Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Microsoft AntiSpyware falling furtherbehind
From: "Valdis Shkesters" <valdis () antivirus lv>
Date: Sun, 30 Oct 2005 13:28:19 +0200

But I classify anti-spyware programs in one encampment only -
composed of unneeded programs. Does identification of so called
spyware technically differ from identification of usual computer
virus or worm? No.
Is that which now is called spyware
(http://antispywarecoalition.org/documents/definitions.htm) within
sphere detected by antiviruses? Yes, it is, with exception of tracking cookies.

I for many years use antivirus which excellently detects all classes
of harmful programs. Within last year, using the same antivirus,
I have found very large number of active harmful programs
(which are called spyware by many) in several hundreds of
infected computers. And at least one third of these computers
had installed the so called anti-spyware.

From the point of view of an average user until now the word "virus"
was synonym for all harmful programs. Now for large part of them
the name "spyware" has been introduced. Why? In order to get
money - for antivirus and anti-spyware? Then we will see
anti-crimeware tomorrow and anti-terrorware - the day after tomorrow.

Best regards,


----- Original Message ----- From: "Nick FitzGerald" <nick () virus-l demon co uk>
To: <full-disclosure () lists grok org uk>
Sent: Saturday, October 29, 2005 2:42 PM
Subject: Re: [Full-disclosure] Re: Microsoft AntiSpyware falling furtherbehind

Valdis Shkesters wrote:

At first you can take look here http://secunia.com/product/4256/.

This summer German magazine ComputerBild compared several
popular antispyware products. Test results are available in the forum
Scrolling through detailed figures by categories of harmful programs
can be seen. I warn that the figures may be very unpleasant for fans
of some products.

...which may simply reflect that they are shite tests, rather than
anything especially meaningful about the products??

As a rule, "anti-spyware" products fall into one of two camps:

1.  "Never mind the quality, feel the width" -- you can usually pick
these because their advertising lays heavy stress on the 43 quadrillion
spyware items they claim to detect.  These products will remove 17
bazillion entirely harmless items from "normal" systems simply because
they happended to be string-matches on filename ("of course you don't
want ANY 'unwise.exe' files on your system!"), reg key/value/etc, and
so on.

2.  Cluefull.  These will not have the stupid false-positive rates of
the above, but as a result will not apparently score as well on
clueless tests of the kind the proponents of the first kind of anti-
spyware product push.

I'd like to say -- stealing something from a colleague -- "welcome to
antivirus 101" but actually, I think things in the anti-spyware testing
arena are a lot worse than all but the very, very, very worst ever AV
tests AND it seems anti-spyware tests will continue to get worse,
rather than better...

Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3267092

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]