March 21, 2005
Hackers more active in 2004
Internet attacks on businesses and other organizations increased by about 28 percent in the second half of 2004 compared with the first six months of the year, a report on Internet security warned.
And hackers are setting their sights on the rapidly-emerging mobile-computing market, it added.
On average, businesses and other organizations received 13.6 attacks on their computer systems every day in the second half of 2004.
That’s up from 10.6 attacks in the first half of the year, says the report by Cupertino, Calif.-based Symantec Corp., which makes the popular Norton anti-virus software and other security products.
“There’s all sorts of malicious code out there increasing in frequency and severity,” said Dean Turner, executive editor of the Symantec Internet Security Threat Report, which was set for release today.
“Users have to make themselves aware.”
The burst in activity follows a shift in the motivations of attackers. Where the hacker community once sought notoriety, today it is largely a vast network of crooks going after other people’s money, experts say.
The favourite tools of online attackers include phishing, spyware, and adware. Phishing scams involve e-mails appearing to come from legitimate companies that direct people to divulge credit card numbers and other data.
Spyware is hidden software that captures information about a user’s web-surfing habits. Adware is a type of spyware that collects data to target users with e-mail marketing campaigns or pop-up ads.
Symantec says its anti-spam filters blocked an average of 33 million phishing messages a week in December—up from just nine million a week in the first half of the year.
The trend will continue upward this year.
“Phishing attacks are difficult to defend against. As the sophistication of spoofed e-mail and Internet sites increases, it will become more difficult for users to determine what is legitimate and what is not,” the report said.
Industry estimates of what phishing scams alone cost U.S. companies in 2004 range from $1.2-billion (U.S.) to $2.4-billion.
The recent proliferation of mobile devices is seeding a whole new category of viruses. At the end of December, there were 21 known samples of malicious code for mobile devices—up from just one at the end of last June, the report said.
Turner said those numbers will keep rising as the popularity of mobile computing grows. A short-range wireless connection standard called Blue Tooth is proving to be the conduit for most attacks.
Users may forget to turn off the connection feature as they move around public spaces, leaving themselves open to viruses, he noted.
Posted at 16:58 in News | Permalink | 0 Trackbacks
March 17, 2005
FTC shuts down makers of "Spyware Assassin"
Firm purporting to remove spyware receives temporary shutdown order
Editors Note: First in a long line of bogus spyware company shutdowns? We can only hope so.
THE ASSOCIATED PRESS
SPOKANE, Wash. -- The Federal Trade Commission has temporarily shut down a Spokane company whose software purported to help people remove spyware, but that regulators claim often did nothing to stop the malicious programs.
A U.S. District Court judge in Spokane has approved a temporary restraining order against MaxTheater Inc., which makes Spyware Assassin. In April, the FTC will ask a federal judge to make the ban permanent.
The FTC alleges that Spyware Assassin offered customers a deceptive spyware scan. The FTC said the scan either said it had found spyware that didn't exist or said it would remove spyware and then didn't.
MaxTheater owner Thomas Delanoy, who is named in the complaint, told The Spokesman-Review newspaper he had been advised by his attorney not to comment.
Spyware is a growing online security threat that can be used to track a user's computer habits, steal valuable personal information and slow performance.
Posted at 9:58 in News | Permalink | 0 Trackbacks
March 16, 2005
A letter from Cydoor
I received an interesting letter from Cydoor the other day. They want me to change our definition of Cydoor. I'm not sure what to make of this, so I thought I would post it on the site and leave the comments section open.
I would like to bring your attention to your categorization of our ad-serving technology as spyware. I believe that this categorization is mistaken, and I would like to show you why. I would also like to request that you update your description of Cydoor to be a mild adware.
In the past, Cydoor’s client was defined as Spyware by several members of the press and the anti-spyware industry. The client itself was mostly bundled with free software for the sole purpose of enabling that application to display ads. The client communicated with a Cydoor host periodically in order to present new ad creatives and to report on ad performance. Though no personally-identifying information was ever transferred, this method was considered invasive because users did not explicitly agree to install a Cydoor component or to the transmission of information.
However, today Cydoor has significantly changed its technology to offer end-users and partners an unobtrusive ad-serving solution. With a greater emphasis on visibility and privacy issues, Cydoor provides its partners with a reliable source of revenue, while making sure users are aware of its activities.
How does it work?
Cydoor provides all its publishers with a complete interactive advertising solution, including ad serving, frequency capping, and performance statistics. Cydoor allows each publisher to implement a solution that provides them with the advertising flexibility that they require, including any and all communication to Cydoor’s servers. Cydoor has no presence on the end-user’s desktop in any way, and our partners can serve ads and generate revenue from their application or web property.
Users download the desired application, while noting that it is ad-supported. Cydoor strongly urges all its partners to state upfront that their application is freeware but is supported by advertising revenue, and most state it in their End User License Agreement (EULA). There is no installation, explicit or otherwise, of any Cydoor component on the user’s computer.
After installation, the partner application manages the various advertisements and their performance. The ads are served according to predefined impression requirements and caps and exposure is not based on any aspect of the user’s behavior. From time to time the partner application connects to Cydoor's servers in order to report aggregated performance records such as which ads were displayed, how many impressions they received, and which, if any, did the user click on. These are the same kind of performance parameters that are tracked by any online advertiser, including banners published on a web site.
I’d like to emphasize that the application does not download ANY information from the Cydoor servers aside from ad creative. The application reports only basic aggregated campaign performance parameters. Under no circumstance does the application report on any other user behavior or does it transmit any personally identifiable content.
I’d like you to note that as an example, two of our partners, Download Accelerator and PalTalk Instant Messenger are either certified as Spyware-Free or are working with the leading Anti-Spyware vendors to be removed from their Spyware list.
Please let me know if you need any additional information regarding my request.
Posted at 17:42 in News | Permalink | 0 Trackbacks | 2 Comments
March 15, 2005
Spyware Removal Starts At Home
Consumers, Microsoft and the Federal Trade Commission are similarly confounded when it comes to defining spyware and how best to combat a spreading plague of intruding and often malicious software. It’s up to individual users to stop it on their own computers, at the first sign of infection.
Ask a personal computer user suffering from a spyware or adware infection and they’ll easily define it for you. Slower Internet connection speeds, unwanted popup ads, changed Web browser settings or home pages, computer unresponsiveness and a general anxiety about exposing personal information and passwords.
"Adware and spyware victims need to take immediate action at the first sign of a spyware symptom," advises Richard Stokes, a computer engineer who runs www.AdwareReport.com, an established adware removal, consumer review site. "Don’t wait for the government or for Microsoft to find an adware solution, because every moment you wait is another moment that you risk your privacy and general frustration with your computer.
"Having said that," Stokes added, "even when consumers do decide to find a spyware solution on their own, they’re often confused about which anti-spyware program will do the trick." Hundreds of anti-spyware programs elbow for search engine space, as consumers get bombarded with anti-spyware ads and promising spyware cures.
"As with anything consumers buy, the smart shopper will always come out ahead," said Stokes. Nobody wants to waste their time researching for the right spyware remover, but wasting your money purchasing a useless spyware remover can be twice as frustrating. "When people visit Adware Report, I encourage them to take their time, read the reviews and be certain that the spyware remover they buy is the right fit for them." Consumers need to make their own, knowledgeable decisions or their spyware problems are sure to persist.
Although the FTC and similar government agencies are finally making strides towards first defining and then solving the growing spyware epidemic, the burden ultimately falls on the individual spyware victims to take swift and intelligent action at the slightest hint of a spyware infection. It could take years before consumers see the benefits of the FTC’s recent spyware and adware report (available at www.AdwareReport.com). Until then, the only viable solution is to continue turning to review sites like Adware Report to ease their confusion and help find anti-spyware solutions.
Posted at 12:04 in News | Permalink | 0 Trackbacks
March 13, 2005
Federal Trade Commission releases 62 page report on Spyware
The FTC has released a very interesting report about their findings on spyware. The report is a bit lengthy at 62 pages, but I plan on reading this and distilling the most interesting points here on the site.
I immediately noticed this quote from the report relating to the difference between adware and spyware. It appears that even industry experts can't seem to agree on how adware and spyware differ:
Workshop panelists and commenters stated a range of views as to whether and when adware should be classified as spyware. Some panelists argued that adware is spyware if users have not received clear notice about what the software will do or have not provided adequate consent to its installation or operation. In turn, some types of adware would not meet some definitions of spyware because they do not monitor computer use. Other workshop participants apparently would view adware as spyware if it causes consumers to receive pop-up ads, regardless of whether consumers are bombarded with such ads or just occasionally receive such ads.
If the industry can't seem to agree on even what spyware is, how can we expect the FTC or other governmental bodies to effectively legislate on this issue?
Read the entire report here (1.1Mb)
Afterthought: We've seen this same type of confusion recently when Lavasoft, Computer Associates, and Aluria decided to de-list WhenU as "spyware". Many industry experts, some of them rather thoughtlessly, expressed outrage at the de-listing, continuing to label WhenU as spyware, when they should actually be considered adware.
Posted at 13:30 in News | Permalink | 2 Trackbacks
Are you experiencing display problems with our site?
Two readers wrote in today telling us that the left-hand navigation menu is overlapping the main copy. We've tested this in a couple of different browsers, but couldn't find a problem. So if you're having an issue, please drop us an email at admin@adwarereport.com and let us know what browser and version # you're using.
Thanks!
Posted at 11:16 in News | Permalink | 0 Trackbacks
March 11, 2005
Symantec anti-virus flaw hits 30 products
A cross-platform flaw affecting many Symantec security products - both consumer and enterprise - has been discovered. Users of Symantec's Norton SystemWorks 2004, Norton SystemWorks 2004 (both Mac and Windows), Norton AntiVirus 2004, corporate anti-virus apps and Brightmail anti-spam software (among others) all need to apply patches following the discovery of the "highly critical" security bug. In all 30 packages are affected.
Posted at 16:30 in News | Permalink | 0 Trackbacks
Adware Report | Site Map | spyware reviews | Book List