I couldn't agree more...I have fixed numerous machines for people and usually come to the recommendation to just wipe everything clean and start fresh. I just don't trust those programs because I've seen plenty of circumstances where they don't get everything completely. There is one good thing about spyware...I've made a lot of money cleaning it up for people. :)
Jaron -----Original Message----- From: Michael Halcrow [mailto:[EMAIL PROTECTED] Sent: Monday, August 02, 2004 1:03 PM To: BYU Unix Users Group Subject: Re: [uug] Spyware stuff On Mon, Aug 02, 2004 at 12:26:13PM -0600, Ashley Oviatt wrote: > Is there a good free/OS spyware scanner for windows out there? Call me paranoid, but if it were my computer that had been infiltrated by untrusted malicious software at the root level, I would consider it a total loss and just wipe the sucker clean. I wouldn't put my faith in some random ``cleaning'' software to track down all the ``offending'' portions of the malicious software from my computer; it is too easy to make variations that circumvent such attempts, and it's too easy to overlook something. I also wouldn't trust any scanning software to *keep* spyware and viruses off my computer. System-wide Mandatory Access Control (MAC), ala SE Linux, is the only way to go, as far as I am concerned. If I happened to have a fairly up-to-date known-good database of static SHA1 sums for every file on my filesystem, then I might trust that if everything checked out, but I doubt that's the case in your situation. But I still wouldn't feel comfortable without the MAC policies in place and being actively enforced. To take that a step further, I would proceed to change all my passwords. I would re-encrypt all my files with new keys protected by new passwords, change account PIN's, revoke public keys, and basically treat everything that the infiltrated computer touched as compromised. If untrusted malicious software was at any time running on that machine, it's game over. You must consider every keystroke to have been sniffed. There is a lot of hard work going on in this area of security, and Trusted Computing will give us some valuable tools to help confront spyware issues. SE Linux, which is probably going to be enabled by default in Fedora 3, gives a level of protection unparalleled by any other workstation-deployable operating system. The virus/spyware issue is so bad now that I would never even think of using an average Windows machine for handling sensitive data (e.g., typing in my password to log into a server via ssh or letting a sensitive file traverse its filesystem). There are some files with sensitive content that I will not even send someone if I have no assurance that he is running a secure system; while I may trust the recipient himself, I certainly do not trust his ability to administrate his machine in such a way so as to adequately protect the data's confidentiality. Mike .___________________________________________________________________. Michael A. Halcrow Security Software Engineer, IBM Linux Technology Center GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D "Information economics, in the absence of objects, will be based more on relationship than possession." - John Perry Barlow ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
