SpyCop's response to detection/crippling threat.

Discussion in 'other anti-malware software' started by spy1, Mar 28, 2002.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    (From their Software Support Services)

    "Hello,
    We've just completed an exhaustive SpyCop crash test with the latest
    and most popular surveillance programs out there today.  All of them were
    apparently completely unaware of SpyCop's presence on our test machines,
    meaning our program-obscuring tactics have been successful thus far.  

    Upon examination of the code of the these spy programs, we've
    determined that many of the other spy detectors available *ARE* being
    modified or manipulated to fail when detected by these monitoring programs.  
    A new SpyCop signature database is in the works and will detect some of
    the most elusive spy programs to date and some new commercial (and
    expensive!) spy programs that have become available somewhat recently.

    Thank you for your continued reports regarding spy software and
    SpyCop.  Each and every message is carefully followed up to determine
    whether a threat to the SpyCop software or database is present."

    Quite good to know that they're aware of, have checked out and are so far immune to tampering by the keylogger manufacturers! (And still lightning-quick with responses to concerns!) Pete
     
  2. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: SpyCop's response to detection/crippling threa

    Here's an idea (heard this line before?):

    How about a small program which, whenever a user goes online, performs a browser call to an external service to check on spyware.  Or viruses.  Or trojans.  Or keyloggers.  Kind of like the "free online services" mentioned here at Wilders, but quick to run.

    Let implanted keyloggers/viruses/trojans tamper with that!

    (Sheesh, isn't it time somebody employed me as an ideas man?  :))
     
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re: SpyCop's response to detection/crippling threa

    :oops:i wish spycop wasnt so expensive but there way worth the money for what they do and they dont bow dowen to anything includeing green lantern
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: SpyCop's response to detection/crippling threa

    Checkout - The only problem with such a service is - I'd never use it.

    Consider how they work - they get permission to examine every single file on your computer.

    It's exactly why I do not use online 'scan' services such as online AV scans (unless it's a last resort), or any services such as PCPitStop, or the 'file checking' services from either Cnet or ZDNet.

    I have no idea what the capabilities of any of those programs are - I do not know what information about your system they retain or collect - do you?

    I do know that every single one of them leaves files on your machine - files which they neither identify nor give you any clue as to how to remove, should you so wish.

    So I'll give that one a pass, even if it does come about.

    mr.blaze - I hope you know that AntiKeyloggers' detection portion is free and continues working even if you don't buy the program. Check it out (if you haven't already). Pete
     
  5. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Re: SpyCop's response to detection/crippling threa

    After SpyCop made the changes to their privacy policy I felt so good about the company I got the dept. to purchase a copy for our main computer and I really like it. We have now a copy of WWM, AKL and SpyCop, feeling like bases are covered.

    HOWEVER, I hate to break the news to SpyCop, but your program DID NOT catch WinWhatWhere Version 4 Build 1003. Neither did WWM OR AKL. The only other copy we had was the original release of Version 4 of WWW. it's noted as build 960. WinWhatWhere and WWM caught that, while AKL did not. So the change was somewhere between early February and the present that the "crippling" code was added by WinWhatWhere.

    We spent a good part of the day messing with this and am very surprised to read that SpyCop is claiming something contrary to our testing. The "program-obscuring" tactics sounds intriguing, but could WWW not purchase a copy like anyone else and find at least ONE common file to break? I have a hard time believing the program can have "obscuring tactics" without at least one file that the makers at WWW are not smart enough to figure out belongs to SpyCop. We're talking simple stuff for a company with the money willing to spend the time to do it. WWW goes for $100.00 a pop and they are either the leading seller of spyware or closely behind SpectorSoft Corp.  (The makers of Spector, also $100.00). They have the money.

    I would be interested to know why the message was sent out if, in fact, it is not true. Maybe it's just a problem with versions or something. I am trying to believe that SpyCop truly does think they are undetectable by WWW. Our tests today showed otherwise.

    John
     
  6. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Re: SpyCop's response to detection/crippling threa

    AKL = Anti-keylogger?

    If so, try setting heuristics higher.

    Make sure nothing is in Exclusions.
     
  7. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Re: SpyCop's response to detection/crippling threa

    Hi Blacksheep,

    It makes no difference. We weren't checking for how good the programs are at detecting spyware per se. We were looking at the effectivness of WinWhatWhere in crippling the anti-spyware programs. If WWW has gone in and "broken" the program, it goes without saying that settings don't matter. That's what made this so outrageous. If you haven't read the original thread on this (below this one) go back and read that and you'll see what I mean.

    John
     
  8. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Re: SpyCop's response to detection/crippling threa

    Do you know AKL was broken or only that it didn't detect WWW?
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: SpyCop's response to detection/crippling threa

    Hi, John!

    Got a little confused here: "The only other copy we had was the original release of Version 4 of WWW. it's noted as build 960. WinWhatWhere and WWM caught that, while AKL did not." (The last 'WinWhatWhere should read 'SpyCop' instead, correct?).

    And this: "I would be interested to know why the message was sent out if, in fact, it is not true."

    The part of the message you're referring to would be this(?): "All of them were  
    apparently completely unaware of SpyCop's presence on our test machines,  
    meaning our program-obscuring tactics have been successful thus far. "

    I'm missing the part where you came to the conclusion that their statement isn't true? Note the two words  'apparently' and 'thus far' - I take that to mean that SC is in no way targeted/identified by WWW because WWW doesn't detect it - yet. Is that not how you perceive it to read?

    I'd also be quite interested in the exact details of the 'test' you ran, and exactly what it was about the results that make you believe that SC was either identified by/hindered by WWW, because I'm really not sure what you're saying. If SC wasn't identified/hindered by WWW,  and just failed to detect it, then:

    If you're saying that SC didn't detect WWW version4 build 1003, then that's quite possible - SC hasn't updated since 3-12-2002 - but that's also referred to in the message from them I quoted above:

    "A new SpyCop signature database is in the works and will detect some of  
    the most elusive spy programs to date and some new commercial (and  
    expensive!) spy programs that have become available somewhat recently."

    So, to me anyway, it seems as though their support email said what it meant and meant what it said - but we both know how open the written word is to mis-interpretation.

    Since you guys now own a copy of SpyCop, why don't you email their tech support about this from your end and see what they have to say?

    (Must be nice to be able to afford three full, registered anti-keylogging programs - now I'm jealous! (<g>) ) Pete
     
  10. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re: SpyCop's response to detection/crippling threa

    :pCompaq MRBLAZE 7110US, 2.6GHz Athlon, 1.3GHZ RAM, 100GB HD, WinMe, IE5.5 w/SP2, Opera6.02 Build 1052  BLAZE FLEX MUSCLES BOW TO A POWER GREATER THEN YOURS LOL.

    Sorry couldnt help my self
     
  11. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Re: SpyCop's response to detection/crippling threa

    Pete: It's funny how two people can read the same email and arrive at two different conclusions. I see what you are saying. I wonder? I took this part:
    as a bragging advertisement that "they've figured them out, but they can't touch us with our program-obscuring tactics that the other programs, unfortunately, don't use."

    However, after reading what YOU wrote, I read it in a different light. So, I don't know!

    Oh, and YES! I did mean "SpyCop" in that sentence.

    As for the tests we did. We used the software that the University owns (or the department head anyway), not me. I WISH, so don't be too jealous. However, at home, I DO own SpyCop and Tracy had already purchased WWM. It was pretty simple really. I suggested it and mentioned how Tracy and I ran some tests on WWM some time back. With all the software he owns, it made it really nice. But he keeps up with all of that stuff with money from an organization he heads. I would rather not go into all that without his approval. Hope you understand.

    As for the SpyCop test. I know that SpyCop didn't detect WWW when it always has before. The conclusion I came to was that the new version of WWW was tampered with. Important: once tampered with, it appears NONE of the big 3 anti-snoopers detect anything. The programs are effectively "broken," once the new version of WWW is run with a copy of these programs on the drive. You are right, I didn't explain that very well. It was a pretty poor post in retrospect! I hope I helped clear it up a little.

    I thought SpyCop was saying they ran tests and their program works just fine with the latest version of WWW. But according to what we did today, that isn't the case. So, it could have maybe not detected WWW anyway because the new signature database isn't ready yet. OR, it might have failed to detect WWW (or any of the other spyware) because it had been hacked and they didn't want to admit it. Maybe I should not have jumped to that conclusion. As I said, bad post.

    As they say, "I suppose it will all come out in the wash."

    John

     
     
  12. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Hate e-mail

    Just as an aside, I received my first anonymous hate e-mail today, originating from someone who's read this thread (but not, so far, contributed to it).

    The words Arrogant, Brain-dead, and BOZO (sic) were prominent.  The poster's primary language is English, and he's been at Wilders since before the changeover to the new BBS.

    One more e-mail, pal, and I'll nail you for sure.
     
  13. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Re: Hate e-mail

    Please send me a copy. We might possibly cope with this - before "naling" someone.

    regards.

    paul
     
  14. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: SpyCop's response to detection/crippling threa

    John - Yeah, I'll be interested in what the upshot of the whole thing is, too.

    Pity we had to spring this on everyone on a holiday weekend - very likely won't hear anything from anyone until Monday.

    Did you email SC's tech support? And/or WWM's? Pete
     
  15. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: Hate e-mail

    Paul, I've forwarded you the email.  However, I wish the matter would drop right now - I'm not vindictive, and I'm sure the poster is mature enough to regret having sent it.  I've had charges of arrogance levelled at me before, and while I don't intend to appear so and don't believe I act so, I can't help what others perceive.  All I ask, and have ever asked, is that people take me at face value, and give me the benefit of the doubt.

    I hope that's an end to it, because this could otherwise get ugly.
     
  16. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Re: SpyCop's response to detection/crippling threa

    :eek: ong i can easly be taken as that guy i match all the crieteral except one thing.

    when you read my e-mails you cant tell if its enghlish or  jiberish lol.

    plus im not that stupit im imuture but im smart enough to know not to mess with puter expert's who can turn my puter inside out and hand my hard drive on a silver platter :cool:
     
  17. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: SpyCop's response to detection/crippling threa

    ROFL!  Blaze, what do you want for Christmas?  You're definitely on my favourites list!
     
  18. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Re: SpyCop's response to detection/crippling threa

    No problem. I'll have a look just out of curiosity - and back up.

    regards.

    paul
     
  19. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: SpyCop's response to detection/crippling threa

    (Ahem!) Getting this just slightly back on track ( <g> ) :

    John - I never did hear back from you on whether or not you emailed SC's tech support, so I did. They're working this weekend (no surprise there!) and here's the response I got:

    "The next version of the SpyCop database will detect the latest
    WinWhatWhere.  The current version is not crashed by the latest WWW, but
    it may not detect it until the new database is online within a day or so.  We
    apologize for any confusion."

    Good enough for me. Pete
     
  20. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Re: SpyCop's response to detection/crippling threa

    Sorry Pete. I didn't tell you. I HAVE emailed several places and have heard back from nadabody.

    Interesting response you got from SpyCop.

    Hey, Checkout: Don't worry about it. Someone wimpy enough to have to write anonymously isn't worth the time of day.

    John
     
  21. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: SpyCop's response to detection/crippling threa

    Thanks, John.  I'm not troubled by it.  Many years ago, on a Saturday night, the phone rang.  I lifted the receiver to hear, "[my surname]?  You bastard!" <click>

    To this day, I don't know who the call was from or why he made it.  <g>  Perhaps emails like this are just some kind of internet background noise!
     
Loading...
Thread Status:
Not open for further replies.