With the lastest update of Ewido Security Suite (database version 525) i got the following warning from Spybot S&D resident:

"17/06/2004 2:15:45 Encountered and terminated FunWebProducts in C:\Program Files\ewido\security suite\Updater.exe.temp! "

How is it possible that i get a "pest" with an update of this "antipest "security product!?
Or is this a false positive of S&D?

I am quite worried now...or is there something wrong with Ewido or Spybot S&D?

http://www.nwfusion.com/newsletters/web/2003/1208web2.html
you could always email Ewido Security and ask if their free version has such .Thats one way to illiminate your guesses ( They are more anti trojan I think) . Where as spybot search n destroy is anti spyware so its natural for it to pick up and sort such out and I would really doubt that such would come from there (spybot), in fact it wouldnt. Its not unheard of for some well known security software developers to "allow" certain spyware onto their clients systems as this has happened to another anti trojan co that I am aware of .

Thanks Solarpowered Candle, of course i immediately emailed Ewido . I have good experiences with their support, so i guess they won't let me down this time either.

When i 10' later updated Ewido Security suite on my 2nd pc, i didn't get a warning from Spybot S&D's Resident during the update on that one.
So now i am baffled :o

It's a false positive from Spybot - they have been already informed MONTHS ago and it's still not fixed ;( But this one clearly shows how weak Spybot S&D is programmed... Their "resident" scans the list of running processes every X seconds (that's btw. the reason why it didn't show up on the other pc - the update went simply too fast :)) and looks for process NAMES instead for fingerprints etc.

So they cry at EVERY app that uses certain filenames (which are also used in spyware)... I'm wondering what they'll do if a spyware is called explorer.exe or something like that... Simply not add it? ??? :)

Thats pretty sad if they dont respond even though there may have been updates since your notification. they make loud and clear when others dont get in line.

Am i glad :) , The Ewido Security Suite support ALREADY mailed me to let me know that this is a false positive:
..."if an other security app detect a kind of malware in the ewido
installation folder or an ewido file is shown as infected, it is a false
positive."

Great Support!

@Fish25: if this is true (and i have a feeling i better believe you), thanks for the information, it is very useful & interesting.

fish25 it seems to me that you're just as much at fault for having a plaintext sig in your program for Spybot to alarm on in the first place

A more serious issue might be why is Resident able to terminate ewido if ewido is supposedly protected by Process Guard?

-{ Quote: "fish25 it seems to me that you're just as much at fault for having a plaintext sig in your program for Spybot to alarm on in the first place" }-

what do we have? we have our updater (called updater.exe)... once it's being run it copies itself to updater.exe.temp in order to be able to update itself... where's the problem? it's a common practise...

-{ Quote: "A more serious issue might be why is Resident able to terminate ewido if ewido is supposedly protected by Process Guard?" }-

I think because only SecuritySuite.exe is protected, not updater.exe(.temp)... But the Spybot resident even fails to terminate updater.exe.temp because Spybot is too slow and the update finishes to fast... so it's just a cosmetical issue... and will be "fixed" soon :)

Yesterday i got the same "false" positive with Spybot S&D's resident on 1 of my pc's, but this time when i installed Sun JavaSDK1.4.2_04+Netbeans. ???
So i think indeed it is a Spybot resident problem...

HELLO?


Not to start a famling war here butexcuse me!!!!!!!!!!

All security software HAS false possitives period.
I challange you Spybot bashers to list one that does not.
If Spybot wasn't a good program, it sure would not be accepted and respected world-wide. Not bad for free huh? I for one am proud to have been part of the early development of Spybot along with many other security programs.
Any tiny bit we do to hinder the bad guys is always good with me.
Be constructive not destructive.


controler

What bashers?

read Fish25's posts..

;)

If the details are factual, I don't see them as bashing, just useful information