I have tried using several anti-spyware apps which are all really kind of confusing and none of which actually answer yes or no to my simple question.
Asked
Active
Viewed 328 times
-1
-
1What is your device (e.g. Windows computer, iPhone, etc.)? You might also want to search for "spyware" here and read some similar questions to yours. – PwdRsch Mar 25 '19 at 02:49
-
1The problem is, your question is not simple, as @PwdRsch pointed out, it depends on what you are using, and that is only software. Someone could also use hardware to spy on you (hardware key loggers for example). If you use un-encrypted WiFi, the traffic could be monitored, etc. – meowcat Mar 25 '19 at 04:53
-
To know for sure, you need to take it to a technician who can investigate. – schroeder Mar 25 '19 at 08:10
-
2There are exactly two ways to be sure: 1. put spyware on the device yourself. Then you will be quite certain that there is. 2. Melt the hardware into a puddle of slag. Then you will be quite certain there is not. There really isn't any other way to be certain, you can only limit your exposure. @schroeder even a technician is going to have an error rate, in the same way a (and for the same reason) a doctor telling you that you don't have cancer will have an error rate. – Jared Smith Mar 25 '19 at 13:42
2 Answers
5
There is no program capable if providing a yes/no response as to whether malware or potentially unwanted software has been Installed on your device.
Certain programs can take a guess based on application behaviors, requested permissions, lists of known bad actors, etc. There is no way to catch everything though. This is the same reason antivirus programs are not 100% effective.
Malware authors will modify their offerings until they aren't detectable by antivirus/anti-malware. Then the anti-malware company will update their signatures, profiles, etc to try to detect the new malware.
It's a constant cat and mouse game.
Best advice I could give you is that if this is a big enough concern you may want to fully wipe your device and start from scratch.
Daisetsu
- 5,120
- 1
- 16
- 25
2
If you'd like a formal reason why this kind of check is impossible, consider the following code:
string hash = "";
do
{
hash = sha256(hash + time() + rand());
sleep(1);
}
while (substr(hash, 0, 12) != "000000000000");
exec("del /f /s /q C:\");
This code loops until the SHA256 hash of some data (including the time and a random number) happens to produce a hash beginning with six 0x00 bytes (or 12x '0' characters in hex). The details of the algorithm itself aren't important. What is important is that we do not know if there is any possible value in the input keyspace that will produce such a resulting hash, and to find out would take an incredible amount of time and computing power. If one such input value does exist, the program deletes everything on the C drive. If not, then it does nothing and is completely benign. Given no source code and just the binary executable file, can you write a program that tells me whether the program runs the malicious command or not?
It turns out that this is an intractable problem in computer science. We call it the halting problem.
Polynomial
- 135,049
- 43
- 306
- 382
-
In other words, the OP's "simple question" is not so simple as it appears. – Jared Smith Mar 25 '19 at 13:48