lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040612152637.Q10291@dekadens.coredump.cx>
From: lcamtuf at ghettot.org (Michal Zalewski)
Subject: PestPatrol (was: !! Internet Explorer !!)

On Sat, 12 Jun 2004, Syed Imran Ali wrote:

> Get Pest Petrol...

Hmm, I always thought PP is some sort of an elaborate scam ;-) Not relying
on Windows too badly, I never had to use the product, but PP page
frequently comes up when googling for weirdest things.  Consider these
"exploits" PP detects and removes:

http://www.safersite.org/PestInfo/i/ip_addressing.asp

  PestPatrol detects the harmful practice of "IP Addressing"? "In the past
  three months, we have received reports of IP addressing in United
  States." No kidding?

http://www.safersite.org/PestInfo/l/lcamtuf_na_export_pl.asp

  PestPatrol detects my (old) site as an "exploit" (?) - and, thank god,
  removes it. Note that other security-related pages are not on the list
  (and my old page did not really provide any exploit resources to
  start with), making this even more difficult to comprehend.

http://www.safersite.org/pestinfo/e/exploit.asp

  ???

Those are just three random examples in the "exploit" category. Plenty of
fairly harmless technical documents and programs that are NOT exploits,
some of them hardly related to security and abuse, are also on the list -
heck, even a whitepaper titled "CIFS Common Insecurities Fail Scrutiny" is
listed.

All in all, many of the issues PP seems to detect appear to be either
harmless (and hence appear as an attempt to increase signature count),
cryptic, or at best misclassified. Which does not necessarily the product
is bogus, but it does not look too professional either...

But then maybe it's better when it comes to detecting spyware.

-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2004-06-12 15:26 --

   http://lcamtuf.coredump.cx/photo/current/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ