spyware scanners only get 50% - 70% of all known spyware. Using two scanners help, but that's a large percentage of spyware that still get by. I just scanned a system with Microsoft's Antispyware and it removed every thing it found, but the realtime protection was still indicating that something was trying to change my browser addresses.
I want to put together a guide to tracking down that last 10% of spyware that gets overlooked by the scanners. Some simple developer tools can be very powerful in the tracking down spyware. Sysinternals has a good collection of tools that I want to talk about with tracking down spyware in mind.
Some problems you just can't search on. Here are some I wish were more searchable and this blog is my attempt to make that happen.
Sunday, February 27, 2005
Saturday, February 26, 2005
IDownload and ISpyware
I think the fall off IDownload and ISearch has started. They may have screwed up. They want every reference to them being spyware removed. I am not saying that Idownload or ISearch are spyware or adware. I don't care if they are malware or not. As you search the web now, the talk about them trying to shut up the small sites and antispyware vendors is what every one will see.
One site, http://spywarewarrior.com/ has a blog with great antispyware information. They never came out and said that IDownload or iSearch are spyware, they listed what spyware scanners were looking for. IDownload and ISearch just happened to be on that list.
See: SpywareWarrior Responds to iSearch/iDownload
It it were my computer, I would remove it. But that's my opinion
One site, http://spywarewarrior.com/ has a blog with great antispyware information. They never came out and said that IDownload or iSearch are spyware, they listed what spyware scanners were looking for. IDownload and ISearch just happened to be on that list.
See: SpywareWarrior Responds to iSearch/iDownload
It it were my computer, I would remove it. But that's my opinion
Friday, February 25, 2005
Spyware is like cancer
Once it is in your system, you are not going to get it out. Ok, maybe today. But as the fight goes on, they will win if they get the first attack.
For example, I see them create a dummy key in the registry under run. It watches for it to be removed and reboots the system.
The are already watching that key. Try deleting it and press F5. It comes back. I have seen it many times. It doesn't take much more work to reboot the computer. Crappy spyware already crash the system.
At that point...
reformat, reinstall
For example, I see them create a dummy key in the registry under run. It watches for it to be removed and reboots the system.
The are already watching that key. Try deleting it and press F5. It comes back. I have seen it many times. It doesn't take much more work to reboot the computer. Crappy spyware already crash the system.
At that point...
reformat, reinstall
Work harder, I know you can ...
Why am I always bringing computers to their knees. On my own machine, I can understand it. But I also over work our servers. I do this all the time. I get tired of it. If I have time to write about it while I watch it process ....
This time is unusual, but it just reminds me how much it happens. I am looking at a system that I will be working with and I want to diagram the database structure. Sounds simple, doesn't it? My problem is the database size. 600 tables. All the tools I am using are choking on it. SQL Server Diagrams and Visual Studio place all the tables in a row if no relationships are defined. At first glance, the database has very few relationships (in the database, I think it is managed in code). Visio 2003 has done the best job so far. It will group the tables on the page. As I work with all 600 tables, the memory requirements are more then my computer wants to deal with.
I am looking at trying to display possible relationships, but that is not working either. Visio is very programmable, but I can not find a way to access each shapes database fields. Either it can not be done, or my search terms are to vague. I wanted to loop through each shape's Primary key and connect it to any table that has a matching field name. Without the ability to talk to the field names, it cant be done.
My next thought was to build the relationships in the database. I attached a copy of the working database and researched my commands. It generated the SQL I wanted to run. As I was running it, I realize that most tables have multiple fields in their Primary Keys. My code did not account for that. It doesn't have to be exact. I am trying to reimport into visio, but it looks like I over worked it even though it eventually finishes. I do have to say that I have not crashed visio yet.
Each step takes way to long (On both the server and my workstation). I feel as if I have done nothing all day and it iritates me. I will eventually send the diagram to the printers and post it on my wall. 100 x 120 inches.
This time is unusual, but it just reminds me how much it happens. I am looking at a system that I will be working with and I want to diagram the database structure. Sounds simple, doesn't it? My problem is the database size. 600 tables. All the tools I am using are choking on it. SQL Server Diagrams and Visual Studio place all the tables in a row if no relationships are defined. At first glance, the database has very few relationships (in the database, I think it is managed in code). Visio 2003 has done the best job so far. It will group the tables on the page. As I work with all 600 tables, the memory requirements are more then my computer wants to deal with.
I am looking at trying to display possible relationships, but that is not working either. Visio is very programmable, but I can not find a way to access each shapes database fields. Either it can not be done, or my search terms are to vague. I wanted to loop through each shape's Primary key and connect it to any table that has a matching field name. Without the ability to talk to the field names, it cant be done.
My next thought was to build the relationships in the database. I attached a copy of the working database and researched my commands. It generated the SQL I wanted to run. As I was running it, I realize that most tables have multiple fields in their Primary Keys. My code did not account for that. It doesn't have to be exact. I am trying to reimport into visio, but it looks like I over worked it even though it eventually finishes. I do have to say that I have not crashed visio yet.
Each step takes way to long (On both the server and my workstation). I feel as if I have done nothing all day and it iritates me. I will eventually send the diagram to the printers and post it on my wall. 100 x 120 inches.
All about the DHCP server callout API functions.
I have looked for this before, I just didn't know what to search for.
I have looked for scripting dhcp, loading dhcp as a ActiveX control, and commandline access. And I never found what I was looking for.
I was wanting to track DHCP requests and limit who is to receive them. This is exactly what I needed.
other questions. How would this work with VB.NET? I probably shouldn't write DHCP dll's in managed code, but VB is our standard language. Would it be easyer to write a wrapper in C++ to let me do the work in VB.NET? Any thoughts?
What about running 2 DHCP Servers on the same box and loading custom DLL's. I want one group of computers to get one ip range and another to get a different range. Would that be possible, or am I dreaming.
All about the DHCP server callout API functions.
I have looked for scripting dhcp, loading dhcp as a ActiveX control, and commandline access. And I never found what I was looking for.
I was wanting to track DHCP requests and limit who is to receive them. This is exactly what I needed.
other questions. How would this work with VB.NET? I probably shouldn't write DHCP dll's in managed code, but VB is our standard language. Would it be easyer to write a wrapper in C++ to let me do the work in VB.NET? Any thoughts?
What about running 2 DHCP Servers on the same box and loading custom DLL's. I want one group of computers to get one ip range and another to get a different range. Would that be possible, or am I dreaming.
All about the DHCP server callout API functions.
I can see it now, spyware introduced flash adds
On slashdot.org there was a talk about flash bassed adds and how popular they are becomming. It is harder to block them. Some simple solutions were talked about, but I see the advertisers have some simpler solutions. They havent been challenged yet.
My favorite trick is the F5 key. When an add is displayed, a cookie is usualy saved that says you have seen the add (or they track it another way). What F5 does is reload the page. Now you are viewing the page a second time and they think you saw the add so they will not show it again. Either that or they show the add every time and that would get annoying. Remember F5
Now that advertisers are switching, I thing spyware and adware will also make the switch. Imagin browsing windows updates and a free download add appears for you to click on. You click yes because it is microsofts site. you system is toast.
Reformat, Reinstall.
My favorite trick is the F5 key. When an add is displayed, a cookie is usualy saved that says you have seen the add (or they track it another way). What F5 does is reload the page. Now you are viewing the page a second time and they think you saw the add so they will not show it again. Either that or they show the add every time and that would get annoying. Remember F5
Now that advertisers are switching, I thing spyware and adware will also make the switch. Imagin browsing windows updates and a free download add appears for you to click on. You click yes because it is microsofts site. you system is toast.
Reformat, Reinstall.
Spyware, worse than viruses.
Its like cancer. It truly is. The majority of home user problems that I have to deal with is related to sypware, adware, malware. Tonight I spent 3 hours with a customer rebuilding his machine. He was suffering from several problems that just scream spyware. IE would not work, home page was blank. Attempting to type in a site failed to connect, then the browser would choke on the spyware inserted failed connection page. Wen to check network connections and there were none. I tried to add one and the needed service was not started.
Ok, that last one was odd. Every service was set to disabled and none of them were running. I had never seen that before. Trying to enable or start any of them resulted in a unhelpfull error message. I had already planned on rebuilding, so I quit trying to fix it.
Format, Reinstall.
Ok, that last one was odd. Every service was set to disabled and none of them were running. I had never seen that before. Trying to enable or start any of them resulted in a unhelpfull error message. I had already planned on rebuilding, so I quit trying to fix it.
Format, Reinstall.
spyware, at what point do you give up?
I was working on this machine that was so infected, evey time I went to a new webpage, 3 more IE windows would open. It a good thing I knew what I was looking for. ActiveX controls tried to install twice on my way. After finaly downloading a spyware cleaner and installing it, then scanning and finding 45 threats. I cleared them, rescanned and found 3 more. Those 3 kept comming back. I tried to kill the related process, but it would just start up again. I tried several trick and the google results had way too many steps. After I finialy cleared all the threats, I still had browser popups. I gave up after 1 1/2 hours.
Format, Reinstall
Format, Reinstall
Sunday, February 20, 2005
Blog with content ...
I am experimenting with my 2 new blogs. One will be "advertised" and the other will be invisible. The antispyware blog is the one I find most interesting. As I find topics and post them, I leave comments on the target site that link back to my blog (if commenting is available). The other one will just get the content. After a few days of minimal work, I have gotten 12 visitors to the antispyware blog and 0 to the other one.
As I am looking for good antispyware content, I find other content relating to spam, antivirus, and security. I am tempted to post links to them to help raise their search rankings. But I am making my blogs to narrow.
Here is one such blog that deserves more attention Ann Elisabeth (spam huntress), she has some excellent blog Spam related posts.
http://www.annelisabeth.com/pc/pc17.htm
http://www.annelisabeth.com/blog/archives/000314.html#more
As I am looking for good antispyware content, I find other content relating to spam, antivirus, and security. I am tempted to post links to them to help raise their search rankings. But I am making my blogs to narrow.
Here is one such blog that deserves more attention Ann Elisabeth (spam huntress), she has some excellent blog Spam related posts.
http://www.annelisabeth.com/pc/pc17.htm
http://www.annelisabeth.com/blog/archives/000314.html#more
Monday, February 14, 2005
Hot Topics
I just launched two new blogs. One is a subject that I run into all the time. antipyware. The other is just interesting at the moment. North Korea's Nukes.
I am constantly dealing with spyware. Either from users at work or from friends and family. It has gotten out of control and my quick tricks no longer work.
I am constantly dealing with spyware. Either from users at work or from friends and family. It has gotten out of control and my quick tricks no longer work.
Tuesday, February 08, 2005
Every problem is a nail
When your only tool is a hammer, why do all your problems look like nails. In response to my last post, I think XML is my hammer. I do feel that it was a creative solution that in the end has not saved me much work. But the problem set I was working with was more fun. It had a freshness to it that database updates no longer have.
At one time, I wanted to use XML for just about everything. I realize when its useful or over kill. Programming projects like my survey generator/processor could be heavy in code, but it is a tiny project mostly XML and XSL.
At one time, I wanted to use XML for just about everything. I realize when its useful or over kill. Programming projects like my survey generator/processor could be heavy in code, but it is a tiny project mostly XML and XSL.
Creative Solutions
A little while ago I got a request to build a simple survey. It was one page with about 10 questions. Before I started, I realized it was just as easy to write a generic survey processor then to fully code the survey. Each new survey gives me time to work on the generic processor instead of manually building surveys. Different requirements gives me a new set of features.
My generic processor takes input from any web form and wraps it up with XML. All I do is add the form elements and let the processor do the rest. This method works really well for most studies.
I am currently working on building 5 questionnaires. Two of then have over 100 questions and all the questions are free form fields. The reporting requirements are completely different from just handing over an excel spreadsheet. Yet again I found myself writing a generic report processor and with that ground work out of the way, I can also generate the survey.
If I put all the survey questions in a XML file, I can generate the surveys and generate results inline with the original questions. This sounds overly complicated, but it is very simple to implement with XML, XSL, CSS, and a little server side script.
My generic processor takes input from any web form and wraps it up with XML. All I do is add the form elements and let the processor do the rest. This method works really well for most studies.
I am currently working on building 5 questionnaires. Two of then have over 100 questions and all the questions are free form fields. The reporting requirements are completely different from just handing over an excel spreadsheet. Yet again I found myself writing a generic report processor and with that ground work out of the way, I can also generate the survey.
If I put all the survey questions in a XML file, I can generate the surveys and generate results inline with the original questions. This sounds overly complicated, but it is very simple to implement with XML, XSL, CSS, and a little server side script.