-{ Quote: "Anti-spyware company Webroot released a report yesterday stating that the rate of spyware infections soared in the first quarter of 2006, infecting an estimated 87 percent of consumers' PCs with an average of 34 pieces of spyware per machine." }-
Brian Krebs (http://blog.washingtonpost.com/securityfix/2006/05/your_spycar_ran_over_my_dogma.html)

ROTF ... -{ Quote: "SpywareBlaster didn't prevent any of the Spycar attacks" }- I wonder why ::) Maybe one should understand what a program actually does before testing it in this regard.

His blog is open for questions and comments. :D

Ran thru the tests first using SSM and then used Sunbelt's Kerio on one OS and ZA Pro on another with behavior blocking enabled.

All three allowed no changes at all.

Those are the only resident "blocking" programs I use, so can't comment on any other resident AS app.

Regards - Charles

-{ Quote: "ROTF ... I wonder why ::) Maybe one should understand what a program actually does before testing it in this regard." }-

Unfortunately, many people still don't understand the distinction between behavior-based "active" detection products (like SpywareGuard, SpySweeper's "real-time" monitors, etc.) and passive protection approaches like SpywareBlaster.

On the other hand - if he had used the System Snapshot feature of SpywareBlaster (setting a snapshot when the system was clean and then restoring later), I'm pretty sure he would have been pleased that it detected many of the changes, and offered to repair them (much like Ad-Aware did in the on-demand scan). But my best guess is that he installed SpywareBlaster, enabled it's protection, and waited for it to "alert" to the changes that occured. And, of course, that's not what it does. 8)

Best regards,

-Javacool

-{ Quote: " But my best guess is that he installed SpywareBlaster, enabled it's protection, and waited for it to "alert" to the changes that occured. And, of course, that's not what it does. 8) " }-That's exactly the way I perceived it too. While his statement was limited, the use of the word "prevent" doesn't really leave any room for any other understanding. To add to that, funny enough that his bracketed comment regarding Ad-Aware indicates he has a grasp of real-time and on demand protection, but he certainly doesn't understand the difference of passive and active protection. What is sad is that the people who wield the power of the media should make such misinformed/erroneous statements ... what a disservice to his readers. Trying to qualify his sumnation with the paragraph below the SB one, is also a joke. He should've simply said ... I don't think these tests are comprehensive enough to make informed judgments ... because the rest of that paragraph questions if he even understands Spycar at all (as it only makes registry changes and tries to modify the hosts file) and for that matter his comprehension of the entire subject because this conclusion is rather off -{ Quote: "the Spycar experiment does demonstrate that the anti-spyware industry is -- like the current anti-virus industry -- woefully dependent upon a constant stream of updates to detect new threats." }- ... Yes Brian; this finite test/demostration definitely requires AS vendors to have a constant stream of updates to detect new threats. I wonder how horrified he be to discover things like regedit could be disabled too ... maybe in his next round of testing he can run Scoundrel Simulator (http://www.geeksuperhero.com/scoundrelsim.shtml) and enlight us again. ::)
-{ Quote: "On the other hand - if he had used the System Snapshot feature of SpywareBlaster (setting a snapshot when the system was clean and then restoring later), I'm pretty sure he would have been pleased that it detected many of the changes, and offered to repair them" }-Yes good point JC ... if he had only took the time to understand the test, the products he was using and how they worked ... but alas he didn't. :-[

Brian's handling of the tests is probably no worse than most I've seen.
To my knowledge he doesn't claim malware guru status and for a user he makes some valid points though he did miss it on SpywareBlaster..
FWIW, BOClean smoked all the tests.

The really interesting result of Krebs article was the response posted by Dr. Gerry at the end:

I must insist that everyone discover the sad truth behind "Spycar"-- it is this:
---------start-------------------
http://radsoft.net/resources/rants/20060515,00.shtml

Posted by: Dr. Gerry | May 17, 2006 05:21 PM

-- Tom

Spycar certainly is turning into a drama.

I never really know what to make of Radsoft. Even if it is true, I find the rants highly unprofessional.

I'm likely behind the times on this, but I just read about

http://spycar.org/Welcome%20to%20Spycar.html

in the new PC World mag last night, re testing your security apps.

===============================================

PG was > the only app < that popped up every time, (out of at least 11 security programs that I was running at the time), when I ran the site's tests.

I suppose then, that the next thing to do, would be to disable PG & try the tests again, & see what happens?

SG1 (Pat)

App/Regdefend (GSS 1.110 Tonys config on regdefend) passed all tests.
Tiny PF 6 also passed all the Regtests but failed the hosts test and all the IE tests. But I suspect I have not configured it right. I have altered the default settings so I guess you cant judge TPF 6 from my testings alone.

My Pc-cillin internet security 2006 blocked it all. Passed with flying colors.

.....

GSS 1.110 and ewido anti-spyware 4.0 passed all the tests. ewido alerted first in the majority of the tests.

Regards, C.

big C is that just 2006 that detecs that ? or all versions is it the virus defeintions or spyware? thanks MD

It is the antispyware in TMIS and the av and a couple of the other modules. I don't know if all versions would block it all or not.