Detection Updates

[Nathan]

Hey-

Spyware has been great. It has detected and removed a
lot of things that needed to be removed from my pc.

However, recently Spybot and Norton detected and removed
some stuff that MS Spyware did not detect. (I had the
latest version of all three on my PC).

How do you (MSFT) know that Spyware detects the latest,
newest threats on the Internet? Do you cross-reference
the MSFT product with competitor products? How often do
you cross-reference?

Thanks again for the Beta product. It has helped.
Hopefully you continue to make strides in Internet
security (it is a big problem).

 

[D@annyBoy {Beta ID 4XX961}]

I run at least 6 applications to protect my system ina ddition to AV and
firewall

in the real world, there is no 1-for-all application to cover everything

many firewall applications are introducing their products within built in AV and
similar many AV applications bringing in firewalls

your call.................

 

[Bill Sanderson]

I don't know what movements are underway in the industry, but at the moment,
I don't believe that the antispyware operations (as opposed to the antivirus
operations) are sharing such information at this point. There have been
formal attempts to do this in the past, but they have dissolved because of
issues about who can be a member of the group.

One difference you will see between the products you mention is that
Microsoft Antispyware does not scan for cookies. Other products rate
cookies or data miners (another form of cookie) as significant threats. The
industry and onlookers here are not united on this issue.

 

[Nathan]

Nice responses-

The stuff that MSFT Spyware did not catch was not
cookies - it was other Spyware stuff.

MSFT might want to suggest collaboration and sharing on
this, or MSFT may want to acquire some companies that
have additional knowledge on Spyware. Otherwise you are
never going to keep up with the Spyware and you risk
diluting the MSFT brand (opening for Mozilla and others).

 

[Bill Sanderson]

A substantial piece of the advantage of the technology being implemented
here is the Spynet network. About half of the downloads opt into this,
meaning that decisions about allow/block and removals by the program are
reported. Suspected Spyware reports are also collected and used to see what
is happening in the real world. These mechanisms earned the predecessor
product excellent marks on comparative reviews.

 

[Nathan]

The past does not predict the future. Things often
regress to average, suggesting mediocre performance
following excellence. Furthermore, managers tend to be
overconfident.

I would consider trying harder and smarter. Security has
not been a MSFT forte and has left the door open for
Mozilla and others.

Suggestion: pay people to surf the web all day. Pick 30
people or so. At the end of each day, have these web
surfers download major competitor products (Spybot, Ad
AWare - Lavasoft) and run MSFT Anti Spyware and the
competitor products. If the competitor products catch
something that MSFT product does not catch, write it down
and get it in the MSFT product within two days.

Admittedly, I would not mind being one of the 30 web
surfers. Let me know if we can strike a deal.

 

[Bill Sanderson]

They are already working harder and smarter than that, I believe. I believe
that our end-product will be very different than the Giant product it
started out as--but also more effective--better at preventing infection, and
better at cleaning.

I can see that you don't share my view of the abilities of the development
team and their managers--let me know when it goes gold what you think?

 

[Nathan]

I do not have views on abilities of the development team
and their managers. I gave some broad generalities
(regression to mean, overconfidence) based on statistics
that can be easily verified or disproved.

For example, I do know that in general it is not unheard
of for people to be overconfident (e.g., when you get
lots of people in a room they may all they think are
above average at stuff like driving and math, when in
reality not everyone can be above average. this may or
may not be more pronounced in certain industries). I do
not know for certain if this applies to MSFT. Maybe you
should gather all your developers and managers in one
room and ask them (on paper - in private and anonymous)
where they think they stand percentile wise on math,
programming, and other skills relative to everyone in the
room. If everyone says they are above average, then you
know you may have some overconfidence. This may or may
not apply to software development. It may or may not
apply to MSFT. I do not know.

When I say harder or smarter, I am not saying anything
about the efforts, abilities or results of the current
team or managers. It may be that you everyone is working
super hard and smart, and that you may need even more
resources. I do not know. I do know that Spybot most
likely and very recently detected and removed some stuff
(not cookies) on my PC that the MSFT AntiSpyware did not
detect. I proposed a solution because I did not want to
point out a problem with a proposed solution (even if it
was very primitive).

As you indicated, the gold product should speak for
itself. If it is awesome, Mozilla will not gain tons of
market share in browsers due to security as a point of
differentiation.

I do not mean to be overly critical or negative. I
appreciate the MSFT work, and respect that MSFT has tons
of cash and hires the best. I think this message board
and the Beta version are cool ideas by MSFT and
appreciate your responses, and the chance to provide
input.

Please do not misinterpret my views on the development
team. Otherwise I may quit posting.

 

[Ron Chamberlin]

< I appreciate the MSFT work, and respect that MSFT has tons of cash and
hires the best. >

Bill, I think we're getting shorted here.

Ron Chamberlin
MS-MVP

 

[Ron Chamberlin]

Hi Nathan,

As you indicated, the gold product should speak for itself. If it is
awesome, Mozilla will not gain tons of
market share in browsers due to security as a point of differentiation. >

When MWAS goes gold, I'm not sure that will affect Mozilla one way or
another.
My concern if any with that product is if there will be sufficient support
to patch it quickly some day. As its' user base grows, the likeliehood of a
vuln being expolited grows exponentially.

I do not mean to be overly critical or negative.>

You aren't being that. I'm sure the Softites reading this appreciate that
you took the time to express your thoughts so well.

I appreciate the MSFT work, and respect that MSFT has tons of cash and
hires the best. I think this message board
and the Beta version are cool ideas by MSFT and appreciate your
responses, and the chance to provide
input. >

Thanks. If you do come across anything that you think MWAS misses, please
help out and submit a Suspected Spyware Report from the MWAS toolbar.

Please do not misinterpret my views on the development team. Otherwise I
may quit posting.>

Your views are well thought out, well said, and appreciated. Besides, you
didn't call them any names.

Ron Chamberlin
MS-MVP