Lavasoft Ad-aware Authenticity Check

[Zo]

Lavasoft Ad-aware Authenticity Check
Add-on for Ad-aware SE
Version: BETA 2
Released: Apr 21 2006
http://www.lavasoftsupport.com/index.php?showtopic=73

Screenshot at http://www.dozleng.com/updates/calendar25510

This is info was found in the "news.grc.latestversions" newsgroup

--
Zo

On Adjusting to Change:
A bend in the road is not the end of the road ... unless you fail to
make the turn.

 

[Chakolate]

Lavasoft Ad-aware Authenticity Check
Add-on for Ad-aware SE
Version: BETA 2
Released: Apr 21 2006
http://www.lavasoftsupport.com/index.php?showtopic=73

Screenshot at http://www.dozleng.com/updates/calendar25510

This is info was found in the "news.grc.latestversions" newsgroup

Has there been a problem with false/fake definition files? I'm curious
as to why LavaSoft felt this was a necessary step.

Chak

 

[FYIS.org]

In Chakolate typed:

Has there been a problem with false/fake definition files? I'm
curious as to why LavaSoft felt this was a necessary step.

Then read the Lavasoftsupport commentary at the link above.

DanlK, FYI Services Collectibles
www.FYIS.org

 

[Susan Bugher]

In Chakolate typed:

Then read the Lavasoftsupport commentary at the link above.

re earlier problems - yup, there have been some - in 2002 I saved this
info:

<q>
http://www.spywareinfo.com/issues/index.html

There is a software media player being distributed which searches for
and removes Adaware if it is installed. Radlight media player has been
tested by several testers and by the Adaware developer himself.
Radlight, which bundles with the spyware application "Savenow" and with
New.Net software, makes repeated searches for the installation of
Adaware and removes it if found.
</q>

Susan
--
Posted to alt.comp.freeware
Search alt.comp.freeware (or read it online):
http://www.google.com/advanced_group_search?q=+group:alt.comp.freeware
Pricelessware & ACF: http://www.pricelesswarehome.org
Pricelessware: http://www.pricelessware.org (not maintained)

 

[Aaron]

In Chakolate typed:

Then read the Lavasoftsupport commentary at the link above.

The real problem is described here.

*******************************
Ad-Aware is anti-spyware program from Lavasoft. Running
it gives you a false sense of safeness. There can be done numerous
attacks
against this software. I'll show some of the problems and attacks in this
write-up. Here's just a summary of the most visible problems I've run
into.

1. Definition file
1.1. "Encrypted" with xor \
1.2. Packed with ZIP with simple password - trivial to intercept def
updates and change the defs
to make the malware invisible
1.3. No checksum in the def file /
1.4. Big redundancy in the def file
1.5. !!! Multiplying the number of entries in the def file with constant
1.46 to make it look it has more definitions !!!

2. Program
2.1. Poorly written checksum algo
2.2. Poorly written scanning algo
2.3. CSI works only for in-memory images
**************************************

http://www.securityfocus.com/archive/1/431582/30/0/threaded for more
details.

Of course, these problem have always existed, and surely the lavasoft
people knew about them (if they didn't know 'encryption' with XOR is no
encryption , Ad-aware needs new programmers!), but getting exposed on a
high profile mailing list, put pressure on them to fix some of the
problems.





Inviato da X-Privat.Org - Registrazione gratuita http://www.x-privat.org/join.php

 

[Chakolate]

Of course, these problem have always existed, and surely the lavasoft
people knew about them (if they didn't know 'encryption' with XOR is no
encryption , Ad-aware needs new programmers!), but getting exposed on a
high profile mailing list, put pressure on them to fix some of the
problems.

Okay, I get it now. I've always used three malware detectors - I figured
nothing gets them all, right?

Chak

--
At least two-thirds of our miseries spring from human stupidity, human
malice and those great motivators and justifiers of malice and stupidity:
idealism, dogmatism and proselytizing zeal on behalf of religous or
political ideas.
--Aldous Huxley

 

[Aaron]

Okay, I get it now. I've always used three malware detectors - I
figured nothing gets them all, right?

The issue isn't whether ad-aware has the signatures to detect malware,
.....


Some other interesting facts

"2.6. !!! Multiplying the number of entries in the def file with constant
1.46 to make it look it has more definitions !!!
And the last and the worst thing about definition file. They take the x
number from OBJ_STREAM (ie. the real object/entries count in the
definition file) and MULTIPLY it with number 1.46 and this value is then
showed to the user as REAL number of definitions in the file."

Yes, they make it look like they have more definitions by multiplying by
1.46. Why 1.46?

Also


"2.7. Poorly written scanning algo
"Scanning speed increased" is what LavaSoft claims. Let's look at the
reality.

Pseudo-C code of Ad-Aware file scan algo follows.
<snipped>

So if you run the Ad-Awares file scan and you hear disk making noisy
sounds, it's not like Ad-Aware is doing a good job finding the malware on
your drive. It's just it uses very poorly written algo, that makes a lot
of unnecessary disk reads thus wasting resources of your computer."

Heh.

And Lavasoft ad-ware supporters, please don't kill the messenger....

Inviato da X-Privat.Org - Registrazione gratuita http://www.x-privat.org/join.php