Re: SF new column announcement: Microsoft Anti-Spyware?

From: Kelly Martin (kel_at_securityfocus.com)
Date: 01/07/05

  • Next message: Erik Norgaard: "Re: Country to IP range list"
    Date: Fri, 07 Jan 2005 13:47:55 -0700
    To: Matvei Kliuchnikov <matvei.kliuchnikov@gmail.com>
    
    

    Matvei Kliuchnikov wrote:

    >From the article:
    >
    >"because it's holes in Microsoft's operating system that built the
    >entire spyware industry to begin with"
    >
    >That's just plain wrong. Spyware, by it's nature, is installed along
    >with other applications that the user manually installs. Download
    >KaZaa, for example, and you'll find that several other "spyware" apps
    >are installed along with it. This has nothing to do with security
    >vulnerabilites.
    >
    >
    You should really do a bit more reading before making such a definitive
    statement. Only a portion of spyware is installed this way. Most of the
    time the inclusion of spyware along with a legitimate application is
    clearly indicated in the user agreement, but these click-through
    agreements are rarely read and thus, the users gets a little more than
    he is expecting.

    A huge amount of spyware gets installed in an entirely different way,
    however, and has everything to do with vulnerabilities and/or unpatched
    machines. I'm referring to bits of code that are installed without a
    user's permission, just by visiting a website -- via security problems
    with ActiveX, Javascript, JAVA, and unpatched vulnerabilities in
    Internet Explorer. There are many, many examples of this. Have you never
    seen a .DLL downloaded while visiting a website using IE? What about the
    users that you support? It's pretty hard to surf the web nowadays using
    IE without getting some kind of spyware.

    Things to watch for:
    - has your browser's homepage been hijacked?
    - do you see any unwanted toolbars in IE?
    - do you see unwanted pop-up windows when you start IE?
    - are you unable to reach Google.com or Yahoo.com, and get redirected to
    another search engine instead?
    - is there a trojan or keylogger reporting statistics about you back to
    another location
    - [the list goes on, and on...]

    >Obviously, Microsoft has a shoddy record of security problems, but
    >don't confuse the issue and continue spreading FUD.
    >
    >
    >
    I can recommend that you read up on CoolWebSearch as an excellent
    example of nasty spyware that is *not* user-installed, and does in fact
    attempt to exploit vulnerabilities. There are many others.

    Regards,

    Kelly Martin


  • Next message: Erik Norgaard: "Re: Country to IP range list"

    Relevant Pages

    • Re: 180 Search Assistant
      ... things which are currently "in use" before it can then clean up others. ... Another excellent program for this purpose is SpyBot Search and Destroy ... Spyware and Hijackware Removal Support, ... X installs) (BTW, SpyWare Blaster is not memory resident ... ...
      (microsoft.public.win2000.general)
    • IE is a security hole
      ... I recently had a run in with spyware, you know, the software that stealthily ... I removed several spyware programs, including btlink, ... gator, adn savenow, only to have btlink come back three times now. ... all IE configurations to only allow active-x installs "with prompt". ...
      (microsoft.public.win2000.security)
    • info on spyware
      ... installs on you computer without your knowledge, ... conducting online activity that you ... Most spyware applications ... Ad-Aware performs many of the functions as Spybot search ...
      (microsoft.public.windowsxp.security_admin)
    • Re: info on spyware
      ... >installs on you computer without your knowledge, ... Most spyware applications ... >You can get Spyware search and destroy at: ... >Ad-Aware performs many of the functions as Spybot search ...
      (microsoft.public.windowsxp.security_admin)
    • Re: "barcode"trojan ?
      ... Sounds like spyware trying to send its data home. ... installs and from AciveX security set too low. ... > called mspool.exe,again,barcode icon,non legit file. ... > my main problem is how are these items appearing in my sys32 folder?. ...
      (alt.computer.security)