Superantispyware Pro real time protection

SAS is mainly a blacklist scanner (signatures + generic signatures + heuristics + advanced filesystem scanner) with few non-signature based protection targeted at IE (protection of home page and the like)

 

Thank you for the info lucas1958 and where did you get this information at? So SuperAntiSpyware definitely has heuristics huh? Also what does the advanced filesystem scanner do exactly? I appreciate your answers as I am currently using a free Spy Sweeper trial, but I do think my PC ran a little faster with SAS. I just wanted to see what SAS's Real Time entails before reinstalling it. Thanks again and I look forward to more of your answers. I wonder why Nick wasn't as informative about this when I asked?

 

But the question remains: does SAS (with real-time protection) also protect FF?

 

SAS' website and some Nick's older posts.

Also, if you see some signatures, they're ended in .Gen, indicating generic signatures.

It's the feature that allows SAS to detect and remove active rootkits and other stealth or difficult to remove malware. If your AV misses a 0-day rootkit, it's highly likely that it will not remove the threat even after a signature update because the rootkit is manipulating what the AV sees. With SAS, it's the other way around, it's highly likely that it will detect and remove the rootkit if SAS missed it early.

I don't know. Perhaps he doesn't know how to explain SAS technology in an user-friendly (at least Wilders friendly) way or he doesn't want to give the bad guys a clue.

SAS' signatures and heuristics will stop malware from being installed, no matter what's the application delivering it.

 

I have been swamped with the new release coming out and it seemed as though people were properly answering your questions. Our product is not just a "blacklist" scanner - we have all sorts of technology in place to handle new variants (unknown to us) of the different threat families which is like heuristics, but not the typical definition. As lucas1985 indicated, I also won't disclose everything we do as obviously it's proprietary.

Our DDA (Direct Disk Access) and KD (Kernel Direct) technology often allow us to see infections other products won't even see on a system.

As for being able to explain our technology......I certainly know how to explain our product and technology to others

 

Well, heuristics still do enumerate badness, so it would be blacklisting (default-allow approach). We may get caught in semantics, though.

Great So, SAS heuristics are composed of:
- Generic signatures?
- Code analysis?
- Emulation?
- Sandboxing?
- ....?

 

I really can't go into too much detail for obvious reasons. We have many methods to analyze and catch threats and new variants of the threats. I don't know of many security companies that will reveal their techniques. We are much more than an blacklist/signature based scanner. Signatures are of course part of any scanner, but certainly no the bulk of SUPERAntiSpyware's technology.

 

Well, everyone knows that Norman uses a sandbox for unpacking and heuristic analysis (behaviour-based heuristics) and that Avast only uses generic signatures as proactive measure.

 

That reveals nothing more than we revealed - we use signatures, smart definitions, heuristics, multi-dimensional scanning, code analysis and other proprietary techniques.

 

(?)
So, you have an unpacking engine and an emulation engine?
As I see it, SAS is closer to AVs than to "traditional" AS (shields, HIPS/IDS, policy guard), excepting for the registry scanning and a very advanced disk/filesystem scanner.

 

We can unpack lots of samples We produce/create whatever technology is necessary to keep up with, or ahead, of the threats.

 

A last question, do you blacklist malware-related runtime packers?

 

Not just the packers as some are actually used in legit products. With the number of users/files we touch in the world, we see all kinds of crazy things

 

The AV vendors do that (HEUR.Crypted, Trojan.Packed.13, Packed.Themida, etc). IIRC, certain runtime packers can be blacklisted without affecting legitimate software.

 

I understand what others do, but I also understand that we see legit samples with those as we have the built in false-positive reporting system that other products don't have.....

 

Your FP track record is very good. Congratulations to you and your team

 

Just wanted to say thanks again for your help lucas1985, and to you for your reply Nick. I understand that you must be busy with the new release imminent, and that you of course don't want to divulge too much information about SAS's RT protection. Take care and thanks for a superb AS program.

 

I just wanted to say I have a friend who tried out SAS free edition on my suggestion and it removed over 200 pieces of adware and spyware and now all the nasty pop ups and weird problems he was having are gone. I must confess I was very impressed.