G
B
Bill Sanderson MVP
Thanks!
G
Guest
All I get when I click on one of the tests, after clicking OK to run is a
message box saying there is no profile, with a box to enter something. No
explanation as to what one is supposed to enter there.
message box saying there is no profile, with a box to enter something. No
explanation as to what one is supposed to enter there.
B
Bill Sanderson MVP
I believe it is an arbitrary name, with a length less than the size of the
box, fwiw.
The scoring process involves running a separate app at the end, and I
suspect this name gets passed so that app can find a record of what tests
were done.
--
box, fwiw.
The scoring process involves running a separate app at the end, and I
suspect this name gets passed so that app can find a record of what tests
were done.
--
K
KP
It's not a good idea. One of the tests successfully (and completely)
removed "Advanced" tab at IE6-->tools-->Internet Options... I had to
manually erase "new" items from the registry in order to restore IE6 to
it's normal state. Clean-up procedure at spycar.org doesn't properly
work.
My PC: XP he SP2 + AntiSpyware Beta 1 + McAfee virusscan 10.0.27.
removed "Advanced" tab at IE6-->tools-->Internet Options... I had to
manually erase "new" items from the registry in order to restore IE6 to
it's normal state. Clean-up procedure at spycar.org doesn't properly
work.
My PC: XP he SP2 + AntiSpyware Beta 1 + McAfee virusscan 10.0.27.
B
Bill Sanderson MVP
This worked properly for me--i.e. the tabs were removed, and were reinstated
by the reversal app at the end.
--
by the reversal app at the end.
--
G
Guest
It is obvious that Defender is not stopping some of the IE changes, such as
the tabs being removed. Neither is Spysweeper. Just what program would
actually prevent those IE changes from being exploited?
the tabs being removed. Neither is Spysweeper. Just what program would
actually prevent those IE changes from being exploited?
K
KP
Well. Today it works properly. Very interesting site. Thanks.
P.S. Nevertheless yesterday I manually cleaned
HKCU\Software\Polices\Microsoft\Internet Explorer\Control Panel\
I don't know why.
P.S. Nevertheless yesterday I manually cleaned
HKCU\Software\Polices\Microsoft\Internet Explorer\Control Panel\
I don't know why.
G
Guest
the TowTruck reversal app worked fine for me today. No prob.
But the results were depressing. I'm running NAV2005, CounterSpy and WD.
Only one of the reg keys was allowed --
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
But every single one of the IE config change tests was let through.
Hmmm.. ;-(
But the results were depressing. I'm running NAV2005, CounterSpy and WD.
Only one of the reg keys was allowed --
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
But every single one of the IE config change tests was let through.
Hmmm.. ;-(
K
KP
There is a good solution which works better than any antispyware
program:
"Never run PC under administrative account".
No one test will pass, only once when attempting to change default
search page in IE AntiSpyware Beta 1 noticed and blocked this attempt.
All other tests are blocking by Windows itself.
program:
"Never run PC under administrative account".
No one test will pass, only once when attempting to change default
search page in IE AntiSpyware Beta 1 noticed and blocked this attempt.
All other tests are blocking by Windows itself.
B
Bill Sanderson MVP
I don't know the answer to that--such changes are available to be made by
group policy settings--anyone can do it with a registry editor, I believe.
I don't see any clear sign of axes to grind in these tests, other than the
signature at the bottom of the page about the OS used to create the work.
It may well be the such changes can't be made to Firefox, which would
probably prevent Firefox from being widely deployed in corporate settings.
--
group policy settings--anyone can do it with a registry editor, I believe.
I don't see any clear sign of axes to grind in these tests, other than the
signature at the bottom of the page about the OS used to create the work.
It may well be the such changes can't be made to Firefox, which would
probably prevent Firefox from being widely deployed in corporate settings.
--
G
Guest
I just re-ran the Spycar tests using my limited XP account. This time the
results said that all but four of the tests were "not performed" even though
I ran all of them. The 4 there were performed were "blocked": HKLM_run, IE
home page and search page change, and host file change. I do not know if the
tests are not functioning or if this is because of limited user rights.
Opinions??? BTW - the ones that were blocked were blocked silently, with no
alert from Spysweeper at all.
results said that all but four of the tests were "not performed" even though
I ran all of them. The 4 there were performed were "blocked": HKLM_run, IE
home page and search page change, and host file change. I do not know if the
tests are not functioning or if this is because of limited user rights.
Opinions??? BTW - the ones that were blocked were blocked silently, with no
alert from Spysweeper at all.
B
Bill Sanderson MVP
I think that I saw similar when I ran the tests on Vista--that's why (I
think)--I said that the scoring doesn't appear to be accurate.
I think this is useful, but it has a ways to go before it'll be anywhere
near as useful as Eicar has been.
--
think)--I said that the scoring doesn't appear to be accurate.
I think this is useful, but it has a ways to go before it'll be anywhere
near as useful as Eicar has been.
--
G
Guest
Whatever the Spycar test is doing, I think it attempted to run all the tests,
even on the limited XP account. Each time I ran it, Crap Cleaner "issues"
had to delete all those dead end run entries each time. I don't know if
that's from the actual test being run, or from the "towtruck" cleaning up
after the test. I didn't examine C Cleaner results closely enough, I guess.
But you can definitely tell something has been done - or attempted to be done.
even on the limited XP account. Each time I ran it, Crap Cleaner "issues"
had to delete all those dead end run entries each time. I don't know if
that's from the actual test being run, or from the "towtruck" cleaning up
after the test. I didn't examine C Cleaner results closely enough, I guess.
But you can definitely tell something has been done - or attempted to be done.
G
Guest
I went to the site using Firefox, but it would only work if I allowed Java
scripting. Then on the test page, Firefox alerted me that it would need to
download the test executable to the disc. I decided to block Java and abort
at that point. Firefox makes it much clearer what you are doing and that
there will be a download if you proceed. FF is safer IF the user makes the
right choice. However, to allow the test in IE, the user has to choose "run",
so the user has the option to block these tests from running (and also the
exploits?). The ultimate result depends on the decision of the user, who is
perhaps the "weakest link."
scripting. Then on the test page, Firefox alerted me that it would need to
download the test executable to the disc. I decided to block Java and abort
at that point. Firefox makes it much clearer what you are doing and that
there will be a download if you proceed. FF is safer IF the user makes the
right choice. However, to allow the test in IE, the user has to choose "run",
so the user has the option to block these tests from running (and also the
exploits?). The ultimate result depends on the decision of the user, who is
perhaps the "weakest link."
B
Bill Sanderson MVP
I had to go through two "security warning" dialogs for each test--one for
the download, and one because the code is unsigned. That seems like enough
to wake you up. I ran just the Hosts file test this time, and it ran with
no alert from Windows Defender, so I checked the hosts file, and it was
unchanged. I then ran the scoring module, and it declared that the test had
not been run.
I think this is IE7 at work, rather than Defender.
--
the download, and one because the code is unsigned. That seems like enough
to wake you up. I ran just the Hosts file test this time, and it ran with
no alert from Windows Defender, so I checked the hosts file, and it was
unchanged. I then ran the scoring module, and it declared that the test had
not been run.
I think this is IE7 at work, rather than Defender.
--
G
Guest
It's called "DropMyRights". mIt solves all Your problem.Whether U r in
constraint mode, nothing can be run in the ragistry, no iztems can be
installed in Windows, and system, sytem32 folders. No processes will be
teminated. I guess a Microsoft-guy (Michael Howard) has written the program.
Here it is:
http://www.securityfocus.com/infocus/1848
http://msdn.microsoft.com/security/...library/en-us/dncode/html/secure11152004.as p
constraint mode, nothing can be run in the ragistry, no iztems can be
installed in Windows, and system, sytem32 folders. No processes will be
teminated. I guess a Microsoft-guy (Michael Howard) has written the program.
Here it is:
http://www.securityfocus.com/infocus/1848
http://msdn.microsoft.com/security/...library/en-us/dncode/html/secure11152004.as p
P
plun
Hi Old Rebel
Yes, for sure......
Another interesting test is this Trojan Simulator.
http://www.misec.net/trojansimulator/
The bad guys mixture often comes with a "carrier" trojan and therefore
this also is important to test.
Some work to get it to work with a protected PC.....
regards
plun
Yes, for sure......
Another interesting test is this Trojan Simulator.
http://www.misec.net/trojansimulator/
The bad guys mixture often comes with a "carrier" trojan and therefore
this also is important to test.
Some work to get it to work with a protected PC.....
regards
plun
K
KKP
Thank you for the information. I just tried to run IE and OE via
dropmyrights.exe under administrative account (with no key N C or U
specified, so default "N" is used).
IE works fine. No problems.
Some problems with OE. Most of the functions are operated normally (i.e.
news groups access, compact folders and so on). But it checks e-mail
perhaps 100 times slowly than normal. And all this time OE spends to
connect to the mail account, it send and receive mail fast, but
connecting to accounts takes minutes.
dropmyrights.exe under administrative account (with no key N C or U
specified, so default "N" is used).
IE works fine. No problems.
Some problems with OE. Most of the functions are operated normally (i.e.
news groups access, compact folders and so on). But it checks e-mail
perhaps 100 times slowly than normal. And all this time OE spends to
connect to the mail account, it send and receive mail fast, but
connecting to accounts takes minutes.