Download Microsoft Anti-Spyware Beta1
Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Download Microsoft Anti-Spyware Beta1

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Download Microsoft Anti-Spyware Beta1

    You want to test Microsoft Windows Anti-Spyware, it go here.

    Link : http://www.microsoft.com/downloads/d...DisplayLang=en

    If you want to pass the Genuine Program thing, here a direct download link.

    http://download.microsoft.com/downlo...areInstall.exe
    -Simon \"SDK\"

  2. #2
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Thanks SDK. I think'll I'll give it a shot, to see how well it works. It's not like this is *MY* pc or anything...I'll have desktop support re-image this thing if it gets hosed.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  3. #3
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    I like this thing

    Doesn't look/feel like a beta at all!

    I checked my box (XP Pro SP2) with Ad-Aware and Spybot, and it came up clean. I then ran MS's application.

    It uses the recently acquired SpyNet technology, and provides "a revolutionary network community that connects hundreds of thousands users to quickly share and identify unknown applications, blocking spyware almost as quickly as it is released". It's optional, but if you enable it, it will send signatures of all spyware detected on your computer to SpyNet's central server.

    It comes with real-time protection (9 Internet Agent checkpoints, 25 system checkpoints, and 25 application agent checkpoints), and some "advanced tools" (system explorers and "browser hijack restore", and a nice "tracks eraser" function which lets you, for example, delete the Google toolbar history).

    The scan results are extremely detailed (application, location, instances, extended information on the threath,...). It marked Kazaa as spyware, although I'm using the Lite version (as far as I know, it only detected the installation of Kazaa, not actual spyware), but advised to ignore it (same for WinPCap). Deletion of actual spyware is painless.

    Anyone else have an opinion?

  4. #4
    Very cool, found 2 spyware and SDbot worm after Spybot, Adware and AVG showed a clean system. Easy to use. Looks like it has alot of interesting advanced features.

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Well


    I have just run this on a W2k system...

    On this system I have been recently testing several anti spyware programs as I have been looking for a corporate solution to the spyware problem....I had heard that MS was maybe working on a solution so I have held off on the purchase as the cost per desktop was more than AV.....I was also looking at an integrated AV\ASW solution willing to toss Norton AV...but that is another issue.

    Anyway

    I must say I am very impressed as this beta ran well...and found a piece of spyware sitting on my machine...that nothing else has found!!!

    I opened explorer (thought it maybe a false positive....regular norton issue )and sure enough it was there in the system32 directory

    winsys.exe

    Nothing else has found this...properties show it was created in May 2004...and I have tested SEVERAL antispyware programs on this machine.

    Good job MS....

    My .02 cdn

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    BTW: This is a microsoft "beta". The program or engine itself has been around for a while. It used to be Giant's. Giants antispyware has been rated in the top 10 for quite a while. No reason to reinvent the wheel...

    Ran adaware and spybot (both updated) prior to scanning with ms anti-spyware.
    I do like the look and feel though. I also like the realtime protection.

    I got a couple of false positives though...

    Detected Threats

    Timbuktu Pro Commercial Remote Control more information...
    Status: Ignored
    High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

    Infected files detected
    C:\WINNT\system32\nsldapssl32v30.dll
    Not really installed on my machine. Just that file was found.

    Netscape nsldapssl32v30.dll

    The nsldapssl32v30.dll file is required for any LDAP functionality that may be used in your application. We recommended that you install this into the Window's System32 directory.
    http://www.betrusted.com/downloads/p...alc-7.1.3.html



    InstSrv Trojan more information...
    Status: Ignored
    High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

    Infected files detected
    C:\Program Files\Resource Pro Kit\instsrv.exe
    It *can* be used to install a trojan as a service, but it is not a trojan in itself.

    SearchSquire Adware more information...
    Details: SearchSquire is an Internet Explorer sidebar containing paid links that open when you use search engines.
    Status: Removed
    Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.

    Infected registry keys/values detected
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchsquire.com
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchsquire.com * 4
    Got me there... not legitimate but easily removed. adaware and spybot didn't find this.
    EDIT: Actually, this is also a false positive. According to a post on slashdot, this is party of spybot's immunizitation feature... which I use.

    WinPCap Enabler more information...
    Details: WinPCap is an Open Source Windows Packet Filtering Library. It provides low level internet & system traffic data to other applications that leverage its utilities.
    Status: Ignored
    Low threat - Low risk threats pose a very low risk or no immediate danger to your computer or your privacy, however these types of applications may profile user online habits, but only according to specific privacy policies stated in the applications End-User License. These types of threats generally borderline on being a threat to being a standard application that has a complex license agreement that you knowingly installed.

    Infected files detected
    C:\Program Files\WinPcap\daemon_mgm.exe
    C:\Program Files\WinPcap\rpcapd.exe
    C:\WINNT\system32\wanpacket.dll
    C:\WINNT\system32\wpcap.dll
    c:\program files\winpcap\install.log
    c:\program files\winpcap\uninstall.exe
    C:\Program Files\WinPcap\NetMonInstaller.exe
    C:\WINNT\system32\drivers\npf.sys
    C:\Program Files\WinPcap\npf_mgm.exe
    C:\libnetnt\LibnetNT\DRIVERS\Packet2K\Packet.dll
    C:\libnetnt\LibnetNT\DRIVERS\PacketNT\Packet.dll
    C:\WINNT\system32\packet.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\packet.sys
    C:\WINNT\system32\pthreadVC.dll

    Infected folders detected
    c:\program files\winpcap
    Again, false positive.
    Well... kinda. I guess this could be offending software depending on who has installed it and for what purpose.


    Thus far, I'm inpressed. But this was someone elses product. Lets see what comes of it.

    Does anyone know about pricing? If any? I didn't find much on that. Hopefully it'll be free?!

    From the "help about"
    Microsoft AntiSpyware Version: 1.0.501
    This version expires on: 7/31/2005
    Current User: user
    Spyware Definition Version: 5678 (1/5/2005 11:44:42 AM)
    Now... I want a console from which I can manage all of this on different computers.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    I also got a few very minor easily spoted false positives and also found a little peice of spyware niether spybot od adaware pro found. All in all for a microsoft product and especialy a beta I am impressed. I hate to think what its going to cost when it is released a final rlease is developed.

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    If m$ were to release a pay version, woudln't fixing known bugs that can be exploited by adware/spyware be a conflict of interest? If they fix the bugs and people apply the paches... people don't get infected and they can't sell the software.

    But we all know that m$ would *never* do something like that... right?... right?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #9
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Hey they gave out the Firewall and packet sniffer for free.

    Just like everyone else, I had a false positive (but I can see why it picks up the program) but it didn't find anything "extra". The interface is slick and it's a good program. This is what I learned playing with it:

    There are three categories of "agents" that load on startup if you desire. They are Application, System, and Internet settings. These can be like a local security tool because they each seek out and monitor changes to various properties.

    Application Agent: monitor changes in IE settings and Active X controls as they are processed

    System Agent: Monitor changes in security settings such as privilege escalation and also system properties of the OS.

    Internet Agent: Monitors changes in the settings for either the dial-up or Ethernet/USB for the internet connection in Network Properties.

    In addition you can enable your system (I chose not too) to participate in a network "spy-net" to report system changes detected by the agents. They will use that data to update signatures.

    Very Nice. Kind of shocked really.

    Oh and the license expires in July 2005. Since it is MS and there are agents running I would imagine a whole slew of command line abilities are there along with a console to plug into MS Management or Active Directory integration. But that ability to control clients via remote will make or break this in the enterprise. Home users should down load it.

    //EDIT Ooops it picked up WinPCap like with Phish while I was typing. Another falsie, unless you don't know what that is and it pops up on your PC.

    Well NOW, I am even more impressed the “Tracks Erraser” module automatically detected the installation of several programs and with one click enables you to ERASE the history files of them. Sure there are other programs that do that but this is an added benefit to an already seemingly excellent product. Mine detected:

    Adobe
    MS Common Dialog (used by programs to list files etc)
    Google Toolbar History (very nice)
    ICQ
    IE (history, cookies, Form entries
    Kazaa

    And it goes on and on to include the history files of just about every piece of software I have, including MS Office files and Paint etc.

    In addition there is a system explorer that lets you look at extreme details of system function, a change or trace events. Sweet

    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  10. #10
    Junior Member
    Join Date
    Mar 2004
    Posts
    3
    It found RadLight on my machine, which neither SpyBot or Ad-Aware found.

    I guess RadLight can be pretty nasty, but it's been on my machine since 10/03 and didn't seem to be doing anything. Got it with a download from CNET it seems.

    I think the MS product worked well. I think it's biggest contribution will be its ease of use, and the fact that it's an MS product. The more spyware protection and removal software that gets used by casual/home computer users, the better off we'll all be.

    And we know that MS has the channels and enough clout to get the software out there. Like it or not, I think that's a fact.


    __________________
    Intranet Journal's Spyware Guide
    http://www.intranetjournal.com/spyware/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides