Adware/spyware questions (ZDoom related, don't worry)

Discuss anything ZDoom-related that doesn't fall into one of the other categories.
User avatar
The Ultimate DooMer
Posts: 2109
Joined: Tue Jul 15, 2003 5:29 pm
Location: Industrial Zone

Adware/spyware questions (ZDoom related, don't worry)

Post by The Ultimate DooMer »

I recently noticed an improvement in ZDoom on my screwed-up system from 47i to 48, namely 48 (and sequels) crashes nowhere near as much as 47i did (which is why I'm thinking of upgrading SSD to it). Either there's been an improvement in the code between those versions, or it's to do with me installing AdAware and Spybot S&D.

Which brings me to a question: how do these spyware programs work, how do they screw up the system and when do they operate? I did remove a few things when I scanned them for the first time (low/medium risk stuff, nothing major) and was wondering if that could be a reason? The only things left are a few tracking cookies that keep coming back every time I connect to the web. (and I need cookies on for the auto forum logins)

I just checked my cookies folder and besides the favourites, forum login stuff etc. there's quite a few with what look like ad-type addresses on, which aren't being picked up by either program - problem perhaps?

I also noticed that every so often ZDoom freezes for a split second (as if the HD was doing something outside it) and continues as normal afterwards. My theory is that sometimes that leads to a crash in 47i+ and not in 47-. Maybe that's the spyware stuff doing something? (I don't know, I'm just hypothesising)

Finally, is there anything else I should get besides AdAware and Spybot S&D?

Anyway, post thoughts/comments here.
User avatar
Ultraviolet
Posts: 1152
Joined: Tue Jul 15, 2003 9:08 pm
Location: PROJECT DETAILS CLASSIFIED.

Post by Ultraviolet »

There's a program called "supertrick" that comes with a HOSTS file editor and a batch to append their list of malicious domains to your Windows HOSTS file. It'll keep your browser from ever finding those malicious domains by pointing them to your loopback address instead of letting them search where they normally would. This often keeps adware that slips through from ever getting those usage statistics back to their source.
User avatar
Kappes Buur
 
 
Posts: 4012
Joined: Thu Jul 17, 2003 12:19 am
Location: British Columbia, Canada

Re: Adware/spyware questions (ZDoom related, don't worry)

Post by Kappes Buur »

.
removed
.
Last edited by Kappes Buur on Fri Oct 31, 2003 5:42 pm, edited 1 time in total.
User avatar
HotWax
Posts: 10002
Joined: Fri Jul 18, 2003 6:18 pm
Location: Idaho Falls, ID

Re: Adware/spyware questions (ZDoom related, don't worry)

Post by HotWax »

The Ultimate DooMer wrote:Which brings me to a question: how do these spyware programs work, how do they screw up the system and when do they operate?
SpyWare programs are so much like viruses, it's frightening. They are installed with or without your permission through seemingly innocent acts--a popup from some website, or saddled along with some free software you downloaded--and once installed, take great care to hide from the user, lest they be discovered and removed. Every spyware ap works differently, but most set themselves to be run every time Windows starts. Once you enter Windows, the spyware is quietly hiding in the recesses of your machine, monitoring the sites you visit, the programs you run, and in extreme cases, the things you enter into online forms. Periodically, the information gathered is then typically sent back to some server which collects the information, compiles it along with all the other info it's gathered from other people, and then sells the information to advertising companies and the like.

One thing that's important to understand is that spyware is NOT designed to screw up your system. The best spyware would hide so well that you would have no idea that it was there at all or that anything was amiss with your system. The problem is the moralless bastards who write this stuff are often not the world's best programmers, and even under the best circumstances, the kind of measures the programs take to monitor what you do without being detected aren't appreciated by Windows, and something gets messed up. Spyware apps have been known to cause a loss of Internet functionality, extended load times for no apparent reason, and even corrupted data... the only difference between these harmful effects and a virus is that the virus does it on purpose...

The good news is that most spyware is easy enough to detect and remove using the proper tools, and *usually* will do no harm to the system even while it's running. Just make sure to run AdAware at least once a month to keep the system clean, and you should be fine. Installing ZoneAlarm is also an excellent idea. Unlike the stock WinXP firewall, it not only monitors incoming connections you might not want to recieve, but it keeps on eye on your own computer, and only lets programs you approve of contact the Internet. If you suddenly get alerts from ZA that some anonymous program is trying to "phone home", it's a good bet you've got some form of spyware (or something worse) lurking inside your computer.
User avatar
Goukuma
Posts: 62
Joined: Fri Sep 12, 2003 12:32 pm

Post by Goukuma »

Someone particularly sadistic should make a Commercial Doom TC, where you are attacked by hordes of vile pop-up ads (my guess at this topic's content before clicking it).
User avatar
Ultraviolet
Posts: 1152
Joined: Tue Jul 15, 2003 9:08 pm
Location: PROJECT DETAILS CLASSIFIED.

Post by Ultraviolet »

I should add, even though you already mentioned AdAware and Spybot both already, that neither catches everything that the other could catch. I'd say always run Spybot first because of the way it handles spyware modules embedded into programs -- if it finds a module that matches the pattern of some known spyware, it can replace that spyware with a dummy module rather than simply deleting it. This is good, because it provides a black-box/dummy that the parent program can pass stuff through without error, even though it won't be getting anything relevant back. AdAware, on the other hand, simply deletes (or quarrantines, but both will do that if you tell them to). So, if you want some potentially important (to the function of your program -- iMesh, for example: Spybot replaces the advertisement strip at the bottom with a blank transparent box and disables the pop-up code from iMesh as well) modules saved from deletion, use Spybot first. Substituting these dummy modules may, however, be against the terms-of-service for your software in many different ways. First, you've got reverse engineering, second, you've got disabling the stuff that "sends back anonymous usasge statistics," and there are probably more ways. I say that if they'd give me that shit, then they deserve to go fuck themselves while I take the free benefit of their software anyway.

Modifying your HOSTS file in Windows is very important as well. If you block the source domains for a lot of the spyware, you can prevent yourself from getting a lot of it. I believe the "immunize" function in Spybot modifies the HOSTS file a bit as well, so be sure to do that.
User avatar
HotWax
Posts: 10002
Joined: Fri Jul 18, 2003 6:18 pm
Location: Idaho Falls, ID

Post by HotWax »

As far as cookies are concerned, there's little you can do about them, but they're probably the least harmful version of spyware around. They can't look at secure pages, they can't peek at forms, they can't do anything but collect browsing information and then only from webpages that are friendly to that cookie.

Changing the hosts file is a good idea though, mostly for the reason that by disabling common ad-hosting sites, you speed up webpage loading as the images associated with banner ads don't have to be loaded. Instead, the hosts file tells your browser to try to find the ad on your own computer. It fails immediately (it takes no time to contact yourself :)) and the page keeps loading, instead of having to wait for a potentially large animated image from a potentially slow crappy server.
User avatar
The Ultimate DooMer
Posts: 2109
Joined: Tue Jul 15, 2003 5:29 pm
Location: Industrial Zone

Post by The Ultimate DooMer »

So how would I go about modifying the hosts file?
User avatar
Ultraviolet
Posts: 1152
Joined: Tue Jul 15, 2003 9:08 pm
Location: PROJECT DETAILS CLASSIFIED.

Post by Ultraviolet »

Open C:\WINDOWS\HOSTS. (no extension)
Type a domain that you want to block followed by 127.0.0.1 (the loopback address -- instructs TCP/IP to not even really bother using the NIC, basically).

You might want to search for a list you can copy into that file rather than going on a hunt for all the ones you can find and putting them in there manually. :P

Return to “General”