Jump to content
Anti-Spymaster

How can I tell SAS is working w/o actually dl'ing spyware?

Recommended Posts

So I've been scanning with SAS Free for awhile now, and, thankfully, it's never detected anything on my computer. I keep things pretty clean, don't go to weird websites, and have cookies turned off in Firefox (and don't use IE except for Windows Updates, so all the security is on high, with all cookies blocked on that).

I'm curious to see SAS catch something, but not so much that I want to put test spyware on my computer to do so. But, I'm wondering, with V4.15 now, if I let some cookies get set in Firefox and leave them and then scan, should it detect them?

Thanks!

Share this post


Link to post
Share on other sites

SAS, the vendor, does not provide for testing to see if the SAS program functions properly, unlike every other antimalware-vendor.. SAS does not have detection-rules for properly flagging and handling any test files..

SAS says that if you want to test to see if the program is functioning properly, you should (somehow) manage to find some malware and run it on your computer, and then see how the SAS program handles it..

the problem, there, is that SAS is NOT intended to flag every type of malware, or every malware-sample, like viruses, for example, which, supposedly, are handled by your antivirus program.. so, to test SAS, if you want to test it, first, you need to be prepared to reformat, after running malware-samples on your computer, to test SAS, and, second, you have to, somehow, manage to, one way or another, acquire malware-samples that SAS has detection-rules for..

edited :)

Share this post


Link to post
Share on other sites
SAS, the vendor, does not provide for testing to see if the SAS program functions properly, unlike every other antimalware-vendor.. SAS does not have detection-rules for properly flagging and handling any test files..

SAS says that if you want to test to see if the program is functioning properly, you should (somehow) manage to find some malware and run it on your computer, and then see how the SAS program handles it..

the problem, there, is that SAS is NOT intended to flag every type of malware, or every malware-sample, like viruses, for example, which, supposedly, are handled by your antivirus program.. so, to test SAS, if you want to test it, first, you need to be prepared to reformat, after running malware-samples on your computer, to test SAS, and, second, you have to, somehow, manage to, one way or another, acquire malware-samples that SAS has detection-rules for..

edited :)

Posting something once with a concern is ok - posting it over and over with references to "like every other vendor", etc. is simply not acceptable - one post is sufficient.

You are welcome to phrase it in the form of a question, such as "Is there a sample I can use to see SAS in action without actually infecting a system".

Share this post


Link to post
Share on other sites

We will be creating some test files, rootkits, etc. that users can use to test SUPERAntiSpyware and other products as well. These of course will be non-harmful items :)

Share this post


Link to post
Share on other sites

Thanks. Good to know!

But my first question didn't get answered. I thought I read that V4.51 detects cookies in Firefox? So if I let Firefox set cookies and leave them in there and then run an SAS scan, should it detect them?

And not to get in the middle of a disagreement, but was there an answer to what redwolfe_98 was saying...? If it's true that you don't provide for testing to see if SAS is working correctly, why not? Seems like a valid question -- and I'm just curious... (Sorry if that was answered somewhere else.)

Thanks again! :)

Share this post


Link to post
Share on other sites

sorry.. i missed the part about the cookies.. if you wanted to test to see if SAS flags cookies, you could allow some cookies onto your computer, for testing, without much risk..

i would think that SAS would flag the cookies, but you could test, to see..

to answer your question, SAS has said, in the past, that the reason that they don't flag any test-files is "because SAS is not a HIPS program", but that is a false argument: a program does not have to be a HIPS program in order to flag a test file, the same way that it would flag any other file...

Share this post


Link to post
Share on other sites

Hmmm... Well, I don't know HIPS from ELBOWS, so I'm just assuming SAS is doing what it's supposed to. :)

Speaking of which...

Nick -- I did leave a google cookie in Firefox after closing it and then ran SAS, but it was not detected by the program. Does this mean SAS isn't actually working correctly for me? Or is it only certain types of cookies that it detects? Please let me know -- thanks!

Share this post


Link to post
Share on other sites
I did leave a google cookie in Firefox after closing it and then ran SAS, but it was not detected by the program. Does this mean SAS isn't actually working correctly for me? Or is it only certain types of cookies that it detects? Please let me know -- thanks!

i keep a google-cookie on my computer (among several others, which also are not flagged) and none of the antimalware-programs that i use flag it.. i don't think it is considered to be a "malicious tracking cookie", and that that is why it is not flagged..

so, no, the SAS-program's not flagging a google-cookie doesn't mean that the program isn't working.. if you want to test, you need real "tracking cookies".. :)

p.s. maybe someone else, who uses "firefox", can tell you if SAS flags "tracking cookies", in firefox.. i don't use firefox..

Share this post


Link to post
Share on other sites
Hmmm... Well, I don't know HIPS from ELBOWS, so I'm just assuming SAS is doing what it's supposed to. :)

Speaking of which...

Nick -- I did leave a google cookie in Firefox after closing it and then ran SAS, but it was not detected by the program. Does this mean SAS isn't actually working correctly for me? Or is it only certain types of cookies that it detects? Please let me know -- thanks!

Google cookies aren't flagged - visit any news site or other site with advertising and some tracking cookies should be dropped.

Share this post


Link to post
Share on other sites

Okay, just tried running a quick scan with SAS with cookies from amazon.com and bn.com and digg.com left in Firefox (but Firefox was closed). SAS did not detect anything. Shouldn't it have?

Or does it have to be a complete scan?

Also, can you verify what should/shouldn't be checked in the Scanning Control tab under Preferences in SAS?

Thanks!

Share this post


Link to post
Share on other sites

if you want to get "tracking cookies" you need to turn cookie-blocking off and then surf the internet..

those cookies that you have ("barnes and noble", "amazon", "digg.com") might not be considered "tracking cookies"..

also, if you use "spywareblaster", you might need to remove its cookie-blocking, too..

Share this post


Link to post
Share on other sites

Ah... Well, then... Can Nick or you or someone suggest a safe website that does set tracking cookies so I can test this...? Nick -- Should those cookies not have been caught like redwolfe_98 was suggesting as a possibility...?

Thanks!

Share this post


Link to post
Share on other sites

I'm not certain about this but as far as I understand SAS will detect tracking cookies in the Firefox version 2 cache but not yet in Firefox version 3.

Share this post


Link to post
Share on other sites
I'm not certain about this but as far as I understand SAS will detect tracking cookies in the Firefox version 2 cache but not yet in Firefox version 3.

That is correct, only version 2 at this time.

Share this post


Link to post
Share on other sites

With the Firefox 3 probably going Gold later this month is tracking cookie detection by SAS a feature that will be added in the near future? Or is it a way off yet?

Share this post


Link to post
Share on other sites
With the Firefox 3 probably going Gold later this month is tracking cookie detection by SAS a feature that will be added in the near future? Or is it a way off yet?

We are on top of it :)

Share this post


Link to post
Share on other sites
I'm not certain about this but as far as I understand SAS will detect tracking cookies in the Firefox version 2 cache but not yet in Firefox version 3.

That is correct, only version 2 at this time.

Nick -- I'm hoping you can still answer my questions? :)

I have Firefox 2.0.0.14. I let cookies get set (and remain in Firefox after closing) for "barnes and noble", "amazon", "digg.com". I then closed Firefox and ran SAS quick scan. SAS did not detect these cookies when I ran a quick scan.

Should SAS have detected them in a quick scan? Or does it have to be a complete system scan? (Though I don't see why that would be...)

If not, can you suggest a safe site that I can go to and let set tracking cookies so I can test that SAS is indeed detecting something/anything like it should be?

If it should have detected them, then can you tell me why it didn't and what this means in regards to SAS working properly on my system.

Looking forward to hearing back. Thanks!

Share this post


Link to post
Share on other sites

I also use Firefox 2.0.0.14. and running a quick scan detects tracking cookies ok.

A safe site where you will pick up a few tracking cookies is here http://www.guru3d.com/

The cookies are mainly kontera.com and serving-sys.com from that site. It's actually a good site and I suppose they need the revenue from advertising to keep going.

Share this post


Link to post
Share on other sites
I also use Firefox 2.0.0.14. and running a quick scan detects tracking cookies ok.

A safe site where you will pick up a few tracking cookies is here http://www.guru3d.com/

The cookies are mainly kontera.com and serving-sys.com from that site. It's actually a good site and I suppose they need the revenue from advertising to keep going.

Thanks! I'll give that a shot and post back.

Share this post


Link to post
Share on other sites

Okay, it seemed to work. SAS detected the cookies. But I didn't bother to quarantine them -- I just chose "cancel" and then removed them in Firefox and reset my "don't allow cookies" and also turned my AdBlock Plus back on (which was keeping the cookies from getting set as well).

Share this post


Link to post
Share on other sites

I'm pleased you have found that it works ok.

When you say you set Firefox to not allow cookies do you mean all cookies or just 3rd party ones.

If you mean all cookies I personally can't see a reason for doing that as a lot of cookies are useful. For instance if I want to visit this forum and post or see which posts have been made since I last visited I want to be logged in automatically not have to bother typing my usernsme and password. The cookie from this site means that I can do just that.

The programme CCleaner is a great help in managing cookies, allowing you to keep those that are useful and deleting the rest.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×