System Inoculation scan

[Guest]

Hi there,
In the MSAS Help menu, it shows an item about the System Inoculation Wizard
and doing a scan, and what to do if the scan results show items needed to be
inoculated. Unfortunately, this helpful piece of information does not tell
us whether this Wizard is available to be used on-demand. My questions are:
1) Where in MSAS can I access this Wizard to use it? or
2) Is this item *really* just another way of telling us about the real-time
protection (59 checkpoints)?

 

[Bill Sanderson]

My sense of this item, which only a couple of other posts have been made
about in the course of this beta--is that it is a "leftover"--a bit of Help
text relating to a Giant feature which is no longer available in the
product. I.e. help text which should have been removed.

At any rate, I've not heard of anyone finding a way to actually use this
feature in the current product.

 

[Guest]

Dear Bill,
Yes, I think you could be right. Perhaps this feature has now been
incorporated in the real-time protection, as well as the over 100,000
signatures covered by MSAS. The product is still working fine for me and
yesterday it was updated.

I am also trying out Spyware Doctor v3.2.2 which, interestingly, on the
first run, found 7 tracking cookies which I knew about as those websites were
in my allowed list plus a Trojan called CWS-C, somehow missed by MSAS and
NAV2005. However, after doing a clean up and running Doctor again,
everything was cleared! Will be doing another scan today to see what comes
up again, if anything. Ran a scan with the new MSAS definitions and got the
all-clear.

 

[Bill Sanderson]

Detections will always differ among antispyware products for some time to
come, I think. I suspect detections of the "commercial" spyware
vendors--the ones who claim to be legitimate businesses, will become uniform
over time, but the illegals--such as CWS will vary some unless the process
of information sharing among antispyware vendors advances significantly.

--

 

[Guest]

I suspect you're right in your prediction. As an ordinary user, I'm
certainly not interested in continually trying out all the different
antispyware programs that are available, and it is becoming more confusing
each day as to their differing benefits. I'm more willing to go with only
one/two trusted compatible products other than what comes with the OS,
following all security advices as much as I can with my configuration, and
tweaking as much as is possible to keep my machine clean and reasonably safe.
I think I have a better chance with this strategy because I *am* in a
standalone situation and not connected to enterprise networks, irrespective
of the hazards of the internet -- web browsing, email, newsgroups. I don't
engage in any of the more hazardous internet activities -- chat rooms, ebay,
online banking etc.

I ran another Spyware Doctor scan today and came up nil results. I have to
say, though, that since downloading this product recently, there have been
odd things happening using IE6 only since then, just as when a few months ago
I thought to try PC MightyMax! which also produced some odd results, after
which I uninstalled that program and also its entry in the registry, and
after doing a cleanup things went back to normal. I think I may do the same
with the Doctor (I haven't paid for it and have used it only to scan).

 

[Bill Sanderson]

One of Microsoft Antispyware's strengths is the Spynet community which
leverages the huge installed base (there are currently over 18,000,000
installed copies in use, and last I heard, more than half--perhaps
2/3--participated in Spynet--not sure of the precise figure. Between the
suspected spyware reports and the reports of what is being cleaned, they've
got a pretty good handle on whats out there, and how well they are doing the
job. And their participation in antispyware.org is driving cooperation
among vendors, and reforms among the "legal" commercial spyware vendors.

I believe Spyware doctor has a pretty good reputation, but there can be
quirks or oddities relating to anything you add to your system, and an
antispyware has to hook pretty deeply in order to catch what it is intended
to catch.

--

 

[Guest]

Wow! (the figures)
<snip1) Re lodging suspected spyware reports, I have had only two occasions
to send something to them that came up from the MSAS scans. I'd love to send
a lot more, such as the 'quirks/oddities', as you put it so nicely, that have
happened with using MightyMax and the Doctor, but as I don't know what to
look for to submit for analysis (not being an IT professional) makes it a
moot point for me.

<snip2> I chose to download the Doctor because of the recommendation of the
MSWUGNET. However, also read one of the pc magazine reviews out there, don't
remember which one, which gave a much higher rating to the product they were
reviewing than to the Doctor with which they were comparing, but I had
already downloaded by then, only to scan, and wanted to try it for a while.
The Doctor seems to have other good features too, that was one of the
attractions. Shall I tell you, in another post, of the 'quirks' since
downloading the Dr?

 

[Bill Sanderson]

I probably won't be able to make much of the quirks you mention. I've never
run that app--I've stuck pretty narrowly to running Microsoft Antispyware,
although I did run a Norton trial of their product with antispyware added,
just to see whether there'd be conflicts--I didn't run into any.

http://www.spywarewarrior.com/

is a site I highly recommend in terms of comparing antispyware apps, and
determining which are reputable and which are not--this is a BIG problem in
this field--the spyware vendors are selling their own antispyware apps.

--

 

[Dave M]

Good information Bill, In one of these threads Symantec had told a customer not
to run MSAS in conjunction with their A-S. How extensively did you test, RTP
enabled on both? Anyway, I've gone back to having an open mind about it.
Perhaps it was a political recommendation rather than a purely technical one.
That's something I'd expect, given the players...

 

[Bill Sanderson]

I can't say that I tested very thoroughly--I ran both in a virtual PC, and
tested against some spyware sites to see what happened. Both products
alerted on various things, as I recall, and they alerted on each others
installs, for example.

There'd been lots of traffic about woes of folks running various Symantec
suite products with Microsoft Antispyware, and I wanted to see what my
experience was--I didn't have any problems.
--

 

[Guest]

snip3 -- That's ok. Have done two things. In another MS newsgroup post
(security.homeusers, titled "Limited User Account to browse") have mentioned
a couple of them. An almost immediate response came from someone who has a
prepared response listing various antispyware products with websites, which I
took to mean that he thought I *did* have some problems.
Secondly, today I sent a detailed email about these quirks, and other
comments, to PC Tools, the mfrer of the Dr, so will await their responses.

snip4 -- My experience too, along with your later comments in reply to Dave M.

snip5 -- Thanks for the suggestion. Will check it out. Cheers!
--
CEC4


:
<snip3)

I probably won't be able to make much of the quirks you mention.

 

[Bill Sanderson]

Thanks - good luck!
--

snip3 -- That's ok. Have done two things. In another MS newsgroup post
(security.homeusers, titled "Limited User Account to browse") have
mentioned
a couple of them. An almost immediate response came from someone who has
a
prepared response listing various antispyware products with websites,
which I
took to mean that he thought I *did* have some problems.
Secondly, today I sent a detailed email about these quirks, and other
comments, to PC Tools, the mfrer of the Dr, so will await their responses.

snip4 -- My experience too, along with your later comments in reply to
Dave M.

snip5 -- Thanks for the suggestion. Will check it out. Cheers!
--
CEC4


:
<snip3)

 

[Guest]

Well, Bill, I got a very quick and what I would call a 'standard' reply,
which was not very helpful. I will persevere.

Can I tell you a brief story about cookies and a good outcome (I think).
When I first signed up with my ISP some six months ago, and which forms part
of my nation's official telecommunications provider and is a trusted, most
awarded and reliable service, giving lots of good tips and hints about using
the internet, email, etc, I had started to read about the hazards of cookies
in various Microsoft newsgroup posts, KB articles and what people were
telling me. It was interesting to read some of the articles on various
topics listed in the ISP's FAQs, including one on cookies -- in short, they
said they're not necessarily as dangerous as is made out and are used, in
responsible hands such as theirs, to track usage of their webpages so that
they can tailor the information to what customers wanted. At that time, I
was in two minds about it and was curious that an ISP would say such a thing!
(my ignorance)

My default home page is the ISP's help page, which I chose for the obvious
and as it had a 'cleaner' interface, whereas their other pages had lots of
movement and were quite messy, information-wise. The only animated item on
this particular page is an advertisment for one of their other services and
it's not intrusive. One of the allowed cookies that was listed as a tracking
cookie in the Dr scan is for this ISP.

In the intervening months, I have noticed a gradual change in the
information presented until early this week, after not having used my
computer and IE for a few days, on opening IE I saw that more changes had
been made -- there was a short 'quick links' list added, and the first item
on it was a link to my free Webmail account with them, and four other items I
accessed regularly. The interface had been cleaned up further and now is
much easier to see and use. As you can probably imagine, my immediate
thought was they must know my browsing habits...! Yes, I am aware that
websites get changed frequently and that I am not the only one accessing
those links frequently; that's what the stats counters are for. But, for
me, at that moment, it did have that very personal feel to it, as if they
were taking note of what I needed without my needing to tell them. There was
no element of fear in that thought. Does that make sense?

I thought you'd like to hear this story, Bill, perhaps in support of your
view about legitimate cookie uses, as well as knowing how to use the Privacy
and Security tabs in IE.

 

[Guest]

Bill, have investigated this website -- I think it's an excellent resource,
thank you! The antispyware product comparisons at least confirmed my initial
instincts about Spyware Doctor, that it is a worthwhile product to have
installed and, of course, the MSAS. In conjunction with having NAV2005 using
their IWP as the firewall, MSAS beta1 and configuring IE6 properly in the
Privacy & Security settings (which have done so), keeping everything
uptodate, and also having the Doctor, I think one could be covered reasonably
well. At least I know, as of today, my machine is clean.

 

[Bill Sanderson]

That's an interesting story. I know that a good web developer and his
managers put their time and effort into the features that get the most use.
How that usage gets measured varies with the technologies involved--I know
the sites that I work with don't use cookies--but it's good to hear about a
responsive system, regardless of how that responsiveness was achieved.

--

 

[Guest]

Dear CEC4,
In your reply to Bill you say the System Inoculation Scan works fine, where
is it? I can't find it anywhere and would be very interested it's the results
of such a scan. I have MS AntiSpy Version 1.0.701 which I assume is the same
as your's.
Paul...

 

[Guest]

I was referring to MSAS itself working fine. As mentioned below, my
'thinking' about the system inoculation scan feature was that it *may* have
been incorporated overall within the MSAS real-time protection features (59
checkpoints) because of the high number of live checkpoints being covered by
the program.

Interestingly, I am here today only because I wanted to ask whether the
system inoculation scanning wizard had been reinstated, as I certainly need
it at the moment, as MSAS today discovered a trojan, the first for me with
MSAS; the only other trojans (two) I have experienced were found by my
NAV2005. In today's instance, MSAS found it, NAV and Spyware Doctor didn't,
so there you go! Cheers!