|
Two Wales - theory of fighting against spyware/malware/adware
|
By Joseph Boyd (Arovax)
[Hits: 9657]
|
|
Two Whales
"Two whales" are two basic ways of fighting againstspyware/malware/adware. In this short article we will tell youabout the "two whales" of mankind's confrontation with themisfortune called "spyware". So, from this point on, talkingabout spyware/malware/adware we will mean software which isinstalled (launched) at a user's computer without the user'sknowledge, impedes their work and of which the user certainlywants to rid themselves to return to their normal full life.
Whale One - protecting the territory
The first thing you need is to prevent the enemy from getting toyou territory. To locate it just when it crosses your border andto destroy it. To understand how to do this, it's necessary tolearn all paths that the enemy can use to cross the border andset there your traps. This method of protection is calledReal-Time Protection (sometimes you can also come across theterm IDS - Intrusion Detection Software). Many producers ofanti-spyware build real-time protection mechanisms into theirproducts to a greater or lesser extent. Such a mechanism trackskey settings of the operating system and informs the user of anyattempt to modify them (Arovax Shield is one ofsuch products). Then the user decides if the modification shouldbe allowed or denied. However, there is one big drawback. Notonly spyware applications change these settings but normalprograms also do. If the software producer uses a signature baseand blocks only what is known to them, they risk letting througha new, unknown enemy. If the software blocks all modifications(like Arovax Shielddoes), then the right to decide is passed to the user, but notall the users deeply understand all system settings (andbesides, they do not have to). Probably, the best solution wouldbe a combined mechanism. At the moment when the system ismodified, you not only issue a notification to the user but alsoindicate if the corresponding spyware is found in the signaturesbase.
Whale Two - cleaning the territory
This is like a cold war. Both parties are constantly increasingtheir military potential. Producers of anti-spyware software areimproving their fight methods while producers of spyware arelooking for new insidious ways to get in the user's PC and digin deeply. And it's not always that the formers outdo thelatters. And when the first frontier is broken and the enemycrossed the border, the Weapon Number Two appears on the scene -a spyware remover. Remover (or Cleaner) is the program whichwill help to remove already installed spyware. First of all, itincludes a reliable scanner which will scan the user's computer,detect saboteurs (the installed spyware) and eradicate them. Themost important thing at this stage is a good spyware base. Themore signatures it includes, the more the possibility to detectthe enemy.
Here are the mandatory components of such a product:
* Scanner which performs the PC scan and spywaredetection by the known signatures.
* Remover (or Cleaner) which is responsible foreradication of the detected spyware.
* Quarantine. If a user is in doubt if the detectedspyware should be removed, they can place it in quarantinebefore the removal and then remove. Later they will have thepossibility to restore the removed information.
* Ignore List. Sometimes the scanner detects somethingthat the user does not consider spyware/malware/adware or doesnot want to remove. Then such records are placed on a speciallist and will be ignored during the following scans.
Concerning selection of a spyware remover we recommend to payyour attention not only to the availability of the above fourcomponents but also to the quality of the signature base. A veryimportant issue is how quickly the producer responds to the newthreats appearance and updates the base.
(c) Arovax, LLC
|
|
|
|
|
|
