Spybot's Resident found "pest" in Ewido during update...

Discussion in 'other anti-trojan software' started by ronny, Jun 16, 2004.

Thread Status:
Not open for further replies.
  1. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    With the lastest update of Ewido Security Suite (database version 525) i got the following warning from Spybot S&D resident:

    "17/06/2004 2:15:45 Encountered and terminated FunWebProducts in C:\Program Files\ewido\security suite\Updater.exe.temp! "

    How is it possible that i get a "pest" with an update of this "antipest "security product!?
    Or is this a false positive of S&D?

    I am quite worried now...or is there something wrong with Ewido or Spybot S&D?
     
  2. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    http://www.nwfusion.com/newsletters/web/2003/1208web2.html
    you could always email Ewido Security and ask if their free version has such .Thats one way to illiminate your guesses ( They are more anti trojan I think) . Where as spybot search n destroy is anti spyware so its natural for it to pick up and sort such out and I would really doubt that such would come from there (spybot), in fact it wouldnt. Its not unheard of for some well known security software developers to "allow" certain spyware onto their clients systems as this has happened to another anti trojan co that I am aware of .
     
  3. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Thanks Solarpowered Candle, of course i immediately emailed Ewido . I have good experiences with their support, so i guess they won't let me down this time either.

    When i 10' later updated Ewido Security suite on my 2nd pc, i didn't get a warning from Spybot S&D's Resident during the update on that one.
    So now i am baffled :eek:
     
  4. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    It's a false positive from Spybot - they have been already informed MONTHS ago and it's still not fixed ;( But this one clearly shows how weak Spybot S&D is programmed... Their "resident" scans the list of running processes every X seconds (that's btw. the reason why it didn't show up on the other pc - the update went simply too fast :)) and looks for process NAMES instead for fingerprints etc.

    So they cry at EVERY app that uses certain filenames (which are also used in spyware)... I'm wondering what they'll do if a spyware is called explorer.exe or something like that... Simply not add it? o_O :)
     
  5. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Thats pretty sad if they dont respond even though there may have been updates since your notification. they make loud and clear when others dont get in line.
     
  6. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Am i glad :) , The Ewido Security Suite support ALREADY mailed me to let me know that this is a false positive:
    ..."if an other security app detect a kind of malware in the ewido
    installation folder or an ewido file is shown as infected, it is a false
    positive."

    Great Support!

    @Fish25: if this is true (and i have a feeling i better believe you), thanks for the information, it is very useful & interesting.
     
    Last edited: Jun 17, 2004
  7. TiddlyWinks

    TiddlyWinks Guest

    fish25 it seems to me that you're just as much at fault for having a plaintext sig in your program for Spybot to alarm on in the first place
     
  8. Archeron

    Archeron Guest

    A more serious issue might be why is Resident able to terminate ewido if ewido is supposedly protected by Process Guard?
     
  9. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    what do we have? we have our updater (called updater.exe)... once it's being run it copies itself to updater.exe.temp in order to be able to update itself... where's the problem? it's a common practise...
     
  10. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    I think because only SecuritySuite.exe is protected, not updater.exe(.temp)... But the Spybot resident even fails to terminate updater.exe.temp because Spybot is too slow and the update finishes to fast... so it's just a cosmetical issue... and will be "fixed" soon :)
     
  11. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Yesterday i got the same "false" positive with Spybot S&D's resident on 1 of my pc's, but this time when i installed Sun JavaSDK1.4.2_04+Netbeans. o_O
    So i think indeed it is a Spybot resident problem...
     
  12. controler

    controler Guest

    HELLO?


    Not to start a famling war here butexcuse me!!!!!!!!!!

    All security software HAS false possitives period.
    I challange you Spybot bashers to list one that does not.
    If Spybot wasn't a good program, it sure would not be accepted and respected world-wide. Not bad for free huh? I for one am proud to have been part of the early development of Spybot along with many other security programs.
    Any tiny bit we do to hinder the bad guys is always good with me.
    Be constructive not destructive.


    controler
     
  13. Justhelping

    Justhelping Guest

    What bashers?
     
  14. controler

    controler Guest

    read Fish25's posts..

    ;)
     
  15. justhelping

    justhelping Guest

    If the details are factual, I don't see them as bashing, just useful information
     
Thread Status:
Not open for further replies.