In
Jose said:
I will install it.
I have tried at least a dozen registry cleaners/optimizers/compactors/
compressors/defragmenters/remove unnecessary thingers.
What kind of testing and analysis would you do if you had the time?
Actually, I wouldn't bother wtih it now. As you may have noticed in one of
my other responses some of the things I have figured out now, and had a few
responses here that back that up, says it's most likely not worth bothering
with.
I'm still curious, having a tendency to not burn bridges between me, but
I think I'll leave it until the holidays when I can get more consecutive
time together.
As for how/what I'd test and analyze, I have a few things I use but a lot of
it comes from using the program after the research and seeing where its
activities lead me. Most of these following are simply things I've picked up
around the 'net and only the implementations might actually be originated by
me. A sniffer you understand how to use is pretty handy, as are file
comparison ware and up to the minute disk images, plus file and registry
monitors, things like that. It has to be a labor of love, something
interesting, to do or the boredom of it will destroy any functional
outcomes. Patience and Perseverence become the top keywords<g>.
Things like, but far from being all-inclusive:
-- Check reputation, blocklists, complaints, newsgroup mentions, nanae,
etc. etc.. You have to be good at spotting the trends and separating them
from the chaff and WAGs.
-- Most important: Have a SANDBOX available; never use a production machine
when messing around with disk images known to contain malware.
-- Does it allow you to "unfix" fixes?
-- Does it do any repairs without giving you the chance to opt out of them?
-- If I fix it once, then fix it again, then discover one of the removals
it did was necessary to get program X to work properly, can I unroll that
specific change to get X to work again?
-- Are there any/many false positives?
-- Likewise with misses. In checking these I often use the fake virus Eicar
and three infected disk images from another computer that coincidentally
happened to be close enough to mine that I can "unfix" things to my own
compuer, meaning I can put those viruses onto my own computer and see if
they get caught.
Unfortunately (or fortunately<g>) I haven't had any malware in so long
I've nothing of my own to use for testing purposes. But clients have
provided me with some usable code they were infected with.
-- Speed of course. Hopefully such things have their own protected and
specialized engines so they don't chance using already infected executables
anywhere. Speed can be difficult to measure and I've never been certain I
got it accurate but then I'm usually looking for orders of magnitude, not a
few points one way or the other.
-- Specifically how it treats things like the GAIN spyware & the other
names it comes under, the one that will load more and more spyware
permanently as long as it's on the machine and is one real bitch to clean
off. Last I heard, the law suits GAIN started had all been turned down and
refused by the courts but that was some time ago. I don't know if the site/s
still exist to get it from, but it used to be real easy; there was a
particular one for smilies that tricked a lot of people, including myself
because it was recommended by a knowledgeable and reliable friend. Just
proved; do it yourself. Never depend on someone else's opinions/outcomes.
-- If they claim to "optimize" the registry, do they really, or do they
simply move a couple things up/down to make the boot seem different?
-- Keep good backups of the registry components for file comparisons so the
precise, exact changes can be seen and evaluated.
-- Is it customized to "allow" certain spywares to get through? Many are
these days. First time I ran into that was the GAIN incident, using Yahoo's
bastardized version of Norton AV. That one's a lot harder to check and
AFAIK only experience can give you the ammunition to be able to do at least
cursory testing. In the Yahoo case, they did admit to allowing GAIN (a
response to the law suit) but it was buried several tiers deep in their
policies and very vaguely defined at that.
-- Does it touch the HOSTS or any other type of file? That's a
show-stopper.
-- It can't phone home for any reason.
There's a lot more, some of it really simple, and I realize that's a little
haphazard as written, but it's the idea behind it all. The last time I did
one of those it took me almost 4 weeks but I work slowly and in spurts
rather than chance missing anything obvious, which is real easy to do. Oh,
and you have to watch out for dates of origin of the information too.
After that you at least get a feeling for whether it's malware or sending
out information as opposed to doing what it advertises. No damage or covert
changes are made to anything, etc.. So it becomes time to try the product
in reality and get some real world experience with it.
After an application appears to be doing what it says it'll do, then I
consider user friendliness, how it fits with the way I want to work, how
many things it locks up while it's running, appearance and ease of finding
the features/controls I want.
I don't recall whether you're pro/con registry manipulators but I decided to
spend a few minutes bashing the keyboard to write this since you asked, so
there 'tis.
If nothing else I'll have given some people some food for thought and
probably irritated the misinformatoinists too but that's OK. Coming from an
engineering background I'm naturally curious about how/if/why things
work/don't work, so that's why I feel I know just a little about the subject
from efforts so far.
If you do install & check it out, I would be quite interested in your
opinions and the outcomes but as I said earlier, I don't really expect it to
be stellar results, although I'd be satisfied if it just did what it said it
does and meets minimal expectations.
I'd like to spend some time over the holidays checking things further and
your own opinions might be pretty helpful in determining mehodologies for
the effort.
Regards,
Twayne
