PRODUCT REVIEW
Phileas Project Uses Bots To Ferret Out Spyware

A new search technology by Webroot Software takes a proactive approach to protecting computer users from spyware. It uses bots to find spyware buried deep within distribution centers.

Armed with the results of this robotic reconnaissance on the Web, Webroot engineers are able to build in better defenses and alerts, making its spyware definitions database more capable of protecting customers' computers from identity theft and other intrusive attacks.

Called "Phileas," the system is the anti-spyware industry's first automated spyware research system designed specifically to root out and identify spyware anywhere on the Web. Webroot markets an industry-leading anti-spyware package, SpySweeper 3.5.

Fast, Comprehensive

"Phileas was designed to find new threats," Richard Stiennon, Webroot Vice President for Threat Research, told TechNewsWorld.

Webroot introduced Phileas January 10 and claims it is a significant advance in the battle against spyware. It identifies spyware, adware and other types of potentially unwanted software faster and is more comprehensive than any other current research method.

Stiennon said his company began looking for better methods of dealing with spyware last year when it became obvious that new spyware is always going to be available.

The company was hiring more workers to find threats and update the signature database. The obvious solution was to figure out how to automate the process of finding spyware before it found victims.

The result is a system that deploys software bots to search out spyware where it lives.

"Spyware sits on servers. So we use methods similar to Google's (Nasdaq: GOOG) to find content on Web sites," Stiennon said.

In essence, Webroot's engineers put their own form of Web crawlers to work to find Web sites that harbor spyware.

"It certainly is an improvement over previously existing passive methods of dealing with spyware," Stiennon said.

Highly Successful

Now instead of hiring more workers to deal with spyware issues manually, Webroot buys more computers to contain the spreading signature database.

Stiennon said his company presently has 60 computers processing spyware information. He predicted needing a compliment of 100 computers dedicated to that purpose to complete the Phileas hardware.

"This new technology represents the migration of spyware research from secondary research to primary research and now to an automated technology-based research," Webroot CEO David Moll said.

"Unlike other security research techniques which rely on 'honey-pots' and other passive threat data collection methodologies, this system is designed specifically for the active pursuit of spyware and potentially for other security threats," he said.

The new system uncovers spyware deeply embedded on Web sites before consumers can unwittingly infect their computers. This ensures that Webroot Spy Sweeper customers are protected before spyware ever has a chance to attack.

How It Works

The system uses a small army of "bots" to continuously comb the Web. They look for the latest and most lethal spyware and its HTML sources.

The bots identify and archive the HTML sources and URLs in the Webroot spyware definition database. Webroot officials said their database is the largest and most accurate catalog of spyware definitions available, dating back to 2002.

New definition updates are then developed by the Webroot Threat Research Team and distributed to Webroot customers. SpySweeper logs onto Webroot's servers to download the latest spyware definitions.

"The leverage Webroot gains through the automation of this research is phenomenal," Richard Stiennon, vice president of Threat Research, said. "We estimate that one hour of automated research is the equivalent of 10 work-days of manual research, casting a wider net, visiting millions of sites per day and finding spyware before it reaches the computing public."

Product Details

The first production use of the system in October showed immediate results, helping Webroot identify more than 20,000 sites used to deploy spyware through drive-by downloads, as well as several new spyware variants. By this month, Webroot will deploy more than 100 bots online to track all forms of spyware and adware, with each bot visiting as many as 10 URLs per second.

Webroot Spy Sweeper v3.5 boasts a 30 percent increase in sweep speed and has additional shields to prevent spyware infections. It also has the ability to detect and remove Cool Web Search's NS3 variant, one of the most malicious and destructive types of spyware.

Phileas is a tool that is part of Webroot's work process to build up the anti-spyware infrastructure. It is not a separate product.

"It finds 300 new pieces of spyware per day," Stiennon said.