[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <014401c4f6b2$8f373cb0$0e3eac18@MLANDE>
From: mlande at bellsouth.net (Mary Landesman)
Subject: Microsoft AntiSpyware - First Impressions
Running a competing product after a scan from another simply determines
whether the second product will false positive on leftover benign registry
keys, folders, etc. Yes, it would be *nice* if all remants were removed, but
that's not the reality with any of these products. Oftentimes, these
so-called 'infections' are empty folders or leftover registry keys that no
longer have a file associated with them. The false postive rates in these
products are extremely high and, I believe, lead to a perception that
adware/spyware is much more prevalent than it really is.
The real indicator is whether all active components of the infection are
removed. To do this requires isolating the startup vectors, active
processes, services, etc. and determining whether the product(s) being
tested effectively removes those. In other words, is the infection
effectively neutered such that it will no longer load/run?
Also, each of these products reports differently. For example, Ad-Aware
counts every individual key, file and folder as an 'object' whereas
Microsoft AntiSpyware and several others more conservatively (and I feel,
more accurately) group keys, files, and folders associated with a specific
adware/spyware as a single detection (in much the same manner as virus
scanners do).
I used the 'active' criteria described above to test MS AntiSpyware against
180 Solutions, Avenue Media, BargainBuddy, BonziBuddy, Claria,
CoolWebSearch, Cydoor, Dashbar, Exact Searchbar, Hotbar, Huntbar (WinTools),
Internet Optimizer, IST.SlotchBar, NEO, Troj_StartPage, WebSearch,
WhenUSearch, WinTools, Xrenoder, and Zango Search Assistant.
In my tests, MS AntiSpyware removed 91% of all active/startup components
compared to Ad-Aware at 65% and Spybot at 55%. I also broke it down by
category; MS AntiSpyware removed/corrected:
96% of processes running in memory
67% of start/search page modifications
100% of BHO/Toolbars
95% of startup vectors
100% of other (buttons/menu items, etc)
Interesting, though, that even though we used different criteria, the
results are the same - MS AntiSpyware provides better detection. (It is
important to note that CounterSpy uses the same Giant technology. In fact,
many of the bugs/results being reported with MS AntiSpyware are also true of
CounterSpy).
You can read my full review at:
http://antivirus.about.com/od/antivirussoftwarereviews/a/msantispy.htm
For those who don't want to be bothered with the ads, the most important
part of my review has already been posted in this message.
-- Mary
----- Original Message -----
From: "jerome.athias" <jerome.athias@...e.fr>
To: <full-disclosure@...ts.netsys.com>
Sent: Sunday, January 09, 2005 4:38 AM
Subject: RE: [Full-Disclosure] Microsoft AntiSpyware - First Impressions
You could be interested by an article so called "MS AntiSpyware vs Ad-Aware
vs SpyBot"
http://www.flexbeta.net/main/articles.php?action=show&id=84&perpage=1&pagenu
m=1
Regards,
Jerome
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists