Re: Spyware assessment techniques



(Note: I work for Shavlik - blatant vendor/product pitch below)

Derek,
We have a solution that does network spyware scanning - no agents required on individual hosts - all the scanning is performed remotely by the console and nothing is installed or instantiated on the target hosts (scanning assumes you have admin login creds and access to the file and printer sharing service on those machines).

The scan engine detects different types of items: spyware, malware, adware, non-business ware, and configuration (to protect against malware infestation). It further labels items based on confidentiality, integrity, availability, non-business, and productivity (you can filter to scan for all types and labels, or only selected items). Reporting can be done at the console with 15+ different kinds of reports and exports, and the entire scan process can be done via commandline. Remediation is also available, though it can be licensed to do scan only (Audit version). We also have licensing available for consulting engagements, so you can cut keys to do the Audit version against a given number of hosts for a specified period of time.

You can view a sample of the reports here: http://reportserver.shavlik.com/ (choose a report type towards the bottom for spyware reports)

more info on the product here: http://www.shavlik.com/netchk-protect.html

(you can license the audit version with or without the patch assessment portion)


At 10:07 PM 2/9/2006, Derek Nash wrote:
I am now frequently getting requests for spyware/grayware/adware
assessments as subcomponent of a larger security assessment. My
efforts up to this point have been a manual process of loading free
antispyware tools, scanning the host, individually recording the
results, classifying the types of spyware encountered and reporting
the results.

Recently I have begun to consider including data from a web usage
analysis tool that has the ability to identify spyware downloads and
phone home attempts to augment these manual efforts. I am wondering
what others are doing in regards to spyware assessments and if anyone
is aware a spyware "network scanner" that would allow me to look at a
larger sampling of hosts on a network during these assessments.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



Relevant Pages

  • Re: Spyware assessment techniques
    ... what others are doing in regards to spyware assessments and if anyone ... larger sampling of hosts on a network during these assessments. ... Audit logs of the systems themselves ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. ...
    (Pen-Test)
  • Re: Windows XP internet connection sharing problem
    ... Examine the contents of hosts, using Notepad, carefully. ... Check for a spyware hijack of a currently ... Get expert advice using HijackThis. ... TrendMicro Signatures ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Windows XP internet connection sharing problem
    ... Examine the contents of hosts, using Notepad, carefully. ... Check for a spyware hijack of a currently ... Get expert advice using HijackThis. ... TrendMicro Signatures ...
    (microsoft.public.windowsxp.network_web)
  • Re: Windows XP internet connection sharing problem
    ... Examine the contents of hosts, using Notepad, carefully. ... Check for a spyware hijack of a currently ... Get expert advice using HijackThis. ... TrendMicro Signatures ...
    (microsoft.public.windowsxp.general)
  • Re: FreeBSD and User Security
    ... this loss largely due to the use of spyware. ... safeguarding the machine against network attacks. ... unix mail clients as a rule do not execute ... vulnerabilities, and a determined cracker would create his own program. ...
    (freebsd-questions)