Posted on 01/04/2006 9:56:58 AM PST by ShadowAce
A report by Mark Russinovich has raised serious concerns about the seedier side of anti-spyware. He investigated a number of programs that claimed to be spyware removal tools, and found that some of them not only do a poor job of detecting spyware, but may in fact be hazards themselves.
Spyware has become big business in recent years, bringing in as much as US$1.6 billion in 2004. As spyware proliferates, the market for anti-spyware also grows, and many products such as Ad-Aware and Spybot Search and Destroy have arisen to combat this threat.
However, it appears that some programs are now attempting to straddle both sides of the fence. Many of these are advertised by familiar banner ads that mimic Windows error dialog boxes, and say things like "Your computer may be infected. To scan, click 'Yes' below." The entire banner, however, is hotlinked to a website which instructs the user to download and run an alleged anti-spyware program.
When several of these programs were tested on a clean, freshly-installed Windows XP partition, they erroneously reported several Windows components (such as cookies left by MSN.com and the Windows Remote Desktop Service control) as being spyware. The program offered to clean these "infections" after the user had entered his or her credit card data to unlock the full functionality of the software.
A closer examination showed signs that this so-called anti-spyware package was in fact exhibiting many of the same behaviors as the spyware it claimed to be fighting against. When viewed in Process Explorer, the processes associated with these programs have no company name or description, no digital signature to confirm their authenticity, are compressed to prevent easy tracking, and often mimic internal Windows system process names.
Who are these companies that are producing fake anti-spyware packages? Domain traces on the websites they promote lead to a confusing trail:
Not surprisingly, the SpySheriff website reveals little about the company behind it. A Whois of the domain points to Popandopulos Ltd in Greece as the owner, but the associated email address is crystaljones@list.ru, which is a Russia-based domain. List.ru appears to be an ISP from its Whois information, so it's doubtful that the Spysheriff domain registration is accurate.
So how does one guard against these digital mimics, who pretend to be treasure chests but turn into snapping horrors? A list of the worst offenders has been compiled:
Ultimately, however, the responsibility for identifying the fake software lies with the end user. However, as the spyware companies get more and more tricky and insidious, this becomes an increasingly difficult task. Hopefully, the upgraded and bundled Microsoft Anti-Spyware that will ship with Windows Vista will help mitigate the problem.
Cute.
bump for publicity
Just replaced my Sygate Firewall/Avast/Ad-Aware & Spybot lashup on a Windows 2000 Pro system with Earthlink Protection Control. (Mainly because Symantec bought Sygate and promptly dropped support for my firewall down the toilet.)
System is so smooth and transparent it's almost eerie, uses maybe twenty minutes per WEEK for detailed scans (instead of the former half hour or so on every startup) and just plain kicks butt. Only problem I've had is that one of my hot links looked suspicious to Earthlink, and it took some time to get the sharp teeth untangled from the remains.
It's doing a SUPERB job for me. (But I check it, just to be sure.)
Bookmarked
Spybot installed a process on my PC that appeared to be monitoring all mouse activity. I couldn't disable it without completely uninstalling it. It significantly delayed my response time. Adaware solved my problems.
Ummm.. to Microsoft, it is!
Earthlink is doing a good job for me after I finally downloaded their latest spyware definitions. I also use Ad-ware. Their virus protection seems top notch also.
Six pieces of software running just to protect you from deficiencies of the OS. It's really sad if you think about it.
There's an ad: "Get Mac or Linux so you don't have to install, learn and run so many programs that you really don't want anyway."
Hey! Are you dissing my home page? ;-)
bookmark
Funny. I thought you were making fun of the fact that so many of those types of posts/email/IM scams are written by folk that don't speak english natively. ;-)
I'm very careful when surfing, and have not had any spyware in awhile. However, my wife downloaded a game last night, and now we have SpyAxe and Spy Sheriff on our computer, as well as 2 viruses (W32.Beovens and W32.Puper). I posted my Hijack This! logfile to spywareinfo.com, but they are inundated with requests, and it will take a few days to get a reply, so I guess I'll be working on the computer all day today on my day off to try to get this crap off my machine.
Has anyone used SpySweeper? Is it worth it? Spywareinfo.com has it for $19.95 (ends today), and I was considering buying it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.