Anti-Rogue software idea !

Discussion in 'other anti-malware software' started by StevieO, Aug 20, 2009.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    It just occurred to me that " possibly " detecting Rogues trying to install using technology as in EULAlyzer by our very own javacool https://www.wilderssecurity.com/forumdisplay.php?f=21 might work.

    This new App would scan the Rogue for a list of what it purports to find, against what is Actually in the PC. Any discrepancies would be immediately flagged.

    Whadda ya think, any good, or at least in principle ?

    This could be a standalone App, and/or incorporated into another.

    If it works it would be a major blow to the the proliferation of Rogues we've been seeing. As i doubt whether they'll just go away, in fact i expect to see a lot more of them from now on.
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    What types of Rogues are you talking about?

    ----
    rich
     
  3. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    I think he means the fake anti-virus/anti-spyware and other such security programs that produce erroneous scan results then expect you to pay to fix them.
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Well, those are easy enough to avoid. If I were looking for Av software, I would stick with the known and proven products.

    ----
    rich
     
  5. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    i dont think that kind of thing would benefit most wilders users, simply because we are a smart race and know whats what. however i think it might be something for your parents for example.
     
  6. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Exactly - I think StevieO indeed meant the ones "outside Wilders", a pure ONLY Anti-Rouge solution. :D :rolleyes:
     
  7. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Well, the BEST way against Rogue softwares appeared suddenly on your Desktop: to come out from your login (Start/ close your session) - and return ... no Rogue already, yes?

    Never touch the Rogue with your little mouse, never.


    PROROOTECT
     
  8. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    I personally think this is a good idea. Reading the thread on the MRG test its obvious that this is an area where existing AV/AS/AMs are weak and a particular weakness of Joe User. It was obvious to me from that thread that atleast until AMs catch up there needs to be a purely anti-rogue solution for the average user.

    You initial idea of using Eualyzer and then double checking to see if the program does what it is saying is interesting although I dont know if it can work. It might though, we just need to get someone with a good technical knowledge to confirm if its possible or not.

    For my part I suggest we use a simple blacklist and just extensively go out there and blacklist as many of these as we can. Or alternatively we could create a whitelist of known good apps. In fact we could use both in conjunction with one another.

    Create a real-time guard/on-demand scanner/both which produces one of three pop-ups when the user attempts to install an app. We have three different pop-ups based on whether the app is on the blacklist/whitelist/neither.

    Blacklist pop-up should say that the app is a rogue, with a short explanation of what a rogue does and why its harmful and STRONGLY urging the user not to continue with the install.

    Whitelist pop-up can say App X is a safe clean trustable program and its safe to proceed with installation.

    The third pop-up can say something along the lines of... this app is unknown to us, we suggest extreme caution in proceeding with installation. We suggest submitting this product to our test lab for verification.

    We could even add parental controls so that a child/older adult/unsavvy user cant execute a program based on if its blacklisted or if it isnt on the whitelist depending on the preferences of the person setting the controls. This way admins can have greater control of what gets installed on their computers.

    From a business perspective, we could create a non-profit org to make this product. The product itself could be open-source, using the knowledge of developers who want to contribute, in their free time. We could leverage the resources/minds of this forum to create this product.

    What does everyone think?
     
  9. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    I suggest that this needs to come from current anti-malware software. Regular Joe users are not going to buy something else to detect rogues that they don't even know exist.

    Something along the lines of Nod32's "Detect potentially unwanted programs" option would be most appropriate. (Even more appropriate would be if Nod's option actually worked...)
     
  10. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    Yes, for you, I and most other people here in Wilders that would be the case, but not everyone visits forums like this. The fact these applications proliferate across the 'net indicates they must be successful in what they are trying to achieve; in other words, there are people gullible enough to search for and click on the links relating to the fraudulent websites. It's that group of people we need to educate or at least try to protect in some way.
     
  11. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Indeed and also search using an already infected computer. Therefore receiving injected search results.
     
  12. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Give it for free.
     
  13. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I understand your point, but those people who would be most likely to search around for free AV would not be aware of this EULAlyzer thing. And if they were knowledgeable about this application, they would already be aware of the problem and know enough to rely on tried and proven AV and similar, so wouldn't be likely to install a rogue application in the first place.

    If I can work with someone, I don't need to install this EULAlyzer thing - just teach them safe surfing habits and give them a list of several known AV products. Or, in one case, I just recommended one for a couple who knew nothing, and they are perfectly happy.

    ----
    rich
     
  14. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This is a problem that can be easily handled by any security product that White Lists all installed executables. Then, the child/older adult/unsavvy user cannot install anything w/o the Administrator's permission.

    This is a tried and proven set-and-forget solution.

    ----
    rich
     
  15. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Yea but we are talking about preventing the installation of rogues in particular.
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    if you are talking about detention/prevention with the use of database,malwarebytes and A2Square are champs in this field;)
    forgot to also mention SuperAntispyware:):)
     
  17. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    They recognise rogues well?
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    yes they do even better than a traditional antivirus software:)
     
  19. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi all.

    Yes i am talking about all the fake anti-virus/anti-spyware that's exploded, especially in this year.

    The reason why a lot of Anti's don't detect them, as already mentioned, they are not malicious in the usual sense, but there ARE definately malicious both in intent, and in practice.

    Of course Rmus is right, White Listings and Anti Exe Apps are to be encouraged. In the meantime people are getting blasted daily all over the world who don't yet know about such useful precautions.

    So i felt that this idea for an App might prove beneficial in some way/s. Not to people who are clued up, but all the others out there in www land who are not, yet !

    It also wouldn't do any harm to include instructions with it, on how to better secure their OS + Browsers + PC after they had dealt with any nasties.
     
  20. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Good intentions, but how do you propose to make "the others out there" aware of such an application?

    Those that have succumbed to installing fake protection products have no clue about anything. They don't know the term "rogue."

    I'm thinking from my point of view here: If I'm in a position to advise and help people with their system, why waste time with such an application? Five minutes of briefing will clue them in as far as a list of known and proven security products, negating the need to search the internet for stuff that may turn out to be rogue.

    It follows the principle of purchasing/downloading from known, proven, and trusted vendors.

    I understand your thinking behind such an application, but it seems to me to be an (unnecessary) additional software that needs to be learned. In looking at some of the posts in that thread you linked to, do you think that such an application that the people you are concerned about could learn, understand, and keep up with?

    I'm not sure that I would be able to evaluate and make a decision about what was flagged. This would put an unnecessary burden on most people, in my opinion.

    ----
    rich
     
  21. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Whatever the outcome, I'd suggest contacting Javacool first as for using his software technology. If only for legal reasons.
     
  22. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Just last night i had someone over who knows little about computers/security, he was using his laptop on my wireless. I heard "shoot i've been infected" (exact phrase changed to save the mods some work).

    I looked up to see him on a scareware page themed like XP that pretends to scan your computer. He was just about to click "Yes" to do the scan, and the situation was averted by mere milliseconds.

    Based on this, i'd say the average Joe has no idea about these rogues and therefore don't even know they need a solution to defend against them.

    Great idea, but i think it needs to be built in to the mainstream applications to be useful to any significant amount of people.
     
  23. demonon

    demonon Guest

    I think one can prevent the installation of rogue software with some user education.
    As far as I know, the majority of rogue software still requires you to click yes a few times and circumvent some built in security of your web browser and OS.
    There is really no need for an extra application if you just prohibit your family of installing unknown software.
    If you're family just likes to click on every flashy banner then the best thing to do is use a LUA or a virtualisation application of any kind.
     
  24. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Rmus

    That's ok i understand your position on these things. I'm not sure how it would work in practice, it's just an idea i had that i thought might provide some kind of solution, even if it was short term !

    Paul Wilders

    Actually i thought this idea might be something that Javacool might be able to code, with some tech from EULAlyzer. I agree if others wanted to make use of his code, or some of it, they would need permission. Some of the ideas that EULAlyzer uses where provided by other people, including myself, as recognised a while back by Javacool who posted to that affect on here.

    1boss1

    There you go, living proof. Good thing you where there. Hope you followed Rmus's advice and gave him some user ed ! Thanx for the positive comments.
     
Loading...
Thread Status:
Not open for further replies.