Discussion in 'other anti-malware software' started by TNT, Apr 21, 2006.
read LS reply
I am very worry about that there will be more black sheep appear in the Anti-Spyware market,Lavasoft will catch more thieves who had stolen its def.
Uhmmm... disappointing. The 'vulnerability recently discovered' they talk about is actually a very bad programming choice: they didn't implement a strong algorithm and introduced a flaw somewhere, they actually chose a VERY BAD algorithm; and apparently they lied about the definitions themselves. Not a very good reply, in my opinion.
This was the topic of my earlier thread (AdAware takes a hit) wherein I carelessly linked to a site that published the reverse-engineered code. I apologize for that indescretion.
I agree with Lavasoft that publishing weak code is not the way to get it fixed.
I see that one "policy" at their forums hasn't changed. If the subject matter is not complimentary to their product, they post the last word and immediately close the thread. No embarrasing questions allowed.
That's the problem with sponsored forums. Companies view them as a way to promote their products. Members rarely see it that way. It's a bad mix.
I'm sorry, but in the real life this is the only way!
This is the most important part IMO...
"This leads to another area of concern that we address to the entire security industry. It is without a doubt a fact that no one can anticipate or even design for every potential vulnerability in a given security application. Though we and our competitors do everything humanly possible to account for and provide appropriate development that will eliminate known vulnerabilities, it is true that none of us can foresee all vectors of potential attack.
With that said, independent researchers and testers are an essential part of product improvement when they find and then report potential issues. This however should be done in a responsible manor rather than to place millions of users at risk for nothing more than a sensational story.
We are appalled at the level of irresponsibility and outright apathy being shown by those who pretend to be providing essential security information and public debate. All too often these organizations and individuals do not care that their information or publication could cause damage to users world wide; rather they look only for the headlines and/or gains they could get from exposing sensitive information and sit basking in the after-glow from the destructive content they helped to develop.
Yes dear reader, this type of irresponsible behavior and lack of professional ethics helps foster new malicious code and exploit development rather than to bring about positive change or product improvements. How often have computer users been placed at risk just because someone decided it would be a good idea to publish this type of information and for what purpose; just to be first?
We call on the security news and discussion industry to stop allowing publication of vulnerabilities before developers have an appropriate opportunity to provide corrections so that users remain protected.
If you are not part of the solution you are part of the problem."
Basically, the rush to publish and the need to appear to be 'the man' puts everyone at greater risk and all this to massage someone's ego.
Exactly right herbalist. I find no change at all either from that same old song and dance from that camp and wouldn't expect that ever to change so long as ownership remains in the same hands it's always been in.
Shame really because Windows General was a really helpful section that saved many people headaches and wrong decisions while improving their own education into areas that better helped inform them of what they needed, and after all forums should serve a need also and not always to toot that horn which is always loud enough IMO.
let's give the Lavasoft support forums a chance before making accusations and kicking them
The only closed post I can seee was a standard announcement about a beta product taht shouldn't need any reply
If you have a problem with teh product tehn post a new threaqd & see what happens
If taht thread is immediately closed then you would have a cause for complaint
Do you immediately complain about an announcement by admin on these & OTHER forums who sticky & close announcements because they are announcements
Yes Lavasoft have been unfriendly towards customers in the past, lets give them a chance as the forums are being run by tech support this time not by sales & admin
The guy who went ahead and posted about the vulnerabilities in Adaware is akin to finding someone's left their front door unlocked and instead of telling them, you go and tell all the criminals you know.
No, it isn't. First of all, because Lavasoft knew about this (and if they don't that something like XOR is not good encryption, they're too incompetent to be trusted). Second, because they didn't forget "the door open", they actually sell products and get paid for them. Third, because the guy didn't "tell all the criminals" (unless you think the whole world is just a bunch of criminals), and he didn't actually "sell" the vunlerability like some actual crackers do. Fourth, because if Lavasoft actually did "multiply the signature number by 1.46 to make it appear bigger", they actually did try to fool customers and the public. Fifth, because taking this concept too far (like you're doing) would mean that a lot of the companies listed in this list (at least the ones that are not downright 'malicious') should have the right to be "mad" or even sue the author because he exposed that they can't be relied upon.
The author of the article didn't do what he should have done, I agree: he should have informed Lavasoft before. That would have been correct. And Lavasoft should have fixed all the problems. Are you sure they would have? I hope so, but I'm not so sure.
herbalist is exactly right in his observations and nothing is changed there whatsoever unfortunately.
One of my posts was canned without explaination.
Highly likely by that LSChris Fry character who was one of the main reasons so much distrust cropped up internally that eventually led to the closing of LS Forums in the first place.
One of my suggested entries under their FORUM SUGGESTIONS a program named Process View is old hat but efficient at displaying the day's running tally of any processes which could indicate exact times of entry of malware that slipped past Ad-Aware SE. It was simply a suggestion that was answered initially by another of the forum staff there as worth they're consideration and would be added.
The other was a simple question if the management specialist IAMSKINZ who actually gave me my own first start at Lavasoft might be returning or not.
I reviewed the forums today to find that one post already removed. Strange bunch over there IMO now and looks to offer nothing that's going to prove to be of any real use if they continue to censor away simple questions.
Also notice they publish a lot of suggestions for systems internals programs as an alternative to when some malware cannot be contained or removed.
Odd but not to be unexpected i suppose given one of the reasons for the animosity in the first place appears firmly in charge of their forums, so really nothing new at all in that.
ad-aware deleted some of the settings for my apps. haven't used it since
e e e w i d o o ooooo
I had this problem occassionally, as well. After a nice, clean startup, ad-watch would popup alert after alert saying that tons of keys in hkey-classes-root had changed. The first time I got such alerts, I naturally blocked the changes, thingking that spyware had done something to them. After a reboot, I discovered the horrible truth: ad-watch had replaced vital file association keys in hkey-classes-root with invalid entries or simply deleted them. This basically disabled all programs and files from functioning on the machine and caused me to devote many, many hours to get things back to normal. Needless to say, I stopped using ad-watch after that.
Such blatant flaws in the supposedly professional version of their software are suggestive to me of a truly flawed codebase. To think they actually had the audacity to release a firewall....
While I haven't used the latest version of AAW, all the previous versions alerted on the registry entries for Script Sentry.On more than one occasion I mentioned this at their old forums. Their answer was to add it to the ignore list. While that's fine for my system, it doesn't address the problem and sure doesn't help other users who don't know that it's a f/p. Alerting on a registry change without checking on what changed it or why is sloppy at best. It's not like Script Sentry is new or unknown to them. IMO, this is more indicative of a problem with how the reference files are maintained than with AAW itself. Could easily be exempted from detection. Maybe the new version does, but I've lost confidence in them as a company and don't intend to install it again to find out.
What do you think will be the effect on F-Secure Anti-Spyware, which is based on Lavasoft Ad-Aware? Is F-Secure Anti-Spyware also a wretched product? How many users do you think are aware of this relationship?
Certainly F-Secure entered into this relationship with there eyes fully open. F-Secure is a "rock-solid" company.
They (LS) have reserved for their detections for quite some time now the warning about a compromise with Script Sentry a target for detection which makes no sense since it is been a very popular and now long time protection addition to intercepting VBS and many other extensions that can release virus formulary files.
Adwatch works by detecting ANY change to monitored keys
It doesn't detect or look for what changed it, just the change
It is extremely difficult to make a deetctor for registry changes that detect what caused it and what should be blocked without having a massive list of approved programs & really slow down the protection if it has to check a list of programs somewhere in the thousands of entries or posssible programs on the computer before deciding to allow or deny the change
the best way to do it is for the user to allow a process to change registry in the same way as Process guard and other similar programs work
everything gets blocked & alerted to start with & you let it change if you approve of the change
However I don't think this present version of adwatch is designed with that in mind it just seems to have block or allow specific keys to be changed
adwatch is a fairly primitive protection but serves a useful warning of attempts to change certain keys
Like everything in this world, you get what you pay for
Nothing seems to have changed so far as that add-on to Adaware-SE. It's been suggested to the management for years to completely rework it after numerous complaints over it for the longest time but then who waits for years for changes when alternative safe and effective protection is made public and available that works without issue.
Separate names with a comma.