Home > Articles > Security > Network Security

  • Print
  • + Share This

Detecting Spyware Processes In MS Windows-Based Machines

It is important to use a good process monitor. Windows 9x machines do not come with any process-monitoring software as such, and I recommend using a third-party application on all Windows operating systems to manage system processes (these include XP/NT/2000, and so on). Wintasks Pro is probably one of the best process monitors available today. The makers of Wintasks Pro have set up a process library that enables system admins to make informed decisions when ascertaining whether a process is malicious or not. This process library can be viewed here.

Malware

Malware will often inject itself into legitimate processes. It is an advanced infection technique and is very difficult, but not impossible, to remove. Process injection has become very popular in the malware world. Many remote access trojans use this form of infection because it can evade rule-based firewalls. Spyware makers also have begun to use this technique. Injecting into the Internet Explorer process will often allow the spyware Internet access; a lot of rule-based firewall applications will not see the malware; they will see the trusted application Internet Explorer and will allow communication.

System Safety Monitor is a freeware program that helps system admins protect against malware code injection.

NOTE

"System Safety Monitor (SSM) is an application-firewalling tool (it is not a 'firewall' in traditional understanding, so there shouldn't be any conflicts with your network firewalls). SSM controls which programs are running on your computer and what they are doing. For example, SSM can prevent so-called 'DLL Injection'. Also, SSM will notify you whenever a program you want to start was modified. In addition, SSM can constantly check your registry and alert you, when an important modification was made."

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.