Is Microsoft ever going to expose ADS to the end user?

[Ira]

Hi Vanguard, If you use Windows Registry Repair, one(1) of the options is
defrag the registry as well as repairing the registry. However, if you find
that MSAS doesn't meet you standards Why are you using it. There is an old
saying, "If you can't say anything nice don't say anything. I for one am
really tired of your constant b****ing. If you can do better then do it.
Ira


: : > Hi again
: >
: > Also a serious answer !
: >
: > Read Marks blog:
: >
: > http://www.sysinternals.com/Blog/
: >
: > Also watch the video:
: >
: > http://www.sysinternals.com/blog/images/spyware-infestation.wmv
: >
: > This is insane...........
:
:
: Yeah, but why single out just bogus anti-malware products? How about:
:
: - Registry defragmenters despite the fact that the registry gets copied
into
: memory and used from there.
: - Anti-virus scanners that have always been as effective a wet paper towel
: in holding back a linebacker.
: - TCP tweaking tools that do nothing to speed up the Internet connection.
: - Duping users into thinking that "web accelerators" (that simply don't
: download all of the content of graphics) are somehow really increasing the
: real bandwidth.
: - Conning users into thinking that a Blocked Senders list of e-mail
: addresses really deters spam as though spammers would really use their own
: valid e-mail addresses and use the same one each time they spew.
: - Memory managers that push processes into much slower virtual memory so
the
: user feels cozy that they lots of "free" memory available which really
means
: that they waste their memory.
: - Misleading consumers into thinking that a consumer-grade UPS protects
: against surges.
: - Stiff twisted braided cable with steel balls on each end that is worn
: around the wrist and is supposed to cure everything that ails the wearer.
: - Ron Propiel's spray on hair. Guess that wrist "healer" doesn't cover
: balding.
:
: Okay the last two don't fit in a computer list but, hey, there are stupid
: consumers buying lots of junk. Computer software has more than its fair
: share of snake oil peddlers, and they aren't limited to just anti-malware
: products.
:

 

[Vanguard]

The major problem now is security applications and frauds from
organised gangs which we have seen with the WMF exploit.

For a newbie/normal user it is so difficult to see frauds, and
IE6 is really helpful to run everything in automagic mode.

Well, the WMF exploit was a flawed graphics rendering engine. It wasn't IE
that empowered this nasty. Firefox's solution was to stop supporting .wmf
files. So if vulnerabilities are found in other file formats, I suppose
Firefox will drop support for them, too, until it ends up supporting few
file formats; i.e., Firefox's decision to drop support for WMF masks the
real cause of the defect. Any user of any browser that downloads the .wmf
file and opens it will get hit. IE permits automatic rendering whereas
Firefox does not. Users of instant messages are also susceptible with
something like over 70 variations of the WMF exploit.

How many users are already bitching about the security model in Outlook
popping up alerts that some process is attempting to use Outlook or the
address book? How many users bitch about the Level1 attachments that get
blocked in Outlook, or are too lazy to change the blocked attachment option
in OE? Security and ease-of-use are the antithesis of each other. You get
one or the other, not both.

Microsoft needs to fix their old WMF vulnerability; else, *everyone* needs
to drop support for it and firewalls, IPS software, and even anti-virus
software should block or kill the file format. But that attitude would
probably kill off lots of file formats, including JPEG (which used to also
have the buffer overrun vulnerability) which has become pervasive. Gee, I
wonder whey Firefox didn't block JPEG objects when its vulnerability was
discovered. I don't think it is the file formats that at fault. It's how
Microsoft implements the rendering of them and the continuing buffer overrun
flaws, so the source of the problem is more basic than just with their
browser.

The first step is Information, not XBOX360 ads everywhere

Only Microsoft has pockets deep enough and mentality to incur a loss on
every Xbox360 they sell
(http://www.businessweek.com/technology/content/nov2005/tc20051122_410710.htm)
and hope the software can keep it afloat. They didn't learn from the prior
model that was also sold at a loss. When non-US companies pull this,
they're accused of "dumping".

 

[Vanguard]

Hi Vanguard, If you use Windows Registry Repair, one(1) of the options is
defrag the registry as well as repairing the registry. However, if you
find
that MSAS doesn't meet you standards Why are you using it. There is an
old
saying, "If you can't say anything nice don't say anything. I for one am
really tired of your constant b****ing. If you can do better then do it.

And that same attitude of not exposing failings results in the restaurant
manager never knowing that his patrons find the food or service lacking.
Since there will be a supply of new and inexperienced patrons, the lack of
complaints only masks the faults. If no one mentions a problem, the problem
is unknown to those that can affect change so the problem remains. I doubt
Microsoft wants to continue expending their resources only to find out that
none of the known problems (to the users) were addressed. Yes, there are
problems with MSAS, Outlook, Windows, and with many of their products. Not
all users do drugs so they are enthralled with everything Microsoft.
Doesn't matter what you use or consume. If there is a problem with it and
you don't complain, then don't YOU bitch about the continuing presense of
the problem because you didn't do anything to help correct the problem.
Only wimps, politically-correct idiots (also wimps), and the easily
frightened never complain, so screw your policy "If you have nothing nice to
say, don't say anything." This is a real world (without drugs or opaque
sunglasses).

As a matter of fact, I do not use MSAS as you do. I've trialed it in its
full splendor and found it lacking. However, I might not throw away that
Swiss Army knife if there are enough blades in it that are still usable. I
*only* use it as an on-demand scanner to use its database of signatures for
malware. As I've mentioned in my other posts, MSAS detects changes too late
and why it can never expose which process or program made the change and
then allow you the choice of allowing or blocking on future such events.
Change the hosts file using Notepad, close Notepad, and maybe 10 to 50
seconds later you get an alert from MSAS that the hosts file got changed.
Too late. Like WinPatrol, MSAS polls for changes. Imagine the rolled eyes
in a news report that mentions the police officer that got shot was donning
his bullet-proof gear and shield but only doing so at intervals and putting
them aside in the meantime. The only recourse is to hope that MSAS can
revert the changes, but going backwards doesn't always get you back to where
you started. Changing MSAS paradigm to instead intercept the events and
pend the process until the user authorizes or blocks would require so much
recoding of MSAS that basically you toss the product and start anew (which
they might do with some drastic new version which is really a new product).

 

[Ira]

I don't say all of your complaints are unfounded but for over a year many of
them have been reported and some of us are really cognizant of what is going
on. I know that I am not being nice but tou entered the NG's very recently
and have done nothing but b***h. Have you read the thousands of threads
over th past year prior to your observations. I for one am not a MS fan but
they are trying to have a very strong and very complete free product. It is
easy to critisize the people who have been putting time and effort into this
really deserve support and not critisism.
Ira



: : > Hi Vanguard, If you use Windows Registry Repair, one(1) of the options
is
: > defrag the registry as well as repairing the registry. However, if you
: > find
: > that MSAS doesn't meet you standards Why are you using it. There is an
: > old
: > saying, "If you can't say anything nice don't say anything. I for one
am
: > really tired of your constant b****ing. If you can do better then do
it.
:
:
: And that same attitude of not exposing failings results in the restaurant
: manager never knowing that his patrons find the food or service lacking.
: Since there will be a supply of new and inexperienced patrons, the lack of
: complaints only masks the faults. If no one mentions a problem, the
problem
: is unknown to those that can affect change so the problem remains. I
doubt
: Microsoft wants to continue expending their resources only to find out
that
: none of the known problems (to the users) were addressed. Yes, there are
: problems with MSAS, Outlook, Windows, and with many of their products.
Not
: all users do drugs so they are enthralled with everything Microsoft.
: Doesn't matter what you use or consume. If there is a problem with it and
: you don't complain, then don't YOU bitch about the continuing presense of
: the problem because you didn't do anything to help correct the problem.
: Only wimps, politically-correct idiots (also wimps), and the easily
: frightened never complain, so screw your policy "If you have nothing nice
to
: say, don't say anything." This is a real world (without drugs or opaque
: sunglasses).
:
: As a matter of fact, I do not use MSAS as you do. I've trialed it in its
: full splendor and found it lacking. However, I might not throw away that
: Swiss Army knife if there are enough blades in it that are still usable.
I
: *only* use it as an on-demand scanner to use its database of signatures
for
: malware. As I've mentioned in my other posts, MSAS detects changes too
late
: and why it can never expose which process or program made the change and
: then allow you the choice of allowing or blocking on future such events.
: Change the hosts file using Notepad, close Notepad, and maybe 10 to 50
: seconds later you get an alert from MSAS that the hosts file got changed.
: Too late. Like WinPatrol, MSAS polls for changes. Imagine the rolled
eyes
: in a news report that mentions the police officer that got shot was
donning
: his bullet-proof gear and shield but only doing so at intervals and
putting
: them aside in the meantime. The only recourse is to hope that MSAS can
: revert the changes, but going backwards doesn't always get you back to
where
: you started. Changing MSAS paradigm to instead intercept the events and
: pend the process until the user authorizes or blocks would require so much
: recoding of MSAS that basically you toss the product and start anew (which
: they might do with some drastic new version which is really a new
product).
:

 

[plun]

Vanguard expressed precisely :

Well, the WMF exploit was a flawed graphics rendering engine. It wasn't IE
that empowered this nasty. Firefox's solution was to stop supporting .wmf
files. So if vulnerabilities are found in other file formats, I suppose
Firefox will drop support for them, too, until it ends up supporting few file
formats; i.e., Firefox's decision to drop support for WMF masks the real
cause of the defect. Any user of any browser that downloads the .wmf file
and opens it will get hit. IE permits automatic rendering whereas Firefox
does not. Users of instant messages are also susceptible with something like
over 70 variations of the WMF exploit.

Hi Vanguard

Have you tested a real site which exploits the WMF problem ?

IE6 opens a wmf file "automagic". The hole is used and also a Ieframe
function to fulfill this Hijack/fraud. Within a few milliseconds.

Done !

Firefox is polite to ask if you want to open this WMF file............

Nevertheless this is going on and I feel sorry for all unpatched PCs
running around like Zombies.

http://castlecops.com/a6459-www_hipshoe_com_Hijacked_Distributing_Possible_WMF_Exploit_File.html

http://castlecops.com/a6462-Public_alert_block_game4all_biz_immediately.html

Internet is great...........

regards
plun

 

[Vanguard]

Vanguard expressed precisely :

Hi Vanguard

Have you tested a real site which exploits the WMF problem ?

IE6 opens a wmf file "automagic". The hole is used and also a Ieframe
function to fulfill this Hijack/fraud. Within a few milliseconds.

Done !

Firefox is polite to ask if you want to open this WMF file............

Does Firefox also ask about every other filetype, like JPEG? It had the
buffer overrun vulnerability, too. If the user chooses to open the WMF
file, they get infected, too. It's not like Firefox actually checked the
content of the WMF to alert you that it is infected. So the user gets
pummeled with more prompts. It isn't the browser(s) that need to be fixed
or altered. It's the rendering engine used to display the image. If
putting more prompts in the way of the user getting a file were all that was
needed to thwart viruses and malware then getting rid of the crap would be
really easy.

Users don't want more prompts. Regardless of how many prompts you push in
their face, they'll ignore the warning or tire of them and start to bypass
them all and thus bypass security. At work in a group of users that should
know better, I've lost track of how many times a user will simply click Yes
(or whatever is the default) to get past a prompt from their anti-virus
program to get on with their real work. They get so desensitized to all the
prompts that they just bypass them and obviate the security. Putting more
prompts in the way only increases secure slightly. How about when the cause
for the security no longer exists? Firefox will continue prompting when
unnecessary. Did Firefox also prompt for JPEG images when they had a buffer
overrun vulnerability and then later stop prompting when the vulnerability
was fixed in the responsible handler? Is it the browser's job to protect
against abuse of file formats due to vulnerabilities in the underlying tools
intrinsic to the operating system? If so, did Firefox prompt for .pdf files
due to the buffer overrun vulnerability in Adobe's reader?

 

[Vanguard]

I don't say all of your complaints are unfounded but for over a year many
of
them have been reported and some of us are really cognizant of what is
going
on. I know that I am not being nice but tou entered the NG's very
recently
and have done nothing but b***h. Have you read the thousands of threads
over th past year prior to your observations. I for one am not a MS fan
but
they are trying to have a very strong and very complete free product. It
is
easy to critisize the people who have been putting time and effort into
this
really deserve support and not critisism.
Ira

How long is the retention period for this group? Yeah, it's not infinite.
I've been here since MS acquired the Giant product and then released it as
beta. Just because you cannot search back that far because the old posts
are no longer retained on the server for the group doesn't mean everything
that was before is no longer. Because posts expire and disappear, claiming
that they are available for everyone to review shows a lack of understanding
of NNTP servers. These posts don't propagate to other NNTP servers, so you
can't use Google Groups with their far longer retention times to do a search
to see just how long I've been here (which can only be measured from my
first post versus when starting to lurk). I'm sure you thinking that I'm
new here makes you feel empowered that this is somehow YOUR private club,
that somehow your presumed seniority qualifies you with upper caste
privileges. Usenet: the great equalizer, and that scares some folks.

This is not an elite club where only those already with the knowledge go
patting themselves on their backs. New users show up and will have no way
to find those old posts - IF they even bother to look. Do you bitch at
every respondent that addresses an "old" topic that has been discussed
before because they are repeating a question on a topic that used to be here
previously or is here still in old-dated posts? If no one were allowed to
readdress a previous topic within a new discussion, most new users coming
here for help, information, argument, or to whine would see this as a dead
newsgroup as no one responds because, per your criteria, no one would be
allowed to respond to a post which consists of a repeated topic.

No, I choose not to follow your "comfort" rules. But since you think I
should, and by equal consideration in return, then perhaps I should post a
slew of rules for you to follow. I bitch, I help, I tease, I watch. My
choice, not yours. So there! <raspberry>

Comfort does not provoke change. Pain provokes change.

<wink wink> Are we having fun yet? );->

 

[plun]

Vanguard pretended :

If putting more prompts
in the way of the user getting a file were all that was needed to thwart
viruses and malware then getting rid of the crap would be really easy.

Users don't want more prompts.

Hi

Well, I kow that and for sure MS knows that.

This is not a browser war, I like Firefox way beacuse I know
that WMF files are dangerous.

But we must go away from this "automagic" scenario, built applications
for "dummies"/"lamers" or for users with education/protections ?

IE7 will directly be attacked and the bad guys will directly
find these backdoors and stupid openings/behaviors and
destroy IE7.

"Close" IE7 for all commercial or company wishes to change the browser.
like stupid toolbars, settings and ActiveX modules.


regards
plun

 

[Vanguard]

Vanguard pretended :

Hi

Well, I kow that and for sure MS knows that.

This is not a browser war, I like Firefox way beacuse I know
that WMF files are dangerous.

But we must go away from this "automagic" scenario, built applications
for "dummies"/"lamers" or for users with education/protections ?

IE7 will directly be attacked and the bad guys will directly
find these backdoors and stupid openings/behaviors and
destroy IE7.

"Close" IE7 for all commercial or company wishes to change the browser.
like stupid toolbars, settings and ActiveX modules.

So, to provide robust web applications, what are you suggesting that
developers use? Are they going to get stuck with having to setup, manage,
and maintain a web server, application server, and use JSP or ASP or similar
server-side web-centric technologies, or use Java applets, hope the user
hasn't disabled Java, and assume the user wants to cache local copies of the
Java applets or application (which I've set to zero to eliminate the Java
vulnerabilities)? That's a lot of setup and work. If you push everything
back to the server and return the browser to just a dumb console terminal,
you increase the load on the server requiring more resources to provide the
services to an ever increasing number of users and we're back to using old
VT-100 dumb terminals and making the server do everything.

As said at http://www.netmechanic.com/news/vol8/brow_no5.htm, "But an even
more pressing concern for corporate users is that Explorer is tied so
closely into the computer's operating system that a security flaw in the
browser could put all data stored on the computer at risk. Because
alternative browsers are standalone software that runs independent of
operating system, security flaws are less dangerous overall." Personally I
don't like Microsoft's attitude of attempting to merge an application into
the operating system. There's enough embedded non-OS fluff already in
Windows. Why doesn't Microsoft also embed their Office product into their
OS? Because Office generates revenue whereas a standalone IE would not, so
it is highly unlikely that IE will devolve into a separate application and
more likely that IE becomes further absorbed into Windows and becomes more
transparent (so all faults in IE become faults associated with Windows).

Vulnerability report: Internet Explorer 6.x
http://secunia.com/product/11/

Vulnerability report: Mozilla Firefox 1.x
http://secunia.com/product/4227/

To equate the graphs regarding how many advisories occured during the same
interval, you have to start looking at each starting from the Aug 2004 date
when the Firefox graph starts showing advisories.

Since Aug-2004
IE6: 37 advisories
Firefox: 26 advisories

Yes, Firefox has had a less *number* of advisories, but for a product that
has a far smaller profile for attack (regarding the number of users) it is
suprising that there are so many advisories for Firefox.

For the 2003-2006 period (for which Firefox is only listed for half that
period), Firefox's *critical* advisories accounted for 4% of its advisories
during that period while 15% were critical for IE for its advisories during
that period. The typical reasoning is that IE is more prevalent than
Firefox, IE is probably better understood or more often the familiar browser
of malcontents, so that is the browser that malcontents most focus upon. It
would be interesting if the statistic and charting were normalized so that
they did NOT include periods when Firefox did not exist so you could see how
each has fared against the other during the same time period. It would also
be more informative if they specified which vulnerabilities were the fault
of the browser and which were the fault of something "under" the browser
(i.e., back to the operating system, JVM, ActiveX, graphics renderers, etc.)
so you could see what were directly the faults of the browsers and not what
they mask which are faults somewhere else.

No, I'm trying to get into another browser flame, either. Use whatever you
want. Firefox is the safer browser ... for now. More fair statistics will
be available when Firefox has increased its user count to 4 times what it is
now (to drop IE's user share from 8 times now that of Firefox; see
http://www.internetnews.com/ent-news/article.php/3575876) and has more time
to engender familiarity amongst the malcontents so they feel their efforts
will have a significant negative impact on the users of the browser they
happen to attack. Although we QA test on various other browsers, we also
recognize that much of that effort is wasted since our corporate customers
don't use those other browsers. Firefox is mostly an end-user phenomena;
i.e., corporate users are not fueling the growth of Firefox. Firefox is
hardly without faults
(https://bugzilla.mozilla.org/buglis...duct=Firefox&content=&order=bugs.bug_severity).

 

[plun]

Vanguard explained :

"a lot about browsers"

I can go back to Mosaic which was the first browser I used

Microsoft and all commercial companys desperatley trying to
find roads to consumers must take a step back and realize that
this is not good enough. It´s shit. For example Toolbars and Active X.

It´s a stinking ugly junkyard and nothing else.

I laugh when I see those new beutiful coloured Live sites...........

But perhaps todays users a totally stupid.

I hope that Google will build a new fresh OS

regards
plun

 

[Vanguard]

Vanguard explained :

I hope that Google will build a new fresh OS

I hope not. Privacy would disappear. Just go use a flavor of UNIX, or are
you really a fan of proprietary operating systems?

 

[plun]

Vanguard submitted this idea :

I hope not. Privacy would disappear. Just go use a flavor of UNIX, or are
you really a fan of proprietary operating systems?

Well,they are probably going to use Linux.......

And I´m sure that MS talks/discuss a lot about this Internet
junkyard and future.

So maybe TPM is the final solution

But it´s impossible for them to discuss this beacuse of proprietary
non competition functions from a few mega vendors.

So how MS solves this mess with IE7, Windows Defendern, Vista will
be really interresting.

I also hope that Google will build this OS or buy a ready ie similar to
Mac OS X.

Competition is fun.......!

regards
plun