Re: Adware, spyware, and trojans

[Gene <gyoo () attbi com>]

just to add to this, some web enforcement tools such as webtrends has a 
feature to stop this sort of activities...  be aware, some apps require 
(P2P) spyware, wait, i can't confirm this, but i did some trial and 
error using adware program and ran into one of my programs not working 
(Kazaa) while i was trying to create a trap for this type of activity in 
the network...

Kruger, David, 1stLt, AFPCA/IAN wrote:
> Here's Symantec's stance on the subject.  Not sure about others:
>
> Does Norton AntiVirus detect Jokes, Adware, or Spyware?
> Last Updated on: October 28, 2002 03:12:51 PM PST 
>
>  
>     
>
> Jokes, adware, and spyware are programs that may arrive as email
> attachments, may be downloaded from a Web site, or, in some cases, installed
> when you install another program. 
>
> By design, Symantec Security Response does not provide virus definitions to
> detect joke, adware, or spyware programs. Such programs are not malicious,
> and detecting them only leads to unnecessary virus alerts, which could cause
> you to believe that you have run or received a dangerous program when you
> have not. If you have received or installed such a program, and you do not
> want to run it, we suggest that you uninstall or delete it.
>
> In general, if a suspicious program asks you to agree to an End User License
> Agreement (EULA) prior to installation, or if the program itself is
> copyrighted, then Symantec Security Response will not add a detection for
> the program in question.
>
> Jokes
> Jokes are programs that attempt to display something humorous or pretend to
> perform a malicious action. They are not a viruses, worms, or Trojans, and
> are not detected as such. If you received or installed a joke program, and
> you do not want to run it, we suggest that you uninstall or delete it.
>
> Adware
> Adware is a type of program that displays an advertisement of some sort,
> usually related to a specific Web site in your Web browser. In some cases,
> it changes the home page of your Web browser to point to a specific Web
> site.
>
> In most cases, some user interaction is required to install adware. You must
> either double-click the program to run it, or there is information on the
> Web site to inform you that it will install a program on your computer.
> (This information may not be obvious, however.)
>
> Because adware programs are not malicious, and are not viruses, worms, or
> Trojans, Norton AntiVirus does not detect them as such. Detecting
> nonmalicious programs such as jokes or adware could cause you to believe you
> have run or received a dangerous program when in fact you have not. 
>
> Symantec Security Response recommends that you simply uninstall or delete
> such programs.
>
> If you think that you have received or run a program that may be malicious,
> but is not being detected by NAV, please follow the instructions in the
> document What to do if you suspect that your computer is infected with a
> virus, worm, or Trojan.
>
> Spyware
> Spyware is a generic term for a class of software designed to either gather
> information for marketing purposes or to deliver advertisements to Web
> pages. Although software of this type is legitimate, it can, in some cases,
> be installed on your computer without your knowledge. This poses privacy
> concerns for many people.
>
> Spyware basically comes in, but is not confined to, three forms:
>
> As software bundled and installed with another software application
> As a stand-alone installation package
> As a modification to the HTML of a Web page.
>
> When bundled, spyware installs as part of the installation of another
> software. You may or may not be made aware that this is happening. When
> installed as a stand-alone product, it often takes the form of a free
> downloadable tool, game, or utility.
>
> The general purpose of spyware is to gather information about your Internet
> surfing habits and deliver that information to its customers. That
> information, in turn, is used to deliver advertising that you (based on your
> Web surfing demographic) are most likely to respond to. 
>
> Spyware programs, while they may be objectionable, are not malicious, and
> detecting them only leads to unnecessary virus alerts which could cause you
> to believe that you have run or received a dangerous program when you have
> not. Most spyware programs have Web sites, and many of these sites have
> privacy statements or FAQs that explain what they do and what types of
> information they collect. This information can assist you in making an
> informed decision on whether to keep or uninstall the spyware.
>
> NOTE: In many cases, when the spyware is installed with a utility or game
> you downloaded, you may have to uninstall the utility or game to uninstall
> the spyware.
>
> Spyware often bundles with free downloadable Internet programs such as Web
> browsers, browser enhancements, desktop utilities, browser theme packages,
> and games.
>
>  
>
>
> Write-up by: Randy Rejda 
>
>
> ~Freddie
> David C. Kruger, 1st Lt, USAF
> Chief, AFPCA Perimeter Defense
> 1777 North Kent Street
> Plaza Level, Suite 1500
> Rosslyn, Virginia 22209
> 703-693-5755
> DSN223-5755
> Cell: 703-901-8401
> david.kruger () pentagon af mil
>
>
> -----Original Message-----
> From: Carere, Courtney [mailto:CCarere () rich com]
> Sent: Friday, December 06, 2002 11:49 AM
> To: 'security-basics () securityfocus com'
> Subject: Adware, spyware, and trojans
>
>
>  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Upon reading "The Art of Deception" by Kevin Mitnick yesterday (an
> excellent book, by the way), he writes that most antivirus software
> does not detect spyware, which was a shock to me.  Spyware seems to
> be defined as software that logs keystrokes, screenshots, user
> actions, etc.  I have a couple of questions:
>
> 1.  What's the distinction between spyware, adware, and trojan
> software?  (My antivirus software says it protects against Trojans,
> and I've seen programs like SubSeven in its log files.)
>
> 2.  Is there any good software that detects and removes spyware,
> ideally controlled and updated continuously from a central server?
>
> Thanks!
>
> - - Courtney Carere
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0.4
>
> iQA/AwUBPfDTHHcM/5zG0KHEEQIcrACg73VSeTkX/ecvtX+HOWnFNCVNsUUAoMqs
> n4t8pKXIbtMIQaMiwRhLW/gN
> =4uWy
> -----END PGP SIGNATURE-----


--
Gene Yoo, gyoo () attbi com