Computer Safety - free Spycatcher

ddean

ddean

Joined
Mar 26, 2002
Messages
3,397
Malware
Spyware
Adware
keystroke loggers
trojan horses

rootkits ! ...... bad . bad . bad .........
can catch pre-installation


I've been using the free version of Spycatcher
Warning - see next post (#2) below
Spycatcher is trojan spyware in it's own self . . . :barf:

SpyCatcher™ Express
htp://xxx.tenebril.com/consumer/spyware/spycatcher-express.php

easy to use as automatic click & run
yet, options and lots of technical ability & resources available

Haven't recently tried any other to compare


the last session rambling the web looking for info
the PC acquired [& SpycatcherE caught & quarantined]
some 17 malware items
this doesn't count tracking cookies
that a program like Ad-AwareSE can help with.

spyware resource pages
http://spywarewarrior.com/asw-test-guide.htm
http://www.grc.com/default.htm


rootkits ?
be afraid, be very afraid
http://en.wikipedia.org/wiki/Rootkit
once installed,
detection & removal are problematic

check out
http://research.microsoft.com/rootkit/
http://www.sysinternals.com/utilities/rootkitrevealer.html

<:)> THEY call me 'Dean' <>
dean-sp-sm.jpg

<:eek:> Caution: Not all ideas vented from this brain are entirely based on empirical data. JMO-M2C-fWiW-iIRC-YMMV-fYI-TiA-YW-GL
<:D> Noobee <> Tips <> Baha'i Prayers Links --A--T--H--D
 
Hi Dean:

Many, many of the programs available for download and claim to clean out spyware ar themselves spyware. They just pretend to be anti-spyware.

This program appears to be one of them. It puts it's own spyware on your computer. Sure it might remove others, but you still have spyware.

Read: http://castlecops.com/modules.php?n...71&sid=6380&pid=1770&mode=&order=&thold=#1771

I work in a network IT dept. We only use two trusted anti-spyware programs. Spybot and Adaware.

I'll post links to them if it would help. There are some similar sounding imposters that, you guessed it, put their own spyware on your computer.

Just my .02.
 
Steve Poll said:
I work in a network IT dept. We only use two trusted anti-spyware programs. Spybot and Adaware.

Just my .02.
Click to expand...

Steve, what do you think about Microsoft's Beta Program? So far I've been pretty happy with it.:thumbup: ;)
 
I do freelance IT work, which consists mostly of dealing with virus and spyware infestations nowadays.

The nest single program I use is Spybot - Search & Destroy 1.4. It gets the most programs and has great features to immunize and has a very easy to use interface - which is great for non IT people once they are shown how to use it.

I have tried the Microsoft AntiSpyware Beta1 and now the Beta 2 version Windows Defender. During the first scan I used with it, it got 3 programs that Spybot missed... but never detected another threat. It doesn't seem to pick up anything Spybot doesn't.


You should use at the very least, two spyware removal programs. Like Steve said, Spybot and Adaware compliment each other pretty well. In the past the two programs hated each other... they would detect each other as threats, but now I think they are working pretty well together.
 
Steve Poll said:
Hi Dean:

I work in a network IT dept. We only use two trusted anti-spyware programs. Spybot and Adaware.

I'll post links to them if it would help. There are some similar sounding imposters that, you guessed it, put their own spyware on your computer.

Just my .02.
Click to expand...

Hi Steve. Do you have any spyware recommentations for Mac OS X? Or is such a thing even necessary for a Mac? Thanks in advance.:confused:
 
standard PC advice file :

o Firewall:
+ if windows has it: turn on the Windows Firewall (Double click the
Network connection in the task bar > Properties > Advanced > Settings
> Turn on Firewall).

+ zone alarm : http://www.zonealarm - personal version rocks, solid,
warns you of outgoing connections too, which is useful

+ keep your computer behind a linksys/dlink firewall box too - "keeps
you invisible"

o Update your windows settings/software with latest security/patches/etc:
+ http://windowsupdate.microsoft.com/

o Internet Explorer and Outlook are the #1 problem on windows, fix it with:
+ Replace explorer with firefox : http://www.mozilla.com
+ Replace outlook mailer with thunderbird: http://www.mozilla.com

IMPORTANT TOOLS:

o avg anti-virus : http://www.grisoft.com/us/us_index.php
o panda anti virus: http://www.pandasoftware.com/download/Software/

o ad-aware : http://www.lavasoftusa.com/software/adaware/

o spybot : http://www.safer-networking.org/en/index.html / download.com /
http://www.pcworld.com/downloads/
file_description/0,fid,22262,00.asp
very useful, can innoculate against many problems as well, and lock
them in against changes

o hijack this : http://www.download.com/HijackThis/3000-8022_4-10227353.html
useful this list what's running on the system, and installed, and ...

o startup tools : http://www.mlin.net/ <- very useful to, use hte
"control panel" to see what's installed for startup items, use the
warning tool to prevent things from installing automatically

Tips:
o stop using internet exploder - firefox is vastly superior in many way :)
o stop using outlook, NEVER open attachments, even from friends,
that's how a LOT of viruses get around. better to save attachments as
files from trusted people, and then scan them. all other attachments,
throw them out.
problem: outlook pretty much automatically runs a lot of things it
receives, even if you didn't open it, thus installing viruses on your
system - thank microsoft for that.
o completely run ad-aware and spybot first, innoculate, install startup tools
o reboot
o run them again, run a "deep scan", perhaps overnite.
o use hijack this, and process monitor, and the list from startup
tools, in that order, and looks for stuff that doesn't belong, use
google to find the name: like "jupiter.exe", see if anyone thinks it's
a virus. you'll see a lot of reports on the net from hijack this, a
lot of people run that and then report its findings on the various
virus boards; mostly you can ignore them.

o worst case, back up your data, software, configurations, etc... do
regular backups anyway... and format, nuke from orbit, and reinstall
from scratch windows/XP, do all updates first, turn on firewall,
install zonealarm, and startup tools, and then anti viruseseses, and
restore your files. pray a lot :)

bladite
 
bwray said:
Hi Steve. Do you have any spyware recommentations for Mac OS X? Or is such a thing even necessary for a Mac? Thanks in advance.:confused:
Click to expand...

OSX does have some openings that will let you get hacked. i know this. hasn't happened to me. never use wireless on a non trusted net - keep your wifi locked. for about $50, you can buy a portable, personal linksys firewall product. you can plug into it, or talk to it wirelessly (i believe), and IT will talk to a wireless/wired network for you. hardware firewall - portable - about the size of a couple packs of cards. only way to go. this way nothign can tickle your ports directly.

check your personal firewall settings. close stuff down you opened up if you aren't using it. are you running the web server? turn it off whe nout and about.

if you go portable/laptop, TURN OFF bluetooth, and certainly make sure you are not discoverable. there's a couple wiggles in bluetooth that someone might try to exploit. make SURE to say "hell no" when anything tries to connect to you.

there's a couple trojans and such. basically, if you get a zip or other file, and you don't trust the source, be careful. some of these are sneaky attemps to hide a working app structure as an mp3 or other "harmless" file. don't run them. they could be ANYTHING.

and ... well, OSX is an OS. there's no reason why it can't be hacked to death. it just hasn't yet.

bladite
 
This program appears to be one of them. It puts it's own spyware on your computer.
Click to expand...

Big sigh . . . . . . :confused:


missed that......
had same experience before.
thought i had checked on this one,
guess i forgot to do prelim search :barf:

thanks for warning us off.

initial post corrected
good thread otherwise
<:)> THEY call me 'Dean' <>
dean-sp-sm.jpg

<:eek:> Caution: Not all ideas vented from this brain are entirely based on empirical data. JMO-M2C-fWiW-iIRC-YMMV-fYI-TiA-YW-GL
<:D> Noobee <> Tips <> Baha'i Prayers Links --A--T--H--D
 
Don't have time today to search further
but I did find on the Spycatcher homepage
an acknowledgment of using a rootkit within Spycatcher
& the reason given that it helps prevent spyware escaping Spycatcher
Supposed to 'intercept' spyware activity

sounds reasonable
but who knows if true without more info
as you say, Steve,
most 'anti'-spyware applications are spyware themselves.

http://www.tenebril.com/kb/showitem.php?faq_id=390
"Support
arrow_news.gif
Knowledge Base
arrow_news.gif
SpyCatcher Express
arrow_news.gif
Protection
Why does Rootkit Revealer identify SpyCatcher-related files?We use technology that is also used by rootkits, but we use it for good purposes. As part of fortifying the software from attack, SpyCatcher uses this technology to protect certain files from being disabled. As you know, fortification of the actual security application is an important component of a good security application and we are always looking for ways to make our software stronger and our protection better.
This technology is not just useful to rootkits (which are really almost always bad) â&#8364;&#8220; itâ&#8364;&#8482;s for "cloaking". The technical term for it is "interception" â&#8364;&#8220; astute users of DSL Reports have no doubt recognized the DLL that does the cloaking is called "Interceptor.dll" and has Tenebril vendor tags.
This is part of our overall approach to fortification, which is required of all security products, and we do it in a highly secure way that is resilient to exploit (other software canâ&#8364;&#8482;t piggyback on our hiding the way certain threats did with Sony and System Works). However, given the proliferation of anti-rootkit tools we are reviewing this approach and may remove it in upcoming releases. Our approach is professional and secure, but we donâ&#8364;&#8482;t wish to cause our users confusion or concern.
last updated: 2006/03/02"
<:)> THEY call me 'Dean' <>
dean-sp-sm.jpg

<:eek:> Caution: Not all ideas vented from this brain are entirely based on empirical data. JMO-M2C-fWiW-iIRC-YMMV-fYI-TiA-YW-GL
<:D> Noobee <> Tips <> Baha'i Prayers Links --A--T--H--D
 
Yvsa said:
Steve, what do you think about Microsoft's Beta Program? So far I've been pretty happy with it.:thumbup: ;)
Click to expand...

Hi Yvsa:

I have used it on about 60 machines. I don't have a problem with it. Seems to work fine. But, like all anti-spywrae programs - no one seems to get them all. Thats why I always install Spybot and Adaware. Don't run them at the same time though. Heck, you could Microft's and the other two. Practice safe computering!
 
bwray said:
Hi Steve. Do you have any spyware recommentations for Mac OS X? Or is such a thing even necessary for a Mac? Thanks in advance.:confused:
Click to expand...

I'm very sorry. I am a windows person and admit ignorance about Macs. Wish I could do better with your question.
 
Tips:
o stop using internet exploder - firefox is vastly superior in many way :)
o stop using outlook, NEVER open attachments, even from friends,
that's how a LOT of viruses get around. better to save attachments as
files from trusted people, and then scan them. all other attachments,
throw them out.
problem: outlook pretty much automatically runs a lot of things it
receives, even if you didn't open it, thus installing viruses on your
system - thank microsoft for that.
o completely run ad-aware and spybot first, innoculate, install startup tools
o reboot
o run them again, run a "deep scan", perhaps overnite.bladite[/QUOTE]


Hi Bladeite:

I disagree completly with your position on not using IE. But this is a topic loaded with personal preference. If it works for you, do it!

Ask three IT guys how to do something and you will get three different answers and they will probably all work.

In addition to the programs mentioned there is a good, free one called Stinger from McAfee that goes after specific infections after they have occurred. I've used it as one of many tools to combat and remove virus.

But there are so many available. I'm going to watch and read and maybe pick up a tip on one I haven't used.
 
bwray said:
Hi Steve. Do you have any spyware recommentations for Mac OS X? Or is such a thing even necessary for a Mac? Thanks in advance.:confused:
Click to expand...

Hi Bill:

I do know that in the earlier days of the Macs they were pretty free from catching viruses. Now that they have become so popular, hackers go after them too.
 
I'm going to step in and throw in another vote for using Firefox instead of internet exploder. I've had much fewer problems and I enjoy the extra features that IE doesn't have (like tabs).
 
Hi Bladeite and Kazeru:

I would like to hear your reasons for using Firefox and not liking IE. Could you break the replies up into two catagories. Single user and enterprise environments.
 
Steve Poll said:
I would like to hear your reasons for using Firefox and not liking IE.
Click to expand...

I've downloaded the free Opera, Firefox and with the SBC DSL I automatically get the Yahoo Browser.
I dislike all of them and have stayed with IE except for my short excursions of straying away.
I find IE to be more to my liking and easier to use than the others.
Contrary to most everyone else I hate the damned tags Firefox has.
All of my other browsers have been uninstalled from my unit except for the Yahoo as it's kinda a necessary fixture when running SBC DSL.:grumpy:

But then even though I'm pretty computer illiterate I do mostly listen to those more experinced than I and I have AdAware, Spybot S&D, CW Shredder, HiJack This, Spyware Dr., ZoneAlarms, Norton, Spyware Blaster, Microsoft Beta AntiSpyware, A squared Start Center, and Crap Cleaner.
Also have the PanicWare Popup Blocker that I've left installed even after getting the one for XP.
Oh, and can't forget the old Webroot Spy Sweeper.
I'm also very careful about attachments and what little spam that gets past the bulk folder in the Yahoo/SBC mail gets immediately moved to my junk folder without opening it, I really am fond of the preview panel in MS Outlook, not the Outlook Express.
And so far so good.
Norton has caught some Trojans trying to enter on startup after rebooting as has the MS AntiSpyware.
The Spyware Blaster pretty much keeps my system from getting any new ones.
And even with the good luck I have had I am still somewhat paranoid and looking for new and better things and ways to protect myself and computer.
 
Steve Poll said:
Hi Bladeite and Kazeru:
I would like to hear your reasons for using Firefox and not liking IE. Could you break the replies up into two catagories. Single user and enterprise environments.
Click to expand...

i don't DISlike IE. it does some good things. it's just i can't trust it as a professional tool. i use it to review web content *i* generate to stay compatible with other client sites/etc... however i will not use it as my personal browser.

actually, the reasons for using both are fairly similar... i'll speak to both unless i can think of a good reason to split them... i'll also be speaking to "windows" experience, even though i know that IE also runs on OSX, and of course, FF runs on everything ;)

o IE allows some fairly heinous things to be run from web content automatically, and without user knowledge. this allows various nasty content to become nearly permanently wedged into windows. the main transport for such antics are active x and javascript iirc. FF doesn't allow this. this is the main reason to avoid ayeeeyeeeeee, and also to avoid Outlook. the #1 method of getting 0wned is to use these tools on a compromised website.

damage can range from having new explorer tool bars (which act as spyware themselves), actual spyware, keyloggers, backdoors, etc, all loaded magically. some of these tools are instantly loaded, even if you have anti virus installed, even if you have a firewall, etc, etc. evil isn't it?

outlook will just plain execute what it sees in a mail buffer unless you tell it not to, and even then, there are hooks and hooks and hooks. stuff gets run.

the internet/web is a hostile place now. so many exploits. M$ cannot guarantee, and doesn't even try to pretend they are safe. FF has had some exploits performed on it as well but they get fixed VERY quickly. they DO try very hard to keep things sane. M$ doesn't care.

o FF runs on many major platforms - from an enterprise standpoint, you get a consistent look. it's supported as well. IE runs on windows mostly. the IE that runs on OSX is different, and not as well supported.

o FF has tabs - and well thought out actions for them. once you get used to that, you rarely go back. for those that hate tabs, you can turn them off as well.

o extension - there are TON of good FF extensions ranging from HTML validators, to session saving (for crashes and configurations), add blocking, weather tracking, mail notifiers/etc. it's like having a massively useful tool in one place - as increasingly you see the "internet" from your browswer.

o they're both free ;) however, one of them is a better bargain, ultimately, you have to decide.

with some digging, i bet i could find a fairly well thought out FAQ on IE vs FF. i'll see what i can find.

bladite
 
Hi Bladite:

Thanks for the reply on this topic. It is certainly interesting stuff. Always seem to me many different ways to do the same thing. My department even has to debate whether to ask CDW for a quote on a purchase or order it from the online catalogue. Sometimes being a Network Admin is more about keeping the peace. Now that's somthing I can only do at work!
 
Steve Poll said:
Hi Bladite:

Thanks for the reply on this topic. It is certainly interesting stuff. Always seem to me many different ways to do the same thing. My department even has to debate whether to ask CDW for a quote on a purchase or order it from the online catalogue. Sometimes being a Network Admin is more about keeping the peace. Now that's somthing I can only do at work!
Click to expand...

i do know many many admins and other such, and i know that SOME places (i'll consider them enlightened), do as much as they can to keep their users from shooting themselves in the foot.

most don't give the users ANY admin rights to install anything. that helps. some run software that returns a machine to a known configuration every night/week/weendend... that helps, weeds out that which doesn't belong. many other monitor network traffic in an effort to stamp out stuff.

i know some folx, mailing lists included that squash ALL attachments. there's no good reason in their (and sometimes mine) opinion to allow attachments. mail is for content, not a transmission vector. THAT helps tons. want to move a document set around? instead of emailing a 50 MB attachment, you put it on a server, and send the ftp/http pointer. good.

i pretty much ask [uh tell] anyone i do any admin or update work for to PLEASE for god's sake don't use IE or outlook. ever. hell, i've elminated all easy access, and made the IE icon point to FF :> heh. it helps a lot. it keeps my life simpler too. the more i can lock down, the less people can screw it up. mostly, they don't miss it either.

bladite
 
Bladite said:
i do know many many admins and other such, and i know that SOME places (i'll consider them enlightened), do as much as they can to keep their users from shooting themselves in the foot.

most don't give the users ANY admin rights to install anything. that helps. some run software that returns a machine to a known configuration every night/week/weendend... that helps, weeds out that which doesn't belong. many other monitor network traffic in an effort to stamp out stuff.

i know some folx, mailing lists included that squash ALL attachments. there's no good reason in their (and sometimes mine) opinion to allow attachments. mail is for content, not a transmission vector. THAT helps tons. want to move a document set around? instead of emailing a 50 MB attachment, you put it on a server, and send the ftp/http pointer. good.

i pretty much ask [uh tell] anyone i do any admin or update work for to PLEASE for god's sake don't use IE or outlook. ever. hell, i've elminated all easy access, and made the IE icon point to FF :> heh. it helps a lot. it keeps my life simpler too. the more i can lock down, the less people can screw it up. mostly, they don't miss it either.

bladite
Click to expand...

Hi Bladite:

My employer has many offices. I am used to tight security in an enterprise environment. Not an IT free for all. Ever since I built this network I have had to fight an uphill political battle. Sales associates are allowed to plug their personal laptops into our network. This is a huge security hole. They could have anything on their computers. At lease I've gotten all users to have XP Pro as a unified platform. I have to fight for strong passwords (in this case more than three letters!!!!) much less be allowed to force passwords to change periodically. I just wait for a successful attack. I spend a lot of time hardening the servers and network to protect against my own users. It is different.
 
You must log in or register to reply here.
Back
Top