Difference Between Malware and Viruses, Spyware, Etc

Discussion in 'Computer Security' started by =?Utf-8?B?Sm9yZ2U=?=, Jan 20, 2006.

  1. I am at the basics and confused about what protection to apply with certain
    programs. I see a lot of discussion about malware and spyware/viruses/etc. Is
    there any difference between malware and spyware? Or is spyware a subset of
    malware? Can the traditional products such as Norton Internet Security, MS
    Antispyware, and Spybot S&D find and detect malware? Or these products find
    and destroy spyware only? Any guidance will be appreciated. I have been told
    that I may have "malware" (see my post on 1/16/06) but I do have and have ran
    Norton Internet Security, MS Antispyware, and Spybot S&D all finding nothing
    negative. Thank you!
     
    =?Utf-8?B?Sm9yZ2U=?=, Jan 20, 2006
    #1
    1. Advertisements

  2. =?Utf-8?B?Sm9yZ2U=?=

    PA Bear Guest

    This one's not too bad:

    Spyware / Adware / Hijackware:
    http://www.cit.cornell.edu/computer/security/spyware/whatis.html

    and http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
    isn't too shabby either.


    Also see:

    http://aumha.org/a/parasite.htm
    http://aumha.org/a/quickfix.htm
    http://aumha.net/viewtopic.php?t=5878
    http://mvps.org/winhelp2002/unwanted.htm
    http://inetexplorer.mvps.org/data/prevention.htm
    http://inetexplorer.mvps.org/archive/tshoot.html
    http://www.mvps.org/sramesh2k/Malware_Defence.htm
    http://defendingyourmachine.blogspot.com/
    http://www.elephantboycomputers.com/page2.html#Removing_Malware
     
    PA Bear, Jan 20, 2006
    #2
    1. Advertisements

  3. Generally speaking, anti-virus solutions detect viruses, and anti-spyware
    solutions detect spyware/malware..

    NIS (any year) is not worth much.. look for something else, but not McAfee..
    that is as bad..

    On my system, 5 networked machines, I have AVG free version, SpyBot,
    Adaware, and SpywareBlaster.. I also sit behind a D-Link broadband wireless
    router, so no firewall.. I have all of the other users well trained..
     
    Mike Hall \(MS-MVP\), Jan 20, 2006
    #3
  4. From: "Jorge" <>

    | I am at the basics and confused about what protection to apply with certain
    | programs. I see a lot of discussion about malware and spyware/viruses/etc. Is
    | there any difference between malware and spyware? Or is spyware a subset of
    | malware? Can the traditional products such as Norton Internet Security, MS
    | Antispyware, and Spybot S&D find and detect malware? Or these products find
    | and destroy spyware only? Any guidance will be appreciated. I have been told
    | that I may have "malware" (see my post on 1/16/06) but I do have and have ran
    | Norton Internet Security, MS Antispyware, and Spybot S&D all finding nothing
    | negative. Thank you!
    | --
    | Sincerely,
    | Jorge

    Malware is the superconcept. That is all "bad software" falls under that heading.

    Malware is broken down ito two types. Viral and non-viral.

    Viruses are malware that have the ability to self replicate. This could mean that it
    "infects" other files or a hard dosk boot sector. For example the Gael virus infects EXE
    files. Take an infected EXE file to another PC and you infect another computer. The virus
    appends itslef to the executable so the size of the executable increases.

    Now take a Boot Sector infector like the "Form" or "NYB" virus. It infects the Boot Sector
    of a disk and is resident in memory. This if you write to a floppy disk from an infected
    PC, that disk becomes infected. Read that floppy in another PC and the PC can be infected.
    So the Boot Sector infectot is a sub-type of virus.

    Now take that concept to network protocols and you have a another sub-class of virus known
    as an Internet worm. the network protocols could be TCP 135 such as the Lovsan/Blaster and
    some SDBot variants. It could be TCP port 445 such as the Sasser or SDBot variants. It
    could be TCP port 119 which is the Network News Transfer Protocol (NNTP) which is the
    protocol of News Servers and Usenet. Examples are the Swen and Torvil viruses which have
    the ability to post themsleves as infected attechments to News Group posts. Email via TCP
    port 25 is another protocol that is the most widely used. Another would be the NetBIOS
    protocol and MS Networking File and Print Shares. A phun example is the BugBear which can
    find a print server and send much junk to the printer or infect a PC through a NT Share that
    is improperly or insufficiently secured.

    So that's viruses. Now comes the non-viral malware. There are many kinds of non-viral
    sub-types. The most common are Trojans. Trojans have payloads like viruses except they
    can't self replicate. They need assistance. For exmple by you visiting a malicious website
    it may be downloaded to your PC or a malware creator may send out a mass email containing
    the Trojan. What's different in the Trojan email vs the virus email is that the virus has
    its own email engine capable of creating email and sending it out. The Trojan needs a human
    sender. Not a software robot or "bot". That's why some Internet worms are called "bots"
    such as the SDBot or RBot.

    Trojans take many forms. Dialers, Browser Hijackers, downloaders, proxy servers, Browser
    Helper Objects, adware, spyware, keyloggers, etc.

    Each will perform a different function. that's the "payload".

    For example a Trojan Dialer may use your modem to call an offshore 900 number or other toll
    nimber. If it costs $25.00 and the modem is made to call that number 100 times well, the
    Trojan writer makes money.

    A Browser HiJacker takes control of your browser and "hijacks" to Browsing experiences.

    Adware is software that provides you with abundant advertiserments

    Spyware captures your data. For example a keylogger Trojan may log all your key strokes
    into a file such as when you accessed your bank. Later it may communicate "home" and send
    those keystokes to the malware creator. Now your account name and password are in the hands
    of the malware creator.

    There is also whats called a "blendid threat". that means the malware uses many different
    types of payload. It may be a virus that posts itself to News Groups, send itself as email
    to all the pople in your address book, it may look for poorly secured NetBIOS or SMB shares
    to infecto or it may try to find an unpatched PC on the Internet via TCP port 135 or 445.

    OK that's enough for now. I don't want to write a book. :)
     
    David H. Lipman, Jan 20, 2006
    #4
  5. PA Bear: Thank you! Very helpful. V/R Jorge
     
    =?Utf-8?B?Sm9yZ2U=?=, Jan 20, 2006
    #5
  6. Mike Hall: Thank you! Very helpful. V/R Jorge
    --
    Sincerely,
    Jorge


     
    =?Utf-8?B?Sm9yZ2U=?=, Jan 20, 2006
    #6
  7. David: Thank you! Very helpful. V/R Jorge
     
    =?Utf-8?B?Sm9yZ2U=?=, Jan 20, 2006
    #7
  8. But you should !If you have so much time to explain people these differences
    and give so acurate ideas,then you are good and lucky person.

    Hopefully there are people like Jorge who really care ,not like some other
    who really laugh when hear malware,spyware,firewall.....

    :)

    Panda_man
     
    =?Utf-8?B?UGFuZGFfbWFu?=, Jan 20, 2006
    #8
  9. Panda_man: Thank you for your words. I have received great information and I
    appreciate everyone's time. My problem is (as I posted about a week ago),
    everytime I reboot, a strange website appears in the History folder that I
    have never visited before, yet it keeps appearing after each reboot every two
    or three days. If I delete the History folder, close the browser and reopen,
    then it does not show up again in the History folder. However, it keeps
    appearing after a couple days on another's day reboot. I have scanned my
    computer with Norton Internet Security, Microsoft AntiSpyware, Spyware
    Doctor, and even with Spybot Search and Destroy. All with negative results -
    no spyware found. But, in my search to find what is wrong, I was told that I
    have "malware" and thus my question in the post. By the way, I clicked on
    such strange web site when it appeared once in the History folder and all I
    got was a "page/site could not be open" website.] Whenever it shows up, it
    shows "page can not be found." Does the Panda software takes care of this
    challenge? THANK YOU!
     
    =?Utf-8?B?Sm9yZ2U=?=, Jan 20, 2006
    #9
  10. Hi !

    What is this strange site that appears permanently.
    Please write it but without http:// (only www......)

    Panda products take care of all kind of known and unknown malware but this
    itself is not a malware.Yes ,somethings does it.

    You may also scan with with Panda Software's free Active Scan
    http://www.activescan.com


    Panda_man
    --
    Prevention is always better than cure !
    Panda TruPrevent - the most intelligent technology to combat unknown malware
    http://www.pandasoftware.com
    http://free.hit.bg/fightmalware/homepage_en.htm



     
    =?Utf-8?B?UGFuZGFfbWFu?=, Jan 21, 2006
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.