Spyware Guard

[Frank Bohan]

<quote> SpywareGuard provides a real-time protection solution against
spyware that is a great addition to SpywareBlaster's protection method. An
anti-virus program scans files before you open them and prevents execution
if a virus is detected - SpywareGuard does the same thing, but for spyware!
And you can easily have an anti-virus program running alongside
SpywareGuard. </quote>

http://www.javacoolsoftware.com/spywareguard.html

===

Frank Bohan
¶ A condom is a lifeguard at the gene pool.

 

[mike555]

=== there have not been updates for Spyware Guard for almost 2 years,
do we really need it if we have Spyware Blaster ? =========

 

[Ron Lopshire]

=== there have not been updates for Spyware Guard for almost 2 years,
do we really need it if we have Spyware Blaster ? =========

Mike,

IMO, it's unfortunate that SpywareGuard uses the term "Definitions"
with respect to the last update, currently 1/22/04. SpywareGuard uses
Heurstics, not a comparative database. It still needs updating, just
not as often.
http://en.wikipedia.org/wiki/Heuristic_(computer_science)

Here is the best description, from the author, that I have found about
SpywareGuard.
http://castlecops.com/postitle125520-0-0-.html

<QUOTE>

The current real-time protection built into SpywareGuard 2.2 has been
extended about as much as is possible - which unfortunately means a
complete rewrite is in order to allow for future changes and updates.
This is something I've been working on, but it hasn't been quick in
coming.........

That said, again the most effective and useful protection for most
users has probably been the Browser Hijacking Protection component
(which alerts when various browser settings are changed in real-time),
which doesn't require the database updates.........

A new version of SpywareGuard, with some rather interesting new
features, is in development. While I don't yet have a clue when it'll
be ready for release, I can say that, regardless of how effective you
personally consider the real-time scanning component, the current
version of SpywareGuard provides some strong protection against
Browser Hijacking - by alerting the user as soon as such activity is
detected.

</QUOTE>

And so, I would think that SG might be of use to many, especially for
those who insist in using unsecure browsers such as IE with ActiveX,
Java and Javascript all enabled.

Ron

 

[Aaron]

Mike,

IMO, it's unfortunate that SpywareGuard uses the term "Definitions"
with respect to the last update, currently 1/22/04. SpywareGuard uses
Heurstics, not a comparative database. It still needs updating, just
not as often.
http://en.wikipedia.org/wiki/Heuristic_(computer_science)

Here is the best description, from the author, that I have found about
SpywareGuard.
http://castlecops.com/postitle125520-0-0-.html

<QUOTE>

The current real-time protection built into SpywareGuard 2.2 has been
extended about as much as is possible - which unfortunately means a
complete rewrite is in order to allow for future changes and updates.
This is something I've been working on, but it hasn't been quick in
coming.........

That said, again the most effective and useful protection for most
users has probably been the Browser Hijacking Protection component
(which alerts when various browser settings are changed in real-time),
which doesn't require the database updates.........

A new version of SpywareGuard, with some rather interesting new
features, is in development. While I don't yet have a clue when it'll
be ready for release, I can say that, regardless of how effective you
personally consider the real-time scanning component, the current
version of SpywareGuard provides some strong protection against
Browser Hijacking - by alerting the user as soon as such activity is
detected.

</QUOTE>

And so, I would think that SG might be of use to many, especially for
those who insist in using unsecure browsers such as IE with ActiveX,
Java and Javascript all enabled.

I've seen this quote (which is from javacool btw) and come to the
opposite conclusion.

The statement above all but concedes that the real time protection (the
portion that detects specific malware) is useless right now without a
rewrite , despite attempts by people to confuse the issue by appealing to
heuristics.

The only thing of value as mentioned about is the browser hijacker
protection component which monitors registry keys relating to browser
settings and alerts you on changes.

But even then, I would prefer if possible to rely on modern and more
updated software like Winpatrol, Microsoft Antispyware etc which cover
this area and more.

 

[Imposter]

The statement above all but concedes that the real time protection (the
portion that detects specific malware) is useless right now without a
rewrite , despite attempts by people to confuse the issue by appealing to
heuristics.

Good thinking Aaron, I think I've kept this on my 'puter too long. It's
gone.

 

[Ron Lopshire]

I've seen this quote (which is from javacool btw) and come to the
opposite conclusion.

The statement above all but concedes that the real time protection (the
portion that detects specific malware) is useless right now without a
rewrite , despite attempts by people to confuse the issue by appealing to
heuristics.

The only thing of value as mentioned about is the browser hijacker
protection component which monitors registry keys relating to browser
settings and alerts you on changes.

But even then, I would prefer if possible to rely on modern and more
updated software like Winpatrol, Microsoft Antispyware etc which cover
this area and more.

1) The issue with heuristics is the POS MS Registry. As long as the
architecture of this abomination doesn't change, the rules for
examining changes to it may not need to change.

2) I haven't used WinPatrol (a heuristic approach to malware
detection), and probably won't:
(http://www.techsupportalert.com/intrusion-detection-p2.htm)

3) I use MSAS, but I would _never_ rely on any product from MS for
intrusion detection. MS doesn't see the indiscriminate use of ActiveX
(among other things) as a problem, and as such this precludes placing
MS high on my list of providers of security-related apps. And I won't
even get into the Claria conflict-of-interest issue.

4) All that said, it would be interesting to see controlled tests of
Spyware Guard, WinPatrol, and other IDS apps with regard to
intercepting hijacks. It may very well be that all of this is smoke
and mirrors.

Ron

 

[BillP Studios]

4) All that said, it would be interesting to see controlled tests of
Spyware Guard, WinPatrol, and other IDS apps with regard to
intercepting hijacks. It may very well be that all of this is smoke
and mirrors.

Ron

I know what you mean about smoke and mirrors but I still felt compelled
to reply.
WinPatrol is very simple and straight forward.
It actually provides two distinct functions which are separated for
optimized monitoring.

The real-time monitor uses a unique in how it detects changes. The
system impact is negligible and the detection success is documented.
http://www.winpatrol.com/rid.html
It requires no previous knowledge of threat and while I admit it may
not be able to stop everything it will at least alert you to the
change.

The interface component WinPatrol Explorer is an all purpose utility
handy for anyone who wants to know more about their system with one
single program.
It combines MSConfig, Services.msc, TaskScheduler, FileType manager, as
well as listing BHO's and Toolbars. The information available goes
well beyond any of the basic tools on their own.

Even if you don't want to have WinPatrol as an IDS monitor I would
invite you to check out the handy tabbed interface of WinPatrol
Explorer. With the exception of the PLUS Info button it's all free.

I appreciate the recommendation of using established programs.
WinPatrol was first released in 1997. No smoke, no mirrors. Just basic
information that *I* wanted to know about my system and stuff I'm sure
you'll appreciate as well.

Happy Holidays!
Bill Pytlovany
BillP Studios
http://billpstudios.blogspot.com/

 

[ellis_jay]

I know what you mean about smoke and mirrors but I still felt
compelled to reply.
WinPatrol is very simple and straight forward.
It actually provides two distinct functions which are separated for
optimized monitoring.

The real-time monitor uses a unique in how it detects changes. The
system impact is negligible and the detection success is documented.
http://www.winpatrol.com/rid.html
It requires no previous knowledge of threat and while I admit it may
not be able to stop everything it will at least alert you to the
change.

The interface component WinPatrol Explorer is an all purpose utility
handy for anyone who wants to know more about their system with one
single program.
It combines MSConfig, Services.msc, TaskScheduler, FileType manager,
as well as listing BHO's and Toolbars. The information available goes
well beyond any of the basic tools on their own.

Even if you don't want to have WinPatrol as an IDS monitor I would
invite you to check out the handy tabbed interface of WinPatrol
Explorer. With the exception of the PLUS Info button it's all free.

I appreciate the recommendation of using established programs.
WinPatrol was first released in 1997. No smoke, no mirrors. Just basic
information that *I* wanted to know about my system and stuff I'm sure
you'll appreciate as well.

Happy Holidays!
Bill Pytlovany
BillP Studios
http://billpstudios.blogspot.com/

Thanks for a GREAT program, Bill!

--

Their ethics are a short summary of police ordinances: for them the
most important thing is to be a useful member of the state, and to air
their opinions in the club of an evening; they have never felt the
homesickness for something unknown and far away, nor the depths which
consists in being nothing at all. ___________Soren Kierkegaard

Ellis_jay

 

[Aaron]

1) The issue with heuristics is the POS MS Registry. As long as the
architecture of this abomination doesn't change, the rules for
examining changes to it may not need to change.

I'm not sure in what sense you are talking about heuristics.

When I see Javacool talk about it, he is talking about the ability of SG's
real time protection to detect related families, much like antivirus's
heuristics. This CANNOT detect new strains and may not even detect related
families depending on the degree of change. Neither is this simple registry
monitoring.

Now considering that if you look at AV comparitives retrospective tests,
that the very best AV can detect only about 50% after 3 months, and
factoring the knowledge that spyware and adware have evolved a lot faster,
is it very sensible to insist that heuristics can cover , almost 2 years
lack of updates?

The second thing SG does is to monitor generic changes, this is registry
monitoring related (browser hijack protection) , I personally do not
consider this as heuristics but perhaps this is what you mean?

In this area, SG suffers as well, since the areas it's monitors pales in
consideration compared to more modern alternatives. It's simple enough to
use Sysinternals regmon to see what is being polled and look at
http://www.wilderssecurity.com/showthread.php?
s=f9442352e7f457768f459f5faa187ec3&t=32823

This thread is somewhat old, and Winpatrol has advanced since then but it
gives you an idea.


It's amazing the number of ways a program can autostart, and new ways are
found regularly.
In fact, I can state for a fact that no program out of the box, covers all
known registry keys that allow autostart! In general for programs that do
registry polling, there is a cost invoved for covering execessive keys so
not all keys are covered , just the most common ones.

In any case, I have no doubt that SG defenders will continue to support
their program out of inertal. After all, it was one of the first free ones
and javacool contributions are well acknowledged.

Interesting enough I notice that SG is NOT in Pricelessware 2005, while it
was in 2004. So perhaps people are coming around to my way of thinking?

2) I haven't used WinPatrol (a heuristic approach to malware
detection), and probably won't:
(http://www.techsupportalert.com/intrusion-detection-p2.htm)

Bill has already addressed this.

3) I use MSAS, but I would _never_ rely on any product from MS for
intrusion detection. MS doesn't see the indiscriminate use of ActiveX
(among other things) as a problem,

MSAS does not use activex. In fact I believe it will inform you when one is
added.

and as such this precludes placing
MS high on my list of providers of security-related apps.

I'm sure you have heard that the base technology of MSAS comes from a
mature and leading antispyware product, Giant Antispyware. The real time
protection generic component is far advanced over SG, as a modern Post-cold
war Fighter is over a WWI plane. Ditto for Winpatrol.

About signature detections.

And I won't
even get into the Claria conflict-of-interest issue.

I would point out that the Claria issue, does not affect real time
monitoring which is generic.

Besides SG itself will not detect Claria (and many more threats because of
the lack of updates), while MSAS does detect it in its signatures, and
gives you a choice to remove it.

Signature wise, MSAS wins too. SG hasn't being updated since Jan 2004!

4) All that said, it would be interesting to see controlled tests of
Spyware Guard, WinPatrol, and other IDS apps with regard to
intercepting hijacks. It may very well be that all of this is smoke
and mirrors.

Perhaps, but a simple comparison of what spyware guard signatures and
registry monitoring shows it's far behind and pointless to test.

 

[Ron Lopshire]

I'm not sure in what sense you are talking about heuristics.

In the true, etymological sense. Nothing more. Nothing less.

When I see Javacool talk about it, he is talking about the ability of SG's
real time protection to detect related families, much like antivirus's
heuristics. This CANNOT detect new strains and may not even detect related
families depending on the degree of change. Neither is this simple registry
monitoring.

Now considering that if you look at AV comparitives retrospective tests,
that the very best AV can detect only about 50% after 3 months, and
factoring the knowledge that spyware and adware have evolved a lot faster,
is it very sensible to insist that heuristics can cover , almost 2 years
lack of updates?

The author/developer makes this point.

The second thing SG does is to monitor generic changes, this is registry
monitoring related (browser hijack protection) , I personally do not
consider this as heuristics but perhaps this is what you mean?

What I meant was Registry-monitoring as it applies specifically to
browser-hijacking.

In this area, SG suffers as well, since the areas it's monitors pales in
consideration compared to more modern alternatives. It's simple enough to
use Sysinternals regmon to see what is being polled and look at
http://www.wilderssecurity.com/showthread.php?
s=f9442352e7f457768f459f5faa187ec3&t=32823

This thread is somewhat old, and Winpatrol has advanced since then but it
gives you an idea.

Thanks for the link. Some good info.

It's amazing the number of ways a program can autostart, and new ways are
found regularly.
In fact, I can state for a fact that no program out of the box, covers all
known registry keys that allow autostart! In general for programs that do
registry polling, there is a cost invoved for covering execessive keys so
not all keys are covered , just the most common ones.

No program could possibly monitor the XP Registry completely with user
notification of changes without rendering the system useless.

In any case, I have no doubt that SG defenders will continue to support
their program out of inertal. After all, it was one of the first free ones
and javacool contributions are well acknowledged.

Interesting enough I notice that SG is NOT in Pricelessware 2005, while it
was in 2004. So perhaps people are coming around to my way of thinking?

I think that I should have been more clear WRT to my reply to the OP,
as I parroted the developer. Javacool continues to advocate the use of
SG as a complement to SpywareBlaster which is still considered a
worthwhile AS app by many. I am in no way advocating the use of either
product over another product.

Bill has already addressed this.

I don't know about that, but I do appreciate Bill's comments.

MSAS does not use activex. In fact I believe it will inform you when one is
added.

I said MS ... the use of ActiveX, _not_ MSAS. If MSAS used ActiveX, it
would not be on my WinXP box. MSAS informs me when I disable ActiveX
with Eric's batch file, but it has no problem when I enable it from
the GUI. And it has no problem with ActiveX being installed and run
from the MS Server. Elsewhere? I wouldn't know as I only use IE for
dealing with MS.

I'm sure you have heard that the base technology of MSAS comes from a
mature and leading antispyware product, Giant Antispyware. The real time
protection generic component is far advanced over SG, as a modern Post-cold
war Fighter is over a WWI plane. Ditto for Winpatrol.

About signature detections.

I would point out that the Claria issue, does not affect real time
monitoring which is generic.

Besides SG itself will not detect Claria (and many more threats because of
the lack of updates), while MSAS does detect it in its signatures, and
gives you a choice to remove it.

Signature wise, MSAS wins too. SG hasn't being updated since Jan 2004!

I was not talking about signatures, just the browser-hijacking issue.
And my points about Microsoft (not MSAS) WRT to the XP Registry,
ActiveX and Claria were strictly philosophical. Spybot S&D ignores
C-Dilla and SideStep by default, but this is presumably due to the
threat of litigation, and not the fact that Safer Networking has
entered into a business relationship with Macrovision. If C-Dilla
isn't spyware, WTF is?

Perhaps, but a simple comparison of what spyware guard signatures and
registry monitoring shows it's far behind and pointless to test.

Signatures? Of course, but we're not talking about signatures.
Registry monitoring? I don't know. It's like comparing an AV engine to
the vendor's database. There are those in a.c.a-v who contend that the
NAV engine hasn't changed since 2002, but is still adequate for use as
an AV app.

I appreciate your comments, but I think that you misunderstood my
position. My bad, of course. Is SG of use as a complement to
SpywareBlaster? Javacool software still contends that this is the
case. Whether this is true or not, I have no idea. That was my point.

Ron

 

[Ron Lopshire]

I appreciate the recommendation of using established programs.
WinPatrol was first released in 1997. No smoke, no mirrors. Just basic
information that *I* wanted to know about my system and stuff I'm sure
you'll appreciate as well.

Happy Holidays!
Bill Pytlovany
BillP Studios
http://billpstudios.blogspot.com/

Bill,

Season's greetings to you and yours as well. And thanks for your
reply. In January, I am going to add hardware and software, including
upgrading KAV (KIS 2006). I am just getting into IDS/IPS, and will
evaluate WinPatrol as a complement to KAV. Thanks again.

Ron

 

[Aaron]

In the true, etymological sense. Nothing more. Nothing less.

And here I thought you meant it in the technical sense in which there is
quite a bit of confusion.

What I meant was Registry-monitoring as it applies specifically to
browser-hijacking.

In that area, SG is also inadqueate compared to its rivals. Which was my
point. The art of browser hijacking has improved by leaps and bounds,
since the days of SG. There are much more ways to hijacking a browser
than just changing

HKLM\Software\Microsoft\Internet Explorer\Main\*
and a few other minor keys.

No program could possibly monitor the XP Registry completely with user
notification of changes without rendering the system useless.

There is of course no need to monitor the while Registry. But even
monitoring a limited subset that allows autostarts is a much harder task
then expected. Still you try to keep up with the most common ones used by
malware.

And this is yet another area where SG has lagged behind.

Or you could use hooking as opposed to polling which lightens the load
tremendously.

I think that I should have been more clear WRT to my reply to the OP,
as I parroted the developer. Javacool continues to advocate the use of
SG as a complement to SpywareBlaster which is still considered a
worthwhile AS app by many.

As I said before, many people will continue to support it out of
inertial, and of course when we come down to it,, it's better than
nothing. But still, a shrew reading of the statement you quote (which btw
is several months old by now), and reading between the lines, it's time
to switch.

I am in no way advocating the use of either
product over another product.

Of course not. But *I* am advocating against the use of SG in view of the
fact there are better free alternatives. Neither am I contradicting
Javacool, since he is not commenting on other products.

He is saying only the browser hijack component works. I'm not
disagreeing, it works if the browser hijacks the few keys monitored.

I'm just saying given the fact that there are far more ways to hijack a
browser , I wouldn't rely on SG to provide too much protection.

I said MS ... the use of ActiveX, _not_ MSAS. If MSAS used ActiveX, it
would not be on my WinXP box.

Personally I think this fear of ActiveX is misplaced, but that will be
another topic, another day.

In any case, I'm giving you another reason to use MSAS.

I stand by this.

I was not talking about signatures, just the browser-hijacking issue.

My point is in both areas, SG is provably inferior to any other
alternative out there.

Signatures? Of course, but we're not talking about signatures.
Registry monitoring? I don't know. It's like comparing an AV engine to
the vendor's database.

Nonsense. With due respect you don't have a clue at all what you are
talking about when comparing AV engines to simple registry monitoring.
MSAS, Winpatrol, SG etc all poll the registry, it is transparent and
simple to compare what they are doing with regmon. Nothing complicated is
happening.

An AV engine on the other hand is really a black box. They handle packers
in different ways, some use passive heuristics, some use emulation,
static unpackers etc..

There are those in a.c.a-v who contend that the
NAV engine hasn't changed since 2002, but is still adequate for use as
an AV app.

It's extremely unlikely that ANY contunually updated AV product's AV
engine hasn't changed since 2002, anyone who contends that is highly
misinformed. Please point me to someone who thinks that. AV engines are
changed to handle packers for example.

I appreciate your comments, but I think that you misunderstood my
position. My bad, of course. Is SG of use as a complement to
SpywareBlaster? Javacool software still contends that this is the
case. Whether this is true or not, I have no idea. That was my point.

I did not misunderstand your position. I'm stating my disagreement. Based
on facts, not on bias against MS, or some misplaced loyalty to an aging
and mostly obselte app.

It's a stand I have advocated for a long time now, and even when javacool
came up with this statement you quote (I read it on broadband DSL months
ago), it's fustrating to see diehard SG supporters still failing to get
it.

I do understand that you are a diehard SG supporter, and SG is clearly
better than nothing. But that doesn't mean it isn't inferior to other
freeware alternatives out there.

These include

Winpatrol
MSAS
And perhaps Avorax Shield (but I haven't tried this yet to test its
effectiveness)

Maybe it's all smoke and mirrors to you, but if you try to study and
research the issues as I have done, the smoke gets a bit less well smoky.

I'm hardly an expert, but it is possible to get some answers based on
objective citeria (say studying the effects of spyware and adware),
rather than listening to hearsay and rumours that MS is evil. Or that
Winpatrol polls too slowly.

 

[Aaron]

In the true, etymological sense. Nothing more. Nothing less.

And here I thought you meant it in the technical sense in which there is
quite a bit of confusion.

What I meant was Registry-monitoring as it applies specifically to
browser-hijacking.

In that area, SG is also inadqueate compared to its rivals. Which was my
point. The art of browser hijacking has improved by leaps and bounds,
since the days of SG. There are much more ways to hijacking a browser
than just changing

HKLM\Software\Microsoft\Internet Explorer\Main\*
and a few other minor keys.

No program could possibly monitor the XP Registry completely with user
notification of changes without rendering the system useless.

There is of course no need to monitor the while Registry. But even
monitoring a limited subset that allows autostarts is a much harder task
then expected. Still you try to keep up with the most common ones used by
malware.

And this is yet another area where SG has lagged behind.

Or you could use hooking as opposed to polling which lightens the load
tremendously.

I think that I should have been more clear WRT to my reply to the OP,
as I parroted the developer. Javacool continues to advocate the use of
SG as a complement to SpywareBlaster which is still considered a
worthwhile AS app by many.

As I said before, many people will continue to support it out of
inertial, and of course when we come down to it,, it's better than
nothing. But still, a shrew reading of the statement you quote (which btw
is several months old by now), and reading between the lines, it's time
to switch.

I am in no way advocating the use of either
product over another product.

Of course not. But *I* am advocating against the use of SG in view of the
fact there are better free alternatives. Neither am I contradicting
Javacool, since he is not commenting on other products.

He is saying only the browser hijack component works. I'm not
disagreeing, it works if the browser hijacks the few keys monitored.

I'm just saying given the fact that there are far more ways to hijack a
browser , I wouldn't rely on SG to provide too much protection.

I said MS ... the use of ActiveX, _not_ MSAS. If MSAS used ActiveX, it
would not be on my WinXP box.

Personally I think this fear of ActiveX is misplaced, but that will be
another topic, another day.

In any case, I'm giving you another reason to use MSAS.

I stand by this.

I was not talking about signatures, just the browser-hijacking issue.

My point is in both areas, SG is provably inferior to any other
alternative out there.

Signatures? Of course, but we're not talking about signatures.
Registry monitoring? I don't know. It's like comparing an AV engine to
the vendor's database.

Nonsense. With due respect you don't have a clue at all what you are
talking about when comparing AV engines to simple registry monitoring.
MSAS, Winpatrol, SG etc all poll the registry, it is transparent and
simple to compare what they are doing with regmon. Nothing complicated is
happening.

An AV engine on the other hand is really a black box. They handle packers
in different ways, some use passive heuristics, some use emulation,
static unpackers etc..

There are those in a.c.a-v who contend that the
NAV engine hasn't changed since 2002, but is still adequate for use as
an AV app.

It's extremely unlikely that ANY contunually updated AV product's AV
engine hasn't changed since 2002, anyone who contends that is highly
misinformed. Please point me to someone who thinks that. AV engines are
changed to handle packers for example.

I appreciate your comments, but I think that you misunderstood my
position. My bad, of course. Is SG of use as a complement to
SpywareBlaster? Javacool software still contends that this is the
case. Whether this is true or not, I have no idea. That was my point.

I did not misunderstand your position. I'm stating my disagreement. Based
on facts, not on bias against MS, or some misplaced loyalty to an aging
and mostly obselte app.

It's a stand I have advocated for a long time now, and even when javacool
came up with this statement you quote (I read it on broadband DSL months
ago), it's fustrating to see diehard SG supporters still failing to get
it.

I do understand that you are a diehard SG supporter, and SG is clearly
better than nothing. But that doesn't mean it isn't inferior to other
freeware alternatives out there.

These include

Winpatrol
MSAS
And perhaps Avorax Shield (but I haven't tried this yet to test its
effectiveness)

Maybe it's all smoke and mirrors to you, but if you try to study and
research the issues as I have done, the smoke gets a bit less well smoky.

I'm hardly an expert, but it is possible to get some answers based on
objective citeria (say studying the effects of spyware and adware),
rather than listening to hearsay and rumours that MS is evil. Or that
Winpatrol polls too slowly.

 

[Art]

It's extremely unlikely that ANY contunually updated AV product's AV
engine hasn't changed since 2002, anyone who contends that is highly
misinformed. Please point me to someone who thinks that. AV engines are
changed to handle packers for example.

Not necessarily. Kaspersky, for example, ugrades unpacking capability
via normal updates. This allows very old versions, including DOS
versions, to have essentially the same detection capabilites as the
latest versions. I say "essentially" since there are sometimes
detection features that only exist with more current versions. For
example, Kaspersky claims that starting with version 4.X there is
a improved memory scanning capabilty. But I can take a old GUI
version 3.5 .... or I can take KAVDOS32 build 135 dating back to
May, 2001 .... and expect their detection rates to be identical to
the latest versions 6.X. I haven't tested for this in awhile ... it
requires a large malware collection of stuff in various categories,
and it must include many newer samples. But I've done it in the past
six months or so.

There was a time several years back when the old 16 bit AVPLite for
DOS finally kinda petered out, though. It failed to detect _some_
samples of script malware that KAVDOS32 did detect. No mention
of this from Kaspersky. Seems it's up to some of us to alert people
when this sort of thing arises.

Art

http://home.epix.net/~artnpeg

 

[Ron Lopshire]

I do understand that you are a diehard SG supporter, and SG is clearly
better than nothing. But that doesn't mean it isn't inferior to other
freeware alternatives out there.

These include

Winpatrol
MSAS
And perhaps Avorax Shield (but I haven't tried this yet to test its
effectiveness)

Maybe it's all smoke and mirrors to you, but if you try to study and
research the issues as I have done, the smoke gets a bit less well smoky.

I'm hardly an expert, but it is possible to get some answers based on
objective citeria (say studying the effects of spyware and adware),
rather than listening to hearsay and rumours that MS is evil. Or that
Winpatrol polls too slowly.

Aaron,

Probably time to let this go, but:

1) I was in NO way comparing the functionality of a Registry monitor
to that of an AV scan engine. Just that while
signatures/databases/definitions files MUST be updated often, other
components of an anti-malware product not as often. If my AV app (I
use KAV) only updated its databases once per day or less, I would dump it.

2) Now I know that you have misunderstood my position. I am in NO way
advocating the use of SG, particularly in lieu of another product. It
_may_ be of use as a complement to SB, according to Javacool Software,
but I am seriously thinking of dumping SB, and hence SG. I find it
very disconcerting that its (SB) protection features are so easily
disabled, without any notification, every time that I update any other
app on my WinXP box. But then, that is the nature of the beast, the
WinXP Registry. Not diehard by any means.

3) I am _not_ an MS basher. I have used MS Excel for years, and will
continue to do so (on an MS platform), as OO will probably not catch
up to Excel in my lifetime. True, I am not a fan of ActiveX, but that
is due to more than just security issues. I find it an unnecessary
component of MS Office, and should not be enabled by default in IE for
_most_ users. And with IE 7, ActiveX will be optin, as, IMHO, it
should have been all along.

4) As I said, thanks for the link. While I appreciate Gizmo's thoughts,
(http://www.techsupportalert.com/intrusion-detection.htm)
(http://www.techsupportalert.com/intrusion-detection-p2.htm)
your link
(http://www.wilderssecurity.com/showthread.php?s=f9442352e7f457768f459f5faa187ec3&t=32823)
Short version: (http://tinyurl.com/7odsl)
is more of what I am looking for WRT IDS/IPS ... tests and
comparatives, not just opinions. As you said, tests get rid of some of
the smoke. <g>

Seasons greetings to you and yours,
Ron