Security Basics mailing list archives
RE: Best spyware program
From: "Bill Stout" <bill.stout () greenborder com>
Date: Fri, 22 Jul 2005 11:06:46 -0700
From what your asking, I understand that you want to test the
effectiveness of the anti-spyware program. This is the browser-based test I use for our software. I've found that McAfee and MS AntiSpyware are the best at alerting you of immediate threats. ##Note: I've purposefully broken the links in this message by adding spaces after the first dot. Do not repair the links and hit these sites without antivirus and antispyware protection. Although our software will pass the tests below, using other AV or AS protections will result in infection. I recommend using a 'scratch' system to test your software. ### 1. Scan system for infections with test program 2. Disable Windows XP System Restore [Start -> Programs -> Accessories -> System Tools -> System Restore]. Note: Windows System Restore will restore viruses and Trojans removed by AV and AS programs! 3. With the software protection enabled, install spyware from these sites: Gator - http://www. gator.com/home2.html Hotbar - http://www. hotbar.com/ Ezula - http://www. ezula.com/ Cydoor - http://www. cydoor.com/Cydoor/ SaveNow - http://www. whenu.com/about_savenow.html CoolWebSearch (Please email me with current site) Altnet - http://www. altnet.com/tech/peer.asp BargainBuddy - http://www. limewire.com/english/content/home.shtml BargainBuddy - http://web. net2phone.com/consumer/commcenter/ 4. Scan system for infections with program of your choice - No traces should be found Note: I've found that free versions of AntiSpyware (e.g.; Ad-Aware) do not detect or protect as much as paid versions (Ad-Aware Pro). I've noticed a big difference in detected and cleaned threats between free and 'Pro'. 5. Remove infections if protection failed 6. Reboot 7. Scan system for infections with program of your choice - No traces should be found Repeat the above, but this time run through a set of online exploits for step 3: Exploit Codebase.Gen - http://sec. drorshalev.com/dev/iehk/Vulnerabilities/Security%20Zones/Introduction/co debase.html Exploit MIME gen.exe - http://sec. drorshalev.com/dev/iehk/Vulnerabilities/Content%20types/Execution/autoex ec.eml VBS Inor - http://sec. drorshalev.com/dev/iehk/Vulnerabilities/Content%20types/Spoofing/example 2.mhtml Exploit XPHelpDelete - http://sec. drorshalev.com/dev/helpsupport/login.htm JavaScript Downloader-FU http://www. safecenter.net/UMBRELLAWEBV4/1stCleanRc/1stCleanRc-Demo/index.html Exploit ContentType - http://sec. drorshalev.com/dev/iehk/Vulnerabilities/Content%20types/Spoofing/example 1.mhtml JavaScript AX/Runner - http://www. halcyon.com/mclain/ActiveX/Runner/welcome.html JavaScript Exploit DialogExp - http://sec. drorshalev.com/dev/styleAttack/LarumWay.htm JavaScript Exploit FormPaste - http://sec. drorshalev.com/dev/localfiles/ JavaScript Exploit OVC.demo - http://sec. drorshalev.com/dev/officeXP/ Exploit AutoScanJPU - http://umbrella. name/originalvuln/msie/AutoScanJPU/AutoScanJPU-MyPage.htm Exploit viaSWFurl - http://umbrella. name/originalvuln/msie/viaSWFurl/viaSWFurl-MyPage.htm Exploit AutoScanJPU - http://umbrella. name/originalvuln/msie/AutoScanJPU/AutoScanJPU-MyPage.htm Exploit WsBASEjpu - http://umbrella. name/originalvuln/msie/WsBASEjpu/WsBASEjpu-MyPage.htm Bad Parent http://umbrella. name/originalvuln/msie/BadParent/BadParent-MyPage.htm BodyRefreshLoadsJPU - http://umbrella. name/originalvuln/msie/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-MyPage.ht m HijackClick - http://umbrella. name/originalvuln/msie/HijackClick/HijackClick-MyPage.HTM http://umbrella. name/originalvuln/msie/HijackClick/HijackClick2-MyPage.HTM 4. Scan system for infections with program of your choice - No traces should be found 5. Remove infections if protection failed 6. Reboot 7. Scan system for infections with program of your choice - No traces should be found Bill Stout www.greenborder.com -----Original Message----- From: Bapodara, Shyamal [mailto:Shyamal.Bapodara () earthtech com] Sent: Wednesday, July 20, 2005 10:21 AM To: security-basics () lists securityfocus com Subject: Best spyware program Hello Team I do like to test different so called "free" software available online. What is the best to test if they don't have any spyware in it once it is installed? What will be the best way to test these with out compromising my system? Thanks Shyamal This e-mail is intended to be delivered only to the named addressee(s) and may contain information that is confidential and proprietary. If this information is received by anyone other than the named addressee(s), the recipient(s) should immediately notify the sender by e-mail and promptly delete the transmitted material from your computer and server. In no event shall this material be read, used, stored, or retained by anyone other than the named addressee(s) without the express written consent of the sender or the named addressee(s).
Current thread:
- Best spyware program Bapodara, Shyamal (Jul 20)
- Re: Best spyware program Eric Webster (Jul 21)
- RE: Best spyware program Marlon Ngantung (Jul 22)
- Re: Best spyware program Atom Powers (Jul 26)
- Re: Best spyware program John D. Patota (Jul 22)
- <Possible follow-ups>
- Re: Best spyware program lusid65 (Jul 21)
- RE: Best spyware program McKinley, Jackson (Jul 22)
- RE: Best spyware program Lett, Craig (Jul 22)
- RE: Best spyware program David Gillett (Jul 26)
- MS not buying Gator, er, Claria after all Dave Aronson (Jul 26)
- RE: Best spyware program Bill Stout (Jul 26)
- Re: Best spyware program McLain Causey (Jul 26)
- Re: RE: Best spyware program nickledesma (Jul 26)
- Re: RE: Best spyware program knieveltech (Jul 26)
- RE: RE: Best spyware program Brad Berson (Jul 29)
- RE: Best spyware program Craig Wright (Jul 29)
- RE: RE: Best spyware program Mike Fetherston (Jul 29)
- Re: Best spyware program Eric Webster (Jul 21)