Microsoft malware tools no cure-all
Results 1 to 9 of 9

Thread: Microsoft malware tools no cure-all

  1. #1
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,066

    Microsoft malware tools no cure-all

    This article kind of changed my mind about the microsoft anti-spyware product. I think i'll wait till after it's out of beta, the current tools out there are just better...

    From http://www.msnbc.msn.com/id/6849159

    Microsoft Corp. created the world's most popular operating system -- one that's also heartily embraced by hackers and virus writers. And it begat the world's top Web browser, which makes it all too easy to mistakenly download and install spyware, adware and other garbage.

    advertisement

    You'd think the world's largest software company, which presumably knows its own Windows and Internet Explorer code, would have long ago come up with something to repair PCs possessed by malicious programs.

    Think again.

    Though Microsoft regularly releases bug fixes, security patches and even the occasional virus-removal tool, it has only recently made programs available to help people wrangle back control of their computers after they've clicked the wrong pop-up ad, opened a rogue attachment or installed adware-packed freebies.

    (MSNBC is a Microsoft - NBC joint venture.)

    The company now has two free programs to help rid PCs of unwanted pests. Though Microsoft Windows Malicious Software Removal Tool and Microsoft AntiSpyware show some promise, they aren't close to being magic bullets.

    I tested the programs on a Windows XP computer I borrowed from my wife's cousin. The 3-year-old PC, a Gateway running Windows XP Home Edition, was basically unusable.

    Annoying pop-up windows, a sign of adware, were the least of its problems. The modem dialed phone numbers even though the PC was hooked up to a broadband connection. It took more than a minute to load a single Web page and often crashed minutes later.

    Error messages appeared when I tried to open the Task Manager, a Windows utility that shows running programs and processes. It refused to load Windows Update, Microsoft's site for downloading security patches and other fixes.

    Needless to say, the machine had not received any security updates from Microsoft in a while. To load Microsoft's Malicious Software Removal Tool, I had to get it using another machine, load it on a USB drive and install it manually. (It's usually available through Windows Update.)

    Big problems missed
    Once installed, the tool scanned the machine and reported no problems, even though there were big problems.

    The tool looks for a limited number of pests, such as "Sasser" and "MSBlaster," so it didn't find the worm, "Netsky.P," that had infected this PC. The program, though, will be updated each month and will presumably become more effective.

    By building its tool into Windows Update, Microsoft shows it's aggressive about snuffing out pests. But it's got to stay up to date with the threats -- and send out updates as close to real time as possible. Who wants to wait until the second Tuesday of each month to fix a sick PC?

    Existing computer security firms have nothing to worry about -- at least for now.

    Computer Associates' ezAntivirus took three hours to scan the entire system and found 19,000 infected files. After the worm was knocked out, the machine became slightly more stable and I could tackle the spyware problem.

    Installation of the prerelease version of Microsoft's antispyware program, which can be downloaded free from Microsoft's Web site, was easy. The final version's price, if any, has yet to be announced.

    The interface was clear and simple. I ran a thorough scan, which discovered 77 spyware and adware programs. I followed the software's advice and removed them all.

    But bizarre behaviors -- including multiple pop ups, unwanted toolbars and generally sluggish behavior -- continued.

    So I rebooted the PC in safe mode, which limits the number of programs that load at startup. The theory is that if it's not running, spyware can be more easily deleted. This time, the program found about two dozen spyware programs. I deleted those, too.

    After rebooting again, the PC continued to show signs of infection, though it did seem less bogged down. Having spent two days disinfecting the system, I broke down and reformatted the hard drive. I then reinstalled Windows XP and all its patches.

    It took just 90 minutes.

    Protection better than cleanup
    The clean start gave me a chance to try Microsoft AntiSpyware in its other role -- as protector of a clean system. Compared with competing products, it did a good job and was easy to use. (There are modes for novice and advanced users.)

    It continuously monitors 59 checkpoints and alerts users whenever a program attempts to make a change, though some of the messages could do a better job of explaining troubles in plain English.

    I tried downloading and installing a well-known adware program, PurityScan. The security features in Windows XP Service Pack 2 tried to get me to stop, but I ignored it. When the spyware installer was running, two windows popped up giving me the chance to block some files from installing.

    This time, I agreed, but the program still showed up in a subsequent scan. With a few clicks, I successfully deleted it.

    In theory, Microsoft AntiSpyware should get better over time. It's programmed to send reports back to Microsoft to improve and update spyware definitions.

    The antispyware program also has useful tools for easily accessing Windows and Internet Explorer settings that were previously hidden deep within the operating system and browser. In fact, any hijacked settings can be restored with one click.

    Overall, I was more impressed with the antispyware program's protective measures and simple interface than with its ability to cleanse existing infections. Still, Microsoft seems to be on the right path to fixing the mess caused by the careless users, malicious programmers, unethical companies and vulnerable software.

    If only it hadn't taken so long.
    I am the uber duck!!1
    Proxy Tools

  2. #2
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    Well, don't disregard it yet. I just had it catch Grokster and SearchSquire... something that both Ad-Aware SE and Spybot both missed. My only gripe about the program is the rumors flying around that they might charge for it. Why should loyal customers pay for software to remove what OS originally let through? Don't get me wrong, I'm not senselessly bashing Microsoft. I realize that having the most popular OS and browser on the planet's going to draw the attention of 99% of the crackers out there and I also realize that no software is perfect. Just my $.02.

    - Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  3. #3
    Junior Member
    Join Date
    Jul 2003
    Posts
    18

    Here's a great comparison of anti spyware products

    http://spywarewarrior.com/asw-test-guide.htm

    It's a good overview of anti- spyware and adware programs. Looks to me like no two programs catch enough of this stuff to be certain of the results. I had little opinion about the MS purchase of Giant until I read this. It looks like MS bought a good company that was doing a good job of catching stuff the other companies were missing

    I got the link above from http://www.grc.com/default.htm

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Though Microsoft Windows Malicious Software Removal Tool and Microsoft AntiSpyware show some promise, they aren't close to being magic bullets.
    Ok. Let's be realistic here. NO program is a cure-all. You are rather foolish if you rely on a single solution for various attack-types. Ad-aware, while good, still can miss stuff (which is why I look to other solutions to help me find those things like Hijackthis). On the AV side, AVG, while good, can miss stuff and I visit places like Panda's Online Scanner or Trendmicro's Online Scanner.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Good point Ms Mittens. Every time MS releases something the headlines read .... "doesn't do enough", "no sure all" etc. These programs are signature based counter measures. It is a constant battle to stay ahead of those who wish to exploit our machines, our privacy and our trust. I have deployed this on many machines without a hitch. If you want to get critical of other program issues they all lock up once in a while. Especially the ones that scan in real time. And this is the killer, it's the same program that people applauded a year ago.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  6. #6
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Remember These are just betas from MS, the antispyware is great for a home machine but in a corporate environment it will attempt to disable a lot of enterprise utilities (stuff we use to push patches, trouble shoot remotely, stop users from doing things they shouldn't do.)Notably BitDefenders Real VNC. Also remember that after the beta unless you pay for the MS security package you will not receive updates for their antivirus or antispyware programs. If these programs are not updated they are useless.

    This article from MS insider goes into their subscription plan http://www.microsoft-watch.com/artic...1747802,00.asp

    I tend to agree with vmyths on this one, any subscription model is akin to drug dealing.
    Who is more trustworthy then all of the gurus or Buddha’s?

  7. #7
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,066
    Also remember that after the beta unless you pay for the MS security package you will not receive updates for their antivirus or antispyware programs.
    IMHO, this is just another reason not to go for it unless it's significantly better then the Spybot search and detroy and adaware combo. Why pay for their mistakes? But for an even better reason, why pay when there are better and free options available? I can see if the product is significantly better then 'the combo' but I doubt it will be...

    I guess time will tell...
    I am the uber duck!!1
    Proxy Tools

  8. #8
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    If it eventually allows central administration for a security admin. to monitor and adjust settings to all workstations... I'll pay for it.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  9. #9
    Senior Member
    Join Date
    Jun 2004
    Posts
    281
    I have been fooling around with it and it seems to be a rather good tool. You wouldn't build an entire building with shovel and in the same way you wouldn't rely on one piece of software to defend against spyware.

    Anyway, I have been fooling around with the beta version and I found a few little bugs. The one bug that is really annoying is that I have a program that runs in the taskbar. However, the spyware program pulls it up and deletes it as malware. The first time it did that I was rather annoyed. So in short, we must remember it is still in beta and one program cannot be used as a cure all.

    - MilitantEidolon
    Yeah thats right........I said It!

    Ultimately everyone will have their own opinion--this is mine.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •