Coffeehouse Thread

49 posts

Spyware: Why Microsoft Must Act

Back to Forum: Coffeehouse
  • jamie

    I sorry i "yelled" in above post

    I just dont understand why MS cant go and buy adaware / spybot etc

    they are tiny

    as i said in another post - it akin to buying a Coca cola and having to perform additional filtering checks on it beofre its drinkable

    this is your CORE franchise
    it is under attack
    people are leaving in droves
    the National Homeland Security is recomending people stop using IE

    is Balmer on vacation?

    is Jim Alchin working out ways to withhold workarounds so he can CHARGE for them in longhorn?

    I just dont get it

    * is it because you cant be responsible for adding companies into the spyware DB for fear of getting sued?

    what is it?  and what ARE you doing about spyware?

    ** SP2 is a good start - but all the 1000's of Spygoofs need is one little hole / backdoor and it will all start all over again

    you need a TEAM devoted to the monitoring and removal AUTOMATICALLY of this garbage.. and i dont see one

    guess i gotta run 5 separate programs (almost daily) just so Windows will work

  • Simo

    LarryOsterman wrote:


    Simo, have you tried using SP2 yet? 

    ...

    If the site's trying to load an ActiveX control, then it just pops up the subtle yellow bar at the top and says "Windows blocked an ActiveX control".  That's it.  No popup, no interaction.  It's just blocked.  The user has to notice the yellow bar, click on it, and then say "Allow this activeX control".


    hey, excellant. I think that's about the best way to behave with COM objects.

  • Simo

    jamie wrote:


    * is it because you cant be responsible for adding companies into the spyware DB for fear of getting sued?


    Could you imagine the the field day people would have if an MS Windows mal-ware blocker had a false positive on something like, say, Lotus Notes.

    It's not as if it's the first-time a release from MS has broken Notes. Smiley


    Disclaimer: Please don't get the impression I'm a Notes fan. I hate it. I won't work for a company that uses it.

  • mrservices

    Hello All,

    I don't seem to have the spyware problem as discussed by Jamie and I visit a lot of different sites.

    I run Spy Bot & Adaware regularly. I also have Trend Micro PC-cillin at home and Trend Micro Client/Server/Messaging at work.

    I recently set security to High which is a pain with some sites, set in trusted zones to run ActiveX
    sites.

    How about using restricted zones for known spyware sites?

    At work am a regular user but can "run as" when needed.

    I do have client's though that get themselves into trouble because they don't keep AV up to date,regularly run spyware cleaners,firewalls, and/or install Kazaa and the like.

    I educate them and assist them but most don't want to deal with security themselves.

    My .02

    Roger

  • jamie

    thats the point though

    read the list of stuff you run to make Windows work!

    For me - im tired of it and i am mainly tired of all my friends and familys completely trashed PCs

    Ring - jamie why am i getting this

    Ring  jamie - i srewed up my computer again

    Ring  jamie - quickbooks is slow - did i do something wrong

    rinse and repeat

  • JParrish

    For now keep the systems up to date and install Firefox. You can complain about the sins of the past, I for one think MS has reached a painful understanding of it. Give them a little time to allow their new security efforts to reach fruition, it took 10 years of bad security practices to get them to the state they are in, but they are in a recovery now. In the meantime stay patched, stay behind a firewall, and turn off any services that don't need to be running.

    Otherwise, you most likely can configure the users of those sysyems such that malware would not have permission to perform the tasks it needs to when they are surfing the web. Look into security policies, etc. if you are troubled by providing support to family.

    Like I said earlier, you can point to problems all you want, start offering some suggestions that are relative to the problem, I would enjoy reading that =)

  • jamie

    1. Buy adaware / Spybot / Cwshredder / Highjackthis

    2. Set up a non- profit "user community" and donnate the code to it

    3. Help the community integrate all the engines into one

    4. Put links on your popular sites like Hotmail or msn: "Submit suspected offender" Get Yahoo Apple and AOL etc as community members

    5. Distance yourselves (MS) from the wrath that will surely ensue when Gator and WhenU et all try to sue you

    6. Laugh at them when you can show its an OSS community that you are a member of = NO one to sue

    7.  Hook the communities most recent updates into Windows Update

    8. Make the lives of people who fix their friends computers painless

  • JParrish

    I like the approach..

    1. Develop patch when exploits are discovered, as soon as possible
    2. Make the patching easy and automated if possible, without introducing more problems
    3. Provide useful tools like firewalls, inbound and outbound to stop the spread of infected machines
    4. Fix the problem where it lies, so that there is no need to have multiple programs all needing to be updated in response to exploits

    I think so far, MS has been on this path, with an additional amount of user education to try and get people aware of how they can take steps to prevent becoming a victim of exploits, whether its IIS, IE, RPC, etc.

    You still make a good point about the spyware programs. As I said in an earlier post, there is little MS can do beyond what they have, to limit a users exposure to "embedded" spyware that disguises itself as something else. After all, the user is asking to run these applications. I think carefully drafted laws need to be put in place to protect users from malicious marketers. To me they are no better than virus authors. If we fix the Spam problem, we will see a surge in these malware/spyware applications. Several instances of just such programs being offered from reputable download sites have already been recorded.

    Don't mean to be harsh Jamie, just my personality I suppose.

  • jamie

    i can take harsh Wink


    im not saying its going to be easy to fix

    i am saying it is an assault on your core franchise..so i wouldnt ignore it much longer if i were you ( assuming your ms staff)


    Its basically how do you get around getting sued for adding companys into "known offenders" - the "community" idea was to get around that


    **** no laws for the internet though - dont agree with that

  • mrservices

    Hello All,
    LOL, I set my IE security to High and cannot watch the Channel 9 videos any longer like I used to with IE medium settings.

    Anyone know which security setting to enable for watching the videos?

    : )

    Roger

  • jamie

    haha

  • Charles


    mrservices wrote:
    Hello All,
    LOL, I set my IE security to High and cannot watch the Channel 9 videos any longer like I used to with IE medium settings.

    Anyone know which security setting to enable for watching the videos?

    : )

    Roger


    You need to enable scripting (It's turned off when IE security is set to High). However, the videos will launch in a Media Player instance by default when script is disabled ( or if you are using a non-ActiveX capable browser ).

    Charles

  • jamie

    while we're at it we should use H2 pencils as they consume less lead

    ( from a Dilbert "Only the most useless suggestions get used cartoon" i was unable to locate/link to on the web Wink

    sorry sometimes seems ms employees stay away from the "Hard Topic"
    ha
    no offence - id do the same in your position

    Charles: - do you forsee a Spyware/Adware group - community to help with this onslaught in the future,,hopefully soon?

    keep on posting Wink

  • SiR_CharLZ

    I surf many many different pages everyday on the internet. I am more than just a casual surfer. I do this at work for work purposes and at home for fun, work, etc.

    I have not had anything more than some cookies on my computer for months and months. What browser am I using? IE 6 sp1.

    Now if I surf all these sites, use IE, and do NOT get spyware what does this mean? Well i would like to think I have a clue. I know when to click NO (uh, always) and I also know NOT to download stupid screensavers and other crap off the net. Nothing is free and almost everything is bundled with spyware.

    What users have to realize is that it is you vs. the rest of the internet. Everybody is out to get you so you must practice defensive surfing. I swear that if you live by that code everyday then you wont get spyware. And if you do it is by some slim chance of fate that you got hit by an exploit.

    And I hate to say it jamie but I do not believe at all that your wife went to a bank site and got hijacked. I just dont by it. I am not trying to start a flame war with you so please dont take this the wrong way. Trust me go check and see if she installed a dilbert screensaver or something ;-]

  • Charles

    jamie wrote:


    Charles: - do you forsee a Spyware/Adware group - community to help with this onslaught in the future,,hopefully soon?

    keep on posting Wink


    Spyware and Adware are tough problems, mostly because it's impossible (thankfully) to control what programs a user chooses to install (many "free" applications contain bundled spyware/adware programs...).

    In general, I can't speak for teams that I am not on (since, by definition, I am not a member of said team and therefore have no business speaking on its behalf), nor should I attempt to. That said, I would hazard a guess that the Adware/Spyware problem (and it's a big one) is being formally addressed by some team around here.

    Always read the EULAs of freeware or shareware or even cheapware: By law, an application must specify whether or not it contains third party applications that will also be installed (and may run out of process). Typically, you'll need to research the name of the bundled app since it may or may not spy on your activities and report it to some marketing cluster in the sky or just run adverstisements on your desktop.


    Yes, my friends, keep on posting Smiley


    Charles

  • Shining Arcanine

    Charles wrote:
    Spyware and Adware are tough problems, mostly because it's impossible (thankfully) to control what programs a user chooses to install (many "free" applications contain bundled spyware/adware programs...).


    While that is true, it is possible to control what programs are executed:

    http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx

    Sadly, the only place where this would work is in a corporate environment with an excellent systems administrator.

  • jamie

    SiR_CharLZ wrote:


    And I hate to say it jamie but I do not believe at all that your wife went to a bank site and got hijacked. I just dont by it. I am not trying to start a flame war with you so please dont take this the wrong way. Trust me go check and see if she installed a dilbert screensaver or something ;-]


    no.. she didnt download a stupid thing

    we called the bank to confirm

    i have removed the browser helper object infection they have a few times now

    it is cibc bank
    a friend who we happen to know that works there - has verified the influx of calls

    as for me - i dont get this crap either - but i do get more and more tracking cookies from websites - so i run them..  i also learn each day from what my friends need help fixing - this is the root cause of all my pain - friends and family

    and before you all say - tell them about security - ive tried - they dont "get" computers - they treat them like toasters

    thats why ive been going on about the Filter your own coca cola analogy cause it makes the most sence to think of it in those terms:  you dont need to educate a human being to drink coke - apart from removing the tab or lid!

  • SiR_CharLZ

    Ha! Toasters. I can see that I guess.

    Seriously if they just dont get it and cant be trusted by themselves then may I suggest a program for them to try?

    http://www.webroot.com/wb/products/spysweeper/index.php

    Spysweeper. It has real time monitoring capabilities and prevents hijacks and all that. One excellent purchase. Maybe it will help them and help you not be over-run with ""Help!!" calls.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.