CounterSpy

Discussion in 'other anti-malware software' started by Trooper, May 12, 2005.

Thread Status:
Not open for further replies.
  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Is it really worth it? Is it THAT much better than the MSAS?

    I think the two are pretty much the same thing correct? I am curious if it is worth the 20 bucks or should I stick with the MSAS beta which is free? o_O

    Thanks in advance for any/all replies.

    Regards,

    Jag
     
  2. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    I don't know much for specifics, but this is what I've gathered:
    CounterSpy uses Microsoft's updates as well as developing their own defs.
    MSAS has a couple extra system checkpoints being monitored (3 more if I remember right; 59 for MSAS and 56 for CS).

    As far as detection rates, I don't know which is better. I know they both panic if I install the free version of Kazaa (which is a good thing). Personally, I wouldn't spend the extra $20 because I can't see any compelling reason to use CS over a very similar free product.
     
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    CounterSpy has something like 3 times as many sigs, and they just bought some web crawling software that should greatly increase their sig base once they get it fully going, article here: http://www.eweek.com/article2/0,1759,1788878,00.asp .. of course they also plan on doing more to distinguish CounterSpy from MSAS in the near future.
     
  4. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Thanks for the info guys. One of the reasons I have thought about getting it was due to some reviews I have read.

    The second reason is because my MSAS keeps timing out when it is scanning memory for polymorphic hijack attempts.

    There is another user here on these forums that is having the same problems as me. Someone posted back that there is a problem with MSAS and possibly Spywareblaster.

    Any thoughts on this one?

    Thanks for your replies.

    Regards,

    Jag
     
  5. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Interesting article Notok! I guess they'll have to do something cause Giant was a winner and they saw it too...but when the licence expires with Microsoft then they'll have to do it on their own so I understand why they seek for solutions.
    If they don't this kind of stuff, they'll have to find another contractor like some time ago with PestPatrol.
    SpySweeper has also such a special method with searchengines I believe.
    And that sounds promising for both companies :)
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    See my post on it here.

    Hope this helps...

    Cheers :D
     
  7. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Blackspear,

    Thanks for your post/link. Looks like some good stuff. I also just found this article HERE regarding Counterspy.

    I downloaded the free 15 day trial but it found nothing on my computer. :D All in all, it looks pretty solid. I will decide to purchase after some more investigation.

    Regards,

    Jag
     
  8. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Jaguar, im a registered user of CounterSpy for more than 2 months now. Is very good and much better than MS. Just dont set it to check for updated on startup, because sometimes it 'stucks'.
     
  9. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Stephanos,

    Did Counterspy find anything for you that MSAS did not?
     
  10. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Yes, just before i uninstall MS i have sweeped my system, found nothing.
    Same day i installed CounterSpy and found two keylogers.
    They have different databases. I like CounterSpy.
     
  11. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Wow two keyloggers huh? Damn lucky you got Counterspy then.

    One thing I dont like so far is the increased memory useage. I wonder if they could fix that at some point. Or if it is just that way because of the larger database?
     
  12. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    I am curious to ask any other CS users.

    I was messing around with my hosts file, trying to see if I could get CS to prompt me that a change has occured. However I never received any prompts.

    I was wondering if anyone else has had this problem or if you have not or do not know, could you please test it out and reply back to this thread to let me know.

    Im still trying to decide whether or not to buy this product.

    Thanks and Regards,

    Jag
     
  13. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Can anyone pitch in here please?

    I did a lil more testing. It seems (at least on my system) that if you use a large HOSTS file like mvps or bluetac's it does not alert me.

    When I go to the default HOSTS file from Windows and add an entry in, it pops up immediately.

    So, does CS not know how to handle large HOSTS files?

    I tried finding forums for CS but was unlucky. Do they even have an "Official" forum?

    Regards,

    Jag
     
  14. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Yes they do, over at CastleCops. As for the HOSTS file, I seem to remember hearing that CS does have a problem with large ones, but you should consider that pure hearsay. I would give it a try, I've been using it for a little while now and am very happy with it.
     
  15. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Notok,

    Thanks very much, I will post over there. :)

    Best Regards,

    Jag
     
  16. UCI_MECH

    UCI_MECH Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    15
    I have tried CounterSpy for few days. I decided to uninstall it for two reasons:

    1- Uses alot of memory ~27MB and sometimes too aggressive in using CPU resources when the real-time protection is enabled.

    2- Too many false positives. I installed CounterSpy in a clean machine and after the first deep scan it shows about 15 detections range between keyloggers and other kind of spywares.

    How I know these are FP because all keyloggers were legitimate applications that I know for sure such as Password Recovery Pro. Also I tested my system with following tools:

    KAV5, TDS-3, Ewido 3 plus, TrojanHunter 4.2, SpySweeper 3.5, Ad-Aware SE, SpybotSD

    I didn’t even get one warning from any of these tools. But CounterSpy still insists that I have a lot of keyloggers installed on my system. Bad spyware detector nice GUI though.
     
  17. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    I am not sure about the FP's but I would assume that anything is possible.

    Im still trialing it but it has not really shown me anything special as of yet. Im still a bit disappointed regarding the HOSTS file as well.

    Jag
     
  18. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    This seems to be a pretty common theme among people who have voiced complaints against CounterSpy. I have heard repeatedly that false positives is an area that greatly needs to be improved for this product. Having never used it, I can't speak on behalf of this....but I have heard from several people that false positives seem to be pretty commonplace.
     
  19. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I've been using it for a few weeks and have not had more than one or two FPs. From what I've gathered from their forum they made a major effort to reduce FPs right before I started using it, including extensive testing before releasing updates. As far as I know it's never been as bad as scanners like PestPatrol, though.
     
  20. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,000
    I don't think CS has that many false positives at all. I use it for about four months now and they just have a different approach, so it seems. And they give options when they detect things. CS is for instance the only one on my system to flag Messenger Plus! as dangerous. And they gave the option to quarantine the thing. But I have no problem with Plus! so I set it on always ignore.

    Not an fp, just another idea :)
     
  21. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Aside from having difficulty with large hosts files, it seems that on my system, the "Active Protection" is always disabled upon startup.

    I have to manually activate it each time. Has anyone else had this problem?
     
  22. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    The active protection behaves like that in the trial version i believe.It did for me anyway.The registered version doesnt behave like that.Howver its annoying (imo) that in the registered version it insists on registering itself at startup everytime you open the damn thing.Its nice to have it startup but for gods sake let the user decide whther to use it on demand , whether to update it auto or manually , without it inserting its sunasdtserv.exe in the run keys.
    ellison
     
  23. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Here is one example of what I am referring to by "false positives". This was posted at Castlecops including several updates by a Sunbelt administrator in response to the FPs. It looks like they are doing their best to stay up on things, but that is still an aweful lot of FPs to update and correct....and several times over.

    CounterSpy Update Definitions and Details (via Castlecops)
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Yea, verily!
     
  25. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,000
    And they are at version 170, but that hasn't been updated yet :) So no idea what they changed now. A complaint I had before, because Sunbelt's website prints absolutely nothing except for marketing blabla. Would be neat if they put info on version on their website, but "too much work," they told me...
     
Thread Status:
Not open for further replies.