Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management
|
|
- Allyson Butler
- 8 years ago
- Views:
Transcription
1 Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management Yi-Min Wang, Roussi Roussev, Chad Verbowski, and Aaron Johnson Microsoft Research, Redmond, Washington Extended Abstract 1. Introduction Spyware is a generic term referring to a class of software programs that track computer users behavior for marketing purposes. In addition to privacy issues, spyware often annoys users by popping up windows with advertisements, changing browser s start page, search page, and bookmark settings, installing unwanted toolbars, etc. Some spyware causes a significant increase in reboot time. Reliability data show that spyware account for a large percentage of the overall crash reports. Saroiu et al. [SGL04] pointed out security problems caused by vulnerabilities in spyware programs. A recent study based on scanning over one million machines showed the alarming prevalence of spyware: an average of almost 28 spyware programs are running on each computer [E04]. Current anti-spyware solutions [A, S] are based on the signature approach used by anti-virus software: each spyware installation is investigated to determine its file and Registry signatures for use by a scanner software to later detect instances of the spyware. This approach has several problems. First, many spyware programs may be considered legitimate in the following sense: their companies sponsor popular freeware to leverage their installation bases; since users agree to an End User Licensing Agreement when they install freeware, removing the bundled spyware may violate this agreement. In many cases, the freeware refuses to run if its bundled spyware is removed. Second, spyware programs are full-fledged applications that are generally much more powerful than the average virus [C04], making it easy for them to have sophisticated behaviors for defeating signature-based detection; observed behaviors include self-healing, non-deterministic latent installation, morphing filenames, etc. Third, spyware may contain common library files that non-spyware applications use. If care is not taken to remove these files from the spyware signatures, scanners using these signatures will break non-spyware applications. Finally, popular spyware removal programs are commonly invoked on-demand or periodically long after the spyware installation, allowing it to collect private information; a monitoring service that catches spyware at installation time is essential to reduce exposure. We propose a new solution that complements the signature-based approach. Our work is based on the observation that spyware is designed to infect a system in one of two ways: as a standalone application that - 1 -
2 is automatically run by registering as an OS auto-start extension such as an NT service, a tray icon in Windows, or a Unix daemon/cron job; or as an extension to an existing application that is either automatically run (such as the shell in Windows), or popular and commonly run by users (such as a Web browser). We call the configuration points that allow these extensions Auto-Start Extensibility Points (ASEPs), which are critical gates (see Figure 1) that allow programs to enter and essentially become part of the machine. Our Gatekeeper solution identifies and monitors these gates and exposes all the hooks to ASEPs in a way that is as user-friendly as possible to allow effective management of spyware. 2. Problem Formulation and Decomposition Figure 2 illustrates the life cycle of the spyware management process and provides a problem decomposition that enables us to reason about this problem systematically. (1) Given a machine infected with spyware, we first use a known-bad signature database and signature-based scanner / removal tool (such as SpyBot) to remove existing spyware. (2) We continuously monitor all ASEPs by recording, alerting, and blocking potentially harmful ASEP hooking operations. It is essential that the signature database includes userfriendly descriptions of known-good [G03,NSRL,PP] and known-bad ASEP hooks to enable presentation of actionable information to the user. If the user decides to install a freeware application after assessing the risks of bundled spyware, (3) bundle tracing captures all components installed by the freeware and display them in Gatekeeper as a group with a user-friendly name enabling the user to manage and remove them as a unit. (4) We monitor the performance and reliability of the system since the freeware / spyware installation and associate any problems with the responsible component(s). These credit reports provide the user with a price tag for the freeware functionality, enabling the user to make value/cost judgments about the freeware. Finally, our solution s effectiveness is directly related to ASEP list completeness. (5) We discover the ASEPs of OS and popular frequently run software by analyzing indirection patterns in file and Registry traces. Another technique is to scan the volatile states of a known infected machine to identify the spyware executable and then use this as an index in a reverse lookup scan of the machine configuration to identify new ASEPs. In this paper, we will focus on (2), (3), and (5). 3. ASEP Monitoring Figure 3 shows 20 ASEPs hooked by at least one of the 67 spyware programs we have tested, indicating when the OS / application starts them. Figure 4 shows the number of spyware hooks to each of the 20 ASEPs. (Note that ASEP #18 includes drivers.) Browser Helper Objects (BHOs) and the system-wide Run key are - 2 -
3 the two most popular ASEPs. Figure 5 shows that most of the spyware hook only one ASEP, but some hook as many as 8 or 10. Hooking multiple ASEPs typically causes significant performance degradation. Each new ASEP hook generates an optional notification sent to the user, or forwarded to an enterprise management system for processing. Figure 6 shows a screenshot of a user notification alert. During the installation of a freeware screensaver, the user is notified of five new ASEP hooks. The Screen Saver hook alert is obviously expected. Searching the Signatures and Descriptions Database with the information from the other four alerts (by clicking on the alerts) reveals that they belong to exact Search Bar and Bargain Buddy. Based on the information provided for these two pieces of software and the benefit provided by the screensaver, the user can then make informed decision about whether to keep this bundle. A blocking option is also provided to allow system administrators to, for example, enable Run key hooking but disable BHO hooking. 4. Bundle Management Currently, when a user installs freeware and its bundled spyware and later decides to uninstall the freeware, the spyware often remains running on the machine, collecting private information without the enduser s awareness or consent. Gatekeeper uses a technique called bundle tracing to expose this unfair practice. Figure 7 demonstrates bundle tracing in the presence of concurrent installations of two bundles: the DivX bundle and the Desktop Destroyer (DD) bundle. ASEP hooks and Add/Remove Programs (ARP) entries created by processes belonging to the same process tree are grouped together as one bundle. The concatenation of the ARP Display Names is used as the bundle name. For example, six processes with parent-child relationship are involved in the installation of the DD bundle. They together created five ASEP hooks and three ARP entries. Figure 8 shows Gatekeeper displaying bundle information through a new Manage Auto-Start Programs applet in the Control Panel ARP interface (called it EP-ARP). It scans all ASEPs and displays the current hooks by bundles. The user can sort by install time to highlight newly installed bundles. It also provides three options for bundle removal/disabling. For example, the bundle name clearly shows that exact Search Bar and Bargain Buddy have been installed as part of the DD bundle. If the user wants to remove DD, she can click the Disable Bundle button and reboot the machine. This removes all five ASEP hooks, stopping the three bundled programs from automatically starting, despite their files remaining on the machine. Alternatively, the user can look for the three ARP names in the regular ARP page and invoke their respective removal programs there. Since it is not uncommon for spyware to provide unreliable ARP removal programs, the user can double-check EP-ARP to make sure that none of the ASEP hooks gets left over after ARP removals. Gatekeeper also integrates with System Restore, as shown at the bottom of Figure 8. If both removal - 3 -
4 options fail, the user can click on the Restore button to roll back machine configuration to a checkpoint taken before the bundle was installed. We have observed that some ASEP hooks have no ARP owners ; if they are not known-good, they are most likely devious or deceptive software that should be disabled. 5. ASEP Discovery By definition, programs that get started through EPs must have their filenames returned as query results from some file or Registry locations, instead of being hard-wired into the launching program code. To compile our list of ASEPs, we combined a white-box approach of documenting well-known EPs (such as those scanned by Autoruns [AR04] or found in OS and application specifications) with a black-box approach of identifying indirection patterns for obtaining executable filenames by analyzing file/registry traces (see Figure 9 for a few examples), and troubleshooting newly discovered spyware with a Windows Task Manager Extension. Figure 10 shows an example of how this tool helps discover a new ASEP by scanning for all modules loaded by each process, incorporating file-update timestamp information from System Restore file change log to highlight most recent changes, and searching various local meta-data information stores (e.g., patch histories) to try to filter out files updated by known-good sources. References [A] Ad-aware, [AR04] Autoruns, [C04] Spyware cures may cause more harm than good, Feb [E04] EarthLink finds rampant spyware, Trojans, InfoWorld, April 15, [G03] Simson L. Garfinkel, A Web Service for File Fingerprints: The Goods, the Bads, and the Unknowns, [NSRL] National Software Reference Library (NSRL) Project Web Site, [PP] Pest Patrol, [S] Spybot, [SGL04] S. Saroiu, S. D. Gribble, and H. M. Levy, Measurement and Analysis of Spyware Infections in a University Environment, in Proc. of the 1st USENIX/ACM Symp. on Networked Systems Design and Implementation (NSDI), [SR01] Windows XP System Restore,
5 Internet User Machine Security Vulnerabilities Software Auto- Update Incorrect Security Settings User Consent Border Gates Persistent State \Run key Startup Folder Unknown ASEP BHO LSP Drivers Middle Gates (ASEPs) Volatile State P4 CreateProcess P3 P2 LoadLibrary Processes Just-in-time Gates P1 DLLs Figure 1. Gates View of Windows: (1) Border Gates are the entrance points for program files from the Internet to get on user machines. User Consent includes explicit consent to install, for example, a freeware program, and implicit consent to allow spyware programs bundled with the freeware to get installed as well. Incorrect Security Settings include the Low setting for Internet Zone security, incorrect entries in the Trusted Sites list, and incorrect entries in the Trusted Publishers list, which would allow drive-by downloads. (2) Middle Gates are the ASEPs that allow programs to survive reboots and maximize their chance of running all the time. BHO stands for Browser Helper Object. LSP stands for Layered Service Provider. (3) Just-in-time Gates control the instantiation of program files into active running program instances. They include CreateProcess, LoadLibrary, and other program execution mechanisms, and can be used to block any potentially harmful programs if they are not on the known-good list
6 Known-* Signatures & Descriptions Database Signature-based Detection, Lookup, & Removal Section 3 ASEP-based Auditing, Alerting, & Blocking ASEP Discovery Through Trace Analysis ASEP Discovery Through Troubleshooting Section 5 Install Freeware Infected Cleaned-up Cleaned-up Bundle Tracing Behavior Monitoring For Credit Report Generation Bundle Management & Removal Section 4 Section 4 Figure 2. The Spyware Management Life Cycle and Problem Decomposition: see descriptions in Section
7 (7), (13),(17), (18) (1), (2), (4), (9), (11), (14), (16) (5), (6), (19), (20) Boot Log-in Start Explorer Start Browser Browsing Actions Scheduled Actions Winlogon\UserInit Winlogon\Shell, etc. (3), (8), (10), (12), (15) Scheduled tasks Screensaver, etc. (1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects (2) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (3) HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar (4) HKCU\Software\Microsoft\Windows\CurrentVersion\Run (5) HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (6) HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (7) HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries (8) HKCR\PROTOCOLS\Name-Space Handler (9) %ALLUSERSPROFILE%\Start Menu\Programs\Startup (10) HKCU\Software\Microsoft\Internet Explorer\Main\Start Page (11) %USERPROFILE%\Start Menu\Programs\Startup (12) HKCR\PROTOCOLS\Filter\text/html (13) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify (14) HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce (15) HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (16) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce (17) HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries (18) HKLM\SYSTEM\CurrentControlSet\Services (19) HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (20) HKCU\Software\Microsoft\Internet Explorer\Main\Search Page Figure 3. Known Spyware-Hooked ASEPs and Their Execution Stages: Search and Start Page-related entries are considered as micro-aseps ; their hooks are in the form of URLs, not executable filenames
8 60 Number of Spyware Hooks to Each ASEP Browser Helper Objects Run IE Toolbar Run (User) IE SearchAssistant IE CustomizeSearch Protocol_Catalog Name-Space Handler Startup Folder IE Start Page (User) Startup Folder (User) Auto-Start Extensibility Point (ASEP) Protocols Filter Winlogon notification RunOnce (User) IE Start Page RunOnce NameSpace_Catalog Services/Drivers IE Search Page IE Search Page (User) Figure 4. Distribution of Spyware ASEP Hooks: ASEPs are sorted by popularity
9 30 25 Number of Spyware Number of ASEP Hooks per Spyware Figure 5. Number of ASEP Hooks Used by Each Spyware
10 Figure 6. ASEP Hooking Alerts: one freeware screensaver (the bottom alert) bundling two spyware programs, each hooking two ASEPs (the other four alerts)
11 Bundle Name = DivX Pro Codec Adware Divx Player DivX Pro Codec Adware Divx Player ARP ASEP GMESys HKLM Run hook GStartup Explorer Sartup Folder DivxPro511Adaware.exe Gain_Trickler.exe Gain_trickler_3202.exe Pdpsetup4006.exe DesktopDestroyer.exe Exact.exe GLB5.tmp GLJ7.tmp Rundll32.exe bb.exe I244DE~1.SCR Screensaver hook Bargains Explorer Run hook exacttoolbar.dll IE Toolbar hook ASEP URL Catcher (apuc.dll) Explorer BHO hook exacttoolbar.dll Explorer BHO hook Desktop Destroyer FREE exact Search Bar Bargain Buddy ARP Bundle Name = Desktop Destroyer FREE exact Search Bar Bargain Buddy Figure 7. DivX and Desktop Destroyer Bundle Tracing: solid arrows represent creating child processes; dashed arrows represents creating ARP entries; dotted arrows represents creating ASEP hooks. Each process tree defines the scope of the bundle, named by concatenation of ARP friendly names
12 Figure 8. Extensibility Point-Add/Remove Programs (EP-ARP): the DivX Pro Codec Adware DivX Player bundle includes two ASEP hooks GMT.exe and CMESys.exe that came from Gator. The Desktop Destroyer FREE exact Search Bar Bargain Buddy bundle includes five ASEP hooks. Clicking on the Restore button at the bottom can roll back the system and remove the two bundles
13 :33:45 explorer.exe: RegQueryValue HKCR\Network\SharingHandler\(DEFAULT) return ntshrui.dll :33:45 explorer.exe: LoadLibrary \WINDOWS\system32\ntshrui.dll :33:49 explorer.exe: RegEnumerateValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray return {35CEC8A3-2BE6-11D E } :33:49 explorer.exe: RegQueryValue HKCR\CLSID\{35CEC8A3-2BE6-11D E }\InprocServer32\(DEFAULT) return C:\WINDOWS\System32\stobject.dll :33:49 explorer.exe: LoadLibrary \WINDOWS\system32\stobject.dll Figure 9. ASEP Discovery through Trace Analysis: HKCR\Network\SharingHandler\(DEFAULT) and HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray are identified as ASEPs; HKCR\CLSID\{35CEC8A3-2BE6-11D E }\InprocServer32\(DEFAULT) is an EP, but not necessary an ASEP, although it becomes a secondary ASEP on this machine due to its connection with a primary ASEP
14 (a) After installing SpeedBit, a new process DAP.exe was started and the browser process IEXPLORE.EXE was loading four newly updated DLL files from the installation (highlighted rows in the lower pane)
15 (b) After disabling all new ASEP hooks from Gatekeeper and reboot, IEXPLORE.EXE was still loading two new DLLs. Searching the Registry using the filename DAPIE.DLL revealed that SpeedBit was hooking an additional ASEP under HKCR\PROTOCOLS\Name-Space Handler, which has since been added to the ASEP list monitored by Gatekeeper. Figure 10. Windows Task Manager Extension for ASEP Discovery: the approximate update timestamps are extracted from the System Restore file change log; the patch numbers are extracted from local patch meta-data; the highlighted entries involve changes within the past week
Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management
Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management Yi-Min Wang, Roussi Roussev, Chad Verbowski, Aaron Johnson Microsoft Research Ming-Wei Wu, Yennun Huang, and Sy-Yen
More informationGuideline for Prevention of Spyware and other Potentially Unwanted Software
Guideline for Prevention of Spyware and other Potentially Unwanted Software Introduction Most users are aware of the impact of virus/worm and therefore they have taken measures to protect their computers,
More informationSystem Administrator Guide
System Administrator Guide Webroot Software, Inc. PO Box 19816 Boulder, CO 80308 www.webroot.com Version 3.5 Webroot AntiSpyware Corporate Edition System Administrator Guide Version 3.5 2007 Webroot Software,
More informationHow to Deal with Spyware A CyberAngels Quick Tutorial
How to Deal with Spyware A CyberAngels Quick Tutorial Adapted from the US Computer Emergency Readiness Team Spyware and Adware After completing this tutorial, you will be able to: Identify the main risks
More informationHow to Install Windows 7 software
Connecting Windows 7 to the network This document outlines the procedure for setting up Windows 7 to use the College and University network. It assumes that the computer is set up and working correctly
More informationwww.notapennydown.com
All You Need to Know About Spyware What is spyware? Recent studies from a joint project between Dell Computer and the Internet Education Foundation have found that an estimated 90% or more home computers
More informationHow to easily clean an infected computer (Malware Removal Guide)
How to easily clean an infected computer (Malware Removal Guide) Malware, short for malicious (or malevolent) software, is software used or programmed by attackers to disrupt computer operation, gather
More informationAskStrider: What Has Changed on My Machine Lately?
AskStrider: What Has Changed on My Machine Lately? Yi-Min Wang Roussi Roussev Chad Verbowski Aaron Johnson David Ladd January 5, 2004 Technical Report MSR-TR-2004-03 Microsoft Research Microsoft Corporation
More informationSoftware. Webroot. Spy Sweeper. User Guide. for. Webroot Software, Inc. PO Box 19816 Boulder, CO 80308 www.webroot.com. Version 6.
Webroot Software User Guide for Spy Sweeper Webroot Software, Inc. PO Box 19816 Boulder, CO 80308 www.webroot.com Version 6.1 Webroot Software User Guide Version 6.1 2003 2009 Webroot Software, Inc. All
More informationBasic Computer Maintenance
Basic Computer Maintenance Presented by East Central Regional Library The Institute of, a Federal Agency that fosters innovation, leadership and a lifetime of learning, in conjunction with State Library
More informationAnVir Task Manager v5.2 User's Guide
AnVir Task Manager v5.2 User's Guide Introduction AnVir Security Suite is utility software that gives users a comprehensive set of tools to put them in full control of their computer. AnVir Security Suite
More informationESET NOD32 Antivirus. Table of contents
ESET NOD32 Antivirus ESET NOD32 Antivirus provides state-of-theart protection for your computer against malicious code. Based on the ThreatSense scanning engine first introduced in the awardwinning NOD32
More informationBest Practices for Deploying Behavior Monitoring and Device Control
Best Practices for Deploying Behavior Monitoring and Device Control 1 Contents Overview... 3 Behavior Monitoring Overview... 3 Malware Behavior Blocking... 3 Event Monitoring... 4 Enabling Behavior Monitoring...
More informationAirtel PC Secure Trouble Shooting Guide
Airtel PC Secure Trouble Shooting Guide Table of Contents Questions before installing the software Q: What is required from my PC to be able to use the Airtel PC Secure? Q: Which operating systems does
More informationPrinted Documentation
Printed Documentation Table of Contents K7AntiVirus Premium...1 K7AntiVirus Premium Help... 1 Feature Summary... 2 Online Help Conventions... 3 Managing the Alerts... 9 Configuring Alerts... 9 Backing
More informationSophos Enterprise Console Help. Product version: 5.1 Document date: June 2012
Sophos Enterprise Console Help Product version: 5.1 Document date: June 2012 Contents 1 About Enterprise Console...3 2 Guide to the Enterprise Console interface...4 3 Getting started with Sophos Enterprise
More informationSpyware Analysis. jan.monsch@csnc.ch. Security Event - April 28, 2004 Page 1
Spyware Analysis jan.monsch@csnc.ch Security Event - April 28, 2004 Page 1 Content Definition & types of spyware Statistics Hooks Static vs. dynamic software analysis Test environment for spyware Analysis
More informationUsing XP Service Pack 2 with Cameleon
1.1 What do I need to know about installing XP Service Pack 2 (XPSP2)? The Microsoft website has information about the service pack. Go to http://www.microsoft.com/windowsxp/sp2/default.mspx for more information
More informationWelcome to Part 2 of the online course, Spyware and Adware What s in Your Computer?
Welcome to Part 2 of the online course, Spyware and Adware What s in Your Computer? 1 2 This is the second part of a two-part course on spyware and adware. In this portion of the course we will: Review
More informationIntroduction to Computer Security Table of Contents
Introduction to Computer Security Table of Contents Introduction... 2 1 - Viruses... 3 Virus Scanners... 3 2 - Spyware... 7 Spyware Scanners... 8 3 - Firewalls... 10 Windows Firewall... 10 4 - References...
More informationSophos Enterprise Console Help
Sophos Enterprise Console Help Product version: 5.2.1, 5.2.2 Document date: September 2014 Contents 1 About Enterprise Console...6 2 Guide to the Enterprise Console interface...7 2.1 User interface layout...7
More informationAdministering Cisco ISE
CHAPTER 8 This chapter describes the administrative activities for the Cisco Identity Services Engine (ISE) and how to perform them. The following topics are covered: Logging In, page 8-1 System Time and
More informationSpyware Doctor Enterprise Technical Data Sheet
Spyware Doctor Enterprise Technical Data Sheet The Best of Breed Anti-Spyware Solution for Businesses Spyware Doctor Enterprise builds on the strength of the industry-leading and multi award-winning Spyware
More informationProduct Guide. McAfee Endpoint Security 10
Product Guide McAfee Endpoint Security 10 COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE,
More informationSophos for Microsoft SharePoint startup guide
Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning
More informationAdvanced Malware Cleaning Techniques for the IT Professional
Advanced Malware Cleaning Techniques for the IT Professional Mark Russinovich Microsoft Technical Fellow This section of the Microsoft Security Intelligence Report provides information and guidance for
More informationSophos Anti-Virus standalone startup guide. For Windows and Mac OS X
Sophos Anti-Virus standalone startup guide For Windows and Mac OS X Document date: June 2007 Contents 1 What you need for installation...4 2 Installing Sophos Anti-Virus for Windows...5 3 Installing Sophos
More informationSecurity Practices Essentials. Viruses McAfee Virus Software Critical Windows Updates Network Settings. Spyware Adaware Spybot Windows Defender
Security Practices Essentials Viruses McAfee Virus Software Critical Windows Updates Network Settings Spyware Adaware Spybot Windows Defender Security Practices Essentials: All computer passwords should
More informationLegal Notes. Regarding Trademarks. 2012 KYOCERA Document Solutions Inc.
Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held liable for any problems arising from
More informationGet Started Guide - PC Tools Internet Security
Get Started Guide - PC Tools Internet Security Table of Contents PC Tools Internet Security... 1 Getting Started with PC Tools Internet Security... 1 Installing... 1 Getting Started... 2 iii PC Tools
More informationHow to Use Windows Firewall With User Account Control (UAC)
Keeping Windows 8.1 safe and secure 14 IN THIS CHAPTER, YOU WILL LEARN HOW TO Work with the User Account Control. Use Windows Firewall. Use Windows Defender. Enhance the security of your passwords. Security
More informationStep-by-Step Guide: How to remove spyware By Serdar Yegulalp, author Windows 2000 Power Users Newsletter
Sponsored by Step-by-Step Guide: How to remove spyware By Serdar Yegulalp, author Windows 2000 Power Users Newsletter Step 1. Get familiar with spyware now if not already Spyware is one of the major new
More informationAdvanced Endpoint Protection Overview
Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking
More informationWINDOWS REGISTRY AUDITING CHEAT SHEET - Win 7/Win 2008 or later
This Windows Registry Auditing Cheat Sheet is intended to help you get started with basic and necessary Registry Auditing. This cheat sheet includes some very common items that should have auditing enabled,
More informationMigrating TimeForce To A New Server
Rev. 4/28/14 Migrating TimeForce To A New Server Table of Contents 1. Installation Prerequisites... 2 Required... 2 Recommended... 3 2. Update to a Migration Compatible Version... 3 Determine the Database
More informationOverview... 2. Using the Secure Desktop Agent... 4. Troubleshooting... 10
Overview... 2 Installing... 2 Step 1: Download... 2 Step 2: Install... 2 Step 3: Sign In... 3 Step 4: That's It!... 3 Minimum System Requirements:... 3 Using the Secure Desktop Agent... 4 Accessing & Login
More informationA Crawler-based Study of Spyware in the Web. Alex Moshchuk, Tanya Bragin, Steve Gribble, Hank Levy
A Crawler-based Study of Spyware in the Web Alex Moshchuk, Tanya Bragin, Steve Gribble, Hank Levy What is spyware? Broad class of malicious and unwanted software Steal control of a PC for the benefit of
More informationOhio University Computer Services Center October, 2004 Spyware, Adware, and Virus Guide
Ohio University Computer Services Center October, 2004 Spyware, Adware, and Virus Guide Definitions Malware is term meaning malicious software. Malware is software designed to disrupt a computer system.
More informationSophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later
Sophos Anti-Virus for NetApp Storage Systems startup guide Runs on Windows 2000 and later Document date: July 2007 Contents About this guide...4 About Sophos Anti-Virus for NetApp Storage Systems...5
More informationWildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks
WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on
More informationA Testing Methodology for Antispyware Product s Removal Effectiveness
WHITEPAPER: SYMANTEC SECURITY RESPONSE A Testing Methodology for Antispyware Product s Removal Effectiveness Josh Harriman Symantec Security Response Dublin, Ireland This paper was originally presented
More informationClient Manager for Endpoint Protection (CMEP) User s Guide
Client Manager for Endpoint Protection (CMEP) July, 2010 All rights reserved. BigFix, Fixlet, Relevance Engine, Powered by BigFix and related BigFix logos are trademarks of BigFix, Inc. All other product
More informationWhat is PC Matic?...4. System Requirements...4. Launching PC Matic.5. How to Purchase a PC Matic Subscription..6. Additional Installations.
USER Manual Table of Contents Getting Started What is PC Matic?...4 System Requirements....4 Launching PC Matic.5 How to Purchase a PC Matic Subscription..6 Additional Installations. 6 Registration...6
More informationPC Security and Maintenance
PC Security and Maintenance by IMRAN GHANI PC Maintenance and Security-Forecast. Major sources of danger. Important steps to protect your PC. PC Security Tools. PC Maintenance Tools. Tips. PC Security-
More informationSecurity and Protection in Real-Time
Security and Protection in Real-Time Product White Paper Aug 29, 2006 ParetoLogic Anti-Spyware offers an advanced set of tools designed to protect your computer from spyware threats. There are two lines
More informationContents. McAfee Internet Security 3
User Guide i Contents McAfee Internet Security 3 McAfee SecurityCenter... 5 SecurityCenter features... 6 Using SecurityCenter... 7 Fixing or ignoring protection problems... 16 Working with alerts... 21
More informationHow To Understand What A Virus Is And How To Protect Yourself From A Virus
Viruses, Trojans and Worms Oh My! 2006 Technology Leadership Presentation Series Why is my computer running so slow? What are all of these little windows popping up on my system? Why did my home page change?
More informationClient Guide for Symantec Endpoint Protection and Symantec Network Access Control
Client Guide for Symantec Endpoint Protection and Symantec Network Access Control Client Guide for Symantec Endpoint Protection and Symantec Network Access Control The software described in this book is
More informationCommon SofTest Troubleshooting Techniques
Black Screen and Internet Restoration (Windows) On the rare occasion that SofTest Windows experiences an abnormality either during or immediately following an exam, it may not be capable of automatically
More informationWhat you need to know to keep your computer safe on the Internet
What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationHow can I ensure that I have the correct version of the McAfee epo client with VirusScan & AntiSpyware?
C&C s effectiveness when responding to virus activity can only be improved with the continued cooperation of our clients. Clients are therefore strongly cautioned against opening email attachments from
More informationIntroduction to Free Computer Tools
Introduction to Free Computer Tools About me Serge Aubin Technology Advisor / OLS-N Programmer / DBA - 9yrs Web design / Web applications Intranet/Extranet Today s session Terminology Anti-Spyware software
More informationSMALL BUSINESS EDITION. Sophos Control Center startup guide
SMALL BUSINESS EDITION Sophos Control Center startup guide Product version: 4.0 Document date: September 2009 Contents 1 About this guide...3 2 System requirements...4 3 Installation...5 4 Protecting networked
More informationUser Guide. Windows 8 Upgrade Assistant. Laplink Software, Inc. MN-PCM-UpgdAssist-EN-08 (REV. 10/2012)
1 Windows 8 Upgrade Assistant User Guide Laplink Software, Inc. For technical support issues or questions, please visit: http://www.laplink.com/contact For other inquiries, please see contact details below:
More informationNOD32 Antivirus 3.0. User Guide. Integrated components: ESET NOD32 Antivirus ESET NOD32 Antispyware. we protect your digital worlds
NOD32 Antivirus 3.0 Integrated components: ESET NOD32 Antivirus ESET NOD32 Antispyware User Guide we protect your digital worlds contents 1. ESET NOD32 Antivirus 3.0...4 1.1 What s new... 4 1.2 System
More informationNETWRIX USER ACTIVITY VIDEO REPORTER
NETWRIX USER ACTIVITY VIDEO REPORTER ADMINISTRATOR S GUIDE Product Version: 1.0 January 2013. Legal Notice The information in this publication is furnished for information use only, and does not constitute
More informationTrend Micro OfficeScan 11.0. Best Practice Guide for Malware
Trend Micro OfficeScan 11.0 Best Practice Guide for Malware Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned
More informationSecurity Task Manager User Guide
Security Task Manager User Guide Enhanced Process Viewer with security risk rating A. & M. Neuber Software GmbH 2 Security Task Manager Table of Contents Part I Features of Security Task Manager 4 Part
More informationKASPERSKY LAB. Kaspersky Administration Kit version 6.0. Administrator s manual
KASPERSKY LAB Kaspersky Administration Kit version 6.0 Administrator s manual KASPERSKY ADMINISTRATION KIT VERSION 6.0 Administrator s manual Kaspersky Lab Visit our website: http://www.kaspersky.com/
More informationNOTE: You may want to choose the Word Wrap option from Notepad Edit menu to make this text more readable.
------------------ Interactions/Gas Exchange Version 1.2, CD Version Copyright 2003 by John Wiley & Sons, Inc. All rights reserved. ------------------ NOTE: You may want to choose the Word Wrap option
More informationClient Guide for Symantec Endpoint Protection and Symantec Network Access Control
Client Guide for Symantec Endpoint Protection and Symantec Network Access Control Client Guide for Symantec Endpoint Protection and Symantec Network Access Control The software described in this book is
More informationCOMPUTER-INTERNET SECURITY. How am I vulnerable?
COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus Worm Trojan Spyware Adware Messenger Service 2 VIRUS A computer virus is a small program written to alter the way a computer
More informationTeam Foundation Server 2010, Visual Studio Ultimate 2010, Team Build 2010, & Lab Management Beta 2 Installation Guide
Page 1 of 243 Team Foundation Server 2010, Visual Studio Ultimate 2010, Team Build 2010, & Lab Management Beta 2 Installation Guide (This is an alpha version of Benjamin Day Consulting, Inc. s installation
More informationPC Diet and fitness plan
PC Diet and fitness plan Revised Apr 2013 Speed up your PC Regain lost storage space Clean out Bugs and viruses Improve your web experience Reduce maintenance costs and downtime This PC Diet and fitness
More informationMicrosoft Windows Installation and Troubleshooting Guide
Remote Access Services Microsoft Windows - Installation and Troubleshooting Guide Version 2.1 February 19, 2013 1 P age TABLE OF CONTENTS 1 MICROSOFT WINDOWS XP INSTALLATION PROCEDURES... 3 2 MICROSOFT
More informationInsight. Security Response. Deployment Best Practices
Insight Deployment Best Practices Overview Symantec Insight is a reputation-based security technology that leverages the anonymous software adoption patterns of Symantec s hundreds of millions of users
More informationSophos Endpoint Security and Control Help
Sophos Endpoint Security and Control Help Product version: 10.3 Document date: June 2014 Contents 1 About Sophos Endpoint Security and Control...3 2 About the Home page...4 3 Sophos groups...5 4 Sophos
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More informationThe software can be downloaded from the Spiceworks web site at: http://www.spiceworks.com.
Spiceworks 2.0 Review One of the biggest headaches a network or system administrator faces is managing all of the equipment, software and services their network provides. From servers to workstations,
More informationRemove ANY TOOLBAR from Internet Explorer, Firefox and Chrome
Remove ANY TOOLBAR from Internet Explorer, Firefox and Chrome Browser toolbars have been around for years, however, in the last couple of months they became a huge mess. Unfortunately, lots of free software
More informationNet Protector Admin Console
Net Protector Admin Console USER MANUAL www.indiaantivirus.com -1. Introduction Admin Console is a Centralized Anti-Virus Control and Management. It helps the administrators of small and large office networks
More informationCreating a Patch Management Dashboard with IT Analytics Hands-On Lab
Creating a Patch Management Dashboard with IT Analytics Hands-On Lab Description This lab provides a hands-on overview of the IT Analytics Solution. Students will learn how to browse cubes and configure
More informationDriver Updater Manual
Driver Updater Manual Keep your drivers up-to-date! Improve your system performance and stability by keeping your drivers updated. Automatically find, update and fix the drivers on your computer and turn
More informationFederated Identity Service Certificate Download Requirements
Federated Identity Service Certificate Download Requirements Version 3.2 Exostar, LLC February 14, 2013 Table of Contents Introduction... 1 Purpose... 1 FIS System Requirements... 2 Adding Exostar as a
More informationSTEP 1: INSTALLING WINDOWS DEFENDER
Office of Information Technology Secure your Windows XP Computer for Use on AU s Network Every member of the AU community has a shared responsibility for the safekeeping of our computer network. Since
More informationGetting Ahead of Malware
IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,
More informationMicrosoft Security Essentials Installation and Configuration Guide
Microsoft Security Essentials Installation and Configuration Guide This installation guide is for users who are intending to download the software from Microsoft s web site. If you are not intending on
More informationViRobot Desktop 5.5. User s Guide
ViRobot Desktop 5.5 User s Guide ViRobot Desktop 5.5 User s Guide Copyright Notice Copyright 2007 by HAURI Inc. All rights reserved worldwide. No part of this publication or software may be reproduced,
More informationCox Business Premium Security Service FAQs
FAQ s Content Cox Business Premium Security Service FAQs Questions before installing the software Q: Does Cox Business Premium Security Service work with other antivirus or firewall software installed
More informationConfiguring, Customizing, and Troubleshooting Outlook Express
3 Configuring, Customizing, and Troubleshooting Outlook Express............................................... Terms you ll need to understand: Outlook Express Newsgroups Address book Email Preview pane
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More informationFrequent Smart Updates: Used to detect and guard against new infections as well as adding enhancements to Spyware Doctor.
Faqs > Spyware Doctor Q1. What is Spyware Doctor? Ans.: Spyware Doctor is an easy-to-use, award winning, comprehensive software suite designed to protect your computer against stealthy spyware, aggressive
More informationSystemTech AntiSpyware Manual
Summitsoft Corporation SystemTech AntiSpyware Manual This guide is distributed with software that includes an end user agreement, this guide, as well as the software described in it, is furnished under
More informationSuper Anti-spyware Free Edition User Guide
Super Anti-spyware Free Edition User Guide Compiled and written by Le Roy Acres Web Services 2010 Foreward This is one of numerous tutorials concerning some of the more basic maintenance routines that
More informationSophos Endpoint Security and Control Help. Product version: 11
Sophos Endpoint Security and Control Help Product version: 11 Document date: October 2015 Contents 1 About Sophos Endpoint Security and Control...5 2 About the Home page...6 3 Sophos groups...7 3.1 About
More informationSophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0
Sophos Anti-Virus for NetApp Storage Systems user guide Product version: 3.0 Document date: May 2014 Contents 1 About this guide...3 2 About Sophos Anti-Virus for NetApp Storage Systems...4 3 System requirements...5
More informationSpyware Study. Prof. Robila CMPT 495. Computer and Data Security. Group: Francis Rivera Douglas Schemly Igor Yussim. Due:
Spyware Study Prof. Robila CMPT 495 Computer and Data Security Group: Francis Rivera Douglas Schemly Igor Yussim Due: December 12, 2005 Table of Contents Topic Page Spyware and the History of 3 Spyware
More informationSecurity and Usability of Anti-spyware software
TDDC03 Project, spring 2007 Security and Usability of Anti-spyware software Syed Zahid Ali, Kristoffer Lundholm Supervisor: Almut Herzog Security and Usability of Anti-Spyware Software Syed Zahid Ali Kristoffer
More informationCharter Business Desktop Security Administrator's Guide
Charter Business Desktop Security Administrator's Guide Table of Contents Chapter 1: Introduction... 4 Chapter 2: Getting Started... 5 Creating a new user... 6 Recovering and changing your password...
More informationOnline Payments Threats
July 3, 2012 Introduction...2 Tested Products...2 Used Configuration...3 Real Malware Inspiration...3 Total Scores Chart...4 Conclusion...4 About matousec.com...4 Detailed Descriptions of Tests...5 Detailed
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More informationSophos Anti-Virus for NetApp Storage Systems startup guide
Sophos Anti-Virus for NetApp Storage Systems startup guide Runs on Windows 2000 and later Product version: 1 Document date: April 2012 Contents 1 About this guide...3 2 About Sophos Anti-Virus for NetApp
More informationSophos Anti-Virus for Mac OS X Help
Sophos Anti-Virus for Mac OS X Help For networked and standalone Macs running Mac OS X Product version: 9 Document date: June 2013 Sophos TOC 3 Contents About Sophos Anti-Virus...5 About the Scans window...5
More informationcontents 1. ESET Smart Security...4 2. Installation...5 3. Beginner s guide...9 4. Work with ESET Smart Security...12
Integrated components: ESET NOD32 Antivirus ESET NOD32 Antispyware ESET Personal Firewall ESET Antispam New generation of NOD32 technology User Guide we protect your digital worlds contents 1. ESET Smart
More informationTable of Contents Chapter 1 INTRODUCTION TO MAILENABLE SOFTWARE... 3 MailEnable Webmail Introduction MailEnable Requirements and Getting Started
Webmail User Manual Table of Contents Chapter 1 INTRODUCTION TO MAILENABLE SOFTWARE... 3 MailEnable Webmail Introduction MailEnable Requirements and Getting Started Chapter 2 MAILENABLE KEY FEATURES OVERVIEW...
More informationDesktop Release Notes. Desktop Release Notes 5.2.1
Desktop Release Notes Desktop Release Notes 5.2.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
More informationSpyware and Adware What s in Your Computer?
Spyware and Adware What s in Your Computer? Part 1 Welcome to Part 1 of the online course, Spyware and Adware What s in your computer? Are you being bombarded by advertisements on your computer, has your
More information8x8 Click2Pop User Guide
USER GUIDE 8x8 User Guide Getting Started with April 2014 Contents Introduction... 3 What s new.... 3 8x8.... 3 Here is how works...4 8x8 Click2Connect.... 4 Requirements.... 4 Installation on Microsoft
More informationSpam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning
Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans
More information