Full Disclosure mailing list archives
Re: "No such thing as spyware"
From: Egoist <mastah () phreaker net>
Date: Sat, 5 Mar 2005 02:06:22 +0300
Hello Danny, Saturday, March 5, 2005, 12:26:10 AM, you wrote: D> From: http://www.viruslist.com/en/weblog D> Thoughts? Yes. This text is just waste of writers time. I dont see useful info/advisory here at all. D> -------------------------------------------------------------------------------- D> No such thing as spyware D> Eugene March 03, 2005 | 22:21 MSK D> "The rising number of cyber-criminals creating more and more different D> malicious programs, attacks and cyber-frauds have resulted in the D> media and public paying more attention to security issues. New D> solutions and services, such as patch and vulnerability management, D> intrusion prevention, etc., appeared during the last year or so. D> New threats are appearing as well. But are they really all that new? D> Spyware is a brand new word in the threats list and it is being used D> widely. Everyone is talking about spyware: many dedicated anti-spyware D> products have appeared on the market, all of them brand new. D> But what exactly is spyware? What threats does new term cover? My D> favorite definition of the term can be found at Information week. D> "Spyware is software that's installed without your informed consent. D> Spyware communicates personal, confidential information about you to D> an attacker. The information might be reports on your Web-surfing D> habits, or the software might be looking for even more sinister D> information, such as sniffing out your credit card numbers and D> reporting those numbers." D> Exactly. This is a good definition which we can use to describe D> software designed to spy on user actions and report on infected D> machines. D> Did we have such software in the past? Of course we did. The first D> malicious software designed to spy and steal confidential information D> was detected back in 1996 - the AOL Password-Stealing Trojans. D> Have we already seen other malicious programs which can be described D> as spyware? Certainly! There are many different kinds of Trojans D> designed to: D> * steal passwords/logins (including bank account information) D> * log user activity (keyboard, screenshots, applications being run) D> * backdoor trojans which have spy abilities D> Thus, what people are calling spyware is not new at all... D> Anything else that can be called spyware? Yes. Numerous advertising D> tools (adware/advware) which report such information as visited Web D> pages and Web search requests. Sometimes this information is D> confidential. D> And there's even more. Legitimate keyloggers for example, D> freeware/shareware/commercial utilities which log keystrokes and/or D> monitor other user activities. D> Are we done? No, there are still more programs that report user D> information to outside sources. For example, if you post to a forum D> your email client will report your email address. If you are browsing D> the Internet your IP address, Windows and browser version can all be D> logged as you surf. D> Can we or should we class these programs as spyware? Definitely not. D> This is where we reach the border between so-called spyware and D> non-spyware. D> And the border is fuzzy. Because the issue is not always what the D> program does, but how it's being used. We call the border-line D> programs riskware, and detect many of them as 'not-a-virus'. We leave D> it up to users to decide what to do next: if they want or need the D> program, they can keep it. However, if it was installed without their D> consent or is doing something they don't want or need, we find it for D> them, so they know what's going on in their computer and can make an D> informed choice. D> So, technically speaking, spyware simply doesn't exist as a D> stand-alone cyberthreat. D> The programs which are being called spyware are, from a technical D> point of view, simply a limited sub-set of Trojans, advertising D> software and some riskware: D> * Trojan spies and some backdoors D> * most adware D> * riskware – potentially hostile programs that require users to D> make conscious choices about using them D> In short, there is no such thing as spyware. D> On the other hand there are many anti-spyware programs produced by D> vendors who actively promote their products as dedicated anti-spyware D> solutions. D> An interesting review was published in latest PC Magazine {USA D> edition, Feb 22 2005, pages 82-91}. They compared how a number of D> security suites (anti-viruses) and dedicated anti-spyware products D> removed so-called spyware. Guess what? Some traditional solutions are D> better at removing these threats than dedicated ones. D> Unfortunately, there are no adequate consumer tests to separate D> effective solutions from ersatz-security programs. In the PC Magazine D> tests, there were only 24 "spyware" samples tested. In reality, there D> are hundreds of malicious programs in the wild that fit into this D> category. For instance, we know of over 200 adware families (with D> numerous variants in each). We need better and more in-depth tests in D> the future. D> To cut a long story short, the term spyware is basically a marketing D> gimmick: just to separate new ersatz-security products from D> traditional ones, just to push almost zero-value products to the D> security market. D> We need to avoid this trap. There is nothing worse for the computer D> security community than false alarms and/or users with a misplaced D> sense of safety." D> _______________________________________________ D> Full-Disclosure - We believe in it. D> Charter: http://lists.netsys.com/full-disclosure-charter.html -- Best regards, Egoist mailto:mastah () phreaker net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- "No such thing as spyware" Danny (Mar 04)
- Re: "No such thing as spyware" Egoist (Mar 04)