Can MASB be trusted?

  • Thread starter Thread starter MAP
  • Start date Start date
M

MAP

M/S coming out with a spyware scanner was a great idea and
welcomed by the internet comunity,but that trust has been
broken.
http://www.spywareinfo.com/newsletter/archives/2005/july20.php

For those who have never heard of spywareinfo.com and think
this is BS, Mike Helan who runs this site has been around
for several years and has helped thousands of people rid
their system of parasites.He was one of the first to do so.
 
Hey MAP

I have alot of respect for SpywareInfo but his facts are
wrong and its hard to know why he would print such
rubbish given his experience and knowledge,

I lost interest after reading a few lines because its
just not true, He states this:
----------------------------------------------------------
Whatever the reason, this means that Gator, Dashbar and
other adware could install on a computer supposedly
protected by Microsoft AntiSpy, without warnings popping
up. Since Microsoft altered their users' settings without
informing them, those users may not realize that they
have to change their ignore list in order to detect these
adware programs. If a user runs a scan of their hard
drive, those adware programs will not show up in the
results because they are on the ignore list.
----------------------------------------------------------

The above is so far of the truth that he might as well of
said MSAS makes the moon come out at night ;)

The user does not have to change any settings for MSAS to
detect Claria or any of Claria's products,If you try to
install it then you will recieve Warning pop ups that its
Adware and a threat, If you choose to ignore the warnings
then when you reboot it will give another warning asking
if you are sure you want to allow the threat to run on
your system,

If you scan on the default setting using MSAS it will
detect all the traces of Claria in the scan, even though
these are now set to ignore it still detects all traces
and then you have the option if you wish to remove it or
keep it, Claria can be removed using the Add/remove
screen so I understand the downgrading of this.

Im not sure what SpywareInfo hope to achieve by printing
lies but to me it's just another Anti-MS story where the
Author hasnt used his brain before posting it, It would
of took him about 30 minutes to test this himself then he
would of seen the story is a joke. If he continues
posting rubbish I'm sure the respect people have for him
will not last very long.

You try installing Claria on your system, its not a major
threat and cannot cause you any long term problems and
then you will see what I mean the story is a waste of
time, his for writing it and yours for believing it .

Regards

Andy
 
Hi Map

In this case its fair to say he hasnt tested anything and
just decided to write a Anti-MS story for what reason I
cannot explain.

I dont represent MS in any way, Im not a MVP and I do not
like Claria but his story is a joke, Im happy to run
claria on my system again and see if anythings changed
since I tested it last which was approx 3 or 4 weeks ago

I will repost here in abit to let you know what happens

Andy
 
Hi Again

I cannot get any of them to download, It keeps saying my
security settings will not allow it even though Ive set
everything to enable and lowered my settings in all
area's, Ive just emailed Claria and asked them to send me
the setup files if possible,

I tested cpu rocket afew weeks ago and got red pop up
warnings at every stage of installing from MSAS also I
got over 3100 traces of Claria when MSAS scanned.
CpuRocket has changed though because its not added Claria
dashbar or Claria.Gain.Trickler this time but I'm
starting to realize what you mean.

It doesnt look good for MS because when I ran Cpurocket
this time I got a green pop up saying MS had allowed the
change and scanning with MSAS doesnt find any traces so I
will have to retract my statement about this story being
a joke, Somethings changed both with Claria's file and
MSAS's detection. I need to check this in more detail
when I can get the other Claria files to download but at
this stage it looks like you and spywareInfo are correct.

If this is true and its not detecting Claria anymore then
I would stop using MSAS straight away because looking at
the ignore list in the menu its empty so who are they to
say what should be ignored especially if there's no way
to enable them.

Its too early for me to comment without first testing
Claria's other files but I agree things have changed and
its now not detecting the files it did afew weeks ago,

I thought this story was false but how can a scanner that
found over 3100 traces 3 weeks ago now not detect
anything, I appreciate Claria have changed this file
because its not added folders in the common files area
the way it did last time but something's not right here.

Sorry for implying you are wrong I'm still having
problems believing this so Im eager to test all of
Claria's files now to at least get Trickler & dashbar
back on my system again as this was where most of the
detections were from,

Id love to say its fine and there isnt a problem but
straight away I can see things have changed regarding
Claria's CPUrocket, it didnt give any warnings this time
and just gave a green pop up that it allowed the
change,Spysweeper which has real time protection did give
a warning that Gain was installing a start up entry so
this is very strange. I will repost if i get the other
files to download im going to try again now, I just
wanted to reply to correct my earlier posts because from
the quick test I've just done it appears you are right.

Andy
 
Claria just made it easier they emailed to say all the
downloads come from Gain Publishing so I should make sure
that its not added to any restricted lists, They know the
score ;) Id removed Claria from the retricted list but
there was 2 entries for Gain probably added by
SpywareBlaster so I can now get the files I wanted, I'll
post anything thats usefull once Ive run all the files

Andy
 
Hi MAP,
Folks are entitled to their opinions. It appears from the article that he
changed his tone towards the end.

I don't bother with a lot of the E-press because it's mostly sensationalism
and David V. Goliath chest beating. But, that's my opinion.

Ron Chamberlin
MS-MVP
 
Hi Again

The story is a joke there isnt anything to worry about ,
The only thing that has changed is that CPUrocket is now
clean, thats why it wasnt being detected,Now ive got the
other files its a different story, MSAS is detecting
everything and displaying red warning's as usual. I will
follow up with screen shots and detection levels once Ive
run all the scanners

Regards Andy
 
Here's the results

I downloaded and Installed all these:

Precision Time, DateManager, Gator eWallet, CPU Rocket,
Weatherscope, Dashbar, WebSecureAlert, ScreenScenes & Got
Smiley

I recieved warnings for everyone except CPU Rocket which
now appears to be clean,For
eWallet,WebSecure,ScreenScenes & Gotsmiley there was
warnings for Claria.Gain & Claria.Gain.Trickler

Here's the screen shots of the Warnings :

Dashbar
-------
http://andymanchesta.com/MSAS/Claria.Dashbar.jpg

Trickler
--------
http://andymanchesta.com/MSAS/Claria.Trickler.jpg

Gain
-----
http://andymanchesta.com/MSAS/ClariaGain.jpg

DateManager
-----------
http://andymanchesta.com/MSAS/DateManagerNorton.jpg

PrecisionTime
-------------
http://andymanchesta.com/MSAS/Precision Time.jpg

WeatherScope
------------
http://andymanchesta.com/MSAS/Weatherscope .jpg


It was not possible to run any of them while real time
protection was enabled,If i clicked Allow it then gave
this warning for each :

AllowThreat
-----------
http://andymanchesta.com/MSAS/Allowthreat.jpg

But even choosing yes would bring the Red Alert box back
up so I had to disable real time protection to get them
to install.


Detection Levels(All scanners run with latest definitions)
----------------------------------------------------------

MS Antispyware run on the default setting found 5539
Traces:

http://andymanchesta.com/MSAS/MSAS Results.jpg

even though they are set to ignore by default

http://andymanchesta.com/MSAS/MSASresults1.jpg



Spysweeper found 5522 and 6 cookies

http://andymanchesta.com/MSAS/Spysweeper.jpg



Adaware Se found 130 & 6 cookies

http://andymanchesta.com/MSAS/Adaware.jpg



Spybot S&D found 49 Traces

http://andymanchesta.com/MSAS/Spybot.jpg



Thats it really nothings changed except CPUrocket, MSAS
is still at the top of the list as it was when I tested
it a few weeks ago, Now I get to see how easy all this
crap is to remove but I'm glad I ran the tests to
hopefully put a end to all this about Claria.

Time for me to do some cleaning up ;)

All the best

Andy
 
Hi Andy

Well, we can test this many times but
my conclusion is to follow Donnas "General recommendations" !

Maybe its OK with Claria but more is for sure coming !

A user must be crazy if he/she only trust MS as long as MS runs MSN !


General Recommendations
- It is recommend you install more than 2 antispyware programs. No
single antispyware will detect and remove all threats. Only allow one
real time protection to avoid system instability. Before installing
additional antispyware program, consult the vendor for known issues.
Some users are using more than 1 antispyware because not all
antispyware can detect or remove all known threats. Remnants maybe
harmless but a good antispyware should be able to remove all traces
(including setup logs, contact info et al). Some adware / spyware
bundled application will allow the user to completely remove the
application using its own uninstaller or Add/Remove Programs utility in
Windows. In some cases, An antispyware that may not remove all the
visible remnants or traces of the adware / spyware bundled application,
a user may require another antispyware tool or privacy tool to remove
it.

- Scan the system for spyware / adware regularly. Remember to use the
uninstaller or the Add/Remove Programs utility in Windows to remove
detected threats prior running a clean-up using any tools. You may not
need to use 3 or 5 antispyware tools if Add/Remove Programs can remove
the program successfully!

- The detections and removal method of antispyware programs differ from
one another for many reasons: threat are not always identified, failure
to end the running processes of the threat which may cause the failure
to remove the known threat, threat analysis and classification etc.
These are the reasons that we need more than 1 antispyware to allow
another antispyware to lookup for any missed or undetected common or
known threats.

-If you suspect spyware behavior in your system but the tool reports 0
spyware /adware, get the HijackThis diagnostic tool by Merijn. Seek
advise in forums that offer HijackThis analysis. You can find these
forum in Alliance of Security Analysis Professionals

- Get involved by submitting suspicious files to antispyware vendors.
Report false positives too. If the antispyware failed to detect a known
threat, let the vendor know and demand updates and fixes!
Don't be fooled by some antispyware products. Visit The Spyware Warrior
List of Rogue/Suspect Anti-Spyware Products & Web Sites before
downloading or buying one.
 
Just checked the screenshot's again Spysweeper detected
5556 traces of Claria & 6 cookies which puts them top of
the list, MSAS a very close second though ;)

I removed them all from Add/remove screen and rebooted,
Spysweeper still found 2023 traces(registry entries in
software/gator folder and the start menu entries)

Removed them and Its now clean again.Thats me done for a
while I'm working a few hours so need some sleep

Regards

Andy
 
Hi Plun the tests are for people like you who want to
keep putting MSAS down even though there is no evidence
of them doing anything wrong, Im not interested if they
are set to ignore after a scan as long as they are
detected,

You have the right to your own view but thats what it
should be, if you follow people like Ben Edelman then you
will end up paranoid thinking MS is the cause of every
problem in the world, He likes to try make news out of
spyware even if there isnt any news, Im sure he will
always find something to rant on about.

Same with SpywareInfo now they have joined in spreading
crap about MSAS which is stupid, Ive run these tests for
myself after reading SpywareInfo to make sure its not
changed since I tested it last, I thought there may be a
problem with it not detecting CPU rocket but thats just
because Claria have removed Trickler and Dashbar from the
file so its clean now,

I dont mean to be rude plun but if you follow people
around and always agree with what complete strangers say
then you will have problems in the future, You need to
keep a open mind about everything you read and test
things for yourself,

Im not saying people should just use MSAS, its beta so
thats unwise at this stage but you cannot keep ranting
about Claria now because Ive shown again SpywareInfo is
wrong and Ben Edelman and the rest of the idiots who
write stories without using their brains and testing them
first.

Donna is different she has done a detailed test without
the need to put any of the removers down so I respect
people like that who show the facts as they are and not
try twist them to make headlines

Im going to bed im working in a few hours,I'll chat to
you later

Andy
 
Hi Andy

MSAS is great but beacuse of this definition challenge
a user will need more protection until MS is
totally clear about how to deal with ad/spyware.

I trust MSAS engine but not definitions, thats all.

And I recommend people to install it but also to use
one more app. Really easy.
 
No Problem Bill glad to be able to help out,

Ive caused a few problems over at SWI regarding this post
and said the person who wrote either has a major problem
with Microsoft or doesnt know how to do research on the
posts he makes,

At first I was told I was wrong by the so
called 'Experts' and that the latest MSAS now ignores all
of Claria's products so I followed up with the details
and screenshots and everything when very quite after
that, they said I must be using old definitions so I
replied with the definitions from each remover which is
the latest then the only reply after that was that Mike
Healan uses that newsletter to pay for SpywareInfo by
adding adverts to the file and its only his own view

Ive replied if thats his own view then he needs to test
things next time because the newsletter goes to over
17,000 people and his own view can cause alot of damage
when it's 90% false, I know I will not read his
newsletter now after seeing that story because its
obvious he is just trying to make headlines by making up
stories which doesnt help anyone.

Regards

Andy
 
Another more mainstream journalist posted that "final code" for Microsoft
Antispyware was available (I think at the time .613 came out.)

Very odd when "final code" is labelled "Beta1.) In both cases, they needed
a "fact checker" to check the actual facts.
 
Back
Top