[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Microsoft AntiSpyware - First Impressions
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Microsoft AntiSpyware - First Impressions
- From: "KF (lists)" <kf_lists@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 07 Jan 2005 11:19:56 -0500
Do a software update check with this thing and you get
GIANTAntiSpywareMain.exe listening on port 2571 until the software is
closed. Feel free to beat on and fuzz that port fellas. =]
-KF
KF (lists) wrote:
I love how the icon for this product is a big Target. Very
appropreate. Anyone wanna takes bets on how long it takes for someone
to find a hole in the Spynet p2p functions of this beast, what port is
that listening on again?
*grin*
-KF
James Patterson Wicks wrote:
We knew that Microsoft was going to put out an anti-spyware product
after they bought Giant in December, but I did not figure they could
re-brand Giant’s software in under a month. Their first shot at
anti-spyware came out today – Microsoft AntiSpyware (Beta). I
installed it on a test machine that I have in the office. Just to be
safe, I ran a full Spybot S&D scan and then uninstalled the resident
TEA program since Microsoft AntiSpyware will install an agent if you
so wish. The only part of the installation that was strange was the
“recommended” option of joining the “Spynet AntiSpyware Community”
their ‘Spyware Neighborhood Watch’ that connects you to other
computers running the Microsoft AntiSpyware software. Don’t know how
many people will choose that option, but to me it does not make sense
to connect to a peer-to-peer network of infected computers, encrypted
traffic or not.
I ran a full system scan and to my surprise, the software found some
old Timbuktu and Dameware DLL’s that I thought were uninstalled a
year ago. Were the files harmful? The tool stated that the Dameware
files were low risk, but the Timbuktu files were high risk. The tool
also found “iLookup.GlobalWebSearch Browser Hijacker”, “StartNow
Hyperbar Toolbar” and a bunch of “MiniBug” instances. I was somewhat
surprised since my machine was “clean” already. I then set up two lab
desktops and applied the same clean image on both of them (no
anti-virus or firewall installed). I then used IE to surf to the
first ten sites Google brought up when searching for “online
gambling” sites. I then ran full system scans using Microsoft
AntiSpyware on one desktop and Spybot S&D on the other machine.
Spybot found 65 objects, the Microsoft tool found 92 objects. The
results were similar except that the Microsoft tool found a few more
cookies, a bunch of minibugs and something called “SearchSquire.”
While this was just a quick test to satisfy my curiosity about the
Microsoft tool, my initial feeling is that the Microsoft AntiSpyware
is worth a test deployment in the office. This beta expires in July.
Hopefully the final version will be free and allow for centralized
domain management. It’s the least that Microsoft can do.
Pat Wicks
Systems and Network Engineer
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html