Anti-Spyware coding
Results 1 to 4 of 4

Thread: Anti-Spyware coding

  1. #1

    Question Anti-Spyware coding


    I am given the job to create an anti-spyware, so the basic funda being scanning the running processes for spyware known executables, and on system scan scanning for files/folders in spyware database.

    Problem: where do I get the spyware db that I can freely or at some minor charge use?


  2. #2
    Senior Member
    Join Date
    Oct 2003
    I know there is a site that you could at least look through I cant remember it for the life of me though. You COULD do something like download programs like adware and spybot and run a scan with them and monitor what they are looking for using "processmonitor" which can be found on sysinternals website. You can specify filters to only look at registry/file access from a certian program.

    I am not sure how legal it would be to use the definitions you compile from such an act though...

  3. #3
    Junior Member
    Join Date
    Mar 2007
    Bay Area
    If this is going to be something that is truly independent then you may have to compile a database of known malware yourself, which is a huge task, and then figure out a method for identifing them (i.e. how your going to code the engine and what your going to use as signatures for the files...). Other then that, if you dont mind spending some $$$, you can check to see how much it would cost to purchase a database and what not.

    I did a quick google and found this:

    I hope that helps

    I was working on a similar project myself, but i was just compiling a database of non-malacious start up applications....

    Im interested to see how it turns out

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    I would suggest that this is a waste of time?.................... the one thing that you can say about any pattern or signature based system is that it is obsolete before you have even finished loading it?

    I think that encipher's approach shows more promise................ decide what should be allowed to application "A" runs processes "x", "y" and "z"................if "A" hasn't been started, neither should the others?

    Also look for opening of ports and attempts to "phone home"...................

Similar Threads

  1. FTC holding spyware workshop - speak up!
    By ric-o in forum Spyware / Adware
    Replies: 1
    Last Post: March 10th, 2005, 07:09 PM
  2. Replies: 12
    Last Post: February 9th, 2005, 08:11 PM
  3. 2004 Spyware Mini Tut
    By StatiCoR3 in forum The Security Tutorials Forum
    Replies: 4
    Last Post: August 12th, 2004, 01:11 AM
  4. FAQ About Spyware And Spyware Security
    By Spyder32 in forum The Security Tutorials Forum
    Replies: 8
    Last Post: July 24th, 2004, 08:31 AM
  5. Spyware Information., tools/tips for removal of spyware.
    By saintakaagni in forum Spyware / Adware
    Replies: 6
    Last Post: February 4th, 2004, 11:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts