RE: Spyware becomes increasingly malicious

Alexei Roudnev wrote:

It is not a bug; it is specially designed IE feature. MS always was proud

of

their full automation - install on demand,
update automatically, add new software to start at a startup without need

to

be system admin, etc etc... As a result, we have a field full of bugs,
pests, pets, spiders, spies and so on... They have _exactly_ what they
designed. No one even bored to ask me 'do you want to allow this registry
change' , because 'MS believe that their users are lamers so everything

must

be automated from the beginning to the end'...

Most of the lastest versions appear to install themselves using the
ByteCode Verifier vulnerability in the Microsoft Virtual Machine.
Fully patched systems don't get the stuff installed.
I'm sure the authors are working on newer injection methods....
Though the blame might be placed on Microsoft for having a flaw in
their code, this wasn't part of any IE feature.

You can read more about this exploitable bug (not feature) at
http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

I do not blame MS, but what about spyware on MAC-s - is it so easy
to write and install spyware there?

I don't really want to get into the argument of why people choose
microsoft products to attack, but if someone was going to choose
a product to attack, from which they were going to try and make
the most money/impact off of, do you think they would choose the
product with the largest user base? I think that's the case here.
It would be a poor business decision not to, and these people are
definetly out to make as much money as they can off of these
exploits.

This is 100% legal at this point (and even if it is not legal,
who bored about it outside of USA? No anyone!).

It really shouldn't be legal. It is someone gaining unauthorized
access to computer systems and altering data on those machines.
Not to mention that people are profiting from these intrusions.

-Brian

Most of the lastest versions appear to install themselves using the
ByteCode Verifier vulnerability in the Microsoft Virtual Machine.

MS do not publish full system specs, and they use undocumented features
themself.

So, what other companies are doing? Yes, correct, they are experimenting,
searching for the undocumented features.
They found it, and no one can separate bugs and undocumented features.

These are all results of MS approach _I am doing everything myself and do
not want others to compete with me_.
Ok, so please do not complain on those who uses your undocumented features,
undocumented API (and ohh, it is not my API, it is a bug... as they are
saying now). Are you sure that it is a bug, but not a backhole created by MS
for themself? I am not.

Fully patched systems don't get the stuff installed.

Or - after others found this backhole, they decided to seal it. You can not
prove that it is a bug, as I can not prove that it was a feature.

Any undocumented API is not different from a bug - it is just something
which is not documented but exists.

I'm sure the authors are working on newer injection methods....

Just as MS is working on new undocumented API's. Of course, they are -
hackers, spyware designers and MS developers... I do not see a difference.

Though the blame might be placed on Microsoft for having a flaw in
their code, this wasn't part of any IE feature.

Please, specify a difference between 'flaw in the code' and 'backhole
created for their own purposes'. If they claim 'our developers use only
specified API' and 'we specify and document every system call and every
function which can be used legally, from technical point of view', then I
agree. But they never did and never would. if they do it, they lost their
monopoly. Result - full zoo of pets, pests, and other animals in every home
computer running Windoze.

May be, this particular feature was a bug, I can agree - but I do not see a
difference (still).

>I do not blame MS, but what about spyware on MAC-s - is it so easy
>to write and install spyware there?

I don't really want to get into the argument of why people choose

Sorry, it was a _technical_ question - is MAC OS known as having pests and
ad-ware in the comparable numbers (if any)?

microsoft products to attack, but if someone was going to choose
a product to attack, from which they were going to try and make
the most money/impact off of, do you think they would choose the
product with the largest user base? I think that's the case here.
It would be a poor business decision not to, and these people are
definetly out to make as much money as they can off of these
exploits.

>This is 100% legal at this point (and even if it is not legal,
>who bored about it outside of USA? No anyone!).

It really shouldn't be legal. It is someone gaining unauthorized

Hmm. Is it legal for MS developers (for example, office developers) to use
undocumented APIs? What's a difference? What does it mean 'access' - you
open my web page, and your IE download my GIF file - is it authorised (my
GIF is installed into your computer)? You allow Active X to run, even if
ActiveX can install software - it is enough to be authorised. These is
common sense - if there is a road, it is authoruised to hike it (except if
there is a closed gate or an angry dog on the way). At least, it is common
sence on 90% of the world.

Of course, we can create many laws making common sense useless, but do not
expect anyone outside to follow it. Internet is not located inside, so - you
can make a conclusion. MS provoked people to search for undocumented
things - it is common sense which say me that it results in my home computer
making unpredicted actions - and I can not blame spyware writers, I should
blame MS writers... (I do not like spywriters, anyway, but they are making
their business..)

access to computer systems and altering data on those machines.
Not to mention that people are profiting from these intrusions.

Of course, they are. MS is profited from undocumented API's, as well. Where
is a difference?

MS do not publish full system specs, and they use undocumented features
themself.

Ok, say MS puplished their code tomorow, what do you think would happen? All
the crackers and virus writers of the world would join hands and sing 'joy
to the world' and forgive MS for their tresspasses? I suggest that many of
these virus writers are not motivated by an elitist ideaology, but rather by
financial gain, and the sense of empowerment borne of damaging a global
system. I agree that MS, like many large companies, have not always behaved
in an ethical manner, and have been driven largely by bottom line economics,
but what is done is done, and that doesn't absolve virus and spyware writers
of the damage they are doing to the internet community.

So, what other companies are doing? Yes, correct, they are experimenting,
searching for the undocumented features.
They found it, and no one can separate bugs and undocumented features.
These are all results of MS approach _I am doing everything myself and do
not want others to compete with me_.
Ok, so please do not complain on those who uses your undocumented

features,

undocumented API (and ohh, it is not my API, it is a bug... as they are
saying now). Are you sure that it is a bug, but not a backhole created by

MS

for themself? I am not.

So MS has undocumented 'features', so what? When you install their software
you agree to a licence, and that you are using their software bound by their
terms and conditions. Am I afraid big brother is watching, that MS is spying
on me? Not really, nothing to see. Do I think that some of these practices
are unethical? Yes, they probably are, but when I agreed to that licence I
gave up my right to complain.
Arguably, the internet would not be where it is today without MS, and that
this design principle of automating as many processes as possible is what
has made the internet a universally accessable medium, and that this
automation creates security vulnerabilities is simply the trade off made for
that accessability.

Or - after others found this backhole, they decided to seal it. You can

not

prove that it is a bug, as I can not prove that it was a feature.

Any undocumented API is not different from a bug - it is just something
which is not documented but exists.
Just as MS is working on new undocumented API's. Of course, they are -
hackers, spyware designers and MS developers... I do not see a difference.

I see a very distinct difference, and that is that I have made a choice to
use the MS product, that I have given my consent to them by way of a licence
agreement, if they clearly abuse that trust, I will choose an alternative
product, that is free enterprise in action. But I did not give the hacker
and spyware writer permission to invade my privacy and damage my systems.
Using MS products is not an open invitation to criminals to disrupt my
networks, or absolution for criminal acts.

Please, specify a difference between 'flaw in the code' and 'backhole
created for their own purposes'. If they claim 'our developers use only
specified API' and 'we specify and document every system call and every
function which can be used legally, from technical point of view', then I
agree. But they never did and never would. if they do it, they lost their
monopoly. Result - full zoo of pets, pests, and other animals in every

home

computer running Windoze.

May be, this particular feature was a bug, I can agree - but I do not see

a

difference (still).

MS has a monopoly, it's true, but the reason for that monopoly is not
entirely because of unfair business practices, it also has a lot to do with
their original design mission. That was and still is, to make their OS as
easy to use as possible. You and I may know how to use linux, but up until a
couple of years ago, this was just too complex an operating system for the
average home user. That much of the MS code is undocumented, is probably a
good thing, because it makes the virus writers work more difficult. Do I
think that these undocumented features serve some devious purpose? If
someone can come up with hard evidence of that, I will change operating
systems.

Sorry, it was a _technical_ question - is MAC OS known as having pests and
ad-ware in the comparable numbers (if any)?

This is spurious logic. You are suggesting that Mac is a more secure
operating system, and I would suggest that it is probably far less secure,
because it has not had to withstand years of unearthing vulnerabilities in
the code.
I have heard an OS compared to a sphere, the larger the sphere the more
surface area: the larger the OS, the more area to protect. The last time I
installed Red Hat, it weighed in at nearly 2 gigs, Mac around the same. Now,
you can fit a 1000 page novel in a 3 meg file, so consider, there are
millions of pages of code in an OS, and regardless of your operating system
of choice, there are innumerable flaws that beg exploitation. The only
reason MS is consistantly the subject of attack, and not Mac, is not because
Mac is bullet proof, it is a tactical decision. Like it or not MS controls
the market, and virus writers want to create exploits that will have the
greatest impact. If MS were to dissapear tomorow, and Mac were to become
king, it would only be a matter of weeks before virus writers ported their
code to the Mac OS. Don't agree? Read 'Hacking Exposed Linux'. I used to
think linux was secure, now I know better.

Hmm. Is it legal for MS developers (for example, office developers) to use
undocumented APIs? What's a difference? What does it mean 'access' - you
open my web page, and your IE download my GIF file - is it authorised (my
GIF is installed into your computer)? You allow Active X to run, even if
ActiveX can install software - it is enough to be authorised. These is
common sense - if there is a road, it is authoruised to hike it (except

if

there is a closed gate or an angry dog on the way). At least, it is common
sence on 90% of the world.

Again I think it comes down to choice. I have navigated to a website because
I have made a choice to view its content and services, I did not however,
choose to have spyware installed on my computer. By installing this
software, they have violated my trust, they have installed invasive software
without my consent. I realize that I may be vulnerable to viruses in using
the internet, but that does not excuse the virus writer from creating
software that impedes my use of this system, or removes my ability to choose
the nature of my experience.

Of course, we can create many laws making common sense useless, but do not
expect anyone outside to follow it. Internet is not located inside, so -

you

can make a conclusion. MS provoked people to search for undocumented
things - it is common sense which say me that it results in my home

computer

making unpredicted actions - and I can not blame spyware writers, I should
blame MS writers... (I do not like spywriters, anyway, but they are making
their business..)

Of course, they are. MS is profited from undocumented API's, as well.

Where

is a difference?

Well it may seem that I am singing the praises of MS, but that is simply not
the case. After years of being a systems admin, I came to really dislike MS,
it was a lot of work keeping the systems clean and safe, but it's kind of
like what Churchill said about democracy: 'Democracy is a bad form of
government. Unfortunately all the others are so much worse..' MS makes a
lousy OS, but for the home user, it's the best thing we've got.
I think though, that there is a greater issue here, and that is what should
be done about sites like 'cool web search'. Clearly they are causing damage
to the internet community. Laws can not be relied upon to act on such
trespasses, not in an international community. This places the onus of
responsibility on the ISP leasing the addresses. This site has likely
infected millions of computers, and I have no doubt their ISP is aware, but
probably has a policy of non discrimination, or doesn't want to involve
itself in legal entanglements. Do you de-peer them or filter their prefixes
as someone suggested?. I think a lot of legitimate users would suffer as a
result, so this is not a reasonable solution. But something does have to be
done, when a website presents a clear and ongoing threat to the internet
community, it has to be actionable. The problem then becomes, who defines
what is a threat, and by what criteria do providers refuse service to the
individual or each other? So do you create a charter of acceptable policies
and practices among ISPs? Some collectively agreed upon statement of what
constitutes acceptable practices as it pertains to this type of situation?
I'm not sure it would work, but I am hard pressed for solutions.
We all remember the promise ecommerce once held to our industry, and I
believe it has fallen flat, largely due to the perceived danger of spyware
and viruses. The danger of these attacks, and their scope and severity seem
to grow each year, and I think the entire community is suffering as a
result. So the question remains, what do we do about it?

Sorry, it was a _technical_ question - is MAC OS known as having pests
and ad-ware in the comparable numbers (if any)?

* stepnwlf@magma.ca (John Underhill) [Wed 14 Jul 2004, 19:45 CEST]:

This is spurious logic. You are suggesting that Mac is a more secure
operating system, and I would suggest that it is probably far less
secure, because it has not had to withstand years of unearthing
vulnerabilities in the code.

It has. Darwin is based on years of development in BSD code.

  -- Niels.

Ok.. but has BSD been attacked on the scale that MS code has? I would argue
no, not even close. Do you believe BSD is invulnerable to attack? Hardly..
Unless you want to go back to text based browsers and kernals that fit on a
floppy, it is extermely difficult to eliminate all vulnerabilities in the
code of a sophisticated OS. The more complex the system, the easier it is to
break, and with the level of automation currently expected by most users,
this requires a very complex build.
Could MS be made more secure, of course. Do I think they are actively
working on the problem, yes. If Novell or Mac had risen to the top of the OS
heap, would they be catching all the viruses now? I think they would.
Really, my point was not to argue this, but that there is no justification
for malicious code, that you can't simply pawn it off on MS as being the
real problem. By doing that, you are saying that people creating spyware and
viruses are not culpable for their actions, that they should be allowed to
create havoc and destroy systems, because really they are only leveraging
'features' built into the operating system.

Ok.. but has BSD been attacked on the scale that MS code has? I would argue
no, not even close. Do you believe BSD is invulnerable to attack? Hardly..

I don't believe anybody is claiming that. However, the BSD code has been
out *and* has been publicly scrutinized for quite a bit longer than
Windows.

Unless you want to go back to text based browsers and kernals that fit on a
floppy, it is extermely difficult to eliminate all vulnerabilities in the
code of a sophisticated OS. The more complex the system, the easier it is to
break, and with the level of automation currently expected by most users,
this requires a very complex build.

However, Microsoft creates complexity by design, because they integrate
more and more stuff into the basic OS, and because all the various
applications gain more features with each new release.

Could MS be made more secure, of course. Do I think they are actively
working on the problem, yes.

Looks to me like they are actively working in two directions:

- Trying to make the systems more secure by teaching developers to think
about security, etc.

- Trying to make the systems less secure, by making them steadily more
complex. (And please don't try to tell me the *users* are demanding all
the new features that MS put into the systems.)

It will be interesting to see which direction wins out in the long run.

If Novell or Mac had risen to the top of the OS
heap, would they be catching all the viruses now? I think they would.

They would certainly be catching viruses. Would they be catching *as
many* viruses as MS? We don't know.

Really, my point was not to argue this, but that there is no justification
for malicious code, that you can't simply pawn it off on MS as being the
real problem.

However, you can certainly argue that MS is *part of* the problem, or
that they have *created* a large part of the problem themselves.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no

So MS has undocumented 'features', so what? When you install their

software

you agree to a licence, and that you are using their software bound by

their
O, noo. You click a button 'I agree' which means nothing for 99.99% of
people over the world. Here is a difference. Do not expect people to 'agree'
if you do not enforce them to follow this (and if your system do not violate
'common sense'). Do you saw any idiot who read this licenses (I never seen
any)? It became (many years ago) some kind of ritual, like indian dances
before going to the war.

terms and conditions. Am I afraid big brother is watching, that MS is

spying

on me? Not really, nothing to see. Do I think that some of these practices
are unethical? Yes, they probably are, but when I agreed to that licence I
gave up my right to complain.
Arguably, the internet would not be where it is today without MS, and that

Of couse, you are correct here.

this design principle of automating as many processes as possible is what
has made the internet a universally accessable medium, and that this

And which makes it a good dinner table for the pests, viruses and so on...

May be, idea was that people read 'license', click button (I agree) and
follow it - never write a code which violates this license? But it is not
true - 99.99% people do not read it and behave as a common sense is saying
not as !@#$ MS lawers fictioned... They see a wall wih a gates - and they go
thru this gates, no matter what is written on the posters around (except, as
I said, if they see an angry dog next to the gate). /On the other hand, they
knows that coffee is hot and waterfall is dangerous and dogs can bite -:)/.
You must design yous system for this behavior, not for people who _read a
license_. This licenses are good only for 2 goals - (1) use them as a toalet
tissue; (2) in case of serious violation allows to suite user if he is in
USA... -- they do not change people behavior even a bit. Unfortunately,
Internet is not in USA, so even if we will have 100 strict laws prohibiting
spyware, it will not help to fight this pests and pets... System must
defend itself.

automation creates security vulnerabilities is simply the trade off made

for

that accessability.

I agree, in general. yes, it is trade off of _easy to use_, but not only.
Many of this things are trade off of _MS do not want competition so they
keep many undocumented backholes allowing them to have a benefits vs
competitors. IE which makes search instead of reporting 'Name not found' is
a good example.

Yes, I agree, I see a distinction too. I just want to show, that it is not
so simple to determine (distinction) and it is not very productive even to
try doing it - it is much more important to (1) protect the system, and (2)
increase competition having more different systems, and (3) use standards,
instead of proprietary extentions...

MS has a monopoly, it's true, but the reason for that monopoly is not
entirely because of unfair business practices, it also has a lot to do

with

their original design mission. That was and still is, to make their OS as
easy to use as possible. You and I may know how to use linux, but up until

a
Yes, and they did it 'too easy to use' so they have a drawbackl in form of
viruses, vorms, pests and pets - what a surprise... If it was 5 years ago,
they already went out of the market because of competition (from others who
did not dop it so easy to use but kept systems without a pets and pests).
Unfortunately, thie years are over.

couple of years ago, this was just too complex an operating system for the
average home user. That much of the MS code is undocumented, is probably a

I am not talking about the code; I am talking about API's.

This is spurious logic. You are suggesting that Mac is a more secure

I do not know - it was a question.

of choice, there are innumerable flaws that beg exploitation. The only
reason MS is consistantly the subject of attack, and not Mac, is not

because
I am not sure - new Mac OS is much more consistent inside than MS. How
script (which must run inside the sandbox) can install spyware, or change my
home page, or see my address book (except if I confirmed administrative
password after I was asked about)? Any small difference can play a dramatic
role here - when working in Unix, I always login as 'alex' with 'user'
permissions - because I can make myself admin temporary by running 'sudo -s'
or 'su -'; in Windoze, I must login as an administrator from the very
beginning, so I do it - as a result, script can install startup time
software in MS but can not in my Unix (just a simple example). And so on. I
am not trying to analyze MS vs Unix vs MAC here, but it is obvious that MS
have a very serious design caveats, and there is a chance (a chance only)
that other systems have not.

Again I think it comes down to choice. I have navigated to a website

because

I have made a choice to view its content and services, I did not however,
choose to have spyware installed on my computer. By installing this

I could not imaging, in the nightmare, that Browser can allow any
installation (withiout asking me 10 times _do you want_ and _enter admin
password please_. So, MS browser is not trusted as a browser but is a very
big spyware by itself.

John, you are 90% right here. Unfortunately, yes, it (spyware adware pests
pets etc) is a trade off of _easy to use_.
But unfortunately, MS killed competition so you have not any chance to do
anythin good until they have a monopoly. All you can do may provide
temporary reliefe, but can not solve a problem. Until we will be able to
choose between a few vendors and few systems, with a different levels of
_easy to use_ but with (in turn) different levels of trust. Mozilla is not
worst than MS IE, but due to IE monopoly people just do not debug their
applications on mozilla - and it creates a monopoly. problem is here, not in
the 'trusted software'. The same with many other systems. (Example - in
Russia, people are not so tied to IE because they have not so many fancy
on-line services; as a result, Opera and Mozilla % of usage is much higher
than in USA - they voted for this browsers. In USA, it is impossible because
!@#$ web service vendors are not interested in testing their web services on
anything than IE. This shows, that pets/pests problem is 95% IE problem, not
overall Internet problem).

Good law can help - it will wash out spyware from part of Internet, but it
is not enough without good software and good OS. Fortunately, spyware
problem is much simle than SPAM problem.

Ok, let.s return to reality (sorry for moving this thread into the OS
related flame).

First of all, even if OS have not any caveats, it will not protect it from
spyware/adware. if I want to install my 'Cool-Search' into million of
computers, all I need to do is to write fancy game, and offer it 'free of
change' in exchange of 'Allow to show you ads once / day'.
That's all - you will have everything installed explicitly.

But 'hidden' installation makes it much more easy for spyware, and is (in
general) a very big evil. System must distinguish between 'USER' mode (use
applications but do not change system behavior) and 'INSTALL' mode
(install/delete/add software, processes and so on). In many cases, system
must ask password to do any such action. (If you know MS, you can image
which nightmare is to implement it -- I worked with IDS such as Osiris and
had a fun, guessing what system decide to change today. But it is not a
problem in most other OS).

Second, but even worst, problem is absense of ANY system interface showing
you, what is starting, stopping and running. It is not any problem to remove
spyware, from common point of view - just open 'list of running processes'
and 'Startup list' and uncheck everything you do not want to see. Problem -
such interface does not exist, is not possible because of complexity (there
are milluions ways of starting anything) and can not trace a history of
processes (because of, again, extra complexity, unlimited usage of 'classes'
and 'objects' and 'pluginns' and 'toolbars' and so on). Anyway, good 'change
history' system could easily revert such changes back so that instead of
very complex 'adaware' scaners we will have just 'change history, revert ?'
button.

Third is more easy for ISP - if we can not fight with bad software, fight
whith those who got a profit using it. For SPAM - ok, there is not ANY way
to stop sending spam (fort now), but any SPAM advertices someone, and this
someone is always 100% identified - so fight (limit, flood by calls,
overload by false information, etc) SPAM benefitiants, learn them do not
purchase 'We will send your advertice to 10M people over the world'. The
same in case of adaware. For spyware, fight those who receive information
back - by any way.

** Reply to message from "Alexei Roudnev" <alex@relcom.net> on Wed, 14
Jul 2004 22:52:07 -0700

May be, idea was that people read 'license', click button (I agree) and
follow it - never write a code which violates this license? But it is not
true - 99.99% people do not read it and behave as a common sense is saying
not as !@#$ MS lawers fictioned... They see a wall wih a gates - and they go
thru this gates, no matter what is written on the posters around (except, as
I said, if they see an angry dog next to the gate). /On the other hand, they
knows that coffee is hot and waterfall is dangerous and dogs can bite -:)/.
You must design yous system for this behavior, not for people who _read a
license_. This licenses are good only for 2 goals - (1) use them as a toalet
tissue; (2) in case of serious violation allows to suite user if he is in
USA... -- they do not change people behavior even a bit. Unfortunately,
Internet is not in USA, so even if we will have 100 strict laws prohibiting
spyware, it will not help to fight this pests and pets... System must
defend itself.

For awhile there, one of the top tech support issues we had to deal
with was new - and automatically implemented - "feature" in Outlook
Express that blocked a person from running or saving something that
Microsoft considered a "dangerous file attachment."

Such dangerous file attachments included .jpg, .pdf and music files.

Oddly enough, it didn't seem to include .doc or .xls files. You know,
the ones that actually can contain macro viruses.

Because of Microsoft's ham-handed and "all or nothing" attempt at
security many people now don't trust or ignore any warning messages
they may receive - they simply want to view their file attachments.

The problem is Active-X, not the OS. Anything running from the browser should be in a sandbox as it is with Java applications, the same is true for the email client. Active-X gives scripts running from the browser and the email client access to the entire machine in the name of functionality. In some cases users are prompte to authorize the installation of software when they get to a web page. Even when they choose "No," the software continues to install. Its a security hole big enough to drive a tank through. Mozilla is your friend.

Curtis

Did you try to run Windoze as 'not admin user'? Ok, try, then install, say,
harmless user-level (not a server at all) Visio package...

They run as admin, because Windoze (1) have not easy (temporary) switching
between User and Admin, and (2) 99.99% applications require user privilege
to be installed or configured (and they are not sevice applcaitions).

Not necessarily true. Security/permissions plays a major part in the
effectiveness of adware and spyware. A majority of consumer Windows
OS's run with the default login as an admin user. When a user chooses
to install "Cool-Search", their user rights allow for registry changes
and alterations of system libraries, which cause ads to display when
using IE.

Can this be prevented by running Windows as a non-privileged user,
yes. But people want to install their "Cool-Search" and
non-privileged users can't install anything.

If I am in Unix, I can install Cool-Search when I am a normal 'user', BUT
these will not be a system-wide application. I need root privileges to
install a service, and I do not neeed it to install something which is
client only (can not run by itself).

// I am not advice for Unix here.

These is a difference - in a very old, ansient Unix system there is simple
and effective privilege segregation (and everyone understands it). No one
application writes into /bin and /usr/bin, and only very few badly designed
applications try to write anything into /etc; user's directory have simple
'-rwxrwxr-x- (or other) access list (easy to understand), etc etc... As a
result, 99% of this _old_ OS are more secure than99% of Windoze
installations (through Windoze can be made much more secure than Unix).
There is all result of 'hidden complexity'.

Install 'Osiris' (or Tripwire) IDS and try to configure rules for Unix and
Windoze, then compare. Tremedows difference!

When using OS's other than Windows, users can install their own
binaries, but they do not have access to modify the system binaries.
Then can still browse with the system wide Mozilla/whatever, but their
actions will not have the ability to alter anything that will allow
for ads to be served when browsing, or for browsing habits to be sent
to a third party.

Technically they can run some startup script, but even if they do it, it is
_very_ easy to get rid of such thing. And (what is most important) usesr can
do 100% tasks when logining as a 'user' not as an 'admin' (if they need
temporary permission change, they can got it).

Once bitten, twice shy:

http://cert.uni-stuttgart.de/archive/bugtraq/2001/02/msg00168.html

.JPG's are HTML, didn't you know?

It's rare that the user actually even TRIES to read the license...

http://www.cypherpunks.ca/dell.html