Full Disclosure mailing list archives
Re: Microsoft AntiSpyware - First Impressions
From: "Mary Landesman" <mlande () bellsouth net>
Date: Sun, 9 Jan 2005 20:20:23 -0500
Running a competing product after a scan from another simply determines whether the second product will false positive on leftover benign registry keys, folders, etc. Yes, it would be *nice* if all remants were removed, but that's not the reality with any of these products. Oftentimes, these so-called 'infections' are empty folders or leftover registry keys that no longer have a file associated with them. The false postive rates in these products are extremely high and, I believe, lead to a perception that adware/spyware is much more prevalent than it really is. The real indicator is whether all active components of the infection are removed. To do this requires isolating the startup vectors, active processes, services, etc. and determining whether the product(s) being tested effectively removes those. In other words, is the infection effectively neutered such that it will no longer load/run? Also, each of these products reports differently. For example, Ad-Aware counts every individual key, file and folder as an 'object' whereas Microsoft AntiSpyware and several others more conservatively (and I feel, more accurately) group keys, files, and folders associated with a specific adware/spyware as a single detection (in much the same manner as virus scanners do). I used the 'active' criteria described above to test MS AntiSpyware against 180 Solutions, Avenue Media, BargainBuddy, BonziBuddy, Claria, CoolWebSearch, Cydoor, Dashbar, Exact Searchbar, Hotbar, Huntbar (WinTools), Internet Optimizer, IST.SlotchBar, NEO, Troj_StartPage, WebSearch, WhenUSearch, WinTools, Xrenoder, and Zango Search Assistant. In my tests, MS AntiSpyware removed 91% of all active/startup components compared to Ad-Aware at 65% and Spybot at 55%. I also broke it down by category; MS AntiSpyware removed/corrected: 96% of processes running in memory 67% of start/search page modifications 100% of BHO/Toolbars 95% of startup vectors 100% of other (buttons/menu items, etc) Interesting, though, that even though we used different criteria, the results are the same - MS AntiSpyware provides better detection. (It is important to note that CounterSpy uses the same Giant technology. In fact, many of the bugs/results being reported with MS AntiSpyware are also true of CounterSpy). You can read my full review at: http://antivirus.about.com/od/antivirussoftwarereviews/a/msantispy.htm For those who don't want to be bothered with the ads, the most important part of my review has already been posted in this message. -- Mary ----- Original Message ----- From: "jerome.athias" <jerome.athias () free fr> To: <full-disclosure () lists netsys com> Sent: Sunday, January 09, 2005 4:38 AM Subject: RE: [Full-disclosure] Microsoft AntiSpyware - First Impressions You could be interested by an article so called "MS AntiSpyware vs Ad-Aware vs SpyBot" http://www.flexbeta.net/main/articles.php?action=show&id=84&perpage=1&pagenu m=1 Regards, Jerome _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Microsoft AntiSpyware - First Impressions James Patterson Wicks (Jan 07)
- Re: Microsoft AntiSpyware - First Impressions Paul Laudanski (Jan 07)
- Re: Microsoft AntiSpyware - First Impressions KF (lists) (Jan 07)
- Re: Microsoft AntiSpyware - First Impressions KF (lists) (Jan 07)
- <Possible follow-ups>
- RE: Microsoft AntiSpyware - First Impressions irfan . syed (Jan 07)
- Re: Microsoft AntiSpyware - First Impressions Kyle Maxwell (Jan 07)
- Re: Microsoft AntiSpyware - First Impressions Valdis . Kletnieks (Jan 07)
- RE: Microsoft AntiSpyware - First Impressions jerome.athias (Jan 09)
- Re: Microsoft AntiSpyware - First Impressions Andrew Smith (Jan 09)
- Re: Microsoft AntiSpyware - First Impressions Mary Landesman (Jan 09)
- Re: Microsoft AntiSpyware - First Impressions Kyle Maxwell (Jan 07)
- RE: Microsoft AntiSpyware - First Impressions James Patterson Wicks (Jan 09)