Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#245609 - 06/01/2005 19:28 Test subjects needed
Cybjorg
addict

Registered: 23/12/2002
Posts: 652
Loc: Winston Salem, NC
As soon as one of you guys (read guinea pigs) test out the new Microsoft Windows AntiSpyware, let me know.

Top
#245610 - 06/01/2005 19:35 Re: Test subjects needed [Re: Cybjorg]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
I love that Microsoft decides to prevent these attacks by adding more heavyweight software that looks for attacks rather than by fixing the problems that allow these attacks to occur in the first place.

It's kind of like installing a motion-sensitive flamethrower at the front of your house instead of a door.
_________________________
Bitt Faulk

Top
#245611 - 06/01/2005 19:44 Re: Test subjects needed [Re: wfaulk]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Well, I can't fault them much in this case, and releasing their own tool is a step in the right direction. Anti virus vendors are being very slow at adding spyware features to their products, leaving consumers in the cold.

And even if Microsoft did magicially fix every hole in Windows/Office tomorrow, it still wouldn't remove the spyware. In fact, many holes were closed in Service Pack 2 for XP, but so many people are refusing to upgrade to it. As best I can tell, 90% of the complaints against SP2 come from spyware infested machines, and the SP2 installer blows up when trying to patch holes that were exploited.

While Microsoft isn't my most favorite company in the world, I'm not going to bash them for their attempts at doing things right.

Top
#245612 - 06/01/2005 19:46 Re: Test subjects needed [Re: wfaulk]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
Quote:
It's kind of like installing a motion-sensitive flamethrower at the front of your house instead of a door.
Point well made, but there is a minor flaw in your analogy: I'm sure there are many geeks who would prefer the first solution simply because it's so much cooler!
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#245613 - 06/01/2005 19:55 Re: Test subjects needed [Re: wfaulk]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
I believe that the software was actually acquired by MS within the last few months. Yup, Giant Antispyware. I've heard good things about it, especially since it does active checking for spyware.
_________________________
Matt

Top
#245614 - 06/01/2005 19:56 Re: Test subjects needed [Re: drakino]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
I don't know. I suppose it's a step that's somewhat forward, but it's mostly sideways. Now you've just created a new set of security holes to find, really. It's sort of like going tothe doctor and telling him that "it hurts when I do this" and he responds with "don't do that". Sure, it's an effective solution, but it's far from optimal; it just avoids the problem instead of fixes it; it just remedies the symptoms, not the disease. (Would you like me to find another way to put it?)

Of course, the problem is that MS's security holes result from the lack of (or poor) design put into Windows, et al., not just bugs, which makes fixing them remarkably harder.

On the other hand, you're right. MS is to be commended, if only slightly, for attempting to do something to solve the problem. At the same time, if it was your car, and the problem was that people were taking it for joyrides, the manufacturer releasing a solution that tried to determine who was an appropriate driver or not by pattern recognition wouldn't be met nearly as well as if he provided you a lock.


Edited by wfaulk (06/01/2005 20:00)
_________________________
Bitt Faulk

Top
#245615 - 06/01/2005 19:57 Re: Test subjects needed [Re: drakino]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Quote:
and releasing their own tool is a step in the right direction.

From what I'm reading, this isn't really "their own tool". It's a tool from a former smaller anti-spyware company that they recently gobbled up.

I guess that technically makes it "their tool", but (to give another analogy) it seems akin to Ford building defective cars, and then mailing an aftermarket manufacturer's corrective part to every owner, with a Ford sticker covering up the aftermarket logo.
_________________________
Tony Fabris

Top
#245616 - 06/01/2005 19:59 Re: Test subjects needed [Re: drakino]
oliver
addict

Registered: 02/04/2002
Posts: 691
Quote:
I can't fault them much in this case, and releasing their own tool is a step in the right direction.


Well, it's not exactly "their" tool. They just purchased the Giant AntiSpyware company, and repackaged their software with a Microsoft logo.

Edit: DOH!, i type too slowly to beat the robot


Edited by oliver (06/01/2005 20:01)
_________________________
Oliver mk1 30gb: 129 | mk2a 30gb: 040104126

Top
#245617 - 06/01/2005 20:54 Re: Test subjects needed [Re: oliver]
SE_Sport_Driver
carpal tunnel

Registered: 05/01/2001
Posts: 4903
Loc: Detroit, MI USA
DiGNAN gets the pebble this time.
_________________________
Brad B.

Top
#245618 - 06/01/2005 20:57 Re: Test subjects needed [Re: wfaulk]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
Quote:
it just avoids the problem instead of fixes it; it just remedies the symptoms, not the disease.


This is an interesting point of discussion. Anti-spyware tools really do help people, but not nearly as much as fixing the root causes would. Still, even Windows had never occured and all the world surfed exclusively with Firefox on Linux, you'd still have people creating spyware ("just download and run this great tool"). The only real solution is to lock down user permissions to install software, which you can do with Windows XP, Linux, or whatever else. That has its own issues.

Quote:
MS is to be commended, if only slightly, for attempting to do something to solve the problem.


Anti-spyware and anti-virus tools are really just automated sysadms who clean up the garbage left in a system by spyware and such. I'd lump these tools into the "remote administration" camp. Clearly, this is the next big thing for ISPs -- remotely helping newbie users maintain their machines (and charging monthly service fees for the privilege).

Top
#245619 - 06/01/2005 21:04 Re: Test subjects needed [Re: DWallach]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Well, there's no good solution to undereducated and/or stupid users. But that's not the real problem. The problem is that people can simply view a web page, something that's almost totally passive, and unknowingly get huge amounts of software installed on their computer. (It can even happen without browsing; there are enough out there that directly attack the OS.) That's something that's a technical fault, not an education one. I suppose we could educate users to not use IE at all or Windows at all, but that just falls back to "then don't do that".
_________________________
Bitt Faulk

Top
#245620 - 06/01/2005 22:10 Re: Test subjects needed [Re: wfaulk]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
Hopefully, with the measurable rise in FIrefox usage, Microsoft has gotten some talented people working on IE bug fixes and such. No idea how long it would take to get another release out the door, but I'd bet we see IE 7.0 before we see Windows Longhorn.

Top
#245621 - 06/01/2005 22:30 Re: Test subjects needed [Re: Cybjorg]
shadow45
member

Registered: 19/03/2002
Posts: 144
Loc: Florida, USA
MS really [censored] the world on the spyware thing. We thought viruses were bad, well- spyware plays on the weakest link in the chain.. the unknowing click-happy user.

Most of the spyware is there because of ActiveX which brings the offending program as close as one click from being installed (WITH control-provided embedded text! thanks MS!). Throw in infinite javascript loops on a web page, and you've got yourself a trapped Windows user who without knowing the implications might just click Ok to get rid of it.

and they want to charge money for spyware removal software?

Things are changing with SP2 but it's years late and half-assed like everything else they do.

MS is the devil!

(supports a large Windows network, can't you tell)
_________________________
::: shadow45

Top
#245622 - 06/01/2005 22:31 Re: Test subjects needed [Re: DWallach]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Yeah, but, as I said, it's not all IE holes. I think XP SP2 closed a lot of the holes in the base OS, but there are bound to still be some there. And the state before SP2 was horrendous. I myself accidentally connected directly to the internet with XP SP1 via an analog modem and acquired a huge number of malwares within an hour without once using IE. That just smacks of total disregard of security in the initial design.
_________________________
Bitt Faulk

Top
#245623 - 06/01/2005 23:07 Re: Test subjects needed [Re: Cybjorg]
g_attrill
old hand

Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
I downloaded this program this evening. I ran it on the "full" but not "deep" scan.

Amongst finding several reasonable "adware" programmes installed with shareware it found the following false positives which I double checked myself:

1) "webHancer (Spyware) Severe". This was "sporder.dll" which seems to be part of Winsock2 and innocous. It recommended to remove the file.

2) "IPScan (Trojan Downloader) Severe". This was "ServUDaemon.exe", part of a legit install of FTP Serv-U. It recommended to remove the file.

3) "Little Witch FTP Server (Trojan FTP) High". This was an old copy of "explorer.exe" that I copied into the root of my c: drive for some reason. It recommended to remove the file.

4) Plus it picket up TightVNC, WinPcap and some other stuff but recommended to ignore.

Spybot and AdAware have never produced such false positives on any system I've tried.

Gareth

Top
#245624 - 07/01/2005 02:38 Re: Test subjects needed [Re: wfaulk]
shadow45
member

Registered: 19/03/2002
Posts: 144
Loc: Florida, USA
exactly, this is *years* after the Trustworthy Computing Initiative started.. makes you wonder what they define as trustworthy.

Moreso I think SP2 is kind of like recompiling with Electric Fence or something. from what I understand, they put in stack guarding type code to prevent buffer overruns. that's why it's a huge install (it's every file in the OS nearly, recompiled) and it runs slightly slower.

proper auditing of their product years ago could have saved the world a lot of hassle. So, now they're building walls (treating the symptom) around the real problem, all the while poking at the media and dropping quotes about the hundreds of millions being spent in the interest of security, for their customers..

Spybot is the best anyways, and it's free. it's just a very very tough beast to automate with automation tools..

MS has no where to go but down at this point
_________________________
::: shadow45

Top
#245625 - 07/01/2005 12:24 Re: Test subjects needed [Re: g_attrill]
Cybjorg
addict

Registered: 23/12/2002
Posts: 652
Loc: Winston Salem, NC
That's what I was afraid of. I saw a screenshot of the program in action where it had (mis)identified Messenger Plus! as a spyware threat.

Top