ghost16825
Use security metrics
Premium
join:2003-08-26
| reply to eburger68
Re: Sunbelt Adjusts WhenU Detections
said by eburger68  :The trick lies in putting your finger on it without being completely arbitrary in doing so -- that is to say, without resorting to hidden, assumed criteria that are contentious. Eric L. Howes Ah, but that's it. What you're saying is that the difference is only intent. Wouldn't it be much easier to just detect spyware based arbitrarily on the whim of someone at Sunbelt (like yourself), regardless of the installation behaviour, what registry entries are put where, etc?
Sure, it would be a totally unprofessional and a non-transparent process but if dslreports users are any indication, most users might actually be happier with this criteria!!???
Thanks for taking the time to reply to the posts in this thread.
=======Somewhat irrelevant part starts here====
Re: my criteria-based idea - some explanation is needed.
In my opinion any detection policy is based mainly on two things. Firstly, decisions by any Anti-Spyware vendor need to have a clear scope. What should be detected, and what is some other software's problem to fix. I have not researched Sunbelt's scope of detection
I personally would stick with detection of only commercial-offerings or modifications of commercial software. Additionally, this anti-spyware software might contain some limited sandbox functions for common spyware vectors. eg. Software using global hook prompts, BHO install attempt etc. (This would be to cover a very small amount of any non-commerical spyware). Any home grown spyware which didn't use a common technique would not be detected.
The second main influence on a spyware detection policy is assumed knowledge of user. It would seem that most anti-spyware vendors have attempted to make minor setting adjustments based on user knowledge or just assumed no baseline whatsoever. In my opinion this has been a failure. It seems that it is much harder to differentiate between different user levels in the anti-spyware software market. Hence, the reason for my idea of a policy-based detection mechanism and forced user decisions on what the intent of the detected software is. I think this would be more accessible and transparent to everyone, than any industry-created terms for classes of spyware for which every software has a different term for, no matter how clear it may be. I think B may have stated in the past that he/she believed Acrobat Reader and the Google toolbar should be on some 'adware' list in anti-spyware applications. Whatever your opinions on this, it seems likely that we may see cases on the line between 'clear permission' and 'unauthorized or unwanted'. When this occurs I believe a policy-based software based entirely on pure functionality with forced user decisions, regardless of user skill level, will be the only way to deal with this issue.
--
Admin of the Kerio 2x-like open source project:
http://sourceforge.net/projects/kerio/
http://kerio.sourceforge.net/
|
