Microsoft Anti-Spyware article

Discussion in 'Windows Desktop Systems' started by tdinc, Jan 10, 2005.

  1. tdinc

    tdinc █▄█ ▀█▄ █ Political User

    Messages:
    3,507
    Location:
    Sterling Heights, MICHIGAN
    I thought this article would be some interesting reading about M$ new antispyware program.

    www.securityfocus.com

    funny stuff :nervous:
     
  2. Khayman

    Khayman I'm sorry Hal... Political User Folding Team

    Messages:
    5,518
    Location:
    England
    Articles ok, but it seems to take the stance that all spyware is becuase of holes in the OS and IE and the MS are just trying to temp plug holes instead of fixing them. But the majority of spyware gets bundeled with other programs and installed by accident, or part of webpages. Thats not much they can do about that. For me MS spyware program looks good...so far :)
     
  3. Kush

    Kush High On Life!

    Messages:
    4,590
    Location:
    Montreal, Quebec
    howd the cat die?
     
  4. Khayman

    Khayman I'm sorry Hal... Political User Folding Team

    Messages:
    5,518
    Location:
    England
    I shot it for being annoying
     
  5. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
  6. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    * Windows XP - drain on resources: If you're still hanging on to that Pentium II machine with 64MB of RAM, then yeah, sure.
    * MSN Messenger - trojan: Wonder where the moron got that idea from.
    * Internet Explorer - contains security flaws: sure, just like everything else. Probably less secure than others, but hey, let's pass judgements on a company that puts out 300+ products based on just one! Weee...
    * Windows Media Player - very annoying: yeah, and so is the smartass who hacked up this screenshot
    * OE - reports BlueMountain greetings as spam: OE doesn't even include a spam filter. Shows how much the moron knows.
    * MS Office - fails to improve and innovate: yeah, yet it's the office productivity suite of choice for almost everyone in the world. It does it's job, so what's the problem? Besides, Outlook 2003 was a huge improvement over Outlook XP. But of course the moron wouldn't know that because his biases would prevent him from even trying it out.
    * Paint - ineffective and inefficient: What do you want? A Photoshop-like app bundled for free? You'd then be the first moron in line to scream "anti-trust"

    Shame on you for even reposting something so clearly idiotic, j79zlr.

    Edit: Just to prevent any misunderstandings, the initial comments weren't directed towards j79zlr, but to the guy who created that "screenshot." I do hope he gets a chance to read them. ;)
     
  7. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    wow, you have some hostility towards me. I'm sorry you love Microsoft so much you can't even have a sense of humor.
     
  8. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Just so you know, the comments weren't directed towards you but to the person who created the screenshot. ;)
    Jokes are funny when they have some semblance to the truth. This thing was just as bad as some of those lame BSOD "jokes" that make their rounds every now and then.

    If I loved Microsoft so much, I wouldn't be using Firefox, UltraVNC, Google etc. now, would I?
     
  9. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    In any case, coming back to the topic, the article does make some good points.

    Prevention is better than cure, and Microsoft definitely has some work to do in the security arena, especially on products like IE. Things are changing for the better though - lots of MS devs are now using non-administrator accounts for regular activities. It's a clear indication that this fundamental problem will be addressed in future Windows releases. It just can't happen overnight, given the the size of the user-base.

    On the other hand, I also agree with the points Khayman makes. Most people love to blame someone else for the problems they create themselves. Sure, there are inherent flaws in certain products that give miscreants easy ways to write malware, but every problem that a user faces is NOT the fault of the software itself. A little bit of care and common sense can go a long way in making your computing experience more secure and productive.

    With that said, I can't comment on the MS AntiSpyware app, since I haven't installed it myself (don't need it). But from reviews and reports that I've seen from unbiased sources, Giant seems to have created a pretty solid product and I'm glad MS decided to do something about the spyware problem until a more permanent solution is ready.
     
  10. dave holbon

    dave holbon Moderator

    Messages:
    1,014
    Location:
    London England
    Well my worst thoughts were confirmed when I read that “validation software” and a “validation test” would be run on your machine as part of the pre-installation process of this product and that a new “key” would be placed on your machine unrelated to the existing keys generated when windows was originally installed. This would be read by the “windows update site” on every visit you make. This is spyware by any definition we are not in tracking cookie land here, and whilst we are on the subject are their massive problems with pirate copies of XP using suspect keys obtaining “activation” codes/keys from Microsoft’s own servers? It would seem so else this additional foray would be entirely unnecessary.

    And what happens next, are Microsoft going to sell to other suppliers of software lists of installed products on their customers PC’s and will they then generate their own keys for future use and if so, for what use?

    You may say that it’s all ok as if you use genuine software then all will be hunky-dory but think on, why is a spyware programme being used for this purpose and where is all this going to lead?

    Microsoft have stated that no personal information is collected during this “validation” but neglect to tell you that they don’t need to collect such information as they already have it, you gave it to them when you installed XP in the first place.

    I don’t know if it’s the beginning of the end, the end of the beginning or if as I suspect the beginning of the big push to sell you software for only a specific period of time (one year) and then you will have to by it all again. Whilst this will make software cheaper initially it will cost us bundles when looked at over a five year period and tie you to fewer and fewer suppliers as in reality this can only be done with a speedy internet connection.

    :) :) :eek: :suprised:
     
  11. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Giant's product has been known to have lots of false positives, I would still recommend that noone besides developers install this software.

    Of course prevention is the best option, install all updates including SP2. Remove the MSJVM. Make sure you have an updated antivirus. Don't use IE for anything except getting those Windows Updates. Run AdAware and Spybot weekly. Use SpywareBlaster, no system resources, and it blocks known bad sites/cookies.
     
  12. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Are you referring to the "Windows Genuine Advantage" program? That's not being used for the first time. MS also delivered the free PhotoStory 3 app using the same method. It's a one-click process that checks if you're running a licensed version of XP and proceeds to the download after that. I've tried it with 4 separate licenses - 2 OEM, 1 retail and 1 MSDNAA. They all worked without a glitch, just like the Windows Activation process which shouldn't take more than a few seconds.

    How does this procedure classify as spyware? Spyware sends out private information like your surfing habits etc to advertising companies without your knowledge. Windows Activation and this new program ask you before you send any information, so it's not without your consent. Plus, as you already mentioned, it doesn't send any personal/private information; just a product ID for verification purposes. As we know, it's not the most effective method of curbing piracy, but software companies (including Adobe, Symantec etc.) are constantly trying new anti-piracy techniques, and justifiably so. As long as they aren't intrusive, I personally don't have a problem with them.

    In your last paragraph, you mention the subscription model. This is pretty much how any commercial antivirus software application works. I know it's not fun paying for a renewed license every year, but you have to remember that these companies are working for profits too. Besides, considering the fact that antivirus software needs to be updated far more often as compared to any other software application, it's not completely unreasonable to charge an ongoing subscription fee. Of course, there are still freeware alternatives available, if you so desire. :)
     
  13. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Hence, the "beta" tag. :)
    ...although I'm surprised Giant didn't fix up these issues when they were selling this as a retail product.

    All good advise. :up:
    There are still so many people who refuse to install SP2. I really don't understand why. If you're having problems with certain apps not working, first contact the software vendor for a fix. Worst case, disable software DEP. At least you'll benefit from the rest of what SP2 has to offer.
     
  14. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    I know that it is still a beta, but it was a problem when Giant was selling it as well. I still don't think there are better alternatives to the 2 originals, AdAware and Spybot. Webroot's SpySweeper gets good reviews but is not free, and I still haven't heard of any other spyware app getting rid of anything that AdAware and SSD can't. There will always be some of the more nasty ones out there that must be manually removed.

    As far as SP2, I've installed it on dozens of PC's now, and have yet to have a single problem, including PC's with some of the apps listed my Microsoft as a possible problem source. What MS really needs to do is back port the IE6 SP2 fix so it can be installed, at the very least, on Win2k, and it should also be available for 98.
     
  15. dave holbon

    dave holbon Moderator

    Messages:
    1,014
    Location:
    London England
    NetRyder: -

    I think that the point I’m trying to make here is not one of current spyware definition but the potential to perform the exact same operation over a period of time. The effect is the same, just not done in one visit so to speak. Asking someone to allow their company to give details to third parties of what programmes are running on your machine just after you have installed a small applet where in fact you have not been asked to enter any personal details might result in you selecting “yes” having forgotten that three years ago you gave this company all your details when you installed their product and you then selected the exact opposite or “no” to this same question. It’s potentially spyware by stealth. There are many companies on this planet that would pay megabucks for such information.

    Consent, well that’s also a contentious issue, most large organisations don’t need your consent they can access the Mormons site and obtain just about everything they need from there without your consent, all they need is just some bare-bones details to identify you, name and address will do just fine. Credit card companies are the same but in the UK address based, and not name. Is your address a private “thing” not to be disclosed to anyone of course not it’s public property and always has been so your consent is not required here either. Your name is the same, if you are a registered voter or have taken part in a census, it’s all in the public domain, no consent required. All that’s missing is the link between your computer and what’s on it; this rest is already public property. The link between the two is held by guess who?

    :suprised: :suprised:
     
  16. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Have to see if the issues are sorted out in the final release. I posted a link in the other thread where testers can report false positives to the MS team that's in charge now. Hopefully, they'll do something about it.

    Same here. Installed on several machines without a problem with Visual Studio .NET, Office 2003 or any other apps that were on that list MS put up.
    I agree with your last point too. Since the support lifecycle of Win2k and 98/98SE hasn't ended yet, I feel MS should take on the responsibility of securing them as well. After all, compromised Win2k or 98 machines can still act as carriers for malware. Personally, I feel nobody should be running Win98 anymore, but I understand there's no option sometimes (cost, machine specs, or whatever other reason).