How significant is spyware?

The deny option is why I started using the free Processguard behind my AV and Defencewall. If anything gets by the good Doctor and Defencewall and trys to execute at which point Processguard will pop up, hopefully, at which time brain.exe should kick in and answer no to the execution. And as Fkucdat says "If it can't execute it can't infect." I was using Prevx but the fact that it has to ask the community whether it is safe to run or not and the community may not have seen it yet and let it run where I know where I am surfing or what I am doing at the time and if something is amiss I can deny it, hopefully will save me any woes.

 

Sure your right,thats one of the reasons why i ditched my resident stuff mostly, i have only Boclean as my registry and memory protection and sofar with Returnil and SBIE everything going well....and fast.

 

No need for BOClean either.

 

First, what is the difference between viruses and spyware ? There is a tendency to just call it malware these days.
I understand you need antispyware to catch some trojans, and an antivirus to catch others. At least, that was what Webroot claimed one or two years ago.

If I go a bit back in time, to 2006 and the early part of 2007, I had a McAfee firewall, antivirus and security center. It would definitely NOT catch spyware !
I decided to get protection against spyware and bought the 3.x (I think) version of the Spyware Doctor, at that time one of the best. It had active protection, but it definitely didn't prevent some infections. But I never came across something I could not remove. Later I decided to get some extra protection, by installing the Spy Sweeper, which reduced the number of infections (excluding cookies) by about 90 %.
Please keep in mind that at the time I used IE 6, not IE 7 with elevated security settings like I do now. (And I do that for ALL zones)

I think it is very important to make sure that your security progams do not conflict. That often requires configuring things properly, and not using the default settings.

So I do think that active anti-spyware protection is necessary if you use your computer for anything that requires confidentiality, like online banking or using Ebay. In the end it does not matter if a keylogger or a trojan is a 'virus' or 'spyware'.

(I'm not sure if AVG offers sufficient anti-virus protection, see the av-comparatives tests, but that's your choice).

I would recommend installing AT LEAST one program with strong (pro)active anti-spyware protection. I currently have two, the Spy Sweeper and Counterspy, properly configured, and this seems to offer near 100 % protection.

In the past you would not get infected by visiting mainstream sites, like msn.com or the website of a newspaper. But those sites are no longer completely safe. You don't need to visit porn or warez sites these days to get infected.

Your 'new' questions:

Q3: You could detect spyware by scanning with the right anti-spyware program, but there is no guarantee that an infection will be caught, especially if you use just one scanner. Especially rootkits can be hard or impossible to detect. So prevention is just better.
Symptoms of an infection: redirection to 'other' webpages, for example phishing websites, ads being displayed (more/different than 'normal' these days), a redirection of a search, your computer running slower, being contacted by your ISP or law enforcement because your computer has become part of a botnet, identity theft ... More things than you can imagine.

Q4: Typically spyware would want to connect out. I don't know Prosecurity. But a HIPS can be tricky. Do you always know what to allow and not ? Outbound firewall protection is protection of last resort. The spyware may not even be detected by the HIPS.

Q5: see my answer to Q3. Encrypted passwords ? Can't they be decrypted ? Are the non-encrypted versions of the password not present somewhere on your computer ? (temporary files, recycle bin) What about, for example, when you type in your credit card number ?
I would choose effective software protection to minimize risks.

 

Not sure what u mean. HIPS will always notify about spyware activity though it,s upto user if he mistakes it as legitimate one.

 

Aigle, that post is a bit too much for me to comment.

Well, consider this post edited (with the original line -above- intact), since you deleted most of your post, making me look a bit stupid !

 

What makes malware extremely hard to detect imo is that you've got legit websites with "embededs" connecting all over the place to tracking websites like google-analytics. If all websites were like this one, as when you connect to it, you get only one connection to IP 65.175.38.194 and not 5 to 10 (or more) other connects flying out all over the place, imho it would be a whole lot easier to identify if you've got a malware problem. Same thing happens when you DL legit software that's tagged with these 'sleazy' toolbars that connect home every surfing moment. Then you mix in AV, browser, browser add-ons, media-players, your OS and your other programs--"genuine advantage tools" which are trying to constantly call home to protect their turf, and it's a complete mess.

 

Hope now u can?

 

I foresee a day coming, and not so far off in the future as we might perceive right now, when the internet will be categoried and SPLIT into two or maybe more channels of transmission/reception.

Perhaps the best one infinitely less littered with so much of the malware/exploits garabage that ravages machines today. Perhaps also requiring little more than the operating systems security to access sites without the threat of some hidden risk lurking to BITE! your file system and such.

Probably but not neccessarily, another internet channel with some risks requiring some third-party commercial products to make accessing sites more fluid but ad-happy.

And if they were to branch the internet into separate divisions as i envision for the future, then lastlywould be the same as we have right now, an internet where anything goes, anywhere, and on anyone, DEFINITELY requiring the use of MULTIPLE commercial-freeware-open source security apparatus just to keep as many minutes alive from frustration as technically possible.

Whatta ya think?

 

i can promise you that it would never happen,as long as there is some gain to accuire to set roadblocks on the most safest digital highways !!

 

It's spyware, so I really doubt it'll go on a wanton formatting spree, otherwise there wouldn't be much for it to spy on. For stealing passwords, the ones that do that are usually classified as (the higher-risk category of) password-stealer trojans.

Ad/spyware are usually known for their spying on your personal details and surfing habits, hogging of system resources, offensive in-your-face advertising and notorious difficulty to remove from your PC, rather than anything substantially destructive or dangerous. More like an obnoxious, unwanted guest in your house than a robber or serial killer, you get the idea.

 

Bellgamin,

My take on this is simply that spyware is no different than a trojan, or say a keylogger... basically its a process that monitors something and reports...

Monitor your processes via a hips and they cant do any more damage than your typical garden variety viruses would do when protect by a HIPS these days...

Besides most current anti spyware seem to be mostly only detecting cookies, so using a tool such as Ccleaner with your hips would handle that as well...

There seems to be a shift from typical spyware to the more elaborate malware... Also a product like noscript will protect you better than most anti spyware would given that the largest majority of spyware are installed via scripts while browsing sites that push them for profit therefore blocking scripts can prove more effective... As with Pop ups and crappy advertising NoScript with firefox is the winning combination...

The only spyware Noscripts will not protect you against are the ones you download and install via a legitimate program that bundles them for $$$ with it's own installer... So one simply needs to be more selective with the products they use...

 

Thanks, HC. Helpful comments, as were those by solcraft.

For Lo! these many moons I have used AnalogX's ScriptDefender, which works with EVERYthing -- not just Firefox et alia.

Here is my present script list...


Does anyone know of any other script extensions that I should add to the list illustrated above?

 

ScriptDefender won't help you while you browse I'm afraid, it's only intended to prevent the running of scripts already downloaded onto your HD (eg from an email attachment), it doesn't act through your browser to protect while surfing.

As to extra extentions, see here:-

https://www.wilderssecurity.com/showpost.php?p=536350&postcount=14

.scr might be relevent as well.

 

I was just about to add that those extensions are from script processors engines, and not from text based (HTML) script header's... NoScript works by discriminating based on script headers...

 

Oi vey! I use K-meleon, & Noscript won't work there. Firefox is sloooow on my computer, whereas K-mel zzzzips along; ergo, switching to FF is not an option.

3 QUESTIONS:

Q1- Are there any options to Noscript that are not browser dependent?

Q2- I run ProSecurity. Wouldn't it alert me to anything nasty trying to happen via my browser?

3 Assumptions: (1) Noscript evidently is mainly concerned with javascript, right? (2) If Noscript encounters a site using javascript, it merely asks the user whether or not to block it, right? (3) That is, Noscript does NOT have some sort of AI whereby it can determine whether or not a particular script is actually a nasty, right?

If my 3 assumptions are correct, then I point out that K-mel already has a javascript on/off switch (namely, F7). Therefore...

Q3- If I keep javascript OFF, & turn it on only when needed & "safe", then I don't really need Noscript, do I?

I added it. Thanks.

 

Unfortunately web browsers are basically just glorified script processors so scripts are it... If you manage the scripts that run within browsers, you then manage security...

I don't know of anything other than linkscanner Pro that preemptively scans url's for hostile scripts prior to your browser getting them... McAfee Siteadvisor does a bit of it but I heard that the database is usually outdated... I think it's strength is in the user cooperations it facilitates as they can report a bad site...

 

I would add that there are just two methods by which trojan spyware can install:

1) by remote code execution (browser exploits, scripts)

2) by the user permitting it to install

The first method is the easiest to prevent by means of security programs or policies that block unauthorized executables.

Thwarting the second method seems to be much more difficult because it requires some discipline and use of the brain.


----
rich

 

Shame on me, I edited my previous post so as to add 3 assumptions plus Q3 AFTER you folks had already posted. PUH-leeze answer my Q3!

 

Brains? Oh boy... People talk about Brains a lot, only it's rarely found! except perhaps in jars floating in nice formaldehyde sauce!

 

Well, no it is actually looking for Ajax, Flash and other script language. as well as hostile Iframe's and other nasty code trying to perform the dreaded XSS. Basically it seeks the start, and end script headers. Think of it as each script needs to identify itself to the web browser so it knows what script engine to feed the code to. So any script will have to start with an opening statement... as well as end with a closing statement, as I have showed in the example pick above... Scripts are clearly labeled as scripts + the actual language in either text to be processed or code to be pulled then processed. And yes, a discriminator algorithm must be used to actively detect discriminate and block know hacks. Although it is relatively simple as most embeded scripts are text... or at least it is easier to decode than say a java executable.

 

Ah so. I normally surf in shadow mode. Would that cover my computer's posterior?

 

Actually, not.

I find many people with good common sense (brain, if you will).

I doesn't take a lot of explaining to people how to avoid things like the latest iFrame exploit, for example.

From the article linked in the iFrame thread:

----
rich

 

Shadow mode? If You mean within a virtualised space? No!

for example, if your virtual space encapsulate a browser with hack that exploit the web browser logon during secured log on transaction... that virtual space would only keep the hack localized within the box... but the login would have been intercepted...