I have a reason to believe my work computer has been compromised, i.e.
stealth software installed. Does anyone know of a good mechanisim to detect
hidden spy programs outside of adaware and spybot. Any suggestions would be
greatly appreciated. Thanks.
> Greetings,
>
> I have a reason to believe my work computer has been compromised, i.e.
> stealth software installed. Does anyone know of a good mechanisim to detect
> hidden spy programs outside of adaware and spybot. Any suggestions would be
> greatly appreciated. Thanks.
"/Tx2" <noreplies.usenet@googlemail.com> wrote in message
news:MPG.20f4c00481e8d9b0989726@News.Individual.NE T...
> On Tue, 3 Jul 2007 15:58:38 -0400 Lumpjaw
> from the village of onemail@email.com
> felt we might be interested in the following...
>
>
>> Greetings,
>>
>> I have a reason to believe my work computer has been compromised, i.e.
>> stealth software installed. Does anyone know of a good mechanisim to
>> detect
>> hidden spy programs outside of adaware and spybot. Any suggestions would
>> be
>> greatly appreciated. Thanks.
>
> Hello, sorry to trouble you, but this is your personnel department -
> please report to the office at 08:30 prompt so we can discuss this issue
> with you.
>
>
> --
> My reply address is valid, but incoming mail is set to 'auto-delete'
> so will not be seen. Please post replies to the group.
> XPS M1710 / 2.16 GHz dual core / 2Gb DDR2 / nVidia GeForce 7950GTX
> I have a reason to believe my work computer has been compromised, i.e.
> stealth software installed.
Well, then flatten and rebuild it. Hey, you're abusing Outlook Express as a
newsreader, what else do you need to see that your system is an open
invitation to crap?
> Does anyone know of a good mechanisim to detect hidden spy programs outside
> of adaware and spybot.
Yes: about any, since these programs are useless.
Serious ones include verifying the integrity of all files, which is
something typically carried out by sha1sum, sort, uniq and xargs.
I was just asking a question, I am woking with windows, that is what I have,
period, I was not asking for an invitation to throw mud. The wolrd already
knows what guys like you think, better to take your 'know how?' and use it a
little more constructively. If you have nothing to say, ZIP IT!... just my
humble opinion. MAN YOU ARE ANNOYING!
-Lumpjaw
"Sebastian G." <seppi@seppig.de> wrote in message
news:5evq7lF3aon1uU1@mid.dfncis.de...
> Lumpjaw wrote:
>
>
>> I have a reason to believe my work computer has been compromised, i.e.
>> stealth software installed.
>
>
> Well, then flatten and rebuild it. Hey, you're abusing Outlook Express as
> a
> newsreader, what else do you need to see that your system is an open
> invitation to crap?
>
>> Does anyone know of a good mechanisim to detect hidden spy programs
>> outside
>
>> of adaware and spybot.
>
> Yes: about any, since these programs are useless.
>
> Serious ones include verifying the integrity of all files, which is
> something typically carried out by sha1sum, sort, uniq and xargs.
>
>
> BTW, what about a fup2?
> I was just asking a question, I am woking with windows, that is what I have,
> period,
You're talking nonsense. Just because Windows delivers Outlook Express
doesn't mean that you're supposed to abuse it for an operation that it might
work for but isn't supposed to work for. There's no problem with downloading
an actual newsreader like any non-stupid person would do.
> If you have nothing to say, ZIP IT!
Strange enough that I already said something very fruitful: COMPARE YOUR
SYSTEM BINARIES AGAINST THE CHECKSUM OF TRUSTED BACKUP! That's what every
serious person does. It's a trivial task involving trivial tools like
sha1sum, sort+uniq and xargs, or any specific tool that does the job.
And I disrgarded your utterly useless tools. How should AdAware or Spybot
find such a compromise? They're relying on the results of the compromised
system, and they're utterly broken, and their output is obviously nonsensical.
> MAN YOU ARE ANNOYING!
said the stupid guy who attached a quoting of the entire replied posting at
the end of his own posting, together with an attribution line actually
containing two lines full of useless information that is already available
in the header of his posting. You can hardly get any more annoying!
"Sebastian G." <seppi@seppig.de> wrote in message
news:5evs09F3an29nU1@mid.dfncis.de...
> Lumpjaw wrote:
>
>
>> I was just asking a question, I am woking with windows, that is what I
>> have,
>> period,
>
>
> You're talking nonsense. Just because Windows delivers Outlook Express
> doesn't mean that you're supposed to abuse it for an operation that it
> might
> work for but isn't supposed to work for. There's no problem with
> downloading
> an actual newsreader like any non-stupid person would do.
>
>> If you have nothing to say, ZIP IT!
>
> Strange enough that I already said something very fruitful: COMPARE YOUR
> SYSTEM BINARIES AGAINST THE CHECKSUM OF TRUSTED BACKUP! That's what every
> serious person does. It's a trivial task involving trivial tools like
> sha1sum, sort+uniq and xargs, or any specific tool that does the job.
>
> And I disrgarded your utterly useless tools. How should AdAware or Spybot
> find such a compromise? They're relying on the results of the compromised
> system, and they're utterly broken, and their output is obviously
> nonsensical.
>
>> MAN YOU ARE ANNOYING!
>
> said the stupid guy who attached a quoting of the entire replied posting
> at
> the end of his own posting, together with an attribution line actually
> containing two lines full of useless information that is already available
> in the header of his posting. You can hardly get any more annoying!
> Hey S.
>
> I was just asking a question, I am woking with windows, that is what I have,
> period, I was not asking for an invitation to throw mud. The wolrd already
> knows what guys like you think, better to take your 'know how?' and use it a
> little more constructively. If you have nothing to say, ZIP IT!... just my
> humble opinion. MAN YOU ARE ANNOYING!
Yeah, he's not a very happy boy, best I can tell.
He's right about one thing though--if you have any question at all
about the integrity of your machine, flatten and rebuild from original
media is the only way to go.
And the only way you can be relatively sure you're okay is to have
something like tripwire being installed soon after your original
(trusted) build, doing file signature, so you know what's changed--and
which is what is more challenging--no what's supposed to change and
what's not.
> And the only way you can be relatively sure you're okay is to have
> something like tripwire being installed soon after your original
> (trusted) build, doing file signature, so you know what's changed--and
> which is what is more challenging--no what's supposed to change and
> what's not.
I just wondered how Tripwire has changed. In earlier times, it hooked
various FSCTL and IOCTL handlers to trigger rescans only if it noticed any
file changes with the change itself already tripping an alert. Same for
Windows with receiving file change notifications. Now it runs a full compare
on a regular schedule, which is a highly imperformant and delayed way of
doing this job. What has happened? Too many dudes running with root
privileges, thus rendering this check potentially insecure?
"Sebastian G." <seppi@seppig.de> wrote in
news:5evq7lF3aon1uU1@mid.dfncis.de:
> Lumpjaw wrote:
>
>
>> I have a reason to believe my work computer has been compromised,
>> i.e. stealth software installed.
>
>
> Well, then flatten and rebuild it. Hey, you're abusing Outlook Express
> as a newsreader, what else do you need to see that your system is an
> open invitation to crap?
>
>> Does anyone know of a good mechanisim to detect hidden spy programs
>> outside
>
>> of adaware and spybot.
>
> Yes: about any, since these programs are useless.
>
> Serious ones include verifying the integrity of all files, which is
> something typically carried out by sha1sum, sort, uniq and xargs.
>
>
> BTW, what about a fup2?
| Greetings,
|
| I have a reason to believe my work computer has been compromised, i.e.
| stealth software installed. Does anyone know of a good mechanisim to detect
| hidden spy programs outside of adaware and spybot. Any suggestions would be
| greatly appreciated. Thanks.
|
| -lumpjaw
|
Please exlain WHY you came to this conclusion as it it may just be a faux conclusion.
"Lil' Abner" <blvstk@dogpatch.com> wrote in message
news:Xns9963D3323A33Bbutter@wefb973cbe498...
> "Sebastian G." <seppi@seppig.de> wrote in
> news:5evq7lF3aon1uU1@mid.dfncis.de:
>
> > Lumpjaw wrote:
> >
> >
> >> I have a reason to believe my work computer has been compromised,
> >> i.e. stealth software installed.
> >
> >
> > Well, then flatten and rebuild it. Hey, you're abusing Outlook Express
> > as a newsreader, what else do you need to see that your system is an
> > open invitation to crap?
> >
> >> Does anyone know of a good mechanisim to detect hidden spy programs
> >> outside
> >
> >> of adaware and spybot.
Yes
I have a device that makes it impossible to power up without a dongle or
coded remote
It's fully patented but no one is interested.
I'll sell you one for $50
Tom
Need Security Help 
Linear Mode
