August 9th, 2006, 03:03 PM
The Spycar Project
For those of you, who are interested to see if the Antispyware Application you use, is working...
What is Spycar?
Spycar is a suite of tools designed to mimic spyware-like behavior, but in a benign form. Intelguardians created Spycar so anyone could test the behavior-based defenses of an anti-spyware tool. Spycar runs only on Windows, the same platform most targeted by spyware developers.
Why did you create Spycar?
Many anti-spyware tools put all of their eggs in the signature basket. That is, the vendor detects spyware by including thousands of signatures looking for specific sequences of bits on your hard drive or in memory. Behavior-based detection, another approach, lets anti-spyware stop malicious software based on its actions, not a specific set of signatures. We wanted to see how anti-spyware tools could cope with new spyware for which they didnít have a signature. In our own laboratory, we tested a bunch of enterprise anti-spyware tools, and found that their behavior-based defenses were seriously lacking. As long as no signature has been defined for a given piece of spyware, a lot of anti-spyware tools offer virtually no protection. We wanted to give you a chance to evaluate your own anti-spyware tool, so we released Spycar.
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
August 9th, 2006, 03:24 PM
"Everything should be made as simple as possible, but not simpler."
- Albert Einstein
August 9th, 2006, 05:45 PM
nihil is not going to like this. Ewido failed miserably against the spycar tests.
//me going to the internet looking for a new freebie anti-spyware.
August 9th, 2006, 07:44 PM
Good link Dalek I bookmarked it.
August 9th, 2006, 11:22 PM
Just curious anything hold up against this yet (spycar)?
August 10th, 2006, 12:48 AM
Well, I just put Windows Defender on and ran SpyCar against it. Yes, it does what it is supposed to do. It holds the activity until you get a chance to approve or disapprove it. The trick is testing the IE stuff. I'm having problems since the Black Tuesday patch getting IE to go anywhere reliably. I may have to get the IE7 beta.
August 10th, 2006, 06:35 PM
thanks rapier57, i'll try that
August 10th, 2006, 07:14 PM
Hi Rapier57 ,
I haven't tested them all yet. Ewido killed the first two...........try this:
Winpooch is a free, open source application...............it nailed the second two
I will test the rest later. Please remember that you need to have the interactive EWIDO running...........it is an orange icon in the system tray. Once the trial is over, EWIDO reverts to an on demand scanner only.
So far nothing has got through to WinPatrol, RegistryProt, SpyDefense, Spyware Blaster etc.
I will report the full results later.............got to go to my cactus society meeting
August 10th, 2006, 11:02 PM
OK, I tried to run them all.
EWIDO is "aware" of Spycar, and reports it as "not a virus".............it prevented the tests running, with the exceptions of the ones you had to create a test profile for, and those were killed by WinPooch.
EWIDO stuck the tests into quarantine, and Spycar did not even know that I had run them It did detect that WinPooch had blocked the 4 it dealt with.
Nothing got through.........................