[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Re: Microsoft AntiSpyware falling furtherbehind

Valdis Shkesters wrote:

> At first you can take look here http://secunia.com/product/4256/.
> 
> This summer German magazine ComputerBild compared several
> popular antispyware products. Test results are available in the forum
> http://www.rokop-security.de/lofiversion/index.php/t8810.html.
> Scrolling through detailed figures by categories of harmful programs
> can be seen. I warn that the figures may be very unpleasant for fans
> of some products.

...which may simply reflect that they are shite tests, rather than 
anything especially meaningful about the products??

As a rule, "anti-spyware" products fall into one of two camps:

1.  "Never mind the quality, feel the width" -- you can usually pick 
these because their advertising lays heavy stress on the 43 quadrillion 
spyware items they claim to detect.  These products will remove 17 
bazillion entirely harmless items from "normal" systems simply because 
they happended to be string-matches on filename ("of course you don't 
want ANY 'unwise.exe' files on your system!"), reg key/value/etc, and 
so on.

2.  Cluefull.  These will not have the stupid false-positive rates of 
the above, but as a result will not apparently score as well on 
clueless tests of the kind the proponents of the first kind of anti-
spyware product push.

I'd like to say -- stealing something from a colleague -- "welcome to 
antivirus 101" but actually, I think things in the anti-spyware testing 
arena are a lot worse than all but the very, very, very worst ever AV 
tests AND it seems anti-spyware tests will continue to get worse, 
rather than better...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3267092

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/