April 2nd, 2007, 01:55 PM
I am given the job to create an anti-spyware, so the basic funda being scanning the running processes for spyware known executables, and on system scan scanning for files/folders in spyware database.
Problem: where do I get the spyware db that I can freely or at some minor charge use?
April 2nd, 2007, 03:44 PM
I know there is a site that you could at least look through I cant remember it for the life of me though. You COULD do something like download programs like adware and spybot and run a scan with them and monitor what they are looking for using "processmonitor" which can be found on sysinternals website. You can specify filters to only look at registry/file access from a certian program.
I am not sure how legal it would be to use the definitions you compile from such an act though...
April 2nd, 2007, 05:04 PM
April 2nd, 2007, 07:35 PM
I would suggest that this is a waste of time?.................... the one thing that you can say about any pattern or signature based system is that it is obsolete before you have even finished loading it?
I think that encipher's approach shows more promise................ decide what should be allowed to run.............like application "A" runs processes "x", "y" and "z"................if "A" hasn't been started, neither should the others?
Also look for opening of ports and attempts to "phone home"...................
By ric-o in forum Spyware / Adware
Last Post: March 10th, 2005, 06:09 PM
By SDK in forum Spyware / Adware
Last Post: February 9th, 2005, 07:32 PM
By StatiCoR3 in forum The Security Tutorials Forum
Last Post: August 12th, 2004, 12:11 AM
By Spyder32 in forum The Security Tutorials Forum
Last Post: July 24th, 2004, 07:31 AM
By saintakaagni in forum Spyware / Adware
Last Post: February 4th, 2004, 10:48 AM