Does Ewido and Counterspy do the same thing?

Discussion in 'ewido anti-spyware forum' started by Kielty, Feb 28, 2006.

Thread Status:
Not open for further replies.
  1. Kielty

    Kielty Registered Member

    Joined:
    May 3, 2005
    Posts:
    139
    Location:
    The Emerald Isle
    I wonder if someone can clarify for me .. I run NOD32, Counterspy (resident), Sunbelt/Kerio PF 4 and have read good things about Ewido on these forums. I am a little confused as to whether Counterspy and Ewido do the same thing? is there much overlap? is there any point in running Ewido also? Can i run both at the same time (resident)? is there much point? does it add anything over the protection i already have? I ran the online scanner on the Ewido website and it found nothing...

    Sorry to ramble on...! Any thoughts would be appreciated..
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Counterspy, and other AS progs, monitor certain critical areas of your system looking for changes that might be caused by malware and then give you the chance to reverse those changes. Mostly it will be looking at Registry Keys, but also at non-Registry positions such as start-up folders and the Hosts File etc.

    It is true that Counterspy also "monitors all applications that are attemting to run on your machine and....will alert you when a known threat is attempting to run"; but I really don't think you can compare Counterspy with ewido's realtime memory scanning capabilites which can stop a trojan in its tracks before it has a chance to get going. So really they are not performing the same function and you can certainly run both together.

    As to whether there is much point, that is another matter which will depend upon your computer habits etc. Ewido would offer another level of protection which gives more peace of mind.

    Ewido started life as an anti-trojan and it is only repositioning itself as a general 'anti-malware' prog in response to the market which requires anti-spyware protection in general, because that is what people are mostly suffering from as they surf.

    If I was only going to supplement my AV/FW with one other realtime prog I would choose ewido in preference to an AS prog, but there is no reason not to run both if you wish.

    Incidently, I run both ewido and Counterspy quite happily!
     
  3. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    They are different.

    ewido is more an anti-malware, and CounterSpy an anti-spyware.
    I use both for on-demand only because they consume a lot of resources when we use they active protection, but they are great to detect and remove the threats...

    You already have a great AV, so use both to complement its protection...
     
  4. Kielty

    Kielty Registered Member

    Joined:
    May 3, 2005
    Posts:
    139
    Location:
    The Emerald Isle
    TopperID, i wonder if you could confirm something for me as you run both Counterspy and Ewido. I have just installed Ewido trial and now after running a registry sweep with counterspy (1.5.82 def ver 295) it is telling me it has found the attached and recommends quarantine...

    iSearch.DesktopSearch
    Type: Spyware

    Description: Removes the users access to use Windows Search and replaces it with C:\WINDOWS\isrvs\desktop.exe.

    Advice: This is a high risk threat and should be removed or quarantined as to prevent harm to your computer or your privacy.


    Registry Keys:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700}

    I have none of the symptoms descibed with the above spyware. I uninstalled ewido, run the cs scan, quarantined the registry entries, reinstalled ewido, run the cs reg scan and low and behold it is back!

    I find it hard to believe ewido is placing malware and i am getting the run around from Sunbelt. Could you confirm whether this occurs on your system?

    By the way i have run NOD32, adaware and ewido and they don't pick up anything. I think it is a false +ve but sunbelt are not giving me much info saying keep the registry keys quarantined...
     
  5. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I certainly don't have this on my system, indeed I don't have an Ext sub-Key at:-

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies

    nor do I have the CLSID {17492023-C23A-453E-A040-C7C580BBF700} at that point in my Registry, though I do have it elsewhere, where it refers to the Windows Genuine Advantage Validation Tool; (An Active X component)

    http://www.microsoft.com/genuine/downloads/faq.aspx

    desktop.exe is potentially malware:-

    http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090748

    It might be worth giving yourself an online scan with KAV (using extended databases) to ensure you do not have it on your system:-

    http://www.kaspersky.com/service?chapter=161739400http://www.kaspersky.com/service?chapter=161739400

    I don't see what that has to do with ewido though, it could be a FP from Counterspy, but ewido wouldn't be putting it on your system.
     
  6. Kielty

    Kielty Registered Member

    Joined:
    May 3, 2005
    Posts:
    139
    Location:
    The Emerald Isle
    I think you have hit the nail on the head it wawsn't ewido at all but the Windows Genuine Advantage Validation Tool. I installed the tool yesterday off the MS update site. This is what placed the ext sub key. I uninstalled and reinstalled the validation tool to check and the ext subkey has reappeared in the registry.

    CS has now updated to def v297 and is not identifying the ext subkey as spyware. Must have been a FP.
     
Thread Status:
Not open for further replies.