[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000a01c5dd45$080081a0$45fde850@ddt2d2b883c4a1>
Date: Sun Oct 30 11:28:37 2005
From: valdis at antivirus.lv (Valdis Shkesters)
Subject: Re: Microsoft AntiSpyware falling furtherbehind
But I classify anti-spyware programs in one encampment only -
composed of unneeded programs. Does identification of so called
spyware technically differ from identification of usual computer
virus or worm? No.
Is that which now is called spyware
(http://antispywarecoalition.org/documents/definitions.htm) within
sphere detected by antiviruses? Yes, it is, with exception of tracking
cookies.
I for many years use antivirus which excellently detects all classes
of harmful programs. Within last year, using the same antivirus,
I have found very large number of active harmful programs
(which are called spyware by many) in several hundreds of
infected computers. And at least one third of these computers
had installed the so called anti-spyware.
>From the point of view of an average user until now the word "virus"
was synonym for all harmful programs. Now for large part of them
the name "spyware" has been introduced. Why? In order to get
money - for antivirus and anti-spyware? Then we will see
anti-crimeware tomorrow and anti-terrorware - the day after tomorrow.
Best regards,
Valdis
----- Original Message -----
From: "Nick FitzGerald" <nick@...us-l.demon.co.uk>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Saturday, October 29, 2005 2:42 PM
Subject: Re: [Full-disclosure] Re: Microsoft AntiSpyware falling
furtherbehind
> Valdis Shkesters wrote:
>
>> At first you can take look here http://secunia.com/product/4256/.
>>
>> This summer German magazine ComputerBild compared several
>> popular antispyware products. Test results are available in the forum
>> http://www.rokop-security.de/lofiversion/index.php/t8810.html.
>> Scrolling through detailed figures by categories of harmful programs
>> can be seen. I warn that the figures may be very unpleasant for fans
>> of some products.
>
> ...which may simply reflect that they are shite tests, rather than
> anything especially meaningful about the products??
>
> As a rule, "anti-spyware" products fall into one of two camps:
>
> 1. "Never mind the quality, feel the width" -- you can usually pick
> these because their advertising lays heavy stress on the 43 quadrillion
> spyware items they claim to detect. These products will remove 17
> bazillion entirely harmless items from "normal" systems simply because
> they happended to be string-matches on filename ("of course you don't
> want ANY 'unwise.exe' files on your system!"), reg key/value/etc, and
> so on.
>
> 2. Cluefull. These will not have the stupid false-positive rates of
> the above, but as a result will not apparently score as well on
> clueless tests of the kind the proponents of the first kind of anti-
> spyware product push.
>
> I'd like to say -- stealing something from a colleague -- "welcome to
> antivirus 101" but actually, I think things in the anti-spyware testing
> arena are a lot worse than all but the very, very, very worst ever AV
> tests AND it seems anti-spyware tests will continue to get worse,
> rather than better...
>
>
> --
> Nick FitzGerald
> Computer Virus Consulting Ltd.
> Ph/FAX: +64 3 3267092
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists