Evan,
I have noticed that this thread has generated quite a bit of interest.
No doubt this is a direct result of the "pain" that those of us in IT have
felt battling the ever increasing threat of spyware. As was mentioned in
the initial posting -- MSAS fails to detect a great deal of spyware. I have
seen this first hand -- but in all fairness no matter which product you go
with, their all signature based, consequently some spyware will slip through
the cracks. We have gone with SSE (Spy Sweeper Enterprise) and are very
happy with it. As the administrator of SSE here at the university I work
for, I can attest to the value in having a centrally managed anti-spyware
solution. The ROI on purchasing and deploying SSE has been tremendous --
there has been a drop of at least 90% in reported spyware infections.
If you haven't already evaluated SSE, I would recommend doing so -- you will
have a sales person contacting you in no time. Just play hard to get :-)
The price is negotiable.
--------------------------------------------
Roger Padilla, Jr.
California Polytechnic State University
San Luis Obispo, CA
ITS/PS3
Network Analyst
Office: (805) 756-5294
Email: mailto:ropadill@calpoly.edu
--------------------------------------------
-----Original Message-----
From: Evan Mann [mailto:emann@pinnaclefinancial.com]
Sent: Wednesday, October 26, 2005 11:31 AM
To: focus-virus@securityfocus.com
Subject: RE: Microsoft AntiSpyware falling further behind
Sometimes it's a heck of a lot easier and quicker to rebuild a computer then
fight a heavy spyware infection. I can save peoples files and re-ghost a
computer in < 10 minutes. Fighting a spyware infection with multi products
can take 3-4 times longer than that.
Multi-layer approach is a good idea, but in the enterprise, if the products
cannot be centrally managed, I find it extremely difficult to use these
products and their active protection. I install Spybot and Ad-aware on
every machine, but I use no active protection for these products. We have
them there for when a user calls us who is already infected with
spyware/adware.
I'm trying to decide on an enterprise app. MSAS looked very promising in
it's stand-alone beta, and hopefully an enterprise version will continue on
the path. CounterSpy doesn't scale in the way I'd like it to in it's
current versions for a distributed WAN. Webroot seemed nice, but pricing
was ridiculous. I've been told you can get the pricing way down if you
nudge a little. Pest Patrol (prior to CA purchasing it) was absolutely
horrible IMO. I have not seen it since CA has had a chance to develop it.
That leaves what's included with AV vendors. Symantec is late to the game
(compared to McAfee in Trend) with v10, but it's decent. Trend's and
McAfee's door a pretty good job of active protection an removal, but they
lack the robustness of a product like Spybot S&D or even Ad-Aware, IMO. In
time they will develop, but it's hard to play catchup to these already
established products.
-----Original Message-----
From: Joe George [mailto:j.george@conservation.org]
Sent: Wednesday, October 26, 2005 11:08 AM
To: Planz; Quark IT - Hilton Travis
Cc: focus-virus@securityfocus.com
Subject: RE: Microsoft AntiSpyware falling further behind
I would also recommend running MSAS and/or any other anti-spyware utility on
normal mode and once in safe mode for good measure. I was amazed at what
wasn't being picked up in some cases after running once.
I definitely agree with Bruce Klein. Using more anti-spyware apps maybe
overkill, but if it doesn't affect the host machine negatively, might as
well. Rebuilding computers should be a last resort.
Best,
Joe
-----Original Message-----
From: Planz [mailto:planz2009@gmail.com]
Sent: Tuesday, October 25, 2005 9:36 PM
To: Quark IT - Hilton Travis
Cc: focus-virus@securityfocus.com
Subject: Re: Microsoft AntiSpyware falling further behind
My experience with MSAS was also similar. To verify whether MSAS is really
working, I used SpybotS&D to scan my PC after surfing for sometime. MSAS,
didn't alert me during the surfing, but SpybotS&D detected a lot. No single
security solution is a saviour.
Quark IT - Hilton Travis wrote:
Hi All,
It seems that not only does Microsoft AntiSpyware recommend that
Claria's spyware is ignored, but it also misses a significant amount of
cookies that are placed on a system - I have a VPC environment where I
browse the Internet so that anywhere I go won't affect my regular
Windows session/installation. Regularly CounterSpy is detecting
cookies
(such as Cok.ad.yieldmanager, CGI-Bin, Cok.AssassinTrojan2.0 and Zedo
(from yesterday's browsing)) that Microsoft AntiSpyware simply does not
know about.
Now, this is not only disappointing, but potentially dangerous. Any
customer or end user running Microsoft AntiSpyware or CounterSpy is not
being protected from these cookies, and MSAS doesn't even detect them -
that's right, neither program's active monitoring is stopping the
installation of these cookies, but at least CounterSpy is detecting
them
post-installation.
AntiSpyware is far, far from the accuracy of antivirus, especially
something like NOD32. I wonder how long it will be before a decent
AntiSpyware application is released that, like NOD32 does with viruses,
actually stops spyware *before* it is installed?
--
Regards,
Hilton Travis Phone: +61 (0)7 3344 3889
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark Group http://quarkgroup.com.au/
Microsoft Small Business Specialists
http://www.threatcode.com/ <-- its now time to shame poor coders into
writing code that is acceptable for use on today's networks
War doesn't determine who is right. War determines who is left.
This document and any attachments are for the intended recipient
only. It may contain confidential, privileged or copyright
material which must not be disclosed or distributed.
