• No results found

Spyware vs. Anti-Spyware

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Spyware vs. Anti-Spyware"

Copied!
26
0
0

Loading.... (view fulltext now)

Download now ( 26 Page )

Full text

(1)

Spyware vs. Anti-Spyware

Spyware vs. Anti-Spyware

Dr. Robert W. Baldwin Plus Five Consulting, Inc. Kevin W. Kingdon

Intellitrove, Inc.

Dr. Robert W. Baldwin Plus Five Consulting, Inc. Kevin W. Kingdon

(2)

Outline

Spyware Demonstration & Discussion Spyware: What’s New & Old

Anti-Spyware: What’s New & Old Future of Spyware & Anti-Spyware

(3)

Demonstration

SpyAgent

ModemSpy

(4)

Discussion of Demonstration

Spyware Log Files are Very Sensitive

Spyware Trumps Encryption, Certificates, Smart Cards

— PGP Password Grabber Reporting Via Piggy-Back Email is Very Hard to Detect

Log Analysis Is Time Consuming Sound Recording Legally Tricky

(5)
(6)

Spy Hardware

KeyKatcher

- Used by High

School Students

High-End:

Built Into

Brand Name

Keyboards

(7)
(8)

Outline

Spyware Demonstration & Discussion Spyware: What’s New & Old

Anti-Spyware: What’s New & Old Future of Spyware & Anti-Spyware

(9)

What’s New in Spyware

More Specialization for Sub-Markets

— Child Protection, Corporate, Spouse

— Hidden Sub-Market: Spying for Profit

Some Vendors Have Gone Out Of Business Corporate Network Surveillance

FBI Prosecutes Spyware Vendors

— New Legislation Pending

(10)

What’s New in Spyware

Retreat from “Stench” of Black Hat Spyware

— Avoid Logging Passwords or Credit-Card Numbers

— Promoting Corporate Features: Distributed Install & Monitor

Running in the Kernel for Better Capture & Stealth

— WinXP Password Logging

Rootkits Include Keylogging

Better Hiding of Log Files and Communications More Modem and Microphone Spying

(11)

What’s Old in Spyware

SpectorSoft and SpyTech Remain the Leading Vendors

— Still Lots of “Little Guys”

No New Technologies for Collection or Stealth Remote Control Software Used As Spyware “Silent” Installation Common

Good Reporting for Single Target Still Trumps Encryption

(12)

Outline

Spyware Demonstration & Discussion Spyware: What’s New & Old

Anti-Spyware: What’s New & Old Future of Spyware & Anti-Spyware

(13)
(14)
(15)

What’s New in Anti-Spyware

Symantec and Network Associates Enter Market

— More Corporate Awareness of Threats

More Public Awareness of Threats

— More “Little Guys” Making Spyware & Anti-Spyware

— More Anti-Spyware Spam

(16)

What’s Old in Anti-Spyware

SpyCop Catches All Popular Spyware

SpyBot Much Faster but Misses Some Spyware Good Security Practices Help

— Virus Scanners, Email Filters, Firewalls, etc.

(17)

Built-in Windows Anti-Spyware

Low-End Spyware Caught by Built-In Tools SigVerif.exe Finds Unsigned System Files Windows Explorer Finds Newly Created Files Task Manager Reports Some Spyware

MsConfig.exe Reports Some Spyware Startup Items Disk & Network I/O LEDs Can Show Spyware Activity

(18)

Anti-Spyware Tools

Anti-Spyware Websites & Newsletters

— www.keylogger.org & www.spywareinfo.com

— news:alt.privacy.spyware

SpyBot, SpyCop, and Many More

— Like Early Virus Scanners: Signature Based

— Scan for Active Program Files & Installer Files

— Scan for Registry Entries, Directories

Window Washer, SpyBot & Others

(19)

Anti-Spyware Discussion

Free & Commercial Tools Very Effective Against All Popular Spyware

— Program Quality & Usability Varies

— Keeping Up With Spyware Signatures Varies

Software Countermeasures Do NOT Work Against Spy Hardware

— When Boss Spills Coffee on Your Keyboard …

The Paranoid Need Both!

(20)

Outline

Spyware Demonstration & Discussion Spyware: What’s New & Old

Anti-Spyware: What’s New & Old Future of Spyware & Anti-Spyware

(21)

Future of Black Hat Spyware

Spyware as Stepping Stone

For “The Big Attack”

— Windows is Big Attractive Target — Place Backdoor in MS Source Code

Crackers Building Black Hat Spyware

— Better Spyware Building Kits — Harder to Detect & Remove

Anti-Anti Spyware (That Works)

(22)

Future of Black Hat Spyware

Print Server Sniffing

Sniffing WiFi Neighborhood Sniffing TCP/IP Sessions

Capture NetMeeting, SSH sessions

Spy Directly on Office Applications (VBA, VB.Net)

(23)

Future of White Hat Spyware

Enterprise Features

— Central Installation, Control, Upgrade

— Eliminate Smell of Black Hat Features

— Hire Private Investigators to Avoid Liability

Better Analysis Tools

— Adaptive Logging And Reporting Details

— Easily Spy On 100 Employees

(24)

Future of White Hat Spyware

Child Protection Sub-Market Will Grow

— Worried Parents Attract Large Vendors

— Ease of Use, Reliability

— Thought Police for Schools

Corporate Policy Enforcement

— Fax, Copier, Printer, Modem, Net

— Record Files Saved to Removable Media

(25)

Future of Anti-Spyware

Fear of Lawsuits Slows the Anti-Virus Vendors Spyware Detection Based on Behavior

— More Than Name & Content Signatures

— Running All The Time

— Check Every Downloads

— Detect Spyware Reporting

IT Approved Signed Executables Still Waiting for Trusted Computing

(26)

Questions?

For More Information:

Baldwin@PlusFive.com

Kevin@Intellitrove.com

References

Download now ( PDF - 26 Page - 772.76 KB )

Related documents

National Coalition of Esthetic & Related Associations NCEA Advance TM Newsletter The Voice of the Future

Proposal by the NCEA to Board of Cosmetology Florida Board of Cosmetology is reviewing the NCEA 600 Hour Esthetician Job Task Analysis in consideration of rais- ing the level

The relationship between students’ attitudes and subjective norm on their intention to use mobile marketing services

Results of the research showed that attitude and subjective norm have a straight positive relationship with behavioural intention to use mobile marketing.. However, when

The chemical composition, antimicrobial and antioxidant activities of the essential oil of Salvia fruticosa growing wild in Libya

Several authors have focused on the biological properties of the essential oils obtained from Salvia species and their major compounds, such as antibac- terial and

COMMAND SPONSOR AND INDOCTRINATION PROGRAMS

The Command Indoctrination Program must include the Navy Pride and Professionalism training and shall be provided to all personnel within 30 days of reporting

Recent Trends in Hemodynamic Monitoring

With the addition of continuous glucose monitoring, Edwards gains a potentially high-growth product for its hospital moni- toring business. According to the company, the

American Gastroenterological Association Institute Technical Review on the Management of Gastroesophageal Reflux Disease

The Montreal consensus group divided manifes- tations of GERD into esophageal and extraesophageal syndromes, with the latter divided into those with estab- lished or

The Football Supporter in a Cosmopolitan Epoch

In order to construct the ethical and political arguments for distinctively imagining the transnational football supporter as the cosmopolitan flâneur, this