lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3AF76382C31760418AF0FBFD84F714035D09D3@MI8NYCMAIL07.Mi8.com>
From: pwicks at oxygen.com (James Patterson Wicks)
Subject: Microsoft AntiSpyware - First Impressions

Thank you for the thorough examination and excellent review.  Your
timely information will provide more than enough data for senior
management to sign off on a limited deployment of the beta.  Since my
company has such a liberal surfing policy, deploying this tool to the
problem users (the "why do I keep getting popup ads" group) should
reduce the amout of time that the helpdesk spends cleaning systems.  We
also do not have to worry about violating LavaSoft licensing by using
Ad-Aware SE within the enterprise.

-----Original Message-----
From: full-disclosure-bounces@...ts.netsys.com
[mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf Of Mary
Landesman
Sent: Sunday, January 09, 2005 8:20 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Microsoft AntiSpyware - First Impressions

Running a competing product after a scan from another simply determines
whether the second product will false positive on leftover benign
registry
keys, folders, etc. Yes, it would be *nice* if all remants were removed,
but
that's not the reality with any of these products. Oftentimes, these
so-called 'infections' are empty folders or leftover registry keys that
no
longer have a file associated with them. The false postive rates in
these
products are extremely high and, I believe, lead to a perception that
adware/spyware is much more prevalent than it really is.

The real indicator is whether all active components of the infection are
removed. To do this requires isolating the startup vectors, active
processes, services, etc. and determining whether the product(s) being
tested effectively removes those. In other words, is the infection
effectively neutered such that it will no longer load/run?

Also, each of these products reports differently. For example, Ad-Aware
counts every individual key, file and folder as an 'object' whereas
Microsoft AntiSpyware and several others more conservatively (and I
feel,
more accurately) group keys, files, and folders associated with a
specific
adware/spyware as a single detection (in much the same manner as virus
scanners do).

I used the 'active' criteria described above to test MS AntiSpyware
against
180 Solutions, Avenue Media, BargainBuddy, BonziBuddy, Claria,
CoolWebSearch, Cydoor, Dashbar, Exact Searchbar, Hotbar, Huntbar
(WinTools),
Internet Optimizer, IST.SlotchBar, NEO, Troj_StartPage, WebSearch,
WhenUSearch, WinTools, Xrenoder, and Zango Search Assistant.

In my tests, MS AntiSpyware removed 91% of all active/startup components
compared to Ad-Aware at 65% and Spybot at 55%. I also broke it down by
category; MS AntiSpyware removed/corrected:

96% of processes running in memory
67% of start/search page modifications
100% of BHO/Toolbars
95% of startup vectors
100% of other (buttons/menu items, etc)

Interesting, though, that even though we used different criteria, the
results are the same - MS AntiSpyware provides better detection. (It is
important to note that CounterSpy uses the same Giant technology. In
fact,
many of the bugs/results being reported with MS AntiSpyware are also
true of
CounterSpy).

You can read my full review at:
http://antivirus.about.com/od/antivirussoftwarereviews/a/msantispy.htm

For those who don't want to be bothered with the ads, the most important
part of my review has already been posted in this message.

-- Mary


----- Original Message ----- 
From: "jerome.athias" <jerome.athias@...e.fr>
To: <full-disclosure@...ts.netsys.com>
Sent: Sunday, January 09, 2005 4:38 AM
Subject: RE: [Full-Disclosure] Microsoft AntiSpyware - First Impressions


You could be interested by an article so called "MS AntiSpyware vs
Ad-Aware
vs SpyBot"

http://www.flexbeta.net/main/articles.php?action=show&id=84&perpage=1&pa
genu
m=1

Regards,
Jerome

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ