Slashdot Mirror
Microsoft Releases AntiSpyware Program
Nathan Weinberg writes "Microsoft released this morning Microsoft AntiSpyware, the product of last month's acquisition of GIANT. As I write in my report on my site, the program is very powerful, and certainly measures up to and may even beat Spybot and Ad-Aware. However, it's also pretty buggy, and Microsoft might have already sneaked in a pay subscription service."
Comment removed based on user account deletion
This is just scary:
1. Release buggy browser
2. Sell antispyware software
3. Profit?
Direct and indirect download links
I just had NAV2005 installed on a friend's infected PC and it did Virus and Spywares at the same time. This and Ad-Aware seems a good solution which I'd trust more than any Microsoft "security" stuff.
Trolling using another account since 2005.
The next version of Windows will have things that only their spyware removal program is able to remove, due to restrictions that the OS places on letting third party programs modify things..
Of course the spyware will be able to make it through backdoors in things like caluclator and notepad, because God knows they're wired to the central part of the Windows kernel!
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Shocking - they don't seem to support DOS based Windows (9x and ME) even though there are arguably millions of infected consumper PC's. WinME boxes aren't THAT old.
I do understand not supporting NT4 tho..
...yup...
Supported Operating Systems: Windows 2000, Windows 2000 Advanced Server, Windows 2000 Professional Edition , Windows 2000 Server, Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows Server 2003, Windows XP, Windows XP Home Edition , Windows XP Media Center Edition, Windows XP Professional Edition , Windows XP Service Pack 1, Windows XP Service Pack 2, Windows XP Tablet PC Edition
Great, go windows 98!
I guess all of my relatives will keep using ad-aware and spybot, they refuse to buy a new computer to check their email with.
Runnin' On Empty
I'd like to see some better real-time scanning... Adaware's ad-watch isn't very for end users. It monitors for system config changes. Not effective when the user doesn't have a clue.
Spybot S&D immunizes your browser, but spyware can get in other ways too through adware programs. It helps but isn't perfect.
If Microsoft can get a good, real-time scanning software package going, then it might just be onto something.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Hmmm I ran this, but I still seem to have windows on my computer.
Well, let's hope this program will be free for all people who are plagued with IE hijaking programs. With patches so slowly coming, this might be a good PR for Microsoft who is taking some hard hits from critics.
Some call me Howie Feltersnatch
However, it's also pretty buggy, and Microsoft might have already sneaked in a pay subscription service
Bastards. How dare they! They're in the software business after all.
Anonymous Twit: news aggregation sites (like slashdot) do tend to need to pull in news from other sources; which even a very basic understanding of the nature of time will tell you; means AFTER the other source has posted it.
Get a clue, FFS.
And Microsft claims that open source software stifles innovation...
How long would this 'beta version' have taken to be released, if at all, if it were not for Firefox pushing the standards to a higher level?
You are about to give someone a piece of your mind, something which you can ill afford...
Does nobody see this as a potential problem, as Microsoft will now have a vested interest in NOT fixing their O/S so that spyware can't get in?
And lastly, there doesn't seem to be any evidence that Microsoft is making it a subscription service. I was able to download, install, and run the program all without signing up for a subscription of any sort. Maybe that's because the program is still in beta or maybe it's just anti-MS FUD on the subscriber's part... who knows.
Reading the review would reveal why the submitter said that. The review says it might have a subscription based on the fact that it had 206 days until it expired. My personal opinion is that the expiration is there because it's Beta, but it may very well lead to a subscription service.
As far as the summary not saying it's a beta... Well, seemed pretty obvious to me. They just bought the company afterall.
- AMW
It's the old razors-and-razorblades model. Except this time it's like they're selling you a flat tyre, then selling you a puncture repair kit.
"this might be a good PR for Microsoft who is taking some hard hits from critics"
You got that right. Its about time they did something. Talk about TCO. Think of the amount of money spyware ridden Windows machines have costed end users and businesses to repair.
You are about to give someone a piece of your mind, something which you can ill afford...
Microsoft refuses to patch their browser wich is the cause of most "crapware" at least for all the AOL people and now they relese a sftware product to clean up or try to clean up what is initially their fault. As long as they don't bundle this with the OS it is not anticompetetive. But microsoft itself is. I mean they now bundle a firewall so no one needs to get kerio or zone alarm. If this thing get's bundeled along with the Antivirus the bought someone is gonna sue them again and then the government is going to look the other way because they are gonna say windows can't work with out. I just hope I'm wrong.
the release is only a beta version, not a final release. That might explain the bugs.
It's called Microsoft AntiSpyware. The first half of the name explains the bugs pretty well for me.
Now, what I wanna know: Is clippy involved? "You are trying to clean your machine. Would you like to give us money?"
You can't take the sky from me...
And without giving too much away, the GenuineCheck program that it offers for download (if you're not using IE) doesn't really do its job. I mean, I DO have a licensed Windows product key, I just didn't use it for this install. Still, it didn't seem to pick up on that.
Or maybe the goons are on their way as we speak. Who knows.
by Microsoft AntiSpyware that I have spyware called RealVNC on my computer! I notice it says NOTHING about spyware called Microsoft Remote Desktop. I know lots of people out here use VNC, for goodness sakes, its SPYWARE now?! wtf
Electrons are free; it is moving them that becomes expensive.
Only 6 years after it became a huge problem, MS is doing something about the insecurity of their software: they are releasing a copy of other's company's software which cleans up attacks AFTER they happen.
I suspect this innovation will be so great it has to be bundled with the OS. Why actually write secure software when you can monopolize a market created around your own insecurity?
Expire? Why should it expire if it is free?
Because it's a Beta. Most Microsoft Betas expire.
- AMW
Microsoft has often done this. They don't want customers to run beta software forever. They want the customer to realize that he or she must get the latest version.
It is just Giant rebranded with a few things missing(which I assume is just because it is in beta). Giant was a very good anti-spyware program so I expect the MS rebrand will be just the same.
The real question will just be how much effort MS puts into keeping the definitions and program updated as new types of spyware come down the pipeline. As effective as the program is right now, it is how effective it will remain in the ever changing world of spyware that is what really matters.
No beta will answer that question, only the test of time will. But, this is just Giant rebranded and it is a very solid platform, which is why MS bought it in the first place.
You are who you are, let no one tell you different. But, never close your mind to a new point of view.
You gotta love it - I just ran a scan to test this puppy out and found that Microsoft has decided to flag WinPCap as spyware. Anyone who runs tools like nmap, Ethereal, and other open-source network utilities that have been ported to Windows must be evil!
They give it a "low" threat rating, and automagically tell the software to "ignore" it (that is, don't remove it), but I'm still offended.
Then again, if WinPCap is on your system and you don't know what it is, I guess it's not a horrible idea to let the clueless know about it...
As to the resutls, it turfed up three bits of possible Spyware which Ad-Aware and Spybot were missing/ignoring. The first was what it thought was Kazaa, but was infact Kazaa Lite (I've never had the original Kazaa installed). Second was some legacy registry keys left behind by WeatherBug which had piggybacked its way onto my PC with some shareware some time ago - fixed and reported to Spybot/Ad-Aware. Finally, it detected something called SearchSquire, but this turned out to be part of the Immunization feature of Spybot.
So, aside from the conflicts with Spybot's Immunization feature and the false positive on Kazaa Lite's registry keys, both of which can be fixed by setting the detection to "Always Ignore" it's not a bad little tool at all. Expect of course, for the fact that Microsoft is clearly planning of getting people to pay for this tool according to the webpage and EULA. Hmm. Getting people to pay for cleaning up the mess that you helped create in the first place... Unless this product is *vastly* better than Spybot and Ad-Aware on a thoroughly owned PC, I don't think so, and even then I think not...
UNIX? They're not even circumcised! Savages!
Funny.... Friends and Family are heavily infested everytime I visit. Install Firefox and Mike's Ad Blocking Host File and guess what, no more spyware. The best solution is prevention.
The probably saw this:
2. TIME-SENSITIVE SOFTWARE. The software will stop running on July 31, 2005. You may not receive any other notice. You will not receive any further updates when the software stops running.
and figured OMG SUBSCRIPTION!
Another interesting EULA box is the actual definition of the software's function:
4. POTENTIALLY UNWANTED SOFTWARE. The software will search your computer for "spyware," "adware" and other potentially unwanted software ("Potentially Unwanted Software"). If it finds Potentially Unwanted Software, the software will ask you if you want to ignore, disable (quarantine) or remove it. The software will only remove or disable Potentially Unwanted Software as you instruct it. Removing or disabling the Potentially Unwanted Software may cause other software on your computer to stop working, and it may cause you to breach a license to use other software on your computer, if the other software installed the Potentially Unwanted Software on your computer as a condition of your use of the other software. You should read the license agreements for other software before authorizing the removal of any Potentially Unwanted Software. By using this software, it is possible that you will also remove or disable software that is not Potentially Unwanted Software. You are solely responsible for selecting which Potentially Unwanted Software the software removes or disables.
When I worked at Dell, they wouldn't let us dick with spyware stuff because of potential legal problems -- that is, the law might side with the malware.
REM Old programmers don't die. They just GOSUB without RETURN.
Here is their explanation of RealVNC.
It also found a Windows 2000 resource kit utility as something called Cyanure.
I ran the software, and it was kind enough to suggest that I "Restore Hijacked Internet Explorer Browser Settings" because these values apparently differ from the recommended.
Good thing Microsoft is looking out for me and keeping those darn open source spyware programs away from me...
By reading this sig, you agree to be bound by all terms and conditions I choose.
It would be very nice if Microsoft does do something to combat the many problems IE has for users and system administrators. What would be ideal if Microsoft includes this program with all versions of Windows because (as you and everybody else knows) wants users to use IE.
Something like this would be nice too: "We apologize for all the problems Internet Explorer has caused you our loyal customers. We now have a free anti-spyware for you to use"
With more and more people migrating to alternate browsers, this might have been a wake up call for Microsoft to do something about it. How they will do it is up to question as well, ie. subscription to get rid of the spyware on an already spyware prone browser.
Another interesting thing to note is Microsoft buys a company that makes anti-spyware. In the tradition of Microsoft, they sure like buying other peoples' software and build on it (Good ol' DOS, heh).
Some call me Howie Feltersnatch
With the threat of people jumping ship to another OS, MS may make back their money by just keeping their customers?
You mean like how makers of P2P software make it possible for people to violate copyright law?
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
How long would this 'beta version' have taken to be released, if at all, if it were not for Firefox pushing the standards to a higher level?
Personally, I think Adaware and SpyBot had more to do with it than Firefox. Not to mention Symantec is now bundling spyware detection into theie security software, and CA just acquire PestPatrol so that they can incorporate it into their software.
It seems to me that Microsoft's closed source products has created so many exploits for malware to take advantage of, that a new emerging market with great potential has been created. Microsoft is now getting involved in this lucrative market. This is a prime example of how Microsoft feels about closed source products being good for innovation.
Create a crappy product that others can't openly fix, so that it will innovate new products, so that it will make a new market that they can try to dominate.
>> How would this extend their monopoly?
Well for one it detected RealVNC as a potential spyware threat, even though it's a low risk one and recommended action is ignore... I remember a while ago when XP came out there was a hassle regarding XP licensing and other non-MS remote software to access the machine...
Must be beta... it started to uninstall my microsoft office windows media player and IE
That is most likely due to beta - alphas and betas of most MS software (and I'm speaking as an MSDN subscriber who can get hold of them) have expiry dates built in - I think the Longhorn tech release I have expires in August or something, and a beta of Windows 2000 expired before W2K was actually released. Can't speak for Office betas, but I feel it would be likely that they too expire.
How many people can read hex if only you and dead people can read hex?
Interesting question. Is a company that releases an inferior product, but that has a monopoly required to force their customers to pay subscription fees for multiple software packages by third parties needed to patch the vulnurability? And if they decide to release their own software to fix the problem, are they partaking in anti-competitive practices by wiping out companies that exist solely to patch the problem? If they charge a competitive fee for the software, is that better or worse than giving it out for free? On one hand they're screwing their customers who live with the bugs, on the other hand they're putting companies out of business.
I just ran it on my work machine (which apparently was zombified and cleaned up before I started working here). Came up with a clean bill of health, so I guess whoever did the cleanup did a pretty good job (FYI, I also run Spybot and AdAware regularly on it). I noticed that the process/executable is still named GIANTAntiSpywareMain.exe. I'm assuming that's something MS plans to change in the future. Also, under the Advanced Tools > System Explorer > Shell Execute Hooks, it lists Microsoft.AntiSpyware.ShellExecuteHook1 as an unknown type. I would really hope they clean that up before final release....
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
Are you people for real? Your UPSET that it found things like VNC and WinPCap?
I've tested it on several machines at work, and it found spyware that Adaware and Spybot couldn't. It did also mark Dameware Mini Remote (a remote desktop program) as potential spyware, as well as the custom hosts file that I put on all machines. I think all these non-spyware programs were set to "Ignore" by default, but its not too hard to set to "Ignore All" if you know it should be there.
My point is, if you use VNC/Dameware/WinPCap/whatever... , you probably know it. But if you don't use them, and it's installed on your system, its probably a GOOD thing to have a scan pick it up and make you aware of it.
So far I'm impressed with this beta, and if the worst problem all you nay sayers can find is that it's too thorough, you should probably find something else to complain about. If this didn't have "Microsoft" in front of it, I bet I good deal of you would be hailing it as one of the best anti-spyware products out there.
[end of rant]
I agree somewhat. Many big companies are moving to alternate operating systems which is making Microsoft nervous. While they hold a giant share of the desktop market, they seem to be losing grip with the enterprise. Maybe that explains why steve ballmer gave the patent infringement speech to scare people to stay with them instead of looking elsewhere.
I do not see MS losing a huge market share anytime soon, but with other OS's getting more choices of software for end users as well as ease of installation and use (Mandrake, SUSE, Fedora) I can see these types of operating systems gaining some serious ground to negate the problems Windows has. I am not saying Windows is all bad because there is some nice features and a wide variety of software people just do not want to live without.
Some call me Howie Feltersnatch
But it does run fine under Wine, and produces a validation code. The code isn't recognized as valid by the MS web page, though. Strange.
So I downloaded and installed this on my machine to check it out. Keep in mind that my machine routinely has spyware scans of all kinds run on it, as I test out almost every spyware system imaginable for work.
- It reported WinPCap as "spyware" (or rather an "enabler", whatever that means), but it did have a default action of "Ignore" associated with it when the scan was done.
- It disovered c:\program files\support tools\remote.exe as the Cyanure Remote Administration Tool, classified as a Severe threat. This is Microsoft-made tool that comes with their Windows 2000 Support Tools.
- Some leftover directories of Hotbar that Adaware apparently did not fully clean up from a previous intentional infection.
This is the first time I've ever seen WinPCap flagged on any kind of spyware scan, kind of find that amusing. Microsoft must hate Ethereal or something. The Remote.exe thing is sort of funny too, but probably not unexpected, though it did not have a problem with the copy of Remote Administrator I have installed on my machine (in server mode no less). It'll be interesting to see how this performs on some intentionally-infected machines, compared to AdAware and Spybot.
The vast majority of spyware is installed when users click 'Yes' to the question (or a variant to the question) 'Should you always trust software from Gator Corporation'. Not being a Microsoft defender, just pointing out the facts.
Microsoft/Internet Explorer has a lot of issues, but you can never prevent people from installing software off the internet that includes spyware, thus programs to clean up spyware will always be required regardless of how many security measures are created to prevent unauthorized access to the computer.
Who provides that software is up to the market to decide. Considering that most people who use Windows as their operating system will need defense vs. spyware, and that if Windows always comes with spyware protection it will make the life of those who produce it more difficult since it will always be installed on every new machine, I am 100% for Microsoft including spyware protection as part of the base operating system that people get with every machine.
If the software market can provide a solution that is superior to what Microsoft provides then they can charge money for it and those who need/want the additional protection can buy it. If Microsoft's solution is adequete and there is no room for a competitor, who cares? The problem is fixed and we all live happily ever after.
The Slashdot community always seems to put Microsoft into a lose/lose situation. If they create a new program and add it to the operating system they are destroying competition. If they don't then everyone claims their software sucks
Hmm, Hotbar who is a Microsoft Certified Partner is flagged as "Low Risk Adware" and default setting is to ignore. Co-incidence or shall I fetch my Tinfoil hat? Jonathan
4. POTENTIALLY UNWANTED SOFTWARE.
Is Microsoft coining a new term - PUS? My machine is infected with PUS.
I can see it now...
The following has been identified as PUS. You may choose to keep it, however Microsoft cannot guarantee stability if you allow it to remain installed. Do you wish to disable the following PUS?:
Lilo - Identified as PUS
The thing detected RealVNC as Spyware, go figure.
Microsoft also bought Internet Explorer, that's given away for free. They really don't need to make the money back with all the cash they have. The positive PR from giving it away for free could easily make up for the cost of the company.
-matt
"Possible Browser Hijack. Start page set to about:blank"
"Commercial Remote Control Software. RealVNC"
who do these people think they are?
I've installed it (bypassing the genuine OS scan on the download page) and ran it once. It picked up a lot of stuff that neither Ad-Aware nor Spybot found, which was very impressive. It ran MUCH more quickly than Ad-Aware SE.
Strangely, it identified "Edonkey2000" (I have eMule) as a potential adware carrier. I've never known an ED2k client to show ads. Thankfully, the default action for eMule was "Ignore" and there was an "Ignore always" option as well.
Antispyware has the potential to raise the bar for this type of security application. However, I'm a little worried that this beta will turn out to be the best and most functional iteration of the product. The preferential treatment for IE in the options is to be expected, but it could become a troublesome feature if MS pushes their browser too hard.
I figured I'd test MS AntiSpyware against Lavasofts Ad-watch. I installed 'MSN Toolbar Suite'. That isn't malware but lavasofts program gives me the chance to block the registry modification whereas the MS product pops up a window from the sys tray saying the product doing the registry entry isn't known spyware and didn't let me say yay or nay, instead just disappearing faster than I could read the entire message.
I like the behavior of Ad-watch much better; leaving me in control and not making assumptions for me. I realize the MSN product was install by choice but could other programs slip through MS assumptions?
Here's the thing, if MS don't charge a sub won't everyone accuse them of trying to put all the other AntiSpyware companies out of business?
Maybe if MS just fixed IE they wouldent need to charge their customers more money to fix a problem that is caused mostly by the lovable and exploitable IE.
What about to the companies making the spyware in the first place? Do they have a case against Microsoft if they make changes to their dominant OS that intentionally break spyware?
I don't think improving security in an OS, even if it harms third parties who make a profit off your bad security, is going to meet the standards for abuse of a monopoly in the same way that tying a new application that adds features instead of fixing problems to the OS would.
Don't blame me; I'm never given mod points.
How do we know they will offer updates to dectect new spyware any faster than they will offer OS patches?
UNIX/Linux Consulting
support proper file-locking and implement unix-style permissions
What are you talking about, windows has a better permission structure with ACLs than any unix system did. Most modren unix systems have been adopting Windows style ACLs lately. File locking also exists in windows, and also part of ntfs. Ofcourse you would not have these features in FAT.
If anything is the problem is that people are administrators on their computers and this would be solved if they went the apple sudo model, which I prefer the most.
No, I do not see it as a problem, unless they charge for it. There has been no indication that they will charge for it except for the Slashdot FUD.
Is it a potential problem that open source software business plans are based on services and support - meaning they have a vested interest in keeping their applications difficult to use and fix? I'm not saying it is, but would you?
The software detected RealVNC when it was still under the GIANT name. It's not something MS just added.
Hades, PoD: Official Advocate
From Blocker3
The BETA Version is free for the testing. After the 90 Day Trial, Microsoft will Charge a $99.00 Licensing fee, per year. Updates will be available for a subscription fee of $45.00 per year, and will include any new variants of spyware. This will only work on legitimate versions of the "Licensed" OS Software.Later in the discussion Blocker3 mentions this as a result of someone else mentioning contrary information concerning it's status:
I am Team Leader for the Microsoft software development team on this project.
Thought you all want to know.
I feel fantastic, and I'm still alive.
Hopefully that can be protected against, too... I'm not sure how it's configured in the Registry, perhaps they already encrypt it, but if XP can decrypt it to verify, then someone can debug while it does so...
I feel fantastic, and I'm still alive.
What really pissed me off was that I was using WindowsUpdate v5, which was pretty slick, but the beta worked fine in Windows 2000, it could handle some things that v4 couldn't.
After XP SP2 came out, I found that WindowsUpdate v5 for w2k was canceled, I had to go back to v4.
It's obvious that they just didn't want to give anyone the benefit of using a better service on an older OS.
That's the sort of shit MS pulls that makes me not buy or use their products.
Apple has pissed me off pretty well too, mostly involving broken promises with OS features and shady enterprise support. I work at a place that upgraded to OS X 10.2 for the AD integration features, but it wouldn't work at all in our environment, 10.3 works adequately, and whenever I have even a minor gripe they tell me to buy 10.4, which isn't even out yet.
That's somewhere where Linux shines. I always seem to get what I expect, because I don't think lines like 'added fixes for sk98lin enet driver' in the kernel changelog are ever outright lies, and my expecations are lower in the 'lower because I expect realistic features in this timeframe' way.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
I remember hearing about that 'deal' a few years ago...likely on /. too.
I wonder how long SpyGlass (right company?) was to be paid a percentage of IE sales? If it was for perpetuity (not likely), then they may have a case that it's a product for 'sale' when the new version of Windows ships as IE is no longer freely downloadable...?
-Ben
I download the program and tried to install it. I use Firefox as default browser. The software said it wouldn't install unless IE 6.0 was installed on the computer.