Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Windows Secrets Newsletter

    If you don't subscribe, you might want to take a look at the latest issue: Anti-adware misses most malware.

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 28 Times in 28 Posts

    Re: Windows Secrets Newsletter

    So much for our standard recommendation to run AdAware and Spybot...

  3. #3
    2 Star Lounger
    Join Date
    Jan 2001
    Location
    Goose Creek, South Carolina, USA
    Posts
    108
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Re: Windows Secrets Newsletter

    WinXPPro SR2

    After reading Brian's the newsletter this morning I downloaded the Microsoft Anti Spyware Beta and installed it. When trying to start the program it got "hung" looking for "Startman10396.msi" so it could install "PCForrest StartMan 1.3.96". This got me into a "loop" which I could only break out of by going to taskman and shutting it down.
    So ... after searching my drive for startman10396.msi and not finding it anywhere, I removed the whole megilla and tried installing it from the Microsoft site using "run rather than "save to disk". ... Same problem.
    Guess that's why it's a "beta".

  4. #4
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Windows Secrets Newsletter

    I haven't yet tried the MS beta, but just so you know there are two other threads here in The Lounge about it. <!post=This thread,442223>This thread<!/post> also has a link to another thread (now locked) about the beta product. I guess it would be better to keep an eye out there to see what others are experiencing. If anyone else reading this thread wants to talk about the beta product, the referenced thread would be a good place to do so.

  5. #5
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Windows Secrets Newsletter

    I've used the MS Spyware Beta since 6th January, and bar three "false positives" (two of which in the Windows 2000 Resource Kit!) it has caused no problems. It updates itself automatically every week, at least.

    However, it does ask whether I should be running my BATch files... <img src=/S/hmmn.gif border=0 alt=hmmn width=15 height=15>

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  6. #6
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Windows Secrets Newsletter

    Also disturbing is the long list of Rogue/Suspect Anti-Spyware Products & Web Sites at the linked Spyware Warrior site. Not only are these things spyware themselves, but some have hijacked the well-known legit product names, in the hope of tricking the unwary:
    Adware Pro
    Spy Blast

    There's no bottom to their low life tactics.

    Alan

  7. #7
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Windows Secrets Newsletter

    Without knowing all the details, it's difficult to attach significance to the numbers. He speaks of "removal" of spyware, but I guess there are varying "degrees" of countering it. Neutralizing it, for instance, eliminates the spying activity, but doesn't clean the junk from the system. I'd like to know more about the terms used - catches, removing ...

    "Adware seems to be evolving much faster than anti-adware, and the battle is so far being won by the adware side."
    seems to indicate (IMHO) that we ought to be going back closer to first principles, teaching users to identify running processes, tracing suspect ones and preventing their initiation, discovering their components and registry entries and cleaning them out etc.

    Obviously it's an uphill battle at the moment, and it might be expecting an awful lot of a single application to be a detect all, clean all, remove all tool with the powers of heuristic clairvoyancy to keep up with all this crud. I'd really like to see a clever, comprehensive website/ database featuring little targetted components, like CWShredder. These could appear as downloads on the individual pages that describe each rogue/ suspect process, associated files, startup entries etc. Spyware identification might be by submitting something like a HijackThis client-generated report. In other words, an online step-by-step clinic, for want of a better term.

    <img src=/S/2cents.gif border=0 alt=2cents width=15 height=15>
    Alan

  8. #8
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: Windows Secrets Newsletter

    Maybe like X-RayPC that you mentioned in <post#=439311>post 439311</post#>?

    That seems like a really good approach to me. Has anyone tried this for long enough to give opinions yet?

    StuartR

  9. #9
    Platinum Lounger
    Join Date
    Jan 2001
    Posts
    3,788
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Windows Secrets Newsletter

    I just tested my system. I made sure I had the latest signatures and ran Ad-Aware SE Personal, Spybot S&D and CWShredder 2.1. No spyware was found.

    I then installed and ran Microsoft AntiSpyware (Beta) and it found 1 item in IE (SearchSquire). That malware has probably been there for a long time since I only use IE nowadays is for the Microsoft Windows & Office update sites.

    The method I use to avoid malware is to use the Firefox browser as it is designed with security in mind, in particular it does not use ActiveX one of the main sources of malicious software. I use Spybot S&D's resident scanners plus SpywareBlaster to help block any malware. I avoid downloading & installing software unless I know it to be malware free. It is a case of prevention being better than the cure.

  10. #10
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Windows Secrets Newsletter

    <P ID="edit" class=small>(Edited by AlanMiller on 28-Jan-05 11:29. )</P>I haven't given it a whirl myself... waiting for someone else to dive in.
    But maybe it was that excellent post that put the idea in my head for this thread. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

    Alan

    I just gave the latest version a whirl. Some odd results. My firewall doesn't alert me that it is trying to communicate out as a "new" application, and I can't see evidence that it is doing so in its interface, even though Agnitum reports a connection under an "undefined" rule:
    Undefined Rule X-RAYPC.EXE LocalHost PROXY:8080 Outbound TCP 1847

    Maybe it needs to run background for some time before results appear? We'll see.

  11. #11
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Windows Secrets Newsletter

    My results were IDENTICAL to yours Tony. I am using the same anti-spyware software as well as Firefox (except when IE is absolutely required - eg. Windows or Office Update) and the MS Beta software found only the one item (SearchSquire). That would seem to indicate (I hope) that this combination of applications is rendering our systems relatively secure.
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

  12. #12
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Windows Secrets Newsletter

    <P ID="edit" class=small>(Edited by JohnGray on 28-Jan-05 10:22. yet more added comments)</P>Chaps,

    SearchSquire can be a false positive. I get it too, and have put it in the "Ignore Always", or whatever it's called, list!

    John

    Later... Here's a quote from one of the Microsoft newsgroups...

    "The second false positive it found was 2 hits for searchsquire that it found in HKCUsoftwaremicrosoftwindowscurrentVersioninternet settingsdomains. If I'm not mistaken this is the registry key that contains the restricted sites under internet options as I have this domain name listed twice in my restricted sites."

    Even Later... I removed SearchSquire from the "Always Ignore" list, reran the Scan, and it didn't pick it up this time. So presumably a recent definitions update has sorted this out now!
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  13. #13
    Platinum Lounger
    Join Date
    Jan 2001
    Posts
    3,788
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Windows Secrets Newsletter

    John

    You are right about the false positive. I checked the immunize section of Spybot and it showed 1 item not immunized. After immunizing the 1 item and running Microsoft AntiSpyware again, it listed SearchSquire yet again. The false positive is also mentioned in Net-Integration Forums -> Microsoft Antispyware And Spybot Conflict

  14. #14
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Windows Secrets Newsletter

    Okay - my 3 cents.

    It disturbs me that the AdAware/SpyBot S&D combo did so poorly.

    It disturbs me that the best performer (Giant) just happens to be the same app Microsoft chose - I trust Brian L. but I still wonder how independent and unbiased the original tests were.

    The test was done last August - that's a long time ago - relatively speaking - SB S&D has had 10 or so updates since then (when did they go to 1.3?) - AdAware SE was just released when the test was done and has had many updates since then too.

    It disturbs me that Aluria Spyware Eliminator was included when it clearly is a Rogue app (see Eric's list) - it does indeed remove spyware only to dump WhenU - a known aggressive user tracking spyware, onto your system - kinda like the mob taking over a street gang's territory. If this product is included in anything, there should have been a clear disclaimer included. Not doing so gives them legitimacy they clearly do not deserve.

    My own tests were similar to those mentioned above - that is AdAware and SpyBot S&D did indeed get everything - or at least no other product found additional stuff - but that was for me and my systems on THIS particular day - that is not over a period of time.

    I think most experts and advanced users agree that to fight malware, you need an arsenal of tools. Most of us use one AV program "in resident" but occasionally check one of the on-line scan sites just to make sure, or we may even have a second AV installed but used only upon demand. I use Norton or AVG on my systems (all will go to AVG as my subscriptions expire) but weekly run one or both of these:
    Trend Micro HouseCall
    or
    PandaSoft ActiveScan

    In addition to at least 2 spyware scanners, 2 AV scanners, I also use 2 Trojan scanners - Trojan Hunter and a
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  15. #15
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Windows Secrets Newsletter

    Thanks for the SearchSquire information. I've corrected that issue but I' have a few other questions.
    1) When I run an AdAware complete system scan, AdAware indicates that is has scanned in excess of 400,000 files. The MS Beta (again set for a full system scan) indicates just over 26,000 files scanned. That's quite a difference. Is there an explanation for this?
    2) What is an "intelligent quick scan" and when should it be used (as opposed to a full system scan)?

    Edited: Found part of the answer to question 1 - apparently the Beta does not scan cookies. <img src=/S/hmmn.gif border=0 alt=hmmn width=15 height=15> Spyware or Adware doesn't place cookies on my machine?
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •