Can you get a spyware infection just from visiting a web site?

I have noticed that after my son goes to certain web sites to look up Playstation cheats, my computer comes down with a bad case of spyware infestation. I have told him again and again not to download anything, but he swears he didn’t download, all he did was look at the pages. Once, right after he was at this site and walked away, I saw one of those download dialog boxes. (“Do you want to install and run horriblecrap.exe?”… I told it “No.”)

If my son is telling the truth and he did nothing in particular to cause the massive spyware invasion that immediately followed his browsing, where does that leave us who are in danger of opening an infectious web page without knowing in advance what it will do? Talk about paranoia. Such insidious spyware could make it practically impossible to use the internet any more.

It’s very possible. If you want to minimize your risk, use Firefox, Ad-Aware, and Spybot.

Haven’t tried Firefox. I have been using Ad-Aware and Spybot S&D since last year. I can tell you that while last year they were adequate and up to the task, now things are different. Spyware has mutated so rapidly that Ad-Aware and Spybot cannot keep up, even with the latest updates (believe me, I keep checking and they aren’t updated nearly enough). Nowadays spyware works itself deep down into your boot memory or wherever the hell it hides now, and even when A-A and SB delete it, it just replicates itself as if nothing had happened.

We need more robust antispyware programs! Two new ones that work better at the current spyware epidemic are SpySubtract and Giant AntiSpyware. (They aren’t free, though. SpySubtract comes with a 30-day free trial before you have to pay for it, and Giant AntiSpyware, the most robust one I’ve seen yet, has only a 15-day trial period.) These two run interference for you and block spyware before it’s installed. They also do a more thorough job of finding and cleaning. However, even after you use them the deleted spyware can sometimes regenerate itself. I fear the ever more insidious mutations of spyware will outstrip the ability of cleaners to catch them, and will spread so fast that the internet will become nearly unusable.

There’s also HijackThis for thoroughness, but you have to be an expert tech geek to understand how to use it.

I’ve had a lot of spyware install itself just from visiting a web page. Explorer seems particularly vulnerable to them. My virus scanner would inform me that I had a trojan (almost always some sort of IE exploit) and that it could not be deleted, or else it would delete the trojan but then when I checked the running task a few extra baddies would be in there. I’ve since switched to a different virus scanner and switched to firefox as well, we’ll see how that goes.

FYI - On many of them, answering “no” still installs some sort of malware. Your best bet is to go into the task manager and exit the little bugger.

There’s a free utility called Spywareblaster (Link) that will prevent a lot of spyware programs from even installing themselves. It’s completely free and quite regularly updated. (You have to pay for the auto-update facility but manual updates are easy too)

Using Firefox will help a lot too.

Yes, yes you can. I just got a nasty one last week actually. Now my damn CD player will stop playing and I get a message that says it has unloaded itself. I’ve called the help desk here at work and they have no idea what I’m even talking about. Of course they don’t know what the home icon does in the menu bar so I’m not so sure about them either. We have a firewall, don’t know what kind, and all sorts of other stuff and I don’t download anything and I still got it.

We’re not supposed to install stuff, and most things will not install so I’d like to know how they get in so easy.

So how is this crap any different from a virus? The fig leaf of spyware is that you supposedly agree to its installation. But if it slips in without your awareness, or you get it by saying “no” to it, then the law ought to prosecute the perps under the same laws that prohibit viruses.

Has anyone noticed that the past few months a new spyware/malware epidemic has been getting more virulent than ever? Does it threaten the whole concept of the internet?

In addition to Spyware Blaster, it’s a good idea to install Windows XP Service Pack 2. It will warn you quite clearly if something is about to be installed; older versions of Windows could have spyware installed without you knowing it.

Well a virus would have code within itself that would propagate the program to other PCs in some way. It’s not the same thing but it’s just as evil in my book.

As for threatening the Internet, it only really seems to threaten that part of the Internet that runs MSIE on unpatched/obsolete versions of Windows.

Have you tried running your anti-spyware programs in safe mode?

No, it threatens the whole concept of Windows. Running Linux, I never get anything even remotely like spyware.

Your best bet is to stay current on updates for AdAware, Spybot S&D, and Windows/MSIE in addition to practicing some discretion in which sites you visit.

Are you sure it didn’t say; “Do you want to miss out and not install horriblecrap.exe? Click No to refuse to not install, Yes to decline this no installation opportunity and close window to end this connection”

You really need to read these things carefully before doing anything. They will try and trick you.

Don’t want to sound smug, but you wouldn’t get this problem with Firefox. :slight_smile:

You certainly could get a spyware infection just from visiting a website. You could also get a virus or worm- this is one of the ways the Nimda worm propagated.

Check your IE security settings (under Tools->Internet Options->Security). And be sure your son knows what to do if a dialog box won’t let him say no to installing something (get out of Internet Explorer via Task Manager, not say yes to the install).

Using Mozilla, Firefox, or just about any browser that isn’t Internet Explorer is going to make a spyware infection from visiting a website much less likely.

And tell your son to stop using cheats.

This might actually help with the spyware problem. Sites that offer pirated or cracked software or cheat codes seem to be more likely than others to try to infest your computer with spyware.