PestPatrol (was: !! Internet Explorer !!)

[Michal Zalewski <lcamtuf () ghettot org>]

On Sat, 12 Jun 2004, Syed Imran Ali wrote:

> Get Pest Petrol...

Hmm, I always thought PP is some sort of an elaborate scam ;-) Not relying
on Windows too badly, I never had to use the product, but PP page
frequently comes up when googling for weirdest things.  Consider these
"exploits" PP detects and removes:

http://www.safersite.org/PestInfo/i/ip_addressing.asp

  PestPatrol detects the harmful practice of "IP Addressing"? "In the past
  three months, we have received reports of IP addressing in United
  States." No kidding?

http://www.safersite.org/PestInfo/l/lcamtuf_na_export_pl.asp

  PestPatrol detects my (old) site as an "exploit" (?) - and, thank god,
  removes it. Note that other security-related pages are not on the list
  (and my old page did not really provide any exploit resources to
  start with), making this even more difficult to comprehend.

http://www.safersite.org/pestinfo/e/exploit.asp

  ???

Those are just three random examples in the "exploit" category. Plenty of
fairly harmless technical documents and programs that are NOT exploits,
some of them hardly related to security and abuse, are also on the list -
heck, even a whitepaper titled "CIFS Common Insecurities Fail Scrutiny" is
listed.

All in all, many of the issues PP seems to detect appear to be either
harmless (and hence appear as an attempt to increase signature count),
cryptic, or at best misclassified. Which does not necessarily the product
is bogus, but it does not look too professional either...

But then maybe it's better when it comes to detecting spyware.

-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2004-06-12 15:26 --

   http://lcamtuf.coredump.cx/photo/current/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html