[Full-disclosure] Re: Microsoft AntiSpyware falling further behind

From: Valdis Shkesters (valdis_at_antivirus.lv)
Date: 10/28/05

  • Next message: auto445789_at_hushmail.com: "RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48" 
    To: <focus-virus@securityfocus.com>, <full-disclosure@lists.grok.org.uk>
Date: Fri, 28 Oct 2005 16:10:36 +0300

    Hi,

    Maybe better to call the things their names and not to create havoc?
    Let's there be adware, Trojan horses, backdoors, viruses, etc.
    Hullabaloo with so called spyware has brought us up to such a state,
    that on September 29th PC World wrote "While adware can be a major
    annoyance, spyware can be very dangerous, so we focused on the latter type
    of threat."
    (http://www.pcworld.com/reviews/article/0,aid,122496,pg,1,00.asp). Who
    can tell where exactly spyware begins and where ends?

    Maybe antivirus products should detect all dangerous and potentially
    dangerous programs, leaving the choice which objects to exclude from
    scanning to users?

    Anti-spyware by definition are products which protect users against
    something undefined. And the results are to be seen. This is the report from
    infected computer, scanned Kaspersky Anti-Virus:

    Trojan.Win32.Qhost.dg
    Backdoor.Win32.Rbot.gen
    Net-Worm.Win32.Mytob.an
    Net-Worm.Win32.Mytob.gen
    Backdoor.Win32.Wootbot.gen
    Trojan-Downloader.BAT.Ftp.ab
    Backdoor.Win32.Codbot.as
    AdWare.Sahat.ao
    AdWare.Cydoor.a
    AdWare.WinAD.aw

    Only actively dangerous programs are listed. The computer was "protected" by
    Spybot - Search & Destroy and Microsoft AntiSpyware. As I summarize reports
    on infected computers every month, there are many such an examples saved up.

    Best regards,

    Valdis

    ----- Original Message -----
    From: "Quark IT - Hilton Travis" <Hilton@quarkit.com.au>
    To: <focus-virus@securityfocus.com>
    Sent: Friday, October 21, 2005 11:50 PM
    Subject: Microsoft AntiSpyware falling further behind

    Hi All,

    It seems that not only does Microsoft AntiSpyware recommend that
    Claria's spyware is ignored, but it also misses a significant amount of
    cookies that are placed on a system - I have a VPC environment where I
    browse the Internet so that anywhere I go won't affect my regular
    Windows session/installation. Regularly CounterSpy is detecting cookies
    (such as ***.ad.yieldmanager, CGI-Bin, ***.AssassinTrojan2.0 and Zedo
    (from yesterday's browsing)) that Microsoft AntiSpyware simply does not
    know about.

    Now, this is not only disappointing, but potentially dangerous. Any
    customer or end user running Microsoft AntiSpyware or CounterSpy is not
    being protected from these cookies, and MSAS doesn't even detect them -
    that's right, neither program's active monitoring is stopping the
    installation of these cookies, but at least CounterSpy is detecting them
    post-installation.

    AntiSpyware is far, far from the accuracy of antivirus, especially
    something like NOD32. I wonder how long it will be before a decent
    AntiSpyware application is released that, like NOD32 does with viruses,
    actually stops spyware *before* it is installed? 

    --
Regards,
Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark Group                   http://quarkgroup.com.au/
Microsoft Small Business Specialists
http://www.threatcode.com/ <-- its now time to shame poor coders
into writing code that is acceptable for use on today's networks
War doesn't determine who is right.  War determines who is left.
This document and any attachments are for the intended recipient
  only.  It may contain confidential, privileged or copyright
     material which must not be disclosed or distributed. 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
  • Next message: auto445789_at_hushmail.com: "RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48"
    • Quantcast