What real time protection passes Spycar? not SAS?

Discussion in 'other security issues & news' started by acr1965, Feb 24, 2007.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    So I was curious about whether the realtime protection of SuperAntiSpyware (built into SuperAdBlocker) would pass the Spycar tests. Actually, it did not pass a single test on Spycar.

    FWIW- SSM passed every test. And IIRC Spyware Terminator's realtime shield passed most tests.

    Has anyone else ran SuperAntiSpyware through Spycar and gotten similar or different results? What real time protections offered by Anti-Spyware programs pass Spycar? Does CounterSpy, A-squared or SpySweeper?

    http://spycar.org/Welcome to Spycar.html
     
  2. ASpace

    ASpace Guest

    Because this test , Spycar , is designed to test behaviour blockers , softwares that analyse the behaviour of programs and try to change a few reg keys .
     
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    SAS's realtime protection is supposed to provide " Registry Protection against Browser Hi-Jackers and other threats."
     
  4. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    SpyCar is not a threat so of course we wouldn't block it......
     
  5. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    SpyCar is obviously not harmful, so we don't block it, nor detect it. From the SpyCar home page:

    "What is Spycar?
    Spycar is a suite of tools designed to mimic spyware-like behavior, but in a benign form. Intelguardians created Spycar so anyone could test the behavior-based defenses of an anti-spyware tool. "


    SUPERAntiSpyware is not "behavior based", we detect actual threats. We could provide a definition set to detect SpyCar but we have not done so as we have focused our efforts on actual threats that will infect a user's system.
     
  6. peterpaulw

    peterpaulw Registered Member

    Joined:
    Feb 24, 2007
    Posts:
    1
    Cyberhawk catches about half the tests and quarantines the files. No changes were actually made to the system in the tests which Cyberhawk did not block, because of Vista's improved protection. Also some of the tests might not be fully 'Vista Certified', yet :cautious:
     
  7. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    KAV/KIS Proactive Defense Module can pass them all. :thumb:
     
  8. EASTER.2010

    EASTER.2010 Guest

    Indeed. Noticed that and also passes nearly ALL leaktests i throw at it. Still you have a valuable member of your security inventory in SAS because i don't know of any other AS today that can take down rootkits as it does.

    That in and of itself speaks volumes IMO. I remember when working the HijackThis forums at Lavasoft how AAW would identify some malwares but when it came to disabling them completely it would freeze that program up making it virtually useless which is where it still stands today. Hence, the purpose of the HJT section in it's product support forum.
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    IMHO, SAS is mainly an antimalware engine, a quite good one ;)
    If you want to label it, it´s a blacklist scanner.
     
    Last edited: Feb 25, 2007
  10. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,215
    I've run my system without any antispyware program resident for more than a year. My system is clean, and I'm not bragging about it.

    My question is, all these tests which are supposed to test security programs they ask you to execute first, and invariably my Process Guard prompts me if to allow or not. If I deny that's it end of story, no test.

    IMO a real simulated malware attack should be able to execute whether you like it or not, otherwise it is no test at all.
     
  11. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    heh
    NAV/NIS blocked every test.exe before it could be run :ninja:

    Prolly defeats the purpose of the tests if they are just blacklisted by AV
     
    Last edited: Feb 25, 2007
Loading...
Thread Status:
Not open for further replies.