[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <OF25647610.14594DD0-ON48256F82.003623C4@guoco.com>
From: irfan.syed at guoco.com (irfan.syed@...co.com)
Subject: Microsoft AntiSpyware - First Impressions
Yeah I tried it too, and the only thing it found on my PC was VNC server.
I was, however, impressed that the tool explained very well what the
program was for and how it could be used for spying.
Definitely worth a try.
PS: VNC on my machine is not accessible from outside, so don't even think
to hack me ;)
Cheers,
Irfan
-----Original Message-----
From: full-disclosure-bounces@...ts.netsys.com
[mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf Of James
Patterson Wicks
Sent: Friday, January 07, 2005 12:29 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Microsoft AntiSpyware - First Impressions
We knew that Microsoft was going to put out an anti-spyware product after
they bought Giant in December, but I did not figure they could re-brand
Giant's software in under a month. Their first shot at anti-spyware came
out today - Microsoft AntiSpyware (Beta). I installed it on a test
machine that I have in the office. Just to be safe, I ran a full Spybot
S&D scan and then uninstalled the resident TEA program since Microsoft
AntiSpyware will install an agent if you so wish. The only part of the
installation that was strange was the "recommended" option of joining the
"Spynet AntiSpyware Community" their 'Spyware Neighborhood Watch' that
connects you to other computers running the Microsoft AntiSpyware
software. Don't know how many people will choose that option, but to me
it does not make sense to connect to a peer-to-peer network of infected
computers, encrypted traffic or not.
I ran a full system scan and to my surprise, the software found some old
Timbuktu and Dameware DLL's that I thought were uninstalled a year ago.
Were the files harmful? The tool stated that the Dameware files were low
risk, but the Timbuktu files were high risk. The tool also found
"iLookup.GlobalWebSearch Browser Hijacker", "StartNow Hyperbar Toolbar"
and a bunch of "MiniBug" instances. I was somewhat surprised since my
machine was "clean" already. I then set up two lab desktops and applied
the same clean image on both of them (no anti-virus or firewall
installed). I then used IE to surf to the first ten sites Google brought
up when searching for "online gambling" sites. I then ran full system
scans using Microsoft AntiSpyware on one desktop and Spybot S&D on the
other machine. Spybot found 65 objects, the Microsoft tool found 92
objects. The results were similar except that the Microsoft tool found a
few more cookies, a bunch of minibugs and something called "SearchSquire."
While this was just a quick test to satisfy my curiosity about the
Microsoft tool, my initial feeling is that the Microsoft AntiSpyware is
worth a test deployment in the office. This beta expires in July.
Hopefully the final version will be free and allow for centralized domain
management. It's the least that Microsoft can do.
Pat Wicks
Systems and Network Engineer
This e-mail is the property of Oxygen Media, LLC. It is intended only for
the person or entity to which it is addressed and may contain information
that is privileged, confidential, or otherwise protected from disclosure.
Distribution or copying of this e-mail or the information contained herein
by anyone other than the intended recipient is prohibited. If you have
received this e-mail in error, please immediately notify us by sending an
e-mail to postmaster@...gen.com and destroy all electronic and paper
copies of this e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050107/b260a083/attachment.html
Powered by blists - more mailing lists