Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Microsoft AntiSpyware falling further behind

from [Nathan Kline] Network Security [Permanent Link]
Subject: RE: Microsoft AntiSpyware falling further behind
Date: Wed, 26 Oct 2005 13:53:10 -0400 
What about the proactive spyware treatment?  Everything that's been said
here is reactive.  I'd rather it not even get on my machine in the first
place.  A couple practices that I personally use are: 

1.  Turn on the option to ask me about all cookies, say "yes" only to
the ones needed (most browsers are capable of this in privacy settings).
This can be a little annoying at first because you feel like you're
saying yes and no to every website that you go to ... But after a while,
you don't have to worry about it nearly as much because it remembers
your choices.  

2.  Using Firefox instead of IE (I've found this to be one of the most
helpful anti-spyware measures).  Actually READ the EULAs for "free"
software that you install to see if they come bundled with adware /
spyware (sometimes they actually tell you!).

3.  Not saying that reactive treatment is bad, because I do use those
measures as well ... MSAS running and scanning my computer daily as well
as Spybot S&D ... But using the proactive methods that I use, I will
MAYBE get 1 tidbit of adware on my machine a month or so and it's almost
always been easily removed by one of the afore mentioned reactive
programs.

Nathan
IS Admin


-----Original Message-----
From: Kieran Murphy [mailto:Kieran.Murphy@powerscreen.co.uk] 
Sent: Wednesday, October 26, 2005 11:05 AM
To: Bruce Klein; Quark IT - Hilton Travis; focus-virus@securityfocus.com
Subject: RE: Microsoft AntiSpyware falling further behind

We take the same layered approach.

Trend IWSS at gateway with Trend OfficeScan inc Firewall / Anti-Spy on
desktops, complimented by either Spybot / MS AntiSpyware, and we do find
that one system will detect stuff the others don't.

Trend especially appears to detect lots more problematic cookies than
any of the others. The layered approach is the best, as you can not
depend upon one vendor getting updated dat files out quicker than the
others, but by having multiple layers you increase your chances of
getting a update for one of your range of products quicker. 

And Spybot and MS are both free, so it should be feasible for everyone
to have a layered approach.

Rgds, K.

-----Original Message-----
From: Bruce Klein [mailto:bruce.klein@iovation.com]
Sent: 25 October 2005 22:20
To: Quark IT - Hilton Travis; focus-virus@securityfocus.com
Subject: RE: Microsoft AntiSpyware falling further behind

There will never be a perfect solution - don't wait. 

For the moment think of Spyware as cold weather and you want to be
protected (warm); put on layers to protect yourself. 

Symantec has updated themselves to add Spam and Spyware to their
antivirus product. We are using Symantec, Websweeper, MS anti-spyware,
and Whole Security (behavior based AS).  

You might say this is overkill but who knows for sure - while they all
play nice together I feel like I am at home by the fireplace with a good
supply of logs.

 
Regards,
 
Bruce Klein |Director of IT
O:503-943-6750
C:971-645-7304
F:503-224-1581
www.iovation.com

-----Original Message-----
From: Quark IT - Hilton Travis [mailto:Hilton@quarkit.com.au]
Sent: Friday, October 21, 2005 1:51 PM
To: focus-virus@securityfocus.com
Subject: Microsoft AntiSpyware falling further behind

Hi All,

It seems that not only does Microsoft AntiSpyware recommend that
Claria's spyware is ignored, but it also misses a significant amount of
cookies that are placed on a system - I have a VPC environment where I
browse the Internet so that anywhere I go won't affect my regular
Windows session/installation.  Regularly CounterSpy is detecting cookies
(such as Cok.ad.yieldmanager, CGI-Bin, Cok.AssassinTrojan2.0 and Zedo
(from yesterday's browsing)) that Microsoft AntiSpyware simply does not
know about.

Now, this is not only disappointing, but potentially dangerous.  Any
customer or end user running Microsoft AntiSpyware or CounterSpy is not
being protected from these cookies, and MSAS doesn't even detect them -
that's right, neither program's active monitoring is stopping the
installation of these cookies, but at least CounterSpy is detecting them
post-installation.

AntiSpyware is far, far from the accuracy of antivirus, especially
something like NOD32.  I wonder how long it will be before a decent
AntiSpyware application is released that, like NOD32 does with viruses,
actually stops spyware *before* it is installed?

--

Regards,

Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark Group                   http://quarkgroup.com.au/

Microsoft Small Business Specialists

http://www.threatcode.com/ <-- its now time to shame poor coders into
writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.

This document and any attachments are for the intended recipient
  only.  It may contain confidential, privileged or copyright 
     material which must not be disclosed or distributed.

The information contained in this email message may be privileged,
confidential and protected from disclosure. If you are not the intended
recipient, any dissemination, distribution or copying is strictly
prohibited. If you think that you have received this email message in
error, please notify the sender by reply email and delete the message
and any attachments.


**********************************************************************
CONFIDENTIALITY NOTICE.

This email is private and confidential and may contain legally
privileged information. If you are not named as an addressee it may be
unlawful for you to read, copy, distribute, disclose or otherwise use
the information contained in this email. If you are not the intended
recipient of this email please destroy this communication and contact:

itsecurity@terex-irl.com

Any views or opinions presented are solely those of the author and do
not necessarily represent those of the company unless otherwise stated.
The contents of any attachment to this email may contain software
viruses which may damage your computer system. The Terex Group has taken
all reasonable precautions to minimise any risk, but cannot accept
responsibility for any damage which may be sustained as a result of any
such viruses. The recipient should conduct their own virus checks before
opening any attachment to this email.

www.powerscreen.com
**********************************************************************
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Microsoft AntiSpyware falling further behind, Evan Mann
Next by Date:  RE: Microsoft AntiSpyware falling further behind, Bruce Klein
Previous by Thread:  RE: Microsoft AntiSpyware falling further behind, Roger Padilla
Next by Thread:  RE: Microsoft AntiSpyware falling further behind, Bruce Klein
Indexes:  [Date] [Thread] [Top] [All Lists]