lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: pwicks at oxygen.com (James Patterson Wicks) Subject: Microsoft AntiSpyware - First Impressions Thank you for the thorough examination and excellent review. Your timely information will provide more than enough data for senior management to sign off on a limited deployment of the beta. Since my company has such a liberal surfing policy, deploying this tool to the problem users (the "why do I keep getting popup ads" group) should reduce the amout of time that the helpdesk spends cleaning systems. We also do not have to worry about violating LavaSoft licensing by using Ad-Aware SE within the enterprise. -----Original Message----- From: full-disclosure-bounces@...ts.netsys.com [mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf Of Mary Landesman Sent: Sunday, January 09, 2005 8:20 PM To: full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] Microsoft AntiSpyware - First Impressions Running a competing product after a scan from another simply determines whether the second product will false positive on leftover benign registry keys, folders, etc. Yes, it would be *nice* if all remants were removed, but that's not the reality with any of these products. Oftentimes, these so-called 'infections' are empty folders or leftover registry keys that no longer have a file associated with them. The false postive rates in these products are extremely high and, I believe, lead to a perception that adware/spyware is much more prevalent than it really is. The real indicator is whether all active components of the infection are removed. To do this requires isolating the startup vectors, active processes, services, etc. and determining whether the product(s) being tested effectively removes those. In other words, is the infection effectively neutered such that it will no longer load/run? Also, each of these products reports differently. For example, Ad-Aware counts every individual key, file and folder as an 'object' whereas Microsoft AntiSpyware and several others more conservatively (and I feel, more accurately) group keys, files, and folders associated with a specific adware/spyware as a single detection (in much the same manner as virus scanners do). I used the 'active' criteria described above to test MS AntiSpyware against 180 Solutions, Avenue Media, BargainBuddy, BonziBuddy, Claria, CoolWebSearch, Cydoor, Dashbar, Exact Searchbar, Hotbar, Huntbar (WinTools), Internet Optimizer, IST.SlotchBar, NEO, Troj_StartPage, WebSearch, WhenUSearch, WinTools, Xrenoder, and Zango Search Assistant. In my tests, MS AntiSpyware removed 91% of all active/startup components compared to Ad-Aware at 65% and Spybot at 55%. I also broke it down by category; MS AntiSpyware removed/corrected: 96% of processes running in memory 67% of start/search page modifications 100% of BHO/Toolbars 95% of startup vectors 100% of other (buttons/menu items, etc) Interesting, though, that even though we used different criteria, the results are the same - MS AntiSpyware provides better detection. (It is important to note that CounterSpy uses the same Giant technology. In fact, many of the bugs/results being reported with MS AntiSpyware are also true of CounterSpy). You can read my full review at: http://antivirus.about.com/od/antivirussoftwarereviews/a/msantispy.htm For those who don't want to be bothered with the ads, the most important part of my review has already been posted in this message. -- Mary ----- Original Message ----- From: "jerome.athias" <jerome.athias@...e.fr> To: <full-disclosure@...ts.netsys.com> Sent: Sunday, January 09, 2005 4:38 AM Subject: RE: [Full-Disclosure] Microsoft AntiSpyware - First Impressions You could be interested by an article so called "MS AntiSpyware vs Ad-Aware vs SpyBot" http://www.flexbeta.net/main/articles.php?action=show&id=84&perpage=1&pa genu m=1 Regards, Jerome _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.
Powered by blists - more mailing lists