Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Utility Software

Posted on 2015-01-31
Medium Priority
Last Modified: 2015-03-18
How does one know if a utility/maintenance program is authentic; that it does not add malware or worse to one's system?
In particular, what about MalwareBytes, Driver Support, Driver Update, Reg Cure Pro, Reg Zooka and Spy Zooka.
What is a good anti-keylogger program - one that will not compromise my system?
Question by:vdaigle
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 30

Accepted Solution

Thomas Zucker-Scharff earned 500 total points
ID: 40582138
MBAM from malwarebytes.org is excellent sw. I'll link to others on Monday. In general though,  anything from securityxploded.com is good. Most apps mentioned here on ee. Abs most stuff from majorgeeks.com.
LVL 64

Assisted Solution

btan earned 1000 total points
ID: 40582149
Minimally have
a) Use installed AV scan on those files and use another AV (not the same provider) too. Do tried it out in test machine, rather than your work or personal one. Note for most work environment, it (rightfully) be managed by IT and push down from your trusted source internally. You need admin rights for installation most of time.

b) Monitor any impact to the test machine such as anomalies of system slow down (heavy cpu/memory use/slower network access), other additional like s/w bundle of tool bar like or plug in like in browser, program added in startup folder, additional account created, ... nonetheless, known malicious attempts (within bounds of latest AV signature) should be detected and alerted. I have my past posting on anomalies to be wary off too...

However, we should err on the safe side as always and consider other more means too:

a) Check against blacklist and known threat - using its hash search or binary file or even its url link hosting that. Below are some good ones to check out (there are quite a couple of others too), open for alternate analysis opinion rather than one
(Virustotal - https://www.virustotal.com/)
(Malwr - https://malwr.com/submission/)
(ThreatExpert - http://www.threatexpert.com/filescan.aspx)

b) Check source of software - Do always have it downloaded or gotten from known authorised, reputable sites and sources which you know of. They would have proven it and file or binary will ideally be signed by the source certificate verifying that. Likewise it should not be from some unknown email with attachment, URL etc. Cloud service file drop and social site sharing of file is also quite suspicious too. And definitely not a P2P or torrent site file share please.

It is not a silver bullet to sieve out possible means but far better than compared to leaving to chances. if need to verify again the source for assurance. Even now, for open source (including portable executable type), I tend to be stay conservation with strewn of open source site incident where codes may been tampered and abused.

We can hear out from more in the forum posting..
LVL 93

Expert Comment

ID: 40582197
>>  , Driver Support, Driver Update, Reg Cure Pro, Reg Zooka and Spy Zooka  <<  in general, during install, they offer "additional " software to be installed
decline or skip these, that helps also a bit
also - i always suggest NOT to use the above - unless needed, and you know what to do; they tend to harm much more than help you!
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

LVL 64

Assisted Solution

btan earned 1000 total points
ID: 40582352
Also beware of Potentially unwanted programs (PUP, exp those from download.com, or not reputable site, they are not worthy of their claim (there are some which will prompt you to opt out) as they bundle those PUPs with their downloadable content. Surprising those listed can be tagged as PUP (e.g. Optional.PUP, PUP.Spyware, Adware.PUP ...) by AV or anti-malware s/w in machine. I know of MalwareBytes though being reputable can be tagged as PUP. So better to check them if you are on the conservative side (as mentioned in my prev post).

I do see MalwareBytes, Zookaware (Spy Zooka and Reg Zooka aka Speed Zooka),  and ParetoLogic (Reg Cure Pro) from reputable companies but not for Driver Support & Driver Update though.

I will not relay on one defensive s/w like anti-keylogger (e.g. Spyshelter - https://www.spyshelter.com/download-spyshelter/) to replace other existing, and they are all layer of defense to alert if the stealthy malware bypass most esp when it is of rootkit or bootkit type. Typically if prior infection vector is deter, those would not come in easily esp if you done diligence patch and real time scanning as well exercise safe surfing and stay vigilance online always.

Just do not overdo it by overloading your machine and causing s/w or signature conflicts, etc. All s/w need to be patch/upgrade timely too and not be expired unknowingly, likewise they can be vulnerable (no 100% bug free) too ... and become the point of penetration...
LVL 56

Assisted Solution

McKnife earned 500 total points
ID: 40582410
Three approaches:
A rely on AV scanning: upload your setup to https://www.virustotal.com/ and have over 50 AV engines scan it.

B Use applocker or software restriction policies and whitelist only software that you approve, that way, you are at least sure that no additional malware will be downloaded and executed after executing some untrusted potential Trojan.

C the forensic approach: Create a VM, shutdown the clean VM, mount the drive of that VM in your own system before and after the installation of the untrusted software and compare file system and registry before and after. This can be automated using MSI packager programs like the free wininstall LE by scalable software. It requires a little know how but is the only secure forensic approach. This will let you see what exactly the setup of that unknown software did to your system.

But still, you have a software running that you don't trust, not A, not B or C can ensure that this software does no harm. You would need to monitor the network activity of that software by using an application layer gateway software - windows firewall has such a thing, but it is turned off by default when it comes to outgoing connections for technical reasons (malware may instruct another trusted process  like a browser process to do the downloads for it.)

It all comes down to "don't execute software from untrusted sources". if you have to, use A, B or C or a combination of those to minimize the risk.
LVL 18

Expert Comment

ID: 40582420
Often if you don't read the license agreement and just click on accept, then you could be potentially installing pups without even knowing it. This is how they make the software free, by installing Potentially unwanted programs (pups). PUPs are not always classified as malware, or bad, most are just unwanted or unneeded. Even programs like Java, or flashplayer are bundled with PUPs, such as the ask tool bar. You need to uncheck the box when you are installing Java so the ask tool bar is not installed. I have seen even free antivirus applications bundled up with PUPs, so be careful to what you are agreeing to, and watch the install process so you can uncheck boxes that want to install these pups.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
I originally wrote this article to compare SARDU and YUMI, but have now added Easy2Boot, since that is the one I currently use and find the easiest to create and alter.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question