Spyware and how to kill them

[Faram]

Just thought I would give some advice on the latest spy ware fixes.

I just downloaded ad aware 6 pro
http://www.lavasoftusa.com

Ad aware was the first regularly updated spy ware killer. But AAW lost a lot of goodwill when they stopped updating ver5.

The new one has some annoying bugs:

The system would not shut down if you are running adwatch 3, it should be fixed in the latest release (build 160)
The reference file updater hung at 5%. It was a server issue but not a good thing for a new release.

The uninstall is broken so to uninstall you have to hunt down all the reg entry’s manually.

The freeware of AAW6 is not out yet but it should be out sometime next week.





Spybot Search & Destroy
http://security.kolla.de/

The one that picked up Adaware’s fallen crown when they stopped updated the old ver5 in September last year.

A really good program that is easy to update.

The battle between Spybot and AAw have just started but spybot have in short time impressed a lot of users, and is frequently updated.

The biggest plus for Spybot is that it is free.





Spyware Blaster.

http://www.wilderssecurity.com/spywareblaster.html

This is not an spyware remover!!!

This program stops spyware from installing through IE.

It is setting the active x clsid to installed thereby fooling programs on the internet.

A good safety precaution to take when surfing the net.





Outdated programs:

Do not run!
Do not install!

Old Adaware 5.x is outdated and can actually hurt your system if you are using it! If it is installed remove it and install aaw6 or sypybot.

Optout from Gibson Research where a good program but it is wery outdated and can only catch one spy program.

[Einhander Sn0m4n]

MAKE THIS STICKY!!!!!!!!!

Oh, don't forget www.SpywareInfo.com and www.DOXdesk.com (currently down due to an ISP fuckup) for info on spyware.

<EDIT> I use all except AAW6 because they don't have the standard version yet. Also Mozilla's extremely resistant to most spyware attacks since it ignores RadioAxtiveHaX code.

[Shinova]

While we're talking about spyware, anyone know of some good firewall programs out there?

[Einhander Sn0m4n]

While we're talking about spyware, anyone know of some good firewall programs out there?

Kerio, Sygate, and (if you're a n00b) Zone Alarm. ZA's not recommended if you use P2P filesharing since it'll block every incoming connection attempt. Not very nice if you want someone to push a file out to you through THEIR firewall!

[Mr Bean]

Is now Stickyfied and useless posts removed

[EmperorMing]

While we're talking about spyware, anyone know of some good firewall programs out there?

Kerio, Sygate, and (if you're a n00b) Zone Alarm. ZA's not recommended if you use P2P filesharing since it'll block every incoming connection attempt. Not very nice if you want someone to push a file out to you through THEIR firewall!

Would you include Tiny Personal Firewall in this group?

[phongn]

While we're talking about spyware, anyone know of some good firewall programs out there?

Kerio, Sygate, and (if you're a n00b) Zone Alarm. ZA's not recommended if you use P2P filesharing since it'll block every incoming connection attempt. Not very nice if you want someone to push a file out to you through THEIR firewall!

Would you include Tiny Personal Firewall in this group?

IIRC, Kerio == TPF.

[Einhander Sn0m4n]

While we're talking about spyware, anyone know of some good firewall programs out there?

Kerio, Sygate, and (if you're a n00b) Zone Alarm. ZA's not recommended if you use P2P filesharing since it'll block every incoming connection attempt. Not very nice if you want someone to push a file out to you through THEIR firewall!

Would you include Tiny Personal Firewall in this group?

Yup! Kerio is sorta what Tiny was, Tiny made a whole new firewall code. They're both good

[Isil`Zha]

While we're talking about spyware, anyone know of some good firewall programs out there?

Kerio, Sygate, and (if you're a n00b) Zone Alarm. ZA's not recommended if you use P2P filesharing since it'll block every incoming connection attempt. Not very nice if you want someone to push a file out to you through THEIR firewall!

umm, I use Zonealarm on highest security all the time.. it's in full stealth mode... and P2P sharing works fine for me.

[Stormbringer]

Okay, this has nothing to do with SLAM so to Off Topic it goes.

[Crayz9000]

Yup! Kerio is sorta what Tiny was, Tiny made a whole new firewall code. They're both good

Holy shit... I've been using version 2.0 for a while now... oh well, time to upgrade.

[Faram]

Just gona toss in my Kerio FW config for firewall reference here.

This is an old post from BotM

BTW this poor thred have moved from OT to SLaM and back to OT


Tcp/IP Firewalling

This example uses Kerio Firewall but all info is true for any firewall

http://www.kerio.com

Try it it’s free and powerfull

General Info:
The local ports used in most rules 1024-4999 is witch port the application should use internally to connect to internet.

This is a rule based firewall this means that any application the requests network connections must go thro the firewall and the firewall checks what rule appys to that application.

It starts at the top and goes down. If no rule is a match a popup ask if that traffic should be allowed or not.

Some of the rules and what the do:

DHCP: Dynamic assigning of ip addresses.

DHCP Broadcast: Enables my computer to request Dynamical ip addresses from any server on the internet.
DHCP: Only the address 10.0.112.1 can assign ip addresses to my computer.
DHCP Blocker Block any other address than 10.0.112.1 from assignin ip addresses.

This is done to stop my computer getting different ip addresses from my ISP. And for security reasons no one can spoof dhcp commands to my computer.

DNS: Domain name server

DNS: Enables all applications to use the DNS Servers 10.0.0.1-10.0.0.2
DNS Block: Stops DNS request to any other DNS server.

Outgoing ICMP 8: Enables the ping command to the internet
Incomming ICMP 0,3,11: Enables ping reply and tracert to the internet
ICMP Block: Stops all other ICMP requests

Loopback: Enables TCP and UDP communication internally in the TCP/IP stack without this any browser or network game would slow down to a crawl.

MS IE: Rule for Internet Explorer only allows connections for port 80 (http) and 443 (https)

Mozilla: Same as internet explorer but for a different application.

MS Outlook: Only allows outlook to connect to my custom address group (more of this later) and only to port 25 smtp and 110 pop3 (send and receive mail) the big bonus in this case is that no mail can display custom pictures and confirm my address as active to spammers.

Deny ALL: the single most important rule. Denys any traffic that don’t match any other rule in the firewall.



Consepts

TCP= Transmission Control Protocol Sends packets to a host and confirms the successful transmission safe but slow.

UDP= User Datagram Protocol Just sends the data to a host but don’t confirm if it’s successfully transmitted or not.

Some standard ports
20 FTP data
21 FTP Session
53 DNS Traffic
67, 68 DHCP traffic
80 Web traffic (http)
443 Encrypted web traffic (https)

[Slartibartfast]

Be careful of spyware removers if you use KaZaA Lite. It will remove the fake spyware driver that allows the program to work.

[Kintaro]

Is there still a way that 3rd parties (microsoftdick in particular) could bypass these firewalls and spyware programs? I'm sure that there is a way it could be done, but I want to know how common these naughty actions are.

[Slartibartfast]

I don't think you can bypass a firewall, other than trying to use a common port for spamming.

You can't "bypass" anti-spyware programs, because they are made AFTER the spyware: it means that they are designed to remove *known* spyware.

[Faram]

Time to update.

Search & Destroy and spyware blaster is updated.

Use the built in updaters to get the newst fixes.

http://security.kolla.de/
http://www.wilderssecurity.com/spywareblaster.html

---Edit---

DO NOT INSTALL SpyWare NUKER

BPS Spyware remover on CNET & Cheated votes
Sorry to bother you with this, just though i let you know..

Our votes on CNet (we had a rating of 91%) have been manipulated by a single individual, who voted it down to 1 %, and posted warning comments about AAW containing a virus.
The entire poll had to be removed eventually.
Now the same happend to Spybot today, appearantly by the same Individual.

Some of these comments recommend using "BPS Spyware remover" instead.Check the comments on "Refupdate" for example.

In contrast, there where 14000+ (and a rating of 100%) votes for "BPS Spyware remover 6", which is a bloated visual basic imitation of Ad-aware 5.
(Bulletproofsoft.com NOT bulletproof, vendor of the FTP Client)
Check this out : »download.com.com/3000-2144-10183773.html[?]

k just that you know.
While i'm always open for true competition, this is just unethical. The 91 % rating we got over a long period (almost three years) was somewhat a reward and sign of thrust from our users.

Nicolas

DSL Reports

Broken link to the cheapass frauds:

www. spywarenuker.com
Fix it if you vant the page but it is not worth it.

Do not install their Crap!

Here are a few excerpts from their 5 page license agreement:

"You acknowledge that "Trek Blue" may, at their sole discretion and for any purpose, provide updates, automatic or otherwise, to the "Trek Blue" Program(s) including but not limited to the advertising or other value-added software and technology.

By installing, downloading, copying, updating or otherwise using the "Trek Blue" Program(s), you specifically agree to include and/or accept the noted software and technology through which "Trek Blue", its subsidiaries, affiliates, partners, divisions, and clients provide value-added upgrades and applications to your computer."

In other words, they can install anything they want, anytime they want without informing you “including but not limited to advertising or other value-added software and technology” on your PC.

http://camtech2000.net/Newsletters/a_ne ... tactic.htm

[Vertigo1]

Standard version is available for download.

[Einhander Sn0m4n]

Hey Faram you hang out at www.SpywareInfo.com? You're just as knowledgeable about this as I am!

[Damaramu]

Hey guys, thanks for all the great info!

I've got a question, though:

I'm online via 56k dial up, should I download a firewall as well or is that mainly for people running broadband and/or servers?

Thanks in advance!

[Einhander Sn0m4n]

Firewall always! No matter if you have a T3 line or an ancient 2400bps POS.

[Faram]

Hey Faram you hang out at www.SpywareInfo.com? You're just as knowledgeable about this as I am!

Nope but I’ll check out that site.

I work with networks and comps; desktop security is my pet project.

http://www.im.se is the homepage but it is very boring

Hey guys, thanks for all the great info!

I've got a question, though:

I'm online via 56k dial up, should I download a firewall as well or is that mainly for people running broadband and/or servers?

Thanks in advance!

The real danger of hacks is the always on connections DSL, Cable and stuff like that.

The biggest issue in security for a modem user is modem hijackers and dialers.
A software firewall is great if you vant control over what program is accessing the internet and when.

For a somewhat safer use of a modem and Internet explorer

DL and update Spybot and spyware blaster, small downloads.
Crank up the security settings in Internet explorer.

Tools/Internet Options/Security
Click Internet and set the default level to set to high.
That will break a lot of functionality in IE but you will be much safer.

[Vertigo1]

Or stop using IE and use Mozilla instead. (no, this isn't an attempt to start a browser war) Given that the majority of the crap out there is designed to break into IE only, you'd be far safer using another browser.

[Crayz9000]

I'd just warn against trying Mozilla 1.3 beta... on my Win2K box, the program kept saying that I had to restart, so I went back to 1.3 alpha.

[Dalton]

I'd just warn against trying Mozilla 1.3 beta... on my Win2K box, the program kept saying that I had to restart, so I went back to 1.3 alpha.

Dunno. I'm running 1.3 beta right now on XP Pro with no issues.

Might I add that it has selective popup blocking now?

[Faram]

Okay MRU blaster is a great tool and a nice help

MRU-Blaster is an all-new program, made to do one large task - detect and clean MRU (most recently used) lists on your computer. These MRU lists contain information such as the names and/or locations of the last files you have accessed. But they are located ALL OVER your registry, and for almost ANY file type. By looking at these MRU lists, someone could determine what files you opened/saved/looked at, what their file names were, and much more! (And, in many cases, the lists are displayed in drop-down menus automatically.)

http://www.wilderssecurity.com/mrublaster.html

From the makers of Spyware Blaster

Now go and get it