Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

"Anti-adware misses most malware " 3

Status
Not open for further replies.
2ffat

2ffat

Programmer
Oct 23, 1998
4,811
US
Go to to find an article by Brian Livinston. You may have to scroll down a couple of articles to find it. He quotes Eric Howes, an instructor at the University of Illinois. I don't know how Prof. Howes came up with his numbers but if they can be confirmed, it may shock some people.

IMHO, interesting reading none the less.

James P. Cottingham
-----------------------------------------
To determine how long it will take to write and debug a program, take your best estimate, multiply that by two, add one, and convert to the next higher units.
 
good read - bam
 
Interesting, I'll be happy to read his "Full" report when it is released.

If nothing else it gives me some other programs to poke around and look at to see what I want to utilize. Nice find.
 
An interesting question to pose (well, if you're anything like me), in regards to this article. What are the current setups that most people run and what/if any spyware do you find by following Howe's "best case" scenerio.

Myself, after reading such articles I'll generally pull down some of the programs discussed and do some testing of my own.

My current setup

MS Antispyware (Prior was Adaware)/Spybot/Spyware Blaster

Pulled down Webroot and ran that on my system, by far the most utilized for testing new utilities and web research.

Webroot found one cookie that had made its way onto my system since the last scan that I did, about a week ago today. Now, for me, I expected a bit more of an increase in finding of new spyware (registry keys or something). If anyone else is as curious as I am and tests this out pop up the numbers and see what we all end up with...yes...yes I do need a life ;-)
 
Just pulled down Spy Sweeper, updated and ran it; all it found were 4 references to neededware.com in the Registry. These were the references from IE's Restricted Zone settings - if I had removed them with Spy Sweeper, I would have been MORE at risk!

I wrote up a ticket for them, I'll get back to you when they reply.

Andy.
 
i agree that you should use more than just one spyware tool.

however, it should be used on top of a firewall & virus package combination!

finally, you need to watch where you surf because of all of the hidden language in a site's "privacy policy" allows them to do all kinds of nasty things.
 
Those percentages don't surprise me.

I just went back and looked. I have responded to 7 hjt logs on a help site in the last two days.

The main problem in 5 of them was a relatively new cws
temp\sp.dll/sp.html.
2 users gave no indication of having run any other programs.
1 user had run Spysweeper.
1 user had run Spybot.
1 user had run Adaware.
All 5 had the same log symptoms to be repaired.

The other two users had other problems, one had done a lot of repairing himself/herself. Both had run Spybot prior to posting a log and still had problems which needed repairing.



-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Hola,

I've used Ad-Aware and SpyBot, for ages, aswell as HJT...

just for the kick of it, I Downloaded MS Giant Beta and SpySweep and let both do a scan... not surprised at the outcome... I'm Clean... who'd thought that...

Now, the best AntiSpyware thing one can use, is one's own brain... then an Active AntiVirus progie and TeaTimer (Spyware Shield, Moosoft's TCactive, etc.) and a scan or two with two or more AntiSpy/Adware scanners will get you close to 98% clean...

to get a total of 100% you'd have to stay totally off the Internet and not use Windows...



Ben

If it works don't fix it! If it doesn't use a sledgehammer...
 
Good read, 2ffat. Even better reaction, Ben. [tongue]
I just did the same: download MS Giant and run:
Perhaps these statistics were financed by big Bill himself in order to get some PR for his AntiSpyware?

I am doing the same as Ben: running AdAware SE, Spybot, HJT, BHODemon. Active Antivirus, active Sypware shield and an occasional scan - that's paranoid enough.
My scan showed I was clean as a baby...

:eek:)

[blue]An eye for an eye only ends up making the whole world blind. - "Mahatma" Mohandas K. Gandhi[/blue]
 
The only problem with the article that I have is this:

Adware: Shows ads, but considered "wanted." Doesn't typically log any information about the user other than which ad was clicked.
Spyware: Moved up a little, captures information about the user, where they surf, etc. Hence the "spy."
Malware: Typically viral in nature, but not necessarily a virus. Can be a worm, trojan, or other software that causes harm. Hence the "mal." _mal_icious. A good example is the "phpBB Destroyer" that has been floating around. When I played with it and attempted to reverse engineer it (it resisted dissasembling :(), I found that no major AV definitions detect it. I found that it appeared to be similar to Netsky as it created a csrss.exe in %systemdir%/randomname/. However, this one also connected to a botnet, presumably to use the zombies for something. It did not contain anything to destroy phpBB though. Both I and the ISC (Internet Storm Center, isc.sans.org) labeled this as malware as it did not show ads, it did not spy on the user, tracking websites. It was malicious in nature, preventing the user from killing it in task manager, adding registry keys, adding it self to win.ini, and attempted to be problematic.

Perhaps this could be considered splitting hairs by the article author, but important distinction nonetheless.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
 
And by article author, I'm referring to I got a phone call so I didn't get to finish.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
 
anything i do not put on my machine purposely is not welcome.

regardless of the definition or intent.

the problem i have is that many websites (reputable ones at that) allow advertisers to use them to place ad/spyware on your machine thru their privacy statement (bogus at best) and others find it easy to tunnel thru to place malware on your machine thru these bogus privacy statement loopholes.

some sites that i used to visit (pre spy/adware scanning) when i was on dialup loaded faster then than now that i am on dsl with all of the bells & whistles, i.e. ZA Pro, MS Beta Virus Scanner, SpyBot S&D, and Adaware.

so i don't visit them anymore becasue that tells me they are laced with tons of ad/spyware and whatever else. a good example are the major city newspapers. try one with & without your safe software running and take a look at your system afterwards!

by far the worse i have encountered is Disney. i went there for my little girl and it took me hours to get rid of the stuff they dumped on my machine!

finally, as was posted earlier, the more we block the newer ways they find to get around it.
 
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
304
Oorde
Oorde
2ffat
  • Locked
  • News
MalwareBytes may have been hacked
Replies
0
Views
179
2ffat
2ffat
goombawaho
  • Locked
  • News
Malware Injected Into CCleaner 3
Replies
2
Views
172
goombawaho
goombawaho
Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
223
Henry Pence
Henry Pence
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
194
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top