Re: Full-disclosure Digest, Vol 8, Issue 53

[Kevin Wood <kevin.wood () msbits com>]

Hey;

Do you guys know





On Sun, 30 Oct 2005, full-disclosure-request () lists grok org uk wrote:

> Send Full-Disclosure mailing list submissions to
>         full-disclosure () lists grok org uk
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
>         full-disclosure-request () lists grok org uk
>
> You can reach the person managing the list at
>         full-disclosure-owner () lists grok org uk
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
>
>
> Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you.
>
>
> Today's Topics:
>
>   1. Re: Re: Microsoft AntiSpyware falling furtherbehind
>      (Valdis Shkesters)
>   2. Re: Re: Microsoft AntiSpyware falling furtherbehind
>      (Nick FitzGerald)
>   3. Trend Micro's Response to the Magic Byte Bug (Auri Rahimzadeh)
>   4. Re: Re: Microsoft AntiSpyware falling further behind
>      (Nick FitzGerald)
>   5. Re: phpBB 2.0.17 (and other BB systems as well) Cookie
>      disclosure exploit. (Paul Laudanski)
>   6. Funny smtp helo in the logs (Aditya Deshmukh)
>   7. Re: Re: Microsoft AntiSpyware falling furtherbehind
>      (Valdis Shkesters)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 29 Oct 2005 14:15:17 +0300
> From: "Valdis Shkesters" <valdis () antivirus lv>
> Subject: Re: [Full-disclosure] Re: Microsoft AntiSpyware falling
>         furtherbehind
> To: "wilder_jeff Wilder" <wilder_jeff () msn com>
> Cc: full-disclosure () lists grok org uk
> Message-ID: <00ff01c5dc7a$0af84210$45fde850@ddt2d2b883c4a1>
> Content-Type: text/plain; format=flowed; charset="iso-8859-4";
>         reply-type=response
>
> Hi,
>
> At first you can take look here http://secunia.com/product/4256/.
>
> This summer German magazine ComputerBild compared several
> popular antispyware products. Test results are available in the forum
> http://www.rokop-security.de/lofiversion/index.php/t8810.html.
> Scrolling through detailed figures by categories of harmful programs
> can be seen. I warn that the figures may be very unpleasant for fans
> of some products.
>
> Best regards,
>
> Valdis
>
> ----- Original Message -----
> From: "wilder_jeff Wilder" <wilder_jeff () msn com>
> To: <valdis () antivirus lv>
> Sent: Saturday, October 29, 2005 2:55 AM
> Subject: Re: [Full-disclosure] Re: Microsoft AntiSpyware falling
> furtherbehind
>
>
> > All,
> >
> > I am messing around with Webroot's spysweeper product... does anyone know
> > if there has been any issues or holes discovered in it?
> >
> > -Jeff Wilder
> > CISSP,CCE,C/EH
> >
> >
> >
> > -----BEGIN GEEK CODE BLOCK-----
> >  Version: 3.1
> > GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M--
> > V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++
> > G e* h--- r- y+++*
> > ------END GEEK CODE BLOCK------
>
>
>
> ------------------------------
>
> Message: 2
> Date: Sun, 30 Oct 2005 01:42:02 +1300
> From: Nick FitzGerald <nick () virus-l demon co uk>
> Subject: Re: [Full-disclosure] Re: Microsoft AntiSpyware falling
>         furtherbehind
> To: full-disclosure () lists grok org uk
> Message-ID: <436424EA.14321.85FFF03 () gmail com>
> Content-Type: text/plain; charset=US-ASCII
>
> Valdis Shkesters wrote:
>
> > At first you can take look here http://secunia.com/product/4256/.
> >
> > This summer German magazine ComputerBild compared several
> > popular antispyware products. Test results are available in the forum
> > http://www.rokop-security.de/lofiversion/index.php/t8810.html.
> > Scrolling through detailed figures by categories of harmful programs
> > can be seen. I warn that the figures may be very unpleasant for fans
> > of some products.
>
> ...which may simply reflect that they are shite tests, rather than
> anything especially meaningful about the products??
>
> As a rule, "anti-spyware" products fall into one of two camps:
>
> 1.  "Never mind the quality, feel the width" -- you can usually pick
> these because their advertising lays heavy stress on the 43 quadrillion
> spyware items they claim to detect.  These products will remove 17
> bazillion entirely harmless items from "normal" systems simply because
> they happended to be string-matches on filename ("of course you don't
> want ANY 'unwise.exe' files on your system!"), reg key/value/etc, and
> so on.
>
> 2.  Cluefull.  These will not have the stupid false-positive rates of
> the above, but as a result will not apparently score as well on
> clueless tests of the kind the proponents of the first kind of anti-
> spyware product push.
>
> I'd like to say -- stealing something from a colleague -- "welcome to
> antivirus 101" but actually, I think things in the anti-spyware testing
> arena are a lot worse than all but the very, very, very worst ever AV
> tests AND it seems anti-spyware tests will continue to get worse,
> rather than better...

--
Kevin Wood ,CISSP
MSBIT Security
Email: kevin.wood () msbits com
Url: www.msbits.com

IT Security Solutions for small and medium size companies...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/