Home page false positive (blank.htm)

[Winguy]

I created my own webpage for startup, located in and
named:
%SystemRoot%\system32\blank.htm

It was composed of ONLY these exact lines:

<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<H1>My Blanked Page</H1>
</BODY>
</HTML>

I use it in case my network is down (to avoid lengthy
delay at the opening of a browser).

To my undying annoyance MS AntiSpyware identifies it as a
hijacker! I think anyone can duplicate this fact. What
bothers me is that ONLY the filename is being looked at
and not the file content! Looking ONLY at filenames as a
method of identifying malware is a *very* dangerous and
potentially system damaging method of identifying
malware. It's just not an industry standard way
of "positively" identifying malware. I spoke about this a
few months ago, and I'm disappointed that this problem
still exists at the end of April 2005, as it severely
lowers trust about the capabilities of AntiSpyware to
properly identify malware.

I'd much rather that filename comparisons be completely
removed from MS AntiSpyware as a method of identifying
malware, because the possibilities for false positives
are just too great.

Just my 2c on this issue ...

 

[JohnF.]

There is a blank option in the browser settings, you didn't have to create
your own.

 

[Guest]

-----Original Message-----

There is a blank option in the browser settings, you didn't have to create
your own.

??? I certainly knew about that configuration option
already, but JohnF your comment to my post leaves me
confused nonetheless. I don't understand how your comment
means much of anything as concerns how I've demonstrated
that MS AntiSpyware can come up with a false positive
because it's looking at nothing but a file name instead of
at least also looking at the file content when a supposably
suspicious filename is encountered. And THAT is the
problem, and I maintain that it's a very, very bad problem.
A filename is definitely insufficient reason in of itself
to classify ANYthing as malware, IMHO.

 

[JohnF.]

In this beta, the program can have difficulty in determining whether YOU
want the change or something else is making the change. The change is the
key here, MSAS is protecting you from a change being made. You should have
the option of allowing the change however so I'm not sure why you are being
given the option or you just aren't seeing that option.

Did you try just selecting the blank option in IE? What happens?

 

[Bill Sanderson]

The product does this in a variety of circumstances--not necessarily
involving the blank page.

My advice as a workaround is to go to the tools, advanced tools, browser
hijack settings, and plug your desired settings in there, including the home
page--in two places, as I recall.

In my experience, this helps.