Is it really worth it? Is it THAT much better than the MSAS?

I think the two are pretty much the same thing correct? I am curious if it is worth the 20 bucks or should I stick with the MSAS beta which is free? ???

Thanks in advance for any/all replies.

Regards,

Jag

I don't know much for specifics, but this is what I've gathered:
CounterSpy uses Microsoft's updates as well as developing their own defs.
MSAS has a couple extra system checkpoints being monitored (3 more if I remember right; 59 for MSAS and 56 for CS).

As far as detection rates, I don't know which is better. I know they both panic if I install the free version of Kazaa (which is a good thing). Personally, I wouldn't spend the extra $20 because I can't see any compelling reason to use CS over a very similar free product.

CounterSpy has something like 3 times as many sigs, and they just bought some web crawling software that should greatly increase their sig base once they get it fully going, article here: http://www.eweek.com/article2/0,1759,1788878,00.asp .. of course they also plan on doing more to distinguish CounterSpy from MSAS in the near future.

Thanks for the info guys. One of the reasons I have thought about getting it was due to some reviews I have read.

The second reason is because my MSAS keeps timing out when it is scanning memory for polymorphic hijack attempts.

There is another user here on these forums that is having the same problems as me. Someone posted back that there is a problem with MSAS and possibly Spywareblaster.

Any thoughts on this one?

Thanks for your replies.

Regards,

Jag

Interesting article Notok! I guess they'll have to do something cause Giant was a winner and they saw it too...but when the licence expires with Microsoft then they'll have to do it on their own so I understand why they seek for solutions.
If they don't this kind of stuff, they'll have to find another contractor like some time ago with PestPatrol.
SpySweeper has also such a special method with searchengines I believe.
And that sounds promising for both companies :)

-{ Quote: "Is it really worth it? Is it THAT much better than the MSAS?" }-See my post on it here. (http://www.wilderssecurity.com/showpost.php?p=427577)

Hope this helps...

Cheers ;D

Blackspear,

Thanks for your post/link. Looks like some good stuff. I also just found this article HERE (http://www.pcworld.com/reviews/article/0,aid,120531,00.asp) regarding Counterspy.

I downloaded the free 15 day trial but it found nothing on my computer. ;D All in all, it looks pretty solid. I will decide to purchase after some more investigation.

Regards,

Jag

Jaguar, im a registered user of CounterSpy for more than 2 months now. Is very good and much better than MS. Just dont set it to check for updated on startup, because sometimes it 'stucks'.

Stephanos,

Did Counterspy find anything for you that MSAS did not?

Yes, just before i uninstall MS i have sweeped my system, found nothing.
Same day i installed CounterSpy and found two keylogers.
They have different databases. I like CounterSpy.

Wow two keyloggers huh? Damn lucky you got Counterspy then.

One thing I dont like so far is the increased memory useage. I wonder if they could fix that at some point. Or if it is just that way because of the larger database?

I am curious to ask any other CS users.

I was messing around with my hosts file, trying to see if I could get CS to prompt me that a change has occured. However I never received any prompts.

I was wondering if anyone else has had this problem or if you have not or do not know, could you please test it out and reply back to this thread to let me know.

Im still trying to decide whether or not to buy this product.

Thanks and Regards,

Jag

Can anyone pitch in here please?

I did a lil more testing. It seems (at least on my system) that if you use a large HOSTS file like mvps or bluetac's it does not alert me.

When I go to the default HOSTS file from Windows and add an entry in, it pops up immediately.

So, does CS not know how to handle large HOSTS files?

I tried finding forums for CS but was unlucky. Do they even have an "Official" forum?

Regards,

Jag

-{ Quote: "
I tried finding forums for CS but was unlucky. Do they even have an "Official" forum?" }-Yes they do, over at CastleCops (http://castlecops.com/f164-CounterSpy.html). As for the HOSTS file, I seem to remember hearing that CS does have a problem with large ones, but you should consider that pure hearsay. I would give it a try, I've been using it for a little while now and am very happy with it.

Notok,

Thanks very much, I will post over there. :)

Best Regards,

Jag

I have tried CounterSpy for few days. I decided to uninstall it for two reasons:

1- Uses alot of memory ~27MB and sometimes too aggressive in using CPU resources when the real-time protection is enabled.

2- Too many false positives. I installed CounterSpy in a clean machine and after the first deep scan it shows about 15 detections range between keyloggers and other kind of spywares.

How I know these are FP because all keyloggers were legitimate applications that I know for sure such as Password Recovery Pro. Also I tested my system with following tools:

KAV5, TDS-3, Ewido 3 plus, TrojanHunter 4.2, SpySweeper 3.5, Ad-Aware SE, SpybotSD

I didn’t even get one warning from any of these tools. But CounterSpy still insists that I have a lot of keyloggers installed on my system. Bad spyware detector nice GUI though.

I am not sure about the FP's but I would assume that anything is possible.

Im still trialing it but it has not really shown me anything special as of yet. Im still a bit disappointed regarding the HOSTS file as well.

Jag

-{ Quote: "I have tried CounterSpy for few days. I decided to uninstall it:

Too many false positives. I installed CounterSpy in a clean machine and after the first deep scan it shows about 15 detections range between keyloggers and other kind of spywares.

" }-

This seems to be a pretty common theme among people who have voiced complaints against CounterSpy. I have heard repeatedly that false positives is an area that greatly needs to be improved for this product. Having never used it, I can't speak on behalf of this....but I have heard from several people that false positives seem to be pretty commonplace.

I've been using it for a few weeks and have not had more than one or two FPs. From what I've gathered from their forum they made a major effort to reduce FPs right before I started using it, including extensive testing before releasing updates. As far as I know it's never been as bad as scanners like PestPatrol, though.

I don't think CS has that many false positives at all. I use it for about four months now and they just have a different approach, so it seems. And they give options when they detect things. CS is for instance the only one on my system to flag Messenger Plus! as dangerous. And they gave the option to quarantine the thing. But I have no problem with Plus! so I set it on always ignore.

Not an fp, just another idea :)

Aside from having difficulty with large hosts files, it seems that on my system, the "Active Protection" is always disabled upon startup.

I have to manually activate it each time. Has anyone else had this problem?

The active protection behaves like that in the trial version i believe.It did for me anyway.The registered version doesnt behave like that.Howver its annoying (imo) that in the registered version it insists on registering itself at startup everytime you open the damn thing.Its nice to have it startup but for gods sake let the user decide whther to use it on demand , whether to update it auto or manually , without it inserting its sunasdtserv.exe in the run keys.
ellison

Here is one example of what I am referring to by "false positives". This was posted at Castlecops including several updates by a Sunbelt administrator in response to the FPs. It looks like they are doing their best to stay up on things, but that is still an aweful lot of FPs to update and correct....and several times over.

CounterSpy Update Definitions and Details (via Castlecops) (http://castlecops.com/postt112222.html)

-{ Quote: "without it inserting its sunasdtserv.exe in the run keys." }-Yea, verily!

-{ Quote: "Here is one example of what I am referring to by "false positives". This was posted at Castlecops including several updates by a Sunbelt administrator in response to the FPs. It looks like they are doing their best to stay up on things, but that is still an aweful lot of FPs to update and correct....and several times over.

CounterSpy Update Definitions and Details (via Castlecops) (http://castlecops.com/postt112222.html)" }-

And they are at version 170, but that hasn't been updated yet :) So no idea what they changed now. A complaint I had before, because Sunbelt's website prints absolutely nothing except for marketing blabla. Would be neat if they put info on version on their website, but "too much work," they told me...

Wow that is a shame Edwin. Im beginning to think I do not want to spend the 20 bucks on this software.

Sorry to bump my own post, but to be fair, I felt I needed to come back to report this.

Looks as if MSAS has the same problem with large hosts files as well.

For example:

If you use the hosts file from mvps and make any changes, you will be alerted by both MSAS and CS.

Now try using Bluetac's hosts file, both MSAS and CS do not report any changes at all.

It kind of makes sense as they are both on the same engine (at least I think so) that they both fail at recognizing this.

So at this point in time, I think I will stick with MSAS and not purchase CS. I think I would rather put the 20 bucks towards a new firewall, PG, or possibly RegDefend.

The only reason I say this is because CS has not found anything on my system, so I figure why spend the 20 bucks, at least right now anyways. :P

HTH other users as well.

Regards,

Jag