Re: PestPatrol (was: !! Internet Explorer !!)

[yossarian <yossarian () planet nl>]

It actually does a reasonable job at remvoing and preventing some items more
generally accepted being pests other than whitepapers on mostly harmless
hacking. They juist have a different view what pests are, including
documents on making bombs and picking locks. Probably things you don't want
on corporate puters if you are a CEO, I guess.

The most interesting part is that you can use it on a netwerk, albeit over
netbios. AdAware, CWS shredder and Hijaak This are local tools, aimed at
home users. Since many AV-products see pest control as a sideshow, there is
a definite niche market for this product. But it could and should be a lot
better, technically. Either the av makers will fill the gap - my AV thingie
is getting there really fast - or a major player will take over. Unless
PestPatrol cleans up their act.

----- Original Message -----
From: "Michal Zalewski" <lcamtuf () ghettot org>
To: "Syed Imran Ali" <manipeto () yahoo co uk>
Cc: <full-disclosure () lists netsys com>
Sent: Saturday, June 12, 2004 4:02 PM
Subject: [Full-disclosure] PestPatrol (was: !! Internet Explorer !!)


> On Sat, 12 Jun 2004, Syed Imran Ali wrote:
>
> > Get Pest Petrol...
>
> Hmm, I always thought PP is some sort of an elaborate scam ;-) Not relying
> on Windows too badly, I never had to use the product, but PP page
> frequently comes up when googling for weirdest things.  Consider these
> "exploits" PP detects and removes:
>
> http://www.safersite.org/PestInfo/i/ip_addressing.asp
>
>   PestPatrol detects the harmful practice of "IP Addressing"? "In the past
>   three months, we have received reports of IP addressing in United
>   States." No kidding?
>
> http://www.safersite.org/PestInfo/l/lcamtuf_na_export_pl.asp
>
>   PestPatrol detects my (old) site as an "exploit" (?) - and, thank god,
>   removes it. Note that other security-related pages are not on the list
>   (and my old page did not really provide any exploit resources to
>   start with), making this even more difficult to comprehend.
>
> http://www.safersite.org/pestinfo/e/exploit.asp
>
>   ???
>
> Those are just three random examples in the "exploit" category. Plenty of
> fairly harmless technical documents and programs that are NOT exploits,
> some of them hardly related to security and abuse, are also on the list -
> heck, even a whitepaper titled "CIFS Common Insecurities Fail Scrutiny" is
> listed.
>
> All in all, many of the issues PP seems to detect appear to be either
> harmless (and hence appear as an attempt to increase signature count),
> cryptic, or at best misclassified. Which does not necessarily the product
> is bogus, but it does not look too professional either...
>
> But then maybe it's better when it comes to detecting spyware.
>
> --
> ------------------------- bash$ :(){ :|:&};: --
>  Michal Zalewski * [http://lcamtuf.coredump.cx]
>     Did you know that clones never use mirrors?
> --------------------------- 2004-06-12 15:26 --
>
>    http://lcamtuf.coredump.cx/photo/current/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html