what he thinks of Kazaa: “I did something realllly stupid this morning.”

Spybot S&D instructions

Every so often I get questions about Spybot S&D, which I recommend as an effective spyware/adware detection and removal utility. I’m not an expert on its ins and outs, but the techies at Lehigh University are, and they’ve put together an excellent Spybot Downloading, Installing and Using guide.

Very comprehensive and well written.

The decline of the PC press

I used to be managing editor of PC World, so I think I have some right to say that a story now running on the Today @ PC World blog, Win XP SP2 Halts 15% of Systems, Survey Says is irresponsible nonsense. I don’t know where the author went to school, but he needs to go back and learn some of the fundamentals of journalism. Here’s a quote:

System administrators who have been installing Windows XP Service Pack 2 on their own PCs and on test systems are reporting the results of their practice runs to the SANS Institute Web site–and the failure rate seems to be pretty high.

While the vast majority of the 752 people who published feedback (as of this blog entry) had no problems, 15 percent of these competent technology professionals complain that severe problems prevent the PC from being used after they installed the service pack. About half of those say they had to rebuild the entire system from scratch after they ran SP2.

Let’s go through a few things here:

First, this survey is not statistically weighted, so generalizing with the bold headline “SP2 Halts 15% of Systems” is unsupported by any evidence. On the contrary, the survey’s respondents are, by definition, going to be weighted disproportionately in the direction of those with problems. Sysadmins and computer users who have trouble-free experiences with software do not go out on the Internet looking for information about that software. The group in a self-selecting survey such as this one consists disproportionately of people who had problems, went looking for answers, and found this survey.

Second, see there in the second graf where the author says “15 percent of these competent technology professionals complain…”? Go and read the survey for yourself. Do you see anything that required a test of technical competence? This survey is open to the public, and characterizing the respondents with any degree of accuracy is impossible. Even the site’s sponsor, the SANS Institute, acknowledges that “we will not verify submissions for accuracy (we just can’t).” A reporter interested in accuracy might say that the site has a reputation for attracting sysadmins with more technical knowledge of computers and networks than a general-interest site such as PC World’s, but that’s about it.

In fact, that whole “technically sophisticated” thing cuts two ways. In my experience, power users are more likely to experience problems with any upgrade using any operating system. Why? Because they’re willing to use bargain hardware, install unsigned drivers, and experiment with all sorts of software.

I’d be willing to bet that many (not all, but many) of the specific problems reported by the respondents to the SANS survey involve blue-screen errors. Those errors are almost certainly caused by faulty drivers (hardware or system-level software, such as AV or CD-burning software). A less-likely scenario is that the blue screen is caused by a faulty hardware component such as a bad RAM chip, but my money is on a bad driver. Anyway, installing SP2 didn’t cause the problems they experienced; it simply exposed those problems. The bad driver was a ticking time bomb just waiting to go off. What they need to do is figure out where the driver is that’s causing their problem and replace it with a proper version, after which they can install SP2.

But anyone reading this story, especially if they focus on the headline and don’t think about the details, will assume that there’s a 15% chance that installing SP2 will hose their system. That’s nonsense, and PC World shouldn’t be spreading that message around.

Spyware blog

Scoble points out an interesting blog, Spyware Warrior, which I had not seen before. It’s been around six months and seems to be a good source of info for security experts.

Download.ject update available

Microsoft is releasing an update that addresses the most recent security vulnerability. Details in What You Should Know About Download.Ject.

On Friday, July 2, 2004, Microsoft is releasing a configuration change for Windows XP, Windows 2000, and Windows Server 2003, to address recent malicious attacks against Internet Explorer, also know as Download.Ject.

Windows customers are encouraged to apply this configuration change immediately to help be protected from current Internet Explorer exploits.

The update is currently available on the Download Center and will be made available later today on Windows Update.

Customers who have enabled automatic updates will receive the configuration change automatically. We recommend that customers immediately install this configuration change as soon as it is downloaded by automatic updates or by visiting the Windows Update site later today.

If you use an older version of Windows, you’ll need to make some manual changes using the procedures outlined in Knowledge Base article 870669 – How to disable the ADODB.Stream object from Internet Explorer.

If you’re using Service Pack 2 for Windows XP, you’ve been protected all along.

Security hysteria

The mainstream media is going nuts over a new security warning. Probably the worst reaction came from Dan Gillmor of the San Jose Mercury-News, who is one of the most reasonable people in the world until he hears the word “Microsoft.” In Yet More Microsoft Insecurity Outrages, he quotes a BBC News story that claims: “Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole in it.”

Then he adds:

How many billions of dollars of damage is Microsoft’s inadequately secure software causing every year? Why is the company not liable for any of its nonfeasance?

Where are the trial lawyers on this one? I don’t get it.

Oh yeah. That’s what we need. More lawyers. Sheesh.

Read Microsoft’s official warning on this issue. If you use Windows XP, consider installing Windows XP Service Pack 2, which is available as a very stable Release Candidate beta. I can confirm from personal testing that it blocks this type of exploit effectively.

Update your antivirus software. Trend Micro’s PC-Cillin (my favorite) protects against this exploit. So does Norton AntiVirus. So, I presume, does just about every other maker of antivirus software. If your virus definitions are up to date, you’re protected. If they’re not, well, you’re vulnerable to this and many other attacks.

If you run a Web server using Windows 2000 and IIS, install the latest patches. This exploit depends on Web servers that are running without the proper attention to security.

If you don’t think Microsoft can handle security, you have lots of alternatives, starting with Mozilla and ending with Linux. But please, don’t start talking about lawsuits and lawyers. Class action suits make lawyers richer. They won’t make you safer. Not one bit.