Sciweavers

LISA
2004

Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management

14 years 2 months ago
Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for Spyware Management
Spyware is a rapidly spreading problem for PC users causing significant impact on system stability and privacy concerns. It attaches to extensibility points in the system to ensure the spyware will be instantiated when the system starts. Users may willingly install free versions of software containing spyware as an alternative to paying for it. Traditional anti-virus techniques are less effective in this scenario because they lack the context to decide if the spyware should be removed. In this paper, we introduce Auto-Start Extensibility Points (ASEPs) as the key concept for modeling the spyware problem. By monitoring and grouping ``hooking'' operations made to the ASEPs, our Gatekeeper solution complements the traditional signature-based approach and provides a comprehensive framework for spyware management. We present ASEP hooking statistics for 120 real-world spyware programs. We also describe several techniques for discovering new ASEPs to further enhance the effectivene...
Yi-Min Wang, Roussi Roussev, Chad Verbowski, Aaron
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2004
Where LISA
Authors Yi-Min Wang, Roussi Roussev, Chad Verbowski, Aaron Johnson, Ming-Wei Wu, Yennun Huang, Sy-Yen Kuo
Comments (0)