New Spycar program to weed out rogue Antispyware programs
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: New Spycar program to weed out rogue Antispyware programs

  1. #1
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564

    New Spycar program to weed out rogue Antispyware programs

    I wasn't sure wether to put this in Spyware/Adware or here.....

    As the article states, this sort of thing was done a few years back for Anti Virus Applications, because of the proliferation and credibility of the good ones that were available.

    News Story by Robert McMillan

    MARCH 17, 2006 (IDG NEWS SERVICE) - Does your antispyware software really work? With security experts warning of "rogue" antispyware products that sometimes do more harm than good, two security researchers have decided to take matters into their own hands.

    They're working on a new software product, called Spycar, that will test the effectiveness of antispyware products. "We decided the best way to do that would be to write a suite of tiny custom programs that each do a tiny spyware-like thing," said Tom Liston, a senior security consultant t Intelguardians LLC in Washington.

    The software is being developed by Liston and Ed Skoudis, also an Intelguardians security consultant.

    Spycar will contain about 25 small programs, each of which engages in the kind of nasty behavior normally associated with spyware. For example, it will add favorites to Internet Explorer, or add a file to the machine and change the computer's registry so that the file is launched at start-up. The software will then undo all of the changes it has made after the testing has been completed.

    "You could really test and see if your antispyware is doing the things that it should be doing," Liston said.

    And that is becoming an increasingly important question for many Internet users. While many antispyware products can identify malicious code using signatures, a kind of digital fingerprint that alerts the software to unwanted code, Liston says they don't do so well when trying to identify unknown software, like Spycar, that behaves like spyware. "Not too many of them are catching behavior-based stuff at this point," he said.

    Liston likens the state of the antispyware products to the antivirus market several years ago: overly reliant on these signature-based techniques and lacking in standard testing tools.

    Security giant Symantec Corp. agrees with him, at least when it comes to antispyware testing tools.

    "We would love to see the antispyware industry evolve to the point where there are standardized tests," said David Cole, director of the company's security response group. "We've evolved to that point on the antivirus side."

    In fact, the Spycar name is a play on a popular antivirus testing tool created by EICAR (the European Institute for Computer Antivirus Research).

    Symantec and other major security vendors banded together earlier this year to develop standard ways of testing their antispyware products, something that they say will eliminate customer confusion in this space. Information on this effort can be found at spywaretesting.org.

    It's not surprising that customers are confused. There are literally dozens of antispyware products that have been classified as rogue antispyware by Spywarewarrior.com, a Web site that serves as a ************* for information about the spyware problem.

    One of these alleged "rogue" products came under scrutiny in January, when Microsoft Corp. and the Washington state attorney general sued antispyware software vendor Secure Computer LLC. Their complaint alleges that Secure Computer's Spyware Cleaner software not only failed to remove spyware as advertised, but left its users less secure. The White Plains, N.Y., company pulled Spyware Cleaner from the market soon after the suit was filed.

    While Spycar won't help users remove rogue antispyware products, it will give them a sense of whether they have a problem, Liston said.

    Spycar will be available free of charge in May. More information will be made available on the web site at that time.

    Source


    This should help combat those programs that are put out there which don't do a good job of picking up spyware/malware on a users PC.

    This is allready done to an extent by

    Spyware Warrior

    I have used this list on occassion to help get rid of certain programs that people have downloaded because it looked "nice".
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Posts
    113
    Nice read, but who will test programs like spycar ?

    MRG.

  3. #3
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Originally posted here by mrg81
    Nice read, but who will test programs like spycar ?

    MRG.
    Good question, but seeing's as how it will probably be "the" prototype, we may have to wait to see who will come up with a test for them, as it is the first, we may have to allow some time for the results to come in wether yay or nay....

    At least, someone is going to make the effort to lump all of the supposedly good Antispyware Apps out there and critique them, and maybe allow users to make their own informed choices....?
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  4. #4
    Why not actually secure the machine? Prevent the malware from getting in, and prevent it from proliferating/executing if it does get in.



    I don't get spyware, and I don't have to worry about updating my scanner, or any other bullshit.


    It still amazes me that so many people place such a high importance on their computer, and don't even have the most rudimentary understanding of how it works. The same people who change the oil in their cars, mow their lawns, etc. Why not put that effort into your computer?

  5. #5
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Why not actually secure the machine? Prevent the malware from getting in, and prevent it from proliferating/executing if it does get in.


    Of the millions of Home PC's out there, what do you figure is the percentage of the ones that know what you know, in keeping crap off of their PC, I would bet it's fairly small.

    Untill MS builds an OS, that has built in protections,(AV,Antispyware, etc) consumers are still going to get caught between the two, an unsecured PC and those trying to exploit those vulnerabilities.

    Just try to imagine if those people who created Adaware SE and Spybot S & D had not done so, if you ask me IMO, these two programs have probably helped quite a few people out who have no clue about PC security or the settings that need to be configured in Win XP or 2000 or 98 and blindly surf the net.

    So if a company want's to try and make it easier, then I say go for it, unless you can figure out a way to enlighten the masses into locking down their PC's so tight that nothing gets in, then until then, it's down to what's available for keeping on top of the problems....
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  6. #6
    THere is no need for antimalware protection of any sort if you put even a small amoun of effort into securing your machine. There are numerous step by step guides out there that show how to do it.

    I refuse to accept to people's laziness and uinwillingness to learn. There is no excuse for it.


    So if a company want's to try and make it easier, then I say go for it, unless you can figure out a way to enlighten the masses into locking down their PC's so tight that nothing gets in, then until then, it's down to what's available for keeping on top of the problems....
    The information is available in easy to digest terms and steps. If they do not take advantage of the resources available to them. It's their own damn fault.


    Untill MS builds an OS, that has built in protections,(AV,Antispyware, etc)
    The tools needed are already present.

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Sorry to sound cynical, but what is there to stop unscrupulous vendors from simply adding the signatures for this stuff. It would then be detected and all would appear to be well, when in fact it was not?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Originally posted here by nihil
    Sorry to sound cynical, but what is there to stop unscrupulous vendors from simply adding the signatures for this stuff. It would then be detected and all would appear to be well, when in fact it was not?

    \


    From one cynic to another....

    This will never change, however if we allow those so called users who don't give a rats ass to continue to ignore securi9ng their PC's, then they become part of the problem(zombies)and not the solution.

    The information is available in easy to digest terms and steps. If they do not take advantage of the resources available to them. It's their own damn fault
    Exactly the right attitude, which allows so many of these problems to exist, so what you are saying is so...your PC is infected, tough sh*t, don't come to me crying about it.???

    The tools needed are already present.
    My point earlier, you know about this and so do I, but how many out there are just happy to play their games and surf the net???

    If this program can assist in helping others determine wether or not their Antispyware program is legit, then what's the problem???

    Or do we sit back and continue to watch thousands of PC's become infected, hang out at a few of the forums which deal in Highjack this logs and see the amount of crap, users pick up, I am in no way defending the lazy one's who don't care, I am more interested in the seniors who are just starting out, or those in the 50 to 60 yr range, who because of the times find themselves behind the 8 ball.

    How many times have you cleaned a relatives PC because they don't have the know how to do it themselves, or just don't have the inclination to worry about this stuff???
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  9. #9
    Exactly the right attitude, which allows so many of these problems to exist, so what you are saying is so...your PC is infected, tough sh*t, don't come to me crying about it.???
    What I am saying is, I am sick of hearing how people seem to think that malware is a "fact of life" with Windows, and Mac/Linux is somehow salvation form all their problems.

    My point earlier, you know about this and so do I, but how many out there are just happy to play their games and surf the net???
    I understand this, but telling people that everything will be alright if they just have a firewall and an antivirus is not the answer. It is akin to telling people that if they wear a seatbelt, they don't have to be a safe driver.

    If this program can assist in helping others determine wether or not their Antispyware program is legit, then what's the problem???
    Heuristic analysis, even if it is not based on concrete signatures, is still a reactive technology and does not provide security. All it does is clean up (somewhat) the effects of poor security.

    Or do we sit back and continue to watch thousands of PC's become infected, hang out at a few of the forums which deal in Highjack this logs and see the amount of crap, users pick up, I am in no way defending the lazy one's who don't care, I am more interested in the seniors who are just starting out, or those in the 50 to 60 yr range, who because of the times find themselves behind the 8 ball.
    If they're willing to spend the thousand dollars on a new PC, they can spend a bit more on having someone secure it for them and teach them proper techniques.

    How many times have you cleaned a relatives PC because they don't have the know how to do it themselves, or just don't have the inclination to worry about this stuff???
    If they come to me, I expect them to learn from it and take the necessary steps to prevent it. After the second or third time, they're on their own.

  10. #10
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    I understand this, but telling people that everything will be alright if they just have a firewall and an antivirus is not the answer. It is akin to telling people that if they wear a seatbelt, they don't have to be a safe driver.
    In an 'Ideal" world, all OS's would come preconfigured to not be exploitable, in an "Ideal" world, however, this is reality, and not everyone out there is inclined to do the legwork, most PC's sold are of the OEM variety (off the shelf and disposable), these come usually with a trial period of Norton or McAfee, which most often after they expire the user forgets about it. So should the 3rd party retailer's be responsible for ensuring the PC they sell is secure from all known threats, of course not, but who is teaching these users about it, and sure it's easy to say, just "google it" (I am so tired of seeing people say that), or read up on it,(RTFM another quick answer)) or if your willing to spend a thousand bucks then spend the extra for some guidance, not going to happen and still will not solve what's going on.


    Heuristic analysis, even if it is not based on concrete signatures, is still a reactive technology and does not provide security. All it does is clean up (somewhat) the effects of poor security.
    I think we are at cross purposes here, the article is for a program that when run will tell you if the "Antispyware" program on your PC is a legitimate program and is capable of doing what it says, I think what you are talking about is Anti Virus programs, which yes are for the most part reactive.


    If they come to me, I expect them to learn from it and take the necessary steps to prevent it. After the second or third time, they're on their own.
    I agree 100% on that....(it happens).

    but, if we didn't take the time to do this for others, maybe we wouldn't learn as much as we do when it comes to protecting our own PC's???? and besides, in an "Ideal" world, all IT's would be out of a job....(never going to happen....right... )
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides