Full Disclosure mailing list archives
RE: Microsoft AntiSpyware - First Impressions
From: "James Patterson Wicks" <pwicks () oxygen com>
Date: Sun, 9 Jan 2005 20:53:57 -0500
Thank you for the thorough examination and excellent review. Your timely information will provide more than enough data for senior management to sign off on a limited deployment of the beta. Since my company has such a liberal surfing policy, deploying this tool to the problem users (the "why do I keep getting popup ads" group) should reduce the amout of time that the helpdesk spends cleaning systems. We also do not have to worry about violating LavaSoft licensing by using Ad-Aware SE within the enterprise. -----Original Message----- From: full-disclosure-bounces () lists netsys com [mailto:full-disclosure-bounces () lists netsys com] On Behalf Of Mary Landesman Sent: Sunday, January 09, 2005 8:20 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Microsoft AntiSpyware - First Impressions Running a competing product after a scan from another simply determines whether the second product will false positive on leftover benign registry keys, folders, etc. Yes, it would be *nice* if all remants were removed, but that's not the reality with any of these products. Oftentimes, these so-called 'infections' are empty folders or leftover registry keys that no longer have a file associated with them. The false postive rates in these products are extremely high and, I believe, lead to a perception that adware/spyware is much more prevalent than it really is. The real indicator is whether all active components of the infection are removed. To do this requires isolating the startup vectors, active processes, services, etc. and determining whether the product(s) being tested effectively removes those. In other words, is the infection effectively neutered such that it will no longer load/run? Also, each of these products reports differently. For example, Ad-Aware counts every individual key, file and folder as an 'object' whereas Microsoft AntiSpyware and several others more conservatively (and I feel, more accurately) group keys, files, and folders associated with a specific adware/spyware as a single detection (in much the same manner as virus scanners do). I used the 'active' criteria described above to test MS AntiSpyware against 180 Solutions, Avenue Media, BargainBuddy, BonziBuddy, Claria, CoolWebSearch, Cydoor, Dashbar, Exact Searchbar, Hotbar, Huntbar (WinTools), Internet Optimizer, IST.SlotchBar, NEO, Troj_StartPage, WebSearch, WhenUSearch, WinTools, Xrenoder, and Zango Search Assistant. In my tests, MS AntiSpyware removed 91% of all active/startup components compared to Ad-Aware at 65% and Spybot at 55%. I also broke it down by category; MS AntiSpyware removed/corrected: 96% of processes running in memory 67% of start/search page modifications 100% of BHO/Toolbars 95% of startup vectors 100% of other (buttons/menu items, etc) Interesting, though, that even though we used different criteria, the results are the same - MS AntiSpyware provides better detection. (It is important to note that CounterSpy uses the same Giant technology. In fact, many of the bugs/results being reported with MS AntiSpyware are also true of CounterSpy). You can read my full review at: http://antivirus.about.com/od/antivirussoftwarereviews/a/msantispy.htm For those who don't want to be bothered with the ads, the most important part of my review has already been posted in this message. -- Mary ----- Original Message ----- From: "jerome.athias" <jerome.athias () free fr> To: <full-disclosure () lists netsys com> Sent: Sunday, January 09, 2005 4:38 AM Subject: RE: [Full-disclosure] Microsoft AntiSpyware - First Impressions You could be interested by an article so called "MS AntiSpyware vs Ad-Aware vs SpyBot" http://www.flexbeta.net/main/articles.php?action=show&id=84&perpage=1&pa genu m=1 Regards, Jerome _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster () oxygen com and destroy all electronic and paper copies of this e-mail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Microsoft AntiSpyware - First Impressions James Patterson Wicks (Jan 07)
- Re: Microsoft AntiSpyware - First Impressions Paul Laudanski (Jan 07)
- Re: Microsoft AntiSpyware - First Impressions KF (lists) (Jan 07)
- Re: Microsoft AntiSpyware - First Impressions KF (lists) (Jan 07)
- <Possible follow-ups>
- RE: Microsoft AntiSpyware - First Impressions irfan . syed (Jan 07)
- Re: Microsoft AntiSpyware - First Impressions Kyle Maxwell (Jan 07)
- Re: Microsoft AntiSpyware - First Impressions Valdis . Kletnieks (Jan 07)
- RE: Microsoft AntiSpyware - First Impressions jerome.athias (Jan 09)
- Re: Microsoft AntiSpyware - First Impressions Andrew Smith (Jan 09)
- Re: Microsoft AntiSpyware - First Impressions Mary Landesman (Jan 09)
- Re: Microsoft AntiSpyware - First Impressions Kyle Maxwell (Jan 07)
- RE: Microsoft AntiSpyware - First Impressions James Patterson Wicks (Jan 09)