F
FromTheRafters
Bingo!!
Bingo!!
F
FromTheRafters
JD said:
I'm not filtering him (yet) and so I will ignore, or not, as I choose. I
generally do ignore him when he drifts off topic in a thread or posts
obvious trolling posts. When he plays 'newbie advocate' and asks
questions he already knows the answers to, I may answer also in kind
(for the newbies). When he appears to make disparaging remarks in the
guise of asking on topic questions, I usually ignore him.
D
Dustin Cook
JD said:~BD~ said:FromTheRafters wrote:
FromTheRafters wrote:
[...]
*What if* ....... ?
One or more of those 'trusted' malware cleaning forums (or even
a trusted software programme) could, surely, download such a
programme onto a user's machine so that, forever afterwards,
whatever is done on
that machine may be monitored by an outside agency.
Thank you for responding FTR!
That's not very likely,
But .... *I* believe that it is *possible*!
********
As I've said elsewhere ..........
"What a super ruse it would be, eh? - to clear a machine of
everyone else's 'nasties' but then, perhaps, leave their own
package installed on the user's machine. No one would ever
suspect, would they?"
such a trojan would soon be discovered and dealt
with - very bad for the 'trusted' source's reputation.[...]
Now this is where we seem to have a *real* difference of opinion,
FTR!
Just *who* would discover such covert malware. With today's
high-speed and powerful machines a *user* is highly *unlikely* to
discover that they have become part of a botnet! If their
/cleaned/ machine is performing *better* that it had in a long
while, why would the *user* suspect anything untoward?
Bigger picture:
Remember the quote about how you can fool some of the people some
of the time, but you can't fool all of the people all of the time?
“You may fool all the people some of the time, you can even fool
some of the people all of the time, but you cannot fool all of the
people all the time.” Abraham Lincoln
Malware like
that relies on the first part of that quote. It doesn't care about
the second part because there is no shortage of fools. Such
software does eventually get discovered, but usually cannot be
traced back to a single source - there are many sources and they
change location often. If someone has a *real firewall* then this
type of commercial malware's activities can soon be discovered.
So asking "who would" is the wrong question - the individual is
insignificant in comparison to the whole. Instead you must ask
yourself if *anybody* would discover the hidden function, and what
that would mean to an otherwise legitimate (contactable) business.
OK. Let' use an example.
I do not consider Aumha.net to be a business (do you?)
Let's say someone goes there for the cleaning of their machine and
all seems to go to plan. Is there *any* company/organisation which
makes random checks on such 'help' sites to ensure that nothing
untoward, along the lines which I've described, is happening - to
ensure that they are *not* compromising the machines of naive
'customers'?
My limited understanding of matters is that once a machine is
under the control of a botmaster, all personal control is
effectively lost.
Do you dispute this?
Yes, but I may be reading it differently than you are. It would
depend on how much control is still afforded you by the nature of
the offending program.
Perhaps you are. I meant that an outside agency may do whatever they
wish - whenever they wish - with the owner of the machine being
completely unaware of the 'intruder'. This may only be achieved if
the user can still carry out whatever he/she wishes to do and does
not become suspicious in any way.
HTH
boater Dave, You are so full of $hit my monitor stinks when I see
your messages. Try a slow boat to anywhere but these newsgroups. OK?
You might enjoy life more if you stopped complaining about things over
which you have no control. None whatsoever!
You too might find life more enjoyable if you lost the everyone might be
out to get me mentality. I'm sure it would bring you far less stress to
worry so much about the bad guys.
Aren't you deliberatly offending to get a reaction?
Enjoy your day!
I had a very enjoyable day, thanks.
D
Dustin Cook
FromTheRafters said:~BD~ said:FromTheRafters wrote:
[...]
*What if* ....... ?
One or more of those 'trusted' malware cleaning forums (or even a
trusted software programme) could, surely, download such a programme
onto a user's machine so that, forever afterwards, whatever is done
on
that machine may be monitored by an outside agency.
Thank you for responding FTR!
That's not very likely,
But .... *I* believe that it is *possible*!
********
As I've said elsewhere ..........
"What a super ruse it would be, eh? - to clear a machine of everyone
else's 'nasties' but then, perhaps, leave their own package installed
on the user's machine. No one would ever suspect, would they?"
such a trojan would soon be discovered and dealt
with - very bad for the 'trusted' source's reputation.[...]
Now this is where we seem to have a *real* difference of opinion, FTR!
Just *who* would discover such covert malware. With today's high- speed
and powerful machines a *user* is highly *unlikely* to discover that
they have become part of a botnet! If their /cleaned/ machine is
performing *better* that it had in a long while, why would the *user*
suspect anything untoward?
Bigger picture:
Remember the quote about how you can fool some of the people some of the
time, but you can't fool all of the people all of the time?
“You may fool all the people some of the time, you can even fool some of
the people all of the time, but you cannot fool all of the people all
the time.” Abraham Lincoln
OK. Let' use an example.
I do not consider Aumha.net to be a business (do you?)
Let's say someone goes there for the cleaning of their machine and all
seems to go to plan. Is there *any* company/organisation which makes
random checks on such 'help' sites to ensure that nothing untoward,
along the lines which I've described, is happening - to ensure that they
are *not* compromising the machines of naive 'customers'?
Not that I know of; re: company organization which does random audits
(checks if you prefer). However, if aumha.net or another company were to
do such things, news would spread.
Ya see BD, at some point, a professional will checkout the site; and upon
the company doing something nasty, eventually they'd be caught and surely
publically humiliated.
You just can't get away with dropping nasty code on peoples machine;
eventually the cat will be out of the bag. You never know what person may
visit the site and you can't always determine the persons skilllevel.
So your theories really have no basis in the real world. It's just not
possible for someone to dupe everyone, BD.
And again, such tactics would eventually land on the wrong machine. Say,
mine for example. My curosity would force me to go digging and
eventually, I *would* find the modifications. Many other experts would as
well. A blog site would appear, further experts would examine the site
mentioned and it would just go south for the site/software owner/creator
from that point on.
In a way, checks and balances which is what you seem concerned with do
take place on a daily basis.
D
Dustin Cook
Honestly, I think he would continue posting more conspiracy theories here;
even if nobody responded. He might even take the lack of response as
indictive that he is correct in his illusions, resulting in even more 'I've
proven it' posts.
D
Dustin Cook
I find the effort to be futile. BD is like the check engine light on your
car. Ignoring it isn't going to make the problem go away.
D
Dustin Cook
You have no need to encourage me to do what I would do naturally anyway.
What you asked me to do was get dirt on people you have a personal grudge
with; and I will not do that for you.
Your senses are in need of recalibration.
The sites you mention have been around for sometime; I'm sure if they
were upto no good, someone would have noticed it and been able to
demonstrate it to the security community; I am unaware of any of that
having taken place.
I disagree. They quickly caught your newly fake account at malwarebytes.
No sir, they are on the ball.
Dave, with all due respect, hell will freeze over before you stop a
single internet bad guy. I say this because you have no clue who are the
good or bad guys and your efforts of PI work are failing miserably.
G
G. Morgan
FromTheRafters said:
I also do house calls on the side. I would like a program that detects ALL key
loggers, not just non-commercial ones. Husband spying on wife, etc...
G
G. Morgan
G. Morgan said:
I'm going to rephrase my question.
Why wouldn't the author's of Super ASW and MBAM not include commercial key
loggers in their detections? It doesn't matter if you bought the spyware in a
nice package at Fry's, or downloaded it from any number of free sources.
Key loggers are Spyware, period. I can't leave a customer's house after
scanning with Avira, MBAM, and Super ASW --- knowing that none of them detects
this "greyware". <--- Which I have a problem with that term.
Forget what I said about my g/f. That was just theoretical. I'm talking about
working on other's PC's now.
Why do commercial vendors get a "pass", when script kiddies and other a$$holes
that write Trojans for "fun" don't?
I'll join the forum and see what happens. But, my strong opinion as a
technician, the tools I use to must be 100% dead-on. Spyware is spyware, no
matter what spin you put on it (PUP, Greyware) whatever.... Just because it
comes in shrink wrapped box doesn't mean it's not spyware.
D
David H. Lipman
From: "G. Morgan" <[email protected]>
| I'm going to rephrase my question.
| Why wouldn't the author's of Super ASW and MBAM not include commercial key
| loggers in their detections? It doesn't matter if you bought the spyware in a
| nice package at Fry's, or downloaded it from any number of free sources.
| Key loggers are Spyware, period. I can't leave a customer's house after
| scanning with Avira, MBAM, and Super ASW --- knowing that none of them detects
| this "greyware". <--- Which I have a problem with that term.
| Forget what I said about my g/f. That was just theoretical. I'm talking about
| working on other's PC's now.
| Why do commercial vendors get a "pass", when script kiddies and other a$$holes
| that write Trojans for "fun" don't?
| I'll join the forum and see what happens. But, my strong opinion as a
| technician, the tools I use to must be 100% dead-on. Spyware is spyware, no
| matter what spin you put on it (PUP, Greyware) whatever.... Just because it
| comes in shrink wrapped box doesn't mean it's not spyware.
Yes, please do join the forum for the product and ask.
| I'm going to rephrase my question.
| Why wouldn't the author's of Super ASW and MBAM not include commercial key
| loggers in their detections? It doesn't matter if you bought the spyware in a
| nice package at Fry's, or downloaded it from any number of free sources.
| Key loggers are Spyware, period. I can't leave a customer's house after
| scanning with Avira, MBAM, and Super ASW --- knowing that none of them detects
| this "greyware". <--- Which I have a problem with that term.
| Forget what I said about my g/f. That was just theoretical. I'm talking about
| working on other's PC's now.
| Why do commercial vendors get a "pass", when script kiddies and other a$$holes
| that write Trojans for "fun" don't?
| I'll join the forum and see what happens. But, my strong opinion as a
| technician, the tools I use to must be 100% dead-on. Spyware is spyware, no
| matter what spin you put on it (PUP, Greyware) whatever.... Just because it
| comes in shrink wrapped box doesn't mean it's not spyware.
Yes, please do join the forum for the product and ask.
F
FromTheRafters
G. Morgan said:
Chances are, they will. Didn't Dustin invite you to upload the
executable? Sometimes all that is needed is an MD5 on non-polymorphics.
It would make sense for anti-spyware applications to have the ability to
detect PUPs. It would also be necessary to give the administrator the
ability to exclude the legitimately installed spyware from detection as
it's legitimate use would require. Windows in particular has parental
control (spyware) - would you want children to be able to detect and
possibly thwart its use?
Because in some cases there is *no* difference, programmatically,
between the legitimate and the malicious spyware once it is installed.
The same goes for RATs - which can be described both as Remote Access
Trojan *and* Remote Administration Tool. The key difference is *how* it
becomes installed.
Use a process viewer and familiarize yourself with what *should* be
there. Chances are you will not have husbands spying on wives and vice
versa, but admins spying on standard users. If the spyware hides from
the administrator, it is *malware*, not greyware, and should be detected
by antimalware applications.
F
FromTheRafters
G. Morgan said:
I'm speculating here that some antispyware vendors would be willing to
supply detection for these once they are reported to them.
J
Jenn
JD said:
....again with the mature comments littered with foul language that you think
makes you look somehow more manly and smart....
Texas sayings isn't going to make up for a low IQ.
J
Jenn
JD said:
I shall correct you ... Jenn doesn't *pop up* anywhere ... I gracefully
click on a newsgroup title and peruse the threads one by one........ ;-)
D
Dustin Cook
I would have to agree.
D
Dustin Cook
As many of the keyloggers are commercial in nature; Perhaps you could
purchase a copy of the popular ones and provide the complete installer to
various antimalware researchers.
I'd be willing to release a database update to BugHunter to include each
one you are willing to provide. I'll go one step further, I'll submit
them to my friends at malwarebytes for possible inclusion into their
databases as well.
That's probably your best bet for getting something to detect all of
them; Atleast in so far as commercial goes. Us antimalware guys go for
the things we see in the wild, doing harm.
D
Dustin Cook
It matters. It's a greyarea. Legimitate reasons exist for the commercial
packages. One being, monitoring of employees using company/network
equipment.
As I said, it's a greyarea. Potentially unwanted software, depending on
the conditions of it's installation.
If you want them to take a look, provide the installer executable so that
a proper analysis can be performed.
They don't get a pass per say. It depends on whether or not the employer
set the software up. If that's the case, the user has no right to
discover that spyware.
I'm a technician by trade as well, along with antimalware researcher; and
sadly, whether you like the term or not doesn't matter. It exists and
applies in some cases. As far as tools being 100%, as an author of one
myself, and fellow researcher for another, that's just not possible.
Sorry.
A
ASCII
Jenn said:
Maybe that's why texas was placed beneath Oklahoma on the map?
G
G. Morgan
Dustin Cook said:
I'm not buying them, but here is where you can look.....
http://extremenova.org/details.php?q=4d21d5e379ac1bd6c756d8755a2e4637138803e7
http://h33t.com/download.php?id=4b3...6f525&f=Spector+Pro+2009[H33T][NexTG].torrent
http://h33t.com/download.php?id=662...n+your+childen]+[wallpapers001][h33t].torrent
Thanks for the offer.