SAS Fail

Very surprised that SAS_161A 'portable' failed to remove the rogue 'System Restore', I ran the SAS portable from a thumb drive, on the sick machine. System restore was active while SAS ran, SAS completed it's full scan & reported zero bad items found.

To remove the threat(s), I ran rkill, then used HitManPro to clean up the system.

Any ideas why SAS portable failed?

Rico

 

... because it's useless

 

Agreed

 

People still use it?

Wonder why?

 

SAS detects and still can't remove it?

 

Wow! Seems rather harsh, it's worked in the past. Perhaps we can get a better eval. as to why the fail.

Rico

 

Well don't say it's useless just less capable at the moment

 

Hi,


I wouldn't make such a broad statement like that. I'd rather say the product has very, very low detection rates when compared to other products that are intended to work in a similar way such as Malwarebytes Anti-Malware to name a few.

The MRG flash test results reveal that it has caught something.

---http://malwareresearchgroup.com/malware-tests/flash-test-results/ ---

Although, it's just only a 25% compared to MBAM which has caught about 94%.

There is room for improvement though, and I hope they work to make their product better. Version 5 is better than version 4 but there is still a long way to go.

I know MBAM has a dedicated “army” of users that dedicate most of their time surfing at sites like MDL, malc0de, et al. looking for threats and submitting them to MBAM authors so they can add them to MBAM definitions. I used to do that for them in the past but it's time consuming.

Maybe SAS authors can try something similar or make some improvements to the heuristics so they can improve detections.



Carlos

 

why do people feel the need to diss SAS recently?
SAS is a good product but no product will detect everything.
I have used SAS on plenty of systems and in the real world it does a good job.

 

One reason people post negatively about SAS is the lengthy track record of low, real time detection of malware. Another reason is the SAS developer (or former developer) is not well liked on many forums. That's not just here at Wilders but across the www.

 

[I have used SAS on plenty of systems and in the real world it does a good job.]

I have high confidence in Lodore's results and opinions.

I have used both SAS and MBAM from their beginnings, and have lifetime licenses for both. Although I do not run SAS full time I do scan from time to time. It never finds anything of significance.

I do run MBAM real time, and it has blocked at least two attempts by malware to penetrate my system. It also never finds anything on scans, but I had rather prevent than find and remove malware that has penetrated my system. I did use it once to cean a system of a friend who, though using Norton, was infected by a rogue that would not let him download anything from the internet. A Quick Scan by MBAM took care of the problem.Since MBAM did the job I did not try or need SAS
Norton neither found nor would remove the rogue.

I would not want to be without either MBAM or SAS.

Jerry

 

That's an interesting comment - we have had over 40 million downloads and remove millions of threats yearly. No product can catch everything every day - that's why multiple products are needed, and exist in the marketplace. We may not top random tests but we certainly remove malware other products miss or we wouldn't exist and be downloaded tens of thousands of times daily

As for my reputation - I don't simply "bow down" to people that attack me or my products - just as you have the right to have your opinion I have the right to educate users and viewers. I am a respected developer in the security sector - and I am not afraid of standing up for myself - people often don't like to hear the truth and that can be unpopular on forums.

You make blanket statements and judgements that just aren't reality - I won't just let those stand as "facts" and I know that has bothered you for years in this forum alone.

 

IMHO SAS didn't fail.How a product can "fail to remove the rogue" when doesn't detect it on the first place?And this is applying to any antimalware product.If MBAM,Avira,Avast,Kaspersky,Norton,Eset,your AV etc wouldn't detect the rogue and wouldn't remove it,does this mean they failed?
I think this thread is useless and should be called "SAS didn't detect a rogue".Nothing more.Big deal...

 

good fightback Nick... I believe there's more than enough room for improvement of sas....and hope you'll take out all the good from sas's and your criticisms and channel it to the development...the only prob is that sas is a slowpoke in the race for the top notch antimalware antispyware title.....

 

that is the main problem and the fact its doin horrible in mrg tests

 

The issue with SAS is the simply the fact that its real time protection does not protect that very well, even when detecting malware. That's the real "sadness" in all of this.

Nick, you may say that SAS does remove threats that others will probably miss, and I don't say the contrary, but as long as you keep believing that makes SAS a great security application, and don't actually admit the fact that SAS real time protection engine has issues, you'll never be willing to solve them.

And, in all honesty, I don't really think you care that much about SAS either. I don't know when, but maybe more than half a year ago, I told you I'd be willing to help translate SAS. You told me you were going to send me the needed stuff, and you never did it. Back then, at SAS forums, some other people also offered to translate SAS, and you never said anything back either.

For example, I found this thread, from June, where some user offers to translate/offer a better translation to Portuguese, and no reply -http://forums.superantispyware.com/index.php?/topic/4869-translating-to-portuguese-portugal/

Sorry for this little deviation from the topic itself, but just trying to create a context. The context being that, I truly believe you actually don't care that much about SAS. Otherwise, you'd fight for it, to become better, for its real time protection to protect better.

If people join all the spread crumbs that SAS leaves behind, they'll find the bread was/is actually full of mould.

 

Is that the latest version of SAS Portable? I just downloaded it and the executable is named SAS_6864.com. Obviously it's necessary to use the latest version since it includes the sig database. That said this hardly constitutes a "test". When I cleanup badly infected systems no one product is sufficient - it's not uncommon for every one of them to miss something the others find. I usually run MBAM, Hitman Pro, SAS and TDSSkiller before I feel confident the system is clean.

 

Again, the bottom line is no single solution can catch everything - so yes, we will miss some things in real-time, but we will also catch others that other products will miss - so, again, that's why you MUST have multiple layers of security. So, having "issues" isn't really valid - we catch things, we miss things, that means every single product, i.e. MBAM, SUPERAntiSpyware, Nod32, etc. etc. all have "issues" by your statement.

All people translating are contacted directly, not via the forum - and when you offered, I asked you to send me a personal e-mail so I can send the material to you - we have people offering all the time that never complete the translation, FYI - we can't chase down everyone and beg them to complete the work. If you are still interested, let me know what language and I'll let you know if we need that translated at this time.

You may not realize how many people we are in contact with and that contact us - we try and communicate with everyone - I am sorry your feelings were hurt because we didn't connect on the translation - hardly a reason "not to like" a product. Again, if you would like to do the work, I am happy to have you do it!

Your comments also seem to indicate you don't really understand the security landscape - no single product can catch everything, all products will leave "bread crumbs" behind - that's the reality!

As for your statement about me not caring about SUPERAntiSpyware - I have been working on SUPERAntiSpyware technology and definitions day and night for almost 8 years - so your statement is both insulting and inaccurate. We improve SUPERAntiSpyware every day and will continue to do so!

 

Wow this is a dumb thread. Since when is a product missing one sample news, or require it's own topic? All products miss something sooner or later. If someone wants to do a test of 100, 1000, or 1000000 samples, it may be worthy of discussion.

 

Well said.

 

yeah totally..

 

Yes, indeed. Every application has issues. The difference lies on the software developer/company actually not finding excuses for the failure.

Example: Just because software A fails miserably at performing X task, doesn't mean that developer of software B should have that as an excuse, if their software acts the same way.

You can't justify your software having issues, because others have to. You need to fix yours, and they need to fix theirs. You can't have the others failure as an excuse. You seem to believe you can. That's up to you. There's nothing I can do about that.

Actually, you sent me a PM telling me you were going to send me the files needed to be translated. You never asked me for any email. Then, some time later, you said that you wanted to release version 5, and then you would send me the files. You never sent them. I imagined you were going to send them via PM. You never asked me for any e-mail address.

Other software developers, and some that come in this forum, have actually provided me with a contact where I could send them an e-mail about translations, and all that. You never did. Who knows why. But, that's another topic, and I'm done with it.

And, no, I made an offer more than half a year ago. You never said anything back, during all this time. The offer is gone, I'm afraid. I'm in the process of translating other software, so I won't stop doing that for SAS.

Where have I mentioned that I dislike SAS or that I dislike SAS because I wasn't given the files to translate? lol Anyway, that's another topic...

You forgot the mould.

Well, then stop making third-party security software as being an excuse for SAS failures. Improve it. Accept that your software, as any other software, has issues and that they must be solved.

What's really annoying everytime someone brings a test, etc that SAS fails, pretty much everytime, is that you keep saying the same thing all over again, instead of admitting that SAS real time protection engine may have issues that need to be solved, and find out what needs to be solved.

Having the same excuse all the time, just doesn't cut it anymore. It's my opinion. You have yours, and I respect that.

I'm done with SAS topics, because SAS related topics are nothing but a loop.

 

^^^ Clearly you don't understand security software or the security landscape.

We will continue to develop and improve SUPERAntiSpyware every day to protect our millions of users and will continue to do so!

 

Hi Nick & all the rest,

Well I'm not the most sophisticated antimalware fighter, but I've cleaned a few systems.

1. I like SAS portable as it's easy to get it running, & often times SAS portable gives me some control over the OS

2. The rogue mentioned in post #1, was not in SAS definitions? Why? I believe this is not a new Rogue.

Rico

 

Say what you want, there are facts that cause negativity. Facts include you still advertising and selling an abandoned product in SuperAdBlocker. You continually make statements that the product will be upgraded but those statements have continued for years. I agree that you must be well respected as an anti-malware developer. Otherwise I doubt this web site would continue to allow your name in orange letters as an expert. There have been other developers that sold abandoned products and have been removed from this site. But for whatever reason you remain with your credentials. I doubt people would have a horrible fit if you were honest every once in a while even if you had bad news. IMO what upsets people is that your credibility is questioned because you continue to break promises by making the same old statements you have made for years without substance. So make whatever claim you want today, tomorrow and into the future. I doubt many people believe what you have to say.