October 20, 2007

PC Security - Scan, Clean and Protect

Filed under: Spyware, virus, adware, trojan, pc security, antivirus — <ADMINNICENAME> @ 4:38 pm

PC Security - Scan, Clean and Protect 

I’ve been talking with my friends David and Tom about PC Security and we all have different views on the subject. Mostly due to our background and what we do for a living.

The quotes are things they have said and then you’ll get my take on the subject.

So let’s get started!

PC Security” works in 1 of 2 ways. If you lack the knowledge to handle it, an all out, kill it all approach is what the security package manufactorers have decided you need. Never mind what it breaks while “protecting” your computer.

The other path is to have software that can do almost anything, but passing on the burden on deciding what and when to do what to the user. And most people doesn’t have a clue about what the questions asked are all about.

Quote:
searching for virtually non-existent threats?


Eh, I would hardly call it non-existent (se next quote).

Quote:
Times evolve, threats evolve, sources of threats change. I just don’t agree with taking an approach that keeps piling on more and more stuff to deal with new threats and sources, and never removing the older stuff that’s obsolete.

I completely agree with the evolution part. But I don’t think there’s much to remove.

Quote:
Originally, viruses were little DOS programs that used common system calls to insert themselves onto the Interrupt Service Vectors that serviced disk reads and writes. They’d install themselves as “TSRs” and just create havoc with the hard drive. I don’t believe that Windows 2000, XP, or Vista will even allow ANY programs to access the Interrupt Service Vectors, let alone install themselves as TSRs. Windows does everything using DLLs now. TSRs went out after Windows NT was released.

TSR or “Terminate Stay Resident” programs were normal software that used a special interrupt to load and in a way stop showing the user they were loaed, and still keep on running.

Viruses have been using TSR techniques back in the dos days but far from all viruses used that. And the most important reason for using it was that a pc only ran 1 program at a time and unless you somehow faked people into beleiving they were running a program while actually runiing a virus, the only way to be in the loop was by intercepting interrupts.

With an event driven operating system with built in message queues there’s no reason to fiddle with interrupts anymore and as far as TSR goes, any one can create the gui version of an TSR fast and easy as almost any program used in a multitasking, even driven operating system can be used in the same way as the old dos TSR.

The best known “TSR’s” in the windows world can found among the services (autostarts and run in memory without the user doing anything) and other types of software like anything that is minimized down to the task bar or even just running without any icon.

Hiding processes and services under the radar by having them run under svchost is another often used method to keep a software “hidden” or “secret”.

Quote:
So why run security software that sifts through apps looking for signatures of viruses that are designed to run as TSRs? Every disk read and write gets inspected! That’s my beef. Over 80% of the threats most “security software” is looking for are obsolete.

I think it would be a logistic nightmare to have signature files with only exact the possible “infectant signatures” for every possible version of windows. Technically it could be done of course but with people running at least windows 95 and up there would be a lot more to keep updated compared to have all signatures in one file.

But to be honest, I’ve never seen exactly what is in a signature file so I can’t really say how much of the signatures are unique for obsolete code.

Inspecting every disk read and write seems reasonable for me as part of a signature can be certain ways of doing disk read or writes. Especially now as signature based virus (or threath) analysis is falling back more and more and heuristic analysis is coming strongly.

Signatur based threath analysis is still the fastest way but in many cases very insecure for any modern virus (and all the group of adware, spyware, trojans, badware, backdoors …) as the regeneration time and easy of mutating code has made it possible to change a signature in virtually no time at all.

As code makers gets more creative in their ways of hiding code and find new ways of using alternative infection ways and bad code installation methods like piggy backing on semi.harmless code or plainly managing to get a “harmless” piece of code into a computer and let that program in turn download and install the bad code in stages, the ways of finding, stopping and repairing has become equally complex.

Heuristic evaluation with MCA (Multi Criteria Analysis) and virtual machines where “suspicios code” can be run and tested are now common techniques to combant these problems.

The problem is that more complex threaths do increase the complexity of the code that is protecting you from the problems as well. Making an resource impact on the computer where they run.

Quote:
Nonetheless, people have been bamboozled into believing it’s necessary to suck up a huge percentage of CPU resources looking for these innocuous “threats”. Meanwhile, they get attacked from something new neither they nor their security software vendor has even heard about yet, and think they got hit by a “virus”. So they renew their subscriptions and update all of their anti-virus databases…. to what avail?

I do agree fully with the fact that the “security” industry is trying to push multi-bega-super-security packages into all the computers they can find. More of their code=more profit and less competitors that have software installed.

And so far I think no one of the big packages are usable. They all have massive amounts of crap bundled just to “give value for money” and the only thing the acomplish is to mess up computers.

And simple is alwas better then complex when it comes to security. The more pieces and configuration options there are, the less likely it is that it will work as promised.
[/quote]

Quote:
Is there a reason to upgrade your computer to a 3GHz machine with 2GB of RAM if the newest OS plus newest security software chew up half of that RAM and half of the CPU bandwidth, leaving you with a “brand new” 1.5 GHz machine with <1GB of usable RAM? Errr... why did you upgrade again?

That’s why I use AVG for antivirus and not symantec or panda for example. I can actually use my computer and still have AVG running!

Security Software

Software created to help you with your security, antivirus software, spyware remover, system cleaners, trojan killers, anti spam solutions and similar are a must today. No one should use a windows computer without having at least a firewall and an antivirus software.

I’ll be posting more thoughts and details about this subject soon.


There. some thoughts of my own and ultimately I think that what I said boiled down to more or less the same as what David thinks about security software, I just took another way to get there!
Kenth

 Related blogs

The Business Protector
The Toolwiz Blog

Tags: Pc-security,scan,virus,threat,registry,spyware,trojan,clean-pc,fix-registry,repair-registry, bots,botnet,bot-net,root-kit

November 29, 2006

PC Security

Filed under: Spyware, virus, adware, trojan — <ADMINNICENAME> @ 12:04 pm

Pc Security

Would you like to learn more about pc security, spam, intrusions, backups and a whole lot of other things related to your pc and the security related to owning a pc?

I thought so!

Go and get your free pc security ebook and start reading.

The best defence is to know your enemy, so read about it all and start improving your defences and protection today!

Tags: security, trojan, pc, spyware, virus, backup

November 3, 2006

Arm Yourself Against Snoops With Spyware Counterintelligence

Filed under: Spyware, virus, adware — <ADMINNICENAME> @ 7:44 pm

Spyware is the cyber-equivalent of a peeping Tom. No one would think of sitting by while someone hide in the bushes watching their every move, so why do so many allow spyware snoops to moniter them online? In some cases the answer is simple. They may not even know that they are being watched.

Spyware comes in all shapes and sizes. It can simply be annoying or it can be downright dangerous. The more worrisome varieties of spyware can:

1. Slow down your system
2. Crash your PC
3. Log your keystrokes
4. Log your email
5. Log your chat sessions
6. Steal credit card details
7. Capture passwords
8. Screen capture your display
9. Collect personal data
10. Collect financial information

What is the Purpose of Spyware?

There are many different parties who may want to collect your personal, financial, or sensitive information and there are several reasons why they might want to have it. Usually spyware users are:

1. Marketing Companies - They gather data from your PC about which sites you visit, which products you purchase, and details about the email that you send.

2. Family Members - Even your own loved ones may be monitoring your activity. Parents can use spyware to keep tabs on the sites that their children frequent and suspicious spouses could easily use spyware to track their mates activity online.

3. Roommates - Roommates are also possible spyware users. For example, when students enter college they must cohabitant with people that they don’t even know. One of those people could easily be an unscrupulous person who is gathering important information with spyware.

4. Employers - Many employers, concerned about employees wasting time online, have installed snoopware on company computers. This software is designed to moniter both online and email activity. Your employer, therefore, could be monitoring you and judging you based not on your work performance, but rather on the content of your email and the sites that you visit while at work.

5. Crime Organizations - Thieves and all sorts of nefarious sorts use spyware everyday to collect credit card details, social security numbers, passwords, etc. They then use this information to steal your identity and, in the process, make a considerable amount of money while ruining your credit and your reputation.

6. Identity Thieves - Spyware is a vital tool in an identiy thefts arsenal. It allows them to gather detailed information that they can then use to masquerade as you.

Is There More Than One Type of Spyware?

Spyware is just a broad term for a variety of different programs. A few of the more common forms of spyware include:

1. Adware - Those annoying pop-ups ads that plaster your screen fall into the category of adware. Adware also refers to any advertiser supported program. In order to display ads that are targeted to your interests your activity is monitored and, based on your habits, you are shown ads that should be of interest to you. Adware also puts a strain on your system resources because it must connect to a remote server in order to communicate your personal information with whomever is monitering you.

2. Keystroke Loggers - This type of spyware logs everything that you type. Whether that is a personal note, a password, or a credit card number. Anything and everything that you type is captured and forwarded to the person watching your activity.

3. Browser Hijackers - This form of spyware will commonly change your home page to a so-called search page that is filled with less-than-useful pay-per-click results. This flavor of spyware also logs the URLs that you visit.

4. Snoopware - This variety of spyware can monitor a PC user’s every action. In addition, these programs were specifically designed to go undetected by the person being monitored. Snoopware used to be primarily found only in the workplace, but, as snoopware became more affordable, its usage grew. Employers, suspicious spouses, coworkers, parents, and strangers are just a few of the people that may unleash snoopware on your system.

How Spyware Invades Your System Without Warning

The sad fact is that you have probably installed a very malicious spyware program on your computer without even realizing it. Your system may been infected with spyware if you have ever downloaded:

1. File-sharing programs
2. Freeware
3. Shareware
4. Music
5. Games
6. Screensavers
7. Video clips
8. Pictures

Even some programs that can be purchased in stores contain spyware.

Spy(ware Detection) vs. Spy(ware)

It would be virtually impossible to prevent spyware on your own. Even the most hyper-vigilant defense would most likely let spyware slip through the cracks. The only way to absolutely ensure that your system is protected is to monitor your computer with spyware prevention and removel software.

A firewall is another invaluable resource that should be used in conjunction with a spyware prevention and removal program. The firewall monitors your PC’s Internet connection and shields it from unwanted actions by third-parties. In doing this it prevents spyware from connecting with remote sites without your permission.

Once spyware infiltrates your system it can be quite a chore to remove. Uninstalling the program that was bundled with the spyware won’t do it. That will only remove the main application from your system, while the spyware application remains. After spyware has entered your computer your best course of action is to install a spyware prevention and removal program. In addition to preventing spyware infection these programs will also remove the spyware that has already infected your system.
About the Author

Heather Wallace is a writer whose work has been published in national, regional, and online publications. Additionally, she has written articles as a newspaper correspondent. Visit http://www.fetchingsites.com/SpywareIntel.html to run a free spyware detection scan on your computer.

“Use This Handselected Spyware Remover Top 3 List to Scan,
Detect and Remove Spyware, Adware, Malware, Trojans,
Keyloggers, Snoopers, Backdoors and Similar in Just Minutes”

Tags: spyware,adware,malware,trojan,ad-ware,antispyware,
remove,infected,clean,bad,error,problem,software