Spyware Detector launches Generic and Heuristic Scanners...

The wait is over...In today's live update of Spyware Detector, you will find the much awaited release of generic scanners to meet the RANDOMNESS technique very commonly deployed by new breed of Spyware. It seems like a game ...if you can  determine a way to find randomness then most of the trouble is over and any good Anti-Spyware product can catch all the Spyware and Trojans that exist in this world in No Time!! 

Well we are approaching close to that and all the known locations ( Pattern in Randomness !) , We are trying to find certainty associated with the uncertainty in random variables ?! confused , well it is, but not quite. 

So, coming back to our Generic scanners, we have been studying pattern in the randomness of new breed of spyware where they would drop randomly generated dll or exe or .sys files at locations such as windows, system32, root and having some association (not all the time though) with the registry entries such as SSODL, Shell Execute Hook, Run, Shared Task Scheduler , AppInit, AppData etc. In many cases a driver is the launcher which would ensure the health of their random components and generate these files dynamically  or download, if deleted by any anti-spyware programs. Spyware Detector has now implemented very intelligent and quick algorithm to detect and quarantine such Spyware quite successfully. Files detected by the new Spyware Detector Scan Engine would be reported on GUI as GenBHO, GenToolBar, GenKeylogger, GenMenuExt etc.

We have also launched today our Malicious File Heuristic Scanner which was under Regression testing and under Analysis process for the last 3 months now. It is released with very conservative detection rate for now (about 13%) since we are looking for truly Zero False positive at the same time as we are working towards the goal of Zero Day threat detection. We can not compromise on the detection of even one White or Legitimate File by our scanner. We will continue to upgrade this scanner by adding more Spyware File characteristics and  this detection rate should go up. But still we can say that we will detect 13% of Malware Files in Zero Day Detection mode with 100% Safe Detection. This Scan is located under Full Scan as Malicious File Scan check box.

Newly introduced Malicious File Heuristic Scan is based on the File Integrity and is the static analysis of Spyware Files. As compared to our Rootkit and Keylogger scanners which are behavior based detection. File characteristics of Spyware Files are statistically determined. Our PE header reviewer parses Malicious and Malformed executables and easily determines how close this file is to being a Spyware File. It is so much fun to watch this scanner catch such files that we call them as M&M (malicious and malformed ) detection. This scanner was recursively tested against 24 characteristics of malformed spyware files and it produced very consistent results on a regression test of almost 100,000 Spyware Files. They were also tested on 32,000 White Files (legitimate good files) for any false detection.

Entries scanned by this Scan engine are shown as GenHeuristic on the Spyware Detector GUI. This scanner is yet another step towards providing Zero Day Threat Detection. 

Spyware are getting more sophisticated day by day. Spyware Detector is enhancing its Spyware Detection and Removal technology to meet new challenges. It's real time protection is being upgraded right now to use kernel based technology to protect you from new spyware programs from installing and launching on your PC, this upgrade should reach you by the end of this month. 

Here is the summary on the Spyware Categories processed for Spyware Detector Live Updates in the month of April:

We appreciate any feedback on our products from our valuable customers. You would also notice daily news updates on our Spyware patch releases. You will also find more detailed information on the Spyware Encyclopedia pages which can be reached either from Spyware we Remove Link or by clicking on the Spyware Detector itself after a particular Spyware is detected, by clicking on Threat Information Link right next to the name of the Threat detected.

Please continue to support this effort by reading this blog for the latest information on new spyware releases. We will not rest until Spyware writers give up and let the users of PCs enjoy their computing as it was intended to be without any slowdown, without fear of losing Privacy and with no advertisements or other unwanted nuisances. 

Rachna Pradhan 

CTO

Max Secure Software