Keyloggers and Viri and Rootkits, Oh My!

In the last post, I ranted about rootkits being planted in consumers’ computers without their knowledge by unscrupulous corporations or by hackers with even less honorable motives. I vented my displeasure with a corporation but did not give any information about what one can do about a rootkit. To remedy that oversight I embarked on a quest for some free software that will detect their presence. I shall try to rectify the omission in this episode.

It has been written that rootkits and keyloggers hide quite well in the deep recesses of your computer’s innards, often to the degree that excellent commercial software cannot find them. I found two anti-rootkit applications and one keylogger sniffer.

AVG, an excellent commercial security software company, offers three security software applications that are free for the downloading. The best known is their free anti-virus program, but they also offer an anti-spyware application and a rootkit detector. All three are available here.

Sophos Software also offers free anti-rootkit software, a threat detection test, and an application discovery tool in addition to their commercial line of security software.

One of the stranger freeware security tools I found, the SnoopFree Privacy Shield, is a paranoid and compulsive little program that detects any application that could be a keylogger or take over your browser, displays what it is, what it is doing, and asks if you wish to allow it. I found it to be something of a revelation that it classified Google Desktop as a serious threat and desperately tried to convince me not to allow it to function. This program for Win XP is worth installing, if only to see which applications are paying attention to what is being typed on your keyboard.

An updated version of Check Point’s free ZoneAlarm Security Firewall has just been released and is certainly worth using.

Belarc freely gives its Advisor application that lists all the software installed on your computer, for non-commercial purposes only. This app lists every piece of software installed on your computer, along with patches, identification numbers, version numbers, and much other valuable information. This program has been installed on every computer I have owned since 1995.

Finally, EmiSoft’s a-squared free anti malware program (Anti-Trojan, Anti-Worm, and Anti-Spyware) is available, as is an Anti-Dialer program.

When you try these programs, as I have, please give consideration to purchasing the full featured versions or making a donation to the software’s author if you like them.

Peace, Doc

Copyright © 2007, Thomas A. Blood, Ph.D.

Sony Does It Again

I am including this post from another of my blogs as it may have compromised a clinician's computer or do so in the second round of rootkits. Especially troublesome is the information that one of the products that installs a rootkit is not a CD, but a USB fingerprint security device

Once upon a time in the not too far distant past I really liked Sony products. I still do. I have Sony tape deck, receiver, CD/DVD player, pocket recorder, and was drooling over several of their high-end cameras, but I have resolved never to buy another of their offerings because of their corporate behavior.

In 2005 there was a Sony BMG scandal in which rootkits were hidden in over 100 of the CD products manufactured and sold by them. When the customer played the "copy protected" "XCP" CD, a rootkit, otherwise known as spyware or malware, was installed in their computer without their knowledge. It interfered with the way in which Windows systems play CDs and opened several security holes for viruses to enter the unsuspecting owner's computer. Rather than go on at length here, I refer the reader to the wiki link above, for a thoroughly researched and well written explanation of the problem and the various electronic, ethical, and legal ramifications of their ploy. The first time, I was relatively quiet about it, but made my resolution and have abided by it.

Now they have done it again! "... F-Secure's Deep-Guard software has detected rootkits in more software distributed with Sony products." In my opinion, this goes beyond the point that I can simply shut up and not mention it to others whose computers may be affected. They not only did it, but they did it poorly in an attempt at security through obscurity. The TechRepublic Forum post I read most recently on this subject found many others with the same feelings about Sony as I have developed.

*Sigh* At least I'm not the only one who became really cranky over this.

Peace, Doc

Copyright © 2007, Thomas A. Blood, Ph.D.

"Experience is the best teacher, but the tuition is high." - Norwegian Proverb

NanoScan and TotalScan

There are a few good, free, web based applications out there amidst all the crapware. I used Panda Software's computer-based anti-virus program for a year some while back and found it to be satisfactory. Not perfect, but good. That was at a time when many of the viruses, trojans, and worms were coming from the area of the world in which Panda Software is located. My assumption at the time was that they would therefore be the first AV company to encounter many of the new threats "in the wild" and the first to develop new countermeasures. It seemed to be a good assumption. The only drawbacks I encountered at that time were a somewhat unappealing user interface and a very aggressive advertising program. Panda was one of the "other good commercial AV programs" to which I referred in a previous post on free AV protection.

When I evaluate a program for my own use I quickly head in the opposite direction from AV and other security programs that immediately do a scan, find 1,284 possible infections on my computer, and warn me of the grave consequences of not purchasing their software or services immediately. When I found and tried Panda's nanoscan online scan it quickly had a look at my computer after I allowed it to install an ActiveX application. It reported that it found no viruses and that my other security programs were up to date. Hmm. Could it be true?

After one has scanned their computer with nanoscan, a pitch is made for totalscan. It is stated that this version can be used in either “brief” (about five minutes) or “full” (about an hour) modes. One has to sign up with an email address and a password for the free totalscan. I did so and allowed another ActiveX to run. This action started the download of a short program that literally took almost three hours to complete on a dial-up Internet connection. When this process was completed, totalscan found 10 cookies that I knew were present and showed a large red button labeled "disinfect." I hopefully pressed it. The next screen informed me that I must be a member of totalscanPRO for anything to actually happen. Technically, Panda delivered exactly what was promised, a scan. I am so freaking gullible that I must be a relative of Wily Coyote.

The purchase page even insisted that I was from the UK and wanted payment in pounds. I'm afraid I cannot recommend nanoscam, totalscam, or totalscamPRO. Some might want to take a look at Panda's relatively non-technical descriptions of crimeware, hoaxes, rootkits, and the like. Otherwise, it did nothing that the previously listed freeware did not do except leave me with junk to clean out of the computer and two or three hours of subvocal swearing which I must attend to. Despite my current displeasure, I would still state that Panda's programs and services are probably in the class of "other satisfactory commercial security software." I'm glad I used a throwaway e-mail address, though.

Peace, Doc

Copyright © 2007, Thomas A. Blood, Ph.D.

"Dammit!" - Doc