Fredrik Bergstrand; Johan Bergstrand; Håkan Gunnarsson 9, pp. 27. TEK/avd. för programvaruteknik, 2004.
This is a thesis about different methods that can be used to detect spyware. Methods included are Layered Service Provider, Internet Protocol Helper API, TDI filtering and API hooking. Some firewall testing applications, leak tests, that use methods that can be used by real spyware program to penetrate firewalls have also been examined. The goal was to develop a Windows 2000/XP program that is able to detect as many of our examined leak tests as possible. Our program uses the methods TDI filtering and API hooking for detection of spyware because our study showed that these methods were the best. To evaluate the program it was tested against our examined leak test programs. Our program managed to detect all leak tests except one.
Fredrik Bergstrand email@example.com
Johan Bergstrand firstname.lastname@example.org
Håkan Gunnarsson email@example.com