 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
JVMA
Technical Research Expert
Joined: 13 Jul 2004
Last Visit: 08 Sep 2005
Posts: 49
|
 Posted: Wed Jul 28, 2004 9:33 am Post subject: Some questions about anti-spyware programs detections |
 |
|
The antispyware programs use CLSI detections, and by them search the file asociated in the system?
There are spyware that use the same CLSID as the windows or other program? and a virus?
_________________
Regards
JVMA |
|
| Back to top |
|
 |
Scaramouche
Malware Expert
Joined: 06 Jul 2004
Last Visit: 03 May 2006
Posts: 141
Location: Manila, Philippines
|
| Posted: Fri Jul 30, 2004 12:26 am Post subject: |
|
|
It depends on what you're talking about. I think CLSID identification is really only useful for BHOs, and even then as you point out, there's nothing stopping someone from using the same one as an existing program (many of them simply use 00000000000000).
Traditional installed/ridealong spyware though is usually detected through file name/folder/size/version/infile textstring/other comparison to a database of collected attributes. This is where most spyware is identified, though each anti-spyware company has their own weighting/method of getting useful information from it. Getting just one 'hit' is rarely cause for a 'strong' match, though each program has differing levels of sensitivity. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
