CA's 'Pest Scan' Results Mislead Users 37
FriedDuck writes "After reading E-Weeks' article about CA's ranking of spyware threats I went to their site to check it out and try their free spyware scan. I was stunned. CA reported that my machine is being terrorized by eleven 'pests' including some that are pretty serious (not just tracking cookies.) Unfortunately all of the serious threats were false positives. CA reported that I had a key logger, cracking tool, and various other nasties that all turned out to be common software (e.g. Flash, SourceSafe) that one wouldn't easily mistake for malware. In fact, without exception my system contained none of the registry keys, folders, or binaries that CA itself say should be there. A blatant attempt at scaring people into buying shoddy software." Read on for the details of what was found, and what was actually on the system.
"If it matters, here's what it reported, and what was there on my system:
- System Spy - Key Logger. Mistook MSFT's SourceSafe executable for the keylogger. None of the other registry keys, folders or binaries were present
- Fake CD .99 - Cracking Tool. Mistook the generically-named unins000.exe that InstallShield uses as the Cracking tool. None of the other binaries were present
- Ezula TopText - Adware. Mistook the installation of Flash as the adware. Stupid.
- BonziBuddy - Spyware. Mistook a common library intalled by Borland's CaliberRM (EZSMTP object) as the spyware.
None of the other binaries, folders or keys (of which there are many) were present."
FYI re: AVG Free Edition (Score:5, Informative)
Re:FYI re: AVG Free Edition (Score:2)
http://www.npr.org/programs/asc/archives/asc74/ [npr.org]
Help... file delete (Score:4, Interesting)
http://www.tech-recipes.com/windows_tips778.html [tech-recipes.com]
Isn't there a program out there that will tell you which services or programs are protecting a file?
Davak
Re:Help... file delete (Score:4, Informative)
Use process explorer [sysinternals.com] from Sysinternals. (free download)
If you use the "find handle" function, and enter the filename, or partial filename, it will list the processes that have this file opened. The find dll function is similar, but finds all processes that have loaded the specified DLL. Very handy for spyware that lives in a dll and has loaded itself with rundll.exe...
Its an incredibly useful tool. Its one of the first apps I install after a rebuild.
Re:Help... file delete (Score:3, Informative)
From the scan: (Score:5, Funny)
So, I must lower my security, so you can test my security? Well, I guess that means I win!
Re:From the scan: (Score:1)
Spyware (Score:2)
Doesn't work with Linux... (Score:2)
Flash (Score:2)
I don't know... maybe it just had the wrong name?
Re:Flash (Score:1)
CA=Computer Associates (Score:1, Troll)
Get a book on Associated Press writing style and use it.
Re:CA=Computer Associates (Score:2)
Re:CA=Computer Associates (Score:1)
AC also = Alternating Current
GM also = Genetically Modified
IP = Internet Protocol, Intellectual Property, and hell, around here, even Indecent Proposal
I agree with the parent. It is incumbent on the "editors" to instill some order; the term "editor" entails more than simply accepting or rejecting stories.
Re:CA=Computer Associates (Score:1)
Re:CA=Computer Associates (Score:2)
I see this sort of thing almost every day on Slashdot. When a new protocol or language is discussed, the story does not make clear why this does or does not matter to most readers.
Since this website is identified so closely with Linux users, it doesn't help the outside perception of us as elitists when we don't care to convey knowledge in a way that is clear.
Re:CA=Computer Associates (Score:3)
But, to defend the poster, I would hope that a self-respecting news reading nerd would know CA as one of the 5 largest (by revenue) software vendors in the world, right after Microsoft, Oracle and SAP.
The company is identified as simply "CA" more commonly than as "Computer Associates International". I guess a valid excus
Re:CA=Computer Associates (Score:2)
If Slashdot aspires to be a news blog ("News for Nerds") they should follow proper editorial standards occasionally. The New York Times, Associated Press, LA Times, and numerous other newspapers publish writing style guidelines. Editors at countless newspa
Time to upgrade to the 20th century (Score:3, Interesting)
I'm glad to see that one other devloper on the planet is using source control, but you really need to upgrade. Seriously, not even MS uses VSS anymore---it is the most unstable, feature-scarce, POS source control there is.
May I suggest Subversion [tigris.org]/Tortoise? [tigris.org]
The best part about SVN over VSS is that you don't need to worry about exclusive locks. If one programmer (or yourself) checks out something and makes changes, you can still check out a pristine copy, make changes, and then everyone can check back in (last one in has to do a merge) without worry.
On a dev team of more than one, invariably someone will leave something checked out and then take a vacation. With VSS you're pretty much screwed, but with more advanced source control this is no longer an issue.
You want expensive? (Score:2)
Re:Time to upgrade to the 20th century (Score:1)
Our teams have been frustrated not just by SourceSafe, but all of Microsoft's tools. Each new iteration is more complex, unecessarily interdependent with other MSFT products, and buggy. (SourceSafe's penchant for corrupting the very thing it purports to protect comes to mind.)
Thanks for the links to the other source contro
Unfortunately these tactics are too common (Score:5, Informative)
Unfortunately lots of free/shareware 'anti-spyware' tools generate false postives and do other 'wrong' things to get you to buy the full version. Some only find the malware, but make you pay to clean them out, and some don't work so well and worst are the ones that install thier own spyware and only clean out 'competitors'.
There is a site that tracks and lists quite a few 'rouge' anti-spyware programs:
http://www.spywarewarrior.com/rogue_anti-spyware.
One of the things they advise against is following any google add, seems buying adds on google is very popular with the bad anti-spyware makers.
Personally I just stick with spybot S&D and adaware for most malware and avg for anti-virus.
And the LAST thing I'd ever do is trust some website to scan my computer, no telling what info they are collecting along with the scan to provide 'marketing data' for thier 'bussiness partners'.
Mycroft
Wrong colour :-) (Score:3, Funny)
I think you meant "noir" not "rouge", n'est pas?
Re:Wrong colour :-) (Score:2)
I can sometimes type out of sync hand wise, this usually puts a letters reached by the right hand in front of a letters reached by the left which should instead follow, I usually catch this proofreading, but I guesse my brain recognized rouge as a real word, but not as the WRONG word.
The scarry thing I sometimes do somthing simular verbally and use a simular, but not quite right contextually, word.
Mycroft
Re: Unfortunately these tactics are too common (Score:3, Interesting)
Re: Unfortunately these tactics are too common (Score:2)
Mycroft
oh n0s!!!!11 (Score:1)
oh n0s!!!!11 my m3gahr7z h4v3 b33n st0l3d!!11
False alarms on cookies (Score:2)
While certainly there are a fair number of people who want to be warned about all this, this isn't generally what they are after, and probably shouldn't be detected by default. While for me personally I can tell the difference between what to worry a
Got to love CA (Score:3, Interesting)
This was the first time that I ran across free software that I thought I paid too much money for. It was horible. Since then - I was working for a company that was aquired by CA. Everyone in the Lab I worked for was dying to get out - even went so far as to place bets on who would end up at the bottom of the R&R chart to guarantee a buyout package, rather than leaving CA with nothing.