Re: SF new column announcement: Microsoft Anti-Spyware?

From: Kelly Martin (kel_at_securityfocus.com)
Date: 01/07/05

  • Next message: Erik Norgaard: "Re: Country to IP range list"
    Date: Fri, 07 Jan 2005 13:47:55 -0700
    To: Matvei Kliuchnikov <matvei.kliuchnikov@gmail.com>
    
    

    Matvei Kliuchnikov wrote:

    >From the article:
    >
    >"because it's holes in Microsoft's operating system that built the
    >entire spyware industry to begin with"
    >
    >That's just plain wrong. Spyware, by it's nature, is installed along
    >with other applications that the user manually installs. Download
    >KaZaa, for example, and you'll find that several other "spyware" apps
    >are installed along with it. This has nothing to do with security
    >vulnerabilites.
    >
    >
    You should really do a bit more reading before making such a definitive
    statement. Only a portion of spyware is installed this way. Most of the
    time the inclusion of spyware along with a legitimate application is
    clearly indicated in the user agreement, but these click-through
    agreements are rarely read and thus, the users gets a little more than
    he is expecting.

    A huge amount of spyware gets installed in an entirely different way,
    however, and has everything to do with vulnerabilities and/or unpatched
    machines. I'm referring to bits of code that are installed without a
    user's permission, just by visiting a website -- via security problems
    with ActiveX, Javascript, JAVA, and unpatched vulnerabilities in
    Internet Explorer. There are many, many examples of this. Have you never
    seen a .DLL downloaded while visiting a website using IE? What about the
    users that you support? It's pretty hard to surf the web nowadays using
    IE without getting some kind of spyware.

    Things to watch for:
    - has your browser's homepage been hijacked?
    - do you see any unwanted toolbars in IE?
    - do you see unwanted pop-up windows when you start IE?
    - are you unable to reach Google.com or Yahoo.com, and get redirected to
    another search engine instead?
    - is there a trojan or keylogger reporting statistics about you back to
    another location
    - [the list goes on, and on...]

    >Obviously, Microsoft has a shoddy record of security problems, but
    >don't confuse the issue and continue spreading FUD.
    >
    >
    >
    I can recommend that you read up on CoolWebSearch as an excellent
    example of nasty spyware that is *not* user-installed, and does in fact
    attempt to exploit vulnerabilities. There are many others.

    Regards,

    Kelly Martin


  • Next message: Erik Norgaard: "Re: Country to IP range list"