Solved

Utility Software

Posted on 2015-01-31
8
98 Views
Last Modified: 2015-03-18
How does one know if a utility/maintenance program is authentic; that it does not add malware or worse to one's system?
In particular, what about MalwareBytes, Driver Support, Driver Update, Reg Cure Pro, Reg Zooka and Spy Zooka.
What is a good anti-keylogger program - one that will not compromise my system?
0
Comment
Question by:vdaigle
8 Comments
 
LVL 26

Accepted Solution

by:
Thomas Zucker-Scharff earned 125 total points
ID: 40582138
MBAM from malwarebytes.org is excellent sw. I'll link to others on Monday. In general though,  anything from securityxploded.com is good. Most apps mentioned here on ee. Abs most stuff from majorgeeks.com.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 40582149
Minimally have
a) Use installed AV scan on those files and use another AV (not the same provider) too. Do tried it out in test machine, rather than your work or personal one. Note for most work environment, it (rightfully) be managed by IT and push down from your trusted source internally. You need admin rights for installation most of time.

b) Monitor any impact to the test machine such as anomalies of system slow down (heavy cpu/memory use/slower network access), other additional like s/w bundle of tool bar like or plug in like in browser, program added in startup folder, additional account created, ... nonetheless, known malicious attempts (within bounds of latest AV signature) should be detected and alerted. I have my past posting on anomalies to be wary off too...

However, we should err on the safe side as always and consider other more means too:

a) Check against blacklist and known threat - using its hash search or binary file or even its url link hosting that. Below are some good ones to check out (there are quite a couple of others too), open for alternate analysis opinion rather than one
(Virustotal - https://www.virustotal.com/)
(Malwr - https://malwr.com/submission/)
(ThreatExpert - http://www.threatexpert.com/filescan.aspx)

b) Check source of software - Do always have it downloaded or gotten from known authorised, reputable sites and sources which you know of. They would have proven it and file or binary will ideally be signed by the source certificate verifying that. Likewise it should not be from some unknown email with attachment, URL etc. Cloud service file drop and social site sharing of file is also quite suspicious too. And definitely not a P2P or torrent site file share please.

It is not a silver bullet to sieve out possible means but far better than compared to leaving to chances. if need to verify again the source for assurance. Even now, for open source (including portable executable type), I tend to be stay conservation with strewn of open source site incident where codes may been tampered and abused.

We can hear out from more in the forum posting..
0
 
LVL 91

Expert Comment

by:nobus
ID: 40582197
>>  , Driver Support, Driver Update, Reg Cure Pro, Reg Zooka and Spy Zooka  <<  in general, during install, they offer "additional " software to be installed
decline or skip these, that helps also a bit
also - i always suggest NOT to use the above - unless needed, and you know what to do; they tend to harm much more than help you!
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 40582352
Also beware of Potentially unwanted programs (PUP, exp those from download.com, or not reputable site, they are not worthy of their claim (there are some which will prompt you to opt out) as they bundle those PUPs with their downloadable content. Surprising those listed can be tagged as PUP (e.g. Optional.PUP, PUP.Spyware, Adware.PUP ...) by AV or anti-malware s/w in machine. I know of MalwareBytes though being reputable can be tagged as PUP. So better to check them if you are on the conservative side (as mentioned in my prev post).

I do see MalwareBytes, Zookaware (Spy Zooka and Reg Zooka aka Speed Zooka),  and ParetoLogic (Reg Cure Pro) from reputable companies but not for Driver Support & Driver Update though.

I will not relay on one defensive s/w like anti-keylogger (e.g. Spyshelter - https://www.spyshelter.com/download-spyshelter/) to replace other existing, and they are all layer of defense to alert if the stealthy malware bypass most esp when it is of rootkit or bootkit type. Typically if prior infection vector is deter, those would not come in easily esp if you done diligence patch and real time scanning as well exercise safe surfing and stay vigilance online always.

Just do not overdo it by overloading your machine and causing s/w or signature conflicts, etc. All s/w need to be patch/upgrade timely too and not be expired unknowingly, likewise they can be vulnerable (no 100% bug free) too ... and become the point of penetration...
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 125 total points
ID: 40582410
Three approaches:
A rely on AV scanning: upload your setup to https://www.virustotal.com/ and have over 50 AV engines scan it.

B Use applocker or software restriction policies and whitelist only software that you approve, that way, you are at least sure that no additional malware will be downloaded and executed after executing some untrusted potential Trojan.

C the forensic approach: Create a VM, shutdown the clean VM, mount the drive of that VM in your own system before and after the installation of the untrusted software and compare file system and registry before and after. This can be automated using MSI packager programs like the free wininstall LE by scalable software. It requires a little know how but is the only secure forensic approach. This will let you see what exactly the setup of that unknown software did to your system.

But still, you have a software running that you don't trust, not A, not B or C can ensure that this software does no harm. You would need to monitor the network activity of that software by using an application layer gateway software - windows firewall has such a thing, but it is turned off by default when it comes to outgoing connections for technical reasons (malware may instruct another trusted process  like a browser process to do the downloads for it.)

It all comes down to "don't execute software from untrusted sources". if you have to, use A, B or C or a combination of those to minimize the risk.
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 40582420
Often if you don't read the license agreement and just click on accept, then you could be potentially installing pups without even knowing it. This is how they make the software free, by installing Potentially unwanted programs (pups). PUPs are not always classified as malware, or bad, most are just unwanted or unneeded. Even programs like Java, or flashplayer are bundled with PUPs, such as the ask tool bar. You need to uncheck the box when you are installing Java so the ask tool bar is not installed. I have seen even free antivirus applications bundled up with PUPs, so be careful to what you are agreeing to, and watch the install process so you can uncheck boxes that want to install these pups.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Using Adobe Premiere Pro, the viewer will learn how to set up a sequence with proper settings, importing pictures, rendering, and exporting the finished product.
Viewers will learn how to use the Hootsuite Dashboard.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now