Q&A Can a antimalware software detect a spyware that steals data?

vuslatr

New Member
Mar 6, 2021
1
For example, Potplayer is famous media player and I controlled it on my Malwarebytes Firewall Control. I noticed that this program requests outbound internet connection a lot. And there are many such famous software like this. What I'm curious about is this: For example, If the Potplayer developers want to send the my txt files from my Desktop dictionary to their own server, will they be able to do that? Will Windows or antivirus software stop this?

Potplayer is just one example. Many well-known programs are like that.

Note: I don't ask how to protect myself from this. I just wonder how this is theoretically possible.
 

SecureKongo

Level 21
Verified
Malware Tester
Feb 25, 2017
1,058
There are a lot of different types of spyware. As you may have seen many AV's have some kind of Keylogger or webcam protection to stop such spyware attacks. Now to the example that you are mentioning. Every good AV will have signatures for every kind of Malware, this also includes spyware. Sophos Home which I am using for example does have keylogger protection, webcam protection and Malicious Traffic Detection, which blocks outbound and inbound connections to malicious hosts. A Firewall however normally doesn't detect suspicious behaviour of a file and needs you to decide between blocking or allowing it's connection in- or outbound. Be careful tho, because Windows Firewall doesn't block outbound traffic by default, which makes it easier for spyware to contact their own server again and send pontential stolen data from your device without you even noticing it. In the end the best protection from spyware is the same as for every other kind of Malware. Be careful online and only run files from trusted sources. If you are looking for a good firewall that has its focus on preventing spyware attacks, then you might want to go with SpyShelter. It will be very instrusive in the first few days but will become more quiet when all the rules are set for the exisiting software on your device.

Here is the link to SpyShelter: The best anti keylogger program for Windows
 
Last edited:

TairikuOkami

Level 31
Verified
Content Creator
May 13, 2017
2,074

silversurfer

Level 73
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,237
For example, Potplayer is famous media player and I controlled it on my Malwarebytes Firewall Control. I noticed that this program requests outbound internet connection a lot. And there are many such famous software like this. What I'm curious about is this: For example, If the Potplayer developers want to send the my txt files from my Desktop dictionary to their own server, will they be able to do that? Will Windows or antivirus software stop this?

Potplayer is just one example. Many well-known programs are like that.

Note: I don't ask how to protect myself from this. I just wonder how this is theoretically possible.

Theoretically, every software is able to send data from you. we can block all outbound connections via Firewall, but that doesn't mean it's impossible to bypass the sense of Firewall (injection into trusted system processes or trusted other software).
But the question is why developers of well-known software should trying to fool users, the biggest user base is a way to earn money from sponsors without to provide paid software only...

Doubtful that every AV always monitoring any "suspicious" action of well-known signed software as the file hash is probably whitelisted by AV.
 

Frib004

Level 2
Nov 17, 2018
55
Windows includes keyloggers by default
Do you have a proof that MS steals user data to make this statement?
For example, Potplayer is famous media player and I controlled it on my Malwarebytes Firewall Control. I noticed that this program requests outbound internet connection a lot. And there are many such famous software like this. What I'm curious about is this: For example, If the Potplayer developers want to send the my txt files from my Desktop dictionary to their own server, will they be able to do that? Will Windows or antivirus software stop this?

Potplayer is just one example. Many well-known programs are like that.

Note: I don't ask how to protect myself from this. I just wonder how this is theoretically possible.
This is the reason that you need use good security solutions, because they care for the security of their users.
 

AtlBo

Level 27
Verified
Content Creator
Dec 29, 2014
1,699
Ultimately, that's a tough question, but if the software is signed and trusted by a-vs probably the answer is there is no protection against spyware except firewalling as a preventative practice. Spying is risky for a developer, however. If a-v companies find out, it would be curtains for the dev.

Comodo Firewall is still good protection against firewall threats. I block all programs from internet access the first time there is an alert. I will then update manually or in some rare cases go back and allow the connection if it is related to a necessary feature of the program (i.e. DropBox etc.). Otherwise, HIPS does a good job of protecting from the spyware type of control that concerns you, except that in the case you mention, the software will be signed by a "trusted" vendor. I don't think CF HIPS flags any activities of a trusted software...
 

TairikuOkami

Level 31
Verified
Content Creator
May 13, 2017
2,074
Keyloggers don't necessarily "steal" data.
Exactly, Windows logs everything users type, say, search, etc. Of course, it can be disabled, but it is opt-out. I do not understand, why are people always surprised about this.
Google can read your emails to improve services, but because of a privacy backslash, it has recently updated its EULA, so it asks people to enable smart features first.


Do you have a proof that MS steals user data to make this statement?
MS provides pretty detailed info about all features, if you go through settings, there is always "Privacy statement" link on the right with the description.

When you use Microsoft’s cloud-based speech recognition technologies, Microsoft collects and uses your voice recordings to create a text transcription of the spoken words in the voice data. To learn more about how Microsoft manages your voice data, see Speech recognition technologies.
You can use device-based speech recognition without sending your voice data to Microsoft. ...
Your typed and handwritten words are collected to provide you with: a personal dictionary, better character recognition to help you type and write on your device, and text suggestions that appear as you type or write. You can turn off Inking & typing personalization at any time.
 

Marko :)

Level 19
Verified
Aug 12, 2015
909
Let's not forget how SmartScreen still collects full URLs of visited websites and full download links for every downloaded file.

I mean, come on Microsoft. It's 2021; time to change the SmartScreen for better.
 
  • Like
Reactions: Nevi and venustus

Spawn

Administrator
Verified
Staff member
Jan 8, 2011
21,111
Do you have a proof that MS steals user data to make this statement?
It was all FUD. A clickbait article gone viral for traffic views and paid clicks - similar to all tabloid websites.

This was in regards to the release of "Windows 10 RTM Technical Preview" back in 2015.


Users still rabbit on about it, whilst continuing to use Windows 10. It's comical.
 

Frib004

Level 2
Nov 17, 2018
55
It was all FUD. A clickbait article gone viral for traffic views and paid clicks - similar to all tabloid websites.

This was in regards to the release of "Windows 10 RTM Technical Preview" back in 2015.


Users still rabbit on about it, whilst continuing to use Windows 10. It's comical.
Yes, I know. Unfortunately users share these information as truth.
 

Gandalf_The_Grey

Level 48
Verified
Trusted
Content Creator
Apr 24, 2016
3,766
Posted by JRViejo at wilders:
 

roger_m

Level 33
Verified
Content Creator
Dec 4, 2014
2,293
Oh God! One still can, can't one?
I do it very regularly. You can either upgrade from Windows 7, 8, or do a clean install and activate it with a valid Windows 7 or 8 product key. You get a digital license, which means you can reinstall Windows without needing a product key. When the computer is online, Microsoft will recognise the hardware ID and automatically activate it.
 

Marko :)

Level 19
Verified
Aug 12, 2015
909
I think the upgrade from Windows 7/8 to Windows 10 actually still free.
I can confirm it is. In fact, some pirated copies of Windows can be upgraded too.

Why is free upgrade still working? Well, a Microsoft employee once said on Reddit that the company knows about it, but it never bothered to stop it. After all, Windows is just small chunk of Microsoft's revenue and it wouldn't make sense to stop the offer if they had a clear goal of all PCs running Windows 10.
 
Top