Spyware

[ER@40]

Suckered with Spyware is recent days. Slickest PC takeover I've ever seen.
NO obvious email attachments, downloads, java applets, or new plugins were involved.

Suspect it was a rogue activeX control stealthily downloaded from a popup webpage. But could also have been an open Port/Dcom style attack as documented by 'messysoft'.

Question is this:
Has anyone a simple method i.e. an IE Toolbar app, that expedites the enabling/disabling of IE Internet-Explorer Security options?  
(Preferably a tool for multiple systems: Win98, NT, XP)

IE6.0 Examples :-
1. Tools->Internet options->Advanced-Show Pictures

2. Tools->Internet options->Security->Custom Level->Active Scripting

3.Tools->Internet options->Security->Custom Level->Run/Script/Download activeX controls . .
(whether signed/unsigned or marked/unmarked safe) . .

 

[laurence]

Hmm, well, find the keys in the registry, then throw two reg updates on your desktop, one with them on, one off. When you are worried, double click the hi security one and say yes to updating the registry, then when you need them changed, click the other. Best I can do while taking a mental break at work. If no one improves on this answer I'll find and get you the registry keys Tuesday (Big Heapum Presentation on Monday).

 

[ER@40]

Best I can do while taking a mental break at work.  If no one improves on this answer I'll find and get you the registry keys Tuesday (Big Heapum Presentation on Monday).

Have had many of those days. Thanks but please don't go to any great trouble.

Ideally I'd like to mimic the APPLY button on the Internet Options dialog, so that the immediate current session of IE is updated.

I don't know how to do this though by executing reg files manually, it would only impact future IE sessions I think?

 

[laurence]

Alas, you are correct sir. BTW, no big trouble, if I come up with something just by happenstance, I'll let you know.

 

[wabmester]

Suspect it was a rogue activeX control stealthily downloaded from a popup webpage.

What makes you think that? Virtually all of the web-borne viruses have been exploits of Microsoft bugs. Typically stack overflows in buggy code that doesn't do any bound checks. The virus then executes code on the stack to get control. IE will tell you if you're downloading an ActiveX control, but there's little you can do to stop an MS-bug exploit. Of course, make sure you've downloaded the latest security patches from Microsoft. And then switch to Firefox.

 

[gratefuled]

The Firefox advice is spot on. Switch over immediately, or sooner.

http://www.mozilla.org/products/firefox/

Or better still, Mac yourself.

Ed

 

[kat]

Mac and firefox for sure.

Got 'em both.

 

[laurence]

You see? Don't listen to me when I'm working late, I was using Firefox right that moment and failed to mention it. Also, Ewido is a great anti-spyware tool, much better than ad-aware or spybot, and it's priced right for ER.....FREE!

 

[cute fuzzy bunny]

Firefox, norton antivirus and the free microsoft antispyware. Occasionally run spybot and adaware as those snag some cookies that microsoft antispyware and NAV dont get.

So far no hijacks, no viri, and no spyware that didnt come preloaded with software I intentionally loaded.

 

[charlie]

Thanks for the tip, Lawrence. I downloaded Ewido and it found
39 infected files. It took about 4 hours to run, however.

Cheers,

Charlie

 

[BUM]

AAAIIIIEEEEEEEEEEEEE! I hate that f' in s**t. I've been happy with FFox for almost a year now. But DW can't play certain games or visit certain sites (no not those sites) without IE. So she ocassionally uses IE and a few days later WHAM!

"Honey, my computer is frozen again and I can't get this annoying shopping thing off my screen, and I DIDN'T DO ANYTHING. Can you fix it please, but don't lose my bookmarks, IM stuff and homepage, and..." .


"Don't worry. Bring your laptop over here and I'll fix it (AGAIN)

 

[Brat]

Caution

I downloaded "ewido" and have two issues at the moment:  there is no remove feature; and there is no way for me to tell it that cookies from this website are OK, delete all the others.

 

[laurence]

Hmmm, I have it under control panel-add/remove programs. I'm able to unselect files when I scan for infections, and this site remembers me when I come back. What OS are you running? (XP here).

Note-not saying I'm an expert on Ewido or saying it's the second coming, but it has helped me succesfully remove spy ware that spy bot and adaware could not, and it finds files they don't, where I have not found the reverse. Plus some white hat hacker boards I lurk at recommended it. It is important to vet your anti-spyware products though. So many of them are really just spyware themselves.

Here's a review:

http://www.anti-trojan-software-reviews.com/review-ewido.htm

 

[ER@40]

What makes you think that?   Virtually all of the web-borne viruses have been exploits of Microsoft bugs.   Typically stack overflows in buggy code that doesn't do any bound checks.   The virus then executes code on the stack to get control.   IE will tell you if you're downloading an ActiveX control, but there's little you can do to stop an MS-bug exploit. 

Yep - suspect it was a 'buffer overrun' style attack that set in motion seed code to kick-off download of the actual Spyware. There was also a CAB file created with an activex - suspect this was a follow on to the initial attack - more spyware maybe or an additional app to enable macro level OS changes like registry and file manipulation etc. (a guess)

Had ventured towards IE alternatives such as Opera/Mozilla a few years ago but was disappointed at how slow and uncustomisable they were. Perhaps its time to take another look . . .

 

[ER@40]

The Firefox advice is spot on. Switch over immediately, or sooner.
http://www.mozilla.org/products/firefox/
Or better still, Mac yourself.
Ed

Congrats Gratefuled on being recently FIREd (literally).
Downloaded Firefox, so far its pretty good - and only a 4.x MB foot-print - nice!

FireFox is better built to work with 'Load Images' turned off. Another reason for the original post was to look at speeding up page loading and minimize ads. Currently only have dial-up (neighborhood has '3rd world' broadband coverage), and LYBM means not ordering a deluxe burst satellite transmitter .

 

[ER@40]

Firefox, norton antivirus and the free microsoft antispyware.  Occasionally run spybot and adaware as those snag some cookies that microsoft antispyware and NAV dont get.

Traditionally have been afraid to rely on Anti-spyware/anti-virus apps because they offer a false sense of security :-
1. Frequently too slow to prevent world wide virus/spyware outbreaks.
2. Frequently register false positives for adware&spyware - sometimes even viruses. They can block legitimate software installs.
3. Have dial-up only. Download of updates therefore is a headache.

Is there a common view that Ewido, free Microsoft antispyware spybot and adaware etc are updated sufficiently (catching everything) and have small file-size downloads and updates?

 

[Nords]

Is there a common view that Ewido, free Microsoft antispyware spybot and adaware etc are updated sufficiently (catching everything) and have small file-size downloads and updates?

To me it seems to be the price of roaming the big bad Internet. Do you have a better solution?

 

[ER@40]

To me it seems to be the price of roaming the big bad Internet.  Do you have a better solution?

Even Microsoft see its about time that virus/spyware security (& updates) be included in the OS. There should be hardware locking of system files on a hard drive, similar to how the BIOS write-protects the boot-sector. And memory allocated to executable code should only be populated by files stored on this locked drive, and afterwards be read-only.

After all code whether running or stored shouldn't be editable in the same way say an Office document is. And it shouldn't be possible to part modify an executable whatsoever. (Self-modifying code went out with memory constraints).

But previously was really asking - where dial-up is the only available net service,   how practical are many of these options on an ongoing basis? (i.e. the above review of FREE Ewido states that the free version is missing all the key features!)

 

[Nords]

Even Microsoft see its about time that virus/spyware security (& updates) be included in the OS. There should be hardware locking of system files on a hard drive, similar to how the BIOS write-protects the boot-sector. And memory allocated to executable code should only be populated by files stored on this locked drive, and afterwards be read-only.

After all code whether running or stored shouldn't be editable in the same way say an Office document is. And it shouldn't be possible to part modify an executable whatsoever. (Self-modifying code went out with memory constraints).

But previously was really asking - where dial-up is the only available net service,   how practical are many of these options on an ongoing basis? (i.e. the above review of FREE Ewido states that the free version is missing all the key features!)

OK, lemme rephrase that.

If you have a better solution then go do it.

You asked a question, several posters volunteered their answers, but instead of trying them (or at least thanking those who took the time to offer their ideas) you started polling the rest of the board for a "common view" opinion.

At some point it's time to stop nit-picking everyone else's suggestions and make your own decisions about how practical or up-to-date they are.

 

[ER@40]

You asked a question, several posters volunteered their answers, but instead of trying them (or at least thanking those who took the time to offer their ideas) you started polling the rest of the board for a "common view" opinion.

Appear to have touched a nerve- not the intention – sorry!
I had edited an earlier message (Gratefuled above) indicating I took the FireFox route.

In a round about way, I was asking the question what's the future for 3rd party tools (free or not) and how effective are they really? As not everyone was in complete agreement. I suspect because of Microsoft’s recent interest that we'll eventually be seeing tighter integration of the OS and likewise defensive tools in the future . . .

Anyway, thanks everyone for all the suggestions.