SpannerITWks
Premium
join:2005-04-22
| Spycar suite of free Exploit Tests
Just released is Spycar courtesy of »www.intelguardians.com/ in conjunction with »www.counterhack.net/Counter%20Ha···ome.html
From the www -
__________________
What is Spycar?
Spycar is a suite of tools designed to mimic spyware-like behavior, but in a benign form. Intelguardians created Spycar so anyone could test the behavior-based defenses of an anti-spyware tool.
-
What’s New with Spycar?
Spycar was initially released on May 4, 2006. We’ll be adding new modules to it for additional tests over the next several weeks. At its inception, Spycar performs 17 different tests associated with Autostart Programs, IE Config Changes, and Network Settings changes.
-
RESULTS AND CLEAN-UP
Click here to run TowTruck 1.0 to see how well your anti-spyware tool defended you, and to clean up all Spycar alterations.
Come Back Often
New Spycar modules testing other anti-spyware functionality will be released on a periodic basis. Please come back and look for new anti-spyware tests. Also, keep in mind, when new modules are released, you’ll have to use the latest TowTruck program to clean up the changes. The latest new modules will be listed above in a yellow font to distinguish them from the earlier set (because this is the original Spycar release, no New modules appear above in yellow yet).
»www.spycar.org/Welcome%20to%20Spycar.html
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
sonify7
| Thanks for the heads up Spanner. I tried the tests and failed all the IE tests, but passed everything else. I let all tests run past PG of course, so they could have been blocked by that to begin with, but that's just not as fun now is it? 
MSAS, WinPatrol, Prevx, Tea Timer and Pest Patrol seemed to fail all the IE tests. But they seemed to pass most of the other tests. |
|
sonify7
| reply to SpannerITWks
Oops, I made a mistake I did pass the IE-SetHomePage and IE-SetSearchPage tests, my bad. But failed all the other IE tests. |
|
RobertLudlum
join:2005-01-20
656456 | reply to SpannerITWks
Passed 100%. These tests are too simple. |
|
Just Bob
Premium
join:2000-08-13
Spring Hill, FL | reply to SpannerITWks
You are not authorized to view this page
HTTP Error 403 - Forbidden
My guess is that without javascript enabled none of their test can execute. |
|
sonify7
| reply to SpannerITWks
Ok anyone care to tell how they beat the IE tests? Instead of just gloating about.
Maybe I'm more of a newb when it comes to protecting IE, but I never use it for the most part anyway.
It would still be nice to know how to protect IE though. Thanks if anyone can recommend how to pass the IE tests. |
|
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
 ·Comcast
| said by sonify7 :
MSAS, WinPatrol, Prevx, Tea Timer and Pest Patrol seemed to fail all the IE tests....I made a mistake I did pass the IE-SetHomePage and IE-SetSearchPage tests....It would still be nice to know how to protect IE though The TeatTimer feature does monitor those 2 keys among a few others and is what alerted you ?
Those 2 keys in particular IMHO are more important to the malware writers than the 8 IE Policies\Microsoft\Internet explorer\Control panel tests that you failed. They are out for the fast buck and the quickest way would be thru keys such as that versus the disabling of the tabs in IE's Interent Options which you failed. You want find many of the anti-malware programs covering the IE policy keys. For that you would need to consider a Registry mointoring type program....whether it be the polling type or kernel based products like Regdefend. |
|
controler
join:2003-11-02 | reply to SpannerITWks
Bubba
I did not know you posted here. Good to see you old friend.
controler |
|
RobertLudlum
join:2005-01-20
656456
| reply to Bubba
You could also use software restriction policies on XP pro to block registry keys and file changes.
»www.microsoft.com/technet/prodte···lcy.mspx |
|
FoundYouOnAHarley
@verio.net | reply to SpannerITWks
I passed all 8 tests as well.  |
|
sonify7
| reply to Bubba
Thanks Bubba. |
|
SpannerITWks
Premium
join:2005-04-22
| reply to SpannerITWks
Ed Skoudir Senior Security Analyst @ Intelguardians who is directly involved with these tests + the Spycar www, has posted in here - »www.wilderssecurity.com/showthre···st745362
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
sheiny
join:2005-03-13
Turlock, CA
| reply to SpannerITWks
Even the limited tests revealed something interesting to me. The fact that Windows Defender's default action when it sees an unknown program make changes is to allow the changes. The best I can get from WD is a (brief) warning dialog. Something to note. |
|
SpannerITWks
Premium
join:2005-04-22
| reply to SpannerITWks
Some very interesting + enlightening background info on one particular individual connected with the Spycar project !!!
»radsoft.net/resources/rants/2006···00.shtml
Also earlier on today i tried to reach the Tests page on Spycar - Click ( here ) to agree - »www.spycar.org/Spycar%20EULA.html - but got errors very similar to the WMF exploits i tested a few months ago -
I can't reach the Spycar tests page anyway, bit of a coincidence, or what ?
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
