What real time protection passes Spycar? not SAS?

So I was curious about whether the realtime protection of SuperAntiSpyware (built into SuperAdBlocker) would pass the Spycar tests. Actually, it did not pass a single test on Spycar.

FWIW- SSM passed every test. And IIRC Spyware Terminator's realtime shield passed most tests.

Has anyone else ran SuperAntiSpyware through Spycar and gotten similar or different results? What real time protections offered by Anti-Spyware programs pass Spycar? Does CounterSpy, A-squared or SpySweeper?

http://spycar.org/Welcome to Spycar.html

 

Because this test , Spycar , is designed to test behaviour blockers , softwares that analyse the behaviour of programs and try to change a few reg keys .

 

SAS's realtime protection is supposed to provide " Registry Protection against Browser Hi-Jackers and other threats."

 

SpyCar is not a threat so of course we wouldn't block it......

 

SpyCar is obviously not harmful, so we don't block it, nor detect it. From the SpyCar home page:

"What is Spycar?
Spycar is a suite of tools designed to mimic spyware-like behavior, but in a benign form. Intelguardians created Spycar so anyone could test the behavior-based defenses of an anti-spyware tool. "

SUPERAntiSpyware is not "behavior based", we detect actual threats. We could provide a definition set to detect SpyCar but we have not done so as we have focused our efforts on actual threats that will infect a user's system.

 

Cyberhawk catches about half the tests and quarantines the files. No changes were actually made to the system in the tests which Cyberhawk did not block, because of Vista's improved protection. Also some of the tests might not be fully 'Vista Certified', yet

 

KAV/KIS Proactive Defense Module can pass them all.

 

Indeed. Noticed that and also passes nearly ALL leaktests i throw at it. Still you have a valuable member of your security inventory in SAS because i don't know of any other AS today that can take down rootkits as it does.

That in and of itself speaks volumes IMO. I remember when working the HijackThis forums at Lavasoft how AAW would identify some malwares but when it came to disabling them completely it would freeze that program up making it virtually useless which is where it still stands today. Hence, the purpose of the HJT section in it's product support forum.

 

IMHO, SAS is mainly an antimalware engine, a quite good one
If you want to label it, it´s a blacklist scanner.

 

I've run my system without any antispyware program resident for more than a year. My system is clean, and I'm not bragging about it.

My question is, all these tests which are supposed to test security programs they ask you to execute first, and invariably my Process Guard prompts me if to allow or not. If I deny that's it end of story, no test.

IMO a real simulated malware attack should be able to execute whether you like it or not, otherwise it is no test at all.

 

heh
NAV/NIS blocked every test.exe before it could be run

Prolly defeats the purpose of the tests if they are just blacklisted by AV