I added two Websense RSS feeds into my RSS Reader today. One feed is for alerts. It contains alerts about new phishing attacks or interesting dangerous sites. The other feed is their blog.
http://www.websense.com/securitylabs/RSSFeed.php
Archive for the ‘Spyware’ Category.
Websense RSS Feeds
Webroot Spysweeper Enterprise 3.0 Released
The server update contains the following changes:
- Improved navigation tree structure and UI
- Additional controls for new client functionality (see client changes below)
- Support for Informational definitions
- Support for Incremental definitions
- Numerous stability enhancements
- SQL Server 2005 Express Database Support
The client update contains the following changes:
- Completely new Kernel level driver engine
- Rootkit detection and removal capabilities
- 4 New Smart Shields
- ActiveX Shield
- Browser Helper Object Shield
- Spy Communication Shield
- IE Trusted Sites Shield - New Client Homepage
- Command-line access to client
- Support for Incremental Definitions
- Support for Informational Definitions
It now operates in a Kernel mode to offer protection much earlier in the boot process.
I think I’m kind of excited that development continues one what has always been a highly rated product. The activeX shield sounds like it will be a replacement for Spywareblaster. So that is less work for me monthly.
Webroot to Offer Antivirus
At the end of this article defending the need for Spysweeper even after Vista is released Webroot CEO David Moll says that Webroot will soon offer antivirus in addition to antispyware. Its not clear if they are going to bundle with a competitor, if they are developing from scratch, or if they are going to buy someone.
Other interesting notes:
-Webroot has a half million dollar “usability” center where they observe normal people using the product.
- They take time to play offense against their product, trying to be the bad guy and look for ways to circumvent the product, so they can close those holes.
- If you get a patent while working for the company you only get a 2k bonus.
Webroot Trumpets Spyware Bakeoff Results
Webroot has sent out a press release annoucing the results of a four month VeriTest bakeoff between Webroot Spysweeper Enterprise 2.5.1, McAfee Antivirus Enterprise with AntiSpyware Module 8.0 and Sunbelt Counterspy Enterprise version 1.5.268. Webroot was more than three times as effective as Sunbelt and nearly twice as effective as McAfee at cleaning all types of spyware.
The rigorous testing methodology included a test bed of two hundred randomly selected spies, divided into the following categories: adware, system monitor, and Trojans. Each product was judged on its ability to “fully clean” each piece of spyware — a comprehensive term for detecting and removing — from multiple machines. The results of a product’s effectiveness against each of the 200 spies was measured against an extremely sophisticated set of criteria that required each to be met in order to gain a “clean” rating.
Windows Defender Beta 2
Paul Thurrott reviews Windows Defender (formerly Microsoft Antispyware, formerly Giant Antispyware), and its well worth the read.
Thurrott reports that the reason for the long delay is Microsoft needed to rebuild it from the ground up in order to prepare for a 64 bit future, and to allow for region language versions amongst other reasons.
I haven’t tried it out for myself yet, my computers are busy troubleshooting a work problem. But their is some cool stuff here such as it pdates through the automatic updates service.
One thing I am wondering is, will this download automatically through the update mechanism of beta one? All I have heard is that I can install beta 2 over beta 1.
Spyware install through Winamp Exploit
While I was offline earlier this week, a new vulnerability was disclosed in Winamp. Although it a new version of Winamp was made available the next day, the bad guys also moved fast. The Sunbelt blog is reporting that CWS and spysherrif are being installed through this vulnerability. They have some good screen shots.
So better doublecheck if you have Winamp installed. Even if you dont use it, you are vulnerable if you have it installed. You should be running version 5.13 Winamp is a media player that you may have installed as a stand alone product or it may have come bundled with Netscape back in the day.
Spywaretesting.org
“Trend Micro, Symantec and McAfee are joining forces with ICSA Labs and Thompson Cyber Security Labs in a bid to standardize methods for sharing spyware samples and testing anti-spyware products and services.” reports The Register.
Zone Alarm as spyware?
Infoworld has reported that ZoneAlarm 6 Internet Security Suite is phoning home. Rather ironic since one of the reasons you would want a personal firewall that controls outbound access is to stop products from phoning home.
Rootkits and spyware, a nasty combination
The term rootkit entered more people’s lexicon as it was used to describe the Sony Digital Rights Management software. Spyware vendors have been using rootkits to prevent the uninstallation of their malware. Increased usage of antispyware products and their incorporation in antivirus products have caused them to use less obvious and more lasting methods.
Gregg Keizer of techweb reports:
Richard Stiennon, director of threat research for anti-spyware vendor Webroot, agrees that rootkits are being used by spyware and adware vendors.
“In the first half of the year, all we really saw was proof-of-concept code rootkits in spyware,” says Stiennon. “Once they got that to work, though, since May really, we’ve seen several different rootkits in use.”
There are dozens of simple ways to hide from the Windows file system, some enough to defeat elementary defenses, notes Stiennon, but the more sophisticated spyware suppliers have turned to rootkits. “It’s still a minority of the spyware and adware that’s using rootkits,” he says. “But it’s the cutting edge for them. All the new stuff we’re seeing uses rootkit techniques.
“It’s more important to hide if you rely on revenue-generating software that most people want to uninstall,” he adds.
Its more important now than ever to make sure your antivirus and and antispyware products are able to detect rootkits as this problem is only going to get worse.
Webroot Spysweeper 2.51
I finally have Webroot Spysweeper 2.5 in my hands. I’ve been waiting for this since August. The admin console now has some good reports available. I’m happy about that.
