Author Topic: "Spycar" anti-spyware test tool released  (Read 8181 times)

0 Members and 1 Guest are viewing this topic.

Offline Eric the Red

  • ISO/IEC 27001:2005
  • Administrator
  • Hero Member
  • *****
  • Posts: 1617
  • Would somebody please pass me a beer!
    • View Profile
"Spycar" anti-spyware test tool released
« on: May 05, 2006, 12:20:04 PM »
"The time to start running is around about the "e" in "Hey, you!" "
Proud member Since 2004 

The information I provide is provided "AS IS" without warranty, and confers no rights.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15973
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: "Spycar" anti-spyware test tool released
« Reply #1 on: May 05, 2006, 10:59:30 PM »
Ok, I'm game.  Let's see what happens.  My notes as I ran the tests are first with the results from SpyCar below.   

Autostart Tests:

Ad-Watch popped up and allowed me to block.

Click here to make Spycar try to install a Registry key under HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Click here to make Spycar try to install a Registry key under HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
Click here to make Spycar try to install a Registry key under HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
Click here to make Spycar try to install a Registry key under HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Both Ad-Watch & WinPatrol allowed me to block the last two:

Click here to make Spycar try to install a Registry key under HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Click here to make Spycar try to install a Registry key under HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

Internet Explorer Config Change Tests

Both Ad-Watch and SpywareGuard blocked:

Click here to make Spycar try to change your default home page in IE
 
Oopsie:  Nothing popped up here to stop these --
Click here to make Spycar try to lockout users from changing the default home page in IE
Click here to make Spycar try to remove the Advanced Tab in your IE Internet Options Screen
Click here to make Spycar try to remove the Programs Tab in your IE Internet Options Screen
Click here to make Spycar try to remove the Connections Tab in your IE Internet Options Screen
 
This resulted in prompts from Ad-Watch, WinPatrol & SpywareGuard:

Click here to make Spycar try to change your default search page in IE

That was strange.  All three (A-W, WinPatrol, SpywareGuard) popped up when I ran these but with the message about changing the default search site again: 

Click here to make Spycar try to remove the Content Tab in your IE Internet Options Screen
Click here to make Spycar try to remove the Privacy Tab in your IE Internet Options Screen
Click here to make Spycar try to remove the Security Tab in your IE Internet Options Screen
Click here to make Spycar try to remove the General Tab in your IE Internet Options Screen

Network Config Change Tests -- nothing.  Where's SpyBlocker?

Spycar Scoring
HKCU_Run : Spycar test not performed
HKCU_RunOnce : Spycar test not performed
HKCU_RunOnceEx : Spycar test not performed
HKLM_Run : Spycar change blocked
HKLM_RunOnce : Spycar test not performed
HKLM_RunOnceEx : Spycar test not performed

Since I use Firefox, I borrowed Coyote's IE and these are the results:

IE-HomePageLock : Spycar change allowed
IE-KillAdvancedTab : Spycar change allowed
IE-KillConnectionsTab : Spycar change allowed
IE-KillContentTab : Spycar change allowed
IE-KillGeneralTab : Spycar change allowed
IE-KillPrivacyTab : Spycar change allowed
IE-KillProgramsTab : Spycar change allowed
IE-KillSecurityTab : Spycar change allowed
IE-SetHomePage : Spycar change blocked
IE-SetSearchPage : Spycar change blocked

AlterHostsFile : Spycar change allowed (Looks like I have to find out what's happening with SpyBlocker.  <Corrine pages DoK!>)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline JOSEPH

  • Blogging In 2006
  • Full Member
  • ***
  • Posts: 148
    • View Profile
Re: "Spycar" anti-spyware test tool released
« Reply #2 on: May 06, 2006, 03:03:37 PM »
Excuse me, but doesn't this FREE program too also perform along the same levels? Mind you SpyCar seems ok so far as the basics go but then i don't find it much different than what's been around for what seems eons of time.
http://www.woundedmoon.org/win32/regtickpro.html
By the way, none of those even make it out of the gate with System Safety Monitor on duty! as they are INTERCEPTED!!!


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15973
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: "Spycar" anti-spyware test tool released
« Reply #3 on: May 06, 2006, 03:38:50 PM »
Quote
REGTICK is a simple windows registry tweak tool which allow you to change many hidden settings about windows itself and other applications.

It is FREEWARE.

Note:
Modifying the registry can cause serious problems, Use RegTick at your own risk!!!

SpyCar is a testing package, not a registry editor.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline JOSEPH

  • Blogging In 2006
  • Full Member
  • ***
  • Posts: 148
    • View Profile
Re: "Spycar" anti-spyware test tool released
« Reply #4 on: May 07, 2006, 12:32:32 AM »
1,195 hits on yet another Spycar topic being reviewed and discussed at Wilders

http://www.wilderssecurity.com/showthread.php?t=129548

Offline BillPStudios

  • Visiting Experts
  • Full Member
  • *****
  • Posts: 70
    • View Profile
    • WinPatrol
Re: "Spycar" anti-spyware test tool released
« Reply #5 on: September 04, 2006, 04:16:41 PM »
One of the problems with test programs is that programs like Ad-Watch, WinPatrol,etc... are frequently smart enough to know it's only a test.

It's kinda like the Star Trek episode where Data tried to prove the Nanobots were alive but they knew enough to beat the test.
 Wow, now I really sound like a geek.    :tease:

In this case, Scotty knows it's just a test program.

The Real-time Detection in WinPatrol does differentiate and will not warn you immediately if a test program that you allowed to run makes the change.
If we hooked into every registry change the system would crawl.

The methodology behind WinPatrol PLUS (R.I.D) is based on particular events which occur when programs try to execute or infiltrate your system. Manually editing the registry or changing program options may not trigger a R.I.D. alert but infiltrations by 3rd party programs will. This way you'll enjoy optimal performance during your normal computing tasks but Scotty will still wake up when significant changes have been made.

In our testing we hired a third party to infect their system based on well known infections.
The results are at http://www.winpatrol.com/rid.html

It's a shame that Consumer Reports and others are using test programs like Spycar.  Of course we may have done really bad except because WinPatrol doesn't advertise it doesn't seem to make it into the main stream magazine conparisons anyway.