Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - mikey

Pages: [1]
Web News / Sunbelt joins in sleazy practice
« on: September 26, 2010, 05:53:18 PM »
The general story;

What's new;

The current version of Vipre Antivirus from Sunbelt Software proposes uninstalling Spybot-S&D during their own installation process. But there are no known compatibility problems.

You can avoid the uninstall in their installation wizard by pressing "Next" instead of "Go to uninstall" or "Show me how". Then you will be asked "There are other Antivirus products still installed on your computer. Are you sure you want to continue?" There press "Yes", then Spybot-S&D will stay on your computer.

In case you have uninstalled Spybot with Vipre, to get Spybot - Search & Destroy back, we recommend a fresh installation of Spybot-S&D 1.6.2.

That is the same marketing behaviour that McAfee and Kaspersky uses to kick competitors out of the business. Please do also have a look at this link on our homepage.

Personally, I have no use for any of these bloated underachieving products. While I don't use it like a normal user, I do keep SSD on board a couple test beds and I still occasionally report FPs, errors in routines, and alpha/beta results. I've known Patrick since he first appeared @ Becky 00-01 where I was running application support for Lavasoft and he was talking about his brand new beta.
Unlike any other dev I've met in the industry(most of them), I've seen first hand the integrity and ethics he holds true to. It says a lot when the commercial entities feel the need to play nasty with a freeware. Ask yourself, what is it about SSD that scares them so bad?

Web News / McAfee's Site Hacked
« on: May 05, 2009, 06:41:22 PM »
Quote from: suzi

McAfee, widely recognized as one of the leading providers of online security software for both home and business, appears to be struggling to secure its own Web sites, which at the time of writing this post, allow anyone with enough tech savvy to covertly do whatever they want on, and with, the site.

During tests this weekend, we discovered the company who claims to "keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams," has several cross-site scripting (XSS) vulnerabilities and provides the bad guys with a brilliant - albeit ironic - launching pad from which to unleash their attacks.

There is more in the article including screenshots.

Quote from: mikey

I always expect incompetence with everything associated with McAwful but this is surprising even for them.

As someone well versed in fuzzing, I can tell you from first hand experience that the simple examples given here are very likely to be a systemic warning of much worse probs. Generally speaking, when those of us in the sec world who find and report breaches, don't make public of the details or depth of the probs.

IOWs I expect the situation is much more profound.

Security Alerts & Briefings / New USB Devices Infected
« on: January 12, 2008, 06:40:26 PM »
It seems that folks are being infected when plugging in new devices. Be carefull with that Xmas gift, it may corrupt your sys.





Security Software Programs / Anti-Malware Comparison Testing
« on: December 09, 2006, 12:07:30 PM »
When I see all the many different so called tests of anti-malware products, all I see is a bunch of advertising. In addition to the fact that no two of these so called tests find the same results, I have some other concerns;

How does one who is testing take into account the fact that all of the variables involved as well as the tools themselves are in a perpetual state of flux? Any real testing takes a bit of time. Even before any test is published, the results will already be invalid. While BrandX is still working on a particular definition, BrandY has already done so. Yet the BrandX definition will be published the next day and possibly better developed than that of BrandY. 

Any real benchmark of these tools must include the study of it's removal routines for each type of nasty currently in the wild. That alone is a daunting study. But without it, there is no value to the testing. 

Most F/Ps (false positives) don't occur on a freshly installed system. Removing items falsely can and very often does cripple innocent components. How do you measure the probability of F/Ps? 

A true benchmark of the detections must include a validating sampling of targets. Limiting the sampling does not represent a true test at all. I can make any tool look good by simply limiting the sampling for the test. In all of the testing that has been published by online magazines and other so called professionals, this limiting has caused every single one to have different results. This has also been used as a marketing strategy. 

In addition to studying the detections and removals, what other features are offered by the tools? What proactive features exist and do they work as pitched? Almost every scanner advertises that it protects the system. Do they really? what degree? much of it is just bloat? 

Should any testing done by those affiliated with a particular tool be considered viable? How does anyone reading a test result know if a test was done by someone who is affiliated or has interest in a particular tool? 

I have yet to see a real viable comparison test/benchmark. IMO, the methodology to perform a real comparison does not exist. Also, I believe that 99% of the so called tests published to date are simply advertising ploys and have absolutely no truth to them. I believe the other 1% are just done by well meaning folk who just simply don't have the understanding or expertise required in order to perform such testing.

Ask yourself; Why doesn't any two published comparison testings report the same results?

Security Software Programs / Questions...
« on: November 26, 2006, 05:47:24 PM »
Just a couple of questions I'd like to put to everyone;

Do you think the average user can really protect his system for FREE?


LandzDown Lounge / online games
« on: March 22, 2006, 11:01:48 PM »
Are there any free or reasonably priced online games for the webmaster to DL and not just games pulled from third party sites. I've got a couple now...a PHP Chess game and a java app called FrozenBubble. Anyone know if there are any more around?...doesn't really matter what, PHP, swf, etc.

I already know where lots of games are that are just pulled from third parties but I won't subject my users to third parties where I don't have complete control of content.


Testing / test
« on: October 30, 2005, 12:51:29 AM »

Pages: [1]