Analysis of Spyware 246
scubacuda writes "What actually happens when you install adware/spyware/malware? Follow the Bouncing Malware examines what's downloaded, redirected, and obfuscated. A fascinating read. (Part two was postponed in order to cover a new My Doom variant.)"
firefox testimonial (Score:5, Insightful)
Seriously, how hard can it be for MS to write an application as straightforward, yet secure as Firefox.
I downloaded Service pack 2 release candidate and noted a lot of security improvements and features, but in agreeance with with MS whom today released the full Service pack 2, it seems to mainly add 'bars and locks' to your 'doors and windows'. Whereas Firefox seems to be a better neighborhood to live in from the start.
Re:Even Sevens (Score:5, Insightful)
Well, you could feed the spyware's controllers some fudged data, but how do you think you're going to get a SETI@Home-like model to "generate the data needed to put these goofs in jail"? Please, explain how repeated computation of fast Fourier transforms will do anything to uncover the spyware's owner. :)
Suppose we managed to get your nice antispyware software to collect data on the spyware's owners. What form do you think that data will take? I'm guessing it would be little more than IP addresses. Perhaps you can convince the authorities to subpeona the ISP for the owners of those addresses, but I doubt it. Good luck.
Spyware Prevention (Score:4, Insightful)
Re:firefox testimonial (Score:5, Insightful)
Perhaps lots [ca.com] of [symantec.com] people [bitdefender.com], including Microsoft itself [theinquirer.net], have an interest in perpetuating the myth that software is inherently insecure.
Re:malware honeypot? (Score:1, Insightful)
Re:Even Sevens (Score:4, Insightful)
A virus gets onto a user's computer through security holes, but malware simply walks through the front door stating their evil intents in a clickwrap TOS that the user usually doesn't read. There's no crime in getting people to agree to something stupid in exchange for a silly little app that runs in the corner of their screen.
Spyware is just another form of a virus (Score:5, Insightful)
Look, I have worked on systems that have had hundreds of infections, from viruses and spyware. I routinely subject a drive from a machine with spyware to the same checks and controls I do with viruses. I start by removing the victim drive and putting it in a secondary control system. Only then can I properly remove the hooks installed to prevent you from really removing things.
I've seen everything from DLL hooks to putting itself into the system restore file or hidden OEM restore partitions. This way windows itself will *fix* your removal. I've seen where they try to emulate legitimate hotpacks and patches. It's pretty simple really, if a program installs surreptitiously, disguises itself, and takes steps to prevent it's removal - than it is a virus.
Re:malware honeypot? (Score:2, Insightful)
Re:Even Sevens (Score:4, Insightful)
Re:Spyware is just another form of a virus (Score:3, Insightful)
Re:malware honeypot? (Score:5, Insightful)
If someone goofs and winds up on a site like the article mentioned, guess what, the customer just hit a malware mine.
It's not like the lovebug bit where it spread like wildfire, at random, the 'wares are more focused and actually show a purpose behind their creation: to retrieve personal information on the user behind the keyboard.
Under Federal and State regulations, this shows Willing Intent to Commit Malice, possible violations of Wiretapping Laws,and is grounds for prosecution to the fullest extent of the Law.
Re:Spyware is just another form of a virus (Score:3, Insightful)
Peter Norton: SpyVirus removal complete!
User: Norton broke my SuperKaazaMidgetCursor. No more free MP3s and naked strippers on my desktop WAH! I want my money back!
[The big difference between Anti-Virus and Spyware-Removal programs, is that the former is based on program behavior, and the latter makes value judgements about what is 'good' software or 'bad' software. I don't think any developers want a situation where they have to get their programs certified as "good" by some 3rd party.]
Re:I want an integrated tool! (Score:2, Insightful)
What's your ticker symbol, because I don't ever want to buy stock in a company that can't run a network properly.
Re:Spyware is just another form of a virus (Score:2, Insightful)
He said: "I've seen everything from DLL hooks to putting itself into the system restore file or hidden OEM restore partitions."
That sounds like it's infecting software. Last I checked, Windows wasn't hardware.
Re:Spyware is just another form of a virus (Score:2, Insightful)
Re:Spyware Prevention (Score:3, Insightful)
I don't think Ad-Aware (or other spyware scanners) checks Firefox cookies. I just ran and older version and it only found an Alexa registry entry, but I opened my Firefox cookies.txt and found a doubleclick.net cookie in there.
I'm a Firefox user/fan and IE hater, but Firefox doesn't inherently block tracking cookies, so I had to pick at your example. (Yes, Firefox does allow forcing per-session cookies, but it's not on by default, and it causes problems with remember-my-login cookies.)
Changing subject:
I noticed McAfee and others now have Anti-Spyware products alongside the AntiVirus products in stores. I'm wondering why the distinction between viruses and spyware? Shouldn't scanning for them and removing them involve the exact same process? Why not just include spyware/adware in the definition files?
Yeah, the obvious answer is "to make more money", but that really pisses me off.
Re:I want an integrated tool! (Score:1, Insightful)
Re:Even Sevens (Score:3, Insightful)
Hmmm. Interesting opening comment:
Surely you don't mean to discredit these malcontents' freewill do you? And the suggestion that the have "need" to hurt other people also seems to disown them of their personal responsibility to behave properly dispite if they are malcontent and have antisocial personality "features". I'd rather call the later "choices."Shheesh! What kind system would any lawful country have if they were to punish their criminals because someone else, i.e. "society," made them choose to be evil, malicious, self-serving, or greedy? Sure, society and it's micro-cosmos might promote these things, but everyone is ultimately responsible for their own decisions. Please, let us not even hint at the contrary.
Thanks,
William
Re:A lot of people don't care (Score:2, Insightful)