Perhaps a bit overly sensitive?

Well, install and first scan went fine. No issues other than what I would
consider "false positives." First, it picked up on RealVNC, which is hardly
a spyware app. Then, it spotted WinPcap. Sure, I guess both of these could
be used by someone maliciously if they were installed on a system already
compromised, but then again so can Internet Explorer itself.

Perhaps toning down the "sensitivity" and reducing the false positives would
be a nice step. I can imagine some novice and intermediate users removing
everything that is found and then wondering why so many of their apps don't
work.

--
"Hurricane" Andrew
Milford, DE

> "Hurricane Andrew" <hurricane_andrew@verizon_nospam.net> wrote in message
> news:%23M5JHbA9EHA.1648@CPMSFTNGSA04.privatenews.microsoft.com...
>
> Well, install and first scan went fine. No issues other than what I would
> consider "false positives." First, it picked up on RealVNC, which is hardly a
> spyware app. Then, it spotted WinPcap. Sure, I guess both of these could be
> used by someone maliciously if they were installed on a system already
> compromised, but then again so can Internet Explorer itself.
>
> Perhaps toning down the "sensitivity" and reducing the false positives would be
> a nice step. I can imagine some novice and intermediate users removing
> everything that is found and then wondering why so many of their apps don't
> work.



The VNC server has in the past been installed by the action of viruses, and
would unlikely be used be a 'home' user.

Those who are advanced enough to have installed it themselves are more than
capable of ignoring the possible threat. Those who are unaware that it
could be a threat would be glad to have it removed.


--
AZC
MVP

"Hurricane Andrew" <hurricane_andrew@verizon_nospam.net> wrote in message
news:%23M5JHbA9EHA.1648@CPMSFTNGSA04.privatenews.microsoft.com...
> Well, install and first scan went fine. No issues other than what I would
> consider "false positives." First, it picked up on RealVNC, which is
> hardly a spyware app. Then, it spotted WinPcap. Sure, I guess both of
> these could be used by someone maliciously if they were installed on a
> system already compromised, but then again so can Internet Explorer
> itself.
>
> Perhaps toning down the "sensitivity" and reducing the false positives
> would be a nice step. I can imagine some novice and intermediate users
> removing everything that is found and then wondering why so many of their
> apps don't work.
>

I'd rather it picked up RealVNC, as it did on my test pc. There could be
other similar remote-access tools installed on my users' PCs I wasn't aware
of.

ISTR other anti-spyware software picking up on RealVNC as well.

Andy

"Andrew Z Carpenter" <azc@cirencester.ac.uk> wrote in message
news:%23I4nngA9EHA.1172@CPMSFTNGSA04.privatenews.microsoft.com...
>
> The VNC server has in the past been installed by the action of viruses,
> and
> would unlikely be used be a 'home' user.
>
> Those who are advanced enough to have installed it themselves are more
> than
> capable of ignoring the possible threat. Those who are unaware that it
> could be a threat would be glad to have it removed.
>
>
> --
> AZC
> MVP

That does make some sense, but Symantec lists only 1 virus that tires to
install the vnchooks.dll, and 1 other that uses VNC (along with telnet, open
network shares, etc. to spread). I have to conceed it is possible for
RealVNC to be a security issue, but on my work PC, I only have the viewer
installed, not the server component. The viewer component is hardly the
security threat that the server portion *could* be. It also picked up all
the related VNC documentation, simply because it was in the folder with
RealVNC in the title.

My main point was simply that you can't go flagging legitimate programs
because they *could* be a security threat. If that were the case, then many
legitimate apps would be flagged on a regular basis. IE *could* be a
security threat. So could Adobe Reader. So could some versions of WinAmp,
Windows Media Player, Quicktime, etc.

If antispyware apps do their job, and spot adware, spyware, keyloggers,
dialers, etc. on a user's PC, then any threat posed by a legitimate app
would be neutralized, and there would be no concern over it. Even in the
descption for the threat posed by RealVNC and WinPCap it says that it's a
threat only IF there are other programs on the PC that could take advantage
of it.

Further, with the rapid growth in home networking, don't be surprised if VNC
becomes more and more common for home users. I certianly use it in my home
network. Then again, would I have done so if I hadn't first run accross it
at work? Who knows...

--
"Hurricane" Andrew
Milford, DE

Hurricane Andrew wrote:

> Well, install and first scan went fine. No issues other than what I would
> consider "false positives." First, it picked up on RealVNC, which is hardly
> a spyware app. Then, it spotted WinPcap. Sure, I guess both of these could
> be used by someone maliciously if they were installed on a system already
> compromised, but then again so can Internet Explorer itself.
>
> Perhaps toning down the "sensitivity" and reducing the false positives would
> be a nice step. I can imagine some novice and intermediate users removing
> everything that is found and then wondering why so many of their apps don't
> work.
>

Yes, WinPcap and TightVNC were detected here, too, but if you check the
details on the detections it pretty clearly explains why and in my case
the default action was to ignore them both.

Steve

How software is flagged is discussed in our KnowledgeBase at:
http://support.microsoft.com/kb/892340

It is also discussed at www.spynet.com/info_spywarecriteria.aspx

Best,
Jeff Williams
MCT, CISSP, IAM
PSS Security
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Do not reply to this email address as it is used solely for newsgroup
postings.
"Hurricane Andrew" <hurricane_andrew@verizon_nospam.net> wrote in message
news:%23M5JHbA9EHA.1648@CPMSFTNGSA04.privatenews.microsoft.com...
> Well, install and first scan went fine. No issues other than what I would
> consider "false positives." First, it picked up on RealVNC, which is
> hardly a spyware app. Then, it spotted WinPcap. Sure, I guess both of
> these could be used by someone maliciously if they were installed on a
> system already compromised, but then again so can Internet Explorer
> itself.
>
> Perhaps toning down the "sensitivity" and reducing the false positives
> would be a nice step. I can imagine some novice and intermediate users
> removing everything that is found and then wondering why so many of their
> apps don't work.
>
> --
> "Hurricane" Andrew
> Milford, DE
>