Spyware grrr


OK after spending a good part of my Sunday evening on chasing spyware on my PC, I think I finally won the battle.

Apparently one serious spyware is totalvelocity.memorymeter.

This tool pretend to install a memory check in your systray, but indeed open a huge door to all abuse.

I could sometime suddenly have until 15 popups windows coming from nowhere.

Of course I never downloaded this crap, and I want also to reply to some comments about my previous rant about FeedDemon.

I think some people misread me by saying that I don't like Feeddemon.

That's not true, the problem is not the software, the issue I have is about the feeds this tool provide by default.
Totalvelocity and may other spyware can move on the net by any kind of http stream, and if I am right, FeedDemon use a browser layer to show some feeds.

Another comment I received was about not working in Admin mode.
Yes maybe but I don't get the point, a spyware can have apparently access to anything, and it's really not good.

Finally I really invite everybody to check their machines with some antispyware, and it's really amazing th results you can find, usually an average of 50 bots is not uncommon.

So my question is still valid: What Microsoft will do to secure the registry ?

 

11 Comments

  • Isn't there a registry monitor component in .Net? If so you could knock up a little proggie that monitored the registry and warned you when an app was trying to change it - like ZoneAlarm you could then allow/deny access...

  • Hi Duncan , yes ZoneAlarm is surely a option I am going to try.

  • Totally agreed man. I freakin' hate it when my daughter gets on the machine - lop.com madness usually ensues and if the machine isn't toasted by that, its finished off by Kazaa.





    The Google toolbar beta 2 has a popup blocker built in. Might be worth a look

  • What I wonder though is: what are your security settings in IE? I mean: even if a HTML page wants to install an activeX control, my IE never will automatically install it, simply because I blocked that in the security settings. Therefor, an RSS reader, which uses IE as a viewer, will not install an activeX control (and thus a bot) without me knowing it. I suggest you'd crank up the security settings for the various zones you have and set every automatical installation option to 'prompt' or disable.





    You can set rights on registry keys, by using regedt32 (not regedit, but regedt32) under win2k or regedit under XP. If you run your desktop as administrator, this is of course not doable, since you'll override any security settings anyway, but you can make keys readonly for even the administrator, so it's worth a shot. (set change rights to 'system' f.e.)





    Any free program is potentially a spyware host, never forget that. If you can download a full featured free mp3 player from a .com domain which is clearly a company and the player is their one product, you can be sure the player does nasty things, simply because how would the company earn money otherwise?

  • Frans, the spyware like Totalvelocity are not coming by ActiveX.


    I have a high level settings scurity for IE on this machine, in susch a way that I need to blog from my laptop to be able to post something.


    Unfortunatly an HTTP stream can transport anything, and it surely the door for those crap stuff to come in.


    Of course any free program can be a potential candidate for spyware, but if Feeddemon was not coming with feeds, I am sure I could avoid the problem.


    And again, I am quite sure it's coming from Feeddemon, because the problem happen just after installed it and play with some feeds.


  • And my request to Microsoft is that they have to provide a solution from the core system.





    I heard they already thinking blocking more and more HTML content in Outlook mails to block the spammers, so why not doing something with spyware ?


  • But if http can inject an executable somewhere which will run when you run a given program, any system is vulnerable to any trojan. I can't believe that's true, unless the trojan exploits a given IE flaw (and there are some left without a patch)





    I don't think MS will ever solve this, simply because there are still people in charge which cook up goo like scripts in WMA or asf files, so when you watch a video or listen to a wma audio, and your media player isn't patched, it can execute these scripts, which will result in a trojan installation.





    A browser should be a sandbox, or at least be configurable as such. However, MS doesn't do a damn thing about that, since they are not willing to modify IE to make it run as a sandbox when accessing a file / URI that's not located in the filespace of the local system.

  • Your registry is already protected.... you choose to circumvent that protection by running in admin mode. That's your choice to throw away the Windows security model, which is fine. You don't however get to throw away the most basic of securities and then whine about how you're unprotected.





    Now I run mostly in admin mode, but I accept that it's a risk I'm taking and that I'll have to pick up the slack.





    I recommend SpyBot - Search and Destroy. Along with being quite capable at cleansing your machine, it also has a bunch of settings for locking down your registry ect.

  • Any idea which feeds the spyware came from?

  • Simon not sure from which feed but I suspect the entertainment feeds.

  • Spybot Search & Destroy ! ! !

Comments have been disabled for this content.