4/26/2006

Most Web Users Unable to Spot Spyware

Filed under: — By Aviran Mordo @ 9:51 am

McAfee SiteAdvisor , which is pioneering Web safety by testing and rating nearly every trafficked site on the Internet has news for Internet users who think Web sites with clean, appealing graphics and national advertisers on the home page are always safe: “Think again.”

According to the first-ever Spyware Quiz conducted by SiteAdvisor, a staggering 97% of Internet users are just one click away from infecting their PCs with spyware, adware or some other kind of unwanted software. Even though the threat of spyware has received extensive media coverage, just 3% of the 14,000-plus consumers who took SiteAdvisor’s spyware quiz received perfect scores.

The survey challenged Web surfers to test their ability to detect which sites in a number of popular categories were free of adware or spyware. The examples in the quiz are taken from more than three million Web sites which SiteAdvisor has independently tested and rated for Web safety issues like spyware and spam. The first part of the quiz presented users with pairs of sites and asked them to pick which one of the pair was safe. The second part presented a series of file sharing software sites and asked which ones were spyware and adware free. The test has been available since March.

Among the survey’s most sobering conclusions:

  • Based on their choices, a majority of users (65%) would have been infected with adware or spyware many times over
  • The presence of national advertisers and a clean, uncluttered design seem to trick respondents into thinking a site is safe
  • Even users with a high “Spyware IQ” have a nearly 100% chance of visiting a dangerous site during 30 days of typical online searching and browsing activity
  • Users often miss the fine print that allows a dangerous Web site to claim it installs unwanted software legally

To take McAfee’s SiteAdvisor Spyware quiz, go to http://www.siteadvisor.com/spywarequiz .



Digg this story ?

 

36 Responses to “Most Web Users Unable to Spot Spyware”

  1. Yaa101 Says:

    As long as webmasters are able to link in external sources without browsers to signal that fact then don’t expect anyone to see what is exactly going on. Would you inspect each page’s JS,HTML and CSS before you would load it into your browser? you would get fedup very fast.

  2. Yaa101 Says:

    I wouldn’t trust corperations like McAfee either, just get a good browser like Firefox->http://www.mozilla.org

  3. bleaknik Says:

    FireFox is a good start… add on top of that NoScript, and spyware almost completely goes away…

  4. Graham Miller Says:

    Look at the survey before you believe the statistics. What they have shown is so far from the claimed “Based on their choices, a majority of users (65%) would have been infected with adware or spyware many times over”, it’s ridiculous. For example, the first question asks the respondant to choose between two screensaver downloads to determine which is spyware-ridden, by looking at a screenshot of the website _alone_. This presupposes that a) 100% of users would download a screensaver and b) that people would make their choice based on the look of the website and nothing else.

    Seriously these are collectively the worst survey and article I’ve ever seen.

  5. solcott Says:

    @ #2 and 3

    Yes, Firefox is a good start, but you need to add that onto a good operating system like UNIX, Linux, BeOS, or Mac OS and the spyware does completely away :)

  6. Eurylochus Says:

    @solcott: Bingo. Firefox is nice, and I’m sure Noscript is terrific, but use a Mac and you’re golden. Funny thing- I’ve downloaded a number of file-sharing apps for the Mac, and not one of them came bundled with spyware. Of course, that could also have to do with them being open source and downloaded from respectable sites like sourceforge and MacUpdate. Hmmmm…
    Conclusion: To avoid malware, avoid Microsoft. They’re good at Office, and not much else.

  7. anonimouse Says:

    What a silly, useless “survey.” I took it and defaulted to answers which would keep my PC safe, refusing to choose any option which risked infection, and was told that I was highly at risk.

    My conclusion: Stay away from McAfee. Run fast, run far.

  8. Anonymous Says:

    @4

    Precisely. My answer (er… I don’t download ANY of those screensavers/games/smileys/p2p software?) was not an option. Gee… now I’m being -forced- to pick between which sites are “safe” versus “not safe” for products I don’t want, let alone use? That’s BS!

    Sadly, the one thing that I do come across from time to time (lyric look-ups) was one of the two that I got wrong (the other was, embarassingly enough, a p2p program that I really _should_ have known better than to trust…). However, since I use Firefox + NoScript* + AdBlock Plus + Linux (and wouldn’t dream about leaving ActiveX turned on if I -was- running IE/Windows), the threat is moot.

    Long story short: Symantec creates biased survey so that statistics can be used as a scare tactic to hook new customers! In other news… Symantec tools rootkit customers !

    * As for NoScript, it’s wonderful. I wish it had slightly finer grained control (currently, it’s finest grain is per base URL — http:// up to the next slash), but it did allow me to (default) block all the other JS crap on this site (yahoo.com, statcounter.com, google-analytics.com, assoc-amazon.com, googlesyndication.com) and whitelist only the JS coming directly from the site itself (www.aviransplace.com).

  9. Dan Says:

    Of *course* it’s a silly survey! It’s by a company with a vested interest in the results. Microsoft: “Windows seems to have the lowest total cost of any OS.” Men’s Wearhouse: “More and more bosses require employees to wear suits.” McAfee: “Almost everyone has malware on their system!”

  10. Anonymous Says:

    @8 (myself)

    Open foot, insert mouth (sic). Symantec != McAfee. My mistake!

  11. Lee Says:

    I agree. The song lyrics page was the worst. Based on the websites’ appearance, the “clean” one looked bad. It had a popup warning, stupid banner ads, and a generally suspect layout. The other one looked fine, but you were getting sniped by an INVISIBLE exploit. Well, pardon me for not being able to see the ActiveX activity from a screenshot. No wonder only 3% got all of it right… if you did, you guessed lucky on the lyics page, going against sound logic.

    Stupid survey designed to scare you into buying their product.

  12. Zorb Says:

    Site Advisor is not a McAfee product.

    McAfee makes garbage either way though.

  13. Queenslander Says:

    A pointless survey and a pointless result as all sites shown only had windows software.

    Any computer expert whe cares about security runs Linux and simply doesn’t have spyware/virus problems.

    There is no Linux Spyware.

    The last LInux virus that actually manged to spread in the wild - albeit poorly - was in ‘99.

  14. heather Says:

    just got all of the questions right, only because i have site advisor as an extension on firefox. i just checked each website. i have been using it for awhile and it seems to be pretty good.

  15. RetroRockit Says:

    Hey, who’’s to say that by submitting this relpy (using pearl, php, jscript or other subwebbian code), i could be loading up a mess of “smitfraud” or “spyfalcon”? Under the “Leave a Reply” heading at the bottom of this page it states “You must have Javascript enabled in order to submit comments” clearly show us that there is risk everywhere. New generation of viruses use spyware to protect it from detection from scanners to make the virus look legit to the OS.

  16. Simon Says:

    @ 11: I agree that this surved is pure FUD (I mean, that’s a no brainer), especially since most people wouldn’t find themselves at these sites, and visiting them doesn’t guarantee an infection either. However, the wrong answer lyrics site had an invitation for users to email (!!) song lyrics for certain songs to webmaster @ whateversite dot com. The other one had an automated system for lyrics additions. The other thing is that having popups is more of a safety indicator than not in this type of quiz, since if the site infects people, they won’t need as much revenue from other forms of advertising..

  17. Uncouth Says:

    Saying use Linux cos it’s safer is just a load of crap. The ONLY reason Linux is spared the onslaught of spyware is because Windows users are easier targets. Linux is not impervious, its just that no-one who wants to be productive in day to day business would use Linux.

  18. AJS Says:

    There is only ONE way to be sure whether or not a piece of software is likely to contain spyware: *READ THE SOURCE CODE*.

    As a second best method, only ever download software which has been vetted by someone you trust who is independent of the original author.

    Insist on source code, even if you end up downloading a pre-compiled binary. If they don’t want to let you look at the source code, then they are obviously trying to hide something! That probably means the software contains malware. It really is as simple as that.

  19. Ric Werme Says:

    “According to the first-ever Spyware Quiz conducted by SiteAdvisor, a staggering 97% of Internet users are just one click away from infecting their PCs…”

    This statement is false, on many levels. Two key ones:

    3% answer all questions right. That’s fine. However, I only got 5 right, and 1 or 2 of my wrong answers were because I flagged safe sites as unsafe. Had I flagged all sites as unsafe….

    I wouldn’t use any of sites, especially not from Windows. I’m in the 97% of people who didn’t
    get a perfect score, yet those sites won’t infect my system.

    I run Linux, and a lot of that stuff won’t run on my system anyway.

    -Ric Werme

  20. RootBeer Says:

    As a Windows user (only beacue I need it for all of the apps that I run), I know that I am at risk. The survey was a loaded survey because as many have said, 90% of us wouldn’t find ourselves at any of those sites. I use IE primarily because it is the most compatible browser (especially since I do some web development), but I know that the risk is very high so strive to avoid going to any site that seems suspicious. Choosing between two smiley sites? What a load of BS, who cares to download smiley faces. McAfee just lowered their reputation in my book with this survey. (not that it was high to begin with). I don’t know why I even bother running anti-virus software, I haven’t had a virus come into my computer in about 5 years beacuse I practice safe computing. I failed the survey miseably because I suspected it was loaded and chose the poorer looking site each time, when in practice I run from sites that don’t look professional, and that I don’t know or have a reference to.

  21. Fools Says:

    I’m sorry, but you are all being foolish by thinking a different browser other than IE and OS other than Windows will keep spyware from harming your web experience. It’s all about the size of the audience. All PCs regardless of OS or browser are susceptible to spyware penetration. Just remember this… Marketing people ruined the Internet.

  22. wap3 Says:

    Ah….the power of Google…..got 100% right.

    Caveat Emptor…..

    but I also use SimplyMEPIS Linux and Firefox so it was *fun* time before starting work for the day and yes I don’t use or promote McNorton the are both over priced junk. AVG on users pc’s and F-Prot DOS on Mercury32 Email server.

  23. Alan Says:

    Obviously there is no evidence in the screen images telling you which site downloads spyware. Perhaps if we could look at the source code we’d do a bit better. As it is it is a random guessing game.

  24. Captain Obvious Says:

    “Most Web Users Unable to Spot Spyware”

    And in other news, water is wet.

  25. Matt Says:

    that quiz is rediculus because you can’t click on any of the fine print. Usually what you do is just download the file, scan it for viruses, and then read the license carefully and uninstall any ad/spyware immediately after. Often you can just “not agree” to installing the adware (such as with that screensaver example) and it won’t be installed at all. I have 10+ of those and no spyware whatsoever.

  26. Fan Boys GET OUT! Says:

    What a joke.

    Any technology can be penetrated (Unix, Linux, Mac, won’t talk about M$, we all know that whore). Anyone with even half a brain knows that. The only way to 100% security is to NOT SURF THE WEB AT ALL.

    Instead of being arsewipes saying “Oh, I’m SOOOOOO much better than you because I yank my OS with BSD,” try doing something useful for a change and help the other 90% of the user population break their M$ crack habit.

    BTW, just by using this website we’ve all been infected.

  27. Anonymous Says:

    The survey is worthless. You are expected to know whether or not there are ActiveX controls based on screenshots. WTF?

    A better article would have stated what ActiveX controls are, how they work, how to avoid them, and how to get rid of installed ones.

    As far as spyware goes, I haven’t gotten any since switching to Firefox.

  28. Meeg Says:

    Or better yet, get off Firefox and use Lynx. That way you have absolutely no way of executing the scripting and the pictures and whatnot and are safe.

  29. Anon Says:

    Miserable survey:

    First set of questions: refused to click “safe” for any of the sites.

    Second set of questions: clicked “unsafe” for all sites.

    Thus, implying that none of the sites was safe (avoid the internet entirely) results in a score of:

    YOU GOT 3 OF 8 QUESTIONS CORRECT
    Rating: You’re at risk!

  30. Adam Says:

    The survey sucks.
    Screensavers? Not going on my machine.
    Smilies? Not going on my machine.
    Free games? Well, maybe on my machine :->.. but I’d definately check the license agreement carefully first..
    Activex? No way I’m downloading a control just to get song lyrics.
    File sharing? No way any of that’s going on my machine.

    That said.. I got 7/8 on it. The only mistake I made was I labelled emule as containing spyware (AFAIK, it did before.. cydoor, I believe).

    So, I didn’t get perfect on this survey, but my machine would have been perfectly safe, nonetheless. And in practice, my machine is even more safe, as I wouldn’t download most of the junk, anyway, and I’d base my decision on what’s safe on more than just the layout of the website!

  31. Anony Mouse Says:

    Well, I only missed one question, and that one was based on the assumption that ALL Windows P2P file sharing software contains spyware. (Evidently eMule doesn’t.)

    That’s not the reason I don’t get spyware, though. I don’t get spyware because my main computer is a Mac, and the rest run FreeBSD.

  32. Gary W. Longsine Says:

    Even if the survey is primitive or flawed or the results misleading to some extent, the problem is very real. The various other surveys (Earthlink did one last year, there have been others) which indicate a large percentage of home user PC systems infected with adware and spyware for example provide independent evidence. So what if it’s 80% instead of 97%. It’s a big, big problem.

    /gary

  33. rj Says:

    Sure, only “3% of the 14,000-plus consumers […] received perfect scores,” and two-thirds “would have been infected with adware or spyware many times over,” according to this ‘quiz.’ Statistics can send whatever message the author wishes. To quote Mark Twain: “There are three kinds of lies: lies, damn lies, and statistics.”

    This quiz does not take into account that many people would not visit these sites in the first place. Personally, I am not in the market for screensavers, smileys, or file-sharing. Additionally, without being able to read other information on the site it becomes a guessing game; therefore, I received a 5/8 score. If this accurately reflected my level of danger, I would be scared.

  34. valkor Says:

    @21
    You’re partially right, and partially wrong. True, market size has a lot to do with it, but I NEVER have to worry about activeX and drive-by downloads because I use Opera. Maybe someday a hacker will come up with some exploits, but the error handling philosophies of smaller companies like Opera and Mozilla try to avoid the usual ways that crap gets installed through IE.
    No, they’re not perfect, but they’re better.

    Oh, and anyone who downloads free smiley and screensaver programs without some rigorous research is a dope.

  35. àa Says:

    This test was written to make people fail. It does not give enough information that helps users to determin if this is a safe site or not. Good to sell products. Snake oil

  36. àa Says:

    ah… forgot something: want real security? then install BeOs, linux or firefox and you will have real security: not because the os is safer or the browser, but simply because they don’t support most of the technologies (ex: scripts, etc), so if you can’t access it’s safe? hm… it is just like saying that cars are safer than boats in the air.

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress