Slashdot Mirror
Sneak Peek At Microsoft Anti-Spyware
Ant writes "Broadband Reports mentions Neowin's sneak peek of Microsoft's upcoming anti-spyware software recently acquired community favorite Giant spyware; Microsoft has code-named their re-hashed version of that software 'Atlanta.' It is currently in an internal beta test. There are screenshots of the application in action."
If it works, is free and can be deployed and controlled via Active Directory GPOs I am going to be a happy man for the enterprise.
Anyone know if it IS going to be free?
They didn't just change the name, I'm sure that somewhere in there is additional code that has a crippling security hole just waiting to be discovered and exploited.
Seriously, back when Microsoft first got their grubby mitts on Virtual PC, the first thing they did was release an updater for it. If that updater did anything at all other than just replace "Connectix" with "Microsoft" everywhere in the program, I couldn't tell you what it was to save my life.
They don't do anything, they get blamed, try to do something, they get blamed. Come out of the MS bashing mentality to see that they are trying to resolve the issue. The only reason spyware is so prevalent in IE is because of monoculture, nothing to do with engineering
Anyone notice in this pic how it mentions SpyNet? :)
Sounds a little too much like SkyNet to me
Homonyms are fun!
You're driving your car, but they're riding their bikes there.
I find this interesting because traditionally Microsoft has always had an open door policy about which software can be installed on Windows. There are many pieces of software that legitimate companies install which users and many anti-spyware companies consider spyware and thus remove. Microsoft up until this point has had no public policy on semi-legit software which users have unwittingly been installing. So now here we have MS now denying them the ability to install their semi-legit software. Will they now be able to sue MS for keeping them off of the Windows platform? Did ms tweak the rules so that companies like Claria can continue to push Gator?
Think about that for a moment. There is plenty of malicious software out there but there is also plenty of "grey" software which drives users nuts but is in reality legal. Is it ok for software to change a user's homepage and install fake ad killers? Can companies no longer sell software which preys on users who are used to quickly hitting the OK button? I'd be interested to know what ISV's Microsoft is now for the first time denying access to Windows even though they develop semi-legit software. Are big legal battles about the start up?
If you wanna get rich, you know that payback is a bitch
If Microsoft adds an anti-spyware tool free to Windows, how long until Mario Monte declares MS's move as an illegal monopolistic practice?
500GB of disk, 5TB of transfer, $5.95/mo
Think this funny all you want, but the parent post may have a point there. Perhaps this is another devious way MS is going to try to get ahead of rival products - i.e. by labelling them as Spyware. Some windows users are just silly enough to believe anything MS says.
They bought RAV (Romanian Anti-Virus), which according some have created the best anti-virus engine last year.
At least this is a product that supports other distributions than Windows XP, it also supports 9x, NT, and 2000. You can't get IE6 SP2 on anything other than Windows XP, so this is a welcome break to users of other Windows versions who unfortunately don't have the benefit of Microsoft's full support.
Since they are intending to sell this product for.. profit.. does this mean they will have as many security holes as possible in Windoze?
Online backup with Mozy, sounds like Ozzie, but more!
Messenger Plus is labelled 'adware', and yet MSN Messenger itself has adware? (bottom of the contact list). Messenger Plus has some neat features to remove the bloat (ads, annoying image links that take up a quarter of) the Contact List as it is.
When installing Messenger Plus, you can agree or disagree to supporting them by having adware thrown all over your PC. I disliked seeing this addition, but just simply disagreed to it to avoid it. Perhaps the person submitting the screens didn't?
(Yes, I'm aware of Gaim, Miranda, yada yada, but to be quite frank Messenger Plus adds a lot of functionality still missing from other chat programs. One of the Messenger Plus features I do like is the ability to "lock" MSN, hiding away all the chat windows and requiring a password to open MSN up again. Handy for those who need to let others on their pc.)
Nothing MS make was designed by them,
DOS, Excel, Front Page, IE
were all originaly bought.
It's turtles all the way down.
The issue is bigger than that; it isn't that there's a specific bug or fault, its in the design and implementation of things like Active X.
Why should a browser EVER make it that easy to run arbitrary code off the net at the user's priviledge level in the native OS?
The only "valid" reason is that it was THE stick to beat Java over the head with and allow web-based applications to run as Windows applications, with all the easy advantages and UI widgets people expected. Java was stuck with it's horrid GUI, while ActiveX looked and felt like a Windows application.
And that reason was only "valid" if you were a Windows product strategist trying to keep the web and Java from eliminating the need for Windows and IE.
So now we have every third web site wanting to run Active X on our machines, often in the "helper" mode to add stuff to our machines so we can see their over-animated web sites that just HAD to be implemented with Flash or Shockwave or worse.
And you wonder how people reflexively hitting "OK" to Active X warnings get infested with spyware and insist it's not MS fault?
The solution to the spyware/malware problem is simple, as demonstrated by Firefox-
Disable ActiveX controls.
Is there any legitimate reason for a non-intranet website to use them? Whenever a site requires ActiveX controls to work, I think "Boy, they hired an bunch of idiots to design their site."
They should just modify IE so that ActiveX flat-out doesn't work on any site that isn't explicitly and MANUALLY allowed to by the user or network admin.
Well.
I was part of some focus group thing (online) that MS did and they asked me how to improve Windows Update. I told them to make Windows more secure. Failing that, they need to make stuff to fix the problems they caused. Not Giant. Not Lavasoft. Not Patrick Kolla.
Microsoft.
Small potatoes make the steak look bigger.
I looked at the virus definition database for Norton one time, and 'vmlinuz' was listed. If I actually read the report the shit my school makes us use creates, it pops open the java CLASSPATH file and says a bunch of that stuff is trojan horses.
This girl had acquired a pirated version of Norton 2004 off kazaa or some p2p and I think it was bundled with a crack. To cut the story short, Norton virus scan was detecting the crack file(Norton2004crack.exe) as a viral file. She thought the whole program was a virus since it was detecting "itself" as a virus.
Ofcourse I made a couple of bucks troubleshooting this.
What ever happened to SP2 as the end-all to MS's security flaws?
XP SP2 is searching for the "real security killers" with it's predecessor, Microsoft's Trustworthy Computing.
Why am I reminded of Chris Rock's comments regarding February, when I think of why Microsoft chose that month to focus on security?
>> spyware is installed thanks to bugs within the present code
I don't know if this will sound trollish, but most of the spyware I deal with as a Windows Admin is installed, full willing, by the user. 'God I want that screensaver!', 'Wow, cursors?', 'I can't believe that the chipmunk can surf!' kind of thing. The EULA states that they, the folks that write the software, can shove a HUGE telescope up your butt, lubricants not included. The end user just want to know where to sign... All we the Admins of the world can do is lock down machines, educate the users, and hope like hell.
Seriously, I have not experienced a single instance of spyware in four years of Linux usage. I understand that Macintosh users also do not suffer from this issue. It makes me wonder why one would go to such trouble to remove ridiculous trojan programs when it's so much easier to just use a system which does not suffer from the problem?
Some people may think Firefox has a virus in it... that happened once when I installed Firefox for someone and for a while they thought it was a virus before they found out that their computer's problems were actually caused by a real virus. If Microsoft lists competing products as spyware, I think a lot of people would think... "What??? I didn't know that was spyware. Oh well, better safe then sorry, better delete it". Unfortunately, people are very easily fooled in this world. Talking about fooled, the spyware program doesn't seem to be a very effective one. They just want to make people think that Windows is secure. E.G. Even though XP includes a firewall, it isn't all that effective, and that's why a lot of people still buy seperate firewalls.I think the same thing will happen with these so-called "anti-spyware tools".
Problem is getting people to install and use it. My mother in law wouldn't use firefox in a hundred years because some of the websites of the suppliers of her company rely on broken javascript. Needless to say, she blames the browser. Mozilla isn't going to fix this-- because, as they say, it would add bloat and they'd be chasing a moving target. This makes sense, but in the meantime it stops people from switching over.
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
Why not deal with existing issues first?
Because that would mean admitting responsibility. At present, Microsoft can still rely on the myth that Windows' continual security problems are do to monoculture and basically being a big target.
It would also piss off developers of spyware and anti-spyware, and if there is anything that Microsoft is reluctant to do, it's scare of developers, even if it's at the expense of the user's experience. Remember Ballmer's "Developers! Developers! Developers!"? That's where the focus is.
Don't become a regular here -- you will become retarded.
on a clean SP2 build (that is the MSDN WinXP+SP2 all in one install), Prompted ActiveX download is still enabled for the internet zone.
If you turn that off, windows update stops working, as http[s]:*.microsoft.com is in that zone.
I dont call that locking down the browser, To secure IE (even if you only use it for windows update)
1. disable AX download in internet zone
2, edit trusted zone site security to medium. Like you ever need a 'run anything, unprompted' zone.
3. add https:*.microsoft.com and http:*.microsoft.com to the trust zone
4. uncheck the 'require https in trusted zone' switch
the aim is to redefine "trusted" from "total access" to "prompted download active X controls", which is a serious enough undertaking that I dont want to enable it broadly. Only MS sites and spyware vendors seem to use it, after all.
Well if Microsoft is doing anything to help against spyware it has got to be of some use.
There is a new extreme piece of spyware which seems to have surfaced in the last month.
http://forum.iamnotageek.com/t-78554-1.html
is the start of a very interesting thread concerning what seems to be the latest generation of spyware.
some of the things that it does include generating randomly named dll's
restarting processes that have been killed, runs IE even in safe mode, drags in a whole raft of other spyware to confuse things and leaves the PC it infects after unsuccessful removal unable to connect to the internet.
This thing is really nasty.
I am pretty sure I was dealing with a case of this yesterday. When adaware was installed and ran on a pc with XP service pack2 It triggered a Reboot due to a failure in dcom with a 1 minute countdown. The worst part was after cleaning with adaware the Pc was unable to connect to the internet unable to get an address from the router.
Manually configuring a network address and setting 192.168.2.1 as the gateway got the network working to the lan pc's.
The router could be pinged successfully but it wasn't possible to reach 192.168.2.1 through firefox netscape or IE to check the router status.
and after several hours of trying this pc refused to connect to the internet.
After banging my head against this brickwall over a period of about 12 hours the only solution was to reinstall XP.
This is the worst spyware I have ever seen, according to the thread the initial attack seems to have occured after a search for the song "over and over" by nelly although a precise location of the source of this infection isn't known.
If you have to deal with spyware on a regular basis check this thread out because you are not going to solve this one just by running adaware and spybot S&D.
http://forum.iamnotageek.com/t-78554-3.html
This latest spyware really should be submitted as a story on slashdot it is very new, very nasty and it is going to infect a lot of Pc's.
Please mod this up or investigate this yourself and Post about it.
because this is going to be a major disruption to Pc users everywhere, especially with it's defence of blocking the Pc's internet connection when you attempt to remove it.
Blarney Quality Restaurant, Plants
Fixing IE would involve such a substantial change to both itself and windows that it won't happen.
Well it doesn't change the fact that this is the wrong approach. Fixing IE means fixing a fundamental problem with windows. By adding this new anti-spyware layer, they are adding even more complexity and yeat another thing to break and cause trouble. Microsoft has so much money sitting around it's not even funny. They hire the best programmers on a regular basis. If MS doesn't have the "time" or is unwilling to make the effort then it's time to ask if it's worth using an OS where the parent company is basically to lazy to fix it.
Leaving aside the questionable irony of this software, I do wonder how well it will work in the long term. One of the problems I've already experienced when removing spyware is programs that hijack the anti-spyware software itself, usually by sabotaging the spyware definition files as soon as they are downloaded.
If Microsoft starts distributing this as standard software, should we expect to see more spyware that avoids removal in this way? Will users have to reinstall the software, or run it from a boot disk, every time they want to clean their system?