Slashdot Mirror
Microsoft Denies Claria got Spyware Exception
daria42 writes "Microsoft has denied its AntiSpyware application has given adware-maker Claria special treatment. The denial has been issued amid reports MS is looking to buy Claria, and is in response to security researchers' reports stating AntiSpyware had downgraded the threat level posed by Claria's adware products. The downgrade in threat level merely represented an effort to be "fair and consistent with how Windows AntiSpyware (Beta) handles similar software from other vendors," according to a statement published by Microsoft." As reader jfengel writes, though, "they neglected to mention what software that might be, nor did they publish the analysis."
I don't know if you guys know this, but Webroot's Spy Sweeper is also delisting obvious spyware. Microsoft is not alone in this! I personally think this is going to become a real problem with most spyware scanners unless laws are brought on to fight spyware more aggressively and some kind of standard list is defined like there is for viruses.
Please take off your tin foil hats, guys!
One might say that Microsoft is primarily responsible for the entire spyware issue (although I suspect Firefox's track record would be worse, albeit better than IE, if it were as popular). But MS AntiSpyware is a fine piece of software, however. It's easy to use and does its work better than many of its competitors.
As a relatively big fan of many Microsoft products...(hey, it's how I make a living!)
Any attempt to incorporate software like Gator into Windows, or an attempt to allow software like Gator greater control...will mean I am no longer a card-carrying member of the fan club.
Seriously, I have spent way too much time cleaning that junk off of my daughter's computer. The MS anti-spyware program works well now, but if they disable it for their 'partners' it will royally suck.
And then I'll have to eat crow for quite a while.
No reason to lie.
Excpet for the fact that Ad-Aware already had A HUGE problem recently w/ delisting of products, specifically When-U. I know many who no longer use it as the first tool against spyware, merely for thoroughness.
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.
The small print says they may not be actual spyware, but potentially dangerous items, most unknowledgable people will just remove them anyway, because it's the default option.
'For we walk by faith, not by sight.' II Corinthians 5:7
Does anyone know of any OSS that is dedicated to the removal of ad-ware and spyware. . .
I manage a number of windows machines at the office and wit he recent declassification's without good explanation that has occurred in the sector i have lost all faith in most of the products
An OSS solution would be wonderful (hell i would rather switch the machines to linux , but that is not an option right now due to certain programs that are required by the company)
Commercial solutions always to me seem rather susceptible to legal action for the classification and or bribery.
The only things certain in war are Propaganda and Death. You can never be sure which is which though
MS antispyware should rather show the threat level the user represents to the computer by analyzing the number of unused files squirreled on the desktop, viruses & spywares on the system, time spent on configuration panel, number of time a double click is performed when a single click is expected etc.
\u262D = \u5350
We should go and tell them what we think about Claria and Gator, not to mention their general business ethics.
On the contrary, we should encourage them to integrate obnoxious adware into every aspect of the browser and OS. If that doesn't persuade the world to switch, nothing will.
So MS denies something they clearly did wrong, what's new?
You, sir, are entirely unfair!
Microsoft clearly said The downgrade in threat level merely represented an effort to be "fair and consistent with how Windows AntiSpyware (Beta) handles similar software from other vendors,"
It's entirely consistent. Microsoft has consistently held their software offerings to, ahem, an improved standard.
I mean, have you ever looked at how Microsoft's C++ compilers, um, pioneered their own standard, entirely different -- and, so long as you don't like correct exception handling, consistent RTTI, or the availability of a Standard library, entirely better -- from the ANSI/ISO standard. Or look at the, um, improvements to JavaScript and the browser DOM.
Or just look at the XML for Word docs. Ok, well absent a non-disclosure agreement you can't actually look at it, but trust Microsoft it's entirely consistently inconsistent with anything else out there.
How anyone can say Microsoft isn't being consistent in its approach I just don't understand at all.
Opinions on the Twiddler2 hand-held keyboard?
Is that Claria isn't the only malware to get this exception?
Let me give you something to test, you'll most likely enjoy this.
If you've got a spare machine that can handle a 2k/XP install, install either of those OS on the computer. Grab MS Anti-Spyware, Grab Ad-Aware, and Spybot S&D. Install all of them.
Let MS-AS be your default scanner/detector of on the fly spyware threat detection instead of Spybot. Now go find a webpage (or deliberately install thru some other program) the ISTsvc (Internet Search Toolbar) spyware. Now, run either ad-aware, or spybot, and try to remove it. Worked, right? Ooops, notice how MS just trusted a change to your computer? Okay, that's detcting spyware being removed. You should get another notification immediately afterwards showing that another change has been allowed within windows. Go to MS-AS security section, look up all the alerts you've gotten. Scroll down that list. Notice a trusted change by MS-AS allowing ISTsvc to reinstall itself on your computer?
Now, I admit I may not be totally correct. I have yet to do a vice-versa and allow Spybot S&D to be the on the fly detection program. But from what I've noticed, companies providing anti-spyware solutions seem to have incentive to sneakily allow some unwanted stuff on your computer; they eventually want you to pay for their full version of the program, which you'll hope will do the job even more thoroughly. They've set out a mousetrap in order to try to make more money off of you.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Good news, this means they will have to drop the Trusting Computing idea altogether... errr if this was truly an "effort to be fair and consistent "
Some of his questions in the Ballmer interview:
* Why does Microsoft care about developers?
* Microsoft is a leader in transparency and blogging. Why did you allow blogging?
* Coming up with tough questions for you is hard. If you were in my position what tough questions would you ask Microsoft's CEO?
I'm sorry. That's a man brown-nosing just as hard as he can.
Chris Mattern
Amen to that.
..... there wouldn't need to be one, would there? We could just comment out the spyware-ish bits before compiling, and distribute the resulting patchfile. On Gentoo, that would probably be part of the ebuild scripts. OK then, what about Open Source spyware removal for Windows?
Where is the Open Source anti-adware, anti-spyware stuff? I don't see a spyware removal tool for Linux. Oh
But the point is that all the Open Source software available for Windows is there by accident. It wasn't written for Windows, it just was ported to Windows from some unix variant. Nobody writes GPL software with Windows in mind -- it's just that some Windows user manages, with more or less effort, to persuade it to compile, and is obliged by the licence to make the source available. {If anybody persuaded BSD-licenced code to compile under Windows, they probably would keep it closed-source -- and maybe even disable some options in an effort to extort money out of users}.
My computer is my property, and I have the right to determine what software runs on it. Installing software without my explicit consent is at least trespass {which is a civil offence and grounds to sue} and may constitute criminal damage {which is a crime, so dial 999 and let the police deal with it}. These things were already offences long before computer-specific legislation was passed. The use of confusing language to persuade someone to install software may additionally constitute Burglary Artifice. If it's a Crown Court, then the odds are in your favour -- out of a jury of 12 people, how likely do you think it is that none or only one have experienced PC trouble due to spyware?
You know, I often wonder what would life have been like if, way back in early 1976, some members of the Homebrew Computer Club had dragged Bill Gates {the author of that letter} into the gents' and given him a bloody good hiding. That has to be my second choice for an "if I could alter the course of history" fantasy.
Je fume. Tu fumes. Nous fûmes!
Well MS is badly placed for any kind of critics towards other companies. Didn't MS themselves put spyware onto people's computers before they got nailed for it?
This denial just proves once again MS' dishonesty towards customers, may they be corporate or individuals.
Why don't people act upon the fact that MS is just lying so blatantly? Oh sure, their lawyers are good, but lawyers can't do anything against massive boycott!
Action, to the streets dammit! Make piles of MS CDs to melt!
---- I am certain of only one thing : I know nothing else.
Windows AntiSpyware (Beta): Analysis approach and categories
s oftware/isv/analysis.mspx/
http://www.microsoft.com/athome/security/spyware/
This white paper provides an overview of the approach and criteria categories currently used by the Microsoft research team to analyze and classify software.
Dude, I have sources. It's not FUD, it's what Microsoft has been announcing all along. There are major architecture changes taking place (Video card and processor for example), and they won't be able to either emulate or embed the original XBOX hardware on the new XBOX.
To quote the article linked above:
On the flip side:
Here's the deal, MS will be recompiling a lot of games to run on the new hardware. Why they expect this to work without any problems I don't know. They're switching processors for crying out loud. How do they plan to get these recompiled games out to customers without charging them for a new copy, they haven't said. They've made a lot of promises about things just "working" but the fact that at the very least a recompile is necessary means at the moment they're spewing a lot of vapor and marketing but not any substance.
"Live Free or Die." Don't like it? Then keep out of the USA
Interesting comment, which reminded me of a story:
I once worked for a bank, where there was a computer that processed all electronic banking files. The majority of the programs on this computer were written by a guy I worked with. This guy considered himself a programming god, while I thought he was below average.
Now, one of the quite critical programs that ran on this computer was in the habit of crashing occasionally. The guy attributed this to an OS fluke, and instead of debugging the program and resolving the error, he wrote a program that simply checked whether the crashing program was running, and if it wasn't, would restart it.
Without our department knowing, the crashes increased in frequency. We didn't know this, because the crashing program was restarted all the time. Unfortunately, at a certain point in time the crashes occurred about every few seconds, and our system basically went down. I was part of the team that analysed and resolved the problem, and, of course, we found that it was a basic DESIGN flaw in the crashing program. I won't go into details, but basically, with some knowledge of file transfer protocols, this flaw would have been avoided.
Now, why is this story on topic? Because Windows is JUST like this crashing program, Microsoft is JUST like the guy who wrote the crashing program, and AntiSpam/AntiVirus/Firewalls are JUST like the program that restarted the crashing program.
What I expect to find, in the not-too-distant future, is that our Windows systems will simply stop running because the patch programs need all computing resources to keep Windows from going down. And the only way to resolve this, is a redesign. Which should be done by people who know how to design a good system, and not by a marketing company.
I'd like to try that because it would be interesting, but I'm sure that what you say is correct.
I don't dispute that they're letting some things through, and that the decisions they make about what gets through aren't always in the end user's best interest.
I don't have a lot of experience with spyware, because I mostly run linux, and on windows I find that it's not too hard to avoid it in the first place. I'm not an expert. But the other day I had to clean off someone else's machine that was infect with the IBIS toolbar.
I couldn't get rid of it with spybot or ad-aware. They'd find a bunch of junk and clean it off, but you'd reboot and it would come back.
When I ran the MS tool, it found more than 500 files and registry entries for it, and it cleaned them off. When I rebooted, it didn't boot cleanly (missing files were being referenced in the registry), and I thought "oh no, here we go". Then I started to get pop up windows about things trying to make changes. It told me to rerun the scanner. I did, rebooted again, and it was clean.
This is speculative on my part, and I could be wrong -- so people, please don't yell at me too much if I am, I'm aware I'm on shaky ground here -- but I had the impression that the MS tool was tagging things as spyware *because* they were trying to change registry entries and hijack the browser.
In other words, they weren't just using a file name, or a signature of a file to tag something as spyware, they were looking at the behavior of the thing. If a process tries to do something nasty, they follow it back to the source, and nuke it.
If that's what it's doing (and again, I think, but don't know, that it is), it's a big innovation. It's a good way you to fight spyware that generates lots of random files with randomized data and random names to reinstall itself.
MS, for all of their flaws (and they have plenty, I don't want to be an apologist) has vast resources and a lot of smart people. Their tool lets people report back on infestations automatically. They can throw people at the problem and code for new problems almost as soon as they arise.
They understand the OS better than anyone, obviously, and can use that knowledge to track down the source of reinstalls more effectively than comparatively small outsider shops.
That doesn't take away from the negativity of their deals with the devil. That sucks, they shouldn't do it, and they're really shooting themselves in the foot over the long run by making those deals, because no one has a bigger stake in making windows solid and trustworthy than MS, and this crap really undermines that effort.
But if you have IBIS, and you need to get rid of it, their tool is terrific. If you have that problem, don't let the fact that they've decided to be deliberate bad at ISTsvc removal prevent you from using it for IBIS. That's really all that I'm saying.
Don't stop running spybot or ad-aware. But add the MS tool to your arsenal. It does a lot of good stuff.
I will try to run your expiriment so I can learn more about this... thanks for posting about it.
Let me give you a hint.
NO!
So if they're going to make any statement about it at all, this is the one it will be. Anybody having trouble understanding this?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."