CounterSpy 2 - Notes

Discussion in 'other anti-malware software' started by eburger68, Feb 5, 2007.

Thread Status:
Not open for further replies.
  1. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    Hi All:

    I posted an announcement of the release of CounterSpy 2 in the updates forum:

    https://www.wilderssecurity.com/showthread.php?t=164364

    Here is some additional info that did not fit into that post:

    System Requirements

    - Microsoft Internet Explorer 5.5 or higher
    - IBM Compatible 400MHZ Computer with at least 128MB of RAM
    - Windows 2000 Pro SP3 & higher, Windows XP (Pro, Home, Tablet, or Media), Windows Vista RTM 32-bit
    - 200MB of available free space on your hard drive

    CounterSpy 2.1 is not supported on the following platforms:

    * Windows 95
    * Windows 98
    * Windows 98 SE
    * Windows ME
    * Windows NT 4.0 (or earlier)
    * Windows 2000 RTM, SP1, SP2
    * Windows 2000 Server
    * Windows 2003 Server
    * Windows XP 64-bit
    * Windows Vista 64-bit

    Trial Version

    New users are entitled to a free 15 day trial period, during which the application is fully functional -- i.e., Active Protection is usable and the app will both scan for AND remove adware, spyware, and malware.

    To start your 15 day trial period, simply download the application from the link above and install. If you purchase a license after 15 days, you can convert the installed trial version into a licensed version by entering your Registration key into the program's registration wizard.

    Upgrades for Existing Users

    Users with valid licenses for CounterSpy 1.0 or 1.5 are entitled to a free upgrade. During installation, the CounterSpy 2 installer will accept your existing Registration key for version 1.5 or 1.0.

    Although we would recommend uninstalling CSC 1.0 and 1.5 first, you can simply launch the CSC 2 installer, and it will automatically upgrade your CounterSpy installation to version 2.

    Windows Defender

    Please be aware that CounterSpy will disable Windows Defender, if that app is installed (CounterSpy will not uninstall or remove Windows Defender).

    Although this behavior is by design, Sunbelt recognizes that some users may want to keep Windows Defender enabled.

    * In the short term, Sunbelt will be offering a workaround that allows Windows Defender to stay enabled alongside CounterSpy 2 (check back in this thread for more info later today).

    * In a follow-on bug-fix release that should be released in the next 1-2 weeks, CounterSpy will make available in the user interface an option to keep Windows Defender enabled.

    Best,

    Eric L. Howes
    Sunbelt Software
     
  2. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    Hi All:

    As promised, here is the fix/workaround (mentioned in my previous post) that allows Windows Defender to remain enabled while CounterSpy 2 is installed.

    The following .ZIP file contains two .REG files: one to enable Windows Defender while CSC 2 is installed; one to disable Windows Defender while CSC 2 is installed:

    http://www.sunbelt-software.com/spyware/CounterSpy/enable_windef.zip

    Also included in the .ZIP file is a ReadMe with more instructions on how to use this workaround.

    Best,

    Eric L. Howes
    Sunbelt Software
     
  3. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi Eric,

    I am a paid customer of Counterspy and when I try to install Counterspy 2.0 I receive the error message in my screenshoto_O I simply can't install it :-(


    Best regards,
    Atomas31
     

    Attached Files:

  4. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    Atomas31:

    I've not seen that error before. I assume you had a previous version of CounterSpy installed, yes? What version? What path was it installed to?

    Also, did you uninstall that previous version before installing CounterSpy 2.1?

    Finally, what version and service pack of Windows are you running?

    Eric L. Howes
    Sunbelt Software
     
  5. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Hi Eric,

    Nice to see you on the forums here. Does the new version of CounterSpy have improved scanning time? Also, is it less bloated than version 1.5?

    Cheers.
     
  6. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi Eric,

    I finally succeed in installing CS 2.0 but I had to absolutly uninstall version 1.5...

    I have windows XP with SP2.

    I have a question : When I am doing a scan shouldn't I see the files that are being scan? I have joint a screenshot where you can see "scanning files" but I don't see the files being scan like in v. 1.5o_O

    Thanks,
    Atomas31
     

    Attached Files:

  7. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    Atomas:

    By default that option is turned off to improve scan speeds. You can turn it back on through an option in the "Settings" menu.

    Best,

    Eric L. Howes
    Sunbelt Software
     
  8. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Ok, Thanks!

    Best regards,
    Atomas31
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Not to butt in but, it looks like CS2 is running at around 33MB with its active protection enabled. That is a tremendous improvement from the previous weigh-in of nearly 200 MB. While updating it jumps up a bit to between 38-40 MB. I have not ran a scan yet but the definition update speed is certainly improved.
     
  10. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Hi Eric,
    According to VirusTotal, CS2 is detecting µTorrent executable as "VIPRE.Suspicious"
     
  11. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    lucas1985:

    A VIPRE.Suspicious detection is not a positive confirmation of malware, but rather an indication that the file in question has certain characteristics that make it worthy of further inquiry -- thus, "suspicious" and not "confirmed."

    Eric L. Howes
    Sunbelt Software
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I know that VIPRE™ is a heuristic/emulation engine. I wonder how an average user can interpret a heuristic detection. Is the file blocked/quarantined/deleted?
     
  13. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    Trooper:

    You asked:

    I think you'll find that CSC 2 is a vast improvement over CSC 1.5 in terms of resources. Scan speeds are roughly the same or slightly improved, depending on your system. Also, although the size of the definitions is larger, CSC 2 performs incremental updates, meaning that what you pull down during a typical update is much, much smaller than with CSC 1.5 (which can only pull down the full definitions file every update).

    Best,

    Eric L. Howes
    Sunbelt Software
     
  14. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    lucas1985:

    You asked:

    Answer: none of the above.

    In CounterSpy 2 the user will never see the designation "VIPRE.Suspicious," which is a label used only on VirusTotal. Rather, when the VIPRE engine detects an otherwise unknown file (unknown because it's not on the black list or white list of files) with "suspicious" characteristics, Active Protection pops up an alert ot the user. That alert says, roughly, "A suspicious application, ABC.exe, is attempting to do X, Y, and Z on your PC. What do you want to do? Block, Quarantine, Allow?"

    In other words, the VIPRE engine in this case is acting as a filter of sorts, allowing us to avoid alerting on every unknown application. Instead we alert only on unknown applications that exhibit enough worrisome characteristics that we think the user ought to be notified.

    Eric L. Howes
    Sunbelt Software
     
  15. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Thanks Eric. Right now I am unable to uninstall version 1.5, or install 2.1 over the top. I keep getting this message. Then when I click on ok, I get the next message.

    Any ideas?
     

    Attached Files:

  16. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    trooper:

    It looks like the Windows Script Host has either been uninstalled on your system, or the extensions (.VBS, .JS, etc.) have been unregistered.

    The easiest thing to do is reinstall the Windows Script Host for Win2K/XP from here:

    Windows Script Host 5.6

    After reinstalling the WSH, then try uninstalling version 1.5 again.

    Best,

    Eric L. Howes
    Sunbelt Software
     
  17. EASTER.2010

    EASTER.2010 Guest

    And just what is that suppose to mean? :cautious:

    I take it those platforms are out of reach of the developers?
     
  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I understand now. So, I can say that VIPRE works as a behaviour blocker? So, your approach is very similar to PrevX: blacklisting, whitelisting and behaviour analysis/heuristics on unknown files.
    Thanks for your imput :thumb:
     
  19. Durad

    Durad Registered Member

    Joined:
    Aug 13, 2005
    Posts:
    591
    Location:
    Canada
    Hello Eric,

    Is there a feature to send suspicius files to you guys directly from program ?

    I see that VIPRE is doing very well at Virustotal!
     
  20. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    Easter.2010:

    It means, limited time, limited resources dictate that we target those platforms where users are most likely to be, and which we can support most practically.

    While there are still users on Win98Se and WinMe (which are supported by CSC 1.5), writing Active Protection drivers for that platform proved to be much too difficult and time-consuming given the resources at hand.

    These decisions aren't trivial either. We probably could have released mid-to-late December had we not decided to implement Vista compatibility. Once the devs made the necessary architectural changes, things broke all over the app, and we spent the month of January picking up the pieces.

    FWIW, support for XP 64-bit and Vista 64-bit should be arriving in the next few months. As w/ Vista 32-bit, compatibility is perfectly do-able -- it's just a matter of time.

    Eric L. Howes
    Sunbelt Software
     
  21. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    lucas1985:

    You wrote:

    In some ways, yes. But that's not the limit of VIPRE. We can also build app/threat-specific definitions (much like traditional AV signatures) that are incorporated both into the on-demand scan as well as Active Protection.

    We have a limited number of such sigs implemented in CSC 2.1.906 (the build just released). Sometime in the next month we anticipate releasing the next version of the VIPRE engine, which will be pushed out via auto-updates. With this upgraded engine will come a vast number of signatures already written for threats, but which aren't supported by the VIPRE engine currently in CounterSpy 2.

    Best,

    Eric L. Howes
     
    Last edited: Feb 6, 2007
  22. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    Hmm... Now to decide whether I should put my efforts towards helping this program or Spyware Doctor... I think SD needs the help more then Counterspy... But I want to test this program real bad lol ><.
     
  23. EASTER.2010

    EASTER.2010 Guest

    I thought as much but then again it doesn't apply to my units fortunately. At any rate it's encouraging to receive that report from you ERIC. Please also pass along my most best regards to patrick when you find time. I know all your efforts haven't changed and that it's important we continue this crusade fiercely in order to contribute to make a safe internet experience for everyone the world over. :thumb:
     
  24. eburger68

    eburger68 Privacy Expert

    Joined:
    Mar 4, 2002
    Posts:
    244
    Durad:

    You wrote:

    At present, no, unfortunately. That is on the "to do" list. If you enable "ThreatNet" within CounterSpy, though, we will get plenty of data about detected threats and so forth. (Note: ThreatNet is a completely optional feedback component.)

    We aren't doing too bad. Take a look at these stats on malware submissions from MIRT (CastleCops) to VirusTotal:

    http://winnow.oitc.com/AntiVirusPerformance.html

    The CounterSpy 2 engine is solidly middle-of-the-pack, which ain't too shabby considering that: a) for a good while VirusTotal was using outdated defs for CS because of a technical glitch; 2) unlike everyone else on the list, we're not yet doing daily def updates (we anticipate starting daily def updates in the next month); 3) we haven't incorporated AV sigs into CS yet.

    So, while we're pleased with CounterSpy 2, there's still plenty of room to grow and improve, and the next few months should prove very interesting.

    Best,

    Eric L. Howes
     
  25. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Thanks very much for your help Eric. That fixed me right up. I have uninstalled version 1.5 and installed the new version. My scan time went from roughly 17 minutes down to about 11 minutes! Very nice indeed.

    Thanks again for the help.
     
Loading...
Thread Status:
Not open for further replies.