[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3AF76382C31760418AF0FBFD84F714035D09D3@MI8NYCMAIL07.Mi8.com>
From: pwicks at oxygen.com (James Patterson Wicks)
Subject: Microsoft AntiSpyware - First Impressions
Thank you for the thorough examination and excellent review. Your
timely information will provide more than enough data for senior
management to sign off on a limited deployment of the beta. Since my
company has such a liberal surfing policy, deploying this tool to the
problem users (the "why do I keep getting popup ads" group) should
reduce the amout of time that the helpdesk spends cleaning systems. We
also do not have to worry about violating LavaSoft licensing by using
Ad-Aware SE within the enterprise.
-----Original Message-----
From: full-disclosure-bounces@...ts.netsys.com
[mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf Of Mary
Landesman
Sent: Sunday, January 09, 2005 8:20 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Microsoft AntiSpyware - First Impressions
Running a competing product after a scan from another simply determines
whether the second product will false positive on leftover benign
registry
keys, folders, etc. Yes, it would be *nice* if all remants were removed,
but
that's not the reality with any of these products. Oftentimes, these
so-called 'infections' are empty folders or leftover registry keys that
no
longer have a file associated with them. The false postive rates in
these
products are extremely high and, I believe, lead to a perception that
adware/spyware is much more prevalent than it really is.
The real indicator is whether all active components of the infection are
removed. To do this requires isolating the startup vectors, active
processes, services, etc. and determining whether the product(s) being
tested effectively removes those. In other words, is the infection
effectively neutered such that it will no longer load/run?
Also, each of these products reports differently. For example, Ad-Aware
counts every individual key, file and folder as an 'object' whereas
Microsoft AntiSpyware and several others more conservatively (and I
feel,
more accurately) group keys, files, and folders associated with a
specific
adware/spyware as a single detection (in much the same manner as virus
scanners do).
I used the 'active' criteria described above to test MS AntiSpyware
against
180 Solutions, Avenue Media, BargainBuddy, BonziBuddy, Claria,
CoolWebSearch, Cydoor, Dashbar, Exact Searchbar, Hotbar, Huntbar
(WinTools),
Internet Optimizer, IST.SlotchBar, NEO, Troj_StartPage, WebSearch,
WhenUSearch, WinTools, Xrenoder, and Zango Search Assistant.
In my tests, MS AntiSpyware removed 91% of all active/startup components
compared to Ad-Aware at 65% and Spybot at 55%. I also broke it down by
category; MS AntiSpyware removed/corrected:
96% of processes running in memory
67% of start/search page modifications
100% of BHO/Toolbars
95% of startup vectors
100% of other (buttons/menu items, etc)
Interesting, though, that even though we used different criteria, the
results are the same - MS AntiSpyware provides better detection. (It is
important to note that CounterSpy uses the same Giant technology. In
fact,
many of the bugs/results being reported with MS AntiSpyware are also
true of
CounterSpy).
You can read my full review at:
http://antivirus.about.com/od/antivirussoftwarereviews/a/msantispy.htm
For those who don't want to be bothered with the ads, the most important
part of my review has already been posted in this message.
-- Mary
----- Original Message -----
From: "jerome.athias" <jerome.athias@...e.fr>
To: <full-disclosure@...ts.netsys.com>
Sent: Sunday, January 09, 2005 4:38 AM
Subject: RE: [Full-Disclosure] Microsoft AntiSpyware - First Impressions
You could be interested by an article so called "MS AntiSpyware vs
Ad-Aware
vs SpyBot"
http://www.flexbeta.net/main/articles.php?action=show&id=84&perpage=1&pa
genu
m=1
Regards,
Jerome
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.
Powered by blists - more mailing lists