Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

freeing a freeware from spyware

From: "J. Yoon" <supercool9000 () hotmail com>
Date: Tue, 27 Jan 2004 15:13:21 -0500
Has anyone ever modified a freeware so that it doesn't depend on the spyware that it came with?
Aside from the obvious solution of "Don't use the Freeware" (DUH... 8-), would you know how I could bypass the spyware (or at least just render it less harmful to the security vulnerabilities it opens up) and still make this freeware work? I honestly don't mind the Ads when I use a freeware, but this one seems a bit more intrusive and riskier compared to other harmless banner ads. Here's a quote from http://www.cexx.org/cydoor.htm "the program's ability to silently load executable code presents a potential security vulnerability to the user"
The freeware in question is: Prosigner Vocab Wizard 6.3 running on Windows XP I doubt they made the source code available since google doesn't seem to be able to find it. 

This is what happenes:
- During installation, it also installs "cydoor" spyware
- It installs the main program file to the usual c:\program files\(...) subdirectory - It writes its spyware files to C:\windows/system32/adcache? (or adware) directory - Also writes a dozen or so spyware DLL's in C:\windows\system32 (file names are "cd_*.dll" ) - When my antispyware "ad-aware" kicks in, all of the above files are quarantined without any mercy. - the freeware then stops working when it sees the spyware is deinstalled/no longer working properly. 

I have tried the following
1) firewall solution: blocked the spyware from sending or receiving any packets. after a while, freeware complains about not being able to update the ads 2) deleted the main cydoor executable "cd_load.exe": the freeware complains about a missing file with an extension of ".pat" but seems to work 
although I don't know how much longer.

Any suggestions would be welcomed,
Thanks.

_________________________________________________________________
Scope out the new MSN Plus Internet Software — optimizes dial-up to the max! http://join.msn.com/?pgmarket=en-us&page=byoa/plus&ST=1 


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: