# Microsoft Anti-Spyware Beta Due 6th January



## mimo2005

Exclusive: Microsoft Anti-Spyware Beta Due 6th January
Tom Warren on 03 Jan 2005 


Microsoft have just finished distributing an internal Beta 1 escrow build to internal beta testers. "Atlanta" is the code-name for Microsoft's* rehashed GIANT Software* Anti-Spyware. In a memo internally, the company looks clear to distribute the software this coming Thursday calling it "new, it's fresh, and it's all good".

Encouraging employees to install the Beta is one of the many ways Microsoft tests Beta products internally. It's not clear whether the release this Thursday will be a public beta or a private external beta.


Microsoft is currently detecting Messenger Plus! as Spyware.


----------



## mimo2005

People complain that Windows doesn't have A/V, AntiSpyware or sophisticated firewall integrated, but if they did, MS's likely to get sued by other companies. 


Microsoft Anti-Spyware will be free for download very soon .i ll keep you posted .


----------



## elf

Microsoft AntiSpyware Beta now available for download.

originally posted by DAI


----------



## jgvernonco

mimo2005 said:


> People complain that Windows doesn't have A/V, AntiSpyware or sophisticated firewall integrated, but if they did, MS's likely to get sued by other companies.
> 
> 
> Microsoft Anti-Spyware will be free for download very soon .i ll keep you posted .


I think that one of the things thast will help protect them from action by spyware vendors is the Spynet Network, which they are retaining in their version of the Giant product. As intrusions, not wanted by the user, are reported over the network, and the network responds to the report, the whole thing "self selects" malware.

So, MS can say, "You may not think that your program is a baddie, but the users of Antispyware think your program is a baddie. We are really not in a position to argue with them".

That network setup, if it really works, is the most interesting part of this whole venture.


----------



## mimo2005

elf said:


> Microsoft AntiSpyware Beta now available for download.
> 
> originally posted by DAI



here you go , 
thank you *elf* for the prompt update .and jg i agree with you !


----------



## epos159

Has anyone tried this yet, and if so, is it any good??

Please let me know what you think!

~Eric


----------



## mimo2005

i tried it , i like the real time protection from threats that try to change or modify your settings or applications, but it says this version is valid until july 2005 ,this version expires in 206 days .
maybe because it s a beta version .


----------



## Col Colt

I'll give it a thumbs up! Ran it just a few minutes ago and nothing was found. No surprise with all the other spyware downloads I have running. I would have been disappointed if it HAD found something. :winkgrin:


----------



## YeeFam

*Working ok so far*

Working ok so far -
Turned off auto-update (will update manually)
Turned off joining SpyNet Community (Use TSF!)


----------



## greyknight17

Brave people here. LOL.

I read this article yesterday about it's release and hesitated to test it out myself. Seems that there are bugs in this program that will crash your system sometimes (I know I know, just like any other programs :laugh: ).

Yep, only 206 days left for it. I think it's going to be free also, but some users online said that it's probably limited days because they are trying to make a retail/paid version.


----------



## YeeFam

My system is pretty simple - I do not have any other real-time anti-spyware, only Ad-Aware SE.

It is not stress tested - in the last 3 months Ad-Aware caught only one spyware entry that was in my registry. Sites I surf or stuff I download are pretty much free of the spyware stuff.


----------



## V0lt

I guess someone forgot to mention to the developers that some people out there still use 98...


----------



## petercj

*MS Spyware*

I've heard that the beta version of MS Spyware is outpacing Adaware and Spybot in that it is picking up stuff that has been left by the other two.

Anyone tested it in such a way and found the same?


----------



## jgvernonco

I should have been better prepared for this; unfortunately, I don't keep most of the newsletters I get, as I only have a 40 gig HD :grin: 

e-week did a little comparison test, and the results were mixed. M$ was poor at IDing cookies (which really isn't all that horrible) and did produce more false positives. 

M$ did locate some things that AWA and SB didn't, but the reverse was also true.

They summed it up by saying thast they thought, overall, that one could depend on it.

One of the ZDNet newletters also had a mini-review, and they said it needed some work, but was satisfactory, over-all. I am sorry, Peter, but I don;'t remember exactly where they wanted the work done.

One of the ZDNet reviewers said that, if M$ charged for the use of the program, they would recommend that everyone use the free programs, as there was no reason to pay for M$...it just wasn't that good.

All from memory, but perhaps a useful over-view.


----------



## petercj

Hi

Thanks for that input.

As a newbie to the academy I'm trying to find an "entry point" into the world of malware - what I mean is that trying to commit all the malcode to memory seems quite daunting. Maybe that is the only way, but I wonder if anyone has got any suggestions for the best place to start.

I was wondering whether it might be easier to start with concentrating on one particular group such as coolware ? Or perhaps there is a family of bad stuff that could be used as a starting point?

Are there some generic principles that help to guide the eye when looking over scans?

I have been looking through the scans that are posted up and the mods comments, are there any patterns to look for? I looked at one last night and around 20% of the script had been high-lighted in red and I thought gees there must be thousands of variations of bad code.

Thanks for any advice/comments

Peter


----------



## Detah

I just went to Windows Update page to do my periodic update and I saw the 'critical update' for "Malicious Software Removal Tool". Is this Malicious Software Removal Tool the same thing as the MS AntiSpyware Wizard?


----------



## jgvernonco

Detah,

No it is not. That is a separate tool, developed entirely by MS. I have not heard that much about it since it came out, so I really don't have any comments.

Peter,

First, I just received this eweek article on the prog in question; different from the others, but falls in the same take, I think:

http://www.eweek.com/article2/0,1759,1750254,00.asp

As to your question about recognizing malware, I would say that doing this is not much different than what I had to do in both Paramedic and Nursing Schools; that is, one learns to recognize the normal, which then allows the abnormal to stand out. That's why going over logs is so important; you get used to what is normal, so the hairs go up on the back of your head when you see something that you don't know, and you research it. Initially, 98% of what you research will be legit, and you will research the same things more than once, due to your imperfect human memory.

In fact, if I don't see an entry for a month or so, and then run into it again, I *just know* that it is legit...but I am not sure...off to Google land I go.

Keeping with the first analogy, Docs and Nurses don't know every desease out there (that would be impossible), but they do know abnormal signs and symptoms, and they can research those clusters and find out which deseases and/or infections produce those symptoms. Then, all they need to do is figure out how to separate possibility A from possibility B. When they do that, apply whatever test or procedure that calls for, and get the result that they were looking for, it's called a "differential diagnosis". Sometimes, they may not even know that they are correct until the treatment works.

Knowing that a person has Hepatitis doesn't mean squat; knowing what kind of Hepatitis it is will allow you to treat it. Knowing that a system is infected with CoolWebSearch doesn't mean squat; know what morph of CoolWeb Search will allow you to treat it.

I think we have a link in the school for the CoolWebSearch Chronicles...read the thing all the way through, and you will have a solid idea about how CWS, and most of the other existing families of malware, can change, abruptly and drastically.

Memorizing infections won't help, because they will change on you, almost daily. Knowing that "that ain't right" is where you need to go.


----------



## elf

According to a user in the Windows section, Microsoft Anti-Spyware will detect invalid cdkeys. Of course with every good thing comes a bad, and supposedly there are still a bug or two to be worked out. 

Supposedly Microsoft Anti-Spyware will automatically delete malware it finds (whether or not it's actually bad) and you have no say in it.


----------



## petercj

jgvernonco

thank you

Peter


----------



## MicroBell

petercj said:


> I've heard that the beta version of MS Spyware is outpacing Adaware and Spybot in that it is picking up stuff that has been left by the other two.
> 
> Anyone tested it in such a way and found the same?


Not that I'm aware of. As you know this software is nothing but the *GIANT Anit Spyware Software* with a few tweaks here and there and some new options. Since it's so new not many reviews can be found on it. That said..PCMag did a Real Enviorment Test..were they infected a PC with spyware and used MS's new puppy to remove it. They infected it with 51 spyware related items...and although the program picked up 48 of them and said they were all sucessfully removed.....it left over 900 items (Files, Registry Entrys..ect) in the PC.

Fighting spyware is a game of program conbinations. There is not ONE product by itself that can remove all spyware/adware from the system. Your best defense is a good offense. Prevent it from being installed in the first place.


----------



## digit

I went to download.com in search of tools before I found TSF. There is a linked article in the scroll down box located at the bottom of this page:

http://www.download.com/Spyware-Center/2001-2023_4-0.html?tag=dir 

Microsoft takes on spyware 
-12/22/04
Last week I wrote about CounterSpy, a fairly new antispyware utility from Sunbelt Software. I wasn't aware Sunbelt licensed the code base and definition file from Giant Company Software under a co-ownership deal. The story gets more interesting because Microsoft just acquired Giant Company Software. Sunbelt insists its licensing rights are still legitimate, while Microsoft wants to end the relationship by July 2007. Given Microsoft's legions of lawyers, Sunbelt needs to build its own product from the existing code base and set up its own spyware research center. 

Microsoft plans to release a beta of its own antispyware utility soon, Yada, yada, yada and just prior to that was:

CounterSpy is cool, FavoriteMan is not 
-12/15/04
Yesterday I reviewed CounterSpy, a program from Sunbelt Software, and am pleased to find another capable utility for ferreting out spyware. I have become very skeptical about new spyware-removal programs, because so many of them are scams, but I already had an idea CounterSpy would work since I'm familiar with Sunbelt Software's spam-fighting product, iHateSpam. In addition to its spyware removal, I really like CounterSpy's feature set. It comes with a scheduler, which I set to scan every night, a history cleaner, and a file shredder. The shredder first encrypts files, then deletes them and overwrites the disk space three times--pretty thorough. 

To try out CounterSpy, I installed a spyware-ridden MP3 converter on my poor, battered test machine. The scan ran pretty quickly, in a little more than five minutes, and turned up some scary stuff. The worst and most fascinating was a browser helper object called FavoriteMan. According to information around the Web, this little beast periodically connects to its home servers, piggybacking on Internet Explorer so firewalls won't catch it, and downloads other spyware applications such as nCase, Bargain Buddy, and HotBar. FavoriteMan comes from Mindset Interactive. If you come across FavoriteMan on your computer, you might want to let Mindset Interactive know you're not happy about its practices. 
==================
CounterSpy is for 98, I am running it. Difference is that CounterSpy sees Wild Tangent as a threat but on my XP running the Windows version they don't see it all. Gee, what a surprise.

digit


----------



## YeeFam

*MS AntiSpyware updated*

Microsoft AntiSpyware Version: 1.0.501
This version expires on: 7/31/2005
Current User: Owner
Spyware Definition Version: 5687 (2/9/2005 8:01:01 AM)


----------

