Request for enhancements...

  • Thread starter Thread starter Brian Seborg
  • Start date Start date
B

Brian Seborg

WinPCap is identified as spyware. Specifically, the
report has the following detail:
WinPCap
Type: Enabler
Threat Level: Low
Author: WinPCap Team including = Loris Degioanni

Description: WinPCap is an Open Source Windows Packet
Filtering Library.
It provides low level internet & system traffic data to
other applications that leverage its utilities.

Advice: This software is not necessarily hazardous unless
it is used by a particular spyware threat. If you
quarantine or remove all of the spyware threats from your
computer you do not necessarily need to remove this
program. Please note: if a legitimate application is
using functionality contained in an enabler application,
removing the enabler may cause that application to cease
functioning properly. This application is okay to have
running on your computer, as they are only dangerous if a
Spyware application is also installed on your machine and
exploiting it. However if you did not install this, or
know of a legitimate application that did, you may
consider quarantining or removing it. Please note: if a
legitimate application is using functionality contained
in an enabler application, it may cause that application
to cease functioning properly.

About Enabler: While not spyware, it provides
functionality that spyware roducts have been known to
exploit. Normally, these applications are okay to have
running on your machine, as they are only dangerous if a
Spyware application is also installed on your machine and
exploiting it. However if you did not install this, or
know of a legitimate application that did, you may
consider quarantining or removing it. Please note: if a
legitimate application is using functionality contained
in an enabler application, removing the enabler may cause
that application to cease functioning properly


As for whether a normal user would understand this, not
likely unless he was fairly technical. But, then, that's
what help desks and running in silent mode are for. You
could help yourselves by providing a bit more
clarification with a typical end-user in mind as opposed
to a technical end user.

In addition, a central reporting capability is needed to
allow this program to become an enterprise class
utility. If not, it will only be an end-user solution.
In an enterprise, I want to be able to install this so
that reports are silent and so that the program can take
specific actions (e.g. quarantine much like AVs would
perform a clean).

I want reports sent to a central monitoring console or
log server (with a console interface and reporting tool)
that would allow me to know what's happening in my
environment and whether quarantine's or clean-up actions
are successful or not. This, would allow me to keep
track of what was going on, but I would only really have
to worry about follow up on a) repeat offenders (what
activity are they engaging in that keeps getting them
infected?) or b) unsuccessful clean up (where an IT
person would either have to remote in to the users system
(via an existing remote support application - I do NOT
expect for remote support to be built in to the anti-
spyware client) to fix the problem, or, in rare cases,
actually have to go visit).


Brian :-)
 
Back
Top