 Anti-Spyware Tests, Guide, Round 1, Eric Howes shows us how they work |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post. - BleepingComputer Management |
  |
 Oct 3 2004, 04:59 PM
Post
#1
|
|
 Countermeasures Team Leader  Group: HJT Team Posts: 214 Joined: 15-August 04 From: PHX., AZ. Member No.: 2,067  |
QUOTE Hi All: This weekend I completed the first of several rounds of tests with anti-spyware scanners. In this first round I tested 10 of the better known anti-spyware scanners. Before jumping to the results, please look over the "Test Guide" page here: http://spywarewarrior.com/asw-test-guide.htm In particular, please pay attention to the several important disclaimers on that page. You can find a link to the test results for Round 1 on that "guide" page. I hope to have the second round of tests with 10 other anti-spyware scanners done in the next few days. Round 2 results will be reported on a new page, and a link provided when that page is available. Questions, comments, and corrections are, of course, always welcome. Best regards, Eric L. Howes Great service he does for us all isn't it? 
--------------------  Calendar of Updates Malware Advisor Blog HijackThis! Trusted Advisor Ultimate Countermeasures Page TeMerc Internet Countermeasures Remember, you can NEVER be OVERPROTECTED!!! Proud Member of the Alliance of Security Analysis Professionals  |
 |
 
|
|
Oct 3 2004, 05:10 PM
Post
#2
|
|
 Bleep Bleep! Group: Admin Posts: 29,367 Joined: 24-January 04 From: USA Member No.: 3 |
Excellent info...as always Eric's work is invaluable.
-------------------- Lawrence
|
|
|
|
|
Oct 4 2004, 12:38 PM
Post
#3
|
|
|
Countermeasures Team Leader Group: HJT Team Posts: 214 Joined: 15-August 04 From: PHX., AZ. Member No.: 2,067 |
Round 2 of test posted:
QUOTE Hi All:
I just posted the second round of test results, which includes a number of tests with lesser known anti-spyware applications. http://spywarewarrior.com/asw-test-results-2.htm If you haven't already done so, please do review the Test Guide and the disclaimers on that page: http://spywarewarrior.com/asw-test-guide.htm Best, Eric L. Howes -------------------- Calendar of Updates Malware Advisor Blog HijackThis! Trusted Advisor Ultimate Countermeasures Page TeMerc Internet Countermeasures Remember, you can NEVER be OVERPROTECTED!!! Proud Member of the Alliance of Security Analysis Professionals |
|
|
|
|
Oct 4 2004, 02:19 PM
Post
#4
|
|
 Distinguished Member Group: Members Posts: 634 Joined: 15-August 04 From: Albuquerque, New Mexico Member No.: 2,065 |
 Do you have any experience with SpySubtract? It was recommended on the Hewlett-Packard site, and I have a Hewlett-Packard. I ran into problems with Spyware Search and Destroy...I lost most everything and had to use Application Recovery. I've been laboring for a week trying to get the right downloads before I do SP2. Anyway, SpySubtract caught things that Spyware Search and Destroy didn't. I deleted SSD. The problem was that my computer wouldn't reboot...and it seemed to have something to do with that rundll. I'm not knowledgeable about the technical end of things...so, I hope this makes sense to you.
|
|
|
|
|
Oct 4 2004, 02:22 PM
Post
#5
|
|
 Feed me some spyware!  Group: Banned Posts: 4,557 Joined: 18-July 04 From: USA Ware Shoals SC Member No.: 1,500 |
I do its a great program! I use it and it works great! I would recomend and do on my site!
|
|
|
|
|
Oct 9 2004, 05:32 PM
Post
#6
|
|
|
Countermeasures Team Leader Group: HJT Team Posts: 214 Joined: 15-August 04 From: PHX., AZ. Member No.: 2,067 |
NEW ROUND OF TESTING:
QUOTE Hi All:
Over the past 2 days I've performed yet another round of tests with 20 anti-spyware scanners, this time using a new collection of spyware and adware picked up from my favorite "test" site, "Innovators of Wrestling" (iowrestling.com). As before, I identified a core set of "critical" detections and monitored how throughly each anti-spyware scanner removed the "critical" detections. You can find a list of those detections on the Guide page here: http://spywarewarrior.com/asw-test-guide.htm#detections2 The results of this new round of tests can be found on these two pages: http://spywarewarrior.com/asw-test-results-3.htm http://spywarewarrior.com/asw-test-results-4.htm As I requested before, please have a look at the Guide page before proceeding to the results pages. The Guide page has been revised to account for these new tests. As always, the "Disclaimers" section on the Guide page is "must read": http://spywarewarrior.com/asw-test-guide.htm#disclaimers One aspect of these latest tests worth noting: the collection of spyware and adware used for this round of tests included some especially nasty software that proved difficult, if not next to impossible to remove for the anti-spyware scanners. In particular, the key processes for the following adware/spyware was not killable at all: IBIS Toolbar/Websearch IBIS Toolbar/WinTools The executables were simply too well protected in memory. Even the DiamondCS process tools APM and APT could not remove those processes and modules from memory. The standard procedure that anti-spyware scanners use in this situation is to remove the files on reboot by configuring the scanners to run through the HKLM\...\RunOnce key. Not a single anti-spyware scanner succeeded in doing that, however, because one of the above processes -- or perhaps it was the VX2 3dsdpi.dll module that was attached to the Winlogon process, a core Windows system process -- blocked changes to the RunOnce key. Still worse, the files mentioned above could not even be removed in Safe Mode. This all is a potentially huge problem. The only way I succeeded in removing those files was to boot to a command line using SysInternals' ERD Commander 2000. A bootable CD could be used to achieve the same result. Finally, before anyone asks, let me indicate right now that I am not going to put together a table summarizing the combined results of both rounds of tests. Were I to do so, that table would immediately be taken as a definitive ranking of the products tested, and that kind of ranking is simply not warranted solely on the basis of these two rounds of tests. Moreover, I know that once that table appeared, people would link only to the table, and the rest of the critical information and context regarding these tests would get lost in the rush to judgment. In any case, questions, comments, and suggestions are always welcome. Best, Eric L. Howes -------------------- Calendar of Updates Malware Advisor Blog HijackThis! Trusted Advisor Ultimate Countermeasures Page TeMerc Internet Countermeasures Remember, you can NEVER be OVERPROTECTED!!! Proud Member of the Alliance of Security Analysis Professionals |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 22nd November 2008 - 07:55 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.