Discover the best of the web!
Learn more about Digg by taking the tour.
Open source anti-spyware
winpooch.free.fr — Exactly as the title says.
splendid- 1085 diggs
- digg it
- splendid, on 10/12/2007, -0/+3Winpooch uses the API Hooking method. It spies programs when they are running and gives to the user a powerful control of their activity.For example, you can forbide a program to write in a system directory or in the registry, or else to connect to internet. That makes the difference between others anti spywares using a database of known signatures.
- gamerzworld, on 10/12/2007, -1/+0does this work?
- reverb, on 10/12/2007, -1/+3Nice idea, unfortunate name.
- splendid, on 10/12/2007, -0/+1Done a few limited tests. Seems to work well.
- splendid, on 10/12/2007, -1/+3short review here:
http://www.lawpundit.com/blog/2005/08/winpooch-real-time-watchdog-for.htm - Shalabi, on 10/12/2007, -2/+1Wouldn't this be a bad thing? The spy/ad-ware companies could just see how they were being detected and change their program. Someone prove me wrong, please.
- tommis, on 10/12/2007, -0/+0From the above review:
Update:
We have observed that Winpooch might interfere with the installation of new programs. If Winpooch is installed and running, it might have to be deactivated before installing a new program which refuses otherwise to install.
@splendid: Are you perhaps writer of this program or associated with its development? - theImposs1ble, on 10/12/2007, -0/+0sounds good, curious about system performance, stability and effectiveness.
- longman2g, on 10/12/2007, -0/+0thats what happens, people find loopholes around things, and then they get fixed. with an open source program wouldn't that give you more people who could fix things?
- 1337geek, on 10/12/2007, -0/+0i like the idea, the site looks good, havnt used it.
Am more afraid that because its open source, its easier to screw something up that could damage a pc, ie when adaware found a perfectly good system file of mine and deleted it, doh, and couldnt login. - sjalt, on 10/12/2007, -0/+0"thats what happens, people find loopholes around things, and then they get fixed. with an open source program wouldn't that give you more people who could fix things?"
and make it easier to find said loopholes, - saleens281, on 10/12/2007, -0/+1problem is, many times the spyware writers are far superior coders to those writing the anti-spyware code. And I doubt they'll be jumping up and down to report when they find a bug that they can hack around.
- binarymelon, on 10/12/2007, -0/+2"Wouldn't this be a bad thing? The spy/ad-ware companies could just see how they were being detected and change their program. Someone prove me wrong, please."
To me it seems that fact that it's not using signature based checking, but rather on the actions that are considered malicious that keeps companies from changing their methods to get around it. I could be wrong though. - derekknight, on 10/12/2007, -7/+0Where's the Mac version. Oh, wait... never-mind.
- longman2g, on 10/12/2007, -0/+0so if it weren't open source the spyware writers could not get into the program to see what is going on? I'm not clear on how exactly these things work, but seems like if they are such excellent coders, they would know how to do this
- longman2g, on 10/12/2007, -3/+0watch your mouth macboy, you macintosh guys are going to piss someone off enough to make some malware for you guys
- cybortrip, on 10/12/2007, -0/+4Wouldn't this be a bad thing? The spy/ad-ware companies could just see how they were being detected and change their program. Someone prove me wrong, please.
salami: open-source is the solution to all of life's problems. when someone makes use of flawed coding, the programmers simply fix the code. and if you think spyware companies dont already know how the antispyware programs work then ask yourself why no single antispyware program can remove all spyware. - C_MAC, on 10/12/2007, -3/+0Wow, a whole channel full of articles and FAQ's that don't actually have any information, written by ***** with ***** sources, pretending to be journalists...
- C_MAC, on 10/12/2007, -4/+0^^^^^whoops wrong digg article...intended for revolution channel on ign...my bad
- antihero, on 10/12/2007, -0/+1I'm so sick of reading the same stupid disinformation every time something in security is open source. Yes, it is a hundred times better that it is open source. Yes, the bad guys can find holes easier. But then anybody with some programming knowledge can fix it and release a patch. What do you get with closed source? An exploit can be found and it takes the developer months to fix it. No program is perfect but I'd rather know that if I had to, I could open up the hood and see what's inside.
- immrlizard, on 10/12/2007, -0/+0Spybot has been using something like that on its new version called tea timer. It is a pain sometimes, but it works
- tomasvilda, on 10/12/2007, -0/+0How to associate winpooch with clamwin?
- rswarsaw, on 10/12/2007, -0/+0i'd like to see the verdict on this
- browell172, on 10/12/2007, -4/+0you get what you pay for.
- lweese, on 10/12/2007, -5/+0heehee... Paris Hilton has a hairless pooch.
- ramsinks.com, on 10/12/2007, -0/+0lol longman... $500.00 to the first - nobody steps up.
Spybot has been so inadequite - Finds nothing comparied to Spyware DR.
(this is on 100's of PC's).
I'll test it today on a few of the customers PC's. - NJank, on 10/12/2007, -1/+2"Where's the Mac version. Oh, wait... never-mind"
it's where it should be... awaiting significant marketshare to justify the product, and to require it for that matter:) - IHaveIssues, on 10/12/2007, -1/+0Updates? No updates?
- Geterix, on 10/12/2007, -0/+0Does this mean that Bonzi Buddy can contribute too.
- theantidote, on 10/12/2007, -0/+0Open source is good just like Antihero said. From one Anti to another, I agree.
Microsoft Antispyware does this same kind of stuff (real time blocking) and it's a lot more user friendly than AdAware's Teatimer. I recommend it especially for people who aren't very computer literate. - calr0x, on 10/12/2007, -0/+1Don't forget gentlemen they commercial spyware vendors are in a twofold quagmire:
1. They cant remove software that's under the DMCA. Sony's root kit being one, the diff in this situation is that Sony wont prosecute MS for removing it since it would further hurt Sony's image.
2. Malware = backed by companies. Almost all adware removal companies have been sued and forced to remove detection of certain malware AS WELL AS being forced to not ID certain malware AS malware.
I can easily link you to some of these posts if needed.
These hurdles aren't an issue for open source software. Someone posted why no spyware removes all spyware, and you have no farther to look than to see the deals made between these anti spyware companies and malware developers... - RogueJediX, on 10/12/2007, -0/+0Dang it. Misread as "open source spyware". Oh well.
- timmarhy, on 10/12/2007, -0/+0"the spy/ad-ware companies could just see how they were being detected and change their program"
thats the whole idea you nonce. if the enemy can see exactly how you work and are unable to defeat your methods, then clearly they are going to be more secure. there i proved you wrong.
it's the premise of OSS, that you don't rely on this illusion of saftey that exe's can't be deassembled, because they can and will be. it's idiotic to think attackers won't do everything in their power. - calr0x, on 10/12/2007, -0/+0I absolutely believe OSS Antispyware will be infinately more successful than commercial.
- degree, on 10/12/2007, -0/+0so how do you associate it with clamwin so that it acts as an active scanner?
- theMaxx, on 10/12/2007, -0/+0anyone knows where they are based? If they are outside of the US, it could spare us from the craziness of the DMCA and all that garbage.
- FaNtAsMa, on 10/12/2007, -0/+0"Wouldn't this be a bad thing? The spy/ad-ware companies could just see how they were being detected and change their program. Someone prove me wrong, please."
I was thinking the same exact thing. - darkvad0r, on 10/12/2007, -0/+0@calr0x: I really would like to see that links please ^^
- .Steven, on 10/12/2007, -0/+0http://winpooch.free.fr.nyud.net:8090/home/index.php
- Defcon79, on 10/12/2007, -0/+0A program like this that doesn't use signature or heuristic based detection has some serious drawbacks -
- it will trigger an alert on any suspicious activity such as writing to the registry, system folder's, autorun etc. The problem is this behaviour is required for many legitimate programs, and asking the poor user a 'yes/no' each time quickly becomes tiresome.
- not to mention that most users will have no clue what to say and will usually just want to 'make the dialog go away'.
IF a program wants to write to an obscure registry key that I have no idea about, what am I supposed to do? Even as a power user, I can't make an informed decision without knowing exactly who's doign th writing and why. This is why the databases of antispyware programs are needed, because they know whats suspicious and whats not.
Of course, the advantage is that all activity will be tagged, so *theoreticllay* this will catch the latest virus/trojan earlier. But api hooking is not exactly rocket science and there are ways to bypass it, make it appear the code is running under a different process and so on. The point is even if something is triggered, it'll be dificult to know what to do.
Just because its OSS doesn't make it better than commercial. I'd like to see a comparision with Windows Defender. - calr0x, on 10/12/2007, -0/+0darkvad0r, coming right up my friend:
http://www.dslreports.com/shownews/60608
http://news.com.com/2100-1032_3-5095051.html?tag=techdirt
http://news.zdnet.com/2100-1009_22-5718370.html?part=rss&tag=feed&subj=zdnet
http://www.networkworld.com/weblogs/security/009261.html
http://www.dslreports.com/forum/remark,12665642~mode=flat
http://netrn.net/spywareblog/archives/2005/02/13/dont-drink-the-whenu-kool-aid/
http://slashdot.org/yro/03/10/22/2210255.shtml?tid=123
This isn't by any means complete but it covers the biggest issues relating to this.
The thing we all need to realize is that spyware is backed by BIG MONEY companies. It's been well known fortune 100 companies, like Sony, use these methods to advertise.
If you own Adaware, and WhenU offers you $100,000 to not detect them, what do you do? Sure the easy answer is not take it but the owners of these companies aren't you. OR they get threatened or sued to not label it AS spyware.
I know as a user you guys don't give a ***** about these details. All we know is we don't want ***** on our puters we don't use. An open source project, like this, has no leverage in this situation.
See, no ones talked about the "other" perk of open-source software:
Forking.
If the author takes this app in a direction we don't like we can take the code and go in a direction WE want. The industries have no pull, or say, in what WE make the program able to do.
IMHO, adware detection by commercial companies was doomed from the beginning. The money being thrown around, or the legal aspect, is unstoppable.
The only reason antivirus has worked so well is that the victims (in this case the virus authors) can't sue anyone. But adware? Thats a diff story.
This is a huge issue for me, and seeing this opensource app really gets me excited for the future of spyware on windows. If you have any questions don't hesitate to ask.
Lastly I will say that in the linux world you won't see issues like this because linux users have inherently "owned" their OS since day1. Linux users have a different expectation of how software behaves on thier OS than windows users, who are mor eused to running closed-source commercial apps from the beginning.
But if we're lucky, someday this app will be super mature and will detect ANYTHING us as users don't want! - calr0x, on 10/12/2007, -0/+0@Defcon79
I agree it doesn't make it better..
It makes it "potentially" better... =P - splendid, on 10/12/2007, -0/+0Firstly to tommis. No I am not connected with this software in any way.
Secondly to quote Whitfield Diffie, the co-inventor of public-key cryptography:
"It's simply unrealistic to depend on secrecy for security in computer software. You may be able to keep the exact workings of the program out of general circulation, but can you prevent the code from being reverse-engineered by serious opponents? Probably not." - Web_Weasel, on 10/12/2007, -0/+0This may the only hope for the future. After the lukewarm response from Symantic and NAI with the Sony rootkit I don't think it's wise to trust the big security firms anymore. Spyware is big money and big money can get your spyware labeled "innocent" adware.
- crapiolio, on 10/12/2007, -0/+0I'm not really suure about open source anti-spyware or anti-virus software, at least, for now. Maybe it'll be different in anoter 10 years or so, who knows.
- skippy2057, on 10/12/2007, -0/+0Winpatrol also has similar functionality, works well, and has a free version. As mentioned by others, MS Antispyware (Windows Defender), Spybot and the paid version of AdAware come with the same kind of protection.
These can be a wee bit intimidating for new/inexperienced users, but they do help you keep track of what's going on in your Windows system. - calr0x, on 10/12/2007, -0/+0"This may the only hope for the future. After the lukewarm response from Symantic and NAI with the Sony rootkit I don't think it's wise to trust the big security firms anymore. Spyware is big money and big money can get your spyware labeled "innocent" adware."
Boy, that's exactly where I'm comin from too... - antic, on 10/12/2007, -0/+0this is a slick app
- netherbound, on 10/12/2007, -0/+0Anyone try this yet?
I have been using Clamwin AV for some time now but much system resources does this thing take up? - mrfx, on 10/12/2007, -1/+0Yep it sucks bad!
-
Show 51 - 53 of 53 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2008 —
Content posted by