New anti spyware site

Discussion in 'other security issues & news' started by smikkel, Oct 23, 2005.

Thread Status:
Not open for further replies.
  1. smikkel

    smikkel Registered Member

    Joined:
    Oct 23, 2005
    Posts:
    4
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Hi smikkel,
    Congrats with your new AS website !!!
    I'm not an expert, but this website looks the same as yours.
    Is your list something else or is it double with this website ?
    http://castlecops.com/CLSID.html
    If it is a similar list, than everybody has to maintain TWO lists and maybe there are even more lists like that.
    If I'm wrong correct me :)

    P.S.:
    http://castlecops.com/CLSID.html
    Currently 22127 entries and growing...

    http://www.lansweeper.com/askdoctorguid/
    Your website counts 1163 entries.
     
    Last edited: Oct 23, 2005
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
  4. (loggedoff)

    (loggedoff) Guest

    Just started yesterday with the database, the only guids are from my lansweeper software.
    I think a big advantage of this site is that the users can leave their own comment for a guid.
    If i say "Watch out, this is spyware" it will mean more to other users than just setting an X before al GUID.
    Castlecops only collects the BAD guids, I (try) to collect them all.
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    First and foremost thanks for taking of your time to even create that page.
    No dis-respect to those that might leave a comment but that leaves it in the hands of the users to have to decide if those are legitimate comments....unless you are prepared to validate those comments :doubt:
    Actually....Castle Cops CLSID/BHO List/ Toolbar Master List contains the Good, Bad, Ugly....etc....compiled by some very respected Security Experts in this field.

     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Smikkel or loggedoff (?),
    I certainly agree with this remark.
    Leave malware up to security experts and not to internet users from nowhere, because you don't know who they are.
    When your database becomes bigger and bigger, you won't be able to control thousands and thousands of GUIDs anymore.
    That would be enormous work for you and can't be done in practice. I'm speaking of experience.

    The GUID comments can be usefull for security people (I don't know about that), but non-security users who consult your GUID database are only interested in one thing : is it a good or a bad GUID ? and that basic question is answered by the GUID database of CastleCops and yours of course, BUT ...

    If I have a GUID problem, I will check CastleCops FIRST, because that's the largest database.
    If I don't find the GUID, I will ask CastleCops for advice and CastleCops will store the GUID in their database, with the right qualification. That's how it works and that's how it has to be done, if you want to keep the GUID database of CastleCops as a reliable tool for GUIDs.
    If you think, that I go through that trouble again to update your database, you are wrong because I don't have the time to do this twice.

    Spreading the SAME information (in this case GUIDs) over several databases is NEVER a good practice.
    As an application analyst I would never allow this at work. Unfortunately this happens alot and that is even normal on the internet, because everybody can create a website, but nevertheless it remains a problem.

    I don't want to discourage or hurt you in anyway, but IMO your GUID database has little chance to become successfull, because CastleCops had this idea already long ago and the first one usually wins, especially when
    CastleCops keeps their GUID database up-to-date and that's why CastleCops has more than 22000 GUIDs.
    You only re-invented the wheel and that is always risky if you want to become successfull. Your additional comment won't make a difference.

    If I would be so much interested in GUIDs like you, I would search on the internet first for existing websites, that do this job already and I certainly would find CastleCops and that would be the end of my idea of creating my own GUID database.
    In that case I would contact CastleCops and ask them to help them with updating their database under their supervision. :)
     
  7. smikkel

    smikkel Registered Member

    Joined:
    Oct 23, 2005
    Posts:
    4
    I already agreed with Tony Klein to use the castlecops database.
    My lansweeper software finds new guids every day I also have a webinterface for the program http://www.lansweeper.com/demo/default.aspx
    I want to integrate the guid lookup from my new website into this webconsole.
    I also think programs like Hijack should benefit from looking up directly into an online database (like mine)
    But you are all right: having 2 seperate databases is always bad.
    So i'm going to try to keep up with the castlecops database and add my extra entries found by lansweeper (mostly good guids)

    As long as the people that need help get what they wanted everything is ok

    Everybody thanks for their remarks.

    Regards
    Geert
     
  8. chx

    chx Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    5
    Wow.. great site you got there... That site will be of healp to us.. thanks and more power
     
  9. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,351
    Location:
    The Netherlands
    In fact, the Sysinfo.org database has been discontinued, hence the differences in size with the one at CC's.

    For a while I added to both, but the CastleCops database quickly became the Master list.

    And, as Bubba already said, ALL Toolbar and BHO CLSIDs qualify for inclusion into the List, good OR bad.
    We aim to be as comprehensive as humanly possible...

    That said, the List is only meant to include the said Toolbar and BHO GUIDs, ie the O2 and O3 items from a HijackThis log, or, put in another way, subkeys added to the following registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

    and

    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar

    That said, should you come across one NOT listed, and you are certain CLSID and file name aren't completely random, feel free to email me, preferably with a link to the forum thread/Hijack This log in question, and including a copy of the file itself: submit_stuff AT xs4all.nl (replace AT by @)

    Thanks! :)
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Smikkel & TonyKlein,
    After reading your last posts, I don't see any problem anymore. I was only trying to help.
    All these qualified helpers in the many malware forums will appreciate it.
    Good luck with what you are trying to accomplish !!! :cool: :)
     
  11. smikkel

    smikkel Registered Member

    Joined:
    Oct 23, 2005
    Posts:
    4
Loading...
Thread Status:
Not open for further replies.