RE: Adware, spyware, and trojans

[BRAD GRIFFIN <b.griffin () cqu edu au>]

> -----Original Message-----
> From: Carere, Courtney [mailto:CCarere () rich com]
> Sent: Saturday, 7 December 2002 02:49
> To: 'security-basics () securityfocus com'
> Subject: Adware, spyware, and trojans
>
>
>  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Upon reading "The Art of Deception" by Kevin Mitnick yesterday (an
> excellent book, by the way), he writes that most antivirus software
> does not detect spyware, which was a shock to me.  Spyware seems to
> be defined as software that logs keystrokes, screenshots, user
> actions, etc.  I have a couple of questions:

I would suggest that Kevin's description of spyware is different to what many people now consider spyware. Kevin's is 
probably more correct though. Spyware in its most common form is the type of software that sends back user identifiable 
data to a main server of some commercial group such as Real
Networks who were found to be doing this a year or so back (see: 
http://hsc.virginia.edu/hs-library/newsletter/2002/2002spring/spy.html and http://grc.com/downloaders.htm). Having said 
all that, spyware software is not viral, so I wouldn't expect anti-virus software to detect it as such. That would
be like expecting a word processor to do your tax accounting. Two completely different monsters.


> 1.  What's the distinction between spyware, adware, and trojan
> software?  (My antivirus software says it protects against Trojans,
> and I've seen programs like SubSeven in its log files.)

Spyware, as I define it, is any software that will send personably identifiable information back to the developers of 
said software without your knowledge or consent. This can also mean that you may 'opt out' of sending info, yet the 
software still does.
Adware is any software that is supported by banner ads inside the program. The free version of Opera is an example of 
adware. Unfortunately, some developers fail to inform people that their software is adware, which can leave a bad taste 
in peoples' mouths when they suddenly realize that they have
to put up with advertising to use the program. Most reputable vendors openly state whether or not their product is 
adware.
Trojans are software that is surreptitiously installed on a computer. This type of software can do anything from 
logging keystrokes, to allowing a remote user to take complete control of the victim computer.


> 2.  Is there any good software that detects and removes spyware,
> ideally controlled and updated continuously from a central server?

I believe ad-aware has been mentioned. Another is Spybot Search & Destroy (http://security.kolla.de/). I've been using 
Spybot S&D with great success. It also performs other functions such as finding p o r n diallers. You will have to 
check for updates though, it's not an automated process.


> Thanks!
>
> - - Courtney Carere
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0.4
>
> iQA/AwUBPfDTHHcM/5zG0KHEEQIcrACg73VSeTkX/ecvtX+HOWnFNCVNsUUAoMqs
> n4t8pKXIbtMIQaMiwRhLW/gN
> =4uWy
> -----END PGP SIGNATURE-----