July 20, 2004 -- Seattle, Wash., USA -- (Jobwerx News) -- Aaron Hulett - Chief Research Officer of Lavasoft has been at the anti-spyware game for some time, by offering assistance at the forums, and even providing a download mirror for Ad-Aware in the past. Back then, and even back a year ago, the spyware world was completely different that what it is today. In the past, spyware was easily found and removed. It’s not so easy today, though. Spyware authors now exploit some of the harshest methods seen in this field just to keep spyware on systems even after multiple removal attempts. Some even take advantage of sections of the Microsoft Windows Operating System designed to keep systems stable, such as the VX2 variants that are not removable without our VX2 Cleaner plug-in. And it continues getting worse.

Although lengthy, Aaron strongly urges for all to read the article in it's entirety and that the best line of defense is knowledge. One of the past articles he wrote was about how to prevent infection, but those were different times. Remember, in the world of technology, things change fast, and it’s time that everyone be brought up to speed on the world of spyware, how it’s changed, and what we’re doing about it. As you’ve come to expect, this will all be explained in ways that are easy to understand.

The next version of Ad-Aware focuses on the use of Alternate Data Streams (ADS) as a methodology to prevent easy detection and removal, and Ad-Aware SE’s ability to detect and remove them. Back in October of 2003, ADS scanning was the latest method, and thankfully, extremely unused, even today. Of course, this scanning technology remains in place, but there’s far more to things now than there was back in October.

Now, many have rotating filenames, or rotating registry information, making some of the other anti-spyware tools ineffective. Of course, Ad-Aware 6, which you have now, is already capable of detecting these. This is because Ad-Aware 6 uses file signatures as its detection basis, and not filename recognition like some other anti spyware programs out there. It identifies the file, regardless of filename. It’s similar to if a person wears a mask, but if you talk to them for a while, you eventually figure out who they are. The same goes for files. Their filenames may be randomly made, but it still has the same file contents, which is how we get around the filename problem other face.

While file signatures remain a great method of finding spyware, that’s not enough anymore. New versions of spyware, called variants, appear daily. A variant is something that does the same thing as something seen before, but the files are changed such that their file signature is different. In this case, let’s compare this to getting a room painted professionally. The first painter arrives, and begins painting the room. You learn who this person is, and see what they are doing. Then, a new person arrives. While a completely new person, the same task is performed. Both now paint the room. The same holds true for spyware. Multiple variants exist that perform the same task, but each variant’s files are slightly different from one another. This difference is enough to cause current file signatures to not work from variant to variant, and therefore the signatures must be updated with the new variant information. Lavasoft has been adding this file sig nature information, of course. At Lavasoft there has been a high volume of reference file updates. But it’s time for a new approach. And guess what? It’s coming. You’ll find out more about this when Ad-Aware SE is released in the very near future.

Click here to view more current news articles