Jump to content

Faziri

Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

1 Neutral

About Faziri

  • Rank
    Newbie
  1. Well yes, it would be nice if it doesn't bog down the performance, but behavior-based blocking is also not what I'm suggesting here. All I'm suggesting is to include the common toolbars and other sneakware as well instead of only real viruses in the existing detection methods. Include their EXEs and DLLs into the database and leave the rest as is, that way toolbars and such will get detected/cleaned up the moment they're installed just the same as any other malware currently detected by Immunet. Edit: although I can imagine registry monitoring isn't in the current features, but I can't see that adding much strain to the performance.
  2. Well yes, but that doesn't mean that security programs can't target and block them (or rather, their post-install files and registry entries) anyway. People do that already, only manually.
  3. I think you read my post upside-down...
  4. Toolbars are included in a lot of program installers. Some are relatively minor, like the easily fixable Ask and Babylon toolbars, but some are quite a lot closer to what could be called a virus, like Mixidj and its Delta toolbar. The latter took me over an hour to clean out of my system: it had spread itself into all of my browsers, the program files, appdata, programdata, Windows\Installer dir, etc and kept repairing itself out of thin air whenever I took out a chunk of it. Before you ask, I'm a power user and I know everything in my system inside-out, so if even I need an hour to fix it, then yes, that toolbar is a really sneaky little thing. Those toolbars are an incredible annoyance and like I said they can often come close to viral behavior. I've gotten rid of my regular antivirus because in the last 8 years it has never had to do anything on my system, nor did any of them ever bother blocking the smaller kind of malware. I installed Immunet again just to have at least a basic protection anyway (without the fancy firewall, sandbox, bla bla), but it doesn't seem to detect even the common Ask toolbar (I downloaded a few toolbars and tested it). I can imagine the reason for not wanting to block toolbars: they're included in a lot of installers, so detecting them there would mean half of your legitimate downloads get flagged. That's why I'd like to suggest passively blocking them. When they're detected in a setup, simply alert the user to the fact that there's a toolbar in the installer. Then try to pick out the toolbar's files separately from the legitimate program/installer while it's running. They often come with their own DLLs, EXEs and other specific files (usually in fixed locations too) that can easily be picked out just like any other malicious file can. They also often perform certain typical actions (like specific registry writes) that can be picked up as well. Would this be possible? If not, I don't see any reason to keep even Immunet installed. But if Immunet could take over the annoying job of having to take care of this smaller kind of malware, it'd be a pretty unique feature for Immunet to brag with and give it a trump card over all other programs. PS: by toolbar I of course mean both toolbars as well as any other type of small, friendly-acting crapware like half of what Cnet.com has to offer (their download-hijacking techtracker and toolbar-installing downloader). ----- As a far-fetched alternative, it would be neat if Immunet could somehow cooperate with Inno Setup: a free, customizable and scriptable installer that may be used by anyone. If the two companies can help each other spread, developers may automatically stop using installers that force toolbars and such onto the user and instead use Inno, retroactively decreasing the frequency of finding crapware installers. Any other initiative similar to this would also help the cause, of course. After all, all good software starts out small and later becomes a standard if it is spread by people with a respected voice. Just look at stories like OpenGL vs DirectX and such, or any other of the classic "white knight"-wares of today. ----- The meat of the idea is just that it would be great if Immunet (and other protection programs) could finally start dealing with smaller malware as well instead of only handling the big shots, regardless of how it's implemented. MBAM does a slightly better job but it's not good enough. PS: I just remembered the right word for them: MBAM calls them PUP or Potentially Unwanted Programs
×
×
  • Create New...