| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mlande at bellsouth.net (Mary Landesman) Subject: Microsoft AntiSpyware - First Impressions Running a competing product after a scan from another simply determines whether the second product will false positive on leftover benign registry keys, folders, etc. Yes, it would be *nice* if all remants were removed, but that's not the reality with any of these products. Oftentimes, these so-called 'infections' are empty folders or leftover registry keys that no longer have a file associated with them. The false postive rates in these products are extremely high and, I believe, lead to a perception that adware/spyware is much more prevalent than it really is. The real indicator is whether all active components of the infection are removed. To do this requires isolating the startup vectors, active processes, services, etc. and determining whether the product(s) being tested effectively removes those. In other words, is the infection effectively neutered such that it will no longer load/run? Also, each of these products reports differently. For example, Ad-Aware counts every individual key, file and folder as an 'object' whereas Microsoft AntiSpyware and several others more conservatively (and I feel, more accurately) group keys, files, and folders associated with a specific adware/spyware as a single detection (in much the same manner as virus scanners do). I used the 'active' criteria described above to test MS AntiSpyware against 180 Solutions, Avenue Media, BargainBuddy, BonziBuddy, Claria, CoolWebSearch, Cydoor, Dashbar, Exact Searchbar, Hotbar, Huntbar (WinTools), Internet Optimizer, IST.SlotchBar, NEO, Troj_StartPage, WebSearch, WhenUSearch, WinTools, Xrenoder, and Zango Search Assistant. In my tests, MS AntiSpyware removed 91% of all active/startup components compared to Ad-Aware at 65% and Spybot at 55%. I also broke it down by category; MS AntiSpyware removed/corrected: 96% of processes running in memory 67% of start/search page modifications 100% of BHO/Toolbars 95% of startup vectors 100% of other (buttons/menu items, etc) Interesting, though, that even though we used different criteria, the results are the same - MS AntiSpyware provides better detection. (It is important to note that CounterSpy uses the same Giant technology. In fact, many of the bugs/results being reported with MS AntiSpyware are also true of CounterSpy). You can read my full review at: http://antivirus.about.com/od/antivirussoftwarereviews/a/msantispy.htm For those who don't want to be bothered with the ads, the most important part of my review has already been posted in this message. -- Mary ----- Original Message ----- From: "jerome.athias" <jerome.athias@...e.fr> To: <full-disclosure@...ts.netsys.com> Sent: Sunday, January 09, 2005 4:38 AM Subject: RE: [Full-Disclosure] Microsoft AntiSpyware - First Impressions You could be interested by an article so called "MS AntiSpyware vs Ad-Aware vs SpyBot" http://www.flexbeta.net/main/articles.php?action=show&id=84&perpage=1&pagenu m=1 Regards, Jerome _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists