Slashdot Mirror
Microsoft's AntiSpyware Disabled by Spyware
Ruke writes "A trojan has targeted Microsoft's AntiSpyware program, deleting all files within the C:\Program Files\AntiSpyware folder, as well as logging keystrokes at several online banking sites." The good news is that it's a Trojan, so one still has to bother with running an attached file.
None of this is a surprise and a series of new malware tools attempt to disable various protective services.
For example, deleting the MSI Installer Service such that when you try to install something like SpySweeper the installer won't work properly.
Alternatively, killing Antivirus or Personal Firewall processes or placing known good-guy websites in the restricted zone of Internet Explorer.
The 'solution' IMHO is to have multiple layers of defence and to some extent, perhaps to use less popular tools (i.e. not McAfee and Norton) which won't be on the malware's 'hitlist'.
I know security through obscurity isn't a solution, but in this case, security through not being one of the masses may be.
I say this having spent nearly a whole day trying to remove Spyware from a friend's laptop.
Indy Media Watch-Proctologist of the Internet
Don't ask anti-virus people for a straight answer - they're terrified. If one of these apps seems to have a legitimate purpose than no matter how it gets on your computer, no matter what else it does, it seems like it's immune from deletion by AV.
The AV people are tyring to walk an increasingly thin line between malicious spyware and malicious viruses. Pretty soon, they're going to have to make some hard decisions.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
How many MacOS X users just type their admin password whenever it is requested? Most of them. It's just an annoying part of running MacOS X
Windows runs in root. That means that by default all user accounts are created will full administrative access.
OSX and Linux (and nearly every other OS under the sun) creates user accounts with limited rights. That means things cannot happen without your specific permission.
In Suse 9.2, for example, when I need to do something like that requires root access, I'm asked to supply a password.
A similar thing happens in OSX. When you install software you're asked for a password.
Accordingly, by default Windows is less secure as programs can install and system settings can change behind your back and without your permission.
I admit that Windows gets a lot of attacks because it's a big target. However, everyone has to realise that a lot of the attacks occur simply because Windows is insecure by default.
If someone says he and his monkey have nothing to hide, they almost certainly do.
OK. That's all and good, but what if a trojan/virus scans the REGISTRY? Even if you install said software to C:\usr\local\, it is still going to find it.
MS needs to get rid of the damn registry first. Then we can start talking about other methods. Although I will say that it is a start. I myself, usually install in subdirectories outside C:\Program Files\ like C:\Games, C:\apps, C:\pr0n, etc..
Also, I neat trick that I used to do with win9x PCs is instead of using C:\WINDOWS for windows-centric files, use: C:\WOS (As in Windows Operating System--a jab at its DOS roots.) Not sure if it really helped, but its hard to tell since I was never hacked, virus/spyware-infected or anything else. Still I'd get bluescreens but thats because of shitty apps/games or MS's memory management.
That is all.