Re: Best spyware program

[McLain Causey <mclaincausey () yahoo com>]

A great preventative (just a piece of the puzzle, not a panacea)  
measure is to modify the hosts file to reroute ad site addresses to  
localhost so that they cannot be accessed at all.  Mike Skallas  
actively updates his, which is free for non-commercial use:
http://everythingisnt.com/hosts.html

On Jul 22, 2005, at 1:06 PM, Bill Stout wrote:

> From what your asking, I understand that you want to test the
> effectiveness of the anti-spyware program.
>
> This is the browser-based test I use for our software.  I've found  
> that
> McAfee and MS AntiSpyware are the best at alerting you of immediate
> threats.
>
> ##Note: I've purposefully broken the links in this message by adding
> spaces after the first dot.  Do not repair the links and hit these  
> sites
> without antivirus and antispyware protection.  Although our software
> will pass the tests below, using other AV or AS protections will  
> result
> in infection.  I recommend using a 'scratch' system to test your
> software. ###
>
> 1. Scan system for infections with test program
>
> 2. Disable Windows XP System Restore [Start -> Programs -> Accessories
> -> System Tools -> System Restore].  Note: Windows System Restore will
> restore viruses and Trojans removed by AV and AS programs!
>
> 3. With the software protection enabled, install spyware from these
> sites:
> Gator - http://www. gator.com/home2.html
> Hotbar - http://www. hotbar.com/
> Ezula - http://www. ezula.com/
> Cydoor - http://www. cydoor.com/Cydoor/
> SaveNow - http://www. whenu.com/about_savenow.html
> CoolWebSearch (Please email me with current site)
> Altnet - http://www. altnet.com/tech/peer.asp
> BargainBuddy - http://www. limewire.com/english/content/home.shtml
> BargainBuddy - http://web. net2phone.com/consumer/commcenter/
>
> 4. Scan system for infections with program of your choice - No traces
> should be found
> Note: I've found that free versions of AntiSpyware (e.g.; Ad-Aware) do
> not detect or protect as much as paid versions (Ad-Aware Pro).  I've
> noticed a big difference in detected and cleaned threats between free
> and 'Pro'.
> 5. Remove infections if protection failed
> 6. Reboot
> 7. Scan system for infections with program of your choice - No traces
> should be found
>
> Repeat the above, but this time run through a set of online  
> exploits for
> step 3:
> Exploit Codebase.Gen - http://sec.
> drorshalev.com/dev/iehk/Vulnerabilities/Security%20Zones/ 
> Introduction/co
> debase.html
> Exploit MIME gen.exe - http://sec.
> drorshalev.com/dev/iehk/Vulnerabilities/Content%20types/Execution/ 
> autoex
> ec.eml
> VBS Inor - http://sec.
> drorshalev.com/dev/iehk/Vulnerabilities/Content%20types/Spoofing/ 
> example
> 2.mhtml
> Exploit XPHelpDelete - http://sec.
> drorshalev.com/dev/helpsupport/login.htm
> JavaScript Downloader-FU http://www.
> safecenter.net/UMBRELLAWEBV4/1stCleanRc/1stCleanRc-Demo/index.html
> Exploit ContentType - http://sec.
> drorshalev.com/dev/iehk/Vulnerabilities/Content%20types/Spoofing/ 
> example
> 1.mhtml
> JavaScript AX/Runner - http://www.
> halcyon.com/mclain/ActiveX/Runner/welcome.html
> JavaScript Exploit DialogExp - http://sec.
> drorshalev.com/dev/styleAttack/LarumWay.htm
> JavaScript Exploit FormPaste - http://sec.
> drorshalev.com/dev/localfiles/
> JavaScript Exploit OVC.demo - http://sec. drorshalev.com/dev/officeXP/
> Exploit AutoScanJPU - http://umbrella.
> name/originalvuln/msie/AutoScanJPU/AutoScanJPU-MyPage.htm
> Exploit viaSWFurl - http://umbrella.
> name/originalvuln/msie/viaSWFurl/viaSWFurl-MyPage.htm
> Exploit AutoScanJPU - http://umbrella.
> name/originalvuln/msie/AutoScanJPU/AutoScanJPU-MyPage.htm
> Exploit WsBASEjpu - http://umbrella.
> name/originalvuln/msie/WsBASEjpu/WsBASEjpu-MyPage.htm
> Bad Parent http://umbrella.
> name/originalvuln/msie/BadParent/BadParent-MyPage.htm
> BodyRefreshLoadsJPU - http://umbrella.
> name/originalvuln/msie/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU- 
> MyPage.ht
> m
> HijackClick - http://umbrella.
> name/originalvuln/msie/HijackClick/HijackClick-MyPage.HTM
> http://umbrella.
> name/originalvuln/msie/HijackClick/HijackClick2-MyPage.HTM
>
> 4. Scan system for infections with program of your choice - No traces
> should be found
> 5. Remove infections if protection failed
> 6. Reboot
> 7. Scan system for infections with program of your choice - No traces
> should be found
>
> Bill Stout
> www.greenborder.com
>
>
> -----Original Message-----
> From: Bapodara, Shyamal [mailto:Shyamal.Bapodara () earthtech com]
> Sent: Wednesday, July 20, 2005 10:21 AM
> To: security-basics () lists securityfocus com
> Subject: Best spyware program
>
> Hello Team
> I do like to test different so called "free"  software available  
> online.
> What is the best to test if they don't have any spyware in it once  
> it is
> installed?
> What will be the best way to test these with out compromising my  
> system?
> Thanks
> Shyamal
>
>
> This e-mail is intended to be delivered only to the named addressee(s)
> and
> may contain information that is confidential and proprietary.  If this
> information is received by anyone other than the named addressee 
> (s), the
> recipient(s) should immediately notify the sender by e-mail and  
> promptly
> delete the transmitted material from your computer and server.  In no
> event
> shall this material be read, used, stored, or retained by anyone other
> than
> the named addressee(s) without the express written consent of the  
> sender
> or
> the named addressee(s).