Is Microsoft Anti-Spyware Useless?

[Adelphia]

I believe that this is a legitimate question. If Microsoft Anti-Spyware
detects a spyware element and reports it what does that mean to the user of
the PC? Well it says that the damage may already have been done. The user
unwittingly loaded something that could either immediately, or later, send a
filtered subset of their keystrokes to a location where in-depth analysis
reveals their login id/passwords, account numbers, etc. for the savings
account, checking account, and their business accounts. Am I wrong ???
Detecting something that has possibly already sent your information outside
has marginal value. Please tell me again is this wrong?

Microsoft designed the Windows operating system in a naive academic setting.
They followed on with improved user functionality with little, or no thought
to protection. Microsoft also took a track that caused them to add
functionality to support commercial interests. With various functions our
desktops can be managed, and worse, our activities can be tracked. This was
supposed to "enhance" our experience. Unfortunately, it made things worse
and criminal elements exploited the pathways intended for commercial use.
Microsoft has belatedly begun to try to remedy the problems. I will contend
that programs such as Anti-Spyware are not the answer and are actually
dangerous.

My argument is that Anti-Spyware is being offered to the PC community
at-large. This means that not only the small cadre of knowledgeable users
will try it, but the average PC user will RELY on it. Why, because they are
faced with such an array of programs claiming to protect them and that
confusion forces them back to Microsoft where they believe they will receive
good protection. These other companies are in too many cases "fly-by-night"
crooks who actually exploit trust to infect the PCs where they are used. The
common every-day user simply has no one to rely on except Microsoft as a
"court of last resort" for safety. Microsoft has a duty to protect its
customers. It would not surprise me that, down the road, some wealthy
person, infected with a keylogger, goes to court on that.

So back to the issue. What is the worth of Anti-Spyware and is it actually
dangerous? The argument I am attempting to make is that Microsoft is in a
position of trust (with some suspicion) in the world of PC users. To offer a
security program that does not BLOCK all nasty intrusions, creates a FALSE
SENSE OF SECURITY. It is disingenuous to offer this program and somewhere
within the description then tell the PC user that they may need something
else to get real protection. How many something else's do they need? What
are they? Are they CERTIFIED to perform their claimed function? No one
knows. The poor customers of Microsoft are left on their own once again.
Full circle, nothing accomplished!

Dick

 

[Bill Sanderson]

This criticism applies to scanning after the fact by any product.

The strength of Microsoft Antispyware is the real-time protection--that
should alert you to an attempt to put spyware in place BEFORE the fact.

This real-time protection is partly signature based, as with antivirus apps,
but it also will alert you to something that the signatures (i.e. spynet
database) doesn't yet cover--this is a step beyond what antivirus apps do,
although perhaps the best heuristic detections are similar.

--

 

[AndyManchesta]

I have seen many posts from your Dick about this subject
on here and I personally do not think its realistic or
helpfull to try scare users into think that keyloggers
are common and installed daily on to systems of home
users as this is not true, all Internet users should have
protections products in place to prevent this such as
Firewall, Antivirus & Antispy protection,

Most adware will record internet actions and browser type
etc.. but they do not record account information as this
is illegal and would get the Adware companies shut down
and charges brought against them so as a business these
companies will not cross that line. What Adware/Spyware
do you know that will send account numbers for savings
accounts to them ? If you know any then report them to
the FBI or similar law enforcement offices.

Your comment

"I will contend that programs such as Anti-Spyware are
not the answer and are actually dangerous"

Is hard to answer, what would you prefer? not having any
protections and let these spyware companies carry on
infecting pcs without any way to remove them ?

How can Antispy applications be dangerous they are there
to remove what ever junk the user decided to install or
got infected with by not having the required protection
and visiting malicious sites.

Your making arguments that cannot be answered because of
the nature of the internet, Microsoft cannot block every
single intrusion attempt from every site no matter what
it is Virus, Trojan, Spyware etc.. this isnt possible as
new malware is written daily and can only be included
once its released into the wild to infect people.

You may as well say users should all disconnect from the
internet and never read emails and should never use a
keyboard to be sure they never get infected,

You have posted this question many times on here and we
have tried to advise you on ways to prevent these
problems but you keep coming back raising the same
points, I understand your concern but what do you want if
you believe Antispy applications are dangerous?

If users have the latest service packs and security
patches for thier systems then have a strong Antivirus,
Antispy and Firewall in place these problems will not
effect users unless they download new variants of Viruses
or open Malicious email's but most users are aware of
these dangers so would only download from trusted sources
so in my view its only a very small amount of users who
would ever get infected with Keyloggers who visit
suspicious sites without the required protection products

Keyloggers are dangerous but for them to transmit the
information they need to send it out from your pc, This
means having to place files on to the pc first to infect
the system then the files opening ports to send this data
to the producers of the keylogger, This leaves traces of
who is collecting the data and what files are trying to
get access out from the pc, A strong firewall will alert
the user that a certain file is trying to send
information out so this can be blocked and most strong
Antivirus would delete the infected files from entering
the system or being allowed to run so you cannot live
your life worrying about problems that will never effect
most users who know how to protect the pc.

There is always exceptions where new keyloggers manage to
infect a system and transmit data before being added to
virus definiton lists but this is rare because as soon as
they go into the wild they are reported to Antivirus
companies who then pass the information to other AV
companies to provide protection to prevent other users
getting infected but again these do not come from genuine
sites that most users visit so this isnt worth scaring
all users into thinking every thing they do is being
monitored. Keylogging is more a issue for Antivirus
companies and Firewall programs are essential.

If you believe you know a better solution to this than
having Antivirus,Antispy and Firewall's installed please
share this idea as its hard to know what you think is a
alternative to this, all internet use comes with risks so
having these protection features is needed and not
dangerous in my view.

If you think you have a better idea then share this with
us as I do not see the point in you keep posting on here
that MS and other companies are failing when they are all
doing as much as they can to protect the users from these
issues.

Regards Andy

 

[Tom Emmelot]

Well said Andy!!!

Today at my work (Sign Factory), I must use the printer from my
colleague, so I start his PC after a while I lookt at his screen and saw
6 windows of Internet explorer open I click them away, the last window
there was a text that warns for spyware on the PC and I could download a
free trail of ....... So only MacCafe running on that PC(stops no
spyware) I decided to download and run MSAS, so after install I run a
full scan and after 15 minutes or so MSAS found 75 treads (spy/trojan)
and so on. So when it starts cleaning it found 10.000 of registry inputs
and 500 files on the HDD!!!!!!!!!!!!!!!!!!!!!!
Then after reboot and a second scan MSAS found 1 remaining and delete
that to! After a second reboot the system was clean, MacCafe found
nothing after a scan. So I also install Ccleaner and let him wipe out
all the temp stuff (860 MB)!!! Settings set to clear the PC a startup!
So i am glad that there is something as MSAS, because to wipe out 10.000
regkey's and delete 500 files by hand is a hell of a job!!!


Regards >*< TOM >*<

 

[AndyManchesta]

Thats Scary Tom

MSAS are doing a great job with this Antispy application
and Im sure they will keep improving this before its
ready to be released, I agree the problem with Keylogging
is very serious but the main part it to let people know
how important the Service Packs, Security patches and
these protection products are.

When you have all this in place it makes it very
difficult for junk to infect the system as Im sure many
people know already who have not had spyware problems for
years. I never have malware issues on my pc because my
protection is overkill and nothing can get past it but I
also have a test pc which is unpatched for research and
Im fully aware that just visiting certain sites will
install malware onto the system without me having to do
anything to download it so I appreciate there is a
problem but I believe Microsoft and the Antivirus,
Firewall companies are doing everything they can to help
protect the users from these exploits and infections.

Ive never been a great supporter of doing banking online
because of the potential for fraud but this is the same
for purchasing things online too, unless I trust the
company and know alot about them I would never disclose
my personal details and credit card information to them.

The way I see it is you should not give any information
on the internet that you wouldnt give a stranger you meet
on the street because you never know where this
information is going to end up. If you need to purchase
things online then make sure its secure,

Think of all the servers who will get this information
between you and the destination, The transmission of this
information is normally sent in "plain text". The
solution to this problem is to encrypt this data for
transmission. Secure Sockets Layer (SSL) was created for
this purpose, SSL uses a complex system of key exchanges
between your browser and the server you are communicating
with in order to encrypt the data before transmitting it
across the web.

Check for the "Lock" icon For example, Microsoft Internet
Explorer displays the lock icon in the lower-right of the
browser window, Mozilla's FireFox Web Browser displays
the lock icon in the lower-left corner, Click (or double-
click) on it to see details of the site's security. This
is important to know because some fraudulent web sites
are built with a bar at the bottom of the web page to
imitate the lock icon of your browser! Therefore it is
necessary to test the functionality built into this lock
icon,

Many SSL Certificate vendors also provide a "site seal"
to the owners of these sites, The site seals should not
necessarily be trusted on their own, Check for
that "https" in the prefix of the web page address
the "s" being the important part of this, Click on
that "lock icon" in the status bar of your browser. If
everything looks good, The web page is "secure".

But Browse Safely!

Andy

 

[Richard Urban [MVP]]

I am very surprised at the viciousness of your reply to Bill Sanderson! The
text that he posted (copied and pasted below) does NOT warrant such a foul
reply!

Begin quote:

This criticism applies to scanning after the fact by any product.

The strength of Microsoft Antispyware is the real-time protection--that
should alert you to an attempt to put spyware in place BEFORE the fact.

This real-time protection is partly signature based, as with antivirus apps,
but it also will alert you to something that the signatures (i.e. spynet
database) doesn't yet cover--this is a step beyond what antivirus apps do,
although perhaps the best heuristic detections are similar.

End quote:

His reply is accurate, concise, to the point - and pertinent to the person
he is replying to. Yours, on the other hand is rambling and refers to things
that were never said in his quoted text. It is as if you are replying to
another person but posting the message here!

If you did post this here on purpose - GROW UP a bit, intellectually and
emotionally! And, whether or not you posted here on purpose - ***LOSE THE
FOUL MOUTH***.

--
Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from: George Ankner
"If you knew as much as you thought you know,
You would realize that you don't know what you thought you knew!"

 

[Tom Emmelot]

Hello Richard,

I believe the reply was to Dick and not Bill!!

Mine reply was showing wat wil happen with a PC without a Anti Spy with
realtime protection at the moment.

Kind Regards >*< TOM >*<

 

[Adelphia]

Some replies were defensive rather than constructive with the usual
implications of rudeness that prevails on the Internet. However, from Bill's
reply it seems that AntiSpyware does have some provision to block intrusions
which, to me, is the primary line of defense. I saw the message on the scan
that found 75 items. The questions is - did any of those do any real damage,
i.e., install something that is now sending keystrokes to a data analyzer? I
would at least run one or two of the online scanners as well to see if
something else is in there.

To Andy - yes you must scare people to get them to realize that there may be
something that they need. If you own a home the insurance company will
"scare you" into purchasing a homeowner's policy. Of course you can dismiss
the possibility of someone installing key-stroke logging software. That is
your choice. It was also situation where some chose to ride out Katrina and
spent a few nights on their rooftops. I would not be so quick to dismiss
keyloggers and whatever else comes along. Things that change your home page
to a porn site are annoying but capturing your financial data is a bit more
serious.

Bill, I was trying to subtely say that the only company we can rely on,
after all is said, is Microsoft. I will say that they are late in publically
producing code that will protect their customers from the vulnerabilities in
their operating system. I am concerned that the abilities of AntiSpyware are
not explicity clear. Also, the future objectives are not explicity clear. As
I tried to imply, this can lead to a false sense of security if the customer
assumes what is NOT said to be there. I know that Microsoft employes some
managers who are skilled at creating vague ad copy if there may be some
rough edges on a product. All companies do. Of course drug companies are an
exception when they are forced to tell you about their gory side effects.

My opinion is that the customers of Microsoft need, from Microsoft, a focus
security product that works outside the operating system. The last thing
that I want os someone tinkering with the operating system to block an
intrusion. I worked on OS's and know what can happen. AntiSpyware could, and
should, be that product. There will be room for other products that may be
more nimble, or may block less harmful items ahat can be classified as
annoying and not merit the attention of Microsoft. From Bill's comments the
evolving AntiSpyware program is the answer for me. Is it the only answer -
no not yet. But I want it to be. I do not want to trust my bank account to a
company that offers no liability. That is the case for USA customers who use
off-shore companies' software for protection. I want a company with large
resources which are at stake when they produce protection products. Many of
the protection programs today have little financial backing. So if you are
successfully attacked, despite a clear statement that you are protected,
your recourse is very limited.

I am looking forward to the day when AntiSpyware will protect me to the
degree that I turn it on, leave it on, and do not have to worry about
someone stealing infromation from me.

Dick

 

[Tom Emmelot]

Hello Dick,

i quote:

"I am looking forward to the day when AntiSpyware will protect me to the
degree that I turn it on, leave it on, and do not have to worry about
someone stealing infromation from me."

I think this is a utopia, because the Virus/spyware mafia find something
new and the protection is always behind. So only a PC never on the
internet is save!

Regards >*< TOM >*<

 

[AndyManchesta]

Richard Urban

Can you explain what you are talking about ?

This was a reply to Dick "Adelphia" after many posts
about MS Antispy failing and keyloggers monitoring
everything people do so where does the foul mouth come
into it, There was a couple of grammer mistakes where I
put "alot of posts from your dick" instead or "alot of
posts from you dick" but nothing that justifies your
abuse.

Your reply to me if very insulting so I would appreciate
a full explanation to your outburst if you consider
yourself to be a MVP

You have no right to talk to me like that when Im here to
help out saying Im rambling and abusing me so please give
me a full explanation to your attack on me.

Andy

 

[AndyManchesta]

Ive emailed Richard and will not be posting on here again
after these insults untill I get a full explanation for
that abuse aimed at me from a MVP.

All the best

Andy

 

[AndyManchesta]

Thankyou Bill

I appreciate the emails and understand this was a
misunderstanding, The person posting this was called Dick
and I addressed him as Dick so maybe Richard didnt read
the original message to understand that,

I still think for a MVP his comments are well out of hand
and have expressed this in a email to him, If any of the
posts in this group are insulting it is the one he has
made, if he was more involved in these groups he would
see Im just here to assist people with spyware issues and
not to get insulted by MVP's who want to say Im rambling
or need to grow up.

As you know Bill Im busy fighting the Look2me infection
so will be off for a few hours ;o)

Regards Andy

 

[Richard Urban [MVP]]

Sorry Andy,

I read through the very first few words of your post TO "Bill Sanderson" and
was incensed by the fact that you would say of Bill:

"I have seen many posts from your Dick about this subject on here". To me,
it looked as if you were accusing Bill of talking through his "you know
what"

Bill, and you Andy, post here quite regularly and I read and learn from both
of you. It sounded to me like there was a fight brewing and I was taking
Bill's side because the above seemed unwarranted!

As far as responding to the wrong post in a thread: I have been burned in a
newsgroup (not Microsoft) by posting something quite embarrassing (meant to
be a private e-mail) to a group 3 years ago. It took months for that to stop
haunting me.

--
Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from: George Ankner
"If you knew as much as you thought you know,
You would realize that you don't know what you thought you knew!"

 

[Tom Emmelot]

OK Richard,
we have a saying in Holland,
The mouth is faster than the brain,
but you did it on Bills behave so we take just one shot on you and
forget about your "fast response"!

Kind Regards >*< TOM >*<

 

[AndyManchesta]

Thankyou Richard

I appreciate the reply on here and to my email, its kind
of you to make this clearer.

I understand this has been caused by my typo error and
will read through replies next time to make sure they are
correct.

I would never insult anyone on here especially not Bill,
He does an amazing job as do all the other helpers and I
fully respect and appreciate the time they spare to help
people out.

I always post as the last reply to prevent it looking
like Im trying to disregard someone elses view and jump
in front of thier comments but understand this could of
made it look like I was insulting Bill and my poor
grammer didnt help, Shame the original poster was called
Dick as this wouldnt of happened if they were any other
name

Thanks again for the response and its nice to know it was
just a mistake

Kind Regards

Andy

 

[Adelphia]

I agree that the "evil dooers" out there are quite nimble. However, there is
a need to identify as many as possible vulnerabilities in the Windows
operating system and address them in AntiSpyware. Not it will never be
perfect but if Microsoft is truly dedicated to this task then our best hope
is to stick with them. Yes, Utopia is note a real world element. However, it
should be a continual challenge/objective for Microsoft.

As I mentioned the OS evolved with the objective of being as functional as
possible. This was bound to leave holes. I also, believe (as mentioned
earlier) that messing with the OS to try to plug all of the holes is not
only risky - it is terribly expensive. Much of the cost comes from the
extensive testing needed in this sensitive area. The attempts to exploit the
holes will have specific characteristics. So it should be possible to block
the attacks either before, or soon after, they occur.

Despite the feelings of some, I firmly believe that blocking intrusions
(etc.) should be the primary goal of AntiSpyware. Some are bound to slip
through just because the scum find, possibly by accident, holes. Therefore,
Microsoft customers should have a solid scanner that can tell if something
has been planted or code altered. Until Utopia we will indeed need both.

The name AntiSpyware is probably not a good idea for the long term. I would
foresee the blocking and scanning function to require a more descriptive
title. Lawyers would like to see all titles as "Program nnnn" with no
implied commitment to performance. Try to get a Microsoft lawyer to approve
"Total Secure".

Once again I believe that Microsoft is the only real answer to good
security. I would like some commitment by Microsoft that they will provide
both a sturdy blocking function and a robust scanning function in either one
or two programs at no charge to their customers. If they ever charge for
security that is like charging extra for brakes on an automobile.

Dick Boley
Near Pittsburgh, PA
Using Adelphia.

 

[Bill Sanderson]

I do understand how you read the message--thanks for re-reading, and making
this statement.

I had to do a double take and then scroll to the bottom of the original
message before I could understand what Andy was saying--but it never
offended me. I know Andy from his posts well enough that I wouldn't expect
any attack of that sort.