Localization of Spyware in Windows Environments
Independent thesis Advanced level (degree of Master (One Year))Student thesis
This is a thesis about different methods that can be used to detect spyware. Methods included are Layered Service Provider, Internet Protocol Helper API, TDI filtering and API hooking. Some firewall testing applications, leak tests, that use methods that can be used by real spyware program to penetrate firewalls have also been examined. The goal was to develop a Windows 2000/XP program that is able to detect as many of our examined leak tests as possible. Our program uses the methods TDI filtering and API hooking for detection of spyware because our study showed that these methods were the best. To evaluate the program it was tested against our examined leak test programs. Our program managed to detect all leak tests except one.
Place, publisher, year, edition, pages
2004. , 27 p.
spyware, firewall, leak test, API hooking
IdentifiersURN: urn:nbn:se:bth-5391Local ID: oai:bth.se:arkivex197AC21B9D023D2DC1256EB500793775OAI: oai:DiVA.org:bth-5391DiVA: diva2:832771
Fredrik Bergstrand firstname.lastname@example.org Johan Bergstrand email@example.com Håkan Gunnarsson firstname.lastname@example.orgBibliographically approved