Giant Antispyware

[Zoe Yap]

1. I've just downloaded the Microsoft Antispyware Beta
program recently. When I wanted to report a suspected
spyware, I had to allow access to gcasDtServe.exe and
other files on the firewall. I noticed that Giant
Antispyware appears in the Microsoft Antispyware folder and
I'm not sure whether this is regular.


2. Also, I use Spybot Search and Destroy too. In the search
results, it displayed
HKEY_USERS\S-1-5-18\software\microsoft\windows\currentversion\internet
settings\zones\0\1004!=W=3 and other similar files as
possible threats. It wrote: "security hole in IE allowing
website to execute code without asking first." It referred
to "http://security.greymagic.com/adv/gm001-ie" as
reference. Are these info accurate and reliable?

 

[Guest]

It's funny replying to my own email. But, I think I already understand why
Giant Antispyware appears--I read the discussions on this topic. But, I would
still like to reconfirm if I can delete the file
HKEY_USERS\S-1-5-18\software\microsoft\windows\currentversion\internet

settings\zones\0\1004!=W=3

TQ for advice.

 

[AndyManchesta]

Are all your security patches up to date with Microsoft
or have you changed the security settings, If not what
version of Spybot are you running (Goto help on the top
bar then About and make sure its Spybot 1.4) ?

If your not sure about the securiy updates then visit

http://windowsupdate.microsoft.com/

There was a bug discovered a few years back that allowed
malicious code to run in a normally hidden security zone
in Windows called the My Computer zone. Note this was
patched along time ago so its not a issue now. You will
not notice any difference in how things work on your
system when this item is disabled(Fixed by spybot)in the
My Computer zone. It actually is nothing at all like all
the DSO exploits if you have the patches from Microsoft.
This patch has been available for over 3 years.

Basically what's happening is that Spybot is finding that
the security setting for "Download unsigned ActiveX
controls" for "My Computer" zone in Internet Explorer is
not set to disabled. Given that anyone who is properly
patched (via Windows Update) is not vulnerable to this
exploit anymore, this is really not a issue and my
version of spybot isnt detecting this if I enable the
setting or disable it which makes me think you may have a
older version of spybot or no security patches but
provided your system is patched, you have nothing to
worry about.

Here's the values displayed:

..\Internet Settings\Zones\0\1004!=W=3

The "\0\" points to the My Computer Zone. The key "1004"
holds the value for the specific setting "Download
unsigned ActiveX controls". The "!=" means "not
equal". "W=3" (word value of 3) specifically
means "disabled". Therefore, Spybot is finding that this
setting is not disabled.

Here's the options:

1.Check your version of Spybot and goto Microsoft Updates
and see if there is anything available

2.Let spybot fix it

3.Goto Start Menu then Control Panel then Click Internet
Options, Goto the security tab then press Custom Level.

Scroll down abit to you see

"Download Unsigned ActiveX controls"

Set that to disable then press OK

But like I said earlier on my system changing this doesnt
make spybot detect it anymore so Im curious why its being
detected on yours, let us know if you have problems with
anything.

Regarding the Giant Antsipy name this is to be expected
at this early stage of the beta, Im sure all references
to Giant will be removed before the final release and
maybe even by beta 2 so it is the same for all beta
users

Regards

Andy