[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Microsoft AntiSpyware - First Impressions
- To: James Patterson Wicks <pwicks@xxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Microsoft AntiSpyware - First Impressions
- From: "KF (lists)" <kf_lists@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 07 Jan 2005 10:50:14 -0500
I love how the icon for this product is a big Target. Very appropreate.
Anyone wanna takes bets on how long it takes for someone to find a hole
in the Spynet p2p functions of this beast, what port is that listening
on again?
*grin*
-KF
James Patterson Wicks wrote:
We knew that Microsoft was going to put out an anti-spyware product
after they bought Giant in December, but I did not figure they could
re-brand Giant’s software in under a month. Their first shot at
anti-spyware came out today – Microsoft AntiSpyware (Beta). I
installed it on a test machine that I have in the office. Just to be
safe, I ran a full Spybot S&D scan and then uninstalled the resident
TEA program since Microsoft AntiSpyware will install an agent if you
so wish. The only part of the installation that was strange was the
“recommended” option of joining the “Spynet AntiSpyware Community”
their ‘Spyware Neighborhood Watch’ that connects you to other
computers running the Microsoft AntiSpyware software. Don’t know how
many people will choose that option, but to me it does not make sense
to connect to a peer-to-peer network of infected computers, encrypted
traffic or not.
I ran a full system scan and to my surprise, the software found some
old Timbuktu and Dameware DLL’s that I thought were uninstalled a year
ago. Were the files harmful? The tool stated that the Dameware files
were low risk, but the Timbuktu files were high risk. The tool also
found “iLookup.GlobalWebSearch Browser Hijacker”, “StartNow Hyperbar
Toolbar” and a bunch of “MiniBug” instances. I was somewhat surprised
since my machine was “clean” already. I then set up two lab desktops
and applied the same clean image on both of them (no anti-virus or
firewall installed). I then used IE to surf to the first ten sites
Google brought up when searching for “online gambling” sites. I then
ran full system scans using Microsoft AntiSpyware on one desktop and
Spybot S&D on the other machine. Spybot found 65 objects, the
Microsoft tool found 92 objects. The results were similar except that
the Microsoft tool found a few more cookies, a bunch of minibugs and
something called “SearchSquire.”
While this was just a quick test to satisfy my curiosity about the
Microsoft tool, my initial feeling is that the Microsoft AntiSpyware
is worth a test deployment in the office. This beta expires in July.
Hopefully the final version will be free and allow for centralized
domain management. It’s the least that Microsoft can do.
Pat Wicks
Systems and Network Engineer
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html