RE: Rules for detecting spyware

[twig les <twigles () yahoo com>]

Spyware sucks [pause for applause].  Two things that I did to
stop it were using the free version of Zone Alarm on my M$ boxen
and running "Ad-aware".  Ad-aware is a signature-based house
cleaning tool and ZA prompts you to allow each program to use
your network explicitly, which most users will just say yes to
but it's better than nothing.

I can't imagine spyware signatures working on the network level
unless you wrote one for each application.  At that point the
vendor could just read the signature in snort database and go
around it.

Fortunately as Americans we can trust our government to protect
our privacy...BWAHAHAHAHAHA.

--- Gordon Cunningham <gacunningham () bellsouth net> wrote:
> Everyone is worried about the rogue blackhat hacker team, when
> the types of
> companies and thinking behind spyware use to collect
> information about your
> "habits" are probably far more insidious over time.
>
>
> - Gordon
>
> "When I finally found a spam filter that worked, I no longer
> received any
> email."
>
>  -----Original Message-----
> From:         snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net]  On Behalf Of
> Brian
> Sent: Thursday, August 28, 2003 11:16 AM
> To:   Marc Quibell
> Cc:   snort-users () lists sourceforge net
> Subject:      Re: [Snort-users] Rules for detecting spyware
>
> On Mon, Aug 11, 2003 at 09:54:49AM -0500, Marc Quibell wrote:
> > I've done a little checking, so far no luck. I wonder if
> it's possible to
> setup
> > some Snort rules for detecting spyware data. I'll keep
> looking for the
> actual
> > data content of such packets, but does anyone already have
> some rules?
> TIA!
>
> Sure its possible to detect spyware.  Do we do it currently? 
> Nope.  But
> thats cause I don't have packet captures for it.  The easiest
> method for
> finding packets is to install the spyware in question, then
> sit back
> and watch.  :)
>
> -brian
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Emo is what happens when the glee club goes punk.       
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users