Channel 9 Forums - Coffeehouse - Spyware: Why Microsoft Must Act

Coffeehouse - Spyware: Why Microsoft Must Act

me — Tue, 29 Jun 2004 08:12:42 GMT

Spyware: Why Microsoft Must Act

- SP2 - good so far - but does nothing to stop spyware

- most of my friends dont have virus - they have spyware

- ad ware is spyware
- trojians and malware are spyware

i - as a WINDOWs user - am tired of having to run:

- adaware
- spybot
- highjack this
- cwscrubber

SP2 may be the flavor of the day - but what about spyware - honest to goodness - sp2 does nothing about it - i really think ms should buy all the above companies

conflict of interest?

( i mean - you got the "bread")

cue 70's theme

( [wah wah] - mwakka mwakka....)

What will SP2 do about spyware?

In that 52 billion - can you not buy adaware???

Coffeehouse - Spyware: Why Microsoft Must Act

TristanK — Tue, 29 Jun 2004 09:06:13 GMT

I can't comment on who to buy or what to do - but seriously, the changes in SP2 should make it relatively difficult for spyware to accidentally end up on an end-user's machine.

If you're seeing differently, that's feedback we need to have.

From locked-down IE security zone settings through to blocked ActiveX controls by default, SP2 should significantly raise the bar when it comes to users inadvertently installing spyware.

For a good high-level idea of the thinking behind the changes in SP2:

http://blogs.msdn.com/michael_howard/archive/2004/06/27/167367.aspx

Coffeehouse - Spyware: Why Microsoft Must Act

Simo — Tue, 29 Jun 2004 11:55:06 GMT

I think the issue here is more than the arbitrary blocking of cookies & ActiveX controls.

And don't even get me started on that bloody ActiveX dialog.

Windows: “Would you like to grant Acme Fashionable Software Co permission to do anything to your PC forever?”

Hapless User: "umm well... I'd like to run their fashionable new widget... but I don't want it to be able to do literaly anything to my PC and I don't want anything else from Acme software to just download and run"

Windows: "Answer the question. Yes or No."

Anyway, spleen vented for another day, back to the subject...

What Adaware, Spybot do (and quite good at they are too) is take a view on all the cookies and ActiveX controls, etc that are downloaded in a day's innocent browsing and tell us which ones we really don't want on our machine. Something we, as users, just don't know. You could throw all the candy coloured dialog boxes in the world at the problem, but we still can't tell the OS what to do... because we don't know.

Naturaly, in the interests of self-promotion, these products do tend to be a little alarmist. I run adaware once a week and note that all the ad-tracking cookies I manage to collect seem to generate the same level of claxon sounding alarm as some of the more nastier things that might crop up.

Coffeehouse - Spyware: Why Microsoft Must Act

manickernel — Wed, 30 Jun 2004 02:13:18 GMT

To quote Mr. Ballmer from an article in InformationWeek

"I want to make sure (a user) can't get through ... an online experience without hitting a Microsoft ad," he said. "

Now with an attitude like that what do you think their priorities are?

Coffeehouse - Spyware: Why Microsoft Must Act

jsrfc58 — Wed, 30 Jun 2004 15:02:32 GMT

Great. I can see it now: AdWare "Battlebots" slugging it out on my computer with each one trying to redirect my browser to their site.

Coffeehouse - Spyware: Why Microsoft Must Act

JParrish — Wed, 30 Jun 2004 16:32:03 GMT

First let me say something about this: "I want to make sure (a user) can't get through ... an online experience without hitting a Microsoft ad,"

there is a "..." indicating part of the context was taken out, as well the "ad," suggests that it was not the end of a sentence. How about not giving credit to sensationalist media.

Secondly, the problem of SpyWare is a complex problem that invloves mostly user education. Security has always been a balance of making things hard to do (secure) vs. making them easy to do (insecure). There are some cases where security can be transparent, such as HTTPS, PGP for email, Checksum validation for files, etc. When it comes to users installing applications that they would like to run, and having spyware embedded as part of that application, that perhaps should be addressed with a carefully drafted "user rights" law.

Microsoft cannot forsee the difference between an application that may be accessing the file system and sending traffic back to a server (such as quake 3) vs. an application accessing the file system and sending traffic back to a server (such as Gator).

Firewalls that alert a user to trafffic going out are a good resource for some users, but it doesn't take long for a user to either 1. lesson their vigilance to the problem.. or 2. grow tired of having to explicitly state whether an outbound connection is allowed and open up the protection such that it is no longer protecting.

Part of the problem outside of .NET security, is that processes that are executed by a user inherit that user's rights. MS should move closer to the kind of granular security offered with .NET policies, in the rest of the OS. That should include perhaps prompting users with a short wizard to specify what a process that was just executed should be allowed to do. For example, I decide that I want to play internet chess, so I load the ActiveX control for Acme Games. The OS detects this process invocation and prompts me to specify the security zone with a series of questions like "Access registry, Access system directory" etc.

You could have "trusted" processes so that things that you run on a regular basis, such as Outlook Express, don't prompt you for the security restrictions. Microsoft offers the same vein of control through the use of "Zones" in IE, but it is not a responsive measure, and once a user opens the door enough, everyone runs right through.

Just some opinions off the top of me head.

Coffeehouse - Spyware: Why Microsoft Must Act

jsrfc58 — Wed, 30 Jun 2004 17:20:46 GMT

Good points. And perhaps that is something Microsoft could work on more...mass education of the average home user on security issues. Most people click right on through the "license screens" before installing things and miss a lot of the fine print. Perhaps Microsoft should put a prominent "security education" section on the front end of the "Windows Tour" that new users can fire up when they first get their computer. That still won't solve some of the other security issues out there, but so many of the virus/malware/adware issues lead right back to education of the average user.

As always "just my $.02".

Coffeehouse - Spyware: Why Microsoft Must Act

LarryOsterman — Wed, 30 Jun 2004 20:43:26 GMT

Simo wrote:

And don't even get me started on that bloody ActiveX dialog.

Windows: “Would you like to grant Acme Fashionable Software Co permission to do anything to your PC forever?”

Simo, have you tried using SP2 yet? Did you read Michael's blog entry?

Windows no longer says "Would you like to grant Acme Fashionable Software...".

Instead it now says: "The web page you're accessing is trying to put some software on your machine. Such software can be dangerous and evil and may trash your machine. Do you REALLY want to do this?" The default answer is "NO".

If the site's trying to load an ActiveX control, then it just pops up the subtle yellow bar at the top and says "Windows blocked an ActiveX control". That's it. No popup, no interaction. It's just blocked. The user has to notice the yellow bar, click on it, and then say "Allow this activeX control".

The default is to not let the user even SEE the activeX control if possible (the yellow bar disappears after 5 seconds).

And there's nothing that can be done for people who download the Gator-supported version of DivX. They CHOSE to put spyware on their computer. We can't stop them, even if it would be a good idea.

Coffeehouse - Spyware: Why Microsoft Must Act

manickernel — Wed, 30 Jun 2004 21:28:46 GMT

One little thing I did was use a listing of adware/spyware/not-very-nice websites from the IE-SPYAD list available online. (currently about 6000)

Put them in IE in my restricted sites. Followed MS suggestion for applying IE zone restrictions via group policy so now those restricted sites are pushed to all the users.

Granted, this is only one little piece of the puzzle. Like a spam list it has to be kept current.

Vance

...you can take the man out of marketing, but you can't take marketing....

Coffeehouse - Spyware: Why Microsoft Must Act

object88 — Wed, 30 Jun 2004 22:14:00 GMT

LarryOsterman wrote:

Instead it now says: "The web page you're accessing is trying to put some software on your machine. Such software can be dangerous and evil and may trash your machine. Do you REALLY want to do this?"

Really? It says it can be evil? That's so cool!! OK, I know it probably doesn't do that, but the cool-factor would go off the scale if it did.

BTW, JParish, it looks like the way ManicKernal quoted Ballmer is the way just about everyone is quoting it. I've seen one place where there's a more complete quote: "We’ve really prioritized online as our top approach. The first thing we fund is online ads. I want to make sure you can’t get through an online experience without hitting a Microsoft ad." (Jupiter Research) I don't know if it's more or less acurate than anything else. In regards to the comma at the end of "ad", it's the fault of English grammer-- the quoting sentence is often "... ads,' he said.". English grammer dictates (poorly, I think) that there be a comma at the end of a quote (even if it the end of the quoted sentence) if there's more to the complete sentence.

Coffeehouse - Spyware: Why Microsoft Must Act

me — Thu, 01 Jul 2004 02:36:40 GMT

i think you are all totally mistaken

My wife does nothing but go to CIBC bank on the other machine and she got a thing that changes the hompage and puts in popups - and i read on slashdot today that 50 banking sites have been compromised with this crap

im getting tired of all this

BHOdemon?
CWScribber?
Highjack this?
Adaware?
Spybot?

i never new ANY of these apps - or needed them in the past...and now im either using one or all of those daily - or reading about a new one!

To me ( marketing/design) it is akin to " Here have a nice cold refreshing coca cola"

...but dont forget to run GlassRemover 2.0, Bacteria Scrubber, TasteInhibitorGone 4.1 etc etc

It is LUDICROUS

Im glad to hear theres a new IE team - but honest to goodness..its getting out of hand - i honestly want to FORMAT all my tech support family and friends computers and load Linux - or tell them all to buy macs

I prefer to post light hearted stuff, or try to be fun - but IM LOSING IT

Microsoft: are you out of your MIND!!!?????

Fix these F***** EXPLOITS NOW!
= buy the companies TOMORROW - hook the teams together and get this OVER with

* AND DO NOT ATTEMPT TO CHARGE ME A DIME FOR IT

Coffeehouse - Spyware: Why Microsoft Must Act

JParrish — Thu, 01 Jul 2004 05:25:34 GMT

Jamie.. I won't say most of what I feel at first read about that last reply, since I value my own integrity. Instead, let me see if I can brainstorm how, if she "does nothing but go to CIBC bank on the other machine" how she could get spyware that affects her web surfing experience.

First off, you are saying she does absolutely nothing, including downloading MP3's, software, email w/ attachements, etc? If that is true albeit unbelievable, have you kept that machine updated with the latest patches from windows update? Have you been proactive at all in keeping the machines from being infected with malware?

If you have kept it up to date.. there is a remote chance that she surfed onto a site during a small window of time where an exploit could have been executed without a patch being available. However, as you described it she had gone nowhere but the CIBC bank site, so I suppose your banks web server has been compromised?

If that is not true, then perhaps you have other machines on an internal network, that are thoughtfully protected behind an internal firewall. Only problem being that the activity you may generate could infect your machine. Once inside a network, the firewall is a helpless measure.

So, question is how did it happen? Did she execute an email attachment that included the spyware, did you install it on your own machine and infect her, did she get it from the bank and therefore prove that the banks site was compromised, or are you even clear as to the avenues that such software can penetrate a windows computer?

My suggestion would be to educate yourself so that when you reply on the topic of security and Microsoft products again, you can contribute some sort of feedback that will benefit you, me, and every other end user out there. Along that path you will most likely benefit Microsoft, and I think that is the reason they are hoping that you post.

Coffeehouse - Spyware: Why Microsoft Must Act

JParrish — Thu, 01 Jul 2004 06:02:28 GMT

object88 wrote:

I've seen one place where there's a more complete quote: "We’ve really prioritized online as our top approach. The first thing we fund is online ads. I want to make sure you can’t get through an online experience without hitting a Microsoft ad." (Jupiter Research) I don't know if it's more or less acurate than anything else. In regards to the comma at the end of "ad", it's the fault of English grammer-- the quoting sentence is often "... ads,' he said.". English grammer dictates (poorly, I think) that there be a comma at the end of a quote (even if it the end of the quoted sentence) if there's more to the complete sentence.

Thanks for the added interpretation. If he really did speak like that, it makes me wonder if he is 1. just talking out his arse to the shareholders. 2. is really convinced that such a strategy would work. 3. Is still hoarse from yelling DEVELOPERS, DEVELOPERS, DEVELOPERS, DEVELOPERS, DEVELOPERS, DEVELOPERS, DEVELOPERS, DEVELOPERS and can't think rationally about online search engines and advertising vs. profitablitly models. =)

Coffeehouse - Spyware: Why Microsoft Must Act

lars — Thu, 01 Jul 2004 12:37:47 GMT

The real problem is that being fully up to date doesn't help this time. There are several different attack vectors that lets the attacker 0wN your box just by visiting their site. Example: Microsoft Internet Explorer Non-FQDN URI Address Zone Bypass Vulnerability

In the last two months security analysts have put MSIE security though the shredder in a way I've never seen before. Even though I love MSIE I'm writing this using Firefox. Something that was forced upon me by the lack of action from Microsoft.
Some of the problems will be fixed by XPSP2. But first of all, that is beta software. Thus it isn't a solution that exists today. Second, it will only patch Windows XP (not W2K for instance).

As a fellow proponent of Microsoft and MSIE I understand why Jamie is upset.

Lars

Coffeehouse - Spyware: Why Microsoft Must Act

ZippyV — Thu, 01 Jul 2004 14:27:02 GMT

It should be possible to detect spyware faster without having to search through every dll file in the windows folder or the registry. Actually it shouldn't be allowed for a program to install anything in the Windows folder, not even a driver or service.
That way, the core system files stay sealed of the other untrusted environment. Same for the registry, seal most of the keys off.
Other applications also shouldn't be allowed to mess with another one. For example, I tried uninstalling a demo of a game and the wise uninstall program was very busy with removing my Program Files folder.
Even with all the security precautions you take you can't predict what some programs are up to, even if you trust them.
Another thing that disturbs me: Why are all applications allowed to create folders in the root of the drive? Shouldn't be allowed.

Program wants to install? Fine, all the exe's and dll's go to a folder withing the Program Files folder.
Program wants to have config files? Fine, put them in a user-settings folder.
Program wants to save documents? Fine, put them in the My Documents folder.
Everything else should be blocked.

Coffeehouse - Spyware: Why Microsoft Must Act

lars — Thu, 01 Jul 2004 19:24:41 GMT

Some good points there.

/Lars.

Coffeehouse - Spyware: Why Microsoft Must Act

manickernel — Thu, 01 Jul 2004 19:58:07 GMT

ZippyV wrote:

Another thing that disturbs me: Why are all applications allowed to create folders in the root of the drive? Shouldn't be allowed.

Program wants to install? Fine, all the exe's and dll's go to a folder withing the Program Files folder.
Program wants to have config files? Fine, put them in a user-settings folder.
Program wants to save documents? Fine, put them in the My Documents folder.
Everything else should be blocked.

Ahhh, I wish that were the world we live in. I deal with a related situeation in that so many applications we deploy in our environment require elevated privileges just to run. One silver lining of all the adware/IE vulns of late is that higher-ups are finally ready to allow us to lock down users, which will solve 80% of this crap being installed. Only now I have to audit each application to determine which specific registry keys, directories, ect. the application requires write/extended access to in order to run under a restricted user account.

Coffeehouse - Spyware: Why Microsoft Must Act

FrankCarr — Thu, 01 Jul 2004 22:02:27 GMT

JParrish wrote:

If you have kept it up to date.. there is a remote chance that she surfed onto a site during a small window of time where an exploit could have been executed without a patch being available. However, as you described it she had gone nowhere but the CIBC bank site, so I suppose your banks web server has been compromised?

The most recent attack did feature a double exploit of both IIS and IE so this is a very likely scenario.

The problem is that you have to stay updated constantly to dodge the latest scumware attacker. This is what has become unacceptable and what has driven previously loyal MS customers to other browsers. I went with using Firefox almost exclusively after getting hit with a scumware program that used an unpatched IE exploit to get onto my system. The program got in through an IFRAME hosted on a compromised advertising service provider's server who had bought a banner ad space on a guitar related website I often visit.

I have a lot of sites blocked on my IE restricted list and in my HOSTS file as well as in my firewall program. I use programs that try to block unauthorized ActiveX objects from installing and executing and to protect the registry. However, I feel safer browsing using Firefox because it's not as big a target and (b) is not as vulnerable to exploitation due the lack of ActiveX support and strong integration with the OS.

Coffeehouse - Spyware: Why Microsoft Must Act

me — Fri, 02 Jul 2004 20:06:41 GMT

I sorry i "yelled" in above post

I just dont understand why MS cant go and buy adaware / spybot etc

they are tiny

as i said in another post - it akin to buying a Coca cola and having to perform additional filtering checks on it beofre its drinkable

this is your CORE franchise
it is under attack
people are leaving in droves
the National Homeland Security is recomending people stop using IE

is Balmer on vacation?

is Jim Alchin working out ways to withhold workarounds so he can CHARGE for them in longhorn?

I just dont get it

* is it because you cant be responsible for adding companies into the spyware DB for fear of getting sued?

what is it? and what ARE you doing about spyware?

** SP2 is a good start - but all the 1000's of Spygoofs need is one little hole / backdoor and it will all start all over again

you need a TEAM devoted to the monitoring and removal AUTOMATICALLY of this garbage.. and i dont see one

guess i gotta run 5 separate programs (almost daily) just so Windows will work

Coffeehouse - Spyware: Why Microsoft Must Act

Simo — Mon, 05 Jul 2004 11:24:48 GMT

LarryOsterman wrote:

Simo, have you tried using SP2 yet?

...

If the site's trying to load an ActiveX control, then it just pops up the subtle yellow bar at the top and says "Windows blocked an ActiveX control". That's it. No popup, no interaction. It's just blocked. The user has to notice the yellow bar, click on it, and then say "Allow this activeX control".

hey, excellant. I think that's about the best way to behave with COM objects.

Coffeehouse - Spyware: Why Microsoft Must Act

Simo — Mon, 05 Jul 2004 11:32:01 GMT

jamie wrote:

* is it because you cant be responsible for adding companies into the spyware DB for fear of getting sued?

Could you imagine the the field day people would have if an MS Windows mal-ware blocker had a false positive on something like, say, Lotus Notes.

It's not as if it's the first-time a release from MS has broken Notes.

Disclaimer: Please don't get the impression I'm a Notes fan. I hate it. I won't work for a company that uses it.

Coffeehouse - Spyware: Why Microsoft Must Act

mrservices — Tue, 06 Jul 2004 19:10:19 GMT

Hello All,

I don't seem to have the spyware problem as discussed by Jamie and I visit a lot of different sites.

I run Spy Bot & Adaware regularly. I also have Trend Micro PC-cillin at home and Trend Micro Client/Server/Messaging at work.

I recently set security to High which is a pain with some sites, set in trusted zones to run ActiveX
sites.

How about using restricted zones for known spyware sites?

At work am a regular user but can "run as" when needed.

I do have client's though that get themselves into trouble because they don't keep AV up to date,regularly run spyware cleaners,firewalls, and/or install Kazaa and the like.

I educate them and assist them but most don't want to deal with security themselves.

My .02

Roger

Coffeehouse - Spyware: Why Microsoft Must Act

me — Tue, 06 Jul 2004 19:39:04 GMT

thats the point though

read the list of stuff you run to make Windows work!

For me - im tired of it and i am mainly tired of all my friends and familys completely trashed PCs

Ring - jamie why am i getting this

Ring jamie - i srewed up my computer again

Ring jamie - quickbooks is slow - did i do something wrong

rinse and repeat

Coffeehouse - Spyware: Why Microsoft Must Act

JParrish — Tue, 06 Jul 2004 20:39:39 GMT

For now keep the systems up to date and install Firefox. You can complain about the sins of the past, I for one think MS has reached a painful understanding of it. Give them a little time to allow their new security efforts to reach fruition, it took 10 years of bad security practices to get them to the state they are in, but they are in a recovery now. In the meantime stay patched, stay behind a firewall, and turn off any services that don't need to be running.

Otherwise, you most likely can configure the users of those sysyems such that malware would not have permission to perform the tasks it needs to when they are surfing the web. Look into security policies, etc. if you are troubled by providing support to family.

Like I said earlier, you can point to problems all you want, start offering some suggestions that are relative to the problem, I would enjoy reading that =)

Coffeehouse - Spyware: Why Microsoft Must Act

me — Tue, 06 Jul 2004 20:48:43 GMT

1. Buy adaware / Spybot / Cwshredder / Highjackthis

2. Set up a non- profit "user community" and donnate the code to it

3. Help the community integrate all the engines into one

4. Put links on your popular sites like Hotmail or msn: "Submit suspected offender" Get Yahoo Apple and AOL etc as community members

5. Distance yourselves (MS) from the wrath that will surely ensue when Gator and WhenU et all try to sue you

6. Laugh at them when you can show its an OSS community that you are a member of = NO one to sue

7. Hook the communities most recent updates into Windows Update

8. Make the lives of people who fix their friends computers painless

Coffeehouse - Spyware: Why Microsoft Must Act

JParrish — Tue, 06 Jul 2004 21:09:34 GMT

I like the approach..

1. Develop patch when exploits are discovered, as soon as possible
2. Make the patching easy and automated if possible, without introducing more problems
3. Provide useful tools like firewalls, inbound and outbound to stop the spread of infected machines
4. Fix the problem where it lies, so that there is no need to have multiple programs all needing to be updated in response to exploits

I think so far, MS has been on this path, with an additional amount of user education to try and get people aware of how they can take steps to prevent becoming a victim of exploits, whether its IIS, IE, RPC, etc.

You still make a good point about the spyware programs. As I said in an earlier post, there is little MS can do beyond what they have, to limit a users exposure to "embedded" spyware that disguises itself as something else. After all, the user is asking to run these applications. I think carefully drafted laws need to be put in place to protect users from malicious marketers. To me they are no better than virus authors. If we fix the Spam problem, we will see a surge in these malware/spyware applications. Several instances of just such programs being offered from reputable download sites have already been recorded.

Don't mean to be harsh Jamie, just my personality I suppose.

Coffeehouse - Spyware: Why Microsoft Must Act

me — Tue, 06 Jul 2004 21:23:53 GMT

i can take harsh

im not saying its going to be easy to fix

i am saying it is an assault on your core franchise..so i wouldnt ignore it much longer if i were you ( assuming your ms staff)

Its basically how do you get around getting sued for adding companys into "known offenders" - the "community" idea was to get around that

**** no laws for the internet though - dont agree with that

Coffeehouse - Spyware: Why Microsoft Must Act

mrservices — Tue, 06 Jul 2004 21:54:50 GMT

Hello All,
LOL, I set my IE security to High and cannot watch the Channel 9 videos any longer like I used to with IE medium settings.

Anyone know which security setting to enable for watching the videos?

: )

Roger

Coffeehouse - Spyware: Why Microsoft Must Act

me — Tue, 06 Jul 2004 22:01:06 GMT

haha

Coffeehouse - Spyware: Why Microsoft Must Act

Charles — Wed, 07 Jul 2004 00:13:45 GMT

mrservices wrote:

Hello All,
LOL, I set my IE security to High and cannot watch the Channel 9 videos any longer like I used to with IE medium settings.

Anyone know which security setting to enable for watching the videos?

: )

Roger

You need to enable scripting (It's turned off when IE security is set to High). However, the videos will launch in a Media Player instance by default when script is disabled ( or if you are using a non-ActiveX capable browser ).

Charles

Coffeehouse - Spyware: Why Microsoft Must Act

me — Wed, 07 Jul 2004 01:04:24 GMT

while we're at it we should use H2 pencils as they consume less lead

( from a Dilbert "Only the most useless suggestions get used cartoon" i was unable to locate/link to on the web

sorry sometimes seems ms employees stay away from the "Hard Topic"
ha
no offence - id do the same in your position

Charles: - do you forsee a Spyware/Adware group - community to help with this onslaught in the future,,hopefully soon?

keep on posting

Coffeehouse - Spyware: Why Microsoft Must Act

SiR_CharLZ — Wed, 07 Jul 2004 02:39:54 GMT

I surf many many different pages everyday on the internet. I am more than just a casual surfer. I do this at work for work purposes and at home for fun, work, etc.

I have not had anything more than some cookies on my computer for months and months. What browser am I using? IE 6 sp1.

Now if I surf all these sites, use IE, and do NOT get spyware what does this mean? Well i would like to think I have a clue. I know when to click NO (uh, always) and I also know NOT to download stupid screensavers and other crap off the net. Nothing is free and almost everything is bundled with spyware.

What users have to realize is that it is you vs. the rest of the internet. Everybody is out to get you so you must practice defensive surfing. I swear that if you live by that code everyday then you wont get spyware. And if you do it is by some slim chance of fate that you got hit by an exploit.

And I hate to say it jamie but I do not believe at all that your wife went to a bank site and got hijacked. I just dont by it. I am not trying to start a flame war with you so please dont take this the wrong way. Trust me go check and see if she installed a dilbert screensaver or something ;-]

Coffeehouse - Spyware: Why Microsoft Must Act

Charles — Wed, 07 Jul 2004 02:46:21 GMT

jamie wrote:

Charles: - do you forsee a Spyware/Adware group - community to help with this onslaught in the future,,hopefully soon?

keep on posting

Spyware and Adware are tough problems, mostly because it's impossible (thankfully) to control what programs a user chooses to install (many "free" applications contain bundled spyware/adware programs...).

In general, I can't speak for teams that I am not on (since, by definition, I am not a member of said team and therefore have no business speaking on its behalf), nor should I attempt to. That said, I would hazard a guess that the Adware/Spyware problem (and it's a big one) is being formally addressed by some team around here.

Always read the EULAs of freeware or shareware or even cheapware: By law, an application must specify whether or not it contains third party applications that will also be installed (and may run out of process). Typically, you'll need to research the name of the bundled app since it may or may not spy on your activities and report it to some marketing cluster in the sky or just run adverstisements on your desktop.

Yes, my friends, keep on posting

Charles

Coffeehouse - Spyware: Why Microsoft Must Act

Shining Arcanine — Wed, 07 Jul 2004 02:52:15 GMT

Charles wrote:

Spyware and Adware are tough problems, mostly because it's impossible (thankfully) to control what programs a user chooses to install (many "free" applications contain bundled spyware/adware programs...).

While that is true, it is possible to control what programs are executed:

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx

Sadly, the only place where this would work is in a corporate environment with an excellent systems administrator.

Coffeehouse - Spyware: Why Microsoft Must Act

me — Wed, 07 Jul 2004 03:06:47 GMT

SiR_CharLZ wrote:

And I hate to say it jamie but I do not believe at all that your wife went to a bank site and got hijacked. I just dont by it. I am not trying to start a flame war with you so please dont take this the wrong way. Trust me go check and see if she installed a dilbert screensaver or something ;-]

no.. she didnt download a stupid thing

we called the bank to confirm

i have removed the browser helper object infection they have a few times now

it is cibc bank
a friend who we happen to know that works there - has verified the influx of calls

as for me - i dont get this crap either - but i do get more and more tracking cookies from websites - so i run them.. i also learn each day from what my friends need help fixing - this is the root cause of all my pain - friends and family

and before you all say - tell them about security - ive tried - they dont "get" computers - they treat them like toasters

thats why ive been going on about the Filter your own coca cola analogy cause it makes the most sence to think of it in those terms: you dont need to educate a human being to drink coke - apart from removing the tab or lid!

Coffeehouse - Spyware: Why Microsoft Must Act

SiR_CharLZ — Wed, 07 Jul 2004 03:27:26 GMT

Ha! Toasters. I can see that I guess.

Seriously if they just dont get it and cant be trusted by themselves then may I suggest a program for them to try?

http://www.webroot.com/wb/products/spysweeper/index.php

Spysweeper. It has real time monitoring capabilities and prevents hijacks and all that. One excellent purchase. Maybe it will help them and help you not be over-run with ""Help!!" calls.

Coffeehouse - Spyware: Why Microsoft Must Act

me — Wed, 07 Jul 2004 03:53:12 GMT

from what i remember they want money to fix it though
unlike adaware or spybot
* but they detect free - is that the co.?

regardless

By the power not vested in me I hearby declare Spyware and Adware and Malware the problems of Microsoft Windows

I "integrated" them

like MS does

PS - think of the headlines: "MS First true open source project combines forces with adaware team / spybot team to end all internet Malware"

..maybe you dont even need to buy them - just integrate them

(btw - if i ran ms - this would be in progress with a press release by next week)

Coffeehouse - Spyware: Why Microsoft Must Act

JParrish — Wed, 07 Jul 2004 03:53:20 GMT

Jamie.. you dont agree with legislation to stop invasive software from doing things that are unethical and most likely in violation of a user's rights? What side of the fence are you one?

You are advocating MS buy these various companies that produce software that scan for spyware, much like anti-virus companies? Viruses are illegal, spyware currently isnt. Instead you think it is worth Microsoft's time to play cat and mouse with scum marketing companies, releasing constant updates to try and protect users from things that they brought upon themselves?

I think you need to draw a distinct line here between exploits, whereas a user has no choice in the installation of said spyware, and spyware in general where the user has actively installed software ignoring the EULA and causing themselves great distress when their home page repeatedly resets, or pop ups appear no matter where they surf.

Coffeehouse - Spyware: Why Microsoft Must Act

me — Wed, 07 Jul 2004 04:09:10 GMT

but where do you draw a reasonable line between what you need to know to run a personal computer with internet and being computer literate?

the only internet legislation im aware of is the dmca which is bad

other legislation from what i know is very region specific - state by state - province by province - heck country by country

this is why law and internet do not work
unless you want to go down the global government road - WTO - one world one internet etc

my point stands as - users are not to be blamed for exploits apon them - that they are the responsibility of Microsoft - not to be IGNORED anymore - and that your CUSTOMERS deserve and demand better

Coffeehouse - Spyware: Why Microsoft Must Act

JParrish — Wed, 07 Jul 2004 04:25:05 GMT

jamie wrote:

but where do you draw a reasonable line between what you need to know to run a personal computer with internet and being computer literate?

the only internet legislation im aware of is the dmca which is bad

I agree DMCA is very bad.. it is a very broad law designed to restrict the rights of users rather than protect them. That is why I said "carefully drafted law" I mean that in the sense that unlike other technology laws, it can be written such that it protects average users, without limiting their rights whatsoever.

Imagine this for a moment, you are most likely aware that the Video and Video game industries have created rating systems. What if by law a software company must provide a series of criteria that when translated to icons during a user prompt would display:

1. This application collects information regarding your web surfing habits
2. This application collects information regarding your music listening habits
3. This application modifies your web surfing experience
4. This application collects personal information regarding online purchases

If this was a universal and easily identifiable system, it would make educating the masses easier so that they wouldn't install software that is really more malware than they realize.

jamie wrote:

this is why law and internet do not work
unless you want to go down the global government road - WTO - one world one internet etc

Surf outside of an organization under U.S.A. jurisdiction and you are subject to all kinda of illegal activity.

jamie said:
my point stands as - users are not to be blamed for exploits apon them - that they are the responsibility of Microsoft - not to be IGNORED anymore - and that your CUSTOMERS deserve and demand better

I respectfully declare that you are absolutely wrong in the regard that if a user installs malware and the EULA specifically states the intent of the software, MS has no responsiblity to protect that user. It is very unreasonalbe to expet such.

If you want to limit the scope of your argument to the exploitation of vunerablilties in the MS operating system, then I think you have a more solid case, but also be aware that MS is focusing more on this area, and there are reasonable steps that can be taken to limit the possibility that you would fall victim to one of these exploits.

Coffeehouse - Spyware: Why Microsoft Must Act

manickernel — Wed, 07 Jul 2004 04:32:57 GMT

Jamie, as a precaution you should tell your wife to change her online password. What some people don't seem to get is that the exploits last week (download.ject) were going on for some time and being used to install spyware, only when they modified the exploit to start stealing financial info did MS really react to the problem. I would imagine there is a rather heated discussion going on right now internally at MS as to the direction taken when IE was fully integrated....or not.

Opinions expressed here are only those of a deranged ragbum. Give me my ship a a bottle of Pusser's...

Coffeehouse - Spyware: Why Microsoft Must Act

JParrish — Wed, 07 Jul 2004 04:38:39 GMT

Jamie.. I will respectfully bow out of this converstation with you now. I really don't think that you and I will ever see common ground.

Coffeehouse - Spyware: Why Microsoft Must Act

value — Wed, 07 Jul 2004 14:23:45 GMT

Well, my comment is very shot, simple, but in my humble oppinion it's all what needs to be said.

Don't use IE.

Since i've stopped using IE, around 2 months ago, i don't have any spyware, ad ware or any other unnecssary stuff on my pc. Even with the best possible attention i had like 3 tools ending up on my system every month.

Coffeehouse - Spyware: Why Microsoft Must Act

lars — Wed, 07 Jul 2004 15:37:36 GMT

By buying companies that build scumware, isn't that infact rewarding such activity? All of a sudden there is money to be made setting up companies doing nasty stuff just to be bought out by MSFT.

/Lars.

Coffeehouse - Spyware: Why Microsoft Must Act

me — Wed, 07 Jul 2004 16:09:22 GMT

not the companies that build it ... the companies that stop it

Coffeehouse - Spyware: Why Microsoft Must Act

lars — Wed, 07 Jul 2004 16:32:39 GMT

Ahhh. My bad. Tough one. I think Microsoft should make every effort to make it harder to write spyware. And it would also be good if the antivirus vendors added a warning system that flagged the same kind of problems that Adaware finds.

/Lars.

Coffeehouse - Spyware: Why Microsoft Must Act

me — Wed, 07 Jul 2004 16:45:21 GMT

"If you want to limit the scope of your argument to the exploitation of vunerablilties in the MS operating system, then I think you have a more solid case, but also be aware that MS is focusing more on this area, and there are reasonable steps that can be taken to limit the possibility that you would fall victim to one of these exploits."

my whole thread is about a spy/ad fighting team at MS - sp2 - as "good" as it is wont do anything
holes will be found and ex-ploited

Also - the user never KNOWS they are installing malware

AND MS COULD protect these users if they "deemed" it prudent to do so
ie; set up the consortium / buy the companies that fix the number ONE problem with Windows computers today and get on with it

sorry not in agreement

( * i think you are thinking more of Spam and email legislation- not browser trickery by over 3000 companies)

Coffeehouse - Spyware: Why Microsoft Must Act

manickernel — Wed, 07 Jul 2004 18:54:42 GMT

Symantec is actually doing this in the version 9. Of course, since *some* adware is legal, such as Gator, it just tells you what an idiot you were without deleting or disabling the program due to legal issues.

Oh, more on this:
http://news.zdnet.co.uk/0,39020330,39159868,00.htm

and the demo is still on the "So now we wait..." thread.

And just remember:

A SAFE PC IS A FUN PC!

(where's that butterfly when you need him?)

Coffeehouse - Spyware: Why Microsoft Must Act

Brandon Paddock — Fri, 09 Jul 2004 14:19:14 GMT

Jamie... Microsft, I think, doesn't want to add Spybot-type software to Windows because that's a crummy solution to the problem!

I think SP2 goes a LONG way toward preventing users from getting any malware in the first place. That should be the goal... prevention and protection. Not cleaning up afterward.

I do think it would be nice if they could update IE with the SP2 features for all supported Windows OSes (2000, 98/Me, XP SP1, etc.).

I've heard that MS is considering a virus scanning product... I certainly think that if they do that, they should include spyware removal tools as well.