Antispyware does not detect spyware

[Guest]

MS Antispy b1 consistently fails to detect spyware even on full system scan.
I do a weekly scan with MS Antispy followed by Adaware which detects numeruos
spyware, something like 10-30 items each weekly scan.
Can anyone suggest a reason for this?

 

[plun]

Hi

Adaware detects tracking cookies, MSAS not within Beta 1.
Click o the "golden lock" within Adaware and check your log files,
probably all of them are tracking cookies or gold miners.

It´s up to you to deside if you believe tracking cookies are "evil".

Microsoft will not at precense, it´s up to you !

Searchwords "debate tracking cookies"

http://www.google.com/search?hl=en&lr=&client=opera&rls=sv&q=debate+tracking+cookies&btnG=Search

So this is hot ! The major problem is that tracking cookies are used
in conjunction with spyware. The bad guys also uses them. So for me
they are "dead" ie evil.

 

[Guest]

Good morning Denis;

Could you give us an idea of some of the spyware your other AntiSpyware
utility is finding that Microsoft AntiSpyware is not detecting? If its
anything to do with cookies, that is known issue, beta 1 does not detect
cookies.

Engel

 

[Guest]

Hi Denis

The simple answer is Adaware is finding cookies and MS Antispy doesnt scan
for cookies as they are not a threat to your system and contain no code,

You can delete cookies easily by going to start menu > C:/drive > Documents
and Settings > YourUsername > Cookies and opening that folder, Delete any you
dont want from there,

Another option is open a IE browser window and goto tools on the top bar ,
choose Internet Options then press delete cookies,

Third option is from the same page (Internet Options) press the Privacy Tab
and click Advanced - Here you can block and restrict cookies getting onto the
system but they are very usefull to remember usernames & passwords on sites
so only restrict third party cookies if you use that option.

If you take away the cookies then you will not see a big difference in scan
results but if you feel Adaware is detecting spyware that MS Antispy is
missing this is the right place to post details on that, You can copy and
paste the adaware scan results on here if you feel that its needed by using
the Lock icon on Adaware from the main menu.

Andy

 

[Adelphia]

Has Microsoft announced that they will eventually detect cookies that are
deemed unsavory? The selection of cookies to be killed off should be the
choice of the user. I am disturbed that Microsoft is not filtering cookies
because such activity may jeopardize some commercial relationships. I agree
that unless something is of clear benefit to me it should be blocked. The
Lavasoft free AdAware seems to do a reasonable job but probably misses some.
The problem is that new intrusive cookies are easier to create than viruses
so the list is endless. There must be some characteristic unique to trackers
and loggers that triggers an alarm (with options) upon initial attempts to
enter your PC. Some are so bad (loggers) that once they are in they send
your data "home" until your next scan.

Dick

 

[Guest]

Tracking cookies, which many anti-spyware programs detect, are usually
installed by websites you visit so that they remember who you are when you go
back there, e.g. Amazon.com, and your browser is easier to use because of
them. Take carfeful note if you are using Yahoo antispy or other antispyware,
of the recommendations they display. They may tell you that you may want to
keep tracking cookies for the above reason. If you are suspicious of anything
you should delete it, then if you find out you wanted it just let it
re-install when you go back to the site. Strictly speaking stored ids and
passwords are tracking cookies. You may well want to keep those unless you
are a keyboardoholic.

 

[plun]

Hi

Microsoft and the other partners within the antispyware coalition
probaly talks a lot of about this challenge.

http://www.antispywarecoalition.org/ within tab "About ASC" you see
all members.

Until something is "consensus" about this it´s up to the user to
decide, we have no "Big Brother" telling us what´s right or wrong with
these.

I can understand some business needs, but I am totally against this
"click economy", really primitive ! something better must be invented.

--
plun



Adelphia wrote :

 

[Guest]

MS Antispy b1 consistently fails to detect spyware even on full system
scan.
I do a weekly scan with MS Antispy followed by Adaware which detects
numeruos
spyware, something like 10-30 items each weekly scan.
Can anyone suggest a reason for this?

And the reason why you are deliberately hiding WHAT, ahem, spyware was
detected is? Since you don't bother to tell us WHAT you see in Ad-Aware,
you've deliberately left us in the dark.

 

[Guest]

Has Microsoft announced that they will eventually detect cookies that are
deemed unsavory?

Who is going to become the Cookie Dictator to decide which domains try to
save "bad" cookies on your host? Viruses, spyware, trojans, and such are
deemed such because of their behavior. If cookies were blocked or purged
based on their behavior then all cookies would get blocked or deleted - and
you already have that option within IE to configure it to never accept
cookies.

Rather than wasting time compiling a huge list of "bad" cookie domains
(based on someone else's choices than you), Microsoft should instead
incorporate a cookie whitelisting function. You decide which cookies you
want to keep and all the rest are either blocked or forced to be per-session
cookies (they get deleted when IE is exited). Many sites won't function
correctly unless you save their cookie but it only needs to be around while
you are there, so purging all non-whitelisted cookies after exiting IE would
force them to be per-session cookies. Then you don't need to bother wasting
time compiling a bad cookie list to include in frequent updates based on
criteria which was NOT that of the user.

If you want to provide for some cookie management now then go configure IE's
cookie options. I set mine to allow 1st-party cookies, block 3rd-party
cookies, and allow per-session cookies (because they expire and get deleted
when you exit IE). There are also LOTS of cookie managers out there that
provide whitelisting. Some popup blockers, like PopUpCop, also provide
cookie whitelisting. If you want to manage your cookies then do so. You
not vacuuming the floor after dropping cookie crumbs all over and leaving
them there is your fault.

Anyone know if cookie management got any better in IE 7 beta?

 

[plun]

Vanguard used his keyboard to write :

Anyone know if cookie management got any better in IE 7 beta?

It seems to be the same functionality within IE7 Beta 1 as I can see.

Maybe a "Whitelist" is a solution Or use Spywareblaster for a
"blacklist" .............

A newbie or "normal user" never touches any settings within IE tools !
They never changes anything from "defaults", nothing under the hood.

 

[Adelphia]

I agree on your Whitelist approach. It keeps the number of items manageable.
Perhaps create a learning mode whereby you can "carefully" go to each site
that you frequent on a trusted basis and the program will list cookies from
those "good" sites in an acceptable list.

The problems arise when "Joe Six-Pack" leaves learning mode and is told that
there is a cookie from the next site he visits. The program should provide a
description of the cookie in some manner so the typical home user has enough
information to make a rational decision. This becomes difficult since
warnings from the usual spyware detections rely on negative listings and can
tell an unskilled user that this is a nasty cookie and why based upon a
history of complaints. I do not see how that can be done without some
technical analysis of the cookie by the program. Does anyone know of
techniques that actually analyze a cookie to see if it is "good"? Otherwise
it seems that we are back at the blacklist if a reasonable amount of info is
to be given to the customer to make a sensible decision about a cookie.

Dick

 

[Tom Emmelot]

Hoi Plun,

new spyware?

gold miners?



Regards >*< Old Digger >*<

 

[plun]

Yes

Dataminers But whats the difference
to tracking cookies ?

 

[Guest]

Vanguard used his keyboard to write :

It seems to be the same functionality within IE7 Beta 1 as I can see.

Alas, Microsoft is still shortsighted. I suppose the other option is to
disable all cookies and then have it prompt you whereupon you can select to
block or allow the cookie, or go edit the cookie list yourself for the few
domains where you want to use them and keep them (Internet Options ->
Privacy -> Sites). If you use SpywareBlaster's "bad" cookie list, you'll
see them listed there already.

Maybe a "Whitelist" is a solution Or use Spywareblaster for a
"blacklist" .............

Personally I don't like blacklists. Even with SpywareBlaster, I
occasionally look at the list to make sure the author's choices match my
own. (BTW, SpywareBlaster does NOT function as the author now claims but as
the author used to claim. It will NOT prevent the AX malware from getting
onto your machine.)

A newbie or "normal user" never touches any settings within IE tools !
They never changes anything from "defaults", nothing under the hood.

As is evident from all the lazy users asking how to make OE stop blocking
attachments because they bother to look at the options. However, if they
are too lazy to look at the options, they are too lazy to be using a
security product.

 

[Guest]

Does anyone know of techniques that actually analyze a cookie to see if it
is "good"?

From what I see of the blacklists for "bad" cookies, they are by domain.
That is, how the domain uses their cookie is bad for the user. It's just
data within a cookie, so even a simple and innocuous looking string like
"gh89llll" might not mean anything to the user that had a utility to look
into the cookie but to the site it is the encoded string telling that site
when you last visited them, or where you came from, or other encoded
information. It would be like trying to use Notepad to look at an SQL
database: you would see a bunch a values but YOU wouldn't know how they were
used or what they meant.

From what I recall of cookies, a cookie lists its owning domain. Only that
domain can use that cookie. So a "bad" site cannot try to hide its cookie
under some other domain's name (by changing the domain field within the
cookie) because then that "bad" site couldn't use their own cookie. So
whitelisting works to let you keep only those cookies that you really need.
IE already has a whitelisting feature (Internet Options -> Privacy ->
Sites). You can add good domains with the Allow attribute and then
configure IE to block all other cookies. If you find a site where you want
to keep their cookie then you can add them to the Allow list. However, this
doesn't help for sites where you don't want to permanently save their cookie
but would like to permit it as a per-session cookie. Their site may not
function properly without their cookie, so let them have it while you are
there, and then forcibly delete it after you leave (i.e., if not whitelisted
in the Allow list, force all other cookies to be per-session cookies).

I have maybe less than a dozen domains where I trust their use of their
cookies. Management of a dozen good sites - and which are of MY choosing -
is a lot easier than managing a blacklist of thousands of domains unless, of
course, you are lazy and let someone else decide for you what sites are
"bad". There are already plenty of cookie managers available to makeup for
IE's lack of per-session handling of non-whitelisted cookies. IE does have
a whitelist (by setting Allow on a domain) but it doesn't have a means of
forcing all other cookies to be per-session cookies.

 

[plun]

Vanguard submitted this idea :

Alas, Microsoft is still shortsighted. I suppose the other option is to
disable all cookies and then have it prompt you whereupon you can select to
block or allow the cookie, or go edit the cookie list yourself for the few
domains where you want to use them and keep them (Internet Options -> Privacy
-> Sites). If you use SpywareBlaster's "bad" cookie list, you'll see them
listed there already.

Well, speaking for myself I never uses any "blacklists" and if it is
shortsighted or not with IE7 I don´t know.

There is no other alternatives for companys using these tracking
cookies for ads business and sales.

And MS is for sure aware of this.

For myself I removes them perhaps once a week. Some of these are also
within my TrendMicro PC cillin protection to "always remove" after a
scan.

Personally I don't like blacklists. Even with SpywareBlaster, I occasionally
look at the list to make sure the author's choices match my own. (BTW,
SpywareBlaster does NOT function as the author now claims but as the author
used to claim. It will NOT prevent the AX malware from getting onto your
machine.)

True

A "whitelist" must be really difficult to maintain in worldwide
perspective and from who ?

As is evident from all the lazy users asking how to make OE stop blocking
attachments because they bother to look at the options. However, if they are
too lazy to look at the options, they are too lazy to be using a security
product.

Well, they are maybe lazy but the biggest user group never touches
anything under the hood, thats it.

Everything must be "default" for all program settings and automagic
controls for example security/defs updates and/or to start a scan.

And noone can change this fact about going "under the hood" and change
settings for a majority of users. Mission impossible.

 

[Ron Chamberlin]

Hi Denis,
In the Beta1 version, the program doesn't go into the cookie jar, nor does
it chase data miner objects.

As you can see from the rest of the thread, cookies are an item of hot
contention.

Ron Chamberlin
MS-MVP