Tuesday, September 13, 2005

Two Wales - theory of fighting against spyware/malware/adware

Two Whales

“Two whales” are two basic ways of fighting against spyware/malware/adware. In this short article we will tell you about the “two whales” of mankind’s confrontation with the misfortune called “spyware”.
So, from this point on, talking about spyware/malware/adware we will mean software which is installed (launched) at a user’s computer without the user’s knowledge, impedes their work and of which the user certainly wants to rid themselves to return to their normal full life.

Whale One – protecting the territory

The first thing you need is to prevent the enemy from getting to you territory. To locate it just when it crosses your border and to destroy it. To understand how to do this, it’s necessary to learn all paths that the enemy can use to cross the border and set there your traps. This method of protection is called Real-Time Protection (sometimes you can also come across the term IDS – Intrusion Detection Software). Many producers of anti-spyware build real-time protection mechanisms into their products to a greater or lesser extent. Such a mechanism tracks key settings of the operating system and informs the user of any attempt to modify them (Arovax Shield is one of such products). Then the user decides if the modification should be allowed or denied. However, there is one big drawback. Not only spyware applications change these settings but normal programs also do. If the software producer uses a signature base and blocks only what is known to them, they risk letting through a new, unknown enemy. If the software blocks all modifications (like Arovax Shield does), then the right to decide is passed to the user, but not all the users deeply understand all system settings (and besides, they do not have to).
Probably, the best solution would be a combined mechanism. At the moment when the system is modified, you not only issue a notification to the user but also indicate if the corresponding spyware is found in the signatures base.

Whale Two – cleaning the territory

This is like a cold war. Both parties are constantly increasing their military potential. Producers of anti-spyware software are improving their fight methods while producers of spyware are looking for new insidious ways to get in the user’s PC and dig in deeply. And it’s not always that the formers outdo the latters.
And when the first frontier is broken and the enemy crossed the border, the Weapon Number Two appears on the scene – a spyware remover. Remover (or Cleaner) is the program which will help to remove already installed spyware. First of all, it includes a reliable scanner which will scan the user’s computer, detect saboteurs (the installed spyware) and eradicate them. The most important thing at this stage is a good spyware base. The more signatures it includes, the more the possibility to detect the enemy.

Here are the mandatory components of such a product:
Scanner which performs the PC scan and spyware detection by the known signatures.
Remover (or Cleaner) which is responsible for eradication of the detected spyware.
Quarantine. If a user is in doubt if the detected spyware should be removed, they can place it in quarantine before the removal and then remove. Later they will have the possibility to restore the removed information.
Ignore List. Sometimes the scanner detects something that the user does not consider spyware/malware/adware or does not want to remove. Then such records are placed on a special list and will be ignored during the following scans.

Concerning selection of a spyware remover we recommend to pay your attention not only to the availability of the above four components but also to the quality of the signature base. A very important issue is how quickly the producer responds to the new threats appearance and updates the base.

(c) Arovax, LLC

0 Comments:

Post a Comment

<< Home