Please help me Design a Spyware Test
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Please help me Design a Spyware Test

  1. #1
    Member
    Join Date
    Feb 2005
    Posts
    60

    Please help me Design a Spyware Test

    here's the deal - i've done my own testing, and narrowed it down to a couple of enterprise anti-spyware apps.


    Now i need to test it on my live network, with my coworker's pcs.


    But my department head is asking for real-live testing methodology.


    Any tips on how to design this test so we can get some good data from it?

    thanks in advance!

  2. #2
    Do a little bit of risk assessment and test on machines that won't break your network or business flow if something goes terribly wrong (i.e. if these computers all of a sudden didn't show up for work, things can still work)

    If that works out, and your more important machines in operations have much different policies and/or software, test out on a small group there and try to pick a group that isn't mission critical if possible. It stinks that you don't have a testing enviroment, but most biz doesn't.

  3. #3
    Member
    Join Date
    Feb 2005
    Posts
    60
    hee hee. You mean IT shouldn't be my test environment?

    that's just crazy talk.


    i'll be rolling out to 3 or 4 of my coworkers. What i really need to ask my boss is if we want to break our machines by doing drivebys on dangerous sites, or just have it run in the background to know nothing will explode.

    about the only difference between IT and genpop is that we're running XP SP2. i wonder how much of a difference that would make.

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    It sounds like your manager wants a Pilot test plan. Soda's right, you really need a sandbox test environment to do the hard crunching on, and usually these are pipe dreams, or they are cobbled together from the dregs of the trash heap.

    But if he wants a test methodology for a Limited Production deployment, that's oftern referred to as a pilot test phase. Has he given you requirements? Are you supposed to actively attack these systems once they are deployed with the new solution? Usually, in a pilot program we deploy and allow the testers to use the systems normally with no active intervention or action. But we've already done the serious attacking and 'proof of concept' in the lab. The pilot is more of an end user integration test...will they break it, how, when, etc.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Member
    Join Date
    Feb 2005
    Posts
    60
    excellent zencoder....that's what i'm gettign at.

    I've already done my sandboxing on errr...."the dregs of the trash heap" *lol*. I've hit it hard, and the 2 i've got came out on top (CA and SpySubtract)


    I'd prefer a passive test, but i really should check with my boss and see what she wants.

    i'm sure my fellow geeks will try to break it on their own. but that's all well and good.

  6. #6
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Good deal, glad that helped. Make sure you get specific requirements from her. What she wants to see from it, how long it should take, how many users and what sort (often times, pilots are restricted to technically astute users that aren't in the IT department, or IT employees only, etc.) If you need help formulating this into a structure, lemme know.

    Yes, trash heap indeed. I describe mine as the scene inside the Jawa sand crawler from Star Wars. Wires, actuators, piles of fab board everywhere. Yet somehow, a functioning system emerges from that pile.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  7. #7
    Member
    Join Date
    Feb 2005
    Posts
    60
    I actually just spoke with her about it.


    Basically she wants to do a 2 week run, with just the IT staff before we make a consensual decision on which app to go with, if either of them.

    the first week is passive, and the second week, the guinea pigs can try to break it if they feel comfortable and time permitting.

    i'm going to use my current "server" as the test server and join it to the domain.

    i would appreciate any help you can give formulating this into a structure. I need to creat a methodology, but i've never really done it before, and that one link i forwarded to ya in the other thread we spoke about this stuff doesn't help much in what i'm trying to do here.

  8. #8
    Member
    Join Date
    Feb 2005
    Posts
    60
    Okay. So I need a little help figuring out the best websites for getting infected but not with anything too virulent.


    During my personal testing phase i downloaded Kazaa, Grokster, and surfed to iowrestling.com


    I need some new sites that have fresh spyware so that we can get some more diverse results.

    Anyone have any ideas?

  9. #9
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Tryska:

    Hello. I did some spyware testing of my own on a Windows 2000 Pro workstation using a config I built up using multiple tools and can offer some ideas.

    Methodology
    Visit websites that are known to contain spyware. Then take system offline and scan for malware.

    Spyware Sites:
    * I went to a bunch of common spyware sites that we found our PCs at work infected with. Note: I just went to these sites, I didn't install any of the toolbars or software they offer so I was just testing for drive-bys. One exception is Bargain Buddy toolbar: I did install it and boy was it a nasty one to get rid of. Good news is that my config at least crippled it so it was mostly benign. Sites I went to include (note dash added to keep forum from making it a URL hotlink so people dont accidently click on them):

    bargain-buddy.net (Bargain Buddy)
    -www.1800solutions.com
    roings.com
    coolwebsearch.com
    lop.com
    123greetings.com
    -www.whenu.com, web.whenu.com
    internet-optimizer.com
    -www.purityscan.com
    isearchtech.com (ISTbar)
    -www.dealhelper.com
    213.86.53.230
    216.74.27.24
    64.125.97.10
    couple others I cant remember

    * Another great reference is the Watchers List by an anti-spyware advocate called WebHelper. Get the list and start going to these IPs and sites, there are TONS: http://www.webhelper4u.com/watcher/t...erlistold.html

    Scanning for Infection:
    * Booted up with Knoppix Live Linux CD; shared out hard drive; scanned with virus scanner, trojan hunter (TDS3).

    * Booted up into Safe Mode and scan using spyware detection tools: Spybot S&D, Ad-aware SE Personal, Counter Spy by Sunbelt Software, Spy Sweeper by Webroot

    Let me know if need any other info or have questions.

  10. #10
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    wow...that list above is great. Ive been looking for more sites ot use to trash comps so I can test new products.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •