PDA

View Full Version : open source



XstormX
2008-07-23, 00:21
why dont you guys makes spybot s&d open source.
then maybe we the users could devolop some tools that might help your crappy detection rates (cos they are crappy) i'm sorry to say this the biggest malware fighting site just degreaded spybot search and destroy from 4 eyes to 2 where 6 is the best but anyways keep up the good work...

blues
2008-07-23, 11:49
i guess that site also has an online shop:p:

:flame:that site is the worst crap ever:sick:

i wonder what country you are from, you misspell as much as me;)

biggest malware fighting site? :laugh:

drragostea
2008-07-23, 18:37
SaferNetworking is dedicated to fighting malware. I don't think that Spybot-Search&Destroy is a open source anyways.

Spybot-SD does not detect virus as it does detect malware, spybot, bots, worms, spyware, trojans horses, and some rookits. Spybot targets specific spyware/malware and it does not detect all of them.

Read:How does Spybot-Search&Destory prevent the installation of Malware (http://forums.spybot.info/showthread.php?t=281).
Features of Spybot-SD (http://www.safer-networking.org/en/features/index.html)
How targets are defined in Spybot-SD (http://www.safer-networking.org/en/targetpolicy/index.html).
--
tashi's definition of Open Source (http://forums.spybot.info/showpost.php?p=1114&postcount=2).

XstormX
2008-07-24, 03:20
well the biggest malware fighting site in my country

drragostea
2008-07-24, 03:24
Hi.

What is that site you were referring to?

bitman
2008-07-24, 06:03
Open Source means: "Give your code to everyone else". Where's the incentive to do that when you've already developed it?

If what you really want is the ability to extend the detections of Spybot S&D, then the Spybot Team has already setup a framework to allow that. It's called "OpenSBI" and it's covered in the OpenSBI Discussion forum found at the following link.

http://forums.spybot.info/forumdisplay.php?f=50

I'm quite certain Patrick will be very happy to hear any input you might have as you begin to use the framework. Now let's see you put your money where your mouth is.

Bitman

XstormX
2008-07-29, 15:33
what i mean about making the software open source is that then people could help improve the heuristic detection rates etc..
and here is the site http://spywarefri.dk/vaerktoj.htm
and i'll gladly translate what they're saying about s&d if anyone wants!

blues
2008-07-29, 16:07
what i mean about making the software open source is that then people could help improve the heuristic detection rates etc..
and here is the site http://spywarefri.dk/vaerktoj.htm
and i'll gladly translate what they're saying about s&d if anyone wants!

i knew that you ment THAT site.

i have made some posts about that site here on the forums.

they havent tested spybot 1.6 yet either, and i rarely visit that site anymore because of some of the strange opinions they have.

here is the test, it is translated with google from danish to english:

Spybot is nytestet here in March 2008, and it was something of a surprise, unfortunately, to the negative side.

Konklussionen is that as Spybot is now so it is not worth very much. The ability to remove spyware and other dirt is below the average of what to expect. The protection of the computer is worthless. All suser equal.

The installation took place without any problems, and the update was also smoothly. Realtime-protection by TeaTimer function, but the database is small and not up-to-date. In our tests was not been updated since July 2007. It is an exaggeration of call this true real-time protection. All suses as previously mentioned right into the machine.

During tests on a tilsnavset machine went Spybot halt, or even getting the computer to go into the blue (blue screen). Now it must be said that the computer was sovset to with all kinds of spyware, adware, trojaner, rootkits and other "good". It could Spybot not clear.

Since the machine was only subsequently tilsnavset with spyware and adware, were the better but not good enough. In some cases, the restart to remove dirt, and only half of the cases, it could be removed completely.

A few years ago, the Spybot antispyware, all may have. Today, we say that Spybot did not have been able to keep up with developments in the field. There are many antispyware products that are significantly better and also freeware products.


and then you can correct the errors that google translate made yourself, because i wont do it.;) i am not danish, but i understand most of what danish people say.

PepiMK
2008-07-29, 16:32
Re: Article: TeaTimer uses a database of more than 300k entries now (and the author of that article probably didn't understand that TeaTimer uses the weekly updated database as well!).

Re: Open Source: Next to help in development, one of the key advantages in open source is quality assurance. See topic II.a. in the license agreement - insight would be allowed for trusted parties for that purpose.

Re: "crapy detection rate" or "improved heuristic detection rates": bitman has linked important information: the editor and other tools to write detection patterns are there, fully (hopefully) documented on the wiki. Personally, I think that the OpenSBI syntax along with documentation and tools and tutorials probably make it much easier for anyone trying to help improving detection rates than the typical badly documented open source.
So, try to bring that to use, and if you find anything lacking, let us know :)

XstormX
2008-08-03, 01:42
but one thing i know is that, that site dont spill sh*t on programs without a really good reason.. so how exactely does your open sbi work? can it make generic detections?

PepiMK
2008-08-05, 00:02
"Generic detections" is quite a vague term, similarly to "heuristics", which can mean quite a lot.

If by generic you think about looking at some malware files, and trying to write a detection that covers future versions of the same malware as well, the answer would be "most likely".
You can never be sure to hit them of course (no one can be), but there are a lot of possible approaches that do offer a good chance.

A very typical generic detection by many antivirus applications would for example be, to say in simplified terms: "detect any application that is less than 64 KB large and imports various wininet.dll functions to access the Internet as a downloader stub", something you could do in OpenSBI by combining filesize<, section[searcharea] and findtext[searcharea].
It usually gets a bit more difficult, but sometimes even easier (e.g. we were able to detect new CLOP variant for months without updating our corresponding detection database by using a CLOP-generic brmd5 parameter).

Btw, that page was updated for the last time in May, OpenSBI is newer than that, so I guess they didn't know about OpenSBI when they wrote their last update :)

As to how exactly it works... well, you look at some type of malware really close, compare many samples if you can get them, try to find a common ground to cover them all with as few detection patterns as possible, and submit that detection :) The OpenSBI system isn't completely finished yet, we're going to make that part easier still.
Compared to open-sourcing the full application, that still means you "just" have to understand the malware really well, without the need to understand software development as well ;)

XstormX
2008-08-07, 18:57
i'm sorry bout calling your detection rates crappy its just that whenever spywarefri says something you better trust it otherwise you could end up with a real headic...
and furthermore thanks alot pepimk for the introduction to openbsi maybe i will be writing detection patterns soon well when i get a infection but still