Sneak Peek At Microsoft Anti-Spyware

Ant writes "Broadband Reports mentions Neowin's sneak peek of Microsoft's upcoming anti-spyware software recently acquired community favorite Giant spyware; Microsoft has code-named their re-hashed version of that software 'Atlanta.' It is currently in an internal beta test. There are screenshots of the application in action."

Sample

[Anonymous Coward]

Warning: Firefox detected! - Internet Hijacker - Automatically deleted for your protection.

Re:Sample

[BottleCup]

Think this funny all you want, but the parent post may have a point there. Perhaps this is another devious way MS is going to try to get ahead of rival products - i.e. by labelling them as Spyware. Some windows users are just silly enough to believe anything MS says.

Re:Sample

[Michael Hunt]

One would hope that if somebody actually took the initiative in installing Firefox, or similar, that they would know that the MS tool is, in fact, lying.

That said, dollars to donuts that nobody who'd install FF or its ilk would pay Microsoft for something they can get for free off Lavasoft/Spybot.

Re:Sample

[NPN_Transistor]

Some people may think Firefox has a virus in it... that happened once when I installed Firefox for someone and for a while they thought it was a virus before they found out that their computer's problems were actually caused by a real virus. If Microsoft lists competing products as spyware, I think a lot of people would think... "What??? I didn't know that was spyware. Oh well, better safe then sorry, better delete it". Unfortunately, people are very easily fooled in this world. Talking about fooled, the spyware program doesn't seem to be a very effective one. They just want to make people think that Windows is secure. E.G. Even though XP includes a firewall, it isn't all that effective, and that's why a lot of people still buy seperate firewalls.I think the same thing will happen with these so-called "anti-spyware tools".

Re:Sample

[Jedi Alec]

If Microsoft lists competing products as spyware, I think a lot of people would think... "What??? I didn't know that was spyware. Oh well, better safe then sorry, better delete it".

Considering their recent track record in the european courts...I almost wish they'd go ahead and try to get away with that one.

Re:Sample

[mrjb]

Problem is getting people to install and use it. My mother in law wouldn't use firefox in a hundred years because some of the websites of the suppliers of her company rely on broken javascript. Needless to say, she blames the browser. Mozilla isn't going to fix this-- because, as they say, it would add bloat and they'd be chasing a moving target. This makes sense, but in the meantime it stops people from switching over.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Sample

[hazem]

That's rubbish. Mozilla implements the standards, all they need to do is follow the standards and Mozilla will support it. No moving target there.

You don't seem to be getting it. Yes, Mozilla adheres to the standards, but there are lots of websites out there that don't. And they all don't necessarily break adherence in the same way.

The problem is not the website creators blaming Mozilla, it's the end user who can't get into the site they want. THEY blame Mozilla.

Mozilla is saying they won't try to im

Re:Sample

[Anonymous Coward]

How is IE a moving target at the moment? If IE stood still much more than it already is the apes will start to worship it as a monolith.

Re:Sample

[Errtu76]

That said, dollars to donuts that nobody who'd install FF or its ilk would pay Microsoft for something they can get for free off Lavasoft/Spybot.

They would, if the tool provided by Microsoft detected everything (and more) that the 2 programs combined detect.

Some say Ad-Aware is better than Spybot. Others claim vice-versa. Only yesterday i first ran Spybot (detected 19 objects correctly) and then Ad-Aware, which still detected 39 objects (that Spybot somehow missed). Other people may tell you the sam

Re:Sample

[has2k1]

That is true to a big extent. Afew months ago I was helping a couple of university students with spyware and viruses and one thing suprised me on some machine.

This girl had acquired a pirated version of Norton 2004 off kazaa or some p2p and I think it was bundled with a crack. To cut the story short, Norton virus scan was detecting the crack file(Norton2004crack.exe) as a viral file. She thought the whole program was a virus since it was detecting "itself" as a virus.

Ofcourse I made a couple of bucks tro

Conflict of interests...

[Gentlewhisper]

Since they are intending to sell this product for.. profit.. does this mean they will have as many security holes as possible in Windoze?

Re:Sample

[Nik13]

Actually, one of the things I noticed about this Giant-Antispyware is the number of false positives. On some systems it found a half dozen of them (things like VNC and such). Also the slowest, high memory usage, and last I tried, cancelling a scan doesn't let you delete what was found on the partial scan.

Most likely they'll charge for this product, whereas it's completely unnecessary if you use firefox and IE and don't install apps like Gator and such.

Re:Sample

[macdaddy357]

Microsoft wasted their money. Pest Patrol, the only one worth paying for, already got gobbled up by Computer Associates. I hope CA doesn't screw it up.

Re:Sample

[Zemran]

Maybe they will simply fix IE so that it does not accept so much rubbish onto the PC and it will appear like this 'new' product is great.

To me it seems like getting a broom to crack a nut. If you use the right tool (read Firefox) in the first place you do not need to sweep up the mess.

Re:Sample

[LO0G]

They already did that with IE - it's call XP SP2.

With XP SP2, modulo security holes, the defaults on downloading code are all NO - the user has to decide that they want the rubbish or not.

After that, it's a question of user education.

SP2 still enables AX by default

[steve_l]

on a clean SP2 build (that is the MSDN WinXP+SP2 all in one install), Prompted ActiveX download is still enabled for the internet zone.

If you turn that off, windows update stops working, as http[s]:*.microsoft.com is in that zone.

I dont call that locking down the browser, To secure IE (even if you only use it for windows update)

1. disable AX download in internet zone

2, edit trusted zone site security to medium. Like you ever need a 'run anything, unprompted' zone.

3. add https:*.microsoft.com and http:*.microsoft.com to the trust zone

4. uncheck the 'require https in trusted zone' switch

the aim is to redefine "trusted" from "total access" to "prompted download active X controls", which is a serious enough undertaking that I dont want to enable it broadly. Only MS sites and spyware vendors seem to use it, after all.

Re:Sample

[__aatgod8309]

Fixing IE would involve such a substantial change to both itself and windows that it won't happen. You've seen how long it took to provide the 'fixes' in SP2 for XP, and in the end it diverted staff from development of Longhorn. Imagine that applied to something even more fundamental to windows, like redesigning ActiveX to be easier to manage, or making IE an optional windows component.

That kind of work would be probably be even harder than writing Longhorn, and we've seen how long that's taking. And that would most likely require a development team as big as that of Longhorn, if not bigger. And they wouldn't be getting paid for it - so what do you thing the chances are of MS doing that?

Not too far off

[mickyflynn]

I looked at the virus definition database for Norton one time, and 'vmlinuz' was listed. If I actually read the report the shit my school makes us use creates, it pops open the java CLASSPATH file and says a bunch of that stuff is trojan horses.

Ironic methinks.

[grub]

At the risk of sounding trollish... I think it's more than a bit ironic that MS is now going to bundle spyware when a good chunk of spyware is installed thanks to bugs within the present code. Why not deal with existing issues first?

Oh wait, new bells and whistles are good PR and prompt upgrades.

Re:Ironic methinks.

[beacher]

(Lives in Atlanta) - I just think it's funny. Sherman burned Atlanta (almost) to the ground. I just wonder if someone will name a piece of spyware Sherman and watch it raze Atlanta again....

THE SOUTH SHALL FORMAT AGAIN!
-B

Re:Ironic methinks.

[lachlan76]

I just wonder if someone will name a piece of spyware Sherman and watch it raze Atlanta again....


Sherman own Kazaa :P

Re:Ironic methinks.

[Atrax]

Sherman own Kazaa :P

close, but no cigar [sharmannetworks.com]

Re:Ironic methinks.

[confusion]

Part of my thinks the irony is abusrd - they are going to great lengths to fix a problem they created in the first place. But, the reality is that no matter how good they got, there will always be some holes that spyware gets in through, maybe not as many or as frequent. Also, it's hard to keep people from clicking "yes".

Jerry
http://www.syslog.org/ [syslog.org]

Re:Ironic methinks.

[ack154]

Also, it's hard to keep people from clicking "yes".

I don't think it's so much clicking "yes" for most people (joe user)... it's more of clicking "go away" on things.

buying isn't fixing

[djupedal]

they are going to great lengths to fix a problem they created in the first place.

The real irony lies in the fact that they (MS) aren't 'fixing' the problem. MS is buying a company that 'fixed' it and passing that off as charitable intent... MS remains clueless outside of pimping.

Re:Ironic methinks.

[CritterNYC]

Also, it's hard to keep people from clicking "yes".

You don't have to click YES or ACCEPT to get spyware in IE. All you have to do is visit a specific website... or a website that's been hacked... or a website that shows ads from a network that's been hacked... and it will auto-install it for you through one of IE's lovely unpatched exploits.

I just cleaned 12 off my sister's Win98 laptop and then promptly installed Firefox and Thunderbird.

Re:Ironic methinks.

[VoiceOfRaisin]

ill have to disagree with this. im pretty sure most spyware is installed manually. of course people dont know its in the installer they are using. but its not due to any holes in windows, its a regular manual install..

Re:Ironic methinks.

[Anonymous Coward]

It's the Microsoft Way - Sell the problem, then sell the solution.

Re:Ironic methinks.

[dioscaido]

Have you been missing the stream of patches coming from MS? How are they not dealing with the primary issues?

Even so, please tell me which pieces of spyware exploit legitimate security holes? The "security hole" they exploit is that users run as admin. Hardly a bug in the OS, just a horrifically misguided ease of use 'feature' in the installer. Easily fixed. I've never gotten infected with spyware while running as a Limited user, and neither has my Mom, who has a penchant for running little apps she finds on the web. In the cases where they are malicious, she just gets a protection fault and knows to happily move along to the next little animation.

http://www.techproblemsolver.com/limited.html
h ttp://www.dotnetdevs.com/articles/RunningAsNonAdm in.aspx
http://blogs.msdn.com/aaron_margosis/
ht tp://www.pluralsight.com/keith/book/html/howto_r unasnonadmin.html
http://support.microsoft.com/de fault.aspx?scid=kb; en-us;305780

For the handful that did take advantage of some buffer overflow, please point out those vulnerabilities that remain unpatched through Windows Update.

Re:Ironic methinks.

[swb]

The issue is bigger than that; it isn't that there's a specific bug or fault, its in the design and implementation of things like Active X.

Why should a browser EVER make it that easy to run arbitrary code off the net at the user's priviledge level in the native OS?

The only "valid" reason is that it was THE stick to beat Java over the head with and allow web-based applications to run as Windows applications, with all the easy advantages and UI widgets people expected. Java was stuck with it's horrid GUI, while ActiveX looked and felt like a Windows application.

And that reason was only "valid" if you were a Windows product strategist trying to keep the web and Java from eliminating the need for Windows and IE.

So now we have every third web site wanting to run Active X on our machines, often in the "helper" mode to add stuff to our machines so we can see their over-animated web sites that just HAD to be implemented with Flash or Shockwave or worse.

And you wonder how people reflexively hitting "OK" to Active X warnings get infested with spyware and insist it's not MS fault?

Re:Ironic methinks.

[dioscaido]

If you are referring to things like browser cookies, then I'll accept you caveat and say that I probably have ad cookies lying around, but I'm not too concerned -- it's a fact of life on either browser (I'm in mozilla). I'm talking about the spyware that installs itself everywhere on your machine, intercepts your traffic, adds 'search' bars to browsers, icons to desktops, etc... Those are the real pains in the ass, that even Ad-Aware & Spybot have a hard time getting rid of. Those things can't get anywh

Re:Ironic methinks.

[Ralconte]

I felt the irony too, and here's why. Its the damn cheery Win XP layout that just sort of screams at you. You have to download, install, scan, and then (probably) confirm that you want something with an obscure name copied to some obscure directory on your hard disk.

If Microsoft can't plug the hole, why's there a dialog box: "Do you want to uninstall the keylogger?" I think its all these layers and cartoons for something that could just be buried in the OS that may just irk some people.

But those people

Re:Ironic methinks.

[v1]

It does seem rather silly of them to attack the problem from this end... "An ounce of prevention is worth a pound of cure" fits here well. Stop the spyware from getting installed, rather than trying to pry it out once it's dug in. This merely seems like common sense to me.

Re:Ironic methinks.

[The-Bus]

Well.

I was part of some focus group thing (online) that MS did and they asked me how to improve Windows Update. I told them to make Windows more secure. Failing that, they need to make stuff to fix the problems they caused. Not Giant. Not Lavasoft. Not Patrick Kolla.

Microsoft.

Re:Ironic methinks.

[dr.badass]

Why not deal with existing issues first?

Because that would mean admitting responsibility. At present, Microsoft can still rely on the myth that Windows' continual security problems are do to monoculture and basically being a big target.

It would also piss off developers of spyware and anti-spyware, and if there is anything that Microsoft is reluctant to do, it's scare of developers, even if it's at the expense of the user's experience. Remember Ballmer's "Developers! Developers! Developers!"? That's where the focus is.

Re:Ironic methinks.

[_Sprocket_]

They don't do anything, they get blamed, try to do something, they get blamed. Come out of the MS bashing mentality to see that they are trying to resolve the issue. The only reason spyware is so prevalent in IE is because of monoculture, nothing to do with engineering

Keep in mind that a good amount of Microsoft criticism (call it "bashing" if you want) is due to their engineering choices. Those choices lead to the outcomes critics predicted. Which in turn leads to a wasteland of broadband zombies.

When Microsoft attempts bandaid solutions, there is more criticism. That isn't bashing. It's pointing out that Microsoft has issues - much of their own doing.

Sure - they're doing something. But is "doing something" really solving the problem?

hmm

[Anonymous Coward]

Microsoft Anti-Spyware. Isn't that like Sasser Anti-Virus?

Hate to break it to Microsoft...

[CypherXero]

...but there's already plenty of free [lavasoftusa.com] alternatives [safer-networking.org] out there. Also, just stop using Internet Explorer. That move right there will cut down at least 90% of all spyware/adware.

Re:Hate to break it to Microsoft...

[zbyte64]

Yes.... just tell that to the normal users that simply use their computer for pr0n or for simple searches
Most people dont know where to get software like firefox or spyware removal - let alone even know it exists
Microsoft will either bundle it for free, increasing the value of their OS (again most people don't know about alternatives) or MS will charge for it, making more $$ - in the end, average joe will think MS is their hero for saving them from spyware (o the irony)

Re:Hate to break it to Microsoft...

[bcrowell]

just tell that to the normal users that simply use their computer for pr0n
All you have to do is advertise it correctly:

• BARELY LEGAL web browser -- stops spam!!
• 
  ur WIFE says she wants your big MOZILLA!
  watch firefox PLUG every security HOLE at the same time
  

Re:Hate to break it to Microsoft...

[Rew190]

That move right there will cut down at least 90% of all spyware/adware.

That statement might be true if the majority of spyware wasn't installed directly by the user's actions and not the browser's.

Re:Hate to break it to Microsoft...

[pla]

but there's already plenty of free alternatives out there

I personally have always used (and liked) AdAware and Spybot, and as much as I hate to admit this about purely commercial software... I recently had a chance to try Giant.

Slower than a DOJ antitrust proceeding against Microsoft, and takes a similarly budensome level of system resources (100% CPU for over half an hour on a Pentium-M 1.7GHz!), but damned if it didn't find two problems both AA and SB had completely missed (completely as in, not just left inactive fragments lying around, but real live active spyware).


Also, just stop using Internet Explorer. That move right there will cut down at least 90% of all spyware/adware.

Agree completely. The above-mentioned two problems that Giant caught - Well, let me first say that I use Mozilla almost exclusively, only loading MSIE (in a maximally-locked-down configuration) perhaps once a month for sites that absolutely will not work (even with the user agent switcher add-on) in Moz/FF. And both the spies that Giant caught had latched on to MSIE.

Sad. I mean, good to see MS address (one of) their current major weaknesses; but sad that they would use something comparable to an antivirus scanner rather than just fix the security flaws that lead to massive spyware infestations in the first place.

What ever happened to SP2 as the end-all to MS's security flaws?

Reads like a bad translation

[drinkypoo]

Microsoft's upcoming anti-spyware software recently acquired community favorite Giant spyware

What? Microsoft's anti-spyware software acquired a company? I wasn't aware software could own something, although you can certainly use software to own something - usually windows.

Editors, is it too much to ask that you edit?

Re:Reads like a bad translation

[eric.t.f.bat]

Yes, it's too much to ask. If the editors had any editing ability, they'd have jobs.

Mod parent up!

[sparkz]

Thank you for translating the random words into English! Yet another example of why education helps. (Quick plug for "Lost for Words" by John Humphrys)

Unacceptable!

[Anonymous Coward]

As a resident of Atlanta, I resent and am offended by this nomenclature. Where do I file my complaint?

Re:Unacceptable!

[techno-vampire]

Write a trojan that infects it, and name it Sherman.

Re:Unacceptable!

[Geoffreyerffoeg]

Send it as a DMCA complaint to MS's registered agent.

Only problem is that it's going to be a bit hard to find the rightsholder. If I remember my Greek mythology correctly, Atalanta was last alive about, oh, 4000 years ago.

Wait two weeks...

[SilverspurG]

And some malicious website will have an exploit which turns this anti-spyware into a remote code execution tool.

Re:Wait two weeks...

[bug_hunter]

Nothing MS make was designed by them,
DOS, Excel, Front Page, IE
were all originaly bought.

Needs improvement

[EvilStein]

The anti spyware didn't do a very good job of stopping the spies from getting out screenshots, dang it...

If it works..

[skinfitz]

If it works, is free and can be deployed and controlled via Active Directory GPOs I am going to be a happy man for the enterprise.

Anyone know if it IS going to be free?

Re:If it works..

[waa]

Of course it is free.

The first one's always free.

Re:If it works..

[illtud]

If it works, is free and can be deployed and controlled via Active Directory GPOs I am going to be a happy man for the enterprise.

Anyone know if it IS going to be free?

Having a GPO aware anti-spyware would be good, but I doubt if MS would be allowed to make it free. Certainly I don't think they could bundle it with the OS, because they'd kill the anti-spyware industry at a stroke. Leveraging a monopoly, anybody?

Coral Caches Of The Pics

[Anonymous Coward]

Posted AC of course:

http://www.neowin.net.nyud.net:8090/staff/creamhac kered/atlanta/install1.PNG [nyud.net]
http://www.neowin.net.nyud.net:8090/staff/creamhac kered/atlanta/setup1.PNG [nyud.net]
http://www.neowin.net.nyud.net:8090/staff/creamhac kered/atlanta/main.PNG [nyud.net]
http://www.neowin.net.nyud.net:8090/staff/creamhac kered/atlanta/scan.PNG [nyud.net]
http://www.neowin.net.nyud.net:8090/staff/creamhac kered/atlanta/realtime.PNG [nyud.net]
http://www.neowin.net.nyud.net:8090/staff/creamhac kered/atlanta/advanced.PNG [nyud.net]
http://www.neowin.net.nyud.net:8090/staff/creamhac kered/atlanta/settings.PNG [nyud.net]
http://www.neowin.net.nyud.net:8090/staff/creamhac kered/atlanta/popup.PNG [nyud.net]
http://www.neowin.net.nyud.net:8090/staff/creamhac kered/atlanta/systemsummary.PNG [nyud.net]
http://www.neowin.net.nyud.net:8090/staff/creamhac kered/atlanta/messengerplus.PNG [nyud.net]

Heh

[bharatk]

Oxymoron (n) A rhetorical figure in which incongruous or contradictory terms are combined, as in Microsoft Anti-Spyware.

Available through Windows Update?

[REDSECTOR1]

Surely this will be available though Windows Update? If not ... Microsoft fix your damn code first instead of making us pay for your mistakes. *groan*

Wasted space?

[xpccx]

It seems like there's a lot of wasted space in the top third of the application window. I'm guessing this is slated for XP and not Longhorn so you'd think they'd make it look more like other XP apps.

SpyNet...

[Samah]

Anyone notice in this pic [neowin.net] how it mentions SpyNet?
Sounds a little too much like SkyNet to me :)

Interesting Move

[bogie]

I find this interesting because traditionally Microsoft has always had an open door policy about which software can be installed on Windows. There are many pieces of software that legitimate companies install which users and many anti-spyware companies consider spyware and thus remove. Microsoft up until this point has had no public policy on semi-legit software which users have unwittingly been installing. So now here we have MS now denying them the ability to install their semi-legit software. Will they now be able to sue MS for keeping them off of the Windows platform? Did ms tweak the rules so that companies like Claria can continue to push Gator?

Think about that for a moment. There is plenty of malicious software out there but there is also plenty of "grey" software which drives users nuts but is in reality legal. Is it ok for software to change a user's homepage and install fake ad killers? Can companies no longer sell software which preys on users who are used to quickly hitting the OK button? I'd be interested to know what ISV's Microsoft is now for the first time denying access to Windows even though they develop semi-legit software. Are big legal battles about the start up?

Re:Interesting Move

[LiquidCoooled]

If you look at the images, it shows an example of trapping Messenger Plus.
It gives a description of what the problem is, explains that its not the actual Messenger plus program that has the problem, but the spyware installed around it, there is the option of ignoring it (selected on screenshot).
I cannot tell from the screenshots whether it comes up on ignore by default, but its at least giving more information than previously.

On a slightly different note, in the neowin forum, some folks are saying "i haven

How long until the EU considers this a monopoly?

[PornMaster]

If Microsoft adds an anti-spyware tool free to Windows, how long until Mario Monte declares MS's move as an illegal monopolistic practice?

Re:How long until the EU considers this a monopoly

[NanoGator]

"If Microsoft adds an anti-spyware tool free to Windows, how long until Mario Monte declares MS's move as an illegal monopolistic practice?"

Damned if they do, damned if they don't. Pretty lame, eh?

Re:How long until the EU considers this a monopoly

[NanoGator]

"well MS created the market in the first place, so they should at least be allowed to profit from it :)"

Heh. Yep, just like Honda should profit from the car theft market.

Honda profit from stolen cars.

[juuri]

Oh but they do!

For you see any car that is recovered has a minimum amount of damage done to it and sometimes a large amount. The bulk of these repairs will be done using certified Honda parts and many of the repairs will be performed at Honda dealerships.

admitting defeat?

[OmniVector]

i think the worst part about microsoft of all people releasing antispyware software, is that they are admitting their OS is easily hijacked. spyware is a worse problem than viruses now a days (since every machine i've cleaned up for friends has 200+ pieces of spyware littered around their machine), and for the most part it is easier to prevent! stop using IE, and stop installing random software off the web.

Re:admitting defeat?

[ScrewMaster]

Anything that requires awareness or discipline on the part of the bulk of users is doomed to fail. Too many people like the eye candy that they get from installing those random pieces of software off the Web. Not much is going to change that.

Re:admitting defeat?

[bnenning]

Anything that requires awareness or discipline on the part of the bulk of users is doomed to fail.

100% correct. Spyware doesn't *need* insecure-by-design features like ActiveX to spread, that just makes it easier. Social engineering is always going to be available, and if Linux or Mac OS X became sufficiently mainstream then will be problems there as well (probably not to the same extent, but they will exist). The only solution I can see is sandboxing with fine-grained access permissions. The spiffy curs

Re:admitting defeat?

[Indy Media Watch]

i think the worst part about microsoft of all people releasing antispyware software, is that they are admitting their OS is easily hijacked.

Really? I think that's the best part.

Admitting to the problem is the first step toward fixing the problem.

And so as I type this...

[Incoming9000]

.. thousands of mallicious coders are linning up to grab a copy of their newest target.

This product supports versions other than XP

[Anonymous Coward]

At least this is a product that supports other distributions than Windows XP, it also supports 9x, NT, and 2000. You can't get IE6 SP2 on anything other than Windows XP, so this is a welcome break to users of other Windows versions who unfortunately don't have the benefit of Microsoft's full support.

Why MS has the advantage

[SamMichaels]

They wrote the operating system. They already know about the next security flaw....they already know about the next big worm. They just won't act upon it until someone on the outside discovers it and/or exploits it. This opens the door to preemptive protection against the spyware that exploits the security flaws.

Besides, the problem with the hijack stuff is that it's increasingly complicated to figure it out inside of MS's nonsense. Who better to offer protection than the people who invented the comple

Re:Why MS has the advantage

[domukun367]

I don't think they know about the security flaws or possible worms - it's not a big conspiracy at MS. They're programmers like the rest of us, fighting fires as they come up.

It's like the "UFO conspiracy" that the US government has been executing for the last 50 years - do you really think they're that organised???

Re:Why MS has the advantage

[SamMichaels]

I don't think they know about the security flaws or possible worms - it's not a big conspiracy at MS. They're programmers like the rest of us, fighting fires as they come up.

While this is true to an extent, they provided the fuel for said fires. They also have the best programmers in the world working for them...and lots of them. Rest assured they have a stack of paper sitting there with nothing but bugs yet to be discovered by the public. Fixing them and rolling out a patch may be impractical, but at

MS's grad plan?

[SirTalon42]

I know how MS is going to eliminate ALL malware. I figure that they plan to raise attention to the serious issues with just anybody being able to write software, so then they can try and make a licensing program where companies can pay to have their software certified as legit, and the binaries signed (creating a new revenue stream for MS), then once some big companies start following along, keep applying pressure to the ones that don't go along (like them showing up as 'spyware' in their anti-spyware soft

Mirrordot links:

[b0lt]

http://mirrordot.org/stories/3a6759da98fd910f392d 0 5616b59f866/index.html [mirrordot.org]
http://mirrordot.org/stories/8b19ec436a9f78511e825 e1cbb5dc270/index.html [mirrordot.org] http://mirrordot.org/media/c5260ec181995ef3d472bcc 0049c5a6c/install1.PNG [mirrordot.org] http://mirrordot.org/media/eb8aff4f358a42e5f76f3f8 bc4033936/setup1.PNG [mirrordot.org] http://mirrordot.org/media/e2f7236ee6118616ca5d3e7 80481fc05/main.PNG [mirrordot.org] http://mirrordot.org/media/ad30fb274ef73d1eb4e3e19 35e731e0b/scan.PNG [mirrordot.org] http://mirrordot.org/media/567ec8d3ee764e87c3b3abc e7202fc31/realtime. [mirrordot.org]

Messenger Plus

[tsalem]

Messenger Plus is labelled 'adware', and yet MSN Messenger itself has adware? (bottom of the contact list). Messenger Plus has some neat features to remove the bloat (ads, annoying image links that take up a quarter of) the Contact List as it is.

When installing Messenger Plus, you can agree or disagree to supporting them by having adware thrown all over your PC. I disliked seeing this addition, but just simply disagreed to it to avoid it. Perhaps the person submitting the screens didn't?

(Yes, I'm awar

Re:Messenger Plus

[One Childish N00b]

The problem with MSN Plus! is that when you run it's 'Update' feature, it adds the CoolWebSearch (I think that's what they're still bundling in with it) without the 'Agree or Disagree' menu. Just the regular installer has the option, but the update feature just sprays CWS all over your machine, at least in older versions it did - perhaps Patchou has fixed it by now.

So with behaviour like that I'm glad it's labelled adware, and probably illegal too - seeing as I'd specifically refused to have CWS on my mac

treating symptoms?

[jnf]

Well at first glance it seems somewhat silly- as if they are treating the symptoms instead of the problem. Everyone can pretty much agree switching to another browser can alleviate a lot of the problems, or even just mutilating IE so that it becomes a pain in the ass to use (i.e. prompting for confirmation before allowing activex/etc), and thats what happens in 2003 by default (IE becomes a pain the ass to use), but agreed- that doesnt cure all of the problems. For instance, I know I've seen some spyware piggyback in on files played by media player or winamp, or p2p programs (contrary to popular belief kazaa lite appears to be spyware as well, fire up a sniffer and watch the local network). But when you really look at it, solving the problem hardly seems to be the point. Contrary to what a lot of us would like to think, microsoft isn't full of idiots- and a lot could be learned from the 'failure' that is most anti-virus software, namely that signature based detection is not the best way to detect malware. So then you have to sit back and ask yourself why a corporation would follow such tactics if the elimination of spyware/adware was their goal? Money, just like it always is- You don't want to cure the problem because then you start pinching your paycheck. Plus you have the advantage of testing/(further) conditioning the public to subscription based payment methods, and they will thank you for it because you are 'helping' them. IMHO, it just seems like another wolf in sheeps clothing, but thats just my take on it.

Am I the only one?

[techno-vampire]

When I first saw the title of the article, I thought it read "Anti-Microsoft Spyware," and wondered such old news ever got accepted.

just plain wrong

[hawkbug]

This is just wrong - simply a conflict of interests. Microsoft will sell this product I'm sure, and they also sell windows. There is nothing stopping them from ignoring holes in windows that spyware exploit regularily, but wa-la, they now have software to "fix" it up for you at an additional cost. What a bunch of crap.

This is kind of stupid...

[realmolo]

The solution to the spyware/malware problem is simple, as demonstrated by Firefox-

Disable ActiveX controls.

Is there any legitimate reason for a non-intranet website to use them? Whenever a site requires ActiveX controls to work, I think "Boy, they hired an bunch of idiots to design their site."

They should just modify IE so that ActiveX flat-out doesn't work on any site that isn't explicitly and MANUALLY allowed to by the user or network admin.

Re:This is kind of stupid...

[lachlan76]

In a system where it is IMPOSSIBLE to remove the web browser? Methinks not ;)

MSAV

[sporty]

Will this be another MSAV? What ever happened to that tool?

This is insane.

[SoupIsGood Food]

This is insane. Spyware stems directly from Microsoft's inability to engineer a secure computing architecture... something =every single one= of its competitors can do. Buying a single anti-spyware product isn't going to fix the problems that make spyware possible in the first place. It will merely offer a false sense of security to the foolish.

It's like tossing a half-full Dixie cup onto a raging housefire you set in the first place. A half-assed placebo to gull the gullible.

Any Mac or Linux user can te

Easiest way to eliminate Spyware

[io333]

It seems pretty obvious to me that the best way for Microsoft to eliminate spyware would be to take Firefox, rename it Internet Explorer, and be done with it.

can't remove "69.20.16.183 ieautosearch" from host

[blackest_k]

Well if Microsoft is doing anything to help against spyware it has got to be of some use.

There is a new extreme piece of spyware which seems to have surfaced in the last month.
http://forum.iamnotageek.com/t-78554-1.html [iamnotageek.com]
is the start of a very interesting thread concerning what seems to be the latest generation of spyware.
some of the things that it does include generating randomly named dll's
restarting processes that have been killed, runs IE even in safe mode, drags in a whole raft of other spyware to confuse things and leaves the PC it infects after unsuccessful removal unable to connect to the internet.

This thing is really nasty.

I am pretty sure I was dealing with a case of this yesterday. When adaware was installed and ran on a pc with XP service pack2 It triggered a Reboot due to a failure in dcom with a 1 minute countdown. The worst part was after cleaning with adaware the Pc was unable to connect to the internet unable to get an address from the router.

Manually configuring a network address and setting 192.168.2.1 as the gateway got the network working to the lan pc's.
The router could be pinged successfully but it wasn't possible to reach 192.168.2.1 through firefox netscape or IE to check the router status.
and after several hours of trying this pc refused to connect to the internet.

After banging my head against this brickwall over a period of about 12 hours the only solution was to reinstall XP.

This is the worst spyware I have ever seen, according to the thread the initial attack seems to have occured after a search for the song "over and over" by nelly although a precise location of the source of this infection isn't known.

If you have to deal with spyware on a regular basis check this thread out because you are not going to solve this one just by running adaware and spybot S&D.

http://forum.iamnotageek.com/t-78554-3.html [iamnotageek.com]

This latest spyware really should be submitted as a story on slashdot it is very new, very nasty and it is going to infect a lot of Pc's.

Please mod this up or investigate this yourself and Post about it.
because this is going to be a major disruption to Pc users everywhere, especially with it's defence of blocking the Pc's internet connection when you attempt to remove it.

How long will it work for?

[duffster]

Leaving aside the questionable irony of this software, I do wonder how well it will work in the long term. One of the problems I've already experienced when removing spyware is programs that hijack the anti-spyware software itself, usually by sabotaging the spyware definition files as soon as they are downloaded.

If Microsoft starts distributing this as standard software, should we expect to see more spyware that avoids removal in this way? Will users have to reinstall the software, or run it from a boot disk, every time they want to clean their system?

Re:And the motto to go with it...

[symbolic]

"They won't be spying, because we will.

Re:And the motto to go with it...

[3terrabyte]

Now that's funny

An attempt?

[ImaLamer]

In Soviet Russia Microsoft Spys You

Re:wow... good job at nothing

[Anonymous Coward]

They didn't just change the name, I'm sure that somewhere in there is additional code that has a crippling security hole just waiting to be discovered and exploited.

Seriously, back when Microsoft first got their grubby mitts on Virtual PC, the first thing they did was release an updater for it. If that updater did anything at all other than just replace "Connectix" with "Microsoft" everywhere in the program, I couldn't tell you what it was to save my life.

Re:wow... good job at nothing

[jpetts]

Exactly: the reason they bought Connectix, not VMWare, was that Microsoft and Connectix are both nine letter: they wouldn't need to deal with any pesky offset differences when they did a global search and replace...

Re:wow... good job at nothing

[superpulpsicle]

No need to get disappointed. That's the concept of OEM. They always just slap a new label on it. Do you think Dell does anything beside slapping their name on the product!? M$ would be stupid to fiddle with any code.

Re:wow... good job at nothing

[MoralHazard]

Did it ever occur to you that they might have modified code other than the UI? Maybe there are non-visible changes to the scanning engine or something, perhaps to enhance the integration with the Windows OS?

Imagine for a moment that the computer is doing more than painting pretty pictures on your monitor (that's the TV-thing on top). Could we agree that a program intended to detect spyware could be substantially modified without altering the appearance to the user?

How did this get modded as "informative"?

Oh, that's right--he bashed MS. Sorry.

Its not entirely baseless, you know...

[lysium]

Did it ever occur to you that they might have modified code other than the UI?

When Microsoft purchased VirtualPC for Mac, they released a 'major' update that did nothing more than rebrand the product to Microsoft. No improvements, no fixes, just the window dressing. So while these people are certainly bashing Microsoft, there is a kernel of truth in their sarcasm.

Re:wow... good job at nothing

[Anonymous Coward]

"Just what exactly are they beta testing? I didn't expect them to have to really change much, but I guess I just expected them to change SOMETHING more than the name."

They had to stop it from removing IE and Windows Media Player ;)

Re:Already in the works

[Space_Soldier]

They bought RAV (Romanian Anti-Virus), which according some have created the best anti-virus engine last year.

Re:Just fix Windows...

[Man in Spandex]

it makes perfect sense my friend. They write the buggy software, they should fix it. I wonder if they'll make different editions such as "Free", "Pro", "SuperDuperPro" and add features to each at "X" cost per license Microsoft then makes more cash and last time I checked, cash is good!