Spyware or Virus & Responsibility?

[Adelphia]

I am beginning to see hints of positioning that places keyloggers outside
the realm of the responsibility of Microsoft Ant-SpyWare. By its very title
(SpyWare) there is an implication that this program will prevent "spies"
from capturing your information as you key it. The blurring of
responsibilities fails to serve customers and forces them to purchase
several programs, each claiming to block "this or that" nasty function.

Is Microsoft committed to use Ant-SpyWare to prevent keyloggers from
entering the systems of their customers. This seems to be possible by
preventing the use of Global Hooks by unauthorized programs. Another
prevention appears to be the restriction RootKits, Dll Injections, Service
installs and driver installs from unauthorized programs.

The vast majority of PC users are NOT savvy about this stuff and will
probably have a false sense of security when they use Anti-SpyWare. As with
most companies Microsoft fails to tell the customer what it specifically CAN
and CANNOT do. This leaves the typical customer no better off than before,
especially if they believe that they have more protection than the program
affords. Microsoft defines SpyWare as:
"Spyware is a general term used for software that performs certain behaviors
such as advertising, collecting personal information, or changing the
configuration of your computer, generally without appropriately obtaining
your consent." They do so on the Security At Home/SpyWare page. The
Microsoft Anti-SpyWare program has no clear specific commitment on what it
does, what it does not do, and what it will do (future objectives).

Anti-SpyWare offers SOME protection but what is it committed to do BY
OBJECTIVE ???

Dick

 

[Bill Sanderson]

I don't know what "hints" you are seeing, but I sure haven't seen them.

http://www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx

does not mention keyloggers by name, but by definition, any such utility
trespasses on a number of the top points mentioned in this article. I
believe such software is squarely within the intent of items that Microsoft
Antispyware is intended to remove.

Note that there is likely to be this exception: In a managed corporate
environment, some kinds of "management" software may well include keylogger
functionality. I would expect that when Microsoft releases a managed,
corporate antispyware solution, it will allow management in such a
situation, to exclude detection of such software from notice given to the
end users. (I won't speak to the legalities or ethics of such management
practices--don't know about the former, and can't say anything positive
about the latter.)

So--I don't know of any information to support this supposition--want to
suggest what I should be reading?

--

 

[Ron Chamberlin]

Hi Dick,
Good argument.

I'm going to add to the mix by stating 'there are keyloggers, and there are
keyloggers.'

Some could be placed legally by the owners of a business, some even to
ensure compliance with regulations i.e. stock trading or HIPPA; and then
there are some that may be put into play by virtue of a court order.

The common everyday junk such as those with Spybot32 et al, should get
nabbed by MWAS.

Ron Chamberlin
MS-MVP

 

[Adelphia]

The hints are comments from others on various forums. That, however, is far
from the issue. Reading the suggested links is interesting based on one of
the early sentences -:

"While Windows AntiSpyware (Beta) may provide information and
recommendations about potential threats, the user ultimately makes the
decision to keep or remove any software.".

It should read - While Windows AntiSpyware (Beta) WILL provide information
and recommendations about ALL KNOWN potential threats, the user ultimately
makes the decision to keep or remove any software.

Microsoft, in subsequent language,is seemingly assuming a position of
responsibility should one of these "things" be mis-classified and steal your
financial info. Naturally there will be several hundred words (usually
unread) telling the user that this is not the fault of Microsoft but is the
responsibility of the customer - back to the initial noted sentence where
you MAY receive notice.

It seems that Microsoft heavily relies on posted privacy statements, and
other like information by the company that places a keylogger on your
system. While this is ok Microsoft DOES NOT say that they verify the
information to be correct and accept it on face value. Thus a keylogger may
not be shown, by Microsoft, to a customer because of statements posted on a
web site. This seems to be wholly inadequate and simply a way for Microsoft
to avoid "issues".

As a consumer I should have the sole right to determine what is placed on my
computer. By Microsoft taking the very risky position of determining what
they will tell me about a possibly intrusive piece of code is not what I
want. Companies who feel compelled to use keyloggers, for what they
determine to be legitimate reasons, SHOULD run the risk of the customer
removing their software from their PC.

Let's take an example of one of the so-called legitimate keyloggers. Google
Earth (satellite photos) installs one. Indeed most assume Google to be
legitimate and I am sure Microsoft does so as well. In fact the key logger
only runs when the Google Earth program is running. So all seems well except
that Google gives no warning that there is a keylogger running when their
program runs. Therefore, Microsoft should allow detection and notification
of this keylogger.

Now there are many who will say that Google is not copying anything other
than keystrokes to/from their program. How is that known??? All Google
employees who can access the keylogger code are totally honest. How is that
known??? No, there is no legitimate reason for keyloggers since they, by
their nature, show a negative intent. As I said, companies that use them do
so at their own risk. It is absolutely not the province of Microsoft to step
in an "certify" some keyloggers as ok. This is especially so when they
mainly rely on copy and pasted privacy statements.

Having said all of that, I sincerely hope that Microsoft continues the
Ant-Spyware program. It has the best chance for proper maintenance and
longevity. The many other companies out there do not have the resources or
commercial stability to offer the same potential level of software
performance. The only nasty point is that Microsoft lawyers are being
non-aggressive on this one and possibly exposing customers to keyloggers and
other risky elements. Let the customer make ALL decisions and let the
companies who feel they need to record your keystrokes make simple and plain
statements or run the risk of being deleted. I am asking that Microsoft tell
us the unfiltered information about what is running under Windows. It is
simply wrong for Microsoft to make such important judgments for their
customers.

Dick

 

[Bill Sanderson]

My strong impression is that Microsoft is examining the code involved, when
they "pass" something as "known spyware-free" and not just by the eula and
other representations of the company involved. Take a good look at the
vendor dispute form and see what information they require:
http://www.microsoft.com/athome/security/spyware/software/isv/cdform.aspx

I don't know the technical answer with regard to the Google
controversy--i.e. whether this is a false positive, or what the nature of
the code in question is. False positives are an issue in antispyware work,
and we've seen false positives for keyloggers in these groups before.

I think if google really had a keylogger in place collecting data there
would be a large collection of folks after them about it--I really haven't
seen this in the headlines.

As to whether the product is going to ignore or leave alone something placed
by law enforcement at whatever level, it wouldn't surprise me if that
happened, and it gives me some disquiet--but not a lot.

--