Re: [Full-disclosure] Re: Microsoft AntiSpyware falling furtherbehind
But I classify anti-spyware programs in one encampment only - composed of unneeded programs. Does identification of so called spyware technically differ from identification of usual computer virus or worm? No. Is that which now is called spyware (http://antispywarecoalition.org/documents/definitions.htm) within sphere detected by antiviruses? Yes, it is, with exception of tracking cookies. I for many years use antivirus which excellently detects all classes of harmful programs. Within last year, using the same antivirus, I have found very large number of active harmful programs (which are called spyware by many) in several hundreds of infected computers. And at least one third of these computers had installed the so called anti-spyware. From the point of view of an average user until now the word virus was synonym for all harmful programs. Now for large part of them the name spyware has been introduced. Why? In order to get money - for antivirus and anti-spyware? Then we will see anti-crimeware tomorrow and anti-terrorware - the day after tomorrow. Best regards, Valdis - Original Message - From: Nick FitzGerald [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Saturday, October 29, 2005 2:42 PM Subject: Re: [Full-disclosure] Re: Microsoft AntiSpyware falling furtherbehind Valdis Shkesters wrote: At first you can take look here http://secunia.com/product/4256/. This summer German magazine ComputerBild compared several popular antispyware products. Test results are available in the forum http://www.rokop-security.de/lofiversion/index.php/t8810.html. Scrolling through detailed figures by categories of harmful programs can be seen. I warn that the figures may be very unpleasant for fans of some products. ...which may simply reflect that they are shite tests, rather than anything especially meaningful about the products?? As a rule, anti-spyware products fall into one of two camps: 1. Never mind the quality, feel the width -- you can usually pick these because their advertising lays heavy stress on the 43 quadrillion spyware items they claim to detect. These products will remove 17 bazillion entirely harmless items from normal systems simply because they happended to be string-matches on filename (of course you don't want ANY 'unwise.exe' files on your system!), reg key/value/etc, and so on. 2. Cluefull. These will not have the stupid false-positive rates of the above, but as a result will not apparently score as well on clueless tests of the kind the proponents of the first kind of anti- spyware product push. I'd like to say -- stealing something from a colleague -- welcome to antivirus 101 but actually, I think things in the anti-spyware testing arena are a lot worse than all but the very, very, very worst ever AV tests AND it seems anti-spyware tests will continue to get worse, rather than better... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3267092 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Microsoft AntiSpyware falling furtherbehind
Hi, At first you can take look here http://secunia.com/product/4256/. This summer German magazine ComputerBild compared several popular antispyware products. Test results are available in the forum http://www.rokop-security.de/lofiversion/index.php/t8810.html. Scrolling through detailed figures by categories of harmful programs can be seen. I warn that the figures may be very unpleasant for fans of some products. Best regards, Valdis - Original Message - From: wilder_jeff Wilder [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, October 29, 2005 2:55 AM Subject: Re: [Full-disclosure] Re: Microsoft AntiSpyware falling furtherbehind All, I am messing around with Webroot's spysweeper product... does anyone know if there has been any issues or holes discovered in it? -Jeff Wilder CISSP,CCE,C/EH -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M-- V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++ G e* h--- r- y+++* --END GEEK CODE BLOCK-- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Microsoft AntiSpyware falling furtherbehind
Valdis Shkesters wrote: At first you can take look here http://secunia.com/product/4256/. This summer German magazine ComputerBild compared several popular antispyware products. Test results are available in the forum http://www.rokop-security.de/lofiversion/index.php/t8810.html. Scrolling through detailed figures by categories of harmful programs can be seen. I warn that the figures may be very unpleasant for fans of some products. ...which may simply reflect that they are shite tests, rather than anything especially meaningful about the products?? As a rule, anti-spyware products fall into one of two camps: 1. Never mind the quality, feel the width -- you can usually pick these because their advertising lays heavy stress on the 43 quadrillion spyware items they claim to detect. These products will remove 17 bazillion entirely harmless items from normal systems simply because they happended to be string-matches on filename (of course you don't want ANY 'unwise.exe' files on your system!), reg key/value/etc, and so on. 2. Cluefull. These will not have the stupid false-positive rates of the above, but as a result will not apparently score as well on clueless tests of the kind the proponents of the first kind of anti- spyware product push. I'd like to say -- stealing something from a colleague -- welcome to antivirus 101 but actually, I think things in the anti-spyware testing arena are a lot worse than all but the very, very, very worst ever AV tests AND it seems anti-spyware tests will continue to get worse, rather than better... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3267092 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Microsoft AntiSpyware falling furtherbehind
(This is important day for you, now you know you're not alone ;) In regard to spyware, at last I hear clear and logical formulation. Theory is nice, but practice differs. In its broader sense, Spyware is used as a synonym for what the Anti-Spyware Coalition calls Spyware and Other Potentially Unwanted Technologies: . Spyware (narrow) . Snoopware . Unauthorized Keylogger . Unauthorized Screen Scraper . Nuisance or Harmful Adware . Backdoors . Botnets . Droneware . Unauthorized Dialers . Hijackers . Rootkits . Hacker Tools (including port scanners) . Tricklers . Unauthorized Tracking Cookies http://www.antispywarecoalition.org/documents/definitions.htm On Fri, 28 Oct 2005 17:56:32 +0300, Valdis Shkesters said: (Hmm.. usually when I reply to Valdis I'm talking to myself... ;) As today I was preparing news for a portal on IT security, I am informed that Anti-Spyware Coalition is finalizing spyware definition. It is last moment to finalize with spyware, because at the horizon already has appeared crimeware. Take a look at http://www.antiphishing.org/. I'm quoting: Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Maybe it would be better to call Trojan horses Trojan horses? No, because they're different. Trojan horses (a) get installed under pretense of being something wanted or beneficial (Hey, I'm a neat fun codec that lets you view these movies...) and (b) once there, gives the attacker a back door into the system, to do unspecified things (run commands, launch DDoS attacks, send spam, scan for other vulnerable software, upload plugins to extend the Trojan's functionality, or whatever). Spyware, on the other hand (a) *may* be installed via Trojan Horse means, but may also be forcibly inserted on a system via a software vulnerability, or added in via the above-mentioned plugin method by an already-present Trojan, and (b) is software that monitors system activity (keystrokes, screen pixmaps, etc) in an effort to acquire credentials or other sensitive information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/