Winpooch

Winpooch_0.6.4_Processes.png

Winpooch is a free and open source program that detects and blocks spyware from computers running Microsoft Windows. It also detects trojans and can associate with the ClamWin and BitDefender antivirus software to provide real-time protection.

As of version 0.6.0, kernel-mode hooking has been implemented through a kernel-mode driver, allowing Winpooch to monitor the Windows kernel and system services. It was, however, notorious for causing Blue Screens of Death.

Abilities of the latest version

provides multiple abilities that can be served for different purposes. Not all of them have to be used, depending on the needs of the user. In that way, some users can use it with certain abilities while keeping other programs for other abilities (for example, XP SP2 users could use for an outgoing firewall while keeping working with XP SP2's incoming firewall).

The main abilities are to control programs' attempts to:

  • Be executed ( can also virus scan any executed files first)
  • Be terminated
  • Read files ( can also virus scan any read files first)
  • Write files
  • Read the registry
  • Write into the registry
  • Listening to ports (i.e. opening up incoming ports as servers)
  • Connecting to other computers (i.e. opening up outgoing ports)
  • Sending information to other computers through outgoing ports
  • Constantly virus scanning selected folders with an internal/selected external virus scanner.

Rules

is based on path based rules (strictly the static paths of programs). For non defined actions (or actions for which the user asked to be notified), the choice the user is provided with is to Accept/Feign/Reject the action or to declare a specific rule for this action. If declaring a specific rule, the user can select whether the rule should be applied quietly, reported in a log or to the screen.

Blue Screen of Death

The kernel level v0.6.0 introduced a problem of constant Blue Screens of Death. The problem resulted from Winpooch's opt-in approach for kernels - it could only simulate pre-programmed kernels. Each new version since v0.6.0 reduced the number of kernels that were still not simulated well, but certain kernels still can't currently work with the program.

See also

  • ClamWin

de:Winpooch es:Winpooch fr:Winpooch ku:Winpooch pt:Winpooch

See Also

EAcceleration

''Not to be confused with the PHP optimizer eAccelerator. eAcceleration, or eAcceleration Corp., is...

Bugoff

Bugoff is a small anti-spyware application that disables several commonly unused functionalities of...

EBox

eBox Platform is an open source distribution and development framework, based on the Linux...

CWShredder

CWShredder is a program that runs on Microsoft Windows for removing the CoolWebSearch family of...

IPCop

IPCop_Logo.gif {{ infobox OS | name = IPCop | logo = | developer = IPCop team | family = Linux |...