Spyware. Is it a real problem ?
Spyware. Is it a real problem ?. Gareth Smith RAL PPD Vendors are concerned about the cost of dealing with spyware-related complaints. But they also fear.
Mar 28, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Spyware.
Is it a real problem ?
Gareth Smith
RAL PPD
Vendors are concerned about the cost of dealing with spyware-related complaints. But they also fear that customers will wrongly blame them.
By Allison Linn, Associated Press
Spyware generally refers to programs that land on computers without their owners' knowledge. They can deliver hordes of pop-up ads, redirect people to unfamiliar search engines or, in rare cases, steal personal information. Users most often get them by downloading free games or file-sharing software - and consenting to language buried deep within a licensing agreement.
Gareth Smith
RAL PPD
Spyware Threat Seen Larger Than Most Corporations Realize
By Gregg Keizer Courtesy of TechWeb News
"Because help desk support is the most heavily exercised part of IT, companies know what the calls involve," said Stiennon. "Dell, for instance, says that 20 percent of its calls come from spyware problems, but in the enterprise it's even more so. Some companies are seeing 50 to 75 percent of their help desk calls stemming from spyware."
Gareth Smith
RAL PPD
Is this stuff picked up by Anti-Virus Vendors?From Sophos site:
Sophos provides protection against software (viruses, spyware, diallers, Trojan horses, and worms) which behaves maliciously.
There is a category of application known as 'adware' which although sometimes annoying cannot be described as malicious. The programs are normally up front about what they plan to do, ask the user's permission at installation, and include uninstallers.
Understandably, the vendors of these adware applications are unhappy to be classified as malicious by an anti-virus application and may resort to legal action against anti-virus vendors who detect them inappropriately. Their view is that they have been upfront about what their application does, and have sought the user's permission to be installed.
Users who wish to detect adware applications may like to consider some of the freely available adware-detection applications.
If you have seen an application which you believe to be malicious (for instance if it collects keypresses without the user's knowledge or replicates) then please send it to [email protected] so the experts in Sophos's virus labs can analyse it.
Gareth Smith
RAL PPD
• Scans all or selected file types, including inside archives • Scans memory for active pests and kills the process • Zaps spyware cookies before they can phone home about you • Stops known and unknown keyloggers from hooking your keyboard • Quarantines or deletes any identified pest • Checks and removes pests from registry and start-up areas • Downloads and installs updates automatically on availability • Tells you the specific threat level of any pest found • Saves all pest-related events in an easy-to-read log file
What does Pest Patrol Claim to Do ?
Gareth Smith
RAL PPD
Problems Seen
• Interface ‘lumpy’
• Sometimes the processes on client workstations make heavy demands on resources – both CPU and memory leading to performance problems.
•Repeated e-mails from some machines.
Gareth Smith
RAL PPD
What has been found - 1
•Lots of tracking cookies
•Unknown Dialer (Dialer)•In ..Temporary Internet Files\blueleft[1].gif
•Unknown Trojan (Key logger)• …Temporary Internet Files\.....\GoogleNav[1].cab
•W32/Vip.4311 (Dropper)• …Temporary Int Files\.....\121878_euro2[1].jpg
Gareth Smith
RAL PPD
What has been found - 2
•TightVNC 1.2.7 (Commercial RAT)
•2 objects – location not specified.
•Timbuktu Pro (Commercial RAT)
•(process terminated).
•Exploit (Exploit)
• C:\Documents and Settings\....\Desktop\My Briefcase\Smi\state_manager\source\ptrvector.cc
Can exclude by category or ‘pest’
Gareth Smith
RAL PPD
Utah sees first spyware caseBy John Oates
Published Wednesday 19th May 2004 14:17 GMT
Overstock.com is set to become the first company to take action under Utah's new anti-spyware law. The company has filed a complaint against online retailer SmartBargains in the third district court in Salt Lake City. Utah's spyware law, the world's first, only made the statute book on 3 May. Utah is the only state with current spyware legislation, although California and Iowa are considering their own versions of the law.
Overstock alleges that SmartBargains is using spyware to display pop-up ads over the top of Overstock's website. Overstock wants the practise stopped and it wants damages, costs and legal fees.
Gareth Smith
RAL PPD
Conclusions
• Anti-virus products pick up the worst (malicious, self-replicating) spyware.
• But there is a lot of spyware stuff on systems. Not clear on its effect.
• This is a messy area and you have to think what you want to clean-up.
• Not sure we have ‘enterprise class’ solution yet.
Related Documents
