Adware/spyware questions (ZDoom related, don't worry)

Discuss anything ZDoom-related that doesn't fall into one of the other categories.

Adware/spyware questions (ZDoom related, don't worry)

Postby The Ultimate DooMer » Thu Oct 30, 2003 7:37 pm

I recently noticed an improvement in ZDoom on my screwed-up system from 47i to 48, namely 48 (and sequels) crashes nowhere near as much as 47i did (which is why I'm thinking of upgrading SSD to it). Either there's been an improvement in the code between those versions, or it's to do with me installing AdAware and Spybot S&D.

Which brings me to a question: how do these spyware programs work, how do they screw up the system and when do they operate? I did remove a few things when I scanned them for the first time (low/medium risk stuff, nothing major) and was wondering if that could be a reason? The only things left are a few tracking cookies that keep coming back every time I connect to the web. (and I need cookies on for the auto forum logins)

I just checked my cookies folder and besides the favourites, forum login stuff etc. there's quite a few with what look like ad-type addresses on, which aren't being picked up by either program - problem perhaps?

I also noticed that every so often ZDoom freezes for a split second (as if the HD was doing something outside it) and continues as normal afterwards. My theory is that sometimes that leads to a crash in 47i+ and not in 47-. Maybe that's the spyware stuff doing something? (I don't know, I'm just hypothesising)

Finally, is there anything else I should get besides AdAware and Spybot S&D?

Anyway, post thoughts/comments here.
User avatar
The Ultimate DooMer
Will you start the fans please!
 
Joined: 15 Jul 2003
Location: Industrial Zone

Postby Ultraviolet » Thu Oct 30, 2003 7:47 pm

There's a program called "supertrick" that comes with a HOSTS file editor and a batch to append their list of malicious domains to your Windows HOSTS file. It'll keep your browser from ever finding those malicious domains by pointing them to your loopback address instead of letting them search where they normally would. This often keeps adware that slips through from ever getting those usage statistics back to their source.
User avatar
Ultraviolet
AKA "Faint"
 
Joined: 15 Jul 2003
Location: PROJECT DETAILS CLASSIFIED.

Re: Adware/spyware questions (ZDoom related, don't worry)

Postby Kappes Buur » Thu Oct 30, 2003 9:21 pm

.
removed
.
Last edited by Kappes Buur on Fri Oct 31, 2003 5:42 pm, edited 1 time in total.
User avatar
Kappes Buur
 
 
 
Joined: 17 Jul 2003
Location: British Columbia, Canada

Re: Adware/spyware questions (ZDoom related, don't worry)

Postby HotWax » Thu Oct 30, 2003 11:18 pm

The Ultimate DooMer wrote:Which brings me to a question: how do these spyware programs work, how do they screw up the system and when do they operate?


SpyWare programs are so much like viruses, it's frightening. They are installed with or without your permission through seemingly innocent acts--a popup from some website, or saddled along with some free software you downloaded--and once installed, take great care to hide from the user, lest they be discovered and removed. Every spyware ap works differently, but most set themselves to be run every time Windows starts. Once you enter Windows, the spyware is quietly hiding in the recesses of your machine, monitoring the sites you visit, the programs you run, and in extreme cases, the things you enter into online forms. Periodically, the information gathered is then typically sent back to some server which collects the information, compiles it along with all the other info it's gathered from other people, and then sells the information to advertising companies and the like.

One thing that's important to understand is that spyware is NOT designed to screw up your system. The best spyware would hide so well that you would have no idea that it was there at all or that anything was amiss with your system. The problem is the moralless bastards who write this stuff are often not the world's best programmers, and even under the best circumstances, the kind of measures the programs take to monitor what you do without being detected aren't appreciated by Windows, and something gets messed up. Spyware apps have been known to cause a loss of Internet functionality, extended load times for no apparent reason, and even corrupted data... the only difference between these harmful effects and a virus is that the virus does it on purpose...

The good news is that most spyware is easy enough to detect and remove using the proper tools, and *usually* will do no harm to the system even while it's running. Just make sure to run AdAware at least once a month to keep the system clean, and you should be fine. Installing ZoneAlarm is also an excellent idea. Unlike the stock WinXP firewall, it not only monitors incoming connections you might not want to recieve, but it keeps on eye on your own computer, and only lets programs you approve of contact the Internet. If you suddenly get alerts from ZA that some anonymous program is trying to "phone home", it's a good bet you've got some form of spyware (or something worse) lurking inside your computer.
User avatar
HotWax
Do what you must, and pay the price later.
 
Joined: 18 Jul 2003
Location: Idaho Falls, ID

Postby Goukuma » Fri Oct 31, 2003 12:24 am

Someone particularly sadistic should make a Commercial Doom TC, where you are attacked by hordes of vile pop-up ads (my guess at this topic's content before clicking it).
User avatar
Goukuma
Messatsu Oni Kyouaku Resshuu!
 
Joined: 12 Sep 2003

Postby Ultraviolet » Fri Oct 31, 2003 12:28 am

I should add, even though you already mentioned AdAware and Spybot both already, that neither catches everything that the other could catch. I'd say always run Spybot first because of the way it handles spyware modules embedded into programs -- if it finds a module that matches the pattern of some known spyware, it can replace that spyware with a dummy module rather than simply deleting it. This is good, because it provides a black-box/dummy that the parent program can pass stuff through without error, even though it won't be getting anything relevant back. AdAware, on the other hand, simply deletes (or quarrantines, but both will do that if you tell them to). So, if you want some potentially important (to the function of your program -- iMesh, for example: Spybot replaces the advertisement strip at the bottom with a blank transparent box and disables the pop-up code from iMesh as well) modules saved from deletion, use Spybot first. Substituting these dummy modules may, however, be against the terms-of-service for your software in many different ways. First, you've got reverse engineering, second, you've got disabling the stuff that "sends back anonymous usasge statistics," and there are probably more ways. I say that if they'd give me that shit, then they deserve to go fuck themselves while I take the free benefit of their software anyway.

Modifying your HOSTS file in Windows is very important as well. If you block the source domains for a lot of the spyware, you can prevent yourself from getting a lot of it. I believe the "immunize" function in Spybot modifies the HOSTS file a bit as well, so be sure to do that.
User avatar
Ultraviolet
AKA "Faint"
 
Joined: 15 Jul 2003
Location: PROJECT DETAILS CLASSIFIED.

Postby HotWax » Fri Oct 31, 2003 2:50 am

As far as cookies are concerned, there's little you can do about them, but they're probably the least harmful version of spyware around. They can't look at secure pages, they can't peek at forms, they can't do anything but collect browsing information and then only from webpages that are friendly to that cookie.

Changing the hosts file is a good idea though, mostly for the reason that by disabling common ad-hosting sites, you speed up webpage loading as the images associated with banner ads don't have to be loaded. Instead, the hosts file tells your browser to try to find the ad on your own computer. It fails immediately (it takes no time to contact yourself :)) and the page keeps loading, instead of having to wait for a potentially large animated image from a potentially slow crappy server.
User avatar
HotWax
Do what you must, and pay the price later.
 
Joined: 18 Jul 2003
Location: Idaho Falls, ID

Postby The Ultimate DooMer » Fri Oct 31, 2003 5:29 am

So how would I go about modifying the hosts file?
User avatar
The Ultimate DooMer
Will you start the fans please!
 
Joined: 15 Jul 2003
Location: Industrial Zone

Postby Ultraviolet » Fri Oct 31, 2003 11:11 am

Open C:\WINDOWS\HOSTS. (no extension)
Type a domain that you want to block followed by 127.0.0.1 (the loopback address -- instructs TCP/IP to not even really bother using the NIC, basically).

You might want to search for a list you can copy into that file rather than going on a hunt for all the ones you can find and putting them in there manually. :P
User avatar
Ultraviolet
AKA "Faint"
 
Joined: 15 Jul 2003
Location: PROJECT DETAILS CLASSIFIED.


Return to General

Who is online

Users browsing this forum: No registered users and 4 guests