Your Spycar Ran Over My Dogma

Discussion in 'other anti-malware software' started by ronjor, May 10, 2006.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
    Brian Krebs
     
  2. dog

    dog Guest

    ROTF ...
    I wonder why :rolleyes: Maybe one should understand what a program actually does before testing it in this regard.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
    His blog is open for questions and comments. :D
     
  4. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    Ran thru the tests first using SSM and then used Sunbelt's Kerio on one OS and ZA Pro on another with behavior blocking enabled.

    All three allowed no changes at all.

    Those are the only resident "blocking" programs I use, so can't comment on any other resident AS app.

    Regards - Charles
     
  5. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Unfortunately, many people still don't understand the distinction between behavior-based "active" detection products (like SpywareGuard, SpySweeper's "real-time" monitors, etc.) and passive protection approaches like SpywareBlaster.

    On the other hand - if he had used the System Snapshot feature of SpywareBlaster (setting a snapshot when the system was clean and then restoring later), I'm pretty sure he would have been pleased that it detected many of the changes, and offered to repair them (much like Ad-Aware did in the on-demand scan). But my best guess is that he installed SpywareBlaster, enabled it's protection, and waited for it to "alert" to the changes that occured. And, of course, that's not what it does. :cool:

    Best regards,

    -Javacool
     
    Last edited: May 10, 2006
  6. dog

    dog Guest

    That's exactly the way I perceived it too. While his statement was limited, the use of the word "prevent" doesn't really leave any room for any other understanding. To add to that, funny enough that his bracketed comment regarding Ad-Aware indicates he has a grasp of real-time and on demand protection, but he certainly doesn't understand the difference of passive and active protection. What is sad is that the people who wield the power of the media should make such misinformed/erroneous statements ... what a disservice to his readers. Trying to qualify his sumnation with the paragraph below the SB one, is also a joke. He should've simply said ... I don't think these tests are comprehensive enough to make informed judgments ... because the rest of that paragraph questions if he even understands Spycar at all (as it only makes registry changes and tries to modify the hosts file) and for that matter his comprehension of the entire subject because this conclusion is rather off
    ... Yes Brian; this finite test/demostration definitely requires AS vendors to have a constant stream of updates to detect new threats. I wonder how horrified he be to discover things like regedit could be disabled too ... maybe in his next round of testing he can run Scoundrel Simulator and enlight us again. :rolleyes:
    Yes good point JC ... if he had only took the time to understand the test, the products he was using and how they worked ... but alas he didn't. :oops:
     
  7. R. Morris

    R. Morris Registered Member

    Joined:
    Jan 1, 2006
    Posts:
    4
    Brian's handling of the tests is probably no worse than most I've seen.
    To my knowledge he doesn't claim malware guru status and for a user he makes some valid points though he did miss it on SpywareBlaster..
    FWIW, BOClean smoked all the tests.
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    The really interesting result of Krebs article was the response posted by Dr. Gerry at the end:

    I must insist that everyone discover the sad truth behind "Spycar"-- it is this:
    ---------start-------------------
    http://radsoft.net/resources/rants/20060515,00.shtml

    Posted by: Dr. Gerry | May 17, 2006 05:21 PM

    -- Tom
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
    Spycar certainly is turning into a drama.
     
  10. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I never really know what to make of Radsoft. Even if it is true, I find the rants highly unprofessional.
     
  11. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Gentlemen, start your engines... fire up your security apps:

    I'm likely behind the times on this, but I just read about

    http://spycar.org/Welcome to Spycar.html

    in the new PC World mag last night, re testing your security apps.

    ===============================================

    PG was > the only app < that popped up every time, (out of at least 11 security programs that I was running at the time), when I ran the site's tests.

    I suppose then, that the next thing to do, would be to disable PG & try the tests again, & see what happens?

    SG1 (Pat)
     
    Last edited by a moderator: Aug 9, 2006
  12. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Re: Gentlemen, start your engines... fire up your security apps:

    App/Regdefend (GSS 1.110 Tonys config on regdefend) passed all tests.
    Tiny PF 6 also passed all the Regtests but failed the hosts test and all the IE tests. But I suspect I have not configured it right. I have altered the default settings so I guess you cant judge TPF 6 from my testings alone.
     
    Last edited: Aug 9, 2006
  13. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Re: Gentlemen, start your engines... fire up your security apps:

    My Pc-cillin internet security 2006 blocked it all. Passed with flying colors.
     

    Attached Files:

  14. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Re: Gentlemen, start your engines... fire up your security apps:

    .....
     

    Attached Files:

  15. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Re: Gentlemen, start your engines... fire up your security apps:

    GSS 1.110 and ewido anti-spyware 4.0 passed all the tests. ewido alerted first in the majority of the tests.

    Regards, C.
     
  16. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    Re: Gentlemen, start your engines... fire up your security apps:

    big C is that just 2006 that detecs that ? or all versions is it the virus defeintions or spyware? thanks MD
     
  17. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    It is the antispyware in TMIS and the av and a couple of the other modules. I don't know if all versions would block it all or not.
     
    Last edited: Aug 9, 2006
Loading...
Thread Status:
Not open for further replies.