Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Competing Unfairly Against Spybot?

Posted by CowboyNeal on from the moving-to-secure-income dept.

frankbaird writes "Symantec has been claiming for months that the anti-spyware program Spybot-Search & Destroy corrupts Norton Ghost images. Spybot has tried to convince them this is a false positive. After having been ignored, and this is the second time Symantec has claimed a false positive against Spybot, the makers of Spybot have gone public. They claim that rather than compete fairly with quality products, Symantec is resorting to libel."

1 of 243 comments (clear)

  1. Spybot S&D Causes Corruption: CONFIRMED by JamesAndrews · · Score: 0, Troll

    I'm very well versed in Norton Ghost, but I have little experience with Spybot S&D. So, I decided to test out the application.

    I assumed that images could be corrupted using 2 means:

    1. Pre-image: Spybot is installed on the Ghost Server PC, deepscans the .GHO image, and makes modifications.
    2. Post-image: Spybot is part of the image, and causes damage after the target PC has been successfully imaged.

    Pre-Image Testing:

    I installed Spybot and quickly checked Spybot's Advanced Settings. In it, I noticed an option to "Ignore File Extensions". *.GHO (Ghost Images) was included in this list, as well as various other extensions (ie, .AEX, .AEP, *.MPEG, *.BAT, *.ICA, etc.)

    After further testing, though, it was revealed that Spybot does _not_ appear to scan compressed files. It should not be possible for Spybot to deepscan .GHO images and make changes leading to corruption. Unless, of course, older versions of the software had the ability to scan compressed files.

    Post-Image Testing:

    Now, what if Spybot is installed as part of the image?

    I installed Spybot S&D on a testbed PC with the intention of the application automatically scanning the harddrive and fixing issues

    using it's default settings (ie, "spybotsd.exe /autocheck /autofix /autoimmunize /autoclose.) Before executing Spybot however, I captured the testbed image and deployed to a new PC (same hardware configuration).

    Upon restart, I was overwhelmed by the amount of legitimate registry entries and required files that Spybot chose to "correct". After Spybot fixed all issues, the Windows OS and our variety of applications were a complete and utter mess. I would officially have to say that Spybot corrupted the system.

    I also contacted technicians from 2 major computer manufacturers. Generally, they had the same things to say about Spybot:

    Q: How familiar are you with Spybot?
    A: Very familiar.

    Q: Have you ever seen any instances where Spybot corrupts the operating system?
    A: Oh yeah.. _all_ the time. Our support team receives customer calls all of the time in regards to Spybot. It can damage system files and in many instances would detect spyware but not actually remove it. I'm not too sure about the most recent version, but all old versions are complete crap.

    (Last time he had used Spybot was about 1 month ago. He had also mentioned something about Spybot "Installing toolbars". Did the software used to have Ad-Popups or something? I also learned that Spybot has caused Winsock damage in many cases.)

    I tried using Spybot manually (rather than automatically scanning and fixing the system), and it seems that Spybot has many false-positives. Of all files detected, Spybot wanted to correct about 30 perfectly legitimate and required files (application dependent). If I was a simple user, I would most likely select ALL entries in this list and delete them without realizing the consequences. Other than those issues, CPU Utilization was pretty high and I tend to have a bad impression (and little respect) for software that is littered with grammatical and spelling errors.

    I could see Symantec using a couple available defenses:

    1. A Complete Defense: Symantec needs to prove that Spybot does indeed cause corruption of Ghost images. An image is considered an exact replica of the harddrive, but does not necessarily mean the pre-packaged/special format snapshot file. This means that Symantec would only need to prove that Spybot can indeed cause damage to software or the OS. Also note that multiple restarts are required which Spybot can interfere with or damage before the full imaging process is completed.

    2. Honest Belief: Symantec would have to prove the facts on which their opinion is based. This was mentioned in a previous post; customers call in with a corrupted image, an