Carr
join:2003-06-20
Gardendale, AL
| What Microsoft Anti Spyware didnt stop
Just upgraded today to Microsoft Anti Spyware Beta 615. Ran a scan. Clean. Later in the day I got from Paltalk ( I use this in my work-daytrading) a notice that there was a Paltalk upgrade to my version. upgraded to version 8.0 build 90. When the newer and improved version was installing ,. Microsoft Anti Spyware stopped MySearch from being installed on I.E. Now I DONT use IE for anything at all except Windoze Updates. My default browser is Firefox 1.0.6. OK. Upgrade went fine except for all of the annoying things that come with Paltalk (why I use GAIM everywhere else)
BUT when I opened 'Fox, I got the damned My Search crap all nestled in the browser. Did a search and deleted just about everything I was able to. Then HiJack This to try to finish the job. There was still a MySearch folder in Program files and I found 3 files that denied being deleted so I renamed them and the folder to something that shall we say is not "flattering". So I guess that the new Microweenie anti spyware program Beta will in the classical sense protect IE, but if you use another browser default forget it. Glad I had Hijack this. Interestingly, I ran a scan with the files from MySearch still on the system (with the Microsoft Beta) and it did NOT detect any of it.
Comments??
Carr McCormack |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH | mysearch is one of the 3 apps out of 50 msas missed on my mini test of spybot and msas. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| reply to Carr
said by Carr  :...Microsoft Anti Spyware stopped MySearch from being installed on I.E... BUT when I opened 'Fox, I got the damned My Search crap all nestled in the browser... Comments?? Carr McCormack If that's how it's designed to work it's despicable. |
|
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
1 edit | reply to Carr
This is an interesting point. But possibly it is as it should be.
Should an MS product interfer with the performance and customization of a rival vendor's product (FireFox)? FireFox pretty much claims invincibility, so what would be MS's excuse in meddling with it?
Also, did you read the description of MSAS? Why expect a product designed to protect Windows to protect against vulnerabilities in other products, products like FireFox that run on/under Windows, but that are not a part of Windows?
Say you were running an ICQ, Apache, Oracle, etc., server. Would you expect MSAS to protect ICQ, Apache, and Oracle?
And if so, would you expect MS to do it for free? And why MS and not the vendors of those other products?
I run MSAS to protect Windows.
I run and recommend SpywareBlaster (free) and KAV (not free, not cheap, but an excellent anti-virus/anti-malware product) to protect FireFox (and Windows).
And I recommend periodic scans with Ad-aware SE. (Spybot S&D and SpywareGuard are also good.)
And if my FireFox gets hijacked I'll report the problem to FireFox, JavaCool (makers of SpywareBlaster) and Kaspersky Labs.
This all said, make sure you report the issue to Microsoft using the interfaces in MSAS. Vendors can't protect us from malware and product interactions they don't know about.
Who knows, MS may be big hearted enough to subsidize rival vendors by adding security for their products.
Or maybe MS is detered by the possiblity of false positives and differences in the definition of spyware and adware causing people to complain that MSAS interfers with the performance of (or sabotages) those rival products. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| said by keith2468 :Um, why would you expect a product designed to protect Windows to protect products that are not a part of Windows? My naivety. |
|
not quite right
I'm not cool enough to be a Mac person
join:2001-06-23
Puyallup, WA
| reply to Carr
said by Carr :BUT when I opened 'Fox, I got the damned My Search crap all nestled in the browser. Comments?? Carr McCormack Funny......I thought that's why everyone was supposed to "switch" to Firefox, because of it's invincibility to spyware! How could this have been MSAS fault?
--
Hey...look another dead horse...let's beat it to death. |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| reply to Carr
Has Firefox become spyware vector? Does my search install on Firefox? If not, which is what i beleive, then ms beta somehow failed to protect in the first instance irrespective of firefox being default browser
Cudni
--
Help yourself so God can help you |
|
HeelYeah
Premium
join:2004-02-11
Raleigh, NC
| reply to Carr
said by Carr :Just upgraded today to Microsoft Anti Spyware Beta 615. Ran a scan. Clean. Later in the day I got from Paltalk ( I use this in my work-daytrading) a notice that there was a Paltalk upgrade to my version. upgraded to version 8.0 build 90. When the newer and improved version was installing ,. Microsoft Anti Spyware stopped MySearch from being installed on I.E. Now I DONT use IE for anything at all except Windoze Updates. My default browser is Firefox 1.0.6. OK. Upgrade went fine except for all of the annoying things that come with Paltalk (why I use GAIM everywhere else) BUT when I opened 'Fox, I got the damned My Search crap all nestled in the browser. Did a search and deleted just about everything I was able to. Then HiJack This to try to finish the job. There was still a MySearch folder in Program files and I found 3 files that denied being deleted so I renamed them and the folder to something that shall we say is not "flattering". So I guess that the new Microweenie anti spyware program Beta will in the classical sense protect IE, but if you use another browser default forget it. Glad I had Hijack this. Interestingly, I ran a scan with the files from MySearch still on the system (with the Microsoft Beta) and it did NOT detect any of it. Comments?? Carr McCormack Another good reason to run as Limited User when surfing the net. |
|
Carr
join:2003-06-20
Gardendale, AL
| reply to Carr
I run 'fox because it browses faster. I dont run a 'nix box right now because I make a living daytrading and none of the software that I have to use will run under Un/Linux or thats where I would be...but that as we all know isnt invulnerable either.
What the intention of my post was , was to pass on what I thought might be interesting to some of the people here since the Microsoft Spyware is a beta. That was all I intended to do. FYI I also run KAV on another machine on my small net here on the boat (Im a liveaboard with 2 fullsize and 1 laptop ). I was aggrevated by what happened but surely not enraged or even angered. As far as what I "expect" out of Microsoft, I ran Linux for a number of years (grew up on Fortran back in the late 60's from there to UNIX, then Linux then NT/2000/then XP) and would still but like I said I cant get the apps I need to run on linux so....I stayed with Linux cause I got tired of the software obsolescence cycles every few years with windows.
I may have posted this to the wrong forum, please excuse me.
Thanks and best wishes
Carr |
|
kangabil
Do It Now, Do It Right
Premium
join:2005-05-15
Australia
| C'mon now, since when has ANY tool picked up 100% of 100% of the trash floating around out there.
And as far as MSAS not picking up trash, putting it in crude terms I thought that all the sniffers we use scanned as the junk came IN looking for signatures and software fingerprints regardless of the browser, not after it got dumped somewhere on our system.
In other words I think you are all correct to a certain degree and I concur that even if it's considered redundant by some to flag their thoughts and doubts, if no one did we wouldn't have BBR, Hmm?
--
Who was that masked man? |
|
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR | reply to Carr
Shame on MSAS. If I'm not mistaken much of Myway is installed in the registry so any browser that reads the registry can be effected, even FireFox. |
|
B
Premium,MVM
join:2000-10-28
| reply to keith2468
said by keith2468 :This is an interesting point. But possibly it is as it should be. Should an MS product interfer with the performance and customization of a rival vendor's product (FireFox)? FireFox pretty much claims invincibility, so what would be MS's excuse in meddling with it? Also, did you read the description of MSAS? Why expect a product designed to protect Windows to protect against vulnerabilities in other products, products like FireFox that run on/under Windows, but that are not a part of Windows? Say you were running an ICQ, Apache, Oracle, etc., server. Would you expect MSAS to protect ICQ, Apache, and Oracle? And if so, would you expect MS to do it for free? And why MS and not the vendors of those other products? I almost can't believe what I'm reading! What are you talking about? MS AntiSpyware, like GIANT before it, is intended to... uh... stop spyware. Whether that spyware infects IE running under Windows, or Mozilla running under Windows, or ICQ running under Windows, or whether the spyware just runs standalone under Windows, an antispyware program is supposed to stop it. How is that NOT obvious?
It almost sounds as if you hate the Firefox advertising blather so much (I do too) that you're happy MS is ignoring actual spyware....
-- B
--
In a realm outside causality and function |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| in reply to no one in paticular.
I find it funny and sad at the same time that the moment some one mentions that somethign slipped throguh the cracks in a beta anti spyware product and nailed a browser supposedly hardened against spy ware the blaim suddenly falls on to msas and not the browser that was infected.We all knew that at soem point spyware would hit firefox. This is just a small example of somethign likly easly cleaned by deleteing a couple files in ffs own directory. Maybe the spywareinstaller used a flaw in firefoxxes xpi install api to infect it via xpi installs. Or maybe it simply extracted it self and changed the configs. I would love to know the url where this happened at. Ill boot to my windows boot tomorow update msas and atempt to recreate it. Im intrested in the vector of the infection. Im guessing its something stupid simple thats just as easy to defend against
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channelopen source dns server for *nix and windows »powerdns.com |
|
B
Premium,MVM
join:2000-10-28
|
No no, this doesn't sound anything like a drive-by, XPI exploit, or other example of a weakness in the Fireweasel.
Rather, the user CHOSE to install software (Paltalk) that was bundled with spyware, and MSAS failed to catch all of it.
Whether Mozilla and/or Firefox are susceptible to drive-bys is an entirely separate matter. (As far as I understand there are only two vectors, both of which present at least one confirmation prompt -- XPI, which is actually whitelisted into uselessness by default, and Sun Java.)
-- B
--
In a realm outside causality and function |
|
Indy Sabre
Sabre Rider From Indianapolis
join:2003-10-02 | reply to Carr
Would a decent realtime AV have likely stopped this? You didn't say whether or not you had an AV app on the infected machine. |
|
nomyway
| reply to Carr
Have none of you figured this out yet? MyWay/MySearch is bundled in all new Dell pc's. Dell pc's use MS Windows. MS won't remove it because of this.
»www.theregister.com/2005/07/15/d···roversy/ |
|
B
Premium,MVM
join:2000-10-28
| ...but it did stop it or remove it, just not all of it.
When the newer and improved version was installing ,. Microsoft Anti Spyware stopped MySearch from being installed on I.E. -- B
--
In a realm outside causality and function |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| reply to novaflare
said by novaflare :I find it funny and sad at the same time that the moment some one mentions that somethign slipped throguh the cracks in a beta anti spyware product... That's not at all how I viewed & responded to (what I thought was & still do believe) was the OP's beef.
I read it as
"Does MSAS only protect the IE Browser?"
Again, I'll say if true that's despicable.
I'd find out the answer myself (does MSAS differentiate & discriminate) except MSAS has excluded my Windows OS from participation in it's MSAS program. |
|
Shadye
Premium
join:2004-10-21
Fallbrook, CA
| reply to B
#1. User installed Paltalk which comes with MyWay "spyware". (I use quotes since its hardly spyware: doesn't sneak onto system and can be uninstalled easily)
#2. Giant has checkpoints for ANY application that tries to modify startup OR IE settings. That's it.
Now, say FreeAppX uses SpywareY. The user installs FreeAppX, and as part of the install FreeAppX modifies the registry putting SpywareY into the: System Startup, IE, Firefox, & ICQ. The user WANTS FreeAppX, but not SpywareY. So, Giant/MSAS blocks the Startup & IE modifications.
Here's the big question, should MSAS block FreeAppX's installer putting SpywareY into Firefox, ICQ, etc?
My opinion: Of course not, that would require MSAS knowing & keeping up with the vectors for EVERY application that can be spywared. |
|
sheiny
join:2005-03-13
Turlock, CA
| reply to Carr
said by Carr :BUT when I opened 'Fox, I got the damned My Search crap all nestled in the browser. I wish Carr had specified exactly what changes My Search made to Firefox. It may have just modified this line in prefs.js:
user_pref("browser.startup.homepage", "about:blank");
I would not expect MSAS to protect prefs.js. Although it could have made many other changes also. |
|
