Crapware and stupidity
Hello,
I am an ASAP fellow (Alliance of Security Analysis Professionals)
RemoveIT Pro (and Pro Enterprise)
You can follow our discussions on :
The card of the product (in French)
http: // assiste.com.free.fr/p/craptheque/removeit_pro.html
The thread if French
http: // assiste.forum.free.fr/viewtopic.php?t=15691
The thread in English à SWI
http: // forums.spywareinfo.com/index.php?showtopic=71045&hl=removeit
And so on...
This is a stupidity using filenames check to locate viruses - false positives / false negatives
“RemoveIT Pro uses filename check to locate viruses” says Damjan Irgolic (InCode Solutions), author of RemoveIT Pro.
It is the only technology of this tool which works with a collection of file names of which, primarily, stupid random names!
Never a file is dangerous by his name ! Thinking so is irresponsible! Only the contents of a file, whose name as no imports, is more or less dangerous or not at all.
That dangerous contents were seen in a file named "thing" at one moment of reason does not allow at any moment to declare that the file "thing" is definitively dangerous: the name of a file is completely without interest and “a fortiori” if it is a random names.
On that page (a meticulous and long analysis of RemoveIT Pro : http: // assiste.com/p/craptheque/removeit_pro.html ) we can see, between other things, a test where 3 files were created empty (0 character) but with 3 names of files in the fingerprints database of RemoveIT Pro.
The tool declare them as dangerous files and suggest to remove them. How can we qualify a software which tells these kinds of ineptitude?
Works trying to make detection by envelopes (appearances of the things) are dangerous and must be stopped. Detection by envelope is a heavy fault. No tool having such intrigues will never be authorized to quote.
This step was already pathetic 15 or 20 years ago whereas one could already make signatures of contents, even summarily with crc16 or 32. Today, even the md5 or sha1 are on the bolster bus as collisions will be probably obtained soon on demand and the successors of these algorithms are under development.
Random names are, by nature, innumerable and unnamable.
The complete analysis of this software is at http: // assiste.com/p/craptheque/removeit_pro.html
Notice that an ask to give me explanations about the technology in the Enterprise version of RemoveIT Pro was scorn (what can I think ? Either it does not exist or he knows that it is not credible).
Assiste.com - Security expert - Asap Admin
Computers security, privacy and Internet dirty tricks
Pierre Pinard
http: // assiste.com
Author: Pierre (aka Terdef) on Sunday, June 24, 2007
Popularity :
Rating :
