NOW SpinRite 6.1 – Fast and useful for spinning and solid state mass storage!

OptOut Logo
Show Spyware that Being Sneaky Doesn't Pay!
by Steve Gibson, Gibson Research Corporation
Suspected Spyware
This "Suspects" page complements the previous "Known Spyware" page. The amazing amount of traffic over in the OptOut newsgroup, with people reporting new spyware and/or asking whether we've seen such-and-such a program before, led me to create this "suspicious software & services clearinghouse" page. People posting unknown spyware queries in the OptOut newsgroup will probably be told to "go check the suspects page". Here it is . . .

 If the software you suspect is already listed in the "Suspicious Software/Services Index", we will be looking at it as soon as possible. You don't need to do anything further. If you have a very clear-cut reason for believing that something already listed as suspicious really is bad, we'd like to hear it. In that case scroll down to the "Reporting Suspicious Software/Services" section below, and proceed from there.

 If the software you suspect is listed in the "Proven Okay Index" that means we have already checked it out, gave it a clean bill of health, and you really have nothing to worry about.

 If you don't find your suspected software listed in either of the two lists on this page, and if we haven't already nailed it to the wall over on the "Known Spyware" page, please scroll down to the "Reporting Suspicious Software/Services" section below, where you'll find some instructions and a convenient form for submitting a report to tell us what you suspect.

A Sincere Plea To Software Publishers

If your software, service, or system is listed in the suspicious index below, PLEASE contact us immediately and help us to move it into the "Proven Okay" list!

We will do everything possible to work with you to determine why someone believed that your software might have been spying, tracking, or cataloging them or their activities and we'll put those fears to rest. Okay?

The Suspicious Software/Services Index

The software facilities, systems, and services, listed in this section have not yet received a thorough examination. They are NOT known to be spyware, so they appear below only so that visitors desiring to submit reports of new, potential, spyware privacy violators will know which systems have already been reported.

Advertising-based "free" download acceleration utilizing home-grown ad server technology.

IE and Windows integrating info system. No privacy statement.

Ad supported, free, content filtering ISP. Claimed system required an uninstall password. (Which didn't work.)

Opt-in Targeted eMail? Sure.(see this link.<shudder>

Net Perceptions
Company extolls the virtues of knowing the habits and preferences of everyone online and offline.

Your Suspect Here!
If it's not listed here, or below in the "Looks Okay" list, scroll down to tell us about it!

The "Looks Okay" Software Index

This index lists suspected programs or systems which we've examined and found to be safe and benign. If your suspected program, system, or company is listed here you'll know that we've given it a close look.

Good Programs
Several of the software systems above appear to be fine. We'll fully verify them then move them down here!

Spyware Detection

Almost without exception, spyware deliberately hides inside the computer and works at avoiding detection. For example, the Aureate spyware system inhibits its Internet backchannel use in the absence of keyboard or mouse activity so that the user won't see modem lights flashing and wonder what the heck is going on. Since spyware is deliberately trying to go undetected, special tools are required to sense the presence of these sneaky spys. Of course, OptOut instantly and efficiently detects the presence of, and optionally removes, any spyware it knows about, but on this 'suspects' page we're talking about tracking down and detecting PREVIOUSLY UNKNOWN (to OptOut) suspicious software.

Spyware hunters have two types of tools at their disposal:  Application blocking firewalls that detect the spyware's attempt to access the Internet, and  "Packet Sniffing" utilities that monitor the computer's Internet communications . . .

 Using an Outbound Blocking Firewall

Most of the reports we receive from surprised users, who have caught spyware phoning home, are sent to us by people who have recently downloaded and installed the FREE ZoneAlarm 2.1 personal firewall from ZoneLabs. Although other firewalls can be configured to monitor and control access at the "application level", ZoneAlarm was specifically designed with outbound detection and blocking in mind, making it the preferred tool for the purpose.

Internet Firewalls have traditionally concerned themselves with preventing "ingress from external threats", but thanks to the new breed of super-sneaky spyware, several recent firewalls have added the ability to prevent "egress from internal threats." That is what's required for blocking outbound use of your system's Internet connection.

For catching sneaky spyware trying to phone home, I recommend ZoneAlarm 2.1, which has earned my whole-hearted support and enthusiastic endorsement for three reasons:

ZoneAlarm provides excellent, state of the art, protection from external "bad guys" trying to break into your system from the outside — External Ingress. And starting with version 2.1, logging of past scans and probes of the protected system.
It is the only firewall to provide easily configurable OUTBOUND detection and blocking of unauthorized applications — Internal Egress. ZoneAlarm is instantly catching — and blocking — sneaky spyware applications when they try to phone home!

For example, It was my first use of ZoneAlarm that detected and caught the Conducent/Timesink TSADBOT running in my own workstation! And this was despite the fact that I'd been reviewing and testing other firewalls for months prior to ZoneAlarm. I was immeditately convinced! I think you will be too.
And . . . you just can't beat the price!  IT'S FREE!!  (Commercial and corporate users need to purchase it, but it's completely free for individual users.)

A Note About ZoneAlarm

I have grown to know the color blind ZoneLabs guys quite well — mostly from pounding on them to change the color of their product (I was not successful) and to fix some early bugs and then add a few crucial features to ZoneAlarm. On those points I did succeed! So I can, and I absolutely do, vouch for them 100% (except for their total lack of color sense).

I think they are nuts to offer the best firewall in the PC industry for free, but I love it that they do!

(I have no financial or other undisclosed interest, of any kind, in ZoneLabs.)

One very important class of spyware that slips quietly past ALL existing firewalls is the Aureate Browser Parasite technology. Since it runs within the Internet Browser's "process space", it usurps the browser's firewall access privileges to gain unrestricted access to the Internet.

Since the Aureate technology sneaks past all firewalls, the only way I know of to detect the stealth installation of Aureate spyware — and its subsequent use of your Internet connection without your knowledge — is to enable OptOut's "Quick Check at Startup" option to cause a brief inspection of the system registry whenever the system is started.

 Using a "Packet Sniffing" Network Monitor

If you are not afraid of going where only propeller-head types tread, or if you really want to watch what's happening with your system's Internet connection, you can install and use "packet sniffing" software.

If your propeller cap is on really tight, click the button
above for more information about packet sniffing.

Reporting Suspicious Spyware or Services

If you have some reason to believe that some software running in your system might not have your best interests at heart, or you feel that you have good reason to suspect a system, service, or web site that's not listed above, click on the "Click Here to Report Suspected Spyware" image below to send a report to us . . .

Uploading Files for Analysis

Please see the "Report Suspected Spyware" page for a step-by-step procedure to follow if you want to submit a suspicious file for our investigation and analysis.

To continue, please see: The OptOut Program

You are invited to browse these pages for additional information:

1  OptOut Homepage 
5  Suspected Spyware 
9  Privacy On The Net 
2  Code Of Conduct 
6  The OptOut Program 
10  GRC Privacy Forums 
3  Spyware Analyzer 
7  OptOut User's Guide 
11  Keeping Informed 
4  Known Spyware 
8  OptOut User's FAQ 
12  GRC Privacy FAQ 

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2024 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Oct 06, 2003 at 14:29 (7,586.53 days ago)Viewed 6 times per day