Re: Spyware is only a marketing gimmick?

From: Galen (galennews_at_gmail.com)
Date: 07/27/05 

Date: Wed, 27 Jul 2005 15:29:19 -0400

In news:OzdVvGtkFHA.2444@tk2msftngp13.phx.gbl,
Matt Gibson <mattg@blueedgetech.ca> had this to say:

 I'm going to snip this time... <g>

(For those keeping up, caring, reading etc. The short version is we
basically agree that AS applications seem to be required at this point but
that they should be covered by current AV or other applications already in
place.)

> Exactly. This CAN be done, but currently isn't. Personally, I don't
> see how this is just a marketing gimmick. Your operating system
> should be able to resize partitions on the fly, AND include a fully
> functional bi-directional firewall. Do they? No. Is the fact that
> you can purchase those products seperately a marketing gimmick? No.
>
> Matt Gibson - GSEC

There we go... Got it down to size. *chuckles* Like we'd disagree on
something as basic as the reality of the threats?

Seems we agreed on everything for the most part so, for those people
following the conversation they can click the messages above. Again I'm not
certain that I agree that it's not often being used as a marketing gimmick.
Basically I think that a large number of AS vendors are capitalizing on the
name, media hype, and mass hysteria and that seems to be the point of the
article. To deny that spyware is a threat is simply garbage so don't (not
even for a moment) think I'm headed that way.

With KAV you can opt to add the additional definitions to cover various
other problems and the applications definitions already cover a large amount
of spyware. He seems to have a great deal more faith in his product than I
do but I have yet to really give it a go against spyware applications. I
think I'll try downloading and installing some spyware on a test box with
KAV loaded just so I can see what happens.

I think that (and I'm only going by the impressions I got) he's claiming
that KAV is adequate protection from spyware, as it is from trojans,
risk-ware, adware, and various other types of malware. He's going further
than that by saying that a separate application to prevent and remove
spyware is not needed. (I tend to think that's a rather large leap of faith
but I can see where it's justified if it's true.) I think a good quote from
the site would be this:

"To cut a long story short, the term "spyware" is basically a marketing
gimmick: just to separate new ersatz-security products from traditional
ones, just to push almost zero-value products to the security market."

For the most part I agree with much of that statement except the reference
that AS apps are zero-value. While his specific product may actually cover a
vast number of non-traditional malware threats not all do and even though
his claims to I personally don't trust it entirely at this point. He did
point out an interesting article that it seems I have not read. According to
him, according to it, traditional AV applications did a better job at
cleaning the infestations. To have stated that they were zero-value is
entirely false in my opinion as today's products tend to not be viable as
defense from the various spyware threats in my experience.

He is, to me, saying something similar to this: "Seeing as networks are
actually good at shoveling packets the levels of authentication should be
set there rather than at the server which really isn't so good at shoveling
packets and if you're going to prevent intrusion or use varied access rights
it's better to do so before they're actually at the door itself." Great in
idea, do-able with today's technology, but not really practical for most
people at this point in time. (That's as close an analogy as I'm able to
make at this point.)

The statement that it's only a marketing gimmick rings fairly true to me. I
also don't subscribe to the hype of needing an application to tell me I have
tracking cookies and deleting them for me. I can take care of that, and do,
already without any problems using an application I have already installed.
As an idyllic view his statement(s) seem basically true and the flood of AS
products to the market shows that media hype has indeed affected this. Even
though spyware, if not by name, has been around by ages it is only recently
that John Q. Public has been made aware of the threats and come to their
senses about their expectations of privacy and security.

Anyhow, I'm not trying to change your mind - I'm only trying to give what I
think are the points of the article. I suppose it sounds like I'm defending
KAV but I hope that's not true. I hope that I'm defending an ideal in that
traditional applications seem to have the capability to defend against these
threats. I know that I've not seen a single study (not even the one he
cited) that makes me feel comfortable using only KAV for my real time
protection. I have, over the ages, generally dropped using an AT along side
KAV but at this point I'm still using MSAS in real-time protection mode.

I have taken a trip or two to the dark side of the 'net in hopes of seeing
what would happen. KAV did a fairly decent job at stopping drive-by
downloads of dubious benefit and I managed to escape clean. It never gave
MSAS the chance to intervene. What I have not yet tried is downloading
something, say Kazaa or another known spyware application, and installing it
on a test box to see if it even allows me to install it. I do know that it
did eat DAP for no reason as far as I'm concerned. It simply would not allow
it to run though it did allow it to install. In fact it ate the executable
and told me it was adware. I was not impressed by that but I suppose it was
doing it's job and I was the one who opted to use the additional definitions
which cover adware, riskware, hack tools, and some other things. (It doesn't
like l0pht very much either. It claimed it was a hack-tool, I suppose it is,
and promptly ate it.)

So while I'm inclined to believe that some traditional offerings are capable
of keeping spyware from your PC (assuming the authors are keeping up with
spyware definition files) and I tend to think that the marketing hype is
driving the number of offerings that keep showing up I also tend to be a
realist and still use a second AS application and probably will for quite
some time to come. Or I will until I've had the time/inclination to actually
sit down and test it to see how well it performs here.

Galen 

-- 
"But there are always some lunatics about. It would be a dull world
without them."
Sherlock Holmes

Relevant Pages

  • Re: Malware Triangle
    ... > primary Internet threats, such as viruses, spam, and spyware, and then I ... > realized that the other threats were just blended characteristics of those ... then there's this supposed relationship between spyware and adware, ... RAT's are not closely related to either viruses or spyware - the ...
    (alt.computer.security)
  • Re: CastleCops ramps up fight against CoolWebSearch/HomeSearch
    ... Microsoft has a research team that seeks out new spyware threats for the ... Microsoft has enormous resources to find new threats and they additionally ... rely on their Spynet community and their new technology codenamed Strider ...
    (Bugtraq)
  • Re: ****** What SP2 does not solve ******
    ... > already had solutions for such as viruses and Trojans. ... > months we had anew security patch from Microsoft and other Windows ... > current and most lethal security threats we face namely Spyware:(. ...
    (microsoft.public.windowsxp.general)
  • Re: How come?????
    ... Spyware detection varies from vendor to vendor. ... some consider threats aren't by other products. ... If you tighten up your Security and avoid arbitrary downloads and avoid ...
    (microsoft.public.windowsxp.general)