Results 1 to 4 of 4

Thread: Anti-Spyware coding

  1. April 2nd, 2007, 01:55 PM #1
    AceSpy
    AceSpy is offline
    Member
    Join Date
    Oct 2003
    Posts
    39

    Question Anti-Spyware coding

    Hello,

    I am given the job to create an anti-spyware, so the basic funda being scanning the running processes for spyware known executables, and on system scan scanning for files/folders in spyware database.

    Problem: where do I get the spyware db that I can freely or at some minor charge use?

    Thanks,
    Zeeshan
    Reply With Quote Reply With Quote
  2. April 2nd, 2007, 03:44 PM #2
    oofki
    oofki is offline
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    I know there is a site that you could at least look through I cant remember it for the life of me though. You COULD do something like download programs like adware and spybot and run a scan with them and monitor what they are looking for using "processmonitor" which can be found on sysinternals website. You can specify filters to only look at registry/file access from a certian program.

    I am not sure how legal it would be to use the definitions you compile from such an act though...
    https://oofki.com
    https://fromprogrammertoengineer.com
    Reply With Quote Reply With Quote
  3. April 2nd, 2007, 05:04 PM #3
    encipher
    encipher is offline
    Junior Member
    Join Date
    Mar 2007
    Location
    Bay Area
    Posts
    17
    If this is going to be something that is truly independent then you may have to compile a database of known malware yourself, which is a huge task, and then figure out a method for identifing them (i.e. how your going to code the engine and what your going to use as signatures for the files...). Other then that, if you dont mind spending some $$$, you can check to see how much it would cost to purchase a database and what not.

    I did a quick google and found this: http://www.emsisoft.com/en/support/malware/

    I hope that helps

    I was working on a similar project myself, but i was just compiling a database of non-malacious start up applications....

    Im interested to see how it turns out

    Reply With Quote Reply With Quote
  4. April 2nd, 2007, 07:35 PM #4
    nihil
    nihil is offline
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I would suggest that this is a waste of time?.................... the one thing that you can say about any pattern or signature based system is that it is obsolete before you have even finished loading it?

    I think that encipher's approach shows more promise................ decide what should be allowed to run.............like application "A" runs processes "x", "y" and "z"................if "A" hasn't been started, neither should the others?

    Also look for opening of ports and attempts to "phone home"...................
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. FTC holding spyware workshop - speak up!
    By ric-o in forum Spyware / Adware
    Replies: 1
    Last Post: March 10th, 2005, 07:09 PM
  2. Experts predict Firefox spyware will show up this year
    By SDK in forum Spyware / Adware
    Replies: 12
    Last Post: February 9th, 2005, 08:11 PM
  3. Spyware Information., tools/tips for removal of spyware.
    By saintakaagni in forum Spyware / Adware
    Replies: 6
    Last Post: February 4th, 2004, 11:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules