Will AVG detect spyware?

From: "PCR"

| Oh. Too bad. So? There is still...
|
| http://www.kerio.com/us/kpf_download.html
| Suggested to me by Dundat, this little app is the cat's meow of
| Firewalls. Well, it's the only I've ever tried, but it seems to have it
| all & hasn't crashed yet. Free for personal use.
|
| www.geocities.com/yosponge
| As BoB has said, this site will show you every last little thing you can
| do with it. Don't get confused with all the possibilities, though.
|
| http://www.cisco.com/univercd/cc/td/...ito_doc/ip.htm
| What a packet looks like, thanks Blanton.
|
| http://www.cisco.com/en/US/about/ac1..._magazine.html
| Packet Magazine, again Blanton's discovery. (So, go ask him what it all
| means!)
|

Kerio will stop providing its FireWall at the end of the year. :-(

http://forums.kerio.com/index.php?t=msg&th=7040

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

That is pitiable! Now is the time for all good Win98 users to download
the free version! But what would a subscription have been for? It's not
like one needs definitions for it.

Someone should go find Dundat (George Gedye) at sea & tell him this
horrid news!


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR

"David H. Lipman" wrote in message
...
| From: "PCR"
|
| | Oh. Too bad. So? There is still...
| |
| | http://www.kerio.com/us/kpf_download.html
| | Suggested to me by Dundat, this little app is the cat's meow of
| | Firewalls. Well, it's the only I've ever tried, but it seems to have
it
| | all & hasn't crashed yet. Free for personal use.
| |
| | www.geocities.com/yosponge
| | As BoB has said, this site will show you every last little thing you
can
| | do with it. Don't get confused with all the possibilities, though.
| |
| | http://www.cisco.com/univercd/cc/td/...ito_doc/ip.htm
| | What a packet looks like, thanks Blanton.
| |
| |
http://www.cisco.com/en/US/about/ac1..._magazine.html
| | Packet Magazine, again Blanton's discovery. (So, go ask him what it
all
| | means!)
| |
|
| Kerio will stop providing its FireWall at the end of the year. :-(
|
| http://forums.kerio.com/index.php?t=msg&th=7040
|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|

On Sat, 29 Oct 2005 08:24:08 +1000, Franc Zabkar
On Fri, 28 Oct 2005 05:40:02 +0100, "Blair"

I have been told that my AVG anti virus programme does not detect
spyware? Is this true?

Traditional antivirus vendors have until fairly recently ignored
commercial malware alltogether, because these are "not viruses". Some
were so narrow-focused that they would not even manage trojans that
didn't spread themselves between infected PCs (e.g. were asserted
directly via a hostile web site) because these were "not viruses"
either. Lately, some traditional av vendors have started chasing
commercial malware; Kaspersky, Trend, then CA, McAfee etc.

Even so, I'd use free dedicated on-demand scanners (AdAware, Spybot)
for this threat, plus Spyware Blaster as a passive blocker, and
finally Microsoft Antospyware Beta as resident protection if need be.

And what is spyware?

"Spyware" is a popular but inaccurate term for what I refer to as
"commercial malware". This is software from an ostensibly bone fide
business that stealths into your PC and/or does things you'd rather
not have done, were you to be aware of what it was doing.

The common theme is making money, and in order to collect the money,
the protagonists have to be visible and thus pretend to be legitimate.

But this class of unwanted software usually makes money in ways that
don't involve "spying" at all - that's why the term "spyware" sucks.
Remote Access Trojans (RATs) and keyloggers are more likely to be used
to "spy" on you, but these are outright criminal tools that spread
automatically and anonymously, and aren't called "spyware".

So; how does commercial malware make money?
- collating info about you and selling it to advertisers
- displaying ads on your screen
- replacing other vendors' ads, and even content, with their own
- re-directing commission from other vendors' ads to themselves
- adding fake links to other vendors' web sites and content
- hijacking your browser's home and/or search pages
- patching non-standard "Internet" sites into your 'net access
- dialing up to premium-rate phone numbers
- posing as anti-spyware programs that you'd pay for

A common theme is re-directing revenue from other vendors' value to
themselves. Typically, commercial malware vendors hide behing
affiliate programs, in the interests of plausible deniability; the
affiliate gets paid to spread the malware, but the malware vendor
disclaims any responsability for methods used by the affiliates.

I suggest you use an additonal AV program, but have it set up to
launch on demand.

Yes, this reflects my current experience.

We've always said that you should use more than one scanner against
commercial malware, because they vary (and overlap) in efficacy and
because some have dropped detection of some malware due to legal
pressure (commercial malware vendors are businesses, right - so they
can sue your ass off, and have done that to some defense vbendors).

Now I find I need multiple traditional av when cleaning up systems.

You should generally have only one of each class of the following
running at any one time: antivirus resident scanner, firewall, and
scanner for commercial malware. I'm using free AVG, XP SP2 firewall,
and Microsoft Anti Spyware Beta in these three roles. What is most
important, is that your scanners should be kept up to date!

But you can apply multiple scanning products electively, one at a
time, to check suspicious material. In the days when PCs were too
slow to run resident av, I would gather all incoming material into one
subtree and point a big desktop shortcut that ran my on-demand
(elective) av scanner at that material.

I still have that data layout, and may start using additional elective
av as manual scanners in this way.

Consider your resident scanner to be your "goalie of last resort".
Both you (as user) and your PC (as code base) have to be smart enough
not to take stupid risks.

You update your PC's smarts via monthly Windows Update, new Firefox
downloads as these arise (generally also once a month) and by
uninstalling old Sun Java and installing the new one as these are
released. If you don't use Sun's Java or Firefox, then Windows Update
is mostly what you need.

You update your own smarts through forums like this, and also by
setting your PC not to hide information from you that you really need
to know - such as file name extensions, the true and full paths of
which directory you are in, and so on.

But it's quite a struggle, and falls are common.


-- Risk Management is the clue that asks:
"Why do I keep open buckets of petrol next to all the
ashtrays in the lounge, when I don't even have a car?"
----------------------- ------ ---- --- -- - - - -

"cquirke (MVP Windows shell/user)" wrote in
message ...
On Sat, 29 Oct 2005 08:24:08 +1000, Franc Zabkar
On Fri, 28 Oct 2005 05:40:02 +0100, "Blair"

I have been told that my AVG anti virus programme does not detect
spyware? Is this true?

Traditional antivirus vendors have until fairly recently ignored
commercial malware alltogether, because these are "not viruses". Some
were so narrow-focused that they would not even manage trojans that
didn't spread themselves between infected PCs (e.g. were asserted
directly via a hostile web site) because these were "not viruses"
either. Lately, some traditional av vendors have started chasing
commercial malware; Kaspersky, Trend, then CA, McAfee etc.

Even so, I'd use free dedicated on-demand scanners (AdAware, Spybot)
for this threat, plus Spyware Blaster as a passive blocker, and
finally Microsoft Antospyware Beta as resident protection if need be.

And what is spyware?

"Spyware" is a popular but inaccurate term for what I refer to as
"commercial malware". This is software from an ostensibly bone fide
business that stealths into your PC and/or does things you'd rather
not have done, were you to be aware of what it was doing.

The common theme is making money, and in order to collect the money,
the protagonists have to be visible and thus pretend to be legitimate.

But this class of unwanted software usually makes money in ways that
don't involve "spying" at all - that's why the term "spyware" sucks.
Remote Access Trojans (RATs) and keyloggers are more likely to be used
to "spy" on you, but these are outright criminal tools that spread
automatically and anonymously, and aren't called "spyware".

So; how does commercial malware make money?
- collating info about you and selling it to advertisers
- displaying ads on your screen
- replacing other vendors' ads, and even content, with their own
- re-directing commission from other vendors' ads to themselves
- adding fake links to other vendors' web sites and content
- hijacking your browser's home and/or search pages
- patching non-standard "Internet" sites into your 'net access
- dialing up to premium-rate phone numbers
- posing as anti-spyware programs that you'd pay for

A common theme is re-directing revenue from other vendors' value to
themselves. Typically, commercial malware vendors hide behing
affiliate programs, in the interests of plausible deniability; the
affiliate gets paid to spread the malware, but the malware vendor
disclaims any responsability for methods used by the affiliates.

I suggest you use an additonal AV program, but have it set up to
launch on demand.

Yes, this reflects my current experience.

We've always said that you should use more than one scanner against
commercial malware, because they vary (and overlap) in efficacy and
because some have dropped detection of some malware due to legal
pressure (commercial malware vendors are businesses, right - so they
can sue your ass off, and have done that to some defense vbendors).

Now I find I need multiple traditional av when cleaning up systems.

You should generally have only one of each class of the following
running at any one time: antivirus resident scanner, firewall, and
scanner for commercial malware. I'm using free AVG, XP SP2 firewall,
and Microsoft Anti Spyware Beta in these three roles. What is most
important, is that your scanners should be kept up to date!

But you can apply multiple scanning products electively, one at a
time, to check suspicious material. In the days when PCs were too
slow to run resident av, I would gather all incoming material into one
subtree and point a big desktop shortcut that ran my on-demand
(elective) av scanner at that material.

I still have that data layout, and may start using additional elective
av as manual scanners in this way.

Consider your resident scanner to be your "goalie of last resort".
Both you (as user) and your PC (as code base) have to be smart enough
not to take stupid risks.

You update your PC's smarts via monthly Windows Update, new Firefox
downloads as these arise (generally also once a month) and by
uninstalling old Sun Java and installing the new one as these are
released. If you don't use Sun's Java or Firefox, then Windows Update
is mostly what you need.

You update your own smarts through forums like this, and also by
setting your PC not to hide information from you that you really need
to know - such as file name extensions, the true and full paths of
which directory you are in, and so on.

But it's quite a struggle, and falls are common.


-- Risk Management is the clue that asks:
"Why do I keep open buckets of petrol next to all the
ashtrays in the lounge, when I don't even have a car?"

I am most grateful to you for the most complete explanation of the whole
Spam/spyware scene.
It has helped me to make up my mind how I should proceed.
I have AVG and XP Firewall and have added Zone Alarm, AdAware and Spybot.
I know this is not the complete answer but it's a good start.
Thanks also to all the others who contributed
Blair

I guess this shows I'm a little out of touch. Last I remember is that XP
firewall was not very effective. I use Sygate Personal Firewall.
http://smb.sygate.com/products/spf_standard.htm
This is free for home use.
It works real well. But you have to configure it's applications List. Set
each entry to how much you want it to access the enternet. I have most
completely blocked. And only letting IE and AV program to have access as only
a "client" with all others unchecked in "advance" screen. Plus it has popups
if anyone tries to scan your PC.
With any firewall you have to configure it to the amount of security you
want or need. You can't just install it and expect it to protect your system.
You have to tell it what you want.

"Blair" wrote:


"cquirke (MVP Windows shell/user)" wrote in
message ...
On Sat, 29 Oct 2005 08:24:08 +1000, Franc Zabkar
On Fri, 28 Oct 2005 05:40:02 +0100, "Blair"

I have been told that my AVG anti virus programme does not detect
spyware? Is this true?

Traditional antivirus vendors have until fairly recently ignored
commercial malware alltogether, because these are "not viruses". Some
were so narrow-focused that they would not even manage trojans that
didn't spread themselves between infected PCs (e.g. were asserted
directly via a hostile web site) because these were "not viruses"
either. Lately, some traditional av vendors have started chasing
commercial malware; Kaspersky, Trend, then CA, McAfee etc.

Even so, I'd use free dedicated on-demand scanners (AdAware, Spybot)
for this threat, plus Spyware Blaster as a passive blocker, and
finally Microsoft Antospyware Beta as resident protection if need be.

And what is spyware?

"Spyware" is a popular but inaccurate term for what I refer to as
"commercial malware". This is software from an ostensibly bone fide
business that stealths into your PC and/or does things you'd rather
not have done, were you to be aware of what it was doing.

The common theme is making money, and in order to collect the money,
the protagonists have to be visible and thus pretend to be legitimate.

But this class of unwanted software usually makes money in ways that
don't involve "spying" at all - that's why the term "spyware" sucks.
Remote Access Trojans (RATs) and keyloggers are more likely to be used
to "spy" on you, but these are outright criminal tools that spread
automatically and anonymously, and aren't called "spyware".

So; how does commercial malware make money?
- collating info about you and selling it to advertisers
- displaying ads on your screen
- replacing other vendors' ads, and even content, with their own
- re-directing commission from other vendors' ads to themselves
- adding fake links to other vendors' web sites and content
- hijacking your browser's home and/or search pages
- patching non-standard "Internet" sites into your 'net access
- dialing up to premium-rate phone numbers
- posing as anti-spyware programs that you'd pay for

A common theme is re-directing revenue from other vendors' value to
themselves. Typically, commercial malware vendors hide behing
affiliate programs, in the interests of plausible deniability; the
affiliate gets paid to spread the malware, but the malware vendor
disclaims any responsability for methods used by the affiliates.

I suggest you use an additonal AV program, but have it set up to
launch on demand.

Yes, this reflects my current experience.

We've always said that you should use more than one scanner against
commercial malware, because they vary (and overlap) in efficacy and
because some have dropped detection of some malware due to legal
pressure (commercial malware vendors are businesses, right - so they
can sue your ass off, and have done that to some defense vbendors).

Now I find I need multiple traditional av when cleaning up systems.

You should generally have only one of each class of the following
running at any one time: antivirus resident scanner, firewall, and
scanner for commercial malware. I'm using free AVG, XP SP2 firewall,
and Microsoft Anti Spyware Beta in these three roles. What is most
important, is that your scanners should be kept up to date!

But you can apply multiple scanning products electively, one at a
time, to check suspicious material. In the days when PCs were too
slow to run resident av, I would gather all incoming material into one
subtree and point a big desktop shortcut that ran my on-demand
(elective) av scanner at that material.

I still have that data layout, and may start using additional elective
av as manual scanners in this way.

Consider your resident scanner to be your "goalie of last resort".
Both you (as user) and your PC (as code base) have to be smart enough
not to take stupid risks.

You update your PC's smarts via monthly Windows Update, new Firefox
downloads as these arise (generally also once a month) and by
uninstalling old Sun Java and installing the new one as these are
released. If you don't use Sun's Java or Firefox, then Windows Update
is mostly what you need.

You update your own smarts through forums like this, and also by
setting your PC not to hide information from you that you really need
to know - such as file name extensions, the true and full paths of
which directory you are in, and so on.

But it's quite a struggle, and falls are common.


-- Risk Management is the clue that asks:
"Why do I keep open buckets of petrol next to all the
ashtrays in the lounge, when I don't even have a car?"

I am most grateful to you for the most complete explanation of the whole
Spam/spyware scene.
It has helped me to make up my mind how I should proceed.
I have AVG and XP Firewall and have added Zone Alarm, AdAware and Spybot.
I know this is not the complete answer but it's a good start.
Thanks also to all the others who contributed
Blair