CounterSpy 2 - Notes

[eburger68]

Hi All:

I posted an announcement of the release of CounterSpy 2 in the updates forum:

http://www.wilderssecurity.com/showthread.php?t=164364

Here is some additional info that did not fit into that post:

System Requirements

- Microsoft Internet Explorer 5.5 or higher
- IBM Compatible 400MHZ Computer with at least 128MB of RAM
- Windows 2000 Pro SP3 & higher, Windows XP (Pro, Home, Tablet, or Media), Windows Vista RTM 32-bit
- 200MB of available free space on your hard drive

CounterSpy 2.1 is not supported on the following platforms:

* Windows 95
* Windows 98
* Windows 98 SE
* Windows ME
* Windows NT 4.0 (or earlier)
* Windows 2000 RTM, SP1, SP2
* Windows 2000 Server
* Windows 2003 Server
* Windows XP 64-bit
* Windows Vista 64-bit

Trial Version

New users are entitled to a free 15 day trial period, during which the application is fully functional -- i.e., Active Protection is usable and the app will both scan for AND remove adware, spyware, and malware.

To start your 15 day trial period, simply download the application from the link above and install. If you purchase a license after 15 days, you can convert the installed trial version into a licensed version by entering your Registration key into the program's registration wizard.

Upgrades for Existing Users

Users with valid licenses for CounterSpy 1.0 or 1.5 are entitled to a free upgrade. During installation, the CounterSpy 2 installer will accept your existing Registration key for version 1.5 or 1.0.

Although we would recommend uninstalling CSC 1.0 and 1.5 first, you can simply launch the CSC 2 installer, and it will automatically upgrade your CounterSpy installation to version 2.

Windows Defender

Please be aware that CounterSpy will disable Windows Defender, if that app is installed (CounterSpy will not uninstall or remove Windows Defender).

Although this behavior is by design, Sunbelt recognizes that some users may want to keep Windows Defender enabled.

* In the short term, Sunbelt will be offering a workaround that allows Windows Defender to stay enabled alongside CounterSpy 2 (check back in this thread for more info later today).

* In a follow-on bug-fix release that should be released in the next 1-2 weeks, CounterSpy will make available in the user interface an option to keep Windows Defender enabled.

Best,

Eric L. Howes
Sunbelt Software

[eburger68]

Hi All:

As promised, here is the fix/workaround (mentioned in my previous post) that allows Windows Defender to remain enabled while CounterSpy 2 is installed.

The following .ZIP file contains two .REG files: one to enable Windows Defender while CSC 2 is installed; one to disable Windows Defender while CSC 2 is installed:

http://www.sunbelt-software.com/spyw...ble_windef.zip

Also included in the .ZIP file is a ReadMe with more instructions on how to use this workaround.

Best,

Eric L. Howes
Sunbelt Software

[Atomas31]

Hi Eric,

I am a paid customer of Counterspy and when I try to install Counterspy 2.0 I receive the error message in my screenshot I simply can't install it :-(


Best regards,
Atomas31

[eburger68]

Atomas31:

I've not seen that error before. I assume you had a previous version of CounterSpy installed, yes? What version? What path was it installed to?

Also, did you uninstall that previous version before installing CounterSpy 2.1?

Finally, what version and service pack of Windows are you running?

Eric L. Howes
Sunbelt Software

[Trooper]

Hi Eric,

Nice to see you on the forums here. Does the new version of CounterSpy have improved scanning time? Also, is it less bloated than version 1.5?

Cheers.

[Atomas31]

Quote:

Originally Posted by eburger68

Atomas31:

I've not seen that error before. I assume you had a previous version of CounterSpy installed, yes? What version? What path was it installed to?

Also, did you uninstall that previous version before installing CounterSpy 2.1?

Finally, what version and service pack of Windows are you running?

Eric L. Howes
Sunbelt Software

Hi Eric,

I finally succeed in installing CS 2.0 but I had to absolutly uninstall version 1.5...

I have windows XP with SP2.

I have a question : When I am doing a scan shouldn't I see the files that are being scan? I have joint a screenshot where you can see "scanning files" but I don't see the files being scan like in v. 1.5

Thanks,
Atomas31

[eburger68]

Atomas:

By default that option is turned off to improve scan speeds. You can turn it back on through an option in the "Settings" menu.

Best,

Eric L. Howes
Sunbelt Software

[Atomas31]

Ok, Thanks!

Best regards,
Atomas31

[acr1965]

Quote:

Originally Posted by Trooper

Hi Eric,

Nice to see you on the forums here. Does the new version of CounterSpy have improved scanning time? Also, is it less bloated than version 1.5?

Cheers.

Not to butt in but, it looks like CS2 is running at around 33MB with its active protection enabled. That is a tremendous improvement from the previous weigh-in of nearly 200 MB. While updating it jumps up a bit to between 38-40 MB. I have not ran a scan yet but the definition update speed is certainly improved.

[lucas1985]

Hi Eric,
According to VirusTotal, CS2 is detecting µTorrent executable as "VIPRE.Suspicious"

[eburger68]

lucas1985:

A VIPRE.Suspicious detection is not a positive confirmation of malware, but rather an indication that the file in question has certain characteristics that make it worthy of further inquiry -- thus, "suspicious" and not "confirmed."

Eric L. Howes
Sunbelt Software

[lucas1985]

I know that VIPRE™ is a heuristic/emulation engine. I wonder how an average user can interpret a heuristic detection. Is the file blocked/quarantined/deleted?

[eburger68]

Trooper:

You asked:

Quote:

Originally Posted by Trooper

Does the new version of CounterSpy have improved scanning time? Also, is it less bloated than version 1.5?

I think you'll find that CSC 2 is a vast improvement over CSC 1.5 in terms of resources. Scan speeds are roughly the same or slightly improved, depending on your system. Also, although the size of the definitions is larger, CSC 2 performs incremental updates, meaning that what you pull down during a typical update is much, much smaller than with CSC 1.5 (which can only pull down the full definitions file every update).

Best,

Eric L. Howes
Sunbelt Software

[eburger68]

lucas1985:

You asked:

Quote:

Originally Posted by lucas1985

I know that VIPRE™ is a heuristic/emulation engine. I wonder how an average user can interpret a heuristic detection. Is the file blocked/quarantined/deleted?

Answer: none of the above.

In CounterSpy 2 the user will never see the designation "VIPRE.Suspicious," which is a label used only on VirusTotal. Rather, when the VIPRE engine detects an otherwise unknown file (unknown because it's not on the black list or white list of files) with "suspicious" characteristics, Active Protection pops up an alert ot the user. That alert says, roughly, "A suspicious application, ABC.exe, is attempting to do X, Y, and Z on your PC. What do you want to do? Block, Quarantine, Allow?"

In other words, the VIPRE engine in this case is acting as a filter of sorts, allowing us to avoid alerting on every unknown application. Instead we alert only on unknown applications that exhibit enough worrisome characteristics that we think the user ought to be notified.

Eric L. Howes
Sunbelt Software

[Trooper]

Thanks Eric. Right now I am unable to uninstall version 1.5, or install 2.1 over the top. I keep getting this message. Then when I click on ok, I get the next message.

Any ideas?

[eburger68]

trooper:

It looks like the Windows Script Host has either been uninstalled on your system, or the extensions (.VBS, .JS, etc.) have been unregistered.

The easiest thing to do is reinstall the Windows Script Host for Win2K/XP from here:

Windows Script Host 5.6

After reinstalling the WSH, then try uninstalling version 1.5 again.

Best,

Eric L. Howes
Sunbelt Software

Quote:

CounterSpy 2.1 is not supported on the following platforms:

* Windows 95
* Windows 98
* Windows 98 SE
* Windows ME
* Windows NT 4.0 (or earlier)
* Windows 2000 RTM, SP1, SP2
* Windows 2000 Server
* Windows 2003 Server
* Windows XP 64-bit
* Windows Vista 64-bit

And just what is that suppose to mean?

I take it those platforms are out of reach of the developers?

[lucas1985]

Quote:

Originally Posted by eburger68

In CounterSpy 2 the user will never see the designation "VIPRE.Suspicious," which is a label used only on VirusTotal. Rather, when the VIPRE engine detects an otherwise unknown file (unknown because it's not on the black list or white list of files) with "suspicious" characteristics, Active Protection pops up an alert ot the user. That alert says, roughly, "A suspicious application, ABC.exe, is attempting to do X, Y, and Z on your PC. What do you want to do? Block, Quarantine, Allow?"

In other words, the VIPRE engine in this case is acting as a filter of sorts, allowing us to avoid alerting on every unknown application. Instead we alert only on unknown applications that exhibit enough worrisome characteristics that we think the user ought to be notified.

Eric L. Howes
Sunbelt Software

I understand now. So, I can say that VIPRE works as a behaviour blocker? So, your approach is very similar to PrevX: blacklisting, whitelisting and behaviour analysis/heuristics on unknown files.
Thanks for your imput

[Durad]

Hello Eric,

Is there a feature to send suspicius files to you guys directly from program ?

I see that VIPRE is doing very well at Virustotal!

[eburger68]

Easter.2010:

Quote:

Originally Posted by EASTER.2010

And just what is that suppose to mean?
I take it those platforms are out of reach of the developers?

It means, limited time, limited resources dictate that we target those platforms where users are most likely to be, and which we can support most practically.

While there are still users on Win98Se and WinMe (which are supported by CSC 1.5), writing Active Protection drivers for that platform proved to be much too difficult and time-consuming given the resources at hand.

These decisions aren't trivial either. We probably could have released mid-to-late December had we not decided to implement Vista compatibility. Once the devs made the necessary architectural changes, things broke all over the app, and we spent the month of January picking up the pieces.

FWIW, support for XP 64-bit and Vista 64-bit should be arriving in the next few months. As w/ Vista 32-bit, compatibility is perfectly do-able -- it's just a matter of time.

Eric L. Howes
Sunbelt Software

[eburger68]

lucas1985:

You wrote:

Quote:

Originally Posted by lucas1985

I understand now. So, I can say that VIPRE works as a behaviour blocker? So, your approach is very similar to PrevX: blacklisting, whitelisting and behaviour analysis/heuristics on unknown files.
Thanks for your imput

In some ways, yes. But that's not the limit of VIPRE. We can also build app/threat-specific definitions (much like traditional AV signatures) that are incorporated both into the on-demand scan as well as Active Protection.

We have a limited number of such sigs implemented in CSC 2.1.906 (the build just released). Sometime in the next month we anticipate releasing the next version of the VIPRE engine, which will be pushed out via auto-updates. With this upgraded engine will come a vast number of signatures already written for threats, but which aren't supported by the VIPRE engine currently in CounterSpy 2.

Best,

Eric L. Howes

[btman]

Hmm... Now to decide whether I should put my efforts towards helping this program or Spyware Doctor... I think SD needs the help more then Counterspy... But I want to test this program real bad lol ><.

Quote:

While there are still users on Win98Se and WinMe (which are supported by CSC 1.5), writing Active Protection drivers for that platform proved to be much too difficult and time-consuming given the resources at hand

I thought as much but then again it doesn't apply to my units fortunately. At any rate it's encouraging to receive that report from you ERIC. Please also pass along my most best regards to patrick when you find time. I know all your efforts haven't changed and that it's important we continue this crusade fiercely in order to contribute to make a safe internet experience for everyone the world over.

[eburger68]

Durad:

You wrote:

Quote:

Originally Posted by Durad

Is there a feature to send suspicius files to you guys directly from program ?

At present, no, unfortunately. That is on the "to do" list. If you enable "ThreatNet" within CounterSpy, though, we will get plenty of data about detected threats and so forth. (Note: ThreatNet is a completely optional feedback component.)

Quote:

Originally Posted by Durad

II see that VIPRE is doing very well at Virustotal!

We aren't doing too bad. Take a look at these stats on malware submissions from MIRT (CastleCops) to VirusTotal:

http://winnow.oitc.com/AntiVirusPerformance.html

The CounterSpy 2 engine is solidly middle-of-the-pack, which ain't too shabby considering that: a) for a good while VirusTotal was using outdated defs for CS because of a technical glitch; 2) unlike everyone else on the list, we're not yet doing daily def updates (we anticipate starting daily def updates in the next month); 3) we haven't incorporated AV sigs into CS yet.

So, while we're pleased with CounterSpy 2, there's still plenty of room to grow and improve, and the next few months should prove very interesting.

Best,

Eric L. Howes

[Trooper]

Quote:

Originally Posted by eburger68

trooper:

It looks like the Windows Script Host has either been uninstalled on your system, or the extensions (.VBS, .JS, etc.) have been unregistered.

The easiest thing to do is reinstall the Windows Script Host for Win2K/XP from here:

Windows Script Host 5.6

After reinstalling the WSH, then try uninstalling version 1.5 again.

Best,

Eric L. Howes
Sunbelt Software

Thanks very much for your help Eric. That fixed me right up. I have uninstalled version 1.5 and installed the new version. My scan time went from roughly 17 minutes down to about 11 minutes! Very nice indeed.

Thanks again for the help.