Microsofts New Spyware

[bartender100]

Love or hate Microsoft,their new spyware software seems very good.

I ran Adaware,Spybot and Spysweeper,then restated and ran this new software.

http://www.microsoft.com/athome/security/s...re/default.mspx

It found 21 spyware threats,316 infected files,152 registry keys infected,including several that it thought sereve as this one

MediaTickets CDT Spyware more information...

Details: Mediatickets is a spyware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers.

Status: Removed

Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

This and many others was not picked up by the spy sweepers I ran first.

If you have dodgy windows installed,it gives you an option not to validate your Windows software.

[Darknight]

Love or hate Microsoft,their new spyware software seems very good.

  I ran Adaware,Spybot and Spysweeper,then restated and ran this new software.

http://www.microsoft.com/athome/security/s...re/default.mspx

It found 21 spyware threats,316 infected files,152 registry keys infected,including several that it thought sereve as this one

MediaTickets CDT Spyware  more information...

Details: Mediatickets is a spyware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers.

Status: Removed

Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

This and many others was not picked up by the spy sweepers I ran first.

If you have dodgy windows installed,it gives you an option not to validate your Windows software.

<{POST_SNAPBACK}>

My co worker has been running it since a few days, he says still some minor bugs but he's very pleased with it.

[britmaveric]

Better than adaware?

[NarrLing]

I have just downloaded and run the Beta program.

I have the latest version ZoneAlarm security suite and AVG 7 constantly running and updated.

I scanned with Ad-aware SE Pro, Scan Spyware, Spybot 1.3 and ran 1st evidence remover prior to running this MS AntiSpyware test.

The results are impressive. 4 spyware threats detected. It found NetPumper (Adware bundler), Kontiki (browser plugin), ICOO Loader (Browser hijacker) and WinCommX (trojan downloader) and has cleaned then successfully.

I'm still in shock. What's happened at microsoft?

[LivinLOS]

Well why is it when using MSN's own portfolio solution you get (cant remember if its AdAware or Spybot) warnings of spyware attempting to launch every time you access the page..

My deep seated cynicism has stopped me from trying this beta so will give it a fair crack of the whip...

[manx_bkk]

Hi everyone, my first post here had to start from somewhere

I have tried the new Anti-spyware released by Microsoft and yes it is really good in detecting all the spywares/adware/malware/etc from your system.

It was able to find even what Ad-aware and Spybot, search n destroy combined together could not detect on my pc.

Microsoft has actually taken over a company which specialised in anti-spyware products http://www.giantcompany.com

So it was actually a non-beta some time ago and after MS took over it has made it Beta.

It also has other good security features like monitoring for spyware in real-time.

All in all a good Anti-spyware to download and keep ur pc clean.

Regards

[NarrLing]

Thanks manx_bkk, that explains why it appears better than the usual microsoft releases. I'm still exploring program and it looks interesting with plenty of other options and settings available.

Cheers

NL

Edited January 12, 2005 by NarrLing

[mike100]

Anyone had any problems installing it?

Downloaded ok from the link, but every time I try to install I get a message saying that I need I Exp. ver 6 or higher.

I have version 6.0. 2501 and running Win 2000 NT Pro.

[taxexile]

It was able to find even what Ad-aware and Spybot, search n destroy combined together could not detect on my pc.

and spybot found stuff that ms beta didnt ,

after running ms beta which found a few things , i ran spybot which then found a few more things , albeit the same 5 things that it finds every time i run it, even though i delete the buggers every time too (dso exploits , whatever they are ?) but they werent found by the microsoft prog.

Edited January 13, 2005 by taxexile

[Axel]

Anyone had any problems installing it?

No problem here, running IE 6 and XP home.

During installation they ask for check wether genuine Windows used, but do not insist, you try.

This program got very positive response in BKK Post Jan. 12 (Wanda Sloan) who as well mentioned it would run on XP or Windows 2000, only. However, same old story, cannot be trusted as stand alone.

[NarrLing]

I've learnt to live with the standard 5 DSO exploits SpyBot 1.3 finds. It appears to be a problem with SpyBots program. I contacted a guy at Queensland University who deals with internet security listing my concerns that they may have been a deep down way of hiding trojans etc. He replied stating he thought I may have found a reason for them and requested more detailed information on my operating system etc.

Unfortunately I reformated my computer before his reply and lost the information he needed.

This is from the Spybot FAQ's page. Despite what they say, I am sure they still haven't repaired the problem. Spybot 1.2 never found these DSO exploits.

"DSO-Exploit is a security gap in Internet Explorer, Outlook and Outlook Express. Microsoft did already close this gap with security updates, so with current Windows updates and patches installed, it will no longer be a threat to your system.

Spybot-S&D will still detect the DSO-Exploit, but instead of fixing it for good, it will unfortunately again set an invalid value. Therefore it will again be found with every scan.

This little bug in Spybot-S&D has already been repaired and the respective fix will soon be available as a program update."

Cheers

NL

[taxexile]

thanks nl , that has cleared up (sort of ) that little mystery.

[Wolfie]

There are a few Spyware/malware programs that respawn on your PC when you reboot... almost impossible to get rid of until one of the major anti-spyware companies manages to find out where they reside (not happened yet)

The best thing to do is to run your anti spyware progs as part of your start-up scripts... wont completely destroy them, but it will catch the respans.

[Thaigreg]

It was able to find even what Ad-aware and Spybot, search n destroy combined together could not detect on my pc.

and spybot found stuff that ms beta didnt ,

after running ms beta which found a few things , i ran spybot which then found a few more things , albeit the same 5 things that it finds every time i run it, even though i delete the buggers every time too (dso exploits , whatever they are ?) but they werent found by the microsoft prog.

<{POST_SNAPBACK}>

taxexile,

Hi, I had the same problem with DSO EXPLOITS. Go to "www.majorgeeks.com, on the left column click on "Spyware Tools. go down to "Spyboot- Search and Destroy DSO Exploits Fix. This will take of DSO.

[cdnvic]

"Internet Explorer 6 needs to be installed for the installation to continue."

Sorry Mr Gates, I don't use it.

I thought the object of spyware removal was to make sure unwanted programs don't run.

cv

[bartender100]

Hi, I had the same problem with DSO EXPLOITS. Go to "www.majorgeeks.com, on the left column click on "Spyware Tools. go down to "Spyboot- Search and Destroy DSO Exploits Fix. This will take of DSO.

Thats a great website,thanks

[NarrLing]

Thanks Thaigreg, i've just installed the fix you mentioned. Yippee no more DSO exploits.

[george]

Same same here!

[taxexile]

me too , thanks.

[astral]

Thanks for the heads up.

I found 6 items SpyBot had missed on my machine.

[Wolfie]

Since installing and using the Microsoft AntiSpyware software i have noticed i get a pop-up window occasionally, it stays open for less than 1 second and then disappears... i just managed to get to it and caught "writetest.aspx" as part of the URL.

Spybot and MS AntiSpyware have found no spy/mal ware on my PC.

Dont trust Microsoft.

[fisherd3]

It was able to find even what Ad-aware and Spybot, search n destroy combined together could not detect on my pc.

and spybot found stuff that ms beta didnt ,

after running ms beta which found a few things , i ran spybot which then found a few more things , albeit the same 5 things that it finds every time i run it, even though i delete the buggers every time too (dso exploits , whatever they are ?) but they werent found by the microsoft prog.

<{POST_SNAPBACK}>

Yeah I get this DSO thing everytime too, if its so prolific why isn't it blocked? Anyone cast light on DSO?

Edited January 16, 2005 by fisherd3

[TizMe]

Yeah I get this DSO thing everytime too, if its so prolific why isn't it blocked? Anyone cast light on DSO?

I think the acronym stands for Dynamic Shared Object.

The DSO Exploit is a sensitive opening in internet browsers that can allow all types of spyware run on a computer.

This DSO Exploit browser gap can also allow a hacker to gain access to your system, manipulating your computer for various personal and financial information.

Many experts have suggested that this exploit may be a significant contributor to the rise in Internet ID Theft worldwide.

[fisherd3]

Yeah I get this DSO thing everytime too, if its so prolific why isn't it blocked? Anyone cast light on DSO?

<{POST_SNAPBACK}>

I think the acronym stands for Dynamic Shared Object.

The DSO Exploit is a sensitive opening in internet browsers that can allow all types of spyware run on a computer.

This DSO Exploit browser gap can also allow a hacker to gain access to your system, manipulating your computer for various personal and financial information.

Many experts have suggested that this exploit may be a significant contributor to the rise in Internet ID Theft worldwide.

<{POST_SNAPBACK}>

Thank you for the information, so, as it seems to be so common and so dangerous how can its presence on a computer be prevented, cleaning via spybot or similar seems to be a bit late, the damage could easily have been done, it needs to be stopped virus like, is their a facility available?.

[TizMe]

I just found this useful info at PC - H e l l

What is DSO Exploit?

If you use Spybot Search and Destroy or another spyware removal tool, it may find an item called DSO Exploit. This exploit is a bug in Internet Explorer that under certain circumstances would allow untrusted software to run on the computer. In other words, its a hole in Internet Explorer that hackers could use to gain access to your system.

However, if you are running the latest version of Internet Explorer and have all your Windows Updates installed, the bug has been patched and is not a threat to your computer system. Even though Spybot may still show it as a threat.

How do I Remove DSO Exploit?

If you have the latest Internet Explorer version and all your Windows Updates, you can safely ignore the DSO Exploit as a potential problem when Spybot Search and Destroy or other spyware removal tools discover it. However if you would rather fix the exploit so it does not show up again, follow these steps to edit your Windows Registry. Please be careful however, incorrect changes to the Windows Registry can cause Windows to not boot.

1) Make a note of the location of the exploit shown in Spybot, something similar to:

HKEY_USERS\S-1-5-21-1614895754-73586283-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

2) Click on Start, Run, and type REGEDIT and Press Enter to open the Windows Registry Editor

3) Find the location of the exploit above in the registry by clicking on the pluses(+) next to each title

4) After opening the Zones section and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.Then right click and create new>DWORD Value, name it 1004, then right click on that and goto modify, give it the Hex Value of 3, Click ok.

If there is only a DWORD Value for the key (in this case 1004), then double click on the key and change the HEX value to 3 and click Ok.

5) Close the Registry Editor and Reboot your computer

6) The DSO Exploit should now be removed and it should no longer appear in the Spybot Search and Destroy log as a problem.

Edited January 16, 2005 by TizMe

[cdnvic]

From Spybot S&D's website: http://www.safer-networking.org/en/faq/36.html

DSO-Exploit is a security gap in Internet Explorer, Outlook and Outlook Express. Microsoft did already close this gap with security updates, so with current Windows updates and patches installed, it will no longer be a threat to your system.

Spybot-S&D will still detect the DSO-Exploit, but instead of fixing it for good, it will unfortunately again set an invalid value. Therefore it will again be found with every scan.

This little bug in Spybot-S&D has already been repaired and the respective fix will soon be available as a program update.

Make sure you have downloaded all you updates for windows and internet explorer.

more info at:

http://www.microsoft.com/security/

cv

[fisherd3]

Had a look for DSO exploit on Google and came up with the following web site that tells you how make spybot ignore it, as if all microsoft updates are in place it does not apparently have any effect anyway, this might be alittle less hazordous than tampering with the registry as above, and I could do it! must be easy. Browse on!

Thanks Tizme.

http://www.askmehelpdesk.com/cgi-bin/yabb/...;num=1082096807

Edited January 16, 2005 by fisherd3

[stumonster]

Microsoft Downgrades Claria Adware Detections

By Ryan Naraine

July 6, 2005 

Microsoft's Windows AntiSpyware application is no longer flagging adware products from Claria Corp. as a threat to PC users.

Less than a week after published reports of acquisition talks between Microsoft Corp. and the Redwood City, Calif.-based distributor of the controversial Gator ad-serving software, security researchers have discovered that Microsoft has quietly downgraded its Claria detections.

Anti-spyware activist Eric L. Howes, who serves as a consultant to Sunbelt Software, discovered the default changes during a recent test that included four Claria applications: Dashbar, Gator, PrecisionTime and Weatherscope.

According to the results published by Howes, four different builds of the Windows AntiSpyware beta detected the Claria products, but the default recommendation was "ignore."

Prior to the recent tests, Microsoft's AntiSpyware tool detected Claria's products and presented users with a recommended action of "Quarantine."

Although the default has been changed to "ignore," users can still change the action to "Quarantine" or "Remove" via a drop-down menu.

Writing on the popular Broadband Reports security forum, Howes described the default changes as "troubling," coming so close on the heels of the acquisition talks between Microsoft and Claria.

According to Sunbelt president Alex Eckelberry, the default recommendation from Microsoft occurred on March 31. As part of a prior agreement, Microsoft is sharing adware/spyware definitions with Sunbelt.

"At any rate, does this mean that Claria will, in fact, be purchased by Microsoft? Not necessarily. It could mean, however, that the two companies are working together in some other capacity, or that Claria has successfully lobbied Microsoft to change the default action. Or, it's a simple oversight," Eckelberry wrote in a blog entry that included screenshots of Microsoft's Claria detections.

In addition to the Gator-branded products, Claria's adware applications include eWallet, DateManager, WeatherScope and PrecisionTime. The company's behavior-tracking database of users' surfing habits is believed to be among the biggest in the world.

eWEEK.com Special Report: Spyware

In the midst of increased consumer awareness and general distrust of the sector, Claria has attempted to clean up its reputation, distancing itself from some of the distribution affiliates that secretly installed its software, and making its software easier to remove.

However, critics argue that the adware products present a privacy threat and also degrades computer performance.

A recent spyware report from Webroot Software Inc. lists Claria's software as the second most prolific adware install, appearing on more than 2 percent of consumer desktops.

Webroot also counts Claria's GAIN application as the second biggest threat to desktop computers.

http://www.eweek.com/article2/0,1895,1834607,00.asp