I read about a year and a half ago that there were over 30 million known
pieces of spyware of which over 5 million were active executables. Given
the fact that many of the worms slithering across the net out there have
"call home, self updating capabilities" there will never be a comprehensive
signature based antispyware that catches even 10% of the threats. We need
to get out of reactive mode and go proactive, and blah, blah, blah.
It is not at all surprising that MS avoids certain spyware. After all, when
you install MS operating systems out of the box you get Alexa before you
connect to any network.
-B-
-----Original Message-----
From: Quark IT - Hilton Travis [mailto:Hilton@quarkit.com.au]
Sent: Friday, October 21, 2005 4:51 PM
To: focus-virus@securityfocus.com
Subject: Microsoft AntiSpyware falling further behind
Hi All,
It seems that not only does Microsoft AntiSpyware recommend that
Claria's spyware is ignored, but it also misses a significant amount of
cookies that are placed on a system - I have a VPC environment where I
browse the Internet so that anywhere I go won't affect my regular
Windows session/installation. Regularly CounterSpy is detecting cookies
(such as Cok.ad.yieldmanager, CGI-Bin, Cok.AssassinTrojan2.0 and Zedo
(from yesterday's browsing)) that Microsoft AntiSpyware simply does not
know about.
Now, this is not only disappointing, but potentially dangerous. Any
customer or end user running Microsoft AntiSpyware or CounterSpy is not
being protected from these cookies, and MSAS doesn't even detect them -
that's right, neither program's active monitoring is stopping the
installation of these cookies, but at least CounterSpy is detecting them
post-installation.
AntiSpyware is far, far from the accuracy of antivirus, especially
something like NOD32. I wonder how long it will be before a decent
AntiSpyware application is released that, like NOD32 does with viruses,
actually stops spyware *before* it is installed?
--
Regards,
Hilton Travis Phone: +61 (0)7 3344 3889
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark Group http://quarkgroup.com.au/
Microsoft Small Business Specialists
http://www.threatcode.com/ <-- its now time to shame poor coders
into writing code that is acceptable for use on today's networks
War doesn't determine who is right. War determines who is left.
This document and any attachments are for the intended recipient
only. It may contain confidential, privileged or copyright
material which must not be disclosed or distributed.
