Microsoft's AntiSpyware Disabled by Spyware

Ruke writes "A trojan has targeted Microsoft's AntiSpyware program, deleting all files within the C:\Program Files\AntiSpyware folder, as well as logging keystrokes at several online banking sites." The good news is that it's a Trojan, so one still has to bother with running an attached file.

Blocker blocker blocker...

[Indy+Media+Watch]

None of this is a surprise and a series of new malware tools attempt to disable various protective services.

For example, deleting the MSI Installer Service such that when you try to install something like SpySweeper the installer won't work properly.

Alternatively, killing Antivirus or Personal Firewall processes or placing known good-guy websites in the restricted zone of Internet Explorer.

The 'solution' IMHO is to have multiple layers of defence and to some extent, perhaps to use less popular tools (i.e. not McAfee and Norton) which won't be on the malware's 'hitlist'.

I know security through obscurity isn't a solution, but in this case, security through not being one of the masses may be.

I say this having spent nearly a whole day trying to remove Spyware from a friend's laptop.

Sure it's a Trojan? Is it spyware?

[Chordonblue]

Don't ask anti-virus people for a straight answer - they're terrified. If one of these apps seems to have a legitimate purpose than no matter how it gets on your computer, no matter what else it does, it seems like it's immune from deletion by AV.

The AV people are tyring to walk an increasingly thin line between malicious spyware and malicious viruses. Pretty soon, they're going to have to make some hard decisions.

Re:Sure it's a Trojan? Is it spyware?

[LiquidCoooled]

I think this is very ease to solve in its preferences.

A simple role selection box.
Make it default to current "careful" practice.
Allow the option to change to tolerate all known valid adware, but remove trojans, this leaves the mild things on for kids with desktops and novelty crap.
Possibly a stronger option for workplaces etc which basically deletes anything even remotely compromising.
Have the strongest option locking the machine to the working set of executables at installation time.

Windows is with us, running as admin is unfortunate, but a great many people worldwide do, we can't change that, so lets protect them as much as possible :)

Let the user decide.

Re:MS Software crap? Really?

[Anita+Coney]

Windows runs in root. That means that by default all user accounts are created will full administrative access.

OSX and Linux (and nearly every other OS under the sun) creates user accounts with limited rights. That means things cannot happen without your specific permission.

In Suse 9.2, for example, when I need to do something like that requires root access, I'm asked to supply a password.

A similar thing happens in OSX. When you install software you're asked for a password.

Accordingly, by default Windows is less secure as programs can install and system settings can change behind your back and without your permission.

I admit that Windows gets a lot of attacks because it's a big target. However, everyone has to realise that a lot of the attacks occur simply because Windows is insecure by default.