Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: PestPatrol (was: !! Internet Explorer !!)
From: yossarian <yossarian () planet nl>
Date: Sat, 12 Jun 2004 16:50:28 +0200

It actually does a reasonable job at remvoing and preventing some items more
generally accepted being pests other than whitepapers on mostly harmless
hacking. They juist have a different view what pests are, including
documents on making bombs and picking locks. Probably things you don't want
on corporate puters if you are a CEO, I guess.

The most interesting part is that you can use it on a netwerk, albeit over
netbios. AdAware, CWS shredder and Hijaak This are local tools, aimed at
home users. Since many AV-products see pest control as a sideshow, there is
a definite niche market for this product. But it could and should be a lot
better, technically. Either the av makers will fill the gap - my AV thingie
is getting there really fast - or a major player will take over. Unless
PestPatrol cleans up their act.

----- Original Message -----
From: "Michal Zalewski" <lcamtuf () ghettot org>
To: "Syed Imran Ali" <manipeto () yahoo co uk>
Cc: <full-disclosure () lists netsys com>
Sent: Saturday, June 12, 2004 4:02 PM
Subject: [Full-disclosure] PestPatrol (was: !! Internet Explorer !!)


On Sat, 12 Jun 2004, Syed Imran Ali wrote:

Get Pest Petrol...

Hmm, I always thought PP is some sort of an elaborate scam ;-) Not relying
on Windows too badly, I never had to use the product, but PP page
frequently comes up when googling for weirdest things.  Consider these
"exploits" PP detects and removes:

http://www.safersite.org/PestInfo/i/ip_addressing.asp

  PestPatrol detects the harmful practice of "IP Addressing"? "In the past
  three months, we have received reports of IP addressing in United
  States." No kidding?

http://www.safersite.org/PestInfo/l/lcamtuf_na_export_pl.asp

  PestPatrol detects my (old) site as an "exploit" (?) - and, thank god,
  removes it. Note that other security-related pages are not on the list
  (and my old page did not really provide any exploit resources to
  start with), making this even more difficult to comprehend.

http://www.safersite.org/pestinfo/e/exploit.asp

  ???

Those are just three random examples in the "exploit" category. Plenty of
fairly harmless technical documents and programs that are NOT exploits,
some of them hardly related to security and abuse, are also on the list -
heck, even a whitepaper titled "CIFS Common Insecurities Fail Scrutiny" is
listed.

All in all, many of the issues PP seems to detect appear to be either
harmless (and hence appear as an attempt to increase signature count),
cryptic, or at best misclassified. Which does not necessarily the product
is bogus, but it does not look too professional either...

But then maybe it's better when it comes to detecting spyware.

--
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2004-06-12 15:26 --

   http://lcamtuf.coredump.cx/photo/current/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault