Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

anti-adware and false positives (was: Virus infect on single user)

From: Spiro Trikaliotis <trik-news () gmx de>
Date: Tue, 10 Feb 2004 09:55:09 +0100
Hello,

* On Mon, Feb 09, 2004 at 02:35:05PM -0800 CHS wrote:
 

I find that you should run both spybot S&D *AND* adaware together for the
best possible adware/malware/spyware protection. they both catch stuff
that the other does not. between the two though, you get rid of
EVERYTHING.


Yes, you get rid of EVERYTHING - especially of things you still need.
:-(

Is there any developper on this list who uses a Microsoft DDK für NT4,
2000 or XP? You cannot use Adaware on such a machine, as it always
stumbles on the headers and source files of the provided examples,
especially the network examples. It tells me they would be part of some
malware.

Although its more than possible that these header files are part of some
malware which uses network connections, these false positives make
Adaware completely useless for a developper. Why can't it just check the
files that differ between "legal" examples and malware? An MD5 sum for
the files provided by MS would be enough to ensure these are left
unmodified, wouldn't it?

Just some thoughts,
   Spiro.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: