Re: Adware, spyware, and trojans

From: Gene (gyoo@attbi.com)
Date: 12/09/02

  • Next message: Sinha, Amitabh (Amit): "Providing Visitor Access" 
    Date: Sun, 08 Dec 2002 23:30:45 -0800
From: Gene <gyoo@attbi.com>
To: "Kruger, David, 1stLt, AFPCA/IAN" <David.Kruger@pentagon.af.mil>

    just to add to this, some web enforcement tools such as webtrends has a
    feature to stop this sort of activities... be aware, some apps require
    (P2P) spyware, wait, i can't confirm this, but i did some trial and
    error using adware program and ran into one of my programs not working
    (Kazaa) while i was trying to create a trap for this type of activity in
    the network...

    Kruger, David, 1stLt, AFPCA/IAN wrote:
    > Here's Symantec's stance on the subject. Not sure about others:
    >
    > Does Norton AntiVirus detect Jokes, Adware, or Spyware?
    > Last Updated on: October 28, 2002 03:12:51 PM PST
    >
    >
    >
    >
    > Jokes, adware, and spyware are programs that may arrive as email
    > attachments, may be downloaded from a Web site, or, in some cases, installed
    > when you install another program.
    >
    > By design, Symantec Security Response does not provide virus definitions to
    > detect joke, adware, or spyware programs. Such programs are not malicious,
    > and detecting them only leads to unnecessary virus alerts, which could cause
    > you to believe that you have run or received a dangerous program when you
    > have not. If you have received or installed such a program, and you do not
    > want to run it, we suggest that you uninstall or delete it.
    >
    > In general, if a suspicious program asks you to agree to an End User License
    > Agreement (EULA) prior to installation, or if the program itself is
    > copyrighted, then Symantec Security Response will not add a detection for
    > the program in question.
    >
    > Jokes
    > Jokes are programs that attempt to display something humorous or pretend to
    > perform a malicious action. They are not a viruses, worms, or Trojans, and
    > are not detected as such. If you received or installed a joke program, and
    > you do not want to run it, we suggest that you uninstall or delete it.
    >
    > Adware
    > Adware is a type of program that displays an advertisement of some sort,
    > usually related to a specific Web site in your Web browser. In some cases,
    > it changes the home page of your Web browser to point to a specific Web
    > site.
    >
    > In most cases, some user interaction is required to install adware. You must
    > either double-click the program to run it, or there is information on the
    > Web site to inform you that it will install a program on your computer.
    > (This information may not be obvious, however.)
    >
    > Because adware programs are not malicious, and are not viruses, worms, or
    > Trojans, Norton AntiVirus does not detect them as such. Detecting
    > nonmalicious programs such as jokes or adware could cause you to believe you
    > have run or received a dangerous program when in fact you have not.
    >
    > Symantec Security Response recommends that you simply uninstall or delete
    > such programs.
    >
    > If you think that you have received or run a program that may be malicious,
    > but is not being detected by NAV, please follow the instructions in the
    > document What to do if you suspect that your computer is infected with a
    > virus, worm, or Trojan.
    >
    > Spyware
    > Spyware is a generic term for a class of software designed to either gather
    > information for marketing purposes or to deliver advertisements to Web
    > pages. Although software of this type is legitimate, it can, in some cases,
    > be installed on your computer without your knowledge. This poses privacy
    > concerns for many people.
    >
    > Spyware basically comes in, but is not confined to, three forms:
    >
    > As software bundled and installed with another software application
    > As a stand-alone installation package
    > As a modification to the HTML of a Web page.
    >
    > When bundled, spyware installs as part of the installation of another
    > software. You may or may not be made aware that this is happening. When
    > installed as a stand-alone product, it often takes the form of a free
    > downloadable tool, game, or utility.
    >
    > The general purpose of spyware is to gather information about your Internet
    > surfing habits and deliver that information to its customers. That
    > information, in turn, is used to deliver advertising that you (based on your
    > Web surfing demographic) are most likely to respond to.
    >
    > Spyware programs, while they may be objectionable, are not malicious, and
    > detecting them only leads to unnecessary virus alerts which could cause you
    > to believe that you have run or received a dangerous program when you have
    > not. Most spyware programs have Web sites, and many of these sites have
    > privacy statements or FAQs that explain what they do and what types of
    > information they collect. This information can assist you in making an
    > informed decision on whether to keep or uninstall the spyware.
    >
    > NOTE: In many cases, when the spyware is installed with a utility or game
    > you downloaded, you may have to uninstall the utility or game to uninstall
    > the spyware.
    >
    > Spyware often bundles with free downloadable Internet programs such as Web
    > browsers, browser enhancements, desktop utilities, browser theme packages,
    > and games.
    >
    >
    >
    >
    > Write-up by: Randy Rejda
    >
    >
    > ~Freddie
    > David C. Kruger, 1st Lt, USAF
    > Chief, AFPCA Perimeter Defense
    > 1777 North Kent Street
    > Plaza Level, Suite 1500
    > Rosslyn, Virginia 22209
    > 703-693-5755
    > DSN223-5755
    > Cell: 703-901-8401
    > david.kruger@pentagon.af.mil
    >
    >
    > -----Original Message-----
    > From: Carere, Courtney [mailto:CCarere@rich.com]
    > Sent: Friday, December 06, 2002 11:49 AM
    > To: 'security-basics@securityfocus.com'
    > Subject: Adware, spyware, and trojans
    >
    >
    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Upon reading "The Art of Deception" by Kevin Mitnick yesterday (an
    > excellent book, by the way), he writes that most antivirus software
    > does not detect spyware, which was a shock to me. Spyware seems to
    > be defined as software that logs keystrokes, screenshots, user
    > actions, etc. I have a couple of questions:
    >
    > 1. What's the distinction between spyware, adware, and trojan
    > software? (My antivirus software says it protects against Trojans,
    > and I've seen programs like SubSeven in its log files.)
    >
    > 2. Is there any good software that detects and removes spyware,
    > ideally controlled and updated continuously from a central server?
    >
    > Thanks!
    >
    > - - Courtney Carere
    >
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGP 7.0.4
    >
    > iQA/AwUBPfDTHHcM/5zG0KHEEQIcrACg73VSeTkX/ecvtX+HOWnFNCVNsUUAoMqs
    > n4t8pKXIbtMIQaMiwRhLW/gN
    > =4uWy
    > -----END PGP SIGNATURE-----
    > 

    -- 
Gene Yoo, gyoo@attbi.com