Abstract
Spyware is a rapidly spreading problem for PC users causing significant impact on system stability and privacy concerns. It attaches to extensibility points in the system to ensure the spyware will be instantiated when the system starts. Users may willingly install free versions of software containing spyware as an alternative to paying for it. Traditional anti-virus techniques are less effective in this scenario because they lack the context to decide if the spyware should be removed. In this paper, we introduce Auto-Start Extensibility Points (ASEPs) as the key concept for modeling the spyware problem. By monitoring and grouping ''hooking'' operations made to the ASEPs, our Gatekeeper solution complements the traditional signature-based approach and provides a comprehensive framework for spyware management. We present ASEP hooking statistics for 120 real-world spyware programs. We also describe several techniques for discovering new ASEPs to further enhance the effectiveness of our solution.
| Original language | English |
|---|---|
| Pages | 33-46 |
| Number of pages | 14 |
| State | Published - 2004 |
| Externally published | Yes |
| Event | 18th Large Installation System Administration Conference, LISA 2004 - Atlanta, United States Duration: 14 11 2004 → 19 11 2004 |
Conference
| Conference | 18th Large Installation System Administration Conference, LISA 2004 |
|---|---|
| Country/Territory | United States |
| City | Atlanta |
| Period | 14/11/04 → 19/11/04 |
Bibliographical note
Publisher Copyright:© LISA 2004.All right reserved.