Individual file sypware/adware scan?

  • Thread starter Thread starter John Corliss
  • Start date Start date
J

John Corliss

A situation where I'm loath to try out a freeware program is if the
download consists of a "setup.exe" or similar file: i.e. if the
program requires OS integrated installation. There's little chance of
knowing if it's going to install malware on your system unless you
download through a credible freeware site like Snapfiles or Nonags.
It would be nice if there was a way to scan such downloads for
adware/spyware potential before you install them like one can do for
instance, for viruses with AVG (and I question how useful antivirus
scans are for a setup file.)

Anybody know of such a program?

I've looked at Ad-Aware (has the "Add 'Scan with Ad-Aware' to
Explorer" in the Configuration/Advanced Settings, but only for the
$ware versions) and Spybot S&D but was unable to find such a feature
in them.
 
John Corliss said:
A situation where I'm loath to try out a freeware program is if the
download consists of a "setup.exe" or similar file: i.e. if the program
requires OS integrated installation. There's little chance of knowing if
it's going to install malware on your system unless you download through a
credible freeware site like Snapfiles or Nonags.
It would be nice if there was a way to scan such downloads for
adware/spyware potential before you install them like one can do for
instance, for viruses with AVG (and I question how useful antivirus scans
are for a setup file.)

Anybody know of such a program?

I've looked at Ad-Aware (has the "Add 'Scan with Ad-Aware' to Explorer" in
the Configuration/Advanced Settings, but only for the $ware versions) and
Spybot S&D but was unable to find such a feature in them.

--
Regards from John Corliss
No adware, cdware, commercial software, crippleware, demoware, nagware,
shareware, spyware, time-limited software, trialware, viruses or warez
please.
Click to expand...

I don't know of such a program, but you can go to http://www.spychecker.com
and scroll down the page until you find a box, "Is it Spyware?" - then
enter the name of the program and check it against their database. Don't
know for sure how comprehensive or frequently updated their database may be,
though.
 
John said:
A situation where I'm loath to try out a freeware program is if the
download consists of a "setup.exe" or similar file: i.e. if the
program requires OS integrated installation. There's little chance
of knowing if it's going to install malware on your system unless
you download through a credible freeware site like Snapfiles or
Nonags. It would be nice if there was a way to scan such
downloads for adware/spyware potential before you install them like
one can do for instance, for viruses with AVG (and I question how
useful antivirus scans are for a setup file.)

Anybody know of such a program?
Click to expand...

Nope but at least using Total Uninstall shows you *all* that was done and
you can back the install off if not to your liking.

--
dadiOH
_____________________________

dadiOH's dandies v3.0...
....a help file of info about MP3s, recording from
LP/cassette and tips & tricks on this and that.
Get it at http://mysite.verizon.net/xico
____________________________
 
Paul said:
I don't know of such a program, but you can go to http://www.spychecker.com
and scroll down the page until you find a box, "Is it Spyware?" - then
enter the name of the program and check it against their database. Don't
know for sure how comprehensive or frequently updated their database may be,
though.
Click to expand...

Yes, I often use that site. However, my concerns are the same as
yours... thus my OP.
 
John Corliss said:
A situation where I'm loath to try out a freeware program is if the
download consists of a "setup.exe" or similar file: i.e. if the
program requires OS integrated installation. There's little chance of
knowing if it's going to install malware on your system unless you
download through a credible freeware site like Snapfiles or Nonags.
It would be nice if there was a way to scan such downloads for
adware/spyware potential before you install them like one can do for
instance, for viruses with AVG (and I question how useful antivirus
scans are for a setup file.)
Click to expand...

MAny of the installer setups are bound so tight that I believe
it's not possible for anti-virus and anti-malware sw to get a
workable view inside.

For common installer types, I go through a sequence of steps.
First I do a drag action with Powerarch, to find if its merely
a self-extracting archive type. If it is, but then it extracts
to Installshield compressed files, I use Winpack to get at the
contents.

If it is that other type of Installshield, which instead forces
launching an executable installer right off, I pause it after
the first step, and hunt down for the folder it temporarily
created in the temp directory, then tell the installer to abort.

If it is one of those msft compressed cab executables, then
I use $Winzip7 (haven't learned what freeware handles these).

For Inno, far and above the most common freeware installer these
days, I send the setup.exe to Innounp, which handles some of
them. My impression is it handles version 3 Inno, not version 2.

In other words, I do everything I can to crack the walnut
until reaching those dead-end situations that force me to
run the installer. The bad all my efforts, it only gets
me out of the forced install routine a fraction of the time.

John, my old practice was maybe simpler. I would boot into
an alternative C partition and run a bunch of installs, without
having to worry about all the stuff written to C and regkeys.

And it would be at that point, after the install routine, where
you would have executable files released from their shell, open
for anti-malware and anti-virus checks.

However you do things, it is a good idea to always keep some kind
of tracking going on. You, John, I recall to be a user of Inctrl.
This is probably my favorite prog of all times. Build up your ignore
lists; and have it always available to give you a text read of the
major reg and file changes to your system.

On a general note, aside from the strategies we each choose to do with
those locked-down setup.exe files, I would sure wish for a change in trend.
That more of those programmers who make clean, straightforward programs
offer the choice to download an equally straightforward no-install zip.

It is such a great relief to many of us to download something that we
can see. Instead of constantly having to deal with secretive setup.exe
files.
 
dadiOH said:
Nope but at least using Total Uninstall shows you *all* that was done
and you can back the install off if not to your liking.
Click to expand...


Way to go, dadiOH, that's my solution too. Makes for an uneventful install,
and if it all goes bad I can uninstall. Great program. I also have Win XP,
so I have the checkpoint option too.
 
[email protected]# said:
A situation where I'm loath to try out a freeware program is if the
download consists of a "setup.exe" or similar file: i.e. if the
program requires OS integrated installation. There's little chance of
knowing if it's going to install malware on your system unless you
download through a credible freeware site like Snapfiles or Nonags.
It would be nice if there was a way to scan such downloads for
adware/spyware potential before you install them like one can do for
instance, for viruses with AVG (and I question how useful antivirus
scans are for a setup file.)

Anybody know of such a program?

I've looked at Ad-Aware (has the "Add 'Scan with Ad-Aware' to
Explorer" in the Configuration/Advanced Settings, but only for the
$ware versions) and Spybot S&D but was unable to find such a feature
in them.
Click to expand...
I think maybe the escan utility (at art kopps site) that uses kaspersky
engine is probably the best thing to use.It detects all sorts of malware
including spyware and adware as well as viruses.You cant set it to scan
single files ....only folders so just download to a particular folder and
scan it.
me
 
omega said:
On a general note, aside from the strategies we each choose to do
with those locked-down setup.exe files, I would sure wish for a
change in trend. That more of those programmers who make clean,
straightforward programs offer the choice to download an equally
straightforward no-install zip.
Click to expand...

AMEN!!

--
dadiOH
_____________________________

dadiOH's dandies v3.0...
....a help file of info about MP3s, recording from
LP/cassette and tips & tricks on this and that.
Get it at http://mysite.verizon.net/xico
____________________________
 
John Corliss said:
A situation where I'm loath to try out a freeware program is if the
download consists of a "setup.exe" or similar file: i.e. if the
program requires OS integrated installation. There's little chance of
knowing if it's going to install malware on your system unless you
download through a credible freeware site like Snapfiles or Nonags.
It would be nice if there was a way to scan such downloads for
adware/spyware potential before you install them like one can do for
instance, for viruses with AVG (and I question how useful antivirus
scans are for a setup file.)

Anybody know of such a program?

I've looked at Ad-Aware (has the "Add 'Scan with Ad-Aware' to
Explorer" in the Configuration/Advanced Settings, but only for the
$ware versions) and Spybot S&D but was unable to find such a feature
in them.

--
Regards from John Corliss
No adware, cdware, commercial software, crippleware, demoware,
nagware, shareware, spyware, time-limited software, trialware, viruses
or warez please.
Click to expand...

John: Ewido adds a right-click option to scan files, although the latest
version is rather aggressive in trying to sell the payware version. The
freeware module is worth having, but you might classify it as crippleware.
http://www.emsisoft.com/en/software/free/

===

Frank Bohan
¶ Let a fool hold his tongue and he will pass for a sage.
 
I've looked at Ad-Aware (has the "Add 'Scan with Ad-Aware' to
Explorer" in the Configuration/Advanced Settings, but only for the
$ware versions) and Spybot S&D but was unable to find such a feature
in them.
Click to expand...

I wondered about integrating various anti-malware tools. Ad-Aware, Spybot
S&D, PestScan, TrojanScan and so on allow one to specify a folder to scan
(versus c:\ or entire PC).

1. Research Ad-Aware invocation to create your own context menu call. I'm
hoping that the new Ad-Ware introduced a (possibly undocumented) parameter
to specify a directory or file. Someone with the upgrade also could check
the call. If we are lucky, all we will need to do is copy the call and
apply it to the file types we consider appropriate.

That information may already be available via a support forum. For example,
HandyBits (IIRC) has an integrated virus scan tool that stacks calls to
antivirus products. It tries to configure itself by canning for antivirus
products but also allow manual changes and additions. Unfortunately it is
also rather forcefully intrusive. Nevertheless, HandyBits already may
incorporate Ad-aware or provide instructions.

2. Use a macro to consolidate the steps. Reference the macro in the context
menu for .zip, .exe, and a few other common file types. The most important
issues I see are:

* Simplest would be to always use the same directory, so step one might be
to create / empty a temp directory and copy the file there.

* A more sophisticated version would stack those scripts so that one request
would check via several installed antivirus packages plus Ad-Aware, Ewido
SS, Spybot S&D, SpyHunter, SwatIt.

* Malware checks could be extended beyond installed products by submitting
the file to on-line antivirus sites as a file or email (e.g., Kazpersky and
McAfee WebImmune). The macro becomes a little more delicate as the
directory structure is presented by on-line sites such as PestScan,
TrojanScan, Yahoo Toolbar spyware scanner, McAfee VirusScan, and Panda
Software Panda, all of which scan PC disks via interactive Active-X or Java
(IIRC).

* The final enhancement would be to present the result in summary from
across the disparate products.

* One disadvantage is that macros that incorporate mouse movements to step
through a directory structure will be very sensitive to any web site change
or disk structure change.

I think all except the last can be readily achieved. I started down this
road and then decided to wait a little while for a couple of enhancements in
the product I was using. I already have a small script that I use to test a
directory or file with several antivirus products.

BillR
 
Back
Top