| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: kf_lists at digitalmunition.com (KF (lists)) Subject: Microsoft AntiSpyware - First Impressions Do a software update check with this thing and you get GIANTAntiSpywareMain.exe listening on port 2571 until the software is closed. Feel free to beat on and fuzz that port fellas. =] -KF KF (lists) wrote: > I love how the icon for this product is a big Target. Very > appropreate. Anyone wanna takes bets on how long it takes for someone > to find a hole in the Spynet p2p functions of this beast, what port is > that listening on again? > *grin* > -KF > > James Patterson Wicks wrote: > >> We knew that Microsoft was going to put out an anti-spyware product >> after they bought Giant in December, but I did not figure they could >> re-brand Giant?s software in under a month. Their first shot at >> anti-spyware came out today ? Microsoft AntiSpyware (Beta). I >> installed it on a test machine that I have in the office. Just to be >> safe, I ran a full Spybot S&D scan and then uninstalled the resident >> TEA program since Microsoft AntiSpyware will install an agent if you >> so wish. The only part of the installation that was strange was the >> ?recommended? option of joining the ?Spynet AntiSpyware Community? >> their ?Spyware Neighborhood Watch? that connects you to other >> computers running the Microsoft AntiSpyware software. Don?t know how >> many people will choose that option, but to me it does not make sense >> to connect to a peer-to-peer network of infected computers, encrypted >> traffic or not. >> >> I ran a full system scan and to my surprise, the software found some >> old Timbuktu and Dameware DLL?s that I thought were uninstalled a >> year ago. Were the files harmful? The tool stated that the Dameware >> files were low risk, but the Timbuktu files were high risk. The tool >> also found ?iLookup.GlobalWebSearch Browser Hijacker?, ?StartNow >> Hyperbar Toolbar? and a bunch of ?MiniBug? instances. I was somewhat >> surprised since my machine was ?clean? already. I then set up two lab >> desktops and applied the same clean image on both of them (no >> anti-virus or firewall installed). I then used IE to surf to the >> first ten sites Google brought up when searching for ?online >> gambling? sites. I then ran full system scans using Microsoft >> AntiSpyware on one desktop and Spybot S&D on the other machine. >> Spybot found 65 objects, the Microsoft tool found 92 objects. The >> results were similar except that the Microsoft tool found a few more >> cookies, a bunch of minibugs and something called ?SearchSquire.? >> >> While this was just a quick test to satisfy my curiosity about the >> Microsoft tool, my initial feeling is that the Microsoft AntiSpyware >> is worth a test deployment in the office. This beta expires in July. >> Hopefully the final version will be free and allow for centralized >> domain management. It?s the least that Microsoft can do. >> >> Pat Wicks >> >> Systems and Network Engineer >> > >
Powered by blists - more mailing lists