Posted by: Cybjorg
Test subjects needed - 06/01/2005 19:28
As soon as one of you guys (read guinea pigs) test out the new Microsoft Windows AntiSpyware, let me know. 
Test subjects needed
Posted by: wfaulk
Re: Test subjects needed - 06/01/2005 19:35
I love that Microsoft decides to prevent these attacks by adding more heavyweight software that looks for attacks rather than by fixing the problems that allow these attacks to occur in the first place.
It's kind of like installing a motion-sensitive flamethrower at the front of your house instead of a door.
It's kind of like installing a motion-sensitive flamethrower at the front of your house instead of a door.
Posted by: drakino
Re: Test subjects needed - 06/01/2005 19:44
Well, I can't fault them much in this case, and releasing their own tool is a step in the right direction. Anti virus vendors are being very slow at adding spyware features to their products, leaving consumers in the cold.
And even if Microsoft did magicially fix every hole in Windows/Office tomorrow, it still wouldn't remove the spyware. In fact, many holes were closed in Service Pack 2 for XP, but so many people are refusing to upgrade to it. As best I can tell, 90% of the complaints against SP2 come from spyware infested machines, and the SP2 installer blows up when trying to patch holes that were exploited.
While Microsoft isn't my most favorite company in the world, I'm not going to bash them for their attempts at doing things right.
And even if Microsoft did magicially fix every hole in Windows/Office tomorrow, it still wouldn't remove the spyware. In fact, many holes were closed in Service Pack 2 for XP, but so many people are refusing to upgrade to it. As best I can tell, 90% of the complaints against SP2 come from spyware infested machines, and the SP2 installer blows up when trying to patch holes that were exploited.
While Microsoft isn't my most favorite company in the world, I'm not going to bash them for their attempts at doing things right.
Posted by: JeffS
Re: Test subjects needed - 06/01/2005 19:46
Quote:Point well made, but there is a minor flaw in your analogy: I'm sure there are many geeks who would prefer the first solution simply because it's so much cooler!
It's kind of like installing a motion-sensitive flamethrower at the front of your house instead of a door.
Posted by: Dignan
Re: Test subjects needed - 06/01/2005 19:55
I believe that the software was actually acquired by MS within the last few months. Yup, Giant Antispyware. I've heard good things about it, especially since it does active checking for spyware.
Posted by: wfaulk
Re: Test subjects needed - 06/01/2005 19:56
I don't know. I suppose it's a step that's somewhat forward, but it's mostly sideways. Now you've just created a new set of security holes to find, really. It's sort of like going tothe doctor and telling him that "it hurts when I do this" and he responds with "don't do that". Sure, it's an effective solution, but it's far from optimal; it just avoids the problem instead of fixes it; it just remedies the symptoms, not the disease. (Would you like me to find another way to put it?)
Of course, the problem is that MS's security holes result from the lack of (or poor) design put into Windows, et al., not just bugs, which makes fixing them remarkably harder.
On the other hand, you're right. MS is to be commended, if only slightly, for attempting to do something to solve the problem. At the same time, if it was your car, and the problem was that people were taking it for joyrides, the manufacturer releasing a solution that tried to determine who was an appropriate driver or not by pattern recognition wouldn't be met nearly as well as if he provided you a lock.
Of course, the problem is that MS's security holes result from the lack of (or poor) design put into Windows, et al., not just bugs, which makes fixing them remarkably harder.
On the other hand, you're right. MS is to be commended, if only slightly, for attempting to do something to solve the problem. At the same time, if it was your car, and the problem was that people were taking it for joyrides, the manufacturer releasing a solution that tried to determine who was an appropriate driver or not by pattern recognition wouldn't be met nearly as well as if he provided you a lock.
Posted by: tfabris
Re: Test subjects needed - 06/01/2005 19:57
Quote:
and releasing their own tool is a step in the right direction.
From what I'm reading, this isn't really "their own tool". It's a tool from a former smaller anti-spyware company that they recently gobbled up.
I guess that technically makes it "their tool", but (to give another analogy) it seems akin to Ford building defective cars, and then mailing an aftermarket manufacturer's corrective part to every owner, with a Ford sticker covering up the aftermarket logo.
Posted by: oliver
Re: Test subjects needed - 06/01/2005 19:59
Quote:
I can't fault them much in this case, and releasing their own tool is a step in the right direction.
Well, it's not exactly "their" tool. They just purchased the Giant AntiSpyware company, and repackaged their software with a Microsoft logo.
Edit: DOH!, i type too slowly to beat the robot
Posted by: SE_Sport_Driver
Re: Test subjects needed - 06/01/2005 20:54
DiGNAN gets the pebble this time.
Posted by: DWallach
Re: Test subjects needed - 06/01/2005 20:57
Quote:
it just avoids the problem instead of fixes it; it just remedies the symptoms, not the disease.
This is an interesting point of discussion. Anti-spyware tools really do help people, but not nearly as much as fixing the root causes would. Still, even Windows had never occured and all the world surfed exclusively with Firefox on Linux, you'd still have people creating spyware ("just download and run this great tool"). The only real solution is to lock down user permissions to install software, which you can do with Windows XP, Linux, or whatever else. That has its own issues.
Quote:
MS is to be commended, if only slightly, for attempting to do something to solve the problem.
Anti-spyware and anti-virus tools are really just automated sysadms who clean up the garbage left in a system by spyware and such. I'd lump these tools into the "remote administration" camp. Clearly, this is the next big thing for ISPs -- remotely helping newbie users maintain their machines (and charging monthly service fees for the privilege).
Posted by: wfaulk
Re: Test subjects needed - 06/01/2005 21:04
Well, there's no good solution to undereducated and/or stupid users. But that's not the real problem. The problem is that people can simply view a web page, something that's almost totally passive, and unknowingly get huge amounts of software installed on their computer. (It can even happen without browsing; there are enough out there that directly attack the OS.) That's something that's a technical fault, not an education one. I suppose we could educate users to not use IE at all or Windows at all, but that just falls back to "then don't do that".
Posted by: DWallach
Re: Test subjects needed - 06/01/2005 22:10
Hopefully, with the measurable rise in FIrefox usage, Microsoft has gotten some talented people working on IE bug fixes and such. No idea how long it would take to get another release out the door, but I'd bet we see IE 7.0 before we see Windows Longhorn.
Posted by: shadow45
Re: Test subjects needed - 06/01/2005 22:30
MS really [censored] the world on the spyware thing. We thought viruses were bad, well- spyware plays on the weakest link in the chain.. the unknowing click-happy user.
Most of the spyware is there because of ActiveX which brings the offending program as close as one click from being installed (WITH control-provided embedded text! thanks MS!). Throw in infinite javascript loops on a web page, and you've got yourself a trapped Windows user who without knowing the implications might just click Ok to get rid of it.
and they want to charge money for spyware removal software?
Things are changing with SP2 but it's years late and half-assed like everything else they do.
MS is the devil!
(supports a large Windows network, can't you tell)
Most of the spyware is there because of ActiveX which brings the offending program as close as one click from being installed (WITH control-provided embedded text! thanks MS!). Throw in infinite javascript loops on a web page, and you've got yourself a trapped Windows user who without knowing the implications might just click Ok to get rid of it.
and they want to charge money for spyware removal software?
Things are changing with SP2 but it's years late and half-assed like everything else they do.
MS is the devil!
(supports a large Windows network, can't you tell)
Posted by: wfaulk
Re: Test subjects needed - 06/01/2005 22:31
Yeah, but, as I said, it's not all IE holes. I think XP SP2 closed a lot of the holes in the base OS, but there are bound to still be some there. And the state before SP2 was horrendous. I myself accidentally connected directly to the internet with XP SP1 via an analog modem and acquired a huge number of malwares within an hour without once using IE. That just smacks of total disregard of security in the initial design.
Posted by: g_attrill
Re: Test subjects needed - 06/01/2005 23:07
I downloaded this program this evening. I ran it on the "full" but not "deep" scan.
Amongst finding several reasonable "adware" programmes installed with shareware it found the following false positives which I double checked myself:
1) "webHancer (Spyware) Severe". This was "sporder.dll" which seems to be part of Winsock2 and innocous. It recommended to remove the file.
2) "IPScan (Trojan Downloader) Severe". This was "ServUDaemon.exe", part of a legit install of FTP Serv-U. It recommended to remove the file.
3) "Little Witch FTP Server (Trojan FTP) High". This was an old copy of "explorer.exe" that I copied into the root of my c: drive for some reason. It recommended to remove the file.
4) Plus it picket up TightVNC, WinPcap and some other stuff but recommended to ignore.
Spybot and AdAware have never produced such false positives on any system I've tried.
Gareth
Amongst finding several reasonable "adware" programmes installed with shareware it found the following false positives which I double checked myself:
1) "webHancer (Spyware) Severe". This was "sporder.dll" which seems to be part of Winsock2 and innocous. It recommended to remove the file.
2) "IPScan (Trojan Downloader) Severe". This was "ServUDaemon.exe", part of a legit install of FTP Serv-U. It recommended to remove the file.
3) "Little Witch FTP Server (Trojan FTP) High". This was an old copy of "explorer.exe" that I copied into the root of my c: drive for some reason. It recommended to remove the file.
4) Plus it picket up TightVNC, WinPcap and some other stuff but recommended to ignore.
Spybot and AdAware have never produced such false positives on any system I've tried.
Gareth
Posted by: shadow45
Re: Test subjects needed - 07/01/2005 02:38
exactly, this is *years* after the Trustworthy Computing Initiative started.. makes you wonder what they define as trustworthy. 
Moreso I think SP2 is kind of like recompiling with Electric Fence or something. from what I understand, they put in stack guarding type code to prevent buffer overruns. that's why it's a huge install (it's every file in the OS nearly, recompiled) and it runs slightly slower.
proper auditing of their product years ago could have saved the world a lot of hassle. So, now they're building walls (treating the symptom) around the real problem, all the while poking at the media and dropping quotes about the hundreds of millions being spent in the interest of security, for their customers..
Spybot is the best anyways, and it's free. it's just a very very tough beast to automate with automation tools..
MS has no where to go but down at this point
Moreso I think SP2 is kind of like recompiling with Electric Fence or something. from what I understand, they put in stack guarding type code to prevent buffer overruns. that's why it's a huge install (it's every file in the OS nearly, recompiled) and it runs slightly slower.
proper auditing of their product years ago could have saved the world a lot of hassle. So, now they're building walls (treating the symptom) around the real problem, all the while poking at the media and dropping quotes about the hundreds of millions being spent in the interest of security, for their customers..
Spybot is the best anyways, and it's free. it's just a very very tough beast to automate with automation tools..
MS has no where to go but down at this point
Posted by: Cybjorg
Re: Test subjects needed - 07/01/2005 12:24
That's what I was afraid of. I saw a screenshot of the program in action where it had (mis)identified Messenger Plus! as a spyware threat.