Spyware Targets Only Windows Users

by Preston Gralla

Anti-spyware maker Webroot Software has just confirmed what Windows users have long known: Spyware is a Windows-only phenomenon.

Recently, the company told the U.K. paper the Register that it hasn't detected a single piece of spyware targeted at Macs or Linux machines. By way of contrast, the company's Spy Sweeper software (which runs on my PC 24 hours a day), detects 15,000 pieces of spyware running on Windows machines.

The average PC is infected with 26 pieces of spyware, says Earthlink's Spy Audit service, although that number is clearly inflated, because it includes certain types of cookies, as well as passive adware, in addition to spyware.

Why Windows? Internet Explorer and Windows itself has to take a good part of the blame, because of their inherent security holes.

But the operating system is only part of the problem. The bank thief Willie Sutton is reputed to have said when asked why he robbed banks, "Because that's where the money is."

For the same reason, spyware authors target Windows machines. That's where the users are, and so that's where the money is.

You don't have to be a victim, though. Get the latest version of SP2, which includes a pop-up blocker, and helps stop drive-by downloads; install anti-spyware software like Ad-Aware, SpyBot or Spy Sweeper; use anti-virus software; and use a firewall like ZoneAlarm. (The Windows Firewall won't do much good against spyware.)

So if you're a Windows user, face the unfortunate fact: You live in a very crowded virtual neighborhood, and if you don't lock your doors and Windows, you'll be attacked.


Why do you think only Windows is targeted by spyware? Let me know.


12 Comments

chase
2004-10-13 12:18:48
Call it what it is
Windows virus
Windows spyware
Windows adware
Windows security holes


not


Computer virus etc.


By not calling it what it is, MS positions it as a computer problem they they are battling on behalf of ther users.


Regrdless of how much blame is allocated to inherent vulnerabilities vs market share (monoploy), it's still the WIndows brand products that should be taking the hit, not computers or the internet.

flursn
2004-10-13 21:33:27
Semantics gone wild
"In a recent Ford Probe accident two passengers have been injured and ..."


You get the point.

jwenting
2004-10-13 23:07:29
Call it what it is
Fool.
You still don't get it do you?


If (not when!) you get your wish and Windows (which you seem to hate so much) gets replaced by your holy grail of operating systems (probably linux) THAT will become the main target of the lowlifes who write virusses, spyware, etc.


Even now linux has far more holes than Windows ever had, and they're not being closed for the simple reason that it's not "kewl" to work on existing code, the holy open source gurus would rather be writing new and exiting features instead of getting down to business and hammering shut the gaping holes in their products.

simon_hibbs
2004-10-14 03:18:01
Call it what it is
Linux, and more generaly open source software, is very popular, and in fact largely orriginated in accademic environments. The fact is that accademic settings have the twin features that hacking of the ssytems can cause enormous damage, and are infested with the most motivated, talented and aggressive populations of hackers found anywhere on earth.


BSD is widely considered to be the benchmark for secure and stable server operating systems - it's accademic free software. Kerberos is the orriginal security technology underlying many secure networking systems, including Microsoft's Active Directory - it's accademic free software.


Linux, and the culture it comes from have security and reliability ingrained at the genetic level.



Simon Hibbs

mwalker
2004-10-14 08:25:58
Not get it?
It seems you're the one who "doesn't get it." Unix-type systems (including Linux) have been designed for decades with security in mind. Windows simply wasn't -- it wasn't considered important. Maybe Longhorn will change that -- I hope so. But in the meantime, Unix OSes run the major hubs on the internet -- you really think that no cracker would want to infect those?


I would be very surprised if you could even name one "gaping hole" in Linux, at least one that isn't be actively closed. I know I couldn't.


The Mac is a good example -- it used to get viruses on pre-MacOSX systems. Now that it's based off of a BSD kernel, it doesn't. So, you can't say nobody would ever write a virus for a Mac, because they sure used to.

phummers
2004-10-14 13:28:17
Call it what it is
"exiting features"? Like the Blue Screen o' Death?
dscotson
2004-10-15 01:37:18
Semantics gone wild
If Ford Probes overwhelmingly featured in crash statistics while people had to talk about theoretical 'accidents' that may occur with Mazda and Mercedes if/when they become as popular as Fords, then yes, people would be calling them "Ford Probe accidents", particularly if even the most careful of drivers where suffering random gas tank explosions when driving.


Also people would start haranging Ford for their ridiculous security record, recommending/buying other brands citing security fears, and generally being quite negative about Ford because of the carnage they are inflicting on the general populace and its impact on productivity and society generally.


You get the point.

bry
2004-10-15 02:04:44
acl based systems insecure in networked environments
Both Windows and Linux have an ACL based security model, the only significant difference between them in security is that Windows comes with many features turned on that Linux has turned off by default (that and, as I understand it, the Windows encryption for their ACL private keys is flawed http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt however that is beyond my specific area of expertise)


ACL based security allows all processes running in a system to run as the top level security model, in other words, to run as the User. This is fine in a non networked environment because the main point of attack becomes then cracking the system itself, in a networked environment each connected application becomes a point of attack, if we can compromise an application on the users machine we can run as that user. As the clear trend is towards more and more connected applications in a world wide network we have a greater number of possible points of attack (wonder how the growth is on this).


hence the need for capability-based security in a internet world.



As far as only spyware attacking Windows machines I think this indicates an excellent financial opportunity, a spyware firm concentrating on a non-Windows environment could corner the market, there are good arguments for doing so, especially in the case of MAC, given that users of alternative operating systems while not as numerous might be in a significantly higher income bracket. I want to see some capitalism here people!



chase
2004-10-15 11:55:41
Semantics gone wild
Hmmm....so the Pinto gas tank explosion "accidents" should have been called "automobile" gas tank explosion accidents?
jwenting
2004-10-17 23:16:24
Not get it?
Unix designed with security in mind?
Don't make me laugh.


Unix was designed to be used on networks where everyone knew and trusted everyone else, security was purely on a user level only (file permissions, logins).


Unix indeed runs the major internet hubs and routers. There are constant attacks on those and sometimes they succeed for a while. You just don't hear about it a lot because there's not a lot of them and the perpatrators aren't script kiddies who shout their success all over the place, they're people who don't want attention.
Remember the Cisco problem a few years ago? Almost every Cisco router (all running Unix) on the net was installed with a well known public account and password that granted admin priviliges.


Gaping holes in Linux: X, sendmail, the constant stream of kernel exploits.
Just because you don't read about them on /. doesn't mean it doesn't exist.

lousyd
2004-10-19 13:22:22
Call it what it is
No, you're wrong.
lousyd
2004-10-19 13:22:54
Call it what it is
No. You're wrong.