funsec mailing list archives

RE: Spybot v. Symantec

From: Larry Seltzer <Larry () larryseltzer com>
Date: Mon, 2 Oct 2006 23:42:22 -0400

Based on the screen shot it looks like they are not blocking
installation, just recommending that you remove the products. There is a
Next button there; is someone saying that you can't just ignore the
recommendation and proceed?

The real issue here is the on-access scanners (and there's probably an
IPS component at issue too), right? At install time is there a practical
way for these products to determine that these live components are
running as opposed to just a static scanner?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of StyleWar
Sent: Monday, October 02, 2006 11:22 PM
To: 'Dude VanWinkle'; 'Richard M. Smith'
Cc: funsec () linuxbox org
Subject: RE: [funsec] Spybot v. Symantec

The suggestion that the two program development teams are intimately
aware of the functions of the latest malware, and yet somehow completely
ignorant of each other's existence and practices seems ludicrous to me.

Personally - I don't see it as a compatibility issue...

-

StyleWar

"If everyone' thinking alike, then somebody isn't thinking."

-----Original Message-----
From: funsec-bounces () linuxbox org
[mailto:funsec-bounces () linuxbox org] On Behalf Of Dude VanWinkle
Sent: Monday, October 02, 2006 12:04 PM
To: Richard M. Smith
Cc: funsec () linuxbox org
Subject: Re: [funsec] Spybot v. Symantec

On 10/1/06, Richard M. Smith <rms () bsf-llc com> wrote:



Security Smackdown: Spybot vs.  Symantec 
http://blogs.pcworld.com/staffblog/archives/002874.html

While installing my review copy of Norton Internet Security 2007, I 
found  that Symantec's software recommended that I

uninstall not only

Spybot but also  Webroot Spy Sweeper antispyware software. (See the 
screenshot below.)


Its kinda hard to run two continual scanning apps; 
anti(spy/mal/ad)ware, or anti virus software unless you can configure 
the two to not scan each others binaries or protected files. Also, I 
dont know what would happen if they both tried to watch port 80 or 
some such for those that do scan memory.

I didnt know this was a proprietary practice, but rather an OS 
limitation and also to protect your app from being altered by malware:
"you scan my files and i'll kill your process" kinda thing.

am i mistaken?

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Spybot v. Symantec Richard M. Smith (Oct 01)
- Re: Spybot v. Symantec Nick FitzGerald (Oct 01)
- Re: Spybot v. Symantec Dude VanWinkle (Oct 02)
  - RE: Spybot v. Symantec StyleWar (Oct 02)
    - RE: Spybot v. Symantec Larry Seltzer (Oct 02)
- <Possible follow-ups>
- RE: Spybot v. Symantec Alex Eckelberry (Oct 02)