Sunday, March 18, 2007

Malware Notes...

Lavasoft Ad-aware 2007 (beta 2)

Now out for general consumption via Lavasoft Blog - Lavasoft. Actually, it has been out for a while for registered users.

Their home page Ad-Aware @ Lavasoft reports the following features in Ad-aware:

  • a redesigned engine for faster scanning,
  • something called "CSI technology" (if it has anything to do with Marg Helgenberger..sign me up now!) to look for imbedded malware and new threats,
  • improved detection database...with incremental updating,
  • a newly redesigned GUI,
  • the ability to scan Alternate Data Streams (ADS) in NTFS volumes,
  • and a scheduling service.

Actually, CSI stands for "Code Sequence Identification" so no Marg Helgenberger technology is embedded...too bad.

If you don't want to register for the ongoing version, you may download a version directly from filehippo.com.

Be aware, that it will only run for a few days without registration. To fully "unlock" it, you must register.

I have taken a brief amount of time and registered with Lavasoft as a Beta Tester and found it to be very painless. Give 'em your email address; you will get a login password sent to your provided address.

Log in and you are In-Like-Flint! Answer a very brief and simple survey and you are granted access to the download goodies!

Current version available for Beta testers is Ad-Aware 2007 Beta 3. It is being issued as a .msi file. Curious!

The way I see it, I get to play with the newest version of a trusted anti-malware program that has saved my rear-end quite a few times...seems like the least I can to do give something back and contribute.

I don't know if they will keep a "free" version of the upgraded final release, but I am hopeful they will. It would fit in with their current model of free-for-personal-use policy with Ad-aware Personal SE.

I did note in a brief review that it does seem to need to install a system-level driver or two to run. In Ad-aware Personal SE you could install it onto a pc, then copy the installed program folder onto a USB stick and use it on other (personal) pc's...kinda "portably." However, at this point, I'm not sure you will be able to do this in the new version. That's too bad for power-users and malware fighters who are used to keeping a version on USB ready to run, or installed on a BartPE disk.

I need to do some more work with it when the "final" version is released.

I really wish a classy company like Lavasoft would release a supported portable version of their basic/free products...I know they would likely win over even more fans..although the ranks of Ad-aware fans are already quite large with this trusted anti-malware application.

I haven't used it enough to comment on it's scanning performance just yet...maybe soon.

Worth a look if you want to register.

Malwarebytes Highlights

RogueRemover is a free product offered by Malwarebytes.org.

It is available in a free version as well as a paid ($14.95/lifetime) version, RogueRemover Pro

Unlike most of the other anti-spyware/anti-malware programs out there, RogueRemover focuses on a growing niche of malware -- anti-malware products that are really wolves in sheep's clothing. I'm speaking of applications that claim to help users (often already dealing with a malware infection) and only serve to make the problem worse by installing malware in the guise of removing it.

Take a look at The Spyware Warrior's list of Rogue/Suspect Anti-Spyware Products & Web sites to see what all the fuss is about.

Alex Eckelberry of Sunbelt Software, frequently posts warnings about new rouge anti-spyware products on his very readable SunbeltBLOG.

Yuck!

Per Malwarebyte's product description:

RogueRemover is a utility that can remove various rogue antispyware, antivirus and hard drive cleaning utilities. Rogue applications are applications that rather than remove spyware, provide false positives, distribute malware or spyware, advertise, or provide useless uninstallers. The main point is that rogue applications are useless and eat up system resources.

RogueRemover has the ability to completely remove WinAntiSpyware/WinAntiVirus, SpyAxe, VirusBlast, VirusBursters and many more!

The current database of rogue anti-spyware products removed by RogueRemover numbers over 260 products...and (sadly) keeps growing.

Also can be made portable for the USB toting crowds.

Other useful utilities offered by Malwarebytes:

FileASSASSIN -- a free utility to aid in deletion of locked malware files from the pc. It comes in three versions, English, Spanish, and a "Portable" version able to run from a USB drive.

RegASSASSIN -- a free and portable utility that helps "...remove stubborn registry keys by resetting the key's permissions and then deleting it."

Claus says "Very Nice!"

Check out their Malwarebytes Blog while you are at it. Great writing style and useful information.

Malware Reversing Paper

Via a recent SANS-ISC Handler's Diary post, the Websense team has been hard at work documenting how a nasty malware infection file works.

Websense Security Labs Threat Blog: Norwegian Bank Malware Analysis

It was a tricky nut to crack...and is quite fascinating...if you are into these things.

Stay safe on the Tubes....

--Claus

No comments: