Bad websites, and stopping people from doing something stupid

I was contemplating turning a thread about spyware and adware into something useful, but I thought instead I’d do it here.

I’m the IT guy for a small company and I have some people who are too damned irresponsible to use computers. Sadly, the two worst are also the only two people in charge of me.

Something to remember is that switching from IE is not an option, partly because they’re stubborn morons, and partly because we actually do need certain IE functions for stuff we do here.

Anyways, there’s two things I’m looking for in here.

First of all, a list of absolute goat-fucking rat bastard worthless fucking software sites to be avoided.

Examples would be Claria/Gator and n-case, which in my experience makes Gator crapware look like an actual speed boost for the machine. That n-case shit is completely nasty. We can, of course, add precisiontime and WeatherBug to the list as well…

The other thing is a way of beating them. I know about restricted zones, but with n-case, for example, the only way that will help is if whatever is installing their crapware comes from, say, www.n-case.com. If it comes from someone else, those Restricted Sites aren’t going to do any good.

I really can’t count the amount of time I’ve wasted killing this shit on PCs here at my office, and then having to do it again two weeks later…

-Joe

Merijeek-

In my experience, it’s not stupid people that is the problem all of the time. Even I got a hold of some fucked up spyware that auto-installed on my homew machine. The program that runs is called “wupdater.exe”. This motherfucker will constantly contact a server for more and more files to install on your machine.

The only way I have found to solve the problem is to run Ad-Aware Professional version and keep the Ad-Watch program running and on automatic settings.

Other than that, I’ve not found a good way to deal with the problem. Before I had found the malicious little fuck on my machine[wupdater.exe], I would close windows, uninstall software and delete registry keys that were associated with the continually downloading programs.

ALL programs are suspect. aside from the ones you mentioned, Lycos, Excite, and a whole host of other software companies are now in the game.

FUCK ADWARE. These guys are just as bad, if not worse, than the virus kiddies.

Sam

I’ve been meaning to do the host file trick. Anyone try that?

I have this:

http://www.safer-networking.org/

set to run each morning when I boot up.

I feel your pain.

In my situation, the solution I contemplate each time I’m having a night like, say, hypothetically, THIS FUCKING ONE in which I’m trying to scrub clean a machine as infested with shit as I’ve ever seen, that neither Spybot S&D or AdAware can make heads or tails of what to do with, THAT WAS COMPLETELY CLEAN 24 HOURS PREVIOUS…is death by torture for the particular user responsible.

Yes, yes, I know. Wide-eyed looks of innocence. Pleas for restraint and compassion. It can happen to anyone. Who knew that browsing to Bucky McFuckstain’s Online Casino and Celebrity Borderline Porno Emporium might do underhanded things to the computer? WHO KNEW? Certainly never the user, no. They’re innocent! Pure as the driven snow!

Fuck that noise.

Death by torture. It’s the only way to be sure.

Grumblemutter rasslefrassle.

Better trick:

Since merijeek is running IT for a small company, he (or she) should rig up Apache with the Squid transparent proxy - and plug in Squidguard. Then set up a cron job to automatically pull then newest black lists from the squidguard home page.

Once you’ve got that done, you make all of your clients use the proxy for internet access - and the users won’t be visiting “Madame Pusscat’s online porn ring and gambling imporium” using company equipment anymore.

Barring that, you might try going through the IE cache files and history - anybody that has been to the squinky sites gets to pay for the costs of cleaning his computer. You might not be able to do that, though. I don’t know what the laws are like in your area.

Squidguard is the way to go.

Yep, that’ll work as well. :smiley:

Actually, I was wondering if anyone had done the hosts trick on their home PC.

And here all I had to do was install Linux.

I guess someone has to do it the hard way, if only to serve as an example for others.

Just not me. :smiley:

I’m with Derleth - the permanent solution is to move over to linux and lock down the user’s priveleges. Take away the capability to execute files out of their own home directory while you are at it, and you’re pretty safe from all the crap.

I have. My hosts file is a few hundred Kb now. I went to various sites that offer ad-blocking hosts files, concatenated them, and added a few (Gator, AOL, etc.) just in case.

I’m not an expert on spyware, but does spyware blaster do anything? It claims to stop various bad things from ever being installed and comes recommeded by Spybot, and I’ve never seen a case of something it claims to stop being let through, but I’m running Mozilla, with a huge hosts file, with no Javascript, so I’m not much of a test case.

Seriously, though: why not install VirtualPC on everyone’s computer and install Linux and tell everyone to use THAT whenever they’re going to browse web sites?

Or, if it HAS to be Internet Explorer, fine, install VirtualPC and install Windows95 or 98 on it along with IE an dhave them use that. Use a 500 MB virtual hard disk and make a backup copy on server. Whenever they get clotted up with crapware, delete virtual hard disk, copy back from server – hey, that’s simple enough even your end users might be able to handle it!

& While you’re at it, you could do the same with email and say goodbye to viruses. Use a linux email client in a VPC environment, end of problem.

Yeah, I did this and it seems to have at least helped, although I suspect it’s getting a little out of date by now. The only thing I would mention to anyone wanting to try it is that the lists are occasionally a little over-zealous; I had great problems viewing gamespot.com for a while until I realised that the hosts file was cutting out image.com.com, a not-really-advertising site that happens to host all of the images and style sheets for gamespot, and presumably a bunch of other websites.

Fundamentally, though, the hosts trick is neat, easy and effective. It’s also a great way to play pranks, if you’re that way inclined; set up a spoof google site on your own hosting, point your housemate’s computer at it, etc…

I don’t understand. What functions does IE have that other browsers don’t have? Are you saying that you can create a web page for IE that can’t be created to perform the same functions for other browsers? When a web page only works in IE, it is the fault of the web page authors, not the fault of the browsers in most cases. If people would adhere to standards instead of taking the easy way out and writing a page for one specific browser then you wouldn’t have this problem, and if more people used other browsers then web page authors would be forced to follow standards instead of writing specifically for IE.

Hehe, good to know.

I’ve tried using the hosts file as a way to thwart adware/spyware installations, but when I do this it makes my system slow down to 8088-level performance. What are you people doing that I’m not?

Not anymore. The original WeatherBug came bundled with Gator but they’ve been respectable for the past couple of versions. Why would they point users to Ad-Aware and PestPatrol if they’re doing anything nefarious?

Oh, and more to add to your list: GAIN (part of Gator), IE Plugin (IE does not mean Internet Explorer), and AIM.

I don’t know about Merijeek’s company, but at my company, a lot of our front-end applications run from IE (Siebel and Oracle are two) - they will not work with Netscape or Mozilla. And some others (like PCAnywhere) use certain components of IE.

Regarding the source of all this crap, these days its coming from fairly innocuous sources. For instance, I used to go to cheat code central (cheatcc.com - DON’T go there!) for PS2 tips, cheats, etc. One day, they up and loaded something on my home PC - I did not agree to install anything, there was no popup. Only this wasn’t ordinary spyware. This was some kind of loader file (process was named loader.exe), that would attempt to download a full application everytime I booted up - with a persitent popup screen that wouldn’t minimize, and the only way you could get rid of it was to agree to it’s user license agreement. And there was no “disagree” button, no button to close the window.

I found the loader file, and deleted. Next time I rebooted, same thing came up. The fuckers had modified the registry to download the loader file every time, which would then prompt me to install their crap - probably banking on the occasional user who would install whatever they could just to get rid of the popup.

And then there are the spyware apps that change winsock or some other critical registry setting, so that when you do remove them, you can’t connect to anything.

Virus writers = make baby Jesus cry. But the fuckers who develop, host, or distribute this crap and inflict it on unsuspecting web users = make baby Jesus want to go all shao-lin, Wu Tang on their ass.