[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 130
  • Last Modified:

Utility Software

How does one know if a utility/maintenance program is authentic; that it does not add malware or worse to one's system?
In particular, what about MalwareBytes, Driver Support, Driver Update, Reg Cure Pro, Reg Zooka and Spy Zooka.
What is a good anti-keylogger program - one that will not compromise my system?
4 Solutions
Thomas Zucker-ScharffSystems AnalystCommented:
MBAM from malwarebytes.org is excellent sw. I'll link to others on Monday. In general though,  anything from securityxploded.com is good. Most apps mentioned here on ee. Abs most stuff from majorgeeks.com.
btanExec ConsultantCommented:
Minimally have
a) Use installed AV scan on those files and use another AV (not the same provider) too. Do tried it out in test machine, rather than your work or personal one. Note for most work environment, it (rightfully) be managed by IT and push down from your trusted source internally. You need admin rights for installation most of time.

b) Monitor any impact to the test machine such as anomalies of system slow down (heavy cpu/memory use/slower network access), other additional like s/w bundle of tool bar like or plug in like in browser, program added in startup folder, additional account created, ... nonetheless, known malicious attempts (within bounds of latest AV signature) should be detected and alerted. I have my past posting on anomalies to be wary off too...

However, we should err on the safe side as always and consider other more means too:

a) Check against blacklist and known threat - using its hash search or binary file or even its url link hosting that. Below are some good ones to check out (there are quite a couple of others too), open for alternate analysis opinion rather than one
(Virustotal - https://www.virustotal.com/)
(Malwr - https://malwr.com/submission/)
(ThreatExpert - http://www.threatexpert.com/filescan.aspx)

b) Check source of software - Do always have it downloaded or gotten from known authorised, reputable sites and sources which you know of. They would have proven it and file or binary will ideally be signed by the source certificate verifying that. Likewise it should not be from some unknown email with attachment, URL etc. Cloud service file drop and social site sharing of file is also quite suspicious too. And definitely not a P2P or torrent site file share please.

It is not a silver bullet to sieve out possible means but far better than compared to leaving to chances. if need to verify again the source for assurance. Even now, for open source (including portable executable type), I tend to be stay conservation with strewn of open source site incident where codes may been tampered and abused.

We can hear out from more in the forum posting..
>>  , Driver Support, Driver Update, Reg Cure Pro, Reg Zooka and Spy Zooka  <<  in general, during install, they offer "additional " software to be installed
decline or skip these, that helps also a bit
also - i always suggest NOT to use the above - unless needed, and you know what to do; they tend to harm much more than help you!
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

btanExec ConsultantCommented:
Also beware of Potentially unwanted programs (PUP, exp those from download.com, or not reputable site, they are not worthy of their claim (there are some which will prompt you to opt out) as they bundle those PUPs with their downloadable content. Surprising those listed can be tagged as PUP (e.g. Optional.PUP, PUP.Spyware, Adware.PUP ...) by AV or anti-malware s/w in machine. I know of MalwareBytes though being reputable can be tagged as PUP. So better to check them if you are on the conservative side (as mentioned in my prev post).

I do see MalwareBytes, Zookaware (Spy Zooka and Reg Zooka aka Speed Zooka),  and ParetoLogic (Reg Cure Pro) from reputable companies but not for Driver Support & Driver Update though.

I will not relay on one defensive s/w like anti-keylogger (e.g. Spyshelter - https://www.spyshelter.com/download-spyshelter/) to replace other existing, and they are all layer of defense to alert if the stealthy malware bypass most esp when it is of rootkit or bootkit type. Typically if prior infection vector is deter, those would not come in easily esp if you done diligence patch and real time scanning as well exercise safe surfing and stay vigilance online always.

Just do not overdo it by overloading your machine and causing s/w or signature conflicts, etc. All s/w need to be patch/upgrade timely too and not be expired unknowingly, likewise they can be vulnerable (no 100% bug free) too ... and become the point of penetration...
Three approaches:
A rely on AV scanning: upload your setup to https://www.virustotal.com/ and have over 50 AV engines scan it.

B Use applocker or software restriction policies and whitelist only software that you approve, that way, you are at least sure that no additional malware will be downloaded and executed after executing some untrusted potential Trojan.

C the forensic approach: Create a VM, shutdown the clean VM, mount the drive of that VM in your own system before and after the installation of the untrusted software and compare file system and registry before and after. This can be automated using MSI packager programs like the free wininstall LE by scalable software. It requires a little know how but is the only secure forensic approach. This will let you see what exactly the setup of that unknown software did to your system.

But still, you have a software running that you don't trust, not A, not B or C can ensure that this software does no harm. You would need to monitor the network activity of that software by using an application layer gateway software - windows firewall has such a thing, but it is turned off by default when it comes to outgoing connections for technical reasons (malware may instruct another trusted process  like a browser process to do the downloads for it.)

It all comes down to "don't execute software from untrusted sources". if you have to, use A, B or C or a combination of those to minimize the risk.
Often if you don't read the license agreement and just click on accept, then you could be potentially installing pups without even knowing it. This is how they make the software free, by installing Potentially unwanted programs (pups). PUPs are not always classified as malware, or bad, most are just unwanted or unneeded. Even programs like Java, or flashplayer are bundled with PUPs, such as the ask tool bar. You need to uncheck the box when you are installing Java so the ask tool bar is not installed. I have seen even free antivirus applications bundled up with PUPs, so be careful to what you are agreeing to, and watch the install process so you can uncheck boxes that want to install these pups.

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now