eEye Digital Security

So after upgrading to 3.1 Final - I then downloaded updates. It does seem everytime I have reloaded the software there is no AV info in the install and everytime I have imediately done the first online update it will grab aproximately 12mb or so of AV data...

Now for the more disturbing issue and I am not sure why this happened and hopefully Eeye staff will respond and clue me in...

So after running the initial update - I ran a malware scan... It ran for I believe about an hour and a half (full scan) and then reported no malware etc found.

So just for grins I decided to update my Spybot Search and Destroy - Recentaly they had a huge update and this was when it wanted to download and apply the large mulitple file update.

I downloaded all the updates and it applied them - I then Imunized and there were over 15,000 new imunizations in this update a huge update for them and I then imunized against these.

So now fully updated and imunized I ran Spybot and got the following:

As you can imagine this worries me that all this "malware" was still resident in the system and I had to run this scan with another program to discover it..

These are all not good well know problems.... why would BLINK not pick up on this?

Brent, please see my June 30 post in General Discussion.

After I made the post, I downloaded and installed the new 2007 AdAware. I updated it and ran it on my desktop. It found 226 items, but none were "critical" items. All were tracking cookies. As I said on June 30, apparently Blink still makes the distinction between true malware (spyware and trojans) and adware (tracking cookies, etc.)

Regards,

Dennis

Addendum: I believe the older versions of AdAware listed tracking cookies as "critical." Version 2007 doesn't. 2007 makes more sense.

Tracking cookies are not malware.  They track your usage habits, but do not affect your security.  End of story.

You can tell your browser to delete your cookies after every session, then you don't have to worry about them.

 

Pretty sure not all of those are tracking cookies..

Why don't you open all the entries and have a closer look? To me it all seems like tracking cookies.

Art 

Microsoft.firewall.bypass etc etc - that sure does not look like a cookie... thou it could be something that is not a problem but I do not like things that are called bypass....

 And the answer to if BLINK deals with tracking cookies that could be bad at any level comes up once again..

Yes, anything that has "bypass" in it does not look good. I googled "microsoft.firewall.bypass" and it turned out just one result. Maybe reading it will help you:

http://forums.spybot.info/showthread.php?t=13293

Art

Looks like spy bot is using "oh no look what we found aren't you glad we saved you" as a way to give the user a safe fuzzy feeling. Blink didn't bother since there is nothing to bother you with as many others have said. Slowly but surely those that study and ask question will come to realize what is bad and what is hype. Shame on those who spread disinformation and hype. Google Malware and you'll learn a lot. Google anything and you'll learn a lot. Like all those bright red "warning, danger Will Robinson" entries that spy bot saved you from. ok then carry on.

Malware is slang for malicious software. Malware is software designed specifically to disrupt a computer system. A trojan horse , worm or a virus could be classified as Malware. Some advertising software can be malicious in that it can try to re-install itself after you remove it.
www.geekpatroloncall.com/spyware.html

Well as far as I am concerned any tracker is as malware as true malware..

I much rather be made aware of all semi malicious or malicious issues - I have no issues with having to run 2 programs to clean up the computer It is just a good thing to know that BLINK does not do this type of scan.

I also understand the fact that most Scanners these days do offer up items just to make us all warm and fuzzy - But that being said I do not really want tracking cookies that are known issues....

For the last time on these forums cookies are text files. They can't do anything malicious. your firewall bypass warning probably happened when you changed something yourself. That warning is self inflicted 99% of the time. What its telling you is that Windows security center is no longer monitoring something, probably your firewall. You can fix it by going in the control panel under security and fix it there. Maybe you had a firewall from a third party and removed it and now Spybot says something changed when in fact it did. Its not a big worry. Go to control panel click security center and change it there.

Everything you spybot scan showed were cookies. Every single one. But Spybot saved you....LOL Or so they want you to believe.

One more thing before I end this. To all you folks using Spybot you need to know a few things. The guy putting this program out for the love of his girlfriend named Patrick something or other has started delisting some threats Spybot used to delete. This guys heart was in the right place when he started, all he asked for in return was donations to keep it alive. When donations petered out he probably was paid to delist some threats. He's also been drug through the courts which to my understanding he paid for but may have had some help along the way. Hey the guy has to make a living like everyone else. Adaware also has delisted lots of things they no longer will detect and so has Windows Defender. In fact alot of these programs have done it. Hopefully things will get better. Thats what makes Blink so great. They are not blocking a specific vendor or ad company they are blocking malicious activity period. Thats why some of your legit programs you may need to create a rule to allow them access. The more I discover about Blink the better it becomes.

Cheers.

I guess the words relax and take a deep breath come to mind...

I understand you wishing to be very specific as to Malware vs. Malicious vs. tracking cookie etc... the reason I brought this up mainly was to show how it worked for me and since many still run Spybot and Adaware etc it will be a know topic sooner than later...

The fact you bring up the other points about the person who put together Spybot is disconcerting... doy ou have some backup on that to share so we can see some of the info other than just one persons word on it... Not that I do not believe it becase money runs the world - but if that is true and as it seems Spybot and adaware style programs are on the way out so BLINK and programs like this can truly protect us - it is worth backing it up for people to know and understand..

 On the other BYPASS note - I had never recieved that message until I installed BLINK so there is quite a good possibility that it was caused by the BLINK firewall protocals and thus would the removel of it with spybot alter or defeat something good BLINK is trying to do?

Brent,

The news about Spybot was in the news a couple years back when all the malware and malicious ad companies went on a sueing spree because they were being unfairly targeted by the anti-spyware vendors. I first heard about it through The Langa List newsletter put out by Fred Langa. It was also a story on www.cnet.com and a few other tech news sites. Even Adaware and Windows Defender have delisted various adware and spyware (not viruses and trojans, theres a difference).

I don't believe that they were unleashing trojans and viruses on people just adware they all seemed to be delisting for awhile. I should have been more specific in my post and I do apologize for my lack of brevity. It was one of those days. Actually a friend of mine knows Patrick Kolla and I think Fred Langa knows him as well. A very cool guy I've been told. M$ delisted claria for awhile while Adaware was delisting various things on a regular basis. Researchers find these thing out.

In the early days Steve Gibson ( www.grc.com ) was very fond of Adaware. Adaware came about when Steve Gibson first wrote his opt-out program and from there adaware picked up and moved forward. But now they've fallen from grace in his eyes for that same reason. He also liked Zonealarm and used to reccommend it but no longer does so. If you listen to Steve and Leo Laporte's Security Now podcast they've talked about all this but I don't remember which podcast exactly because theres almost 100 of them now. Security Now podcasts are at www.twit.tv  and www.grc.com/securitynow  by the way the one with eEye Security's co-founder Marc Maiffret is #91 if you haven't heard it. It is interesting!

 Also I remember right around 2002 or 2003 Adaware was almost sued out of existence but they managed to survive. I'm sure if you Google some of this stuff its still out there on the net. Ars Technica is another place you may find this info as well as technorati. I hope Spybot is on the up and up again but when he started detecting cookies that was about all I could take. I moved on so to speak.

Ok on the bypass note. I used to have Zonealarm and got fed up with it and tried something else. My Windows firewall was disabled so when I uninstalled Zonealarm I was getting the bypass message in Spybot, it really is only telling you your firewall setting has been changed. Usually to off or not being monitored. I'm sure some spyware could do that but from my experience its usually something the user did and easily fixed by going to the security center in the control panel.

By the way grab a coffe or something this is gonna be a long post if you want the facts.

Lets go back in time a few years to a little company called "Giant software". They had a great product called Giant Anti-spy I think was the name. Microsoft bought them and it became Microsoft Anti-Spy which eventually became Windows Defender. Microsoft bought them so they could get all their adware and spyware they were using delisted from the product and put it out under the Microsoft brand. Windows Defender won't detect anything Microsoft does but will hit all the competition.

Lets go back a few years again to a product called "Pest Patrol". Another fantastic product absorbed by Yahoo. And what is Yahoo? Another advertising company. And why did Yahoo buy them? To get their adware and spyware beacons and whatever else they use for marketing purposes delisted. Yahoo's pest patrol or spyware toolbar or whatever they call it these days will not detect anything Yahoo does but again will nail the competition.

My friend the list goes on and on and on and on. This stuff is my hobby and I persue this type of information relentlessly with a passion. I just find it very interesting to learn about all this stuff it facinates me to no end. I have no reason to make it up.

I'll give you a list of products that in my opinion are useless. I will not use them and I will tell why for each one. They are in no particular order just as they come to mind and it will probably not be complete either.

Adaware -  I first went off Adaware a couple years back when they just vanished. There were no updates and no info at their site. They also shut down their forums a few times so as not to deal with the backlash from users. They were very inconsistent and very unreliable. Then they came back rejuvenated and won back some old users and attracted new users. Vanished yet again. There were no updates for weeks and months at a time. Then came the lawsuits that almost put them under. Then they started delisting some things they used to flag as adware and spyware. Enough was enough for me.

Windows Defender - Useless as far as I'm concerned. I had this for 2 maybe 3 years and in all that time it never found anything when other programs had found issues. One time WD found something called Glacier on one of my PC's and I couldn't find one thing on the net about it and none of my other programs reported it either. It also sent my boot time through the roof and shut down time as well. That was it for Defender. With Blink as my sole security app I'm booted in about 90 seconds as opposed to 4 or 5 minutes with all the other stuff I used to run. I like that!

Spybot S&D - A few years back it was like Adaware in the reliability department. Weeks and months with no updates and no word on what was happening. This was a time when he was being drug through the courts as well. But he pulled through. What really put me off Spybot was when it started reporting cookies. I don't need to sit through a 20 or 30 minute scan to find out what cookies are on my computer. I can do that in seconds myself. Sorry time to move on.

Spy Defence - Crap absolute crap. Everestlabs put this jewel out and it just vanished as well. All it ever found was a few cookies as well.

AVG Anti-spyware - Again don't make me sit through a 45 minute scan to show me my cookies.

Zonealarm - It has really lost focus on what it originally did which was to firewall a system. Its become a resource hog be all end all do everything under the sun massive overbloated pig to put it bluntly. It turned most of my PC's into frozen molasses on a January afternoon. If you just use the free version which is still the full version but crippled. The free version is not to bad as a firewall but everything else about it is crap.

Yahoo Anti-spy - It was good when it was Pest Patrol. I just don't trust them anymore. I don't trust Yahoo basically for all or most of the reasons mentioned elsewhere in this post.

Anyway that's enough its getting to late here where I am. The bottom line is use whatever you like. If your PC is running fine and theres no problems by all means use whatever makes your boat float. These are my opinions only as you wanted me to share them so that's all I'm doing.

I'm not a Blink fanboy by any means. If I find cookies in their scans Blink will be history as well. To me when software makes me wait for 30 or 40 minutes and reports what cookies or MRU's are on my computer, that is a huge insult to my intelligence. As I mentioned eslewhere the anti-malware vendors have turned everything we do into a threat of some kind. Its ridiculous and ludicrous and we should hold them accountable and demand higher standards. Right now I'm getting that from Blink. They are not insulting me by detecting all these crazy things and perceived threats about cookies and MRU's and my web cache and all the monsters hiding there. I think you get my drift by now. Your best protection is your own brain. No software can protect you from you. You are your own worst threat and also your own best solution.

And I am getting very tired. I hope this answers your questions.

Cheers!

Wow, thanks for sharing this with us, mate. I'm going to nuke the Windows Defender on my portable as it is booting really sloooooooow now.

All the best,

Art 

Very interesting --  informative as well. Even as a naive user I stopped using (and paying for)  Zone Alarm because it didn't seem to anything for me. But I always felt I was skating on thin ice without it. Ditto for Spybot. Thanks for the reassuring information.

While Blink sometimes uses 2-40 percent of my CPU, I think  its intrusion prevention technologies are better than cleaning up after the fact -- even assuming that an infestation can assuredly be cleaned up.