Long History of WinPatrol – 15 Years Old

One night this week I ran into a discussion debating what was considered the first Anti-Spyware program for consumers.  As usual WinPatrol wasn’t considered since we don’t provide traditional scans, or signature files that typify Anti-Virus programs.  According to an article published by Security-FAQS.com, the first program to tackle Spyware was Steve Gibson’s OptOut in 2000.  I’m a huge fan of Steve and being the first isn’t his claim.

I’m not sure everyone on Twitter believed that WinPatrol was first released  in 1997.  Ironically, our discussion was the exact anniversary of Scotty the Windows Watch Dog which was available to anyone on November 19th, 1997. I know the exact date because, at the advise of a lawyer for an unrelated program, I publish the release date on the bottom of the main web page.

After a little research, the oldest page I could find was for WinPatrol 2.2, My recommendation and thanks to the long time popular Internet Archive Wayback Machine.

The Internet Archive included a web page from May 7th, 1999 which includes a description of WinPatrol 2.2 and our features at that time.

Click Image to view entire page.

Spyware and Adware Prevention
As described here WinPatrol has always included features designed to detect and remove the behavior of Adware and Spyware. It monitored startup locations that malware needed to reside on your computer. Like Windows Task Manager, it allowed users to kill tasks but WinPatrol allowed multiple selection so partner tasks could be removed with a single click.  Users could manage and delete adware cookies which were a very common concern at the time. It even included a WhoIs feature allowing users to verify the owner of a web domain before accepting an invitation to go to a new web page.

BirthdayWare
At the top of the archived page is a link that described WinPatrol’s unique use policy. WinPatrol was free to use but on my birthday, a message popped up requesting an Email.

From May 1999 web page…

When I created WinPatrol it was for my own personal use.  As I continued to add features I gave to friends and family.  Eventually, I published it here on the web for everyone to use free of charge. Just for a new twist I decided to make WinPatrol "BirthdayWare". WinPatrol users found out on April 24 what BirthdayWare was when Scotty popped up inviting you to wish me a Happy Birthday. The results today indicate BirthdayWare might be the best way to develop software yet.

While I'm sure it startled a few, your responses has made this day one of the greatest birthdays ever!  When the E-mail started to come in on April 23rd, I wondered how so many people could have their dates set wrong on the computers. Then I realized, Duh, it was already the 24th in so many other countries. Scotty the Windows Watch Dog is truly an international traveler.

Eventually, I had to stop including the BirthdayWare message. It did make my birthdays fun for a couple years but the volume of Email became overwhelming. The main problem was many fans would take the time to go to one of the online card sites/ While this was a nice gesture, the greeting card sites were one of the easiest ways to get infected with adware that required WinPatrol to remove it.

It Happens To Anyone
Just like the popularity of Facebook now attracts malware distributers, in the 90’s American Online users were targeted by programs designed to steal their password and take over accounts.  A friend who worked at AOL had her account compromised and since I was in her address book, a routine Email with an attachment was sent to me. Even though I was suspicious I downloaded what claimed to be a text file. On opening the text file a familiar message appeared. It said something like, “This file is too large for Notepad to open. Would you like to use WordPad to read this file?”

While Notepad is a simple text editor, WordPad was OLE Compliant which meant files could include executable objects.  As soon as I clicked “Yes” my brain in slow motion was shouting, “Noooooooooooo…”
Sure enough, the file included a very sophisticated and evil OLE(now called ActiveX) object. When I called AOL Support for help, they insisted I must format my hard drive.  Naturally, I wasn’t about to do that and knew there was a better way.

And WinPatrol was Born
Using what tools were available at the time, along with experience, I was able to find three separate locations where this infiltrator had created startup entries so multiple program would not be removed.
1) In the Win.INI file(no longer used) was a section called [windows] that included “run=” or “load=” command. The attacker used the trick of putting over 100 blank spaces before the “run=” and virus name so even standard admin tools didn’t show it.
2) Another program was added to one of most common autorun locations:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3) And lastly to fool simple users a shortcut .lnk file was added to the Startup folder.
Once I removed all these changes I rebooted with all threats disabled. It was a then a simple matter to delete any files which were part of the attack.

It became obvious to me that any attack would include certain behaviors including the attempt to run on reboot and to hide companion programs. This led to the creation of WinPatrol so I would never have to deal again with idiots telling me to format my hard driver.

WinPatrol PLUS
One mistake I made was not realizing how huge and insidious adware and spyware would become.  In 2002, a friend at Epson America convinced me to create a premium version of WinPatrol to help defray the costs. I had no idea how much WinPatrol would take over my life and never considered creating an actual business plan.

So, after 15 years I’m thankful to everyone who has shared WinPatrol with their friends and family. Special thanks those who have written about WinPatrol and those who have upgraded to WinPatrol PLUS so I could continue making WinPatrol available to everyone around the world.