Re: Sunbelt Adjusts WhenU Detections

Author	All Replies
eburger68 Premium,MVM join:2001-04-28 1 edit	reply to ghost16825 Re: Sunbelt Adjusts WhenU Detections ghost16825: I'm afraid this kind of software can't be analyzed using the "uncontentious" criteria that you've excerpted from the Sunbelt Listing Criteria. The "uncontentious" criteria you've come up with become plenty contentious once you realize all the software caught in the net of such ridid criteria, which are too focused on pure software functionality. To wit: "Un-contentious:" Installs via ActiveX controls - Macromedia Flash (and hundreds of other legitimate browser plugins, including online anti-malware scanners) (virtually uncontentious) installs via a security exploit or vulnerability - (note: hinges on definition of exploit/vulnerability) displays third-party advertising in pop-ups - standard web browser reconfigures the user's browser home page, search settings, or other user-selectable browser preferences - numerous programs do this, including software packages that users install from their ISPs modifies or deletes the HOSTS file - TDS-3, Hostess cause those PCs to establish phone connections to premium rate phone numbers (over X dollars/min) - some folks do like premium rate dialers (and dialers are quite common and often used in Europe) (with a comprehensive set of subcategories) collects Personally Identifiable Information - again, plenty of programs do this lacks an End User License Agreement - this one nails half of the freeware on the internet, and plenty of legitimate payware as well You'll surely protest that there's a difference between the "illegitimate" software that you meant to catch with those criteria and the "legitimate"/"innocent" software that, in a literal reading of those criteria, also happen to fit the bill. And I would agree -- there is a difference. The trick lies in putting your finger on it without being completely arbitrary in doing so -- that is to say, without resorting to hidden, assumed criteria that are contentious. Eric L. Howes
eburger68 Premium,MVM join:2001-04-28 1 edit	to forum · permalink · · 2005-07-22 06:06:45 ·
ghost16825 Use security metrics Premium join:2003-08-26	said by eburger68 : The trick lies in putting your finger on it without being completely arbitrary in doing so -- that is to say, without resorting to hidden, assumed criteria that are contentious. Eric L. Howes Ah, but that's it. What you're saying is that the difference is only intent. Wouldn't it be much easier to just detect spyware based arbitrarily on the whim of someone at Sunbelt (like yourself), regardless of the installation behaviour, what registry entries are put where, etc? Sure, it would be a totally unprofessional and a non-transparent process but if dslreports users are any indication, most users might actually be happier with this criteria!!??? Thanks for taking the time to reply to the posts in this thread. =======Somewhat irrelevant part starts here==== Re: my criteria-based idea - some explanation is needed. In my opinion any detection policy is based mainly on two things. Firstly, decisions by any Anti-Spyware vendor need to have a clear scope. What should be detected, and what is some other software's problem to fix. I have not researched Sunbelt's scope of detection I personally would stick with detection of only commercial-offerings or modifications of commercial software. Additionally, this anti-spyware software might contain some limited sandbox functions for common spyware vectors. eg. Software using global hook prompts, BHO install attempt etc. (This would be to cover a very small amount of any non-commerical spyware). Any home grown spyware which didn't use a common technique would not be detected. The second main influence on a spyware detection policy is assumed knowledge of user. It would seem that most anti-spyware vendors have attempted to make minor setting adjustments based on user knowledge or just assumed no baseline whatsoever. In my opinion this has been a failure. It seems that it is much harder to differentiate between different user levels in the anti-spyware software market. Hence, the reason for my idea of a policy-based detection mechanism and forced user decisions on what the intent of the detected software is. I think this would be more accessible and transparent to everyone, than any industry-created terms for classes of spyware for which every software has a different term for, no matter how clear it may be. I think B may have stated in the past that he/she believed Acrobat Reader and the Google toolbar should be on some 'adware' list in anti-spyware applications. Whatever your opinions on this, it seems likely that we may see cases on the line between 'clear permission' and 'unauthorized or unwanted'. When this occurs I believe a policy-based software based entirely on pure functionality with forced user decisions, regardless of user skill level, will be the only way to deal with this issue. -- Admin of the Kerio 2x-like open source project: http://sourceforge.net/projects/kerio/ http://kerio.sourceforge.net/
	to forum · permalink · · 2005-07-23 23:12:27 ·


Friday, 27-Nov 00:54:34	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF