Photobucket
Photobucket Photobucket Photobucket
CLICK ON THE GRAPHIC ABOVE TO HEAD TO ALL OF TODAY'S NEWS STORIES
Wednesday, June 22, 2011

Know the Moment Your Computer is at Risk




While trying to find some great security software, I stumbled on this one called Spy-The-Spy. It is a very interesting concept. Basically you keep this small program running on your Windows system and as soon as spyware or malware accesses your system, it lets you know. Once you see this, you can scan with your favorite spyware removal tool to get rid of it.

Try the Spy-The-Spy tool for yourself and see if it helps you see spyware the moment it enters your system!

Stay Safe




The App
Spy-To-Spy sits in tray and watches folders you specified in settings.

The folders include subfolders so you really just need to set C:\Windows to monitor all additions to Windows and System folders. This is set by default.

Optionally if you are extra paranoid like me you can add also C:\Program Files and C:\Documents and Settings. (Some Parazits will copy itself here)

Now anytime exe is added, renamed or modified a message will appear.

Quarantine
You have the option to add selected files to Quarantine. It will brute force kill the processes quickly one after another to avoid watchdogs and move the exe file to a Quarantine folder.

System File Check
Additionally a button for SFC was added. This will run Windows Protection that checks all system files for changes and it will copy them from Windows CD if they are different.

Warning: On clear situation, like the one above where basically 3 spyware exe files were added by ActiveX, the Quarantine is a simple choice. But in case where system or IE Helper dll's are involved, forcing these files to Quarantine may make IE partially unoperational. Remember, Spyware use many methods to penetrate your system so if you are unsure then don't experiment. Just acknowledge some files were added and run anti-spyware! In any case run anti-spyware to clean up registry from the bugs.

Legit Files
Spy-The-Spy is a file monitor. It doesn't differentiate between real spyware and a legit file that has been added to watched folders. There are cases when such legit files are created:

  • Windows may on startup replace some dll's in system folder from its backup
  • Some virus and anti-spyware scan may create a temporary files to unpack zipped files. AdAware does this for example.
  • Legitimate sites add dll's to your computer without any notification. Ebay does this for example.

Limitations
In general, this application doesn't replace anti-spyware but complements it.

  • The software is a monitor, it doesn't deny access to the files. When you see warning, the files are already there running
  • The software does not scan files. If you have previously spyware installed, Spy-The-Spy will not know about it
  • The Quarantine doesn't clean the registry that the spyware may change only brute-force remove the file from its location.