It actually does a reasonable job at remvoing and preventing some items more generally accepted being pests other than whitepapers on mostly harmless hacking. They juist have a different view what pests are, including documents on making bombs and picking locks. Probably things you don't want on corporate puters if you are a CEO, I guess.
The most interesting part is that you can use it on a netwerk, albeit over netbios. AdAware, CWS shredder and Hijaak This are local tools, aimed at home users. Since many AV-products see pest control as a sideshow, there is a definite niche market for this product. But it could and should be a lot better, technically. Either the av makers will fill the gap - my AV thingie is getting there really fast - or a major player will take over. Unless PestPatrol cleans up their act. ----- Original Message ----- From: "Michal Zalewski" <[EMAIL PROTECTED]> To: "Syed Imran Ali" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, June 12, 2004 4:02 PM Subject: [Full-Disclosure] PestPatrol (was: !! Internet Explorer !!) > On Sat, 12 Jun 2004, Syed Imran Ali wrote: > > > Get Pest Petrol... > > Hmm, I always thought PP is some sort of an elaborate scam ;-) Not relying > on Windows too badly, I never had to use the product, but PP page > frequently comes up when googling for weirdest things. Consider these > "exploits" PP detects and removes: > > http://www.safersite.org/PestInfo/i/ip_addressing.asp > > PestPatrol detects the harmful practice of "IP Addressing"? "In the past > three months, we have received reports of IP addressing in United > States." No kidding? > > http://www.safersite.org/PestInfo/l/lcamtuf_na_export_pl.asp > > PestPatrol detects my (old) site as an "exploit" (?) - and, thank god, > removes it. Note that other security-related pages are not on the list > (and my old page did not really provide any exploit resources to > start with), making this even more difficult to comprehend. > > http://www.safersite.org/pestinfo/e/exploit.asp > > ??? > > Those are just three random examples in the "exploit" category. Plenty of > fairly harmless technical documents and programs that are NOT exploits, > some of them hardly related to security and abuse, are also on the list - > heck, even a whitepaper titled "CIFS Common Insecurities Fail Scrutiny" is > listed. > > All in all, many of the issues PP seems to detect appear to be either > harmless (and hence appear as an attempt to increase signature count), > cryptic, or at best misclassified. Which does not necessarily the product > is bogus, but it does not look too professional either... > > But then maybe it's better when it comes to detecting spyware. > > -- > ------------------------- bash$ :(){ :|:&};: -- > Michal Zalewski * [http://lcamtuf.coredump.cx] > Did you know that clones never use mirrors? > --------------------------- 2004-06-12 15:26 -- > > http://lcamtuf.coredump.cx/photo/current/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
