200 likes | 355 Vues
Spyware & It’s Remedies CS 526 Research Project Spring 2008. Presented By - Ankur Chattopadhyay Erica Kirkbride University Of Colorado At Colorado Springs. Overview. What is Spyware? Why do we care? (The Overall Issues) What do we do about it? (The Anti-Spyware Remedies)
E N D
Spyware & It’s RemediesCS 526 Research ProjectSpring 2008 Presented By - Ankur Chattopadhyay Erica Kirkbride University Of Colorado At Colorado Springs
Overview • What is Spyware? • Why do we care? (The Overall Issues) • What do we do about it? (The Anti-Spyware Remedies) • The Spyware Tests Conducted: Experiments & Results • Conclusion
So what is Spyware? There are many types of components: • Adware • Dialers • Joke Programs • Hack Tools • Remote Access Programs • Spy Programs
Adware • Mainly pop-up programs that gather important information about computer usage through internet browser • Employed by people trying to make money from directed spam and advertisement • Example is: Adware.WinFavorites • Checks your favorites and sends pop ups that are related
Dialer • Typical program that takes over a computer modem and dials to locations without a user’s consent • Usually meant to increase the user’s phone bill • Places itself as high speed connection’s replace dial up • Example: XXXDial • Dials international location to deliver pornographic content to a person’s computer
Joke Programs • Usually meant as a distraction or nuisance to interrupt work • Usually not malicious or harmful • Made by people that just want to show how they can get in a system if they wanted to • Example: Joke.Win32.DesktopPuzzle • Turns your desktop into a slider puzzle
Hack Tools • 2 Kinds • Keystroke Loggers • Distributed denial of service attacks • Very Malicious • Used to steal personal information, bank accounts or passwords • Also can help to take over a computer to be used to attack another computer
Hack Tools • Those that use them are trying to do identity theft or use computer resources to attack other networks (this is a service many hackers pay for) • Example: Haxdoor.o • Opens port 1661 on the computer and allows full access to others later can use it • Example: KeySpy • Keystroke logger that records all keystrokes and emails it to an email
Remote Access Programs • Back Door Programs • Makes it easier for access to be gained at future times when it is needed • Can be used to have other programs like hack tools installed • Example: MindControl • Opens port 23 to allow full control over a computer
Spy Programs • Can scan and monitor system illegally • Used to assist in identity theft • Also can be a keystroke logger that transmits its information whenever a secure webpage is accessed • Example: Realtime-Spy • Implicit scanner & keystroke logger that records personal passwords and transmits to a remote account
The Real Bad Guys • Spy Programs • Hack Tools • Remote Access Programs • Allow easier access to the infected computer at a later date • Used to take over an infected computer and use its resources for their own purposes
Spyware Threats/Issues • Increasing variants & becoming very prevalent • Way to make cheap and easy money • Targeting all internet users; using your resources & making money from you • If you are not cautious, then you may get exploited • Some spyware can really harm you and infect your computer very badly
What To Do? (Remedies) • Use spyware removal software (AntiSpyware) • Edit the registry • Find and remove the spyware program • Reformat the hard drive (extreme case) • Back-up & restore • Prevention • Never go online (impractical solution) • Firewalls • Employ spyware detection programs
The Anti-Spyware Tests • Experimental Procedure • Decided to test what spyware removal and prevention tools were the best • Infected a computer with spyware in a controlled environment (test bed) • Conducted multiple test runs to see performance of each tool • Efficiency & effectiveness of a tool based on priority factors • spyware detection capabilities • speed (response time) • space (storage) requirements • system compatibility, cost, availability
The Anti-Spyware Tests Results: • Tool Features Comparison • Found out that none were really full-proof (none can detect all spyware and remove everything) • It is better to use two or more anti-spyware tools in combination, as one will often detect and remove things that others do not
Recommended Anti-Spyware • The best programs were (according to our experiments): • Ad-aware • Pest Patrol • Webroot Spyware Sweeper • Spybot Search and Destroy • McAfee Anti Spyware (Security Center Package) • Microsoft Anti-Spyware Beta (Windows Defender)
Conclusions • Spyware programs can prove to be quite difficult to remove, even for dedicated anti-spyware scanners; detecting, disabling or deleting the spyware completely is an arduous and next to impossible task • No single anti-spyware scanner tool removes everything; even the best-performing anti-spyware scanner in test runs missed one quarter of the "critical" files and registry entries
Conclusions • This means that the programs were at best 75% effective, in reality • Prevention is always preferable to scanning and removal • Moreover, users should learn to practice safe computing habits, which include avoiding web sites and programs of unknown or dubious provenance and carefully reading End User LicenseAgreements and Privacy Policies
References • Spyware Test: http://www.spywarewarrior.com/ • Spyware Definitions: http://securityresponse.symantec.com/avcenter/refa.html#spyware • Spyware Listings: http://www.spywareguide.com/