Security

Lock IT Down: Use PestPatrol to detect and remove hacker tools and spyware

See how PestPatrol software can scan computers for utilities that can compromise privacy and security.

A wide variety of programs are available to remove viruses and worms from client machines. But other software and files installed on these machines can also pose security risks and should often be removed, including spyware and adware programs that the user typically doesn’t even know are there. These programs, which are often installed with P2P programs such as KaZaa and Morpheus and with some IM software, can make your network vulnerable to attack. Antivirus software typically doesn't target these programs, leaving a possible weak spot in network security and potentially exposing sensitive data.

PestPatrol offers a solution to the problem by targeting many of the threats that current antivirus software isn't designed to detect. It specializes in finding hacking programs that can open up network vulnerabilities. Because not all of the files and programs PestPatrol can find are necessarily overt threats, it has identified them as “pests,” and it can certainly detect and remove a wide variety of these:
  • Denial of service attack tools
  • Disassemblers
  • Virus droppers
  • Hostile Java
  • Password crackers
  • Phreaking
  • Remote monitoring
  • Network scanning
  • Spoofers
  • Spyware
  • Trojans
  • Virus creation tools
  • Virus writing tools

Because it targets many surreptitious threats that can fall through the cracks and represent potential risks to network security, PestPatrol is a useful program that can help you better secure the hosts on your network.

Installation and setup
PestPatrol offers standard installation options. On completion of the install, PestPatrol gives you the option of checking for the latest updates, similar to they way antivirus programs do. When I ran the updater, it went through a series of checks and then reported that the program was up to date.

The setup of PestPatrol can take some time, depending on what you configure it to search for. Included in the search options are files with specific extensions, and you can add other file extensions if you think anything is missing from the list. You can also specify where you want PestPatrol to scan, including mapped drives and other network or administrative shares.

PestPatrol lets you exclude certain types of files as well, and it offers a spyware cookie search feature that can detect cookies you might want to remove.

In addition, it will search for adware, letting you exclude any that you choose not to remove. If you select the default setup, PestPatrol will report on all the pests it’s designed to detect.

These options give you a great deal of control over what you want to define as pests and where you want to look for them.

Scanning drives
When I started PestPatrol for the first time, it detected adware on my system from Alexa, a subsidiary of Amazon.com. PestPatrol actually classified the Alexa program as spyware because it tracks usage and collects personal information that may be sold to advertisers. The original intent of such programs was to improve user browsing by collecting information, but many feel that programs such as Alexa threaten their privacy. PestPatrol includes it on its Most Wanted list and identifies it as a threat (Figure A).

Figure A
Alexa adware notification


PestPatrol bills itself as specializing in finding hacker tools, and it certainly seems to deliver on this promise. When I scanned my system, it detected a number of hacker tools I had downloaded for research or evaluation, including NmapNT, TCPdump, and ADM Sniffer (Figure B). PestPatrol offers a description of each of the pests and explains why you might want to remove each one from your system.

Figure B
Detected pests


While the presence of these tools on your local drive will obviously be no surprise to you, it would be useful to know if a user on your network had certain hacker tools installed. You’d certainly want to know why they were there.

In addition to the hacker tools, PestPatrol can detect and remove Trojans and other threats that could be lurking undiscovered on the network. It didn’t find anything like this on my system, but it did find lots of spyware cookies (Figure C). If you do any Internet browsing at all you’re going to collect tons of these, and they’re all collecting information from you that they may be sharing liberally.

Figure C
PestPatrol identifies spyware cookies


The question is: How much of a threat are these cookies and adware programs? From a personal standpoint, you might prefer not to have them on your systems, but do they really jeopardize network security? For the most part, these programs are merely annoyances for the user and cause little harm beyond an increased number of pop-up ads and possibly increased spam.

It has been suggested, however, that some spyware can collect passwords and siphon other sensitive data from a machine. If that's true, it clearly represents a security concern—and PestPatrol can take care of it.

PestPatrol seems to cover a lot of bases with its scanning capabilities. You can easily find and remove a variety of potential threats from your network. Given how long it took to scan my local drive, I recommend that administrators use the command-line feature of the product to schedule scans of each system on the network at startup, automating the process.

Cleaning up
PestPatrol makes it easy to get rid of whatever pests it’s detected on your system. It displays a list of culprits onscreen, and you can double-click on them individually to find out more about the nature of the threat.

When you select a pest, you have a number of options for dealing with it. First, you can have PestPatrol delete the pest entirely. If it’s something you want to keep, such as NmapNT, you can tell PestPatrol to always ignore it so it won’t continue popping up in the scans. Another option is to quarantine the item to a folder in the PestPatrol directory until you have time to further research the potential threat. PestPatrol also offers a lookup feature that accesses its Web site for additional information on the pest.

Overall benefits
PestPatrol is designed to complement existing security programs such as firewalls and antivirus software, and from that perspective, it’s a useful program. Remote and home users will appreciate its ability to remove spyware from their computers, although these generally pose a minimal risk to network security.

PestPatrol is easy to use and highly configurable to detect whatever pests you want to unearth or get rid of. Its low price makes it a nice supplement to existing programs, and PestPatrol Corporate Edition offers volume pricing for large organizations. Obviously, you can’t use it as a complete desktop security solution. But PestPatrol effectively identifies suspect programs and files that antivirus software packages are not designed to detect, many of which could cause various security concerns.


0 comments

Editor's Picks