WASHINGTON, DC. On Friday, May 5, 2006, Intelguardians (
www.intelguardians.com) announced the release of a free anti-spyware testing tool called Spycar. Spycar is a suite of programs designed to mimic spyware-like behavior, but in a benign form. "Intelguardians created Spycar so anyone could test the behavior-based defenses of an anti-spyware tool," said Ed Skoudis, co-founder and senior security analyst with Intelguardians.
Tom Liston of Intelguardians, the lead developer of Spycar, provided further detail, "Many anti-spyware tools focus on signature-based detection. That is, the vendor detects spyware by including thousands of signatures looking for specific sequences of bits on your hard drive or in memory. Behavior-based detection, another approach, lets anti-spyware stop malicious software based on its actions, not a specific set of signatures." Throughout early 2006, Intelguardians tested several enterprise anti-spyware tools, and found that their behavior-based defenses did not stop several spyware-like actions on a machine. "As long as no signature has been defined for a given piece of spyware, many anti-spyware tools offer virtually no protection," said Liston. Spycar allows individuals and organizations to evaluate their anti-spyware capabilities with a series of benign tests.
Every change made by Spycar is benign, designed simply to measure whether an anti-spyware tool can block or detect the change. Furthermore, Spycar includes a scorebot/clean-up application called TowTruck that measures how well an anti-spyware tool defended the system, and automatically undoes every alteration made by Spycar. Spycar, the name, is in homage to the venerable EICAR anti-virus file. The EICAR group (
www.eicar.org) created this file about a decade ago so that anyone could test their anti-virus solution to verify it was working. In honor of EICAR’s fine work, Intelguardians called its anti-spyware testing tool Spycar.
Spycar can be downloaded for free at
www.spycar.org------
Intelguardians is a Maryland-based information security research and consulting firm. Founded in 2004, Intelguardians performs comprehensive assessments, architecture reviews, incident handling services, and digital forensics for organizations in the financial services, high-technology, legal, government, and military industries. Intelguardians Labs performs deep research on topics including spyware and bot-net malicious code, virtual machine environment security implications, and the interstitial points between software and hardware including drivers and firmware.
