OFF TOPIC Things that go bump in the night

BillyBoy wrote on 4/23/2003, 1:14 PM
Its spring and spring cleaning time for my computers. Thought I pass this along. One thing I do from time to time is scan for so-called "spyware" which is some of the more insidious software ever created. Most of the time you don't even know its there, because you can pick it up as an attachment you download or just by visting many sites. This class of software is NOT found by anti virus software. It isn't considered a virus, but it can be just as annoying. Aside from being totally obnoxious and an invasion of your privacy this kind of software does what the name suggests it does... it can spy on what you're doing and then may 'phone home' meaning report back to some server what sites you visit.

That in of itself is bad enough by it can spawn messages and even slow down or crash your system. Most of the crap are Registry keys. A well known program called Ad-aware is suppose to find them and let you know. The reason I'm writing this is, that application just failed terribly. How do I know? I just used it to scan my system and it reported everything was fine.

As I ususally do I have the TV playing in the background and was listening to CNBC which just did a story on a new application (FREE) called Spybot from some German company. So I just grabbed a copy and installed. Guess what... it found 140 spyware entries in my Registry, many from the seedy backweb bot. None of these were found by Ad-aware.

Now for those that don't know about Backweb. It comes with several popular hardware offerings and unless you're careful it will install itself when you install the hardware. Usually the hardware you're installing won't mention Backweb or make it difficult to not install. A few example of popular hardware that Backweb comes with.

Western Digital drives, some HP products and Logitech keyboards, mice, trackballs.

So you may want to download Spybot and see what is lurking on your system gathering information about you and likely accounting for some of those "strange" hangups and or system crashes. I know that at least on one of my systems Backweb caused two hang-ups. I know because I'm running XP and you can check the event log. The problem is trying to remove all traces from your Registry by hand takes forever and you'll probably miss some. And like I said I thought I was free of spyware, until I installed the much better Spybot.

Comments

baysidebas wrote on 4/23/2003, 2:13 PM
Totally agree. I too replaced Ad-Aware with Spybot and I'm much more confident that it does the job.
jboy wrote on 4/23/2003, 3:06 PM
Just ran Spybot, after being an ad-aware user, and, yeah...it pulled up a lot of junk that ad-aware missed. Tnx for the heads up, BillyBoy..
newbe wrote on 4/24/2003, 6:50 AM
Thanks BillyBoy for this great program, just what I needed.
Did my 'spring cleaning' just now, works great.
sqblz wrote on 4/24/2003, 7:06 AM
Billyboy, spyware detectors are as good as virus checkers. They depend on updating. And you may end up concluding that something is still left behind, which the detector did not "knew".
My best advice is to use a firewall *besides* using the detector. Some of these firewalls (like SafeHouse) detect each time that a request for input or output is crossing the ports of your PC, and ask the user what to do about it (grant/refuse). You can grant/refuse just now or forever and this is handy for blocking each specific spyware once and for all (even if it still tries ...)
This way, you use the detector for cleaning and the firewall for preventing ...
Sab wrote on 4/24/2003, 7:50 AM
Thanks BillyBoy. I had several registry items that were deleted.

Mike
Bear wrote on 4/24/2003, 8:37 AM
I use spybot and run it on my machines every tow weeks it is amazing what you pick up. I once went a month and ran it found 140 trackers amazing. I think these trackers are a major reason for machines slowing down.
BillyBoy wrote on 4/24/2003, 8:59 AM
With regard to firewalls, I use to use another popular product, ZoneAlarm. It worked well enough, but it started locking up my system after a update. So I looked around and like Spybot found one just as good that doesn't cause problems. Its called Outpost. There's a free version too. Like ZoneAlarm, simple to set up rules and you don't need to be a computer geek to use it.

http://www.agnitum.com/products/outpost/
BillyBoy wrote on 4/24/2003, 9:06 AM
Oops... almost forgot. Mainly for the newbies, new to running on the Internet, you should also check out the following site and follow the links to ShieldsUp, and download and run the Leak test to see if your firewall actually does what it claims, namely block unknown applications from accessing the Internet from your computer without your knowledge. This site is loaded with security warnings that make some very interesting reading.

http://grc.com/default.htm
stormstereo wrote on 4/24/2003, 9:23 AM
FYI - Spybot is updated on a "regular" basis. For those who want - it is possible to PayPal-donate to the guy who made it.

I use it, I love it. But be careful with the Immunize-function. It seems it made my XP interface restart all the time. I turned it off again and since then I've had no problems. Maybe that function interfers with Zone Alarm or Norton AntiVirus which are also on my system. Zone Alarm keeps count on how many "attacks" you've had to your system and it is NOT pleasant news. A friend of mine made "attacks" on 2000 of my ports (there are 64 000 or something). Not one of them succeeded. My computer did not even say "hey, I'm here but I will not let you in". It was as if it were not even there. My friend could not "see" me.

The best solution though - a dedicated Vegas workstation with no connection to Internet and a separate computer for all the other stuff. I wish.

Best/Tommy
www.stormstereo.com
bakerja wrote on 4/24/2003, 9:28 AM
Downloaded and installed the product. Yes, indeed it finds bots that Ad-aware missed. It also has a documented bug that hangs spybot when detecting the C2.lop bot. Their web site says that this only happens on a few machines, but mine happened to be one of the chosen few. Easy enough to get around, just exclude the c2.lop from the scan. One thing I really like about Ad-aware (purchased version) is the ability to trap bots before they install. I hope spybot will include a module of this type in future releases. I think I will continue to use both! Can't be too careful these days.

Thanks Billyboy for the post!

JAB
newbe wrote on 4/24/2003, 10:19 AM
Where can I find this Immunize-function, I have Norton AntiVirus on my PC and don't want to mess things up.
Thank you.
Erk wrote on 4/24/2003, 12:34 PM
Billyboy,

Thanks for the post, very helpful. There's nothing more insidious than the combination of a Geek (for the programming chops) working for the kind of marketing Suit who lies awake at night dreaming up new ways to invade your computer in the pursuit of a couple more $.

G
stormstereo wrote on 4/25/2003, 4:28 AM
The immunize is in version 1.2. Look in the menu to the left. There's "Search & Destroy", "Recovery" and "Immnunize". Click it and a pop up window will probably give you a warning about "...bad products...". Just click ok. Now make sure you click undo and uninstall is greyed out. Done.
Best/Tommy
www.stormstereo.com
disastinator wrote on 4/25/2003, 5:49 AM
In addition to running Spybot I go to this site:
http://aumha.org/a/noads.htm

Although limited in the number of parasites it checks for, this site seems to do a more comprehensive job. It found two more spyware components or remnants that Spybot was supposed to have cleaned.

I also run Hijack This from this site:
http://www.spywareinfo.com/downloads.php#det

This software reports on mostly harmless spyware-like entries on my system but I scan the report to make sure there are no new and suspicious entries. It is also a valuable tool to help diagnose a system that may have been attacked.
newbe wrote on 4/25/2003, 6:04 AM
Thanks for your reply Tommy, I was running version 1.1.
Downloaded 1.2 and I now see the Immunize button.
No problem greying out 'Uninstall' but I am not sure what you mean by clicking the 'Undo' button. Its always 'On'.
Or I'm I missing something?
bakerja wrote on 4/25/2003, 7:20 AM
I missed the imunize at first. Wow, this product really is nice.

JAB
frank_jarle wrote on 4/26/2003, 8:11 AM
Well i have been using AD-Aware 5.x for long time. I have to agree that it kinda needed a facelift.

Due to your post i decided to download Spy-Bot and indeed it found only 14 threads on my system. So i just decided to download the latest version of Ad-Aware 6. also here it found only 14 threads. So i cannot conclude that one is better then the other one as you have done. I dont know if you were run the latest version of them both.

I would also like to mention that after installing the latest version of both softwares i ran an update to make sure i had the lates update of it.

As i run Windows 2000 Pro on my computer where i have 4 users (admin, me, wife and one account for gaming). I found that Spy-Bot only do a check on the current user that runs the software. However using Ad-Aware it check through the whole HD for all the users and find threads not only in the current user but from others also, this is a feature i think its very good as i am the one that do the spring cleaning, its a bit tedious to login to all the users and do one-by-one job.

I had a look throug Spy-Bot it had lots of settings which can come in handy now and then, some (if not many) of this settings i did not find in Ad-Aware.

My conclusion is that dont choose only one product, go for both of them as they have differente features.

As it have become more and more popular lately, it is to install two differente softwares that do the same thing, especially when it comes to antivirus-softwares.

Sincerely
Frank Jarle
Singapore