Gatekeeper: Monitoring auto-start extensibility points (ASEPs) for spyware management

LISA 2004 - 18th Large Installation System Administration Conference

Volumn , Issue , 2004, Pages 33-46

  Wang, Yi Min ^a   Roussev, Roussi ^a   Verbowski, Chad ^a   Johnson, Aaron ^a   Wu, Ming Wei ^b   Huang, Yennun ^b   Kuo, Sy Yen ^b  

^a MICROSOFT RESEARCH   (United States)

^b NATIONAL TAIWAN UNIVERSITY   (Taiwan)

Author keywords

[No Author keywords available]

Indexed keywords

PRIVACY BY DESIGN; SYSTEM STABILITY;

ANTI VIRUS; AUTO-START EXTENSIBILITY POINT; PRIVACY CONCERNS; REAL-WORLD; SIGNATURE-BASED APPROACH; SPYWARE PROGRAMS;

COMPUTER VIRUSES;

EID: 79960164190     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (39)

1. Ad-Aware, http://www.lavasoft.de/ms/index.htm.
2. Ad-Aware Plus, http://www.lavasoftusa.com/ software/adawareplus/.
3. Autoruns, http://www.sysinternals.com/ntw2k/ freeware/autoruns.shtml.
4. Blocking Unwanted Parasites with a Hosts File, http://www.mvps.org/winhelp2002/hosts.htm.
5. Bugzilla Bug 249004, http://bugzilla.mozilla.org/ show_bug.cgi?id=249004.
6. Spyware Cures May Cause More Harm Than Good, http://news.com.com/2100-1032-5153485. html, Feb, 2004.
7. "Create New Autorun by Patching Explore. exe, " The Online Rootkit Magazine, http://www. rootkit.com/newsread.php?newsid=118, 2004.
8. Creating New Packages for Mozilla, http:// www.mozilla.org/docs/xul/xulnotes/xulnote_ packages.html.
9. Dunagan, John, Roussi Roussev, Brad Daniels, Aaron Johson, Chad Verbowski, and Yi- Min Wang, "Towards a Self-Managing Software Patching Process Using Black-Box Persistent- State Manifests, " in Proc. Int. Conf. Autonomic Computing, May, 2004.
10. "Discussion of sbc_netscape.xpi from MozillaZine, " http://forums.mozillazine.org/ viewtopic.php?t=66531.
11. "EarthLink Finds Rampant Spyware, Trojans, " InfoWorld, http://www.infoworld.com/ article/04/04/15/HNearthspyware_1.html, April 15, 2004.
12. "FTC to Look Closer at Spyware, " Washington Post, http://www.washingtonpost.com/wp-dyn/ articles/A22514-2004Apr18.html, April 19, 2004.
13. Flingstone Bridge, http://www.kephyr.com/ spywarescanner/library/flingstonebridge/index.phtml.
14. The Anatomy of File Download Spyware, http://grc.com/downloaders.htm.
15. "Monitoring Software on Your PC: Spyware, Adware, and Other Software, " Workshop Transcript, Federal Trade Commission, http://www. ftc.gov/bcp/workshops/spyware/transcript.pdf.
16. Garfinkel, Simson L., A Web Service for File Fingerprints: The Goods, the Bads, and the Unknowns, http://www.simson.net/clips/2003.15_ 972.FinalPaper.pdf.
17. "Nasty New Parasite, " SpywareInfo Newsletter, June 18, http://www.spywareinfo.com/newsletter/ archives/0604/8.php.
18. "Hacker finds hole in Netscape, " Wired, http:// www.wired.com/news/technology/0, 1282, 38087, 00.html.
19. Institution 2004 Remote Admin Tool, http://www. evileyesoftware.com/ees/content.php?content.43.
20. The Linux Kernel Module Programming Guide, http://tldp.org/LDP/lkmpg/.
21. Known Vulnerabilities in Mozilla, http:// www.mozilla.org/projects/security/knownvulnerabilities. html.
22. Lop.com ("Live Online Portal") Parasite, http://www.doxdesk.com/parasite/lop.html.
23. "Mozilla Flaw Lets Links Run Arbitrary Programs, " eWeek, http://www.eweek.com/article2/ 0, 1759, 1621451, 00.asp, July 8, 2004.
24. "Mozilla to squash security bugs, " CNET News.com, http://news.com.com/Mozilla+to+ squash+security+bugs/2100-1002_3-5286138.html, July 27, 2004.
25. Netscape Communicator Preferences Index, http://developer.netscape.com/docs/manuals/ communicator/preferences/.
26. Netscape Navigator Browser Snoops on Web Searches, http://www.computeruser.com/news/02/ 03/08/news5.html.
27. National Software Reference Library (NSRL) Project Web Site, http://www.nsrl.nist.gov/.
28. Poulsen, Kevin, "Windows Root Kits a Stealthy Threat, " SecurityFocus, http://www.securityfocus. com/news/2879, Mar 5, 2003.
29. PluginDoc for Mozilla, http://plugindoc.mozdev. org/notes.html#scan-acroread.
30. Pest Patrol, http://research.pestpatrol.com.
31. Spybot-S&D, http://www.safer-networking.org/ microsoft.en.html.
32. Secunia Advisories, http://secunia.com/advisories/.
33. Saroiu, S., S. D. Gribble, and H. M. Levy, "Measurement and Analysis of Spyware Infections in a University Environment, " Proc. of the First USENIX/ACM Symp. on Networked Systems Design and Implementation (NSDI), 2004.
34. Wi n d o w s XP System Restore, http://msdn. microsoft.com/library/default.asp?url=/library/enus/ dnwxp/html/windowsxpsystemrestore.asp.
35. System Restore Monitored File Extensions, http:// msdn.microsoft.com/library/default.asp?url=/ library/en-us/sr/sr/monitored_file_extensions.asp.
36. Spybot-S&D TeaTimer, http://www.safernetworking. org/en/faq/33.html.
37. Wang, Yi-Min, Roussi Roussev, Chad Ve r b o w s k i, Aaron Johnson, and David Ladd, " A s k S t r i d e r: What Has Changed on My Machine Lately?, " Microsoft Research Technical Report MSR-TR-2004-03, Jan, 2004.
38. Wang, Yi-Min, Chad Verbowski, John Dunagan, Yu Chen, Helen J. Wang, Chun Yuan, and Zheng Zhang, "STRIDER: A Black-box, State-based Approach to Change and Configuration Management and Support, " Proc. Usenix Large Installation Systems Administration (LISA) Conference, pp. 159-171, October 2003.
39. Wang, Yi-Min, Binh Vo, Roussi Roussev, Chad Verbowski, and Aaron Johnson, "Strider GhostBuster: Why It's A Bad Idea For Stealth Software To Hide Files, " Microsoft Research Technical Report MSR-TR-2004-71, July 2004.