Deflecting Assaults on Privacy : Page 2
What I have found with these three tools is that they often find items that many of the spyware products leave behind. They have a nice "Info" feature that allows an admin/tech support person to check the status of the Registry or system status. As an example, below I've done a CWShredder check first on my system:
CWShredder v1.47.3 scan only report Windows XP (5.01.2600 SP1) Windows dir: C:\WINDOWS Windows system dir: C:\WINDOWS\system32 AppData folder: C:\Documents and Settings\fac3\Application Data Username: lyne.bourque Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (734 bytes, A) Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe, CWS.Vrape/CWS.Addclass Registry value: DefaultPrefix  http:// CWS.Vrape/CWS.Addclass Registry value: WWW Prefix [www] http:// Registry value: Mosaic Prefix [mosaic] http:// Registry value: Home Prefix [home] http:// Found Win.ini file: C:\WINDOWS\win.ini (1053 bytes, A) Found System.ini file: C:\WINDOWS\system.ini (231 bytes, A) - END OF REPORT -
Looks like my system is ok. Let's check HiJackThis!
Overall nothing serious, but if I'm feeling suspicious I can check items by selecting them and getting information as to the risk they may carry. Configuration options allow me to ignore specific enterprise implemented tasks, creating a startup log (so I can check for any potential "nasties" there) and creating backups.
The last tool, StartupList, is a simple little program that generates a notepad listing of what things begin on a Windows machine. Very handy for troubleshooting.
Now while these tools are often targeted to the home user, administrators in enterprise environments shouldn't shy away from them. Remember that attackers often don't make distinctions between home and enterprise users. All they see is a victim. These three tools can be found at Merijn.org. An interesting side note, the site has been victim of a massive DDoS, perhaps a testament to the effectiveness of the tools finding the results of bad activity?
We have to realize that protecting privacy extends beyond individual end users. Our employees might inadvertently be putting the company at risk by simply performing research for a project or receiving what seems like work-related emails. While education is an excellent method of dealing with these threats, using technology as a backup helps to keep all the bases covered.