Spy Monitoring Software - Computer Spy Monitoring and Internet Security Solutions

Computer Spy Monitoring, Anti-Spyware Software and Internet Security Solutions For Home And Business

Home | Software | Articles | Links | About Us


Spy Monitoring Software


Anti-Spy Software


Internet Privacy Software

PC Security Software

Background Check Software

Personal Firewall Software


Beyond Viruses: Why Anti-Virus Software is No Longer Enough

Executive summary

Pests is the collective term we use to describe non-viral malicious code - trojans, remote administration tools, hacker tools, and spyware. Such code can stealthily gain access to and hide on computer systems, bypassing traditional security measures such as anti-virus, firewalls, and intrusion detection systems.

Pests can allow unauthorized users to breach firewalls and access sensitive data by assuming the identity of authorized users. Pests can then allow unauthorized third parties and disgruntled insiders to access electronic assets (customer database, financial records, intellectual property, trade secrets), compromise existing security, destroy customer confidence, and expose individuals and organizations to litigation.

Pests are fundamentally different from viruses, in that they are self-contained programs rather than code fragments, and so the technology required to detect and remove them is also fundamentally different from anti-virus software. All pests share these common characteristics: most people don't know anything about them, didn't invite them in, don't know they are present, and don't want them in their system. That is the heart of the problem. With thousands of files in today's computers, no one could be expected to know what every single one does. And, without the technology to help find pests, they can live and thrive in your system for a long time before anyone finds out they're there - by which time it may be too late.

Pests have the potential to create even greater damage than viruses - including significant loss of business, legal liability, and public relations nightmares.

Protecting your systems against pests

CA Anti-Spyware picks up on the protection of your network where current products leave off. It is designed to be used in conjunction with anti-virus software, and has little to no impact on system performance. PestPatrol, used in conjunction with an anti-virus product, offers comprehensive and reliable protection against stealthy malicious code that can result in downtime, loss of employee productivity and legal liability.

An example of why additional protection beyond anti-virus was the December 2001 outbreak of BadTrans B. Every anti-virus company came out with a 'quick fix' to detect and remove the worm itself, but did you know that the worm left behind a key logger that may still be hidden on systems you thought were clean? PestPatrol would have found and removed it.

Pest behavior and impact

Pests can do anything that software can do. Here are just a few examples:

  • If your PC has ever locked up for no reason, the CD-ROM drive has started to turn, or you've mysteriously lost files, you could unknowingly have downloaded a RAT (remote administration tool), enabling a hacker to control your machine without you ever knowing. Back Orifice and Sub Seven are well known RATs.

  • If a disgruntled ex-employee plants a key logger on critical systems before he's terminated, he can access confidential data long after he's gone by capturing keystrokes for passwords. This is what the key logger left behind by the trojan incorporated into the BadTrans.B worm was programmed to do.

  • And, how would you like to discover that some company has secretly planted spyware on your machine and has been following your surfing habits and transmitting this information to an outside source?

No network administrator would be happy to find out that intellectual property, customer data or even ownership of the corporate web site has fallen into someone else's (unauthorized) hands.

Unlike viruses, however, there can be 'good' pests. That is to say, tools such as password cracking programs are an important part of the system administrator's toolkit, but in the wrong hands, password crackers can allow unauthorized individuals to access confidential data unchallenged. PestPatrol deals with this "gray area" by enabling you to detect the presence of such a tool only if it's on a PC where you would not expect to find it - in the accounting or sales departments, for example.

Why are pests on the rise?

Many factors conspire to make today's computer systems a fertile environment for pest growth.

  • Users have changed. A decade ago, it seemed that many users were fascinated by the details of their computer's operation. Many knew that the size of COMMAND.COM in DOS 5.0 was 47,485 bytes. But today's users tend to regard computers as just another tool to help them do their job, so there is less interest in the details of what is going on behind the scenes. This simply means that, should problem software be inadvertently introduced to a machine, the number of users that are equipped to realize what has happened and deal with it is a much smaller proportion of the total user population.

  • Operating systems are more complex. A decade ago, DOS consisted of COMMAND.COM and two hidden system files, and could fit on a low-capacity floppy. Today, the Windows directory on a typical Windows 98 machine is likely to have 200 or more directories, 4,500 or more files, and use 600 Mb or more. Today, no user could be expected to know what every file in their computer does, where it came from, or if it is even needed.

  • New software cannot be readily inspected prior to installation. A decade ago, nearly all software introduced to a machine was installed from a floppy disk. It was a simple matter to determine the immediate source of that software, and to scan it for viruses. Today, nearly all software is introduced to a machine via the Internet. The transfer process might reveal the overall setup package, but not its components. Even the size of the basic component often cannot be determined with precision. And any kind of security check of the installation package cannot usually be done prior to installation.

  • Software is installed in obscure ways. A decade ago, software installations involved little more than creating a directory and copying some files. Not until DOS 6 were operating system files even compressed. Today, the exact process followed by an installer is hidden by both the installation package (often a single file contains dozens or hundreds of individual files) and installation procedure (an installer may or may not enumerate files as they are extracted.) Sometimes, as in the case of an ActiveX, Javascript, or VBScript component on a web page, there is no evident installation process at all: the software is simply transferred, installed and run, sometimes without any user interaction at all.

  • Trusted sources can no longer be determined. A decade ago, users were counseled to avoid viruses by only installing software from trusted sources, and to not accept software from untrusted sources. Users of a decade ago might call local Bulletin Boards (BBSs), but would rarely make long distance calls to BBSs across the country, or make international calls. And at 2400 baud, users spent some time judging the potential value of software before downloading. Today, all of the world's software is a local call away, via the Internet, and can be accessed 30 to 1,000 times faster than it was a decade ago.

  • There is more problem software. Problem software, such as viruses, does not become extinct just because it is hunted. Every piece of malicious code that has ever been distributed probably still lives, somewhere. In short, the evil that men do lives long after they are gone.

The real problem is that the rate of emergence of pests is increasing. The table and graph below report on the growth of pests in both number of megabytes of pests and total number, by creation date. These values come from the PestPatrol database, available for examination at here.

Figure 1: The number of pests has increased rapidly over the past few years.

Anti-virus (AV) requires a different approach

Anti-virus vendors have added detection capabilities for some high-profile pests. They just haven't added it very well or with any degree of thoroughness or consistency. There are two main reasons for this:

There have been many pests in the news recently. In fact, they sometimes seem to be "stealing the show" from viruses. For example, the "SubSeven Defcon8 2.1 backdoor trojan" is a trojan, not a virus.

Anti-virus is not enough
Anti-virus software detects some pests, particularly those that have made the news. But generally, the pest detection rates of anti-virus software are pretty low. To illustrate this, we asked the National Software Testing Laboratory (NSTL) to test PestPatrol's pest detection capabilities against the three major anti-virus software packages - Norton AntiVirus, McAfee, and PC-Cillin. Here is a summary of their findings:

"PestPatrol clearly detects more pests in every category than any other product tested by finding 86% of the pests. PC-Cillin 2000 came in a distant second, finding 55%. Although no product, in its default state, detected every available pest, it is clear which product provides the better protection.

"Our testing indicates that pest detection, unlike virus detection, has not been given strong enough attention by the computer industry. This may be due to the fact that pests tend to run silently, and users often don't even know that their systems are infected. So there is no big outcry by infected owners for remediation or prevention. As more people become aware of pests and see the damage that they can do, there should be increased demand for effective products to detect and clean pests.

"Currently, products tend to do their best detection with trojan-type pests - detecting a larger percentage of them. Pests used for hacking or performing Denial of Service attacks were only modestly detected by the majority of products. Only PestPatrol was able to detect any spyware pests."

Figure 2: Results of the 11/01 NSTL pest detection tests

Use of anti-virus software is not enough, as many experts have recently argued. "Antivirus software still does an excellent job of protecting against viruses in the wild; however, other products, in association with corporate security policy, are now becoming increasingly important to safeguard the network and critically sensitive corporate data." - Datapro

Anti-virus technology is not well-suited for detecting pests
Viruses do not "install" themselves in a machine. They do not normally examine the registry, nor do they make changes to it. They do not reconfigure the machine to ensure that they run at next boot. The challenge with a virus is to remove it from the objects it has infected, returning them to a fully functional state.

Trojans usually do install themselves in a machine. They frequently modify the registry, and sometimes also modify .ini files, such as win.ini. Deleting a trojan will cause a problem if the registry calls for a missing file to be run. Unlike virus removal, removing a trojan may require editing the registry.

Because a trojan appears to all intents and purposes to be a normal uninfected program, and lacks jumps, there is no convenient section of a few thousand bytes from which a detection scan string might be extracted. To detect a trojan with a scan string is not difficult. To do so without false alarming on non-trojans is a great deal more difficult.

The PestPatrol approach

CA Anti-Spyware scans your system, looking specifically for malicious code. It currently can detect some 32,000 pests, and the database continues to grow. PestPatrol is designed to be very fast and can scan 33,000 files per minute.

How does CA Anti-Spyware differ from anti-virus software?
CA Anti-Spyware is not an anti-virus product and it will not remove viruses. PestPatrol looks for and detects other malicious code, including trojans, hacker tools, Denial-of-Service attack agents, and spyware. Since anti-virus products focus on viruses, PestPatrol used in conjunction with an anti-virus product offers complete and reliable protection from the full complement of malicious code that might result in downtime, loss of employee productivity and dissemination of dangerous code.

How does CA Anti-Spyware stay current?
We have created a number of tools that automatically manage the PestPatrol database, trapping new malicious code and constantly updating the database. Such new files are downloaded and automatically analyzed.

Information on how to remove this malicious code from the registry, from ini files, and from the file system is automatically added to our database. The database is automatically posted to the web site so that users of CA Anti-Spyware have access to the latest strings; the product looks for updates and downloads them automatically, too. The result: CA Anti-Spyware can detect a pest within a few minutes of its availability on the Internet and have the necessary removal information immediately available.

Compatibility with anti-virus
CA Anti-Spyware is designed to work with anti-virus software, not instead of it. This design required that several conditions be met:

  • the scanning time for PestPatrol needed to be lightning fast;

  • the product needed to be "lightweight", taking little machine overhead;

  • the product needed to detect problems that the anti-virus software missed, with little overlap.

CA Anti-Spyware benefits
CA Anti-Spyware is fast because its detection algorithms are specifically built for pest detection. At the time of writing, the database contains 11 different pieces of information on each of 32,000 different pests - over 350,000 information elements.

CA Anti-Spyware is flexible, with powerful command line capabilities to facilitate scheduling, network-wide scanning (including systems connecting to corporate servers via VPN), reporting, and updating.

CA Anti-Spyware combines speed, a mature database and automated updating capability offering complete and reliable protection from dangerous code. Further information and evaluation software for download may be found here.


It is clear that anti-virus, while extremely valuable, is no longer the complete solution to malicious code management. According to The Hurwitz Group, PestPatrol "will create a solid tool for fighting against the software that plagues our networks today. In the corporate world, this provides two benefits: It protects corporate information that resides on systems being accessed by infected PCs and reduces the likelihood of liability associated with corporate PCs acting as "zombies" and attacking other companies."

Buy CA Anti-Spyware Today!

Why CA Anti-Spyware is an important security tool....

Copyright 2012 Spy-Monitoring-Software.com
 Privacy Policy