April 26, 2004
What to Make About Spyware Results from Earthlink
The number breakdown from a total of 1,062,756 system scans:
System Monitors (e.g., keyloggers) = 184,559
All for a grand total of 29,540,618 instances of spyware found. Divide this by the 1,062,756 system scans, and one arrives at the average of 27.8 instances of spyware per scanned PC.
However, these results are not empirically helpful. For instance, let's assume my PC had 100 infestations and I used their service to scan it weekly and didn't know how to remove the malware. Now let's compare it to someone who only ran the scan once and then cleaned their system. Wouldn't that skew the results?
Instead, I think the numbers are useful for less stringent scientific study. For instance, adware browser cookies are by far the most common, with adware not that much behind. Fortunately, true spyware (keyloggers, trojans, etc.) is less common in comparison, but I find those numbers quite telling in that it is definitely a problem. However, it's been my experience that users who have spyware on their system have it for the most common reason that they simply don't know how it got there. In other words, they're happily surfing along and downloading malware-ridden programs of interest, without realizing that they are the direct cause of their own infestations. Perhaps they didn't have a firewall or antivirus software installed. It's not uncommon at all to find that such a user has multiple spyware infestations ranging from browser hijackers to trojans, worms and other nasties. All of which would further skew any such "average infestation" analysis. While probably a good number of PCs have some malware installed either by choice or otherwise, I'd bet there are a smaller number of machines with "hyper infestations".
I'm also likely to conclude from the above results and my direct experience that the vast majority of us probably have more undesirable browser cookies than we'd like, but unless our browser is actively blocking them, we just don't have the time to deal with them individually. Running scans from Ad-Aware, SpyBot, PestPatrol and the like is probably the easiest second line of defense after they've made it past any browser defenses, which by default are set to fairly weak protection so that web sites load properly.
I don't see malware going away any time soon, and I'd suspect that the people with multiple infestations are probably not following some basic rules of practicing safe hex:
I could go on, but you get the idea. The reason why malware spreads is collectively "us". Security is a process, not a product, and we remain the weakest link in that chain. While most of an organization could be using the Internet with caution, it only takes a very few uninformed users to unwittingly compromise a system. Thus having good backup/recovery/incident plans and systems are just as important. Perhaps most important might be what I've attempted to achieve via this post: education. Remove someone's spyware for them, and it's clean for a day. Show them how to avoid getting it in the first place, and it just might stay clean longer.
Topic(s): Privacy & Security
Posted by Jeff Beard