The opinions expressed herein are entirely my own and do not represent the opinions of any other entity with which I am affiliated. Opinions expressed in comments and trackbacks are those of their respective authors and do not necessarily reflect my own point of view.
All works are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.
© Copyright 2006-2009 MalwareTeks
Straight from TomCoyote.org
Merijn, the creator of HijackThis ™ recently sold the popular application used to remove malware to Trend Micro™. In addition to improvements like support for Windows Vista™, they’ve added a deceptively titled “AnalyzeThis” button. While the average user likely thinks the AnalyzeThis button provides helpful information for diagnosing their log.
That is certainly interesting.
MalwareTeks is still considering the use of HijackThis v2 from Trend Micro. As Blair points out in his article it is somewhat necessary for Vista users as HijackThis v1.99.1 doesn’t support Vista.
Yes, there are alternatives to HijackThis and we are consider these programs in lieu of HijackThis.
XHTML:
More Options ...
Categories
Tag Cloud
Blog RSS
Comments RSS
Void « Default
Life 
Earth 
Wind 
Water 
Fire Light
Previous: 
Next: 
Comment Meta:
Last 50 Posts 
Back
12:33 pm - July 31st, 2007
IMO calling it spyware is stretching the definition of what that word means to most of the community. There are several other reputable programs that have some sort of upload function. Some are for false positive reporting, others for submitting possible malicious files. What Trend Micro has done is really no different.
The thing doesn’t work or didn’t when I tried it. It did nothing. I could get behind addressing that issue.
I think it could be detrimental in the hands of a inexperienced person, but so can the older versions. HiJack This! has always been a tool if used improperly there is/was chance of disaster.
I have actually used it since it was still in beta at Malwarebytes. Marcin instructs users to install and scan with it to remove the 022 lines not shown in older versions. I found no problems.
There is a ruckus amongst the forums and most comments I’ve seen are opposing Blair’s opinion.
http://www.castlecops.com/postlite196457-.html
http://www.dslreports.com/foru.....ould-it-be
7:17 pm - July 31st, 2007
I didn’t spend a lot of time analyzing what Blair had to say about the matter, last night; but, ….
Yes, labeling HijackThis as Spyware, because of the submission of a HJT log to TrendSecure, is a bit of a stretch. Many different respected tools submit data for analysis to a web site, in one form or fashion, already. It’s what they do with that data is of concern. As near as I can tell only the log is uploaded and no other data, other than that necessary to make the connection and transfer, are sent to TrendSecure.
As, pointed out in the links you provided, this isn’t much different than people publicly posting their logs on helper forums.
The only way personally identifiable information will be visible to a third-party is when HijackThis is not installed in it’s default location and installed some place like My Documents, the Desktop or within the Documents and Settings folder of the logged on user; or an instance of a piece of software or malware that autoruns from within the Documents and Settings folder of the logged on user.
I looked at the stats page, and agree with Blair that it is pretty useless. By pressing the Analyze This button, I would expect that the log was being uploaded to some type of online analysis tool. Which, IMO anyone other than an expert viewing the results and actioning items based on the scan is playing Russian Roulette.