dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
19

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 recommendation

Name Game to jaykaykay

Premium Member

to jaykaykay

Re: BullGuard And Eicar.org

said by jaykaykay:

Hadn't seen that one before. Interesting program/file.

It is a good one for testing..I stopped even recommending using eicar since many AV have to be setup to dectect spyware to id it today..I have used this one which to me makes more sense.

Why did you call it Spycar?
Spycar, the name, is in homage to the venerable EICAR anti-virus test file. This file was an historic project, created by CARO and published by EICAR. If your AV product does not alert you in the presence of the EICAR file, your anti-virus tool isn’t functioning properly (or, it was not designed to detect the EICAR file, a substantial unlikelihood for most modern anti-virus tools). In honor of the fine work of CARO and EICAR, we called our anti-spyware testing tool Spycar.

It is vital to note that the Spycar suite and the EICAR file are different types of things. Spycar is NOT an EICAR file for evaluating anti-spyware tools. The EICAR file can be used to verify that your anti-virus tool is alive and running. Spycar tests behavior-based alerting and blocking. Consider this analogy to illustrate the difference. You’ve got a smoke detector, and you want to see if it is working. The EICAR file is like the big red test button on the smoke detector. When you push the button, the smoke detector beeps, telling you that the battery is charged and everything seems to be working properly. Using Spycar, on the other hand, is more akin to blowing smoke into the smoke detector, then lighting a match by it, and so on. With Spycar, you are using a tool that mimics the behavior of a real fire (again, in a benign fashion) to see if your smoke detector is protecting you.

Is Spycar a Comprehensive Test of Anti-Spyware Tools?
No. Spycar models some behaviors of spyware tools to see if an anti-spyware tool detects and/or blocks it. But, spyware developers are very creative, adding new and clever behaviors all the time. Spycar tests for some of these common behaviors, but not all. Also, with its behavior-based modeling philosophy, Spycar does not evaluate the signature base, the user interface, and other vital aspects of an anti-spyware tool. Thus, Spycar alone cannot be used to determine how good or bad an anti-spyware product is. We’ve used it to find several gaps in anti-spyware product defenses, but Spycar is but one tool for analyzing one set of characteristics of anti-spyware products. A comprehensive review of anti-spwyare tools should utilize a whole toolbox, of which Spycar may be one element. Ed Skoudis and Tom Liston wrote an article for Information Security Magazine comparing various enterprise anti-spyware tools, and Spycar was a small subset of our more comprehensive tests. You can see that article here.

»www.spycar.org/Welcome%2 ··· car.html

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

jaykaykay

MVM

Nice, long EULA!