Re: SF new column announcement: Microsoft Anti-Spyware?
From: Kelly Martin (kel_at_securityfocus.com)
Date: Fri, 07 Jan 2005 13:47:55 -0700 To: Matvei Kliuchnikov <firstname.lastname@example.org>
Matvei Kliuchnikov wrote:
>From the article:
>"because it's holes in Microsoft's operating system that built the
>entire spyware industry to begin with"
>That's just plain wrong. Spyware, by it's nature, is installed along
>with other applications that the user manually installs. Download
>KaZaa, for example, and you'll find that several other "spyware" apps
>are installed along with it. This has nothing to do with security
You should really do a bit more reading before making such a definitive
statement. Only a portion of spyware is installed this way. Most of the
time the inclusion of spyware along with a legitimate application is
clearly indicated in the user agreement, but these click-through
agreements are rarely read and thus, the users gets a little more than
he is expecting.
A huge amount of spyware gets installed in an entirely different way,
however, and has everything to do with vulnerabilities and/or unpatched
machines. I'm referring to bits of code that are installed without a
user's permission, just by visiting a website -- via security problems
Internet Explorer. There are many, many examples of this. Have you never
seen a .DLL downloaded while visiting a website using IE? What about the
users that you support? It's pretty hard to surf the web nowadays using
IE without getting some kind of spyware.
Things to watch for:
- has your browser's homepage been hijacked?
- do you see any unwanted toolbars in IE?
- do you see unwanted pop-up windows when you start IE?
- are you unable to reach Google.com or Yahoo.com, and get redirected to
another search engine instead?
- is there a trojan or keylogger reporting statistics about you back to
- [the list goes on, and on...]
>Obviously, Microsoft has a shoddy record of security problems, but
>don't confuse the issue and continue spreading FUD.
I can recommend that you read up on CoolWebSearch as an excellent
example of nasty spyware that is *not* user-installed, and does in fact
attempt to exploit vulnerabilities. There are many others.