CounterSpy Enterprise vs. Symantec and Trend
Some people are asking us: "Well I already use Symantec (or Trend)
and they now have built-in spyware." How does your product compare?
Instead of stating the obvious, (our spyware database is waaaay
better because we get the definitions from three sources including
Microsoft) let's quote an eWeek article:
"Symantec Client Security 3.0 (www.symantec.com) bundles a full
range of client security software, including anti-virus, desktop
firewall and anti-spyware capabilities. Management tools are
familiar and sound. Unfortunately, deficiencies with the anti-spyware cleaning and blocking routines make it difficult to
recommend this solution for companies battling the spyware
"Trend Micro's OfficeScan 7.0 Client/Server Edition provided
uninspiring spyware cleaning and protection during eWEEK Labs'
tests. Management tools were adequate, but administrators may
find the Web management console confining and unwieldy,
particularly in multiserver deployments." Link to the article:
And if you want to be -really- sure you get the maximum amount
of spyware detected (PC World's latest test showed CounterSpy
getting "Clear Winner" status) grab our 30-day eval and see
for yourself what CounterSpy finds that got left behind by the
"big AV guys"
Sunbelt Refuses To Delist WhenU,
Instead Adjusts Some Threat Levels
WhenU recently came to us, asking to be delisted. After extensive research, we determined that they had, indeed, cleaned up a lot of their practices. However, we will absolutely not be removing them from the database (it is near impossible to get delisted from the CounterSpy database, as a major market of ours is enterprise customers, and they don't look kindly at any types of adware).
We did, however, find that a number of their programs have reasonably acceptable levels of disclosure and are not installed by any nefarious means. For example, their WeatherCast program provides weather alerts, without any advertising popups and has adequate disclosure methods -- and surprisingly, a lot of people seem to actually want these little types of programs. So for those types of applications, we made them a low threat level, with a recommended action of Ignore (Ignore is probably the wrong term - we still detect and present the program to the user, but let the user make the choice to remove the application). This is the same type of rating that we use for programs like WeatherBug.
We are also re-examining the whole "Ignore" choice in the database, and will likely be changing this in the future so as to make it crystal clear to the user that we are not condoning a piece of adware -- rather we are simply giving them a choice in the event that they actually want it on their system.
Note that WhenU Save and SaveNow are both still staying as "Moderate Risk", with a default action of "Quarantine". If you're curious about our findings, you can review our whitepaper on WhenU at:
Leading Spyware Researcher Joins Sunbelt Software
Sunbelt Software is pleased to announce that renowned spyware
researcher, Patrick Jordan, has joined Sunbelt Software as a
Senior Spyware Research Analyst.
Jordan, also known as "webhelper" to the antispyware community,
will provide research expertise to help identify and remove some
of the most difficult spyware strains such as VX2/Transponder
Jordan brings a plethora of technology and research experience
to Sunbelt, having managed and participated in many of the
security forums dedicated to spyware research, detection and
removal, including his own webhelper4u.com site. His experience
in revealing the malicious mechanisms that transponder spyware
uses to propagate itself has been beneficial to the antispyware
community, particularly exposing practices by spyware authors
that develop applications such as CoolWebSearch.
His expert research over the last several years on adware and
spyware provides a firm foundation for accurate and reliable
research testing that ultimately enables Sunbelt to continue to
provide one of the best spyware threat databases in the industry.
"Being a part of a rapidly expanding security software developer
and practicing spyware research is exciting," Jordan said. "There's
definitely a buzz in the industry right now about Sunbelt, and I'm
thrilled to be a part of it."
SANS Top20 Q2 2005 Critical Vulnerability Update
The SANS Institute and experts from the US, UK and Canadian
governments and four private groups have identified the most
critical new Internet security vulnerabilities discovered during
the 2nd quarter of 2005. All organizations that rely on the
Top20 as a list of "critical vulnerabilities" to be found and
eradicated, should immediately verify with their vulnerability
scanner vendor that the critical new vulnerabilities discovered
in April - June as well as those discovered January through
March, are included in their testing procedures and are rated
at the highest level of criticality.
"These critical vulnerabilities are widespread and many of
them are being exploited, right now, in our homes and in our
offices," Alan Paller, SANS' director of research, said in a
statement. "We're publishing this list as a red flag for
individuals as well as IT departments. Too many people are
unaware of these vulnerabilities, or mistakenly believe their
computers are protected."
SANS reports that the 422 new vulnerabilities discovered or
reported this quarter represent an increase of 10.8% from the
first quarter of 2005  and an increase of nearly 20% from
the second quarter of 2004 ' A lot of the hackers are
going after flawed backup software, since the market is mature,
consolidated and well penetrated. Link to SANS:
FYI, The Sunbelt Network Security Inspector (SNSI) is being
continually updated with the SANS Top 20 list when it comes
out. You can get a 30-day eval of SNSI here: