Jump to content
Adric

Realtime Testing with SPYCAR

Recommended Posts

I've heard good things about SAS and I am trying some tests on the real-time protection to see how well SAS does against certain attacks. The only test I've done so far is with SPYCAR and will try others later. One can read about and download SPYCAR at

http://www.spycar.org/Welcome%20to%20Spycar.html

I was somewhat surprised that SAS only stopped the IE-SetHomePage test.

Is SPYCAR an unfair test for SAS?

Does SAS not monitor/stop registry entries that are often changed by malware programs?

Spycar Scoring for SuperAntiSpyware (1 of 17 blocked)

HKCU_Run : Spycar change allowed

HKCU_RunOnce : Spycar change allowed

HKCU_RunOnceEx : Spycar change allowed

HKLM_Run : Spycar change allowed

HKLM_RunOnce : Spycar change blocked (My Avir stopped the exe from running)

HKLM_RunOnceEx : Spycar change blocked (My Avir stopped the exe from running)

IE-HomePageLock : Spycar change allowed

IE-KillAdvancedTab : Spycar change allowed

IE-KillConnectionsTab : Spycar change allowed

IE-KillContentTab : Spycar change allowed

IE-KillGeneralTab : Spycar change allowed

IE-KillPrivacyTab : Spycar change allowed

IE-KillProgramsTab : Spycar change allowed

IE-KillSecurityTab : Spycar change allowed

IE-SetHomePage : Spycar change blocked (Stopped by SAS)

IE-SetSearchPage : Spycar change allowed

AlterHostsFile : Spycar change allowed

Thanks, Al

Share this post


Link to post
Share on other sites
I've heard good things about SAS and I am trying some tests on the real-time protection to see how well SAS does against certain attacks. The only test I've done so far is with SPYCAR and will try others later. One can read about and download SPYCAR at

http://www.spycar.org/Welcome%20to%20Spycar.html

I was somewhat surprised that SAS only stopped the IE-SetHomePage test.

Is SPYCAR an unfair test for SAS?

Does SAS not monitor/stop registry entries that are often changed by malware programs?

Spycar Scoring for SuperAntiSpyware (1 of 17 blocked)

HKCU_Run : Spycar change allowed

HKCU_RunOnce : Spycar change allowed

HKCU_RunOnceEx : Spycar change allowed

HKLM_Run : Spycar change allowed

HKLM_RunOnce : Spycar change blocked (My Avir stopped the exe from running)

HKLM_RunOnceEx : Spycar change blocked (My Avir stopped the exe from running)

IE-HomePageLock : Spycar change allowed

IE-KillAdvancedTab : Spycar change allowed

IE-KillConnectionsTab : Spycar change allowed

IE-KillContentTab : Spycar change allowed

IE-KillGeneralTab : Spycar change allowed

IE-KillPrivacyTab : Spycar change allowed

IE-KillProgramsTab : Spycar change allowed

IE-KillSecurityTab : Spycar change allowed

IE-SetHomePage : Spycar change blocked (Stopped by SAS)

IE-SetSearchPage : Spycar change allowed

AlterHostsFile : Spycar change allowed

Thanks, Al

We don't block SpyCar - it's not spyware :)

Share this post


Link to post
Share on other sites

We don't block SpyCar - it's not spyware :)

Does that mean SAS realtime protection is mainly signature based?

I'm not to keen on testing with real spyware, especially if it isn't stopped. Call me chicken :lol:

Al

Share this post


Link to post
Share on other sites

We don't block SpyCar - it's not spyware :)

Does that mean SAS realtime protection is mainly signature based?

I'm not to keen on testing with real spyware, especially if it isn't stopped. Call me chicken :lol:

Al

SUPERAntiSpyware is not mainly signature based - it is designed to block spyware, adware, malware, trojans, etc. that actually are harmful, not test files that don't do anything.

Share this post


Link to post
Share on other sites

We don't block SpyCar - it's not spyware :)

Does that mean SAS realtime protection is mainly signature based?

I'm not to keen on testing with real spyware, especially if it isn't stopped. Call me chicken :lol:

Al

SUPERAntiSpyware is not mainly signature based - it is designed to block spyware, adware, malware, trojans, etc. that actually are harmful, not test files that don't do anything.

Ok, but for consistency sake, SAS should have allowed the IE-SetHomePage to also pass since it's not spyware :)

Al (where is this going to end) Adric :lol:

Share this post


Link to post
Share on other sites
Call me chicken

CHICKEN!!!! :lol:

Or do you not trust PowerShadow to get your *** out of jail :P

Hi fcukdat,

Ganging up on me with Nick are you? :lol:

Yeah, I guess I should take the plunge with PowerShadow. I did run it once as a test with something I downloaded from SeriALL.com, but I felt very uncomfortable doing it on my laptop since I knew the file was crapware. Time to build another machine :)

Al (chicken) Adric

Share this post


Link to post
Share on other sites

We don't block SpyCar - it's not spyware :)

Does that mean SAS realtime protection is mainly signature based?

I'm not to keen on testing with real spyware, especially if it isn't stopped. Call me chicken :lol:

Al

SUPERAntiSpyware is not mainly signature based - it is designed to block spyware, adware, malware, trojans, etc. that actually are harmful, not test files that don't do anything.

Ok, but for consistency sake, SAS should have allowed the IE-SetHomePage to also pass since it's not spyware :)

Al (where is this going to end) Adric :lol:

Actually the Home Page will notify you when the home page is changed at all - did it notify you?

Share this post


Link to post
Share on other sites

Actually the Home Page will notify you when the home page is changed at all - did it notify you?

As per my previous append:

IE-SetHomePage : Spycar change blocked

If your question meant - did SAS notifiy me with a pop-up that the home page was being modified by SPYCAR? - then yes it did.

Al

Share this post


Link to post
Share on other sites

Actually the Home Page will notify you when the home page is changed at all - did it notify you?

As per my previous append:

IE-SetHomePage : Spycar change blocked

If your question meant - did SAS notifiy me with a pop-up that the home page was being modified by SPYCAR? - then yes it did.

Al

Ok, then SAS is doing what it's supposed to in that scenario.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×