Microsoft Anti-Spyware to Be Free of Charge 470
fubar1971 writes "During his keynote speech at the at the RSA Security Conference Bill Gates announced that the MS antispyware will be offered for free. From his speech: 'We've looked hard at the nature of this problem, and made a decision that this anti-spyware capability will become something that's available at no additional charge for Windows users -- both the blocking capability, and the scanning and removal capabilities.' Additional information at Government Computer News." Update: 02/16 16:57 GMT by Z : Microsoft was previously considering charging extra for this service.
Watch for the Error.log file (Score:5, Informative)
Enterprise WILL be Charged (Score:5, Informative)
Re:It wasn't a big change... (Score:5, Informative)
Perhaps you forget, this used to be a third party offering. [giantcompany.com] And the reason MSFT bought them is they were the best at remeoving the spyware, and had the best detection methods.
I was using Giant Antispyware for a few months before MS bought them. And I've seen very few changes (maybe because the Giant Company developers are still working on it.)
Re:Watch for the Error.log file (Score:5, Informative)
http://communities.microsoft.com/newsgroups/defaul t.asp?ICP=spywareus [microsoft.com]
Re:Watch for the Error.log file (Score:3, Informative)
Re:It wasn't a big change... (Score:4, Informative)
If it were free for corporate use this would sink Spysweeper and CounterSpy, who both charge a per-seat license for a separate scanning system.
Symantec is talking about adding spyware detection into their existing virus scanning software this March and we'll have to judge how effective the product is vs Microsoft's solution. Since they already offer a virus management solution in the corporate edition, this would allow companies already using it to just get the benefit in a simple upgrade that pushes from a central server to the clients.
I must disagree. (Score:2, Informative)
The other day, on my lunch break, I went to look for song lyrics on the 'net. A few hours later, my comp started acting weird. I scanned it and BANG, there were quite a few spyware on it.
Granted, I was running IE (latests patches) on Win2k SP4 with a user that has administrative privileges (which no one should do but heck at my company my only user is admin on all workstations what can I say), and I didn't go surf on porn and/or discutable websites; I went to look for lyrics on regular websites.
Therefore, even though I'm really pissed when I need to clear machines that have spyware (I got 2 this morning only), it's clearly not the user's fault most of the time.
Of course our user aren't admin on their workstation but with all the BHO and ActiveX vulnerabilities, this doesn't prevent crap from being installed......
I now use Firefox at work, even though it's technically prohibited... I don't care. I'm often surfing to look for solutions for many things, and many "anti-spyware" websites contain themselves spywares... I'm not surfing with IE for NOTHING except our internal ticket application and our apps, which were developped using IE-standards.
Re:It wasn't a big change... (Score:1, Informative)
The linux commuity and the windows world have just gone down 2 different paths:
Linux - stability/security
Windows - interoperability/easy of use
Linux is making gains in the interop and ease of use department. Windows is making gains in the stability and security departments. It only remains to be seen who can gain on the other's strong point fastest. The number of diversity of developers in the linux community would make you think that linux would have the ege, but my money is on MS. The number & diveristy is both the linux community's strng suit and weakpoint. MS only has to agree internally to do something. WIth 10,000 linux developers each with their own idea of what is great and every linux user saying that this is what is wonderful about linux, MS can actually move faster when they need to.
Re:Hopefully MS are reading (Score:2, Informative)
That's a point I made when we were considering utilizing this software with our users. I only use it when someone has a problem, and here's why: The thing runs just like zonealarm. Now, I LOVE zonealarm and things that alert me when things aren't going the way they should for MY PC, but the average user usually has no clue what they are looking at when they see messages asking them "Allow or block". I would like to see security levels with this software, so that you could simply tell it how secure you want it, or what specifically to always allow, and block everything else. Then I wouldn't get a million calls from my two test users every day, asking "Which one should I click on this, allow or block?"
Re:Watch for the Error.log file (Score:2, Informative)
Running as Admin it doesn't find suspicious Registry Entries in other users' User Registries, which means you could be the admin on an infested machine and not know it - this is on an XP Home box, so perhaps it's different on XP Pro?
Dunno about the other things you mentioned, but until the Beta turns Gold I've been doing this for spyware removal. For the more experienced geeks and techs out there this might seem like a "Well, DUH!", but I'm on a budget. Also sometimes there is no choice, but to admin a Windows PC. If anyone has any better/more intelligent ideas, please share.
1. Run this Beta. Carves out a big chunk, but as previously mentioned by Cy Guy, it doesn't do it all. I also had a problem with it occasionally taking up 50% of the processor time at any given moment. So I run it, keep it in the background and selectively choose the agents I'm going to run. For real infected folks who are chronically infested, crank all the settings like an AC unit in August. All on high, all agents running.
2. Run Pest Patrol by Computer Associates. I have my personal beefs with CA for most of their other software *cough*ArcServe*cough*, but this application will usually examine the whole registry and everyone's profile on a deep scan.
3. Run Adware/Spybot etc. These older players tend to do well on clean-up. I haven't had too much success with them doing stand alone spyware clean-ups even if it IS a registered version with all the spyware definitions updated.
4. Run Hijack This and check it out. Just to verify that something happened and clean out the odd registry file or BHO that escaped the cleaning process.
5. Delete files from each Profile's Temp folder that aren't detrimental to the operation of the Windows PC. It's an ambigous definition, but each geek should know enough not to kill the crucial stuff.
6. Delete all items from Temporary Internet Items folder. Sure, I could do this from IE, but do I trust it. .
Why don't I do steps 5 and 6 first? When I tried that initially, 1 or 2 of the spyware removal tools would have difficulty removing a particular spyware, since some required pieces for removal seem to reside in either Temp or Temporary Internet Items.
Good luck Y'all.
Re:I'll pass (Score:2, Informative)
Can you say "Libel"? (Score:5, Informative)
Lavasoft has put out something on that in their press release [lavasoft.de] yesterday. The removal is not because of bribes, but because apparently WhenU no longer meets their threat threshold to be included in the spyware definitions database.
Re:Watch for the Error.log file (Score:2, Informative)
Re:No. The "right" thing would be to fix IE. (Score:3, Informative)
Re:Next week's news (Score:3, Informative)
Provide a control panal app or a button on IE that shows and allows removal of IE BHO's. Take it a step further and only allow BHO's to be installed through that button or CPL. How about a single function or button that shows ALL locations and all programs that are set to start on bootup (even the ones that can hook and hide themselves from showing when using regedit). Not make the users trudge through 20 or so different hidden locations that msconfig does not even show. How about when I remove something from that startup list, it can't come back or a gatekeeper to allow much more control of what goes in there. How about a method to stop a process and prevent it from starting again?
All of these functions would be seem relatively simple and provide protection or at least prevent spyware from hiding from the user. Those steps would be user friendly compared to a spyware infection and would be leaps and bounds having to constantly remove spyware app of the week that uses these sneaky unchecked methods to get onto and wreck your system. Third parties have solutions that offer some of what I suggest, MS should start with those before even thinking about a signature based product.
Re:Too Bad for Ad-Aware (Score:1, Informative)
Re:Watch for the Error.log file (Score:2, Informative)
Although the spyware reporting tool looks good. I'd like to see some kind of heuristics, but all in good time, I suppose. Personally, I've found the Giant/MS AntiSpyware product to be among the best of breed of this type of app.
Also, no scanner does multi-user scanning. They'll look at the directories, but that's as far as it will go, because user registries aren't loaded when the user's not logged in.
But yeah
Re:Watch for the Error.log file (Score:2, Informative)
the "installation" mechanism runs the tool, which does it's job and leaves nothing behind. No further action is required.
Re:It wasn't a big change... (Score:3, Informative)
Jesus Christ, you act like it just goes ahead and deletes VNC without even asking. I think it's great that it lists VNC. You are just too self-centered to see the reasoning behind it.