Wednesday, February 07, 2007

Ad-Aware false positives are get ridiculous


Dealing with Adware, Spyware and Malware is part of the job if you work in IT. There are various free utilities available to deal with the problem. Ad-aware is one of the many I personally use and recommend. Recently in what I can only describe as desperation to strum up more business, Lavasoft has recently been including detection of various non-malicious utilities as CRITICAL OBJECTS that need to be removed. This is blatantly irresponsible. Forget the fact that they continue to include non-malicious cookies as critical objects as well. They are now needlessly panicking many users who have completely clean machines with these false positives:

Since when did the Magic Jelly Bean Keyfinder defined as "a freeware utility that retrieves your Product Key (cd key) used to install windows from your registry" become a Win32.Generic32.PWS defined as "software that records your keystrokes and passwords, trasmitting them to a remote server". Huh? Did Lavasoft start hiring amateurs to write their definition files?

Since when did the Event ID 4226 Patcher defined as "a utility that removes the 10 half-open connection TCP/IP limit imposed by Windows XP SP2" become a Win32.Hacktool.Tool.EVID defined as "a tool that allows to change the amount of simultanious half-open connections allowed by XP. Could potentially harm the system and even result in boot failure". Harm the system and Boot failure? Are you kidding me? How does changing this limit prevent Windows XP from booting? How can this utility "Harm your system"? This is beyond ridiculous and is now blatantly irresponsible and dangerous misinformation. I have tried unsuccessfully to report these blatant false positives with no success.

Lavasoft needs to get their act together. I realize they are desperate to sell the unnecessary pro version of their software. But including harmless utilities as dangerous CRITICAL OBJECTS that either are being used to or can cause harm to your system instead of improving their actual detection of harmful malware is disreputable. Especially when competing Anti-Spyware utilities exist for free such as Spybot Search & Destroy, Windows Defender and AVG Anti-Spyware. Though I suspect it has more to do with lack of quality control on their definition files than anything else.

1 comment:

Unknown said...

Yes, today I ran AD-Aware 1.06 SE afer a long time and updating it, and it got hysterical about rmoc3260.dll reporting no less than 43 registry entries connected to this dangerous "win32.backdoor agent"! Luckily, I check the file out with Kasperski and Avast and none of them found anything suspicious in it.