Microsoft's AntiSpyware Disabled by Spyware 428
Ruke writes "A trojan has targeted Microsoft's AntiSpyware program, deleting all files within the C:\Program Files\AntiSpyware folder, as well as logging keystrokes at several online banking sites." The good news is that it's a Trojan, so one still has to bother with running an attached file.
Its the content, not the wrapping, but.... (Score:5, Insightful)
<<< The password stealing Troj/BankAsh-A Trojan, discovered yesterday, is a spyware. It keeps a track of user activities on the computer. It spies on you. >>>
Er, didn't we cover the spying part two sentences ago? Is A spyware? A spyware what?
<<< The Trojan also removes important entries of the antispyware in the registry and thus literal kills the antispyware. >>>
Literal? Come on - this reads worse than half of the AC posts in YRO. I hate playing the grammar nazi, but this was painful to read...
Re:Its the content, not the wrapping, but.... (Score:5, Funny)
Hay! I take uxsecption to that coment!
Re:Its the content, not the wrapping, but.... (Score:2)
Re:Its the content, not the wrapping, but.... (Score:5, Informative)
Troj/BankAsh-A [sophos.com]
Re:Its the content, not the wrapping, but.... (Score:5, Funny)
See what happens when you RTFA!!!
-David
Re:Its the content, not the wrapping, but.... (Score:5, Funny)
Re:Its the content, not the wrapping, but.... (Score:3, Funny)
Sure it's a Trojan? Is it spyware? (Score:5, Interesting)
The AV people are tyring to walk an increasingly thin line between malicious spyware and malicious viruses. Pretty soon, they're going to have to make some hard decisions.
Re:Sure it's a Trojan? Is it spyware? (Score:5, Interesting)
A simple role selection box.
Make it default to current "careful" practice.
Allow the option to change to tolerate all known valid adware, but remove trojans, this leaves the mild things on for kids with desktops and novelty crap.
Possibly a stronger option for workplaces etc which basically deletes anything even remotely compromising.
Have the strongest option locking the machine to the working set of executables at installation time.
Windows is with us, running as admin is unfortunate, but a great many people worldwide do, we can't change that, so lets protect them as much as possible
Let the user decide.
Re:Its the content, not the wrapping, but.... (Score:4, Funny)
A designer suit that never wrinkles or gets dirty, of course.
Quoth TFA: (Score:5, Funny)
Damnit. I always knew my sleepwalking would get me in trouble some day...
Patch Will Be Available Soon (Score:5, Funny)
Re:Patch Will Be Available Soon (Score:5, Funny)
I thought they already had that ... in Clippy!
"it looks like you're trying to open a trojan attachment to your email, would you like to
Quarrantine the file
Delete the file
Open the attachment anyway
Have me wipe your files and route the contents of your savings account to Microsoft for safe keeping?
Yeah (Score:5, Informative)
Not that that has ever prevented Slashdot from reporting things like these as "vulnerabilities".
Re:Yeah (Score:5, Funny)
Re:Yeah (Score:5, Funny)
Re:Yeah (Score:3, Funny)
$IPTABLES -A INPUT -i any -p hammer --state BLOW -j DROP
it *is* vulnurability (Score:5, Insightful)
Until microsoft fixes this it will be plagued by security holes. And don't give me this bullshit about usability -- Mac OS X got it right, why can't windows?
Re:it *is* vulnurability (Score:2)
Re:it *is* vulnurability (Score:5, Informative)
It's not as easy to use as OSX (or KDE), but it works. I use it everyday on my primary computer. I'll grant that it's not going to help most users (the ones who run every executable sent to them), but for people who want to use good security principles and still install software every once in a while, it's a good thing.
Re:it *is* vulnurability (Score:4, Insightful)
This is true, but let's face it. To say that this is a real example of how GNU/Linux is superior is kind of a cheap shot. If GNU/Linux were mainstream, what would the normal user do? Download goodies.tar.gz from your email, compile and su to install it. Tada, your system is screwed. This is what an "average," unsuspecting, Unix user would do. Buffer overflows and the like are legitimate vulnerabilities, but to blame Microsoft for a trojan being written is just not a legitimate criticism. Any operating system that lets the user install anything is "vulnerable" to trojans.
lasindi
Re:it *is* vulnurability (Score:3, Interesting)
Re:it *is* vulnurability (Score:4, Insightful)
Bingo, the problem isn't Windows, its Windows Users.
Really, this stance strikes me as the antithesis of the problem. It is programmers who bear the blame here. I'm not singling out Microsoft programmers (despite the large and tempting target they present). I'm talking about most people who write system software or applications for general use.
Here on slashdot, we are predominantly geeks. We enjoy technology and learning about technology. In some cases, a large minority of us mistake our interests in these as evidence that these activities are somehow inherently important. Those who do so gain certain psychological and social pleasure from this knowledge and interest. This is part of being human. We consider ourselves special and important.
Computers and software are marketed to and used by the general public. People, being people, think that their interests and their knowledge is important. Learning about hardware/software/security, etc. is not interesting to them, therefor the fact that they tend not to spend time doing so should come as a great surprise. Geeks tend to see this lack of interest as evidence of a problem (and at times as an affront to their own sense of self worth). This seems a rather shallow and unproductive view. Human beings focus on those things that interest them. Pleading with them to attend to things we think are important, or looking down on them for this lack of interest, is a fruitless path.
The problem is not users. The problem is that we have created hardware and software which does not adequately match the needs of the users. Software should match the requirements of its users not require them to change their typical behaviors to meet the needs of the software.
Some people are destructive and malicious. Well designed software takes this into account, and provides authorized users with reasonable protection from those who would try to harm them. Well designed software behaves in consistent and predictable ways so that users of varying levels of experience, knowledge or interest can benefit from its use.
Software should be designed for the people who will use it. Most programs suck, because they are designed for a particular business goal, or designed by geeks based on their own knowledge of how they would like to use it. It is no wonder, that most software leaves the average person cold. It is arcane, inconsistent, and requires too much knowledge. Users are not stupid. They are not lacking in intelligence or ability. They are lacking in a sense of enjoyment and sufficient interest to use software the way the geeks designers intend.
Great software takes its users interests and expectations into account.
Great developers strive to understand users and write software which serves them.
So, we are the problem, not the users. Blaming people for their own human nature is not the way to go here. Projecting our own failures of understanding onto the users is a misguided attempt to pass the buck.
Re:it *is* vulnurability (Score:3, Insightful)
I agree with this as well. I am not saying that the users are at fault, what I am saying is that there is a strong statistical bias here. The Linux community does not have the slightest interest in doing what it takes
Re:it *is* vulnurability (Score:3, Informative)
Re:it *is* vulnurability (Score:3, Interesting)
Re:it *is* vulnurability (Score:3, Insightful)
What is? I guess we'll just have to settle for "massively better."
Re:it *is* vulnurability (Score:3, Insightful)
Of course, it's the application vendors' fault for failing to understand that this is a huge problem and they should probably learn to play nice with the documents and settings folder, but MS doesn't seem to be doing much screaming at them about it.
Trojan attacks MS software shocker. (Score:3, Funny)
And in other news - "Google" gaining marketshare with "PageRank" technology
Free Microsoft? (Score:2)
"They" dont just attack Free Microsoft Items.....
But i agree.. no big suprise here..
Best Antispyware... (Score:4, Insightful)
Sorry, but there it is.
It gets tiring fighting the broken dam, you can't hold all the water back forever.
Re:Best Antispyware... (Score:5, Insightful)
Obviously it touched a nerve for somebody.
The bottom line is that currently spyware is only a problem on Windows. Thus, running any viable alternative to Windows is the most effective way of avoiding spyware at the moment.
Running a GNU Linux distro, any of the BSDs, or Macos X are all viable options, and arguably the most efficient solution to the problem of spyware.
Granted, many might find these options unsuitable for a variety of reasons. However, labeling that suggestion a Troll does not make it untrue. Wasting time and CPU to either spyware or anti-spyware software both seem objectionable. Systems which provide desired functionality, and do not require additional effort to continue functioning normally are a sensible choice for many.
Re:Best Antispyware... (Score:4, Informative)
Believe it or not, a lot of us are running Windows 2k/XP without these problems.
I believe you. Large numbers of users are not affected by these problems. However, a large percentage of users are adversely affected. Your experience appears to be atypical.
Yes, I'm not using IE. Yes, I'm not using Outlook Express. Yes, I'm behind a firewall. I'm not claiming to be 100% secure, but buying a Mac or switching to Linux would do little to improve my computing experience. Never mind the stuff I wouldn't be able to do because I use software that isn't 100% supported.
How ironic. You describe the safety of your current environment, and dismiss alternatives using identical criteria. You claim that an alternative to windows would not improve your situation, and support this claim by alluding to things which you could no longer do (presumably because you rely on programs which exist only on Windows.) What's ironic is that you do so after implying that you owe part of your safety not running several other programs.
So, you are comparatively safe, and content with your environment. Good for you, I do not begrudge you that. However, your statements strike me as disingenuous. You blithely gloss over the fact that there are already things you cannot do (programs you cannot run) just to remain safer in your chosen environment.
Call me old fashioned, but something is terribly wrong when a user cannot use the software bundled with their system, in the way it was intended to be used, without compromising the safety or performance of the system. Computers should serve their users. They should not break or degrade because the user actually runs the software as intended by the designers.
Your anecdotal evidence suggests that you are not as cozy as you claim. A wider view of the situation suggests that your reported condition is far from the general case.
A recent study commissioned by AOL and the National Cyber Security Alliance (NCSA), suggested that the majority of home users are adversely affected by spyware and other malware.
The NSCA is supported by the Homeland Security Department and the FTC. It is also supported by a large number of tech corporations with either financial or political lobbying interest in computer security: the board of directors includes representatives from Cisco, Symantec, RSA Security, McAfee, Microsoft, and Bell South.
This group strikes me is far from impartial, as each member (public or private) has significant interest in publicizing (or magnifying) certain security risks. These vested interests should suggest we take the report with a grain of salt. Despite this, the results are quite interesting.
They polled a random sample of (PC using) AOL subscribers and also gained access to their computers to inspect them for viruses and malware. They found that:
77% considered themselves safe from threats.
66% had been infected with a virus in the past.
20% were currently infected with viruses.
80% were currently infected by spyware (averaging 93 sypwares/host)
89% of owners with infected PCs were unaware of these conditions.
The survey's margin of error was +/- 5.4%
These are home users, business users, and highly technical users are sure to be better protected on average.
Despite this, the protection of businesses comes at very high costs measured in hardware/software/wages/training. Sophisticated home users also spend additional time and/or money protecting themselves.
Here are links to pdf files containing a press release and summary of the raw data.
http://www.staysafeonline.info/news/NCSA-AOLIn-Ho
http://www.staysafeonline.info/news/safety_study_
Trojan Man? (Score:5, Funny)
Re:Trojan Man? (Score:5, Funny)
Muffin Man? (Score:3, Funny)
Turns out I do know that song.
It could be worse.. (Score:5, Funny)
Wait, nevermind.
Wait for it....wait...wait.... (Score:5, Insightful)
Re:Wait for it....wait...wait.... (Score:2)
Re:Wait for it....wait...wait.... (Score:2)
You are completely right, though. I'm sick of reading all the negative reviews of AntiSpyware compared to all the others. Hello? Whoever's writing these reviews? It doesn't matter if it doesn't "find" a piece of spyware. It *prevents* spyware from ever installing in the first place. Right now, it has 59 Win32 system hooks installed on my computer, and believe me, nothing is getting past. I have it pop up twice a day just to warn me when I try to run my DOS ga
Re:Wait for it....wait...wait.... (Score:3, Insightful)
I routinely run
Re:Wait for it....wait...wait.... (Score:2, Informative)
Everybody seems to miss this:
1) Open AntiSpyware's main window
2) Click on "real time protection"
3) Then click on each of the 3 agents...Internet (9 checkpoints), System (25 checkpoints), and Application (25 checkpoints)
4) Enable *all* of the checkpoints...they are Win32 system hooks...
5) Try installing some spyware. ; ) It won't work.
Also, don't fool yourself, antivirus software do
Re:Wait for it....wait...wait.... (Score:4, Funny)
Re:Wait for it....wait...wait.... (Score:2, Informative)
Re:Wait for it....wait...wait.... (Score:2)
And in other news (Score:5, Insightful)
I mean really, who didn't see this coming?
Re:And in other news (Score:5, Informative)
Norton 2005 gets pimpslapped by a
Warning: Link is to
Re:And in other news (Score:3, Insightful)
It wouldn't be surprising if they started attacting other things like norton's expiry dates/licenses as well, or plain corrupting some registry entries necessary for apps to run. (How long before they replace legit windows keys with the FCKGW ones so people can't get updates anymore?) I won't be surprised either w
Re:And in other news (Score:3, Insightful)
A lot of spyware out there disables the anti-spyware that exists either by deleting it or not allowing it to up
And it's a sure bet... (Score:5, Insightful)
Blocker blocker blocker... (Score:5, Interesting)
For example, deleting the MSI Installer Service such that when you try to install something like SpySweeper the installer won't work properly.
Alternatively, killing Antivirus or Personal Firewall processes or placing known good-guy websites in the restricted zone of Internet Explorer.
The 'solution' IMHO is to have multiple layers of defence and to some extent, perhaps to use less popular tools (i.e. not McAfee and Norton) which won't be on the malware's 'hitlist'.
I know security through obscurity isn't a solution, but in this case, security through not being one of the masses may be.
I say this having spent nearly a whole day trying to remove Spyware from a friend's laptop.
Re:Blocker blocker blocker... (Score:2)
"The 'solution' IMHO is to have multiple layers of defence and to some extent, perhaps to use less popular tools (i.e. not McAfee and Norton) which won't be on the malware's 'hitlist'."
Why not have true user level file permissions and make it 100% impossible to delete applications without giving a password? Works for the Unix world. Works on this Mac I'm typing from. It still doesn't work for Windows? That's sad.
Re:Blocker blocker blocker... (Score:2)
It still doesn't work for Windows? That's sad.
True file permissions do exist, but unfortunately most users run as Administrator, thus negating those permissions. That's the sad part :( But if you're a competent user, you can help protect yourself by running as a regular user account. You don't run as root all the time on Linux, and similarly on Windows, don't run as Administrator all the time.
You can also get a Mac like the parent poster has.
Beta version (Score:5, Insightful)
It's a bit early to point the finger.
Re:Beta version (Score:5, Insightful)
Beta Blame (Score:2, Insightful)
It's a bit early to point the finger.
What? Wait until tomorrow? This isn't a Spyware problem, it's a virus scanning problem for your incoming mail.
Do you work using restricted accounts (Score:5, Insightful)
For all its security efforts, Microsoft continues to let users run as administrator by default, which is downright irresponsible. I just spent an evening cleaning an acquaintance's computer of a persistent, multiple spyware infection because of this policy of Microsoft. Needless to say I created separate restricted user accounts for all members in the household, but the Microsoft installer should have done this from the beginning! You cannot expect regular users to do anything except go with the default.
I also installed Firefox, and set all of the Internet Exploder security settings on "High" on all accounts except the administrator one (so that Windows Update can be run).
Re:Do you work using restricted accounts (Score:2)
It's just too inconvenient for the neurotypical user.
Re:Do you work using restricted accounts (Score:2)
-can have admin prviledges on your regular account but require admin password enter for important actions
-option to lock system settings via a padlock icon (to require password next time)
the best of both worlds.
Using VS.NET without Administrator? (Score:2)
Case in point: Visual Studio
Re:Using VS.NET without Administrator? (Score:2)
Re:Using VS.NET without Administrator? (Score:3, Informative)
You can develop with VS.NET2003 as a limited account just fine. The case you mention is special, and you either need to run the webserver's application pool as your identity to debug, or run VS.NET2003 as Administrator. Not a huge deal, just do 'runas...' and start VS.NET as Administrator.
No reason to abandon running as a Limited Account.
Re:Do you work using restricted accounts (Score:3, Insightful)
You're forgetting one major problem. Let's do a hypothetical situation here to help you understand. Let's pretend that you've managed to get the average Windows user to use a regular user account and only user the adm
Re:Do you work using restricted accounts (Score:3, Insightful)
Windows still is not a true multiuser system. Get back to me when I can run the damn file browser as super user, and Joe Six Pack can play games as a restricted user.
For things that do not work as non-admin, just use the "Run as" command on the context menu for the icon in the start menu. That's better than browsing or doing work as Administrator all the time. Additionally, for most games if you give Users read-write access to the game directory they'll run fine under a non-administrator account.
The rea
Re:Do you work using restricted accounts (Score:2)
This is a problem with the way ID and EA wrote their games. Plenty of other games work just fine with normal user permissions.
Yes, MS does a dumb thing letting home users run as admin by default, but on most corporate networks the users are NOT allowed to run as admin (or usually even know what an admin password is) and work gets done just fine. I don't let users admin their own boxes, except for a very few
Re:Do you work using restricted accounts (Score:2)
If you can't develop in Java... well that sounds like Sun or your IDE's fault... hardly MS'.
Very insightful my friends! (Score:3, Insightful)
This is opposed to your computer plugging itself in, tapping into the internet, downloading and running itself?
Seriously, every peice of malware one gets is result of human action or inaction. If one were more conciencious of the threat, they would take necessary precautions. ( install Firefox/Linux )
I also think this title tries to make a funny or ironic statement at the expense of accuracy. A Trojan is not what I consider spyware, or, something that sneaks it way in via website, javascript, etc... A trojan targets just teh fools.
Re:Very insightful my friends! (Score:2)
Yes, it is. Ever tried to install Windows while on a network, especially while directly connected to the internet via a broadband line of some type? You'll get your computer owned before you can install patches from Windows Update.
Re:Very insightful my friends! (Score:2)
have to be administrator (Score:2)
This reminds me of the Alien V predator tagline... (Score:2)
Download? (Score:3, Funny)
Why did this make it to the front page news? (Score:2, Insightful)
Re:Why did this make it to the front page news? (Score:4, Insightful)
Talk about misleading (Score:2, Informative)
Not a problem.... (Score:3, Insightful)
You *should* be able to install such a program on your computer. You *should* also be smart enough to know what you decide to put on your machine.
Thank you Symantec (Score:4, Insightful)
Of course, I can't help but point out the obvious: rumors keep abounding that M$ will charge for its anti-spyware and anti-virus softwares. So let me see if I'm clear on this... they write shitty code that I'm forced to use (since the apps I need only run on Win32), and then I have to pay again for software to keep people from exploiting the software that was shitty to begin with. Isn't that a bit like selling you a piece of shit car, then charging you to use your warranty when the clutch fails on day #2 of ownership? You know, many of us thought that the day would come that M$ would charge for access to WindowsUpdate. Is there anything they won't charge for? Don't they ever say "we fucked up... here's a freebie on us"? Or "you already paid $300 for our OS... here's a way to secure it for free".
Hardly a new concept (Score:2, Informative)
Also, when software starts disappearing from your computer you might want to look into it.
C:\Program Files\... (Score:3, Insightful)
Install elsewhere. I've found very, very few applications will not accept another partition to install to.
Re:C:\Program Files\... (Score:3, Interesting)
MS needs to get rid of the damn registry first. Then we can start talking about other methods. Although I will say that it is a start. I myself, usually install in subdirectories outside C:\Program Files\ like C:\Games, C:\apps, C:\pr0n, etc..
Also, I neat trick that I used to do with win9x PCs is instead of using C:\WINDOWS for windows-centric files
Anyone else... (Score:4, Funny)
Ah well (Score:3, Funny)
Alas!
Official story title (Score:2)
If (Not oMicrosoft.bHasClueStick) Then ... (Score:4, Funny)
Honestly, did anyone NOT see this coming?
I jokingly predicted this exact situation in a post when they first released the beta of the app (though admittedly I thought it'd take a little bit longer before it was actually in the wild). Rest assured that it is only a matter of time before you see this in a non-trojan form that is automatically installed via an IE exploit delivered by some ad-serving company.
Microsoft's move of buying up and releasing an anti-malware application of their own is IMO nothing more than an attempt to improve public perception of their so-called efforts towards improving Windows security.
Amusingly enough, I believe it to also be an example of how much they simply don't get it and/or don't care -- the insecurity of the underlying OS is the direct cause of the probem, not the spyware.
No amount of anti-malware software targeting the effects (automatically installed spyware) of the problem (insecure OS/Web Browser) will have any positive impact because it's the problem itself that allows the effects to continue... and have enough power to take the anti-malware software and just turn it off.
That didn't take long. (Score:4, Funny)
Nonsense.. (Score:4, Insightful)
2) On any Unix machine you have to be root to install most of the software (you usually have to be root before rpm or make install) : a simple trojan relying on *stupid* user behaviour can be written for any platform and this is not a security problem of the platform, is a security problem of the user's brain.
3) From 2, even if the default user was not administrator, most people would simply try to install this new porn-lemmings game they received and they would "run as" it (just like you su - make install on linux).
4) It's not even only a problem in the user brain. I wonder how much would it take to discover 5 malicious lines inserted in some big open source project. This *is* a possible evet, it could be an angry sourceforge employer, a security hole somewhere, a
5) It seems to me whatever the choice of MS is in any particular matter, there is always someone who takes it to bash it down. When the fact is ridiculous like in this example, this kind of behaviour is detrimental to the whole community. Do you live to make Linux great ? Than use your time to make it the perfect OS, not to make Windows appear the worst OS ever - 90% of users have chosen it as the best product for them and they will not change their mind because you are bashing it down, they will change their mind when they'll see something better *for them*.
Re:Are you surpised? (Score:3, Funny)
Let me be the first to say, PWN3D!!!1one!!1
Re:Are you surpised? (Score:3)
Re:Old news (Score:2)
Re:Old news (Score:2, Insightful)
Slashdot is here to point us to interesting things on sites which we would not normally visit.
As a result of that, it is a _requirement_ for other sites to have covered the issue first.
Don't complain just because you don't understand how slashdot works - by your UID you've been here enough years that you should have figured it out by now.
Re:how long before patch? (Score:2, Insightful)
Re:how long before patch? (Score:3, Informative)
I think the trojan is probably pretty safe from that particular OS protection...
Re:**THREADJACK - LokiTorrent now owned by MPAA** (Score:2)
Re:**THREADJACK - LokiTorrent now owned by MPAA** (Score:2)
You sir, (Score:3, Funny)
Can't have it both ways. (Score:5, Insightful)
Pick a side, people.
Re:Can't have it both ways. (Score:2)
If people's computers didn't get loaded with spyware and cause them to buy this other application out, then this thing likely wouldn't remove it.
True enough, but remember the meatware issue too (Score:3, Insightful)
But, if you're a jackass who's making software to spy on people, claim it's something else, and then put in measures to ensure that the programs run "no matter what..." Well, I'm willing to put plenty of responsibility on you.
It doesn't matter what platform the author is targeting, nor what company makes that platform. You're still trying to find unethical (an in many cases illegal) ways to get your st
Re:MS Software crap? Really? (Score:5, Interesting)
OSX and Linux (and nearly every other OS under the sun) creates user accounts with limited rights. That means things cannot happen without your specific permission.
In Suse 9.2, for example, when I need to do something like that requires root access, I'm asked to supply a password.
A similar thing happens in OSX. When you install software you're asked for a password.
Accordingly, by default Windows is less secure as programs can install and system settings can change behind your back and without your permission.
I admit that Windows gets a lot of attacks because it's a big target. However, everyone has to realise that a lot of the attacks occur simply because Windows is insecure by default.
Re:MS Software crap? Really? (Score:2)