lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <addc34c6050304132633baba1c@mail.gmail.com>
From: nocmonkey at gmail.com (Danny)
Subject: "No such thing as spyware"

From: http://www.viruslist.com/en/weblog

Thoughts?

--------------------------------------------------------------------------------
No such thing as spyware

  Eugene     	  March 03, 2005 | 22:21  MSK 	


"The rising number of cyber-criminals creating more and more different
malicious programs, attacks and cyber-frauds have resulted in the
media and public paying more attention to security issues. New
solutions and services, such as patch and vulnerability management,
intrusion prevention, etc., appeared during the last year or so.

New threats are appearing as well. But are they really all that new?

Spyware is a brand new word in the threats list and it is being used
widely. Everyone is talking about spyware: many dedicated anti-spyware
products have appeared on the market, all of them brand new.

But what exactly is spyware? What threats does new term cover? My
favorite definition of the term can be found at Information week.

"Spyware is software that's installed without your informed consent.
Spyware communicates personal, confidential information about you to
an attacker. The information might be reports on your Web-surfing
habits, or the software might be looking for even more sinister
information, such as sniffing out your credit card numbers and
reporting those numbers."

Exactly. This is a good definition which we can use to describe
software designed to spy on user actions and report on infected
machines.

Did we have such software in the past? Of course we did. The first
malicious software designed to spy and steal confidential information
was detected back in 1996 - the AOL Password-Stealing Trojans.

Have we already seen other malicious programs which can be described
as spyware? Certainly! There are many different kinds of Trojans
designed to:


    * steal passwords/logins (including bank account information)

    * log user activity (keyboard, screenshots, applications being run)

    * backdoor trojans which have spy abilities

Thus, what people are calling spyware is not new at all...

Anything else that can be called spyware? Yes. Numerous advertising
tools (adware/advware) which report such information as visited Web
pages and Web search requests. Sometimes this information is
confidential.

And there's even more. Legitimate keyloggers for example,
freeware/shareware/commercial utilities which log keystrokes and/or
monitor other user activities.

Are we done? No, there are still more programs that report user
information to outside sources. For example, if you post to a forum
your email client will report your email address. If you are browsing
the Internet your IP address, Windows and browser version can all be
logged as you surf.

Can we or should we class these programs as spyware? Definitely not.
This is where we reach the border between so-called spyware and
non-spyware.

And the border is fuzzy. Because the issue is not always what the
program does, but how it's being used. We call the border-line
programs riskware, and detect many of them as 'not-a-virus'. We leave
it up to users to decide what to do next: if they want or need the
program, they can keep it. However, if it was installed without their
consent or is doing something they don't want or need, we find it for
them, so they know what's going on in their computer and can make an
informed choice.

So, technically speaking, spyware simply doesn't exist as a
stand-alone cyberthreat.

The programs which are being called spyware are, from a technical
point of view, simply a limited sub-set of Trojans, advertising
software and some riskware:


    * Trojan spies and some backdoors

    * most adware

    * riskware ? potentially hostile programs that require users to
make conscious choices about using them

In short, there is no such thing as spyware.

On the other hand there are many anti-spyware programs produced by
vendors who actively promote their products as dedicated anti-spyware
solutions.

An interesting review was published in latest PC Magazine {USA
edition, Feb 22 2005, pages 82-91}. They compared how a number of
security suites (anti-viruses) and dedicated anti-spyware products
removed so-called spyware. Guess what? Some traditional solutions are
better at removing these threats than dedicated ones.

Unfortunately, there are no adequate consumer tests to separate
effective solutions from ersatz-security programs. In the PC Magazine
tests, there were only 24 "spyware" samples tested. In reality, there
are hundreds of malicious programs in the wild that fit into this
category. For instance, we know of over 200 adware families (with
numerous variants in each). We need better and more in-depth tests in
the future.

To cut a long story short, the term spyware is basically a marketing
gimmick: just to separate new ersatz-security products from
traditional ones, just to push almost zero-value products to the
security market.

We need to avoid this trap. There is nothing worse for the computer
security community than false alarms and/or users with a misplaced
sense of safety."


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ