Spycar.org, the brain child of Ed Skoudis, was created as a test of behavioral anti-spyware (AS) engines. The name is a play on EICAR.COM, the industry accepted anti-virus (AV) engine test file. Unlike EICAR.COM, Spycar.org has a long way to go before gaining industry acceptance.
Spycar.org offers programs that perform functions that are common to most spyware/adware programs. Unfortunately, these behaviors are also necessary for many applications and drivers, and are not currently a reliable indication of spyware. To expect a behavioral Anti-Spyware product to outright block Spycar tests is unrealistic.
Spycar constists of static files, and thus signature based detection is quite effective. Unfortunately, this defeats the purpose of the tests.
The proliferation of mutating spyware and rootkits is antiquating signature based detection. Anti-Spyware products that don't beef up their behavioral detections will fall by the wayside. Tenebril applauds Ed's effort in trying to push the Anti-Spyware industry into more behavioral detection methods. When spycar.org can truly emulate some bad behavior, it's sure to gain some industry acceptance.
Tuesday, May 09, 2006
Subscribe to:
Posts (Atom)