-=PCTechTalk=- Spyware Terminator

  • From: GMan <gman.pctt@xxxxxxxxx>
  • To: "PCTechTalk" <PCTechTalk@xxxxxxxxxxxxx>
  • Date: Mon, 18 Feb 2008 02:06:42 -0500

Hi folks,
    I ran the install for this in Virtual PC and, although the installation 
terms were WAY beyond intimidating (I actually read those blasted things), I 
told it to go ahead and install the app plus the toolbar.  If it were my 
main system, that toolbar wouldn't have even been an option since I hate 
toolbar add-ons (most of them readily qualify as spyware by my standards, 
including this one).

    When it got to the point where it asked if I would like the toolbar, it 
specifically said that it was for IE.  I told it to not change my homepage 
or install itself as the default search engine for the browser.  Once 
installed, Firefox had itself a new toolbar AND a new search engine option 
installed into its Search box (although it was not set as the default).

    Once the install was completely finished, it opened up the app for me. 
I immediately went into the options to see how they were set.  Although 
during the install I opted to not send them copies of whatever the program 
finds to be badware, the options showed that it was automatically set to 
send them usage statistics as well as crash reports (which would pretty much 
tell them what I was running on my system at the time of a crash).  Since I 
don't wish to share this info (I feel we're WAY too profiled already), I 
unchecked both of these, too.

    The program sets itself to run every day at 11:00 AM.  It seems to be 
set for a quick scan, so that may or may not be overly intrusive for you. 
If its first scan or two prove that it is, change the schedule to reflect 
your own needs.  For apps like this, a once a week scan should be sufficient 
as long as you have some sort of full time monitor running all the time. 
This app includes one called "Real Time Protection" and I have that running, 
so I'm changing my schedule accordingly.  I always have WinPatrol running 
too, so ST's protection really isn't needed here.  Still, I want to see if 
it can react faster/better than WinPatrol for a bit before I give it the 
boot.  Finally, there is an option to make it update itself before starting 
a scan.  This option is turned off by default, although I can't imagine why. 
If you're also running this utility, turn it on.

    Probably the most impressive 'feature' of this program really isn't even 
a part of the program itself.  It's the offer to download and install an 
AntiVirus program called ClamWin (http://www.clamav.net/).  For those who 
may not know about ClamWin, it's an AV app that is updated about as often as 
most other AV apps, but it's completely open source (which also means it 
doesn't cost anything).  I fully expect ClamWin to develop quite a name for 
itself over time as its developers get better at keeping up with everything 
in the AV field.  It's a great alternative to some of the expensive and 
bulky AV software that's been coming out today.

    Under Internet Protection, there is an option to Immunize your system 
against future threats.  In a nutshell, this means is that the program will 
record the hash values of all of the executable (.EXE) files it finds and 
then make sure that none of them are changed.  A hash value is basically the 
result of taking a file's characteristics (exact file size & contents) and 
running that through an algorithm.  If you were to actually see a hash 
value, it would look like gobbledygook to you, but it'll also keep those 
files safe from manipulation.  There's more to immunization, but that should 
be enough of a primer to give you the basic idea.  Good stuff!  By the way, 
if you already have a program that has immunized your system, it will not 
hurt anything to run this one, too.

    Once I had all of the options the way I want them, I ran a quick scan to 
see what it would find.  I was rather encouraged to see that it found 
nothing at all.  I already knew that my sandbox was clean, but to have a new 
app tell me the same (and not try to bolster itself by overclaiming 
otherwise) made me smile.  So I then set the Full scan option and let it 
loose on the C drive in the VM (12.7GB of which is files).  This scan told 
me that an old magnifying glass utility that was included with the files I 
copied into the VM is infected with Backdoor/Hupigon.ucj.  A Right click 
directly on the description gave me the option of getting more info on it. 
Clicking on that option brought up the ST website in my browser on a page 
specific to that threat.  The page didn't really tell me anything not 
already included in the app's description, but it's good to know that they 
took some time to code these pages.  Having the browser open, I did a 
Copy/Paste of the threat's name into my search box and got all the info I 
could ever want about it (well, once I removed the suffix ".ucj").  Seems 
this file is a Trojan horse that includes a backdoor to compromise my 
security.  I let the app delete the file and all is clear again.

    All in all, this seems like a decent antispy utility.  While none of 
these types of programs will ever be 100% accurate or effective against such 
a wide variety of malware, the nice thing is that they have no problem 
coexisting on the same machine.  After a little more experimenting with this 
in the VM, I'll probably be adding this one to my main system.

    Thanx for the 'heads up', Suzanne.

"The only dumb questions are the ones we fail to ask!"

Please remember to trim your replies (including this sentence and everything 
below it) and adjust the subject line as necessary.

To unsubscribe or change your email settings:

To access our Archives:

To contact only the PCTT Mod Squad, write to:

Other related posts: