Show simple item record

dc.contributor.advisorSelçuk, A. Aydınen_US
dc.contributor.authorBozağaç, Cumhur Doruken_US
dc.date.accessioned2016-07-01T11:07:32Z
dc.date.available2016-07-01T11:07:32Z
dc.date.issued2006
dc.identifier.urihttp://hdl.handle.net/11693/29866
dc.descriptionCataloged from PDF version of article.en_US
dc.description.abstractSpyware is a significant problem for most computer users. In public, the term spyware is used with the same meaning as adware, a kind of malicious software used for showing advertisements to the user against his will. Spyware programs are also known for their tendency to hide their presence, but advanced stealth techniques used to be either nonexistent or relatively primitive in terms of effectiveness. In other words, most of the spyware programs were efficient at spying but not very efficient at hiding. This made spyware easily detectable with simple file-scanning and registry-scanning techniques. New spyware programs have merged with rootkits and gained stealth abilities, forming spyware with advanced stealth techniques. In this work we focus on this important subclass of spyware, namely ghostware. Ghostware programs hide their resources from the Operating System Application Programming Interfaces that were designed to query and enumerate them. The resources may include files, Windows Registry entries, processes, and loaded modules and files. In this work, we enumerated these hiding techniques and studied the stealth detection methodologies. We also investigated the effectiveness of the hiding techniques against popular anti-virus programs and anti-spyware programs together with publicly available ghostware detection and rootkit detection tools. The results show that, anti-virus programs or anti-spyware programs are not effective for detecting or removing ghostware applications. Hidden object detection or rootkit detection tools can be useful, however, these tools can only work after the computer is infected and they do not provide any means for removing the ghostware. As a result, our work shows the need for understanding the potential dangers and applications of ghostware and implementing new detection and prevention tools.en_US
dc.description.statementofresponsibilityBozağaç, Cumhur Doruken_US
dc.format.extentxi, 51 leaves, illurtrationsen_US
dc.language.isoEnglishen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectSpywareen_US
dc.subjectGhostwareen_US
dc.subjectRootkiten_US
dc.subjectStealthen_US
dc.subjectDetectionen_US
dc.subject.lccQA76.9.A25 B79 2006en_US
dc.subject.lcshComputer security.en_US
dc.titleGhostware and rootkit detection techniques for windowsen_US
dc.typeThesisen_US
dc.departmentDepartment of Computer Engineeringen_US
dc.publisherBilkent Universityen_US
dc.description.degreeM.S.en_US
dc.identifier.itemidBILKUTUPB100071


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record