Spycar suite of free Exploit Tests in Security

Spycar suite of free Exploit Tests in Security http://www.dslreports.com/forum/r16035835 en Thu, 03 Dec 2009 08:16:59 EDT Thu, 03 Dec 2009 08:16:59 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16127378 SpannerITWks : Some very interesting + enlightening background info on one particular individual connected with the Spycar project !!!

»radsoft.net/resources/rants/2006···00.shtml

Also earlier on today i tried to reach the Tests page on Spycar - Click ( here ) to agree - »www.spycar.org/Spycar%20EULA.html - but got errors very similar to the WMF exploits i tested a few months ago -

I can't reach the Spycar tests page anyway, bit of a coincidence, or what ?

Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks]]> http://www.dslreports.com/forum/remark,16127378 Fri, 19 May 2006 00:06:21 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16064714 sheiny : Even the limited tests revealed something interesting to me. The fact that Windows Defender's default action when it sees an unknown program make changes is to allow the changes. The best I can get from WD is a (brief) warning dialog. Something to note.]]> http://www.dslreports.com/forum/remark,16064714 Tue, 09 May 2006 20:54:11 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16063348 SpannerITWks : Ed Skoudir Senior Security Analyst @ Intelguardians who is directly involved with these tests + the Spycar www, has posted in here - »www.wilderssecurity.com/showthre···st745362

Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks]]> http://www.dslreports.com/forum/remark,16063348 Tue, 09 May 2006 17:15:28 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16059975 anon : Thanks Bubba. :)]]> http://www.dslreports.com/forum/remark,16059975 Tue, 09 May 2006 09:09:23 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16052965 anon : I passed all 8 tests as well. :)]]> http://www.dslreports.com/forum/remark,16052965 Mon, 08 May 2006 10:03:54 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16051958 RobertLudlum : You could also use software restriction policies on XP pro to block registry keys and file changes.

»www.microsoft.com/technet/prodte···lcy.mspx ]]> http://www.dslreports.com/forum/remark,16051958 Mon, 08 May 2006 01:44:35 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16049561 controler : Bubba

I did not know you posted here. Good to see you old friend.

controler]]> http://www.dslreports.com/forum/remark,16049561 Sun, 07 May 2006 17:31:56 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16047544 Bubba :

said by sonify7 :

MSAS, WinPatrol, Prevx, Tea Timer and Pest Patrol seemed to fail all the IE tests....I made a mistake I did pass the IE-SetHomePage and IE-SetSearchPage tests....It would still be nice to know how to protect IE though

The TeatTimer feature does monitor those 2 keys among a few others and is what alerted you ?

Those 2 keys in particular IMHO are more important to the malware writers than the 8 IE Policies\Microsoft\Internet explorer\Control panel tests that you failed. They are out for the fast buck and the quickest way would be thru keys such as that versus the disabling of the tabs in IE's Interent Options which you failed. You want find many of the anti-malware programs covering the IE policy keys. For that you would need to consider a Registry mointoring type program....whether it be the polling type or kernel based products like Regdefend.]]> http://www.dslreports.com/forum/remark,16047544 Sun, 07 May 2006 10:30:30 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16045943 anon : Ok anyone care to tell how they beat the IE tests? Instead of just gloating about.

Maybe I'm more of a newb when it comes to protecting IE, but I never use it for the most part anyway.

It would still be nice to know how to protect IE though. Thanks if anyone can recommend how to pass the IE tests. ]]> http://www.dslreports.com/forum/remark,16045943 Sat, 06 May 2006 23:17:53 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16043461 Just Bob : You are not authorized to view this page

HTTP Error 403 - Forbidden

My guess is that without javascript enabled none of their test can execute.]]> http://www.dslreports.com/forum/remark,16043461 Sat, 06 May 2006 14:58:49 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16043403 RobertLudlum : Passed 100%. These tests are too simple.]]> http://www.dslreports.com/forum/remark,16043403 Sat, 06 May 2006 14:45:45 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16041459 anon : Oops, I made a mistake I did pass the IE-SetHomePage and IE-SetSearchPage tests, my bad. But failed all the other IE tests. ]]> http://www.dslreports.com/forum/remark,16041459 Sat, 06 May 2006 02:35:41 EDT Re: Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16041454 anon : Thanks for the heads up Spanner. I tried the tests and failed all the IE tests, but passed everything else. I let all tests run past PG of course, so they could have been blocked by that to begin with, but that's just not as fun now is it? ;)

MSAS, WinPatrol, Prevx, Tea Timer and Pest Patrol seemed to fail all the IE tests. But they seemed to pass most of the other tests.]]> http://www.dslreports.com/forum/remark,16041454 Sat, 06 May 2006 02:31:00 EDT Spycar suite of free Exploit Tests http://www.dslreports.com/forum/remark,16035835 SpannerITWks : Just released is Spycar courtesy of »www.intelguardians.com/ in conjunction with »www.counterhack.net/Counter%20Ha···ome.html

From the www -

__________________

What is Spycar?

Spycar is a suite of tools designed to mimic spyware-like behavior, but in a benign form. Intelguardians created Spycar so anyone could test the behavior-based defenses of an anti-spyware tool.

-

What’s New with Spycar?

Spycar was initially released on May 4, 2006. We’ll be adding new modules to it for additional tests over the next several weeks. At its inception, Spycar performs 17 different tests associated with Autostart Programs, IE Config Changes, and Network Settings changes.

-

RESULTS AND CLEAN-UP

Click here to run TowTruck 1.0 to see how well your anti-spyware tool defended you, and to clean up all Spycar alterations.

Come Back Often

New Spycar modules testing other anti-spyware functionality will be released on a periodic basis. Please come back and look for new anti-spyware tests. Also, keep in mind, when new modules are released, you’ll have to use the latest TowTruck program to clean up the changes. The latest new modules will be listed above in a yellow font to distinguish them from the earlier set (because this is the original Spycar release, no New modules appear above in yellow yet).

»www.spycar.org/Welcome%20to%20Spycar.html

Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks]]> http://www.dslreports.com/forum/remark,16035835 Fri, 05 May 2006 09:55:32 EDT