Slashdot Mirror
Microsoft's AntiSpyware Disabled by Spyware
Ruke writes "A trojan has targeted Microsoft's AntiSpyware program, deleting all files within the C:\Program Files\AntiSpyware folder, as well as logging keystrokes at several online banking sites." The good news is that it's a Trojan, so one still has to bother with running an attached file.
The news itself might be interest, but in the realm of well written articles this will not make the list. A choice nugget from TFA:
<<< The password stealing Troj/BankAsh-A Trojan, discovered yesterday, is a spyware. It keeps a track of user activities on the computer. It spies on you. >>>
Er, didn't we cover the spying part two sentences ago? Is A spyware? A spyware what?
<<< The Trojan also removes important entries of the antispyware in the registry and thus literal kills the antispyware. >>>
Literal? Come on - this reads worse than half of the AC posts in YRO. I hate playing the grammar nazi, but this was painful to read...
"As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
Preview here
Rock that crushes, Paper & Scissors that don't matter.
Not that that has ever prevented Slashdot from reporting things like these as "vulnerabilities".
Yes, nobody ever expected a trojan to attack a piece of free MS software. I mean, look at Outlook. And Internet Explorer.
And in other news - "Google" gaining marketshare with "PageRank" technology
The best antispyware is buy a Mac, or install your favourite distro.
Sorry, but there it is.
It gets tiring fighting the broken dam, you can't hold all the water back forever.
Am I the only one who was humming the "Trojan Man" theme song while I read this?
They could have taken a working product, repackage it, only to have it compromised less than a month after their re-release.
Wait, nevermind.
How long till the Slashbots come out in droves proclaiming M$ sucks and their spyware removal sucks and they should all go to hell because a trojan(more like a crappy little batch file) is able to disable their program. Nevermind the fact that with the way this program works it would be just as effective on AdAware or SpyBot...and nevermind the fact that before running this trojan the MS spyware program TELLS YOU NOT TO!!
Please do not let scientific accuracy interfere with the intended humourous/interesting/insightful value of this comment
Viruses shut down norton antivirus.
I mean really, who didn't see this coming?
ItWasFree.com - Take the mystery
I know it's immature but...
Let me be the first to say, PWN3D!!!1one!!1
When a true genius appears, you can know him by this sign: that all the dunces are in a confederacy against him.
That by the end of this week CoolWebSearch "affiliates" will be bundling it with their software to ensure that they remain undetected (except by HijackThis, Ad-Aware, and Spybot).
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
None of this is a surprise and a series of new malware tools attempt to disable various protective services.
For example, deleting the MSI Installer Service such that when you try to install something like SpySweeper the installer won't work properly.
Alternatively, killing Antivirus or Personal Firewall processes or placing known good-guy websites in the restricted zone of Internet Explorer.
The 'solution' IMHO is to have multiple layers of defence and to some extent, perhaps to use less popular tools (i.e. not McAfee and Norton) which won't be on the malware's 'hitlist'.
I know security through obscurity isn't a solution, but in this case, security through not being one of the masses may be.
I say this having spent nearly a whole day trying to remove Spyware from a friend's laptop.
Indy Media Watch-Proctologist of the Internet
It's a bit early to point the finger.
Indy Media Watch-Proctologist of the Internet
For all its security efforts, Microsoft continues to let users run as administrator by default, which is downright irresponsible. I just spent an evening cleaning an acquaintance's computer of a persistent, multiple spyware infection because of this policy of Microsoft. Needless to say I created separate restricted user accounts for all members in the household, but the Microsoft installer should have done this from the beginning! You cannot expect regular users to do anything except go with the default.
I also installed Firefox, and set all of the Internet Exploder security settings on "High" on all accounts except the administrator one (so that Windows Update can be run).
"you have to consciously or unconsciously run the EXE to install the server side on your computer."
This is opposed to your computer plugging itself in, tapping into the internet, downloading and running itself?
Seriously, every peice of malware one gets is result of human action or inaction. If one were more conciencious of the threat, they would take necessary precautions. ( install Firefox/Linux )
I also think this title tries to make a funny or ironic statement at the expense of accuracy. A Trojan is not what I consider spyware, or, something that sneaks it way in via website, javascript, etc... A trojan targets just teh fools.
The fact that you have to run as administrator to get any work done is a security hole big enough to drive a truck through. It is ridiculous that you can trash your filesystem just by double-clicking a mail attachment. *All* linux distributions I've used set up a user account for you and encourage you to use it. Mandrake, for instance, gives you a big red warning if you start KDE as root.
Until microsoft fixes this it will be plagued by security holes. And don't give me this bullshit about usability -- Mac OS X got it right, why can't windows?
___
If you think big enough, you'll never have to do it.
Anyone have a link where I can download this at?
are an ass....
You know it....
So thanks to today's news that Symantec programs may execute programs that should be flagged, one must now only use a solid product like Symantec Anti-Virus to load up software to remove Microsoft's anti-spyware software. Beautiful. Perhaps I should save everyone the time and hassle and just make a website with a malformed jpg or gif that loads an ActiveX script to then download the trojan and thus get it all done in one shot. Vulnerability after vulnerability after vulnerability. Perhaps this guy wasn't so far off.
Of course, I can't help but point out the obvious: rumors keep abounding that M$ will charge for its anti-spyware and anti-virus softwares. So let me see if I'm clear on this... they write shitty code that I'm forced to use (since the apps I need only run on Win32), and then I have to pay again for software to keep people from exploiting the software that was shitty to begin with. Isn't that a bit like selling you a piece of shit car, then charging you to use your warranty when the clutch fails on day #2 of ownership? You know, many of us thought that the day would come that M$ would charge for access to WindowsUpdate. Is there anything they won't charge for? Don't they ever say "we fucked up... here's a freebie on us"? Or "you already paid $300 for our OS... here's a way to secure it for free".
Don't ask anti-virus people for a straight answer - they're terrified. If one of these apps seems to have a legitimate purpose than no matter how it gets on your computer, no matter what else it does, it seems like it's immune from deletion by AV.
The AV people are tyring to walk an increasingly thin line between malicious spyware and malicious viruses. Pretty soon, they're going to have to make some hard decisions.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
When Microsoft released their Antispyware, everyone said, "Oh, well, Microsoft didn't do anything, they just bought the software from Giant.". Now that there's a problem, "Whoa, Microsoft's software really sucks. It's sure is all their fault."
Pick a side, people.
... thinking of Tim holding Gareth's stapler out the window when they heard this?
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
It's on the front page because it gives an excuse to take a cheap shot at MS, troll for a flame war, get lots of hits, and bring home some advertising dollars.
In another news, the CIA was considering using Micro$oft Antispyware to keep out North Korean spies.
Alas!
Windows runs in root. That means that by default all user accounts are created will full administrative access.
OSX and Linux (and nearly every other OS under the sun) creates user accounts with limited rights. That means things cannot happen without your specific permission.
In Suse 9.2, for example, when I need to do something like that requires root access, I'm asked to supply a password.
A similar thing happens in OSX. When you install software you're asked for a password.
Accordingly, by default Windows is less secure as programs can install and system settings can change behind your back and without your permission.
I admit that Windows gets a lot of attacks because it's a big target. However, everyone has to realise that a lot of the attacks occur simply because Windows is insecure by default.
If someone says he and his monkey have nothing to hide, they almost certainly do.
OK. That's all and good, but what if a trojan/virus scans the REGISTRY? Even if you install said software to C:\usr\local\, it is still going to find it.
MS needs to get rid of the damn registry first. Then we can start talking about other methods. Although I will say that it is a start. I myself, usually install in subdirectories outside C:\Program Files\ like C:\Games, C:\apps, C:\pr0n, etc..
Also, I neat trick that I used to do with win9x PCs is instead of using C:\WINDOWS for windows-centric files, use: C:\WOS (As in Windows Operating System--a jab at its DOS roots.) Not sure if it really helped, but its hard to tell since I was never hacked, virus/spyware-infected or anything else. Still I'd get bluescreens but thats because of shitty apps/games or MS's memory management.
That is all.
"you have to consciously or unconsciously run the EXE to install the server side on your computer"
Damnit. I always knew my sleepwalking would get me in trouble some day...
SIERRA TANGO FOXTROT UNIFORM
Honestly, did anyone NOT see this coming?
I jokingly predicted this exact situation in a post when they first released the beta of the app (though admittedly I thought it'd take a little bit longer before it was actually in the wild). Rest assured that it is only a matter of time before you see this in a non-trojan form that is automatically installed via an IE exploit delivered by some ad-serving company.
Microsoft's move of buying up and releasing an anti-malware application of their own is IMO nothing more than an attempt to improve public perception of their so-called efforts towards improving Windows security.
Amusingly enough, I believe it to also be an example of how much they simply don't get it and/or don't care -- the insecurity of the underlying OS is the direct cause of the probem, not the spyware.
No amount of anti-malware software targeting the effects (automatically installed spyware) of the problem (insecure OS/Web Browser) will have any positive impact because it's the problem itself that allows the effects to continue... and have enough power to take the anti-malware software and just turn it off.
M$ when you want software really bad, we have really bad software.
So Long and Thanks for all the Fish.
Yes, IE has plenty of holes that allow exploits to ravage a system. That definately falls on the maker.
But, if you're a jackass who's making software to spy on people, claim it's something else, and then put in measures to ensure that the programs run "no matter what..." Well, I'm willing to put plenty of responsibility on you.
It doesn't matter what platform the author is targeting, nor what company makes that platform. You're still trying to find unethical (an in many cases illegal) ways to get your stuff to run on an unsuspecting target, and you plan on stealing with it (be it bank account numbers, passwords, or something as little as bandwidth to push ads).
Spyware targets whatever will attempt to remove it. I've seen trojans that prevent some scanners (Ad-Aware and Spybot especially) from detecting that the spy process even exists. I've seen processes that create backups to make sure that both keep each other running if one ends or gets cleaned out. It's something new all the time with these people. It was only a matter of time before something like this targeted Giant's product regardless of whether MS got involved or not.
1) If Windows had protected the antispyware program in some special way, we were now all complaining about antispyware being considered "special" by the OS and thus being in unfair competition with other spyware programs.
..Go and flame me now.
2) On any Unix machine you have to be root to install most of the software (you usually have to be root before rpm or make install) : a simple trojan relying on *stupid* user behaviour can be written for any platform and this is not a security problem of the platform, is a security problem of the user's brain.
3) From 2, even if the default user was not administrator, most people would simply try to install this new porn-lemmings game they received and they would "run as" it (just like you su - make install on linux).
4) It's not even only a problem in the user brain. I wonder how much would it take to discover 5 malicious lines inserted in some big open source project. This *is* a possible evet, it could be an angry sourceforge employer, a security hole somewhere, a
5) It seems to me whatever the choice of MS is in any particular matter, there is always someone who takes it to bash it down. When the fact is ridiculous like in this example, this kind of behaviour is detrimental to the whole community. Do you live to make Linux great ? Than use your time to make it the perfect OS, not to make Windows appear the worst OS ever - 90% of users have chosen it as the best product for them and they will not change their mind because you are bashing it down, they will change their mind when they'll see something better *for them*.