lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <014401c4f6b2$8f373cb0$0e3eac18@MLANDE>
From: mlande at bellsouth.net (Mary Landesman)
Subject: Microsoft AntiSpyware - First Impressions

Running a competing product after a scan from another simply determines
whether the second product will false positive on leftover benign registry
keys, folders, etc. Yes, it would be *nice* if all remants were removed, but
that's not the reality with any of these products. Oftentimes, these
so-called 'infections' are empty folders or leftover registry keys that no
longer have a file associated with them. The false postive rates in these
products are extremely high and, I believe, lead to a perception that
adware/spyware is much more prevalent than it really is.

The real indicator is whether all active components of the infection are
removed. To do this requires isolating the startup vectors, active
processes, services, etc. and determining whether the product(s) being
tested effectively removes those. In other words, is the infection
effectively neutered such that it will no longer load/run?

Also, each of these products reports differently. For example, Ad-Aware
counts every individual key, file and folder as an 'object' whereas
Microsoft AntiSpyware and several others more conservatively (and I feel,
more accurately) group keys, files, and folders associated with a specific
adware/spyware as a single detection (in much the same manner as virus
scanners do).

I used the 'active' criteria described above to test MS AntiSpyware against
180 Solutions, Avenue Media, BargainBuddy, BonziBuddy, Claria,
CoolWebSearch, Cydoor, Dashbar, Exact Searchbar, Hotbar, Huntbar (WinTools),
Internet Optimizer, IST.SlotchBar, NEO, Troj_StartPage, WebSearch,
WhenUSearch, WinTools, Xrenoder, and Zango Search Assistant.

In my tests, MS AntiSpyware removed 91% of all active/startup components
compared to Ad-Aware at 65% and Spybot at 55%. I also broke it down by
category; MS AntiSpyware removed/corrected:

96% of processes running in memory
67% of start/search page modifications
100% of BHO/Toolbars
95% of startup vectors
100% of other (buttons/menu items, etc)

Interesting, though, that even though we used different criteria, the
results are the same - MS AntiSpyware provides better detection. (It is
important to note that CounterSpy uses the same Giant technology. In fact,
many of the bugs/results being reported with MS AntiSpyware are also true of
CounterSpy).

You can read my full review at:
http://antivirus.about.com/od/antivirussoftwarereviews/a/msantispy.htm

For those who don't want to be bothered with the ads, the most important
part of my review has already been posted in this message.

-- Mary


----- Original Message ----- 
From: "jerome.athias" <jerome.athias@...e.fr>
To: <full-disclosure@...ts.netsys.com>
Sent: Sunday, January 09, 2005 4:38 AM
Subject: RE: [Full-Disclosure] Microsoft AntiSpyware - First Impressions


You could be interested by an article so called "MS AntiSpyware vs Ad-Aware
vs SpyBot"

http://www.flexbeta.net/main/articles.php?action=show&id=84&perpage=1&pagenu
m=1

Regards,
Jerome

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ