Microsoft Anti-Spyware Beta Due 6th January

mimo2005 · 01-04-2005, 10:29 PM

Exclusive: Microsoft Anti-Spyware Beta Due 6th January
Tom Warren on 03 Jan 2005

Microsoft have just finished distributing an internal Beta 1 escrow build to internal beta testers. "Atlanta" is the code-name for Microsoft's rehashed GIANT Software Anti-Spyware. In a memo internally, the company looks clear to distribute the software this coming Thursday calling it "new, it's fresh, and it's all good".

Encouraging employees to install the Beta is one of the many ways Microsoft tests Beta products internally. It's not clear whether the release this Thursday will be a public beta or a private external beta.

Microsoft is currently detecting Messenger Plus! as Spyware.

mimo2005 · 01-05-2005, 03:22 PM

People complain that Windows doesn't have A/V, AntiSpyware or sophisticated firewall integrated, but if they did, MS's likely to get sued by other companies.

Microsoft Anti-Spyware will be free for download very soon .i ll keep you posted .

elf · 01-06-2005, 08:45 AM

Microsoft AntiSpyware Beta now available for download.

originally posted by DAI

**jgvernonco** · 01-06-2005, 09:17 AM

Quote:

Originally Posted by mimo2005

People complain that Windows doesn't have A/V, AntiSpyware or sophisticated firewall integrated, but if they did, MS's likely to get sued by other companies.

Microsoft Anti-Spyware will be free for download very soon .i ll keep you posted .

I think that one of the things thast will help protect them from action by spyware vendors is the Spynet Network, which they are retaining in their version of the Giant product. As intrusions, not wanted by the user, are reported over the network, and the network responds to the report, the whole thing "self selects" malware.

So, MS can say, "You may not think that your program is a baddie, but the users of Antispyware think your program is a baddie. We are really not in a position to argue with them".

That network setup, if it really works, is the most interesting part of this whole venture.

mimo2005 · 01-06-2005, 09:31 AM

Quote:

Originally Posted by elf

Microsoft AntiSpyware Beta now available for download.

originally posted by DAI

here you go ,
thank you elf for the prompt update .and jg i agree with you !

**epos159** · 01-06-2005, 11:15 AM

Has anyone tried this yet, and if so, is it any good??

Please let me know what you think!

~Eric

mimo2005 · 01-06-2005, 04:26 PM

i tried it , i like the real time protection from threats that try to change or modify your settings or applications, but it says this version is valid until july 2005 ,this version expires in 206 days .
maybe because it s a beta version .

Col Colt · 01-06-2005, 05:43 PM

I'll give it a thumbs up! Ran it just a few minutes ago and nothing was found. No surprise with all the other spyware downloads I have running. I would have been disappointed if it HAD found something.

**YeeFam** · 01-07-2005, 11:44 AM

Working ok so far -
Turned off auto-update (will update manually)
Turned off joining SpyNet Community (Use TSF!)

greyknight17 · 01-07-2005, 11:52 AM

Brave people here. LOL.

I read this article yesterday about it's release and hesitated to test it out myself. Seems that there are bugs in this program that will crash your system sometimes (I know I know, just like any other programs

).

Yep, only 206 days left for it. I think it's going to be free also, but some users online said that it's probably limited days because they are trying to make a retail/paid version.

**YeeFam** · 01-07-2005, 12:39 PM

My system is pretty simple - I do not have any other real-time anti-spyware, only Ad-Aware SE.

It is not stress tested - in the last 3 months Ad-Aware caught only one spyware entry that was in my registry. Sites I surf or stuff I download are pretty much free of the spyware stuff.

**Fox** · 01-07-2005, 01:45 PM

I guess someone forgot to mention to the developers that some people out there still use 98...

**petercj** · 01-14-2005, 03:57 AM

I've heard that the beta version of MS Spyware is outpacing Adaware and Spybot in that it is picking up stuff that has been left by the other two.

Anyone tested it in such a way and found the same?

**jgvernonco** · 01-14-2005, 08:13 AM

I should have been better prepared for this; unfortunately, I don't keep most of the newsletters I get, as I only have a 40 gig HD

e-week did a little comparison test, and the results were mixed. M$ was poor at IDing cookies (which really isn't all that horrible) and did produce more false positives.

M$ did locate some things that AWA and SB didn't, but the reverse was also true.

They summed it up by saying thast they thought, overall, that one could depend on it.

One of the ZDNet newletters also had a mini-review, and they said it needed some work, but was satisfactory, over-all. I am sorry, Peter, but I don;'t remember exactly where they wanted the work done.

One of the ZDNet reviewers said that, if M$ charged for the use of the program, they would recommend that everyone use the free programs, as there was no reason to pay for M$...it just wasn't that good.

All from memory, but perhaps a useful over-view.

**petercj** · 01-14-2005, 08:51 AM

Hi

Thanks for that input.

As a newbie to the academy I'm trying to find an "entry point" into the world of malware - what I mean is that trying to commit all the malcode to memory seems quite daunting. Maybe that is the only way, but I wonder if anyone has got any suggestions for the best place to start.

I was wondering whether it might be easier to start with concentrating on one particular group such as coolware ? Or perhaps there is a family of bad stuff that could be used as a starting point?

Are there some generic principles that help to guide the eye when looking over scans?

I have been looking through the scans that are posted up and the mods comments, are there any patterns to look for? I looked at one last night and around 20% of the script had been high-lighted in red and I thought gees there must be thousands of variations of bad code.

Thanks for any advice/comments

Peter

**Detah** · 01-14-2005, 09:37 AM

I just went to Windows Update page to do my periodic update and I saw the 'critical update' for "Malicious Software Removal Tool". Is this Malicious Software Removal Tool the same thing as the MS AntiSpyware Wizard?

**jgvernonco** · 01-14-2005, 10:03 AM

Detah,

No it is not. That is a separate tool, developed entirely by MS. I have not heard that much about it since it came out, so I really don't have any comments.

Peter,

First, I just received this eweek article on the prog in question; different from the others, but falls in the same take, I think:

http://www.eweek.com/article2/0,1759,1750254,00.asp

As to your question about recognizing malware, I would say that doing this is not much different than what I had to do in both Paramedic and Nursing Schools; that is, one learns to recognize the normal, which then allows the abnormal to stand out. That's why going over logs is so important; you get used to what is normal, so the hairs go up on the back of your head when you see something that you don't know, and you research it. Initially, 98% of what you research will be legit, and you will research the same things more than once, due to your imperfect human memory.

In fact, if I don't see an entry for a month or so, and then run into it again, I just know that it is legit...but I am not sure...off to Google land I go.

Keeping with the first analogy, Docs and Nurses don't know every desease out there (that would be impossible), but they do know abnormal signs and symptoms, and they can research those clusters and find out which deseases and/or infections produce those symptoms. Then, all they need to do is figure out how to separate possibility A from possibility B. When they do that, apply whatever test or procedure that calls for, and get the result that they were looking for, it's called a "differential diagnosis". Sometimes, they may not even know that they are correct until the treatment works.

Knowing that a person has Hepatitis doesn't mean squat; knowing what kind of Hepatitis it is will allow you to treat it. Knowing that a system is infected with CoolWebSearch doesn't mean squat; know what morph of CoolWeb Search will allow you to treat it.

I think we have a link in the school for the CoolWebSearch Chronicles...read the thing all the way through, and you will have a solid idea about how CWS, and most of the other existing families of malware, can change, abruptly and drastically.

Memorizing infections won't help, because they will change on you, almost daily. Knowing that "that ain't right" is where you need to go.

01-04-2005, 10:29 PM	#1 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 11,127 OS: xp	Microsoft Anti-Spyware Beta Due 6th January Exclusive: Microsoft Anti-Spyware Beta Due 6th January Tom Warren on 03 Jan 2005 Microsoft have just finished distributing an internal Beta 1 escrow build to internal beta testers. "Atlanta" is the code-name for Microsoft's rehashed GIANT Software Anti-Spyware. In a memo internally, the company looks clear to distribute the software this coming Thursday calling it "new, it's fresh, and it's all good". Encouraging employees to install the Beta is one of the many ways Microsoft tests Beta products internally. It's not clear whether the release this Thursday will be a public beta or a private external beta. Microsoft is currently detecting Messenger Plus! as Spyware. __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"

01-05-2005, 03:22 PM	#2 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 11,127 OS: xp	People complain that Windows doesn't have A/V, AntiSpyware or sophisticated firewall integrated, but if they did, MS's likely to get sued by other companies. Microsoft Anti-Spyware will be free for download very soon .i ll keep you posted . __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"

01-06-2005, 08:45 AM	#3 (permalink)
elf Assistant Manager, Microsoft Support Join Date: Jul 2002 Location: Knoxville, TN or Austin, TX depending Posts: 6,202 OS: WinXP Pro SP2 and Slackware 10.1 My System	Microsoft AntiSpyware Beta now available for download. originally posted by DAI __________________ If TSF has helped you, Tell us about it! or Donate to help keep the site up! I do not subscribe to threads, so if I stop replying, PM me with a link to your thread so I can find it again.

01-06-2005, 04:26 PM	#7 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 11,127 OS: xp	i tried it , i like the real time protection from threats that try to change or modify your settings or applications, but it says this version is valid until july 2005 ,this version expires in 206 days . maybe because it s a beta version . __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"

01-07-2005, 11:44 AM	#9 (permalink)
YeeFam Mac Tech, Alternative Computing Forums Join Date: Nov 2004 Posts: 254 OS: MAC OS X (Unix)	Working ok so far Working ok so far - Turned off auto-update (will update manually) Turned off joining SpyNet Community (Use TSF!)

01-06-2005, 11:15 AM	#6 (permalink)
epos159 I helped the forums. Join Date: Dec 2004 Location: PA Posts: 553 OS: Windows XP Home	Has anyone tried this yet, and if so, is it any good?? Please let me know what you think! ~Eric

01-06-2005, 05:43 PM	#8 (permalink)
Col Colt Registered User Join Date: Dec 2004 Posts: 111 OS: WinXP	I'll give it a thumbs up! Ran it just a few minutes ago and nothing was found. No surprise with all the other spyware downloads I have running. I would have been disappointed if it HAD found something.

01-07-2005, 11:52 AM	#10 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,327 OS: Windows 98 & Windows XP Home/Pro My System	Brave people here. LOL. I read this article yesterday about it's release and hesitated to test it out myself. Seems that there are bugs in this program that will crash your system sometimes (I know I know, just like any other programs ). Yep, only 206 days left for it. I think it's going to be free also, but some users online said that it's probably limited days because they are trying to make a retail/paid version. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

01-07-2005, 12:39 PM	#11 (permalink)
YeeFam Mac Tech, Alternative Computing Forums Join Date: Nov 2004 Posts: 254 OS: MAC OS X (Unix)	My system is pretty simple - I do not have any other real-time anti-spyware, only Ad-Aware SE. It is not stress tested - in the last 3 months Ad-Aware caught only one spyware entry that was in my registry. Sites I surf or stuff I download are pretty much free of the spyware stuff.

01-07-2005, 01:45 PM	#12 (permalink)
Fox TSF Enthusiast Join Date: Sep 2002 Location: NJ Posts: 7,752 OS: XP Pro, CentOS My System	I guess someone forgot to mention to the developers that some people out there still use 98...

01-14-2005, 03:57 AM	#13 (permalink)
petercj UK Join Date: Oct 2004 Location: South Coast UK Posts: 905 OS: Win XP Pro/XP Home/98se/Suse Linux 9.1 & Xandros 3 Deluxe	MS Spyware I've heard that the beta version of MS Spyware is outpacing Adaware and Spybot in that it is picking up stuff that has been left by the other two. Anyone tested it in such a way and found the same?

01-14-2005, 08:13 AM	#14 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,960 OS: Vista Home Premium, SP 27	I should have been better prepared for this; unfortunately, I don't keep most of the newsletters I get, as I only have a 40 gig HD e-week did a little comparison test, and the results were mixed. M$ was poor at IDing cookies (which really isn't all that horrible) and did produce more false positives. M$ did locate some things that AWA and SB didn't, but the reverse was also true. They summed it up by saying thast they thought, overall, that one could depend on it. One of the ZDNet newletters also had a mini-review, and they said it needed some work, but was satisfactory, over-all. I am sorry, Peter, but I don;'t remember exactly where they wanted the work done. One of the ZDNet reviewers said that, if M$ charged for the use of the program, they would recommend that everyone use the free programs, as there was no reason to pay for M$...it just wasn't that good. All from memory, but perhaps a useful over-view. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

01-14-2005, 08:51 AM	#15 (permalink)
petercj UK Join Date: Oct 2004 Location: South Coast UK Posts: 905 OS: Win XP Pro/XP Home/98se/Suse Linux 9.1 & Xandros 3 Deluxe	Hi Thanks for that input. As a newbie to the academy I'm trying to find an "entry point" into the world of malware - what I mean is that trying to commit all the malcode to memory seems quite daunting. Maybe that is the only way, but I wonder if anyone has got any suggestions for the best place to start. I was wondering whether it might be easier to start with concentrating on one particular group such as coolware ? Or perhaps there is a family of bad stuff that could be used as a starting point? Are there some generic principles that help to guide the eye when looking over scans? I have been looking through the scans that are posted up and the mods comments, are there any patterns to look for? I looked at one last night and around 20% of the script had been high-lighted in red and I thought gees there must be thousands of variations of bad code. Thanks for any advice/comments Peter

01-14-2005, 09:37 AM	#16 (permalink)
Detah TSF Enthusiast Join Date: Jun 2004 Location: from IL; now in KY Posts: 642 OS: Win98SE/XP My System	I just went to Windows Update page to do my periodic update and I saw the 'critical update' for "Malicious Software Removal Tool". Is this Malicious Software Removal Tool the same thing as the MS AntiSpyware Wizard?

01-14-2005, 10:03 AM	#17 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,960 OS: Vista Home Premium, SP 27	Detah, No it is not. That is a separate tool, developed entirely by MS. I have not heard that much about it since it came out, so I really don't have any comments. Peter, First, I just received this eweek article on the prog in question; different from the others, but falls in the same take, I think: http://www.eweek.com/article2/0,1759,1750254,00.asp As to your question about recognizing malware, I would say that doing this is not much different than what I had to do in both Paramedic and Nursing Schools; that is, one learns to recognize the normal, which then allows the abnormal to stand out. That's why going over logs is so important; you get used to what is normal, so the hairs go up on the back of your head when you see something that you don't know, and you research it. Initially, 98% of what you research will be legit, and you will research the same things more than once, due to your imperfect human memory. In fact, if I don't see an entry for a month or so, and then run into it again, I just know that it is legit...but I am not sure...off to Google land I go. Keeping with the first analogy, Docs and Nurses don't know every desease out there (that would be impossible), but they do know abnormal signs and symptoms, and they can research those clusters and find out which deseases and/or infections produce those symptoms. Then, all they need to do is figure out how to separate possibility A from possibility B. When they do that, apply whatever test or procedure that calls for, and get the result that they were looking for, it's called a "differential diagnosis". Sometimes, they may not even know that they are correct until the treatment works. Knowing that a person has Hepatitis doesn't mean squat; knowing what kind of Hepatitis it is will allow you to treat it. Knowing that a system is infected with CoolWebSearch doesn't mean squat; know what morph of CoolWeb Search will allow you to treat it. I think we have a link in the school for the CoolWebSearch Chronicles...read the thing all the way through, and you will have a solid idea about how CWS, and most of the other existing families of malware, can change, abruptly and drastically. Memorizing infections won't help, because they will change on you, almost daily. Knowing that "that ain't right" is where you need to go. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt