How significant is spyware?

Discussion in 'other anti-malware software' started by bellgamin, Mar 16, 2008.

Thread Status:
Not open for further replies.
  1. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    The deny option is why I started using the free Processguard behind my AV and Defencewall. If anything gets by the good Doctor and Defencewall and trys to execute at which point Processguard will pop up, hopefully, at which time brain.exe should kick in and answer no to the execution. And as Fkucdat says "If it can't execute it can't infect." I was using Prevx but the fact that it has to ask the community whether it is safe to run or not and the community may not have seen it yet and let it run where I know where I am surfing or what I am doing at the time and if something is amiss I can deny it, hopefully will save me any woes.
     
  2. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Sure your right,thats one of the reasons why i ditched my resident stuff mostly, i have only Boclean as my registry and memory protection and sofar with Returnil and SBIE everything going well....and fast. ;)
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Not running or running realtime scanners is a personal choice. But I've got two high end gaming machines, and I noticed a difference when I stopped running scanning software. The scanners do make a difference.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,160
    Location:
    UK / Pakistan
    No need for BOClean either.
     
  5. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,201
    First, what is the difference between viruses and spyware ? There is a tendency to just call it malware these days.
    I understand you need antispyware to catch some trojans, and an antivirus to catch others. At least, that was what Webroot claimed one or two years ago.

    If I go a bit back in time, to 2006 and the early part of 2007, I had a McAfee firewall, antivirus and security center. It would definitely NOT catch spyware !
    I decided to get protection against spyware and bought the 3.x (I think) version of the Spyware Doctor, at that time one of the best. It had active protection, but it definitely didn't prevent some infections. But I never came across something I could not remove. Later I decided to get some extra protection, by installing the Spy Sweeper, which reduced the number of infections (excluding cookies) by about 90 %.
    Please keep in mind that at the time I used IE 6, not IE 7 with elevated security settings like I do now. (And I do that for ALL zones)

    I think it is very important to make sure that your security progams do not conflict. That often requires configuring things properly, and not using the default settings.

    So I do think that active anti-spyware protection is necessary if you use your computer for anything that requires confidentiality, like online banking or using Ebay. In the end it does not matter if a keylogger or a trojan is a 'virus' or 'spyware'.

    (I'm not sure if AVG offers sufficient anti-virus protection, see the av-comparatives tests, but that's your choice).

    I would recommend installing AT LEAST one program with strong (pro)active anti-spyware protection. I currently have two, the Spy Sweeper and Counterspy, properly configured, and this seems to offer near 100 % protection.

    In the past you would not get infected by visiting mainstream sites, like msn.com or the website of a newspaper. But those sites are no longer completely safe. You don't need to visit porn or warez sites these days to get infected.

    Your 'new' questions:

    Q3: You could detect spyware by scanning with the right anti-spyware program, but there is no guarantee that an infection will be caught, especially if you use just one scanner. Especially rootkits can be hard or impossible to detect. So prevention is just better.
    Symptoms of an infection: redirection to 'other' webpages, for example phishing websites, ads being displayed (more/different than 'normal' these days), a redirection of a search, your computer running slower, being contacted by your ISP or law enforcement because your computer has become part of a botnet, identity theft ... More things than you can imagine.

    Q4: Typically spyware would want to connect out. I don't know Prosecurity. But a HIPS can be tricky. Do you always know what to allow and not ? Outbound firewall protection is protection of last resort. The spyware may not even be detected by the HIPS.

    Q5: see my answer to Q3. Encrypted passwords ? Can't they be decrypted ? Are the non-encrypted versions of the password not present somewhere on your computer ? (temporary files, recycle bin) What about, for example, when you type in your credit card number ?
    I would choose effective software protection to minimize risks.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,160
    Location:
    UK / Pakistan
    Not sure what u mean. HIPS will always notify about spyware activity though it,s upto user if he mistakes it as legitimate one.
     
    Last edited: Mar 17, 2008
  7. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,201
    Aigle, that post is a bit too much for me to comment.

    Well, consider this post edited (with the original line -above- intact), since you deleted most of your post, making me look a bit stupid !
     
    Last edited: Mar 18, 2008
  8. jrx10

    jrx10 Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    85
    What makes malware extremely hard to detect imo is that you've got legit websites with "embededs" connecting all over the place to tracking websites like google-analytics. If all websites were like this one, as when you connect to it, you get only one connection to IP 65.175.38.194 and not 5 to 10 (or more) other connects flying out all over the place, imho it would be a whole lot easier to identify if you've got a malware problem. Same thing happens when you DL legit software that's tagged with these 'sleazy' toolbars that connect home every surfing moment. Then you mix in AV, browser, browser add-ons, media-players, your OS and your other programs--"genuine advantage tools" which are trying to constantly call home to protect their turf, and it's a complete mess.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,160
    Location:
    UK / Pakistan
    Hope now u can?:)
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,272
    Location:
    U.S.A. (South)
    I foresee a day coming, and not so far off in the future as we might perceive right now, when the internet will be categoried and SPLIT into two or maybe more channels of transmission/reception.

    Perhaps the best one infinitely less littered with so much of the malware/exploits garabage that ravages machines today. Perhaps also requiring little more than the operating systems security to access sites without the threat of some hidden risk lurking to BITE! your file system and such.

    Probably but not neccessarily, another internet channel with some risks requiring some third-party commercial products to make accessing sites more fluid but ad-happy.

    And if they were to branch the internet into separate divisions as i envision for the future, then lastlywould be the same as we have right now, an internet where anything goes, anywhere, and on anyone, DEFINITELY requiring the use of MULTIPLE commercial-freeware-open source security apparatus just to keep as many minutes alive from frustration as technically possible.

    Whatta ya think?
     
  11. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    i can promise you that it would never happen,as long as there is some gain to accuire to set roadblocks on the most safest digital highways !! ;)
     
  12. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    It's spyware, so I really doubt it'll go on a wanton formatting spree, otherwise there wouldn't be much for it to spy on. For stealing passwords, the ones that do that are usually classified as (the higher-risk category of) password-stealer trojans.

    Ad/spyware are usually known for their spying on your personal details and surfing habits, hogging of system resources, offensive in-your-face advertising and notorious difficulty to remove from your PC, rather than anything substantially destructive or dangerous. More like an obnoxious, unwanted guest in your house than a robber or serial killer, you get the idea.
     
  13. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Bellgamin,

    My take on this is simply that spyware is no different than a trojan, or say a keylogger... basically its a process that monitors something and reports...

    Monitor your processes via a hips and they cant do any more damage than your typical garden variety viruses would do when protect by a HIPS these days...

    Besides most current anti spyware seem to be mostly only detecting cookies, so using a tool such as Ccleaner with your hips would handle that as well...

    There seems to be a shift from typical spyware to the more elaborate malware... Also a product like noscript will protect you better than most anti spyware would given that the largest majority of spyware are installed via scripts while browsing sites that push them for profit therefore blocking scripts can prove more effective... As with Pop ups and crappy advertising NoScript with firefox is the winning combination...

    The only spyware Noscripts will not protect you against are the ones you download and install via a legitimate program that bundles them for $$$ with it's own installer... So one simply needs to be more selective with the products they use...
     
    Last edited: Mar 20, 2008
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,333
    Location:
    Hawaii
    Thanks, HC. Helpful comments, as were those by solcraft.

    For Lo! these many moons I have used AnalogX's ScriptDefender, which works with EVERYthing -- not just Firefox et alia.
    Here is my present script list...
    ScrHnt1.gif

    Does anyone know of any other script extensions that I should add to the list illustrated above?
     
  15. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    ScriptDefender won't help you while you browse I'm afraid, it's only intended to prevent the running of scripts already downloaded onto your HD (eg from an email attachment), it doesn't act through your browser to protect while surfing.

    As to extra extentions, see here:-

    https://www.wilderssecurity.com/showpost.php?p=536350&postcount=14

    .scr might be relevent as well.
     
  16. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I was just about to add that those extensions are from script processors engines, and not from text based (HTML) script header's... NoScript works by discriminating based on script headers...
     

    Attached Files:

    Last edited: Mar 20, 2008
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,333
    Location:
    Hawaii
    Oi vey! I use K-meleon, & Noscript won't work there. Firefox is sloooow on my computer, whereas K-mel zzzzips along; ergo, switching to FF is not an option.

    3 QUESTIONS:

    Q1- Are there any options to Noscript that are not browser dependent?

    Q2- I run ProSecurity. Wouldn't it alert me to anything nasty trying to happen via my browser?

    3 Assumptions: (1) Noscript evidently is mainly concerned with javascript, right? (2) If Noscript encounters a site using javascript, it merely asks the user whether or not to block it, right? (3) That is, Noscript does NOT have some sort of AI whereby it can determine whether or not a particular script is actually a nasty, right?

    If my 3 assumptions are correct, then I point out that K-mel already has a javascript on/off switch (namely, F7). Therefore...

    Q3- If I keep javascript OFF, & turn it on only when needed & "safe", then I don't really need Noscript, do I?

    I added it. Thanks.
     
    Last edited: Mar 20, 2008
  18. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Unfortunately web browsers are basically just glorified script processors so scripts are it... If you manage the scripts that run within browsers, you then manage security...

    I don't know of anything other than linkscanner Pro that preemptively scans url's for hostile scripts prior to your browser getting them... McAfee Siteadvisor does a bit of it but I heard that the database is usually outdated... I think it's strength is in the user cooperations it facilitates as they can report a bad site...
     
    Last edited: Mar 20, 2008
  19. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
    I would add that there are just two methods by which trojan spyware can install:

    1) by remote code execution (browser exploits, scripts)

    2) by the user permitting it to install

    The first method is the easiest to prevent by means of security programs or policies that block unauthorized executables.

    Thwarting the second method seems to be much more difficult because it requires some discipline and use of the brain.


    ----
    rich
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,333
    Location:
    Hawaii
    Shame on me, I edited my previous post so as to add 3 assumptions plus Q3 AFTER you folks had already posted. PUH-leeze answer my Q3!
     
  21. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Brains? Oh boy... People talk about Brains a lot, only it's rarely found! :eek: except perhaps in jars floating in nice formaldehyde sauce!
     
  22. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Well, no it is actually looking for Ajax, Flash and other script language. as well as hostile Iframe's and other nasty code trying to perform the dreaded XSS. Basically it seeks the start, and end script headers. Think of it as each script needs to identify itself to the web browser so it knows what script engine to feed the code to. So any script will have to start with an opening statement... as well as end with a closing statement, as I have showed in the example pick above... Scripts are clearly labeled as scripts + the actual language in either text to be processed or code to be pulled then processed. And yes, a discriminator algorithm must be used to actively detect discriminate and block know hacks. Although it is relatively simple as most embeded scripts are text... or at least it is easier to decode than say a java executable.
     
    Last edited: Mar 20, 2008
  23. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,333
    Location:
    Hawaii
    Ah so. I normally surf in shadow mode. Would that cover my computer's posterior?
     
  24. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
    Actually, not.

    I find many people with good common sense (brain, if you will).

    I doesn't take a lot of explaining to people how to avoid things like the latest iFrame exploit, for example.

    From the article linked in the iFrame thread:

    ----
    rich
     
  25. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Shadow mode? If You mean within a virtualised space? No!

    for example, if your virtual space encapsulate a browser with hack that exploit the web browser logon during secured log on transaction... that virtual space would only keep the hack localized within the box... but the login would have been intercepted...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.