Spyware

VanguardLH · 12-26-2007, 05:20 AM

<use_a_hammer@yahoo.com> wrote in message
news:91489731-b93d-4968-84e9-0aa66911a403@q77g2000hsh.googlegroups.com...
> On Dec 23, 9:27 pm, "VanguardLH" <Vanguar...@mail.invalid> wrote:
>> "Dave" <dav...@optusnet.com.au> wrote in message
>>
>> news:476ee2b3$0$26179$afc38c87@news.optusnet.com.a u...
>>
>> >I run avg antivirus and would like to know what is a good spyware
>> >download
>>
>> Spyware? You really WANT *spyware*? Maybe you actually meant
>> ANTI-spyware products.
>>
>> So why not also try Grisoft's AVG AntiSpyware product (notice it is
>> called ANTIspyware, not spyware). While the download is for a
>> trial,
>> it will remain useful after the 30 day period except you don't get
>> the
>> on-access (realtime) scanning. I'd rather not have dozens of
>> security
>> programs consuming my computer's resources so I only use them as
>> on-demand scanner (so even when I got AVG AntiSpyware and was
>> within
>> the 30-day trial period, I disabled their on-access scanner).
>> AVGAS
>> used to be ewido before Grisoft bought it.
>>
>> Another poster suggested BOClean (free from Comodo). It is archaic
>> in
>> what it detects based on signature and its primary use now is its
>> heuristic detection. Peculiarly Comodo has yet to roll the trojan
>> signatures (the only type of malware that BOClean detects) into
>> their
>> anti-virus product. They promise to roll in the detections from
>> BOClean into version 3 of their anti-virus program. Unfortunately,
>> Comodo has deliberately kept version 2 in beta status to thwart
>> being
>> compared against any other anti-virus products, like
>> atwww.av-comparatives.org. Their version 1 had dismal coverage
>> (38%)
>> but no one knows what version 2 has for coverage since the
>> independent
>> test sites won't bother with beta versions when comparing against
>> commercial/released versions. Even the original author of BOClean
>> has
>> acknowledged that the detection mechanisms of BOClean are archaic
>> and
>> useless against recent pests. Development of BOClean for
>> heuristics
>> went stagnant years ago. The signatures that it downloads are only
>> for trojans as BOClean is a trojan hunter. I gave up on BOClean.
>> Visit their forum and you'll conclude that it is too old a product
>> and
>> too specific on pest type coverage.
>>
>> A single anti-spyware program is not sufficient to detect a large
>> majority of pests. You need a layered approach which means using
>> several products. However, if you decide to buy one or get a free
>> one
>> that includes on-access scanning, only enable the on-access
>> scanning
>> in one of those products and use the others for on-demand scanning
>> only.
>>
>> Spybot S&D
>> Lavasoft Ad-Aware
>> SuperAntispyware
>> AVG AntiSpyware
>>
>> Those should cover most pests. The next step would be to
>> incorporate
>> HIPS (host intrusion protection system) software. Online Armor is
>> a
>> firewall with HIPS (but still needs a couple more features to be
>> comprehensive regarding HIPS features). Comodo's anti-virus in
>> version 3 is supposed to include HIPS. Comodo's version 3 firewall
>> includes HIPS but there are too many problems with the firewall,
>> like
>> lack of ease-of-use and use of global rules rather than using
>> stateful
>> packet inspection to grant inbound connects on programs that are
>> allowed to make outbound connects. HIPS in their firewall
>> regulates
>> what can connect. HIPS in their anti-virus v3 product regulates
>> what
>> can load into memory (and run). System Safety Monitor is a HIPS
>> program. Antihook, too, but seems to incur more impact on
>> responsiveness of the host. ProcessGuard has been long dead as
>> also
>> for AppDefend so don't bother with those. HIPS means *you* have to
>> be
>> more intimate with your software to know what should be allowed to
>> load or connect.
>
> JFTR, Spyware Terminator has a HIPS function. (although I don't use
> it.... PITA!)

HIPS does require the *user* to make the final decision as if a
program is allowed to load into memory or if a process is allowed to
connect to the network (or if the parent process is allowed to call
the child process that makes the connection, if the HIPS product
tracks the parent-child relationship). However, most users are not up
to the task nor have the expertise to answer the prompts presented by
a HIPS program so they see it as a nuisance that they don't understand
how to employ. That is why some HIPS programs now include whitelists
of known good programs (by their hash) to alleviate that nuisance by
reducing the number of prompts. Still the user would have to make a
decision for any programs that are not in the whitelist. If the user
cannot figure out why the console window disappears when they use
Start->Run to execute a DOS-mode program then HIPS is also beyond
their comprehension.

Thread: Spyware

Thread Tools

Display

Threaded View

Re: Spyware

Thread Information

Users Browsing this Thread

Posting Permissions