Is Microsoft ever going to expose ADS to the end user?

  • Thread starter Thread starter Vanguard
  • Start date Start date
V

Vanguard

While not anywhere near as nasty as rootkits or using kernel-mode drivers to
hide from APIs, I'd still like to know when Microsoft will begin including
user-friendly tools in the install of Windows (rather than make the user
hunt for the tools) that will expose, list, and detail the content of
alternate data streams for files. Yes, there are 3rd party tools that will
expose them but ADS has been around as long as NTFS because ADS is a feature
of NTFS. When I last asked almost 60 programmers and QA testers who
consider themselves knowledgeable about Windows, the number of expert users
that even heard of ADS could be counted with the free fingers on one hand
while clenching a beer.

So many users haven't a clue what are cookies and they go screaming
"Cookies, Cookies" without a clue as to what they are, that something ELSE
has to create and use them, the browser can be configured to control them,
and that there are plenty of utilities around to manage them. Then came
..sol files for Flash player that were supposedly evil despite the ability to
configure them so they don't get created. Yet these are docile files that
something else has to create and use. Yet there's no noise about ADS and
what can be hidden in there. It wasn't until Ad-Aware SE added detection of
ADS that then some other utilities started including its detection, and most
anti-virus programs never bother to look there and rely almost entirely on
their on-access scanner (because their on-demand scanner doesn't look in the
ADS of files) to catch the content of ADS when it gets read or loaded into
memory to then see if it is bad.

Kaspersky's anti-virus product stores data in the ADS so it can determine if
the file has changed and, if not, it doesn't need to rescan that file which
is how they hid that their scanner is a bit slow, something akin to web
"accelerators" offered by several ISPs that merely don't download all of the
content of graphic images so it looks like surfing is faster. That's about
the only "good" use that I've seen for ADS. Are there any others? And why
is ADS still so well hidden from the user simply due to the lack of
utilities to expose it, like not even indicating in Explorer that ADS is
used on a file, how many alt streams there are, and a means of looking at
them? It's not like ADS is something new.

ADS has been part of NTFS as long as NTFS has been around. Like cookies,
they don't do anything by themselves. Something else has to read them or
load them into memory to execute their content, but with everyone screaming
that cookies are so evil then why hasn't ADS been addressed? Presumably the
"something else" gets detected so it can't use or run the content in the
alternate stream. The only malicious use that I've seen so far is in
consuming disk space without the user having a clue as to why. An innocent
looking 4KB .txt file on the hard drive in an NTFS partition could have a
100GB ADS on it. Ad-Aware will alert on the ADS and TDS-3, as I recall,
will also alert, and there are 3rd party tools to find which files have
alternate data streams, but most users wouldn't even know that they should
be looking because Microsoft has done an excellent job of hiding when a file
has alternate data streams.

Some references:
http://support.microsoft.com/?id=105763
http://snipurl.com/7g73
http://www.ntfs.com/ntfs-multiple.htm
http://support.microsoft.com/?id=105763
http://www.windowsecurity.com/articles/Alternate_Data_Streams.html

Utilities to detect ADS:
http://www.heysoft.de/nt/ntfs-ads.htm
http://www.crucialsecurity.com/downloads.html (crucialADS utility)
http://www.sysinternals.com/ntw2k/source/misc.shtml#streams

Even if Microsoft gets around to adding cookie detection for supposedly
"bad" domains (yeah, like we need to manage a huge list of bad domains
rather than add whitelisting for good ones and force all others to be
per-session cookies by deleting them on exiting IE), I bet they'll still
miss the oh-so evil .sol cookie files left behind by Macromedia's Flash
player (and, no, those files aren't anymore hazardous than .txt cookie
files) despite that the user can configure Flash to not create or save any
..sol files (but, like Microsoft, Macromedia didn't make it obvious to the
user).

If Microsoft is going to waste their time compiling and maintaining a huge
list of "bad" domains so MSAS can detect or block cookies created for those
domains, why not add detection of .sol cookies and of files using ADS?
Exposing the use of ADS would be more important than showing the user that
they have .txt (or .sol) files which already can be managed.
 
Plun,Every time a new individual enters the newsgroups we are faced with the
same issues that have been beaten to death, All I can say is here we go
again.

Ira
: Hi
:
: Why waste money on that ?
:
: Better to use a chip or we are in a major road cross now
: for future ? Thats the question !?
:
: Reference:
: https://www.trustedcomputinggroup.org/home
:
: regards
: plun
:
: on 2006-01-13, Vanguard supposed :
: > While not anywhere near as nasty as rootkits or using kernel-mode
drivers to
: > hide from APIs, I'd still like to know when Microsoft will begin
including
: > user-friendly tools in the install of Windows (rather than make the user
hunt
: > for the tools) that will expose, list, and detail the content of
alternate
: > data streams for files. Yes, there are 3rd party tools that will expose
them
: > but ADS has been around as long as NTFS because ADS is a feature of
NTFS.
: > When I last asked almost 60 programmers and QA testers who consider
: > themselves knowledgeable about Windows, the number of expert users that
even
: > heard of ADS could be counted with the free fingers on one hand while
: > clenching a beer.
: >
: > So many users haven't a clue what are cookies and they go screaming
"Cookies,
: > Cookies" without a clue as to what they are, that something ELSE has to
: > create and use them, the browser can be configured to control them, and
that
: > there are plenty of utilities around to manage them. Then came .sol
files
: > for Flash player that were supposedly evil despite the ability to
configure
: > them so they don't get created. Yet these are docile files that
something
: > else has to create and use. Yet there's no noise about ADS and what can
be
: > hidden in there. It wasn't until Ad-Aware SE added detection of ADS
that
: > then some other utilities started including its detection, and most
: > anti-virus programs never bother to look there and rely almost entirely
on
: > their on-access scanner (because their on-demand scanner doesn't look in
the
: > ADS of files) to catch the content of ADS when it gets read or loaded
into
: > memory to then see if it is bad.
: >
: > Kaspersky's anti-virus product stores data in the ADS so it can
determine if
: > the file has changed and, if not, it doesn't need to rescan that file
which
: > is how they hid that their scanner is a bit slow, something akin to web
: > "accelerators" offered by several ISPs that merely don't download all of
the
: > content of graphic images so it looks like surfing is faster. That's
about
: > the only "good" use that I've seen for ADS. Are there any others? And
why
: > is ADS still so well hidden from the user simply due to the lack of
utilities
: > to expose it, like not even indicating in Explorer that ADS is used on a
: > file, how many alt streams there are, and a means of looking at them?
It's
: > not like ADS is something new.
: >
: > ADS has been part of NTFS as long as NTFS has been around. Like
cookies,
: > they don't do anything by themselves. Something else has to read them
or
: > load them into memory to execute their content, but with everyone
screaming
: > that cookies are so evil then why hasn't ADS been addressed? Presumably
the
: > "something else" gets detected so it can't use or run the content in the
: > alternate stream. The only malicious use that I've seen so far is in
: > consuming disk space without the user having a clue as to why. An
innocent
: > looking 4KB .txt file on the hard drive in an NTFS partition could have
a
: > 100GB ADS on it. Ad-Aware will alert on the ADS and TDS-3, as I recall,
will
: > also alert, and there are 3rd party tools to find which files have
alternate
: > data streams, but most users wouldn't even know that they should be
looking
: > because Microsoft has done an excellent job of hiding when a file has
: > alternate data streams.
: >
: > Some references:
: > http://support.microsoft.com/?id=105763
: > http://snipurl.com/7g73
: > http://www.ntfs.com/ntfs-multiple.htm
: > http://support.microsoft.com/?id=105763
: > http://www.windowsecurity.com/articles/Alternate_Data_Streams.html
: >
: > Utilities to detect ADS:
: > http://www.heysoft.de/nt/ntfs-ads.htm
: > http://www.crucialsecurity.com/downloads.html (crucialADS utility)
: > http://www.sysinternals.com/ntw2k/source/misc.shtml#streams
: >
: > Even if Microsoft gets around to adding cookie detection for supposedly
"bad"
: > domains (yeah, like we need to manage a huge list of bad domains rather
than
: > add whitelisting for good ones and force all others to be per-session
cookies
: > by deleting them on exiting IE), I bet they'll still miss the oh-so evil
..sol
: > cookie files left behind by Macromedia's Flash player (and, no, those
files
: > aren't anymore hazardous than .txt cookie files) despite that the user
can
: > configure Flash to not create or save any .sol files (but, like
Microsoft,
: > Macromedia didn't make it obvious to the user).
: >
: > If Microsoft is going to waste their time compiling and maintaining a
huge
: > list of "bad" domains so MSAS can detect or block cookies created for
those
: > domains, why not add detection of .sol cookies and of files using ADS?
: > Exposing the use of ADS would be more important than showing the user
that
: > they have .txt (or .sol) files which already can be managed.
:
:
 
Vanguard said:
While not anywhere near as nasty as rootkits or using kernel-mode
drivers to hide from APIs, I'd still like to know when Microsoft will
begin including user-friendly tools in the install of Windows (rather
than make the user hunt for the tools) that will expose, list, and
detail the content of alternate data streams for files.
Click to expand...

Well for the vast majority of users, who can barely tell the difference
between a PC, Windows and Office, that would be as useful as making
brain-surgery kits available in supermarkets.

The Microsoft/industry effort needs to go into making the benefits of
any protection technology work for these people without exposing them to
the inner workings. And then it's a good thing for third-party companies
to make geek-level tools.
 
Hi Ira

I´ve seen the same from Vanguard.......... ;)

It must come to a conclusion beacuse this is
a mess.

So read and think what you are seeing.

http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

http://aumha.net/viewforum.php?f=30

http://www.bleepingcomputer.com/forums/forum22.html

This is a real shame with all helpless users and protection
which don´t work.

And MS must speak out and inform about PUPs and the challenge
with all trojans.

If they can detect ADS streams and similar is NOT important.

Information, information and information.


regards
plun





Ira explained :
 
Plu, You have voiced what I have been asking for consistently in these
newsgroups==Microsoft, Please give us some word that you are reading these
NG's and are aware of what is going on. The non responsive attitude is
really causing causing many, many repeat threads about the same issues but
you have note said anything to date, Those of us who are constantly coming
to your defense are getting bored and frustrated with your attitude. Please
give us all a break and share with us.
This states my views and what I think are the general consensus. Plun, this
pretty well says how I feel.
Ira

: Hi Ira
:
: I´ve seen the same from Vanguard.......... ;)
:
: It must come to a conclusion beacuse this is
: a mess.
:
: So read and think what you are seeing.
:
:
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
:
: http://aumha.net/viewforum.php?f=30
:
: http://www.bleepingcomputer.com/forums/forum22.html
:
: This is a real shame with all helpless users and protection
: which don´t work.
:
: And MS must speak out and inform about PUPs and the challenge
: with all trojans.
:
: If they can detect ADS streams and similar is NOT important.
:
: Information, information and information.
:
:
: regards
: plun
:
:
:
:
:
: Ira explained :
: > Plun,Every time a new individual enters the newsgroups we are faced with
the
: > same issues that have been beaten to death, All I can say is here we go
: > again.
: >
: > Ira
: > : >> Hi
: >>
: >> Why waste money on that ?
: >>
: >> Better to use a chip or we are in a major road cross now
: >> for future ? Thats the question !?
: >>
: >> Reference:
: >> https://www.trustedcomputinggroup.org/home
: >>
: >> regards
: >> plun
: >>
: >> on 2006-01-13, Vanguard supposed :
: >>> While not anywhere near as nasty as rootkits or using kernel-mode
drivers
: >>> to hide from APIs, I'd still like to know when Microsoft will begin
: >>> including user-friendly tools in the install of Windows (rather than
make
: >>> the user hunt for the tools) that will expose, list, and detail the
: >>> content of alternate data streams for files. Yes, there are 3rd
party
: >>> tools that will expose them but ADS has been around as long as NTFS
: >>> because ADS is a feature of NTFS. When I last asked almost 60
programmers
: >>> and QA testers who consider themselves knowledgeable about Windows,
the
: >>> number of expert users that even heard of ADS could be counted with
the
: >>> free fingers on one hand while clenching a beer.
: >>>
: >>> So many users haven't a clue what are cookies and they go screaming
: >>> "Cookies, Cookies" without a clue as to what they are, that something
ELSE
: >>> has to create and use them, the browser can be configured to control
them,
: >>> and that there are plenty of utilities around to manage them. Then
came
: >>> .sol files for Flash player that were supposedly evil despite the
ability
: >>> to configure them so they don't get created. Yet these are docile
files
: >>> that something else has to create and use. Yet there's no noise
about ADS
: >>> and what can be hidden in there. It wasn't until Ad-Aware SE added
: >>> detection of ADS that then some other utilities started including its
: >>> detection, and most anti-virus programs never bother to look there and
rely
: >>> almost entirely on their on-access scanner (because their on-demand
: >>> scanner doesn't look in the ADS of files) to catch the content of ADS
when
: >>> it gets read or loaded into memory to then see if it is bad.
: >>>
: >>> Kaspersky's anti-virus product stores data in the ADS so it can
determine
: >>> if the file has changed and, if not, it doesn't need to rescan that
file
: >>> which is how they hid that their scanner is a bit slow, something akin
to
: >>> web "accelerators" offered by several ISPs that merely don't download
all
: >>> of the content of graphic images so it looks like surfing is faster.
: >>> That's about the only "good" use that I've seen for ADS. Are there
any
: >>> others? And why is ADS still so well hidden from the user simply due
to
: >>> the lack of utilities to expose it, like not even indicating in
Explorer
: >>> that ADS is used on a file, how many alt streams there are, and a
means of
: >>> looking at them? It's not like ADS is something new.
: >>>
: >>> ADS has been part of NTFS as long as NTFS has been around. Like
cookies,
: >>> they don't do anything by themselves. Something else has to read them
or
: >>> load them into memory to execute their content, but with everyone
: >>> screaming that cookies are so evil then why hasn't ADS been addressed?
: >>> Presumably the "something else" gets detected so it can't use or run
the
: >>> content in the alternate stream. The only malicious use that I've
seen so
: >>> far is in consuming disk space without the user having a clue as to
why.
: >>> An innocent looking 4KB .txt file on the hard drive in an NTFS
partition
: >>> could have a 100GB ADS on it. Ad-Aware will alert on the ADS and
TDS-3,
: >>> as I recall, will also alert, and there are 3rd party tools to find
which
: >>> files have alternate data streams, but most users wouldn't even know
that
: >>> they should be looking because Microsoft has done an excellent job of
: >>> hiding when a file has alternate data streams.
: >>>
: >>> Some references:
: >>> http://support.microsoft.com/?id=105763
: >>> http://snipurl.com/7g73
: >>> http://www.ntfs.com/ntfs-multiple.htm
: >>> http://support.microsoft.com/?id=105763
: >>> http://www.windowsecurity.com/articles/Alternate_Data_Streams.html
: >>>
: >>> Utilities to detect ADS:
: >>> http://www.heysoft.de/nt/ntfs-ads.htm
: >>> http://www.crucialsecurity.com/downloads.html (crucialADS utility)
: >>> http://www.sysinternals.com/ntw2k/source/misc.shtml#streams
: >>>
: >>> Even if Microsoft gets around to adding cookie detection for
supposedly
: >>> "bad" domains (yeah, like we need to manage a huge list of bad domains
: >>> rather than add whitelisting for good ones and force all others to be
: >>> per-session cookies by deleting them on exiting IE), I bet they'll
still
: >>> miss the oh-so evil .sol cookie files left behind by Macromedia's
Flash
: >>> player (and, no, those files aren't anymore hazardous than .txt
cookie
: >>> files) despite that the user can configure Flash to not create or
save any
: >>> .sol files (but, like Microsoft, Macromedia didn't make it obvious to
the
: >>> user).
: >>>
: >>> If Microsoft is going to waste their time compiling and maintaining a
huge
: >>> list of "bad" domains so MSAS can detect or block cookies created for
: >>> those domains, why not add detection of .sol cookies and of files
using
: >>> ADS? Exposing the use of ADS would be more important than showing the
user
: >>> that they have .txt (or .sol) files which already can be managed.
: >>
: >>
:
:
 
Hi Ira

The world is not an MSN site in beutiful colours anymore,
this is real fight for a lot of users.

Within these groups they are struggling with updates, scheduling
AM/PM and regserv problem and so on. For nothing for a lot of them !

MSAS beta 1 does not protect a lot of users, this app has severe
problem. Beta 2 must come out. And Beta 2 will also probably be too
weak beacuse of IE6 behavior.

MS is "Sounds of silence" and spread rumours through blogs but the fact
remains.

Thousends of users pays for Spyaxe, Spywarestrike and all clones and
this is a disgrace for MS.

Speak out about PUPs and trojans..........

Bob send a really good URL about what this is about:

http://www.dslreports.com/forum/remark,15194810

"A fraud paradise", trick them and take their money.

IMHO

regards
plun

EOD for me.

PS It is also a technical problem with the NNTP newsfeed but thats
maybe a small challenge ;) Ds




Ira formulated on fredag :
 
plun said:
Hi

Why waste money on that ?

Better to use a chip or we are in a major road cross now
for future ? Thats the question !?
Click to expand...


And, of course, when a "chip" is produced then everything that existed
before that goes poof. What a wonderful concept. You don't even have to
build in obsolescence. Just build something better or to replace it all,
and it all disappears.
 
plun said:
Hi Ira

I´ve seen the same from Vanguard.......... ;)

It must come to a conclusion beacuse this is
a mess.
Click to expand...


Gee, I didn't think it would be over everyone's head here. All these users
screaming about cookies but don't bother with more subtle ways to screw over
a host.
 
Hi Vanguard

Well, I am screaming about Trojans and PUPs.........

A neighbour to me paid for this shit som now
I am really angry.

Really sad situation but maybe the bad guys
has the right to trick "a little home user".

I really hope that someone respected citizen higher up
pays for this shit and understands that
someone fraud him.

And of course cookie, the text file isn´t dangerous, but
they are used to track also infested users.

regards
plun

Vanguard explained on 2006-01-13 :
 
It happens that Vanguard formulated :
And, of course, when a "chip" is produced then everything that existed before
that goes poof. What a wonderful concept. You don't even have to build in
obsolescence. Just build something better or to replace it all, and it all
disappears.
Click to expand...

Hi Vanguard

Maybe it´s time to start a debate over this chip including users.

Not only included mega companys/members within this group.

I can see a situation that maybe this chip can be placed within
a USB key and also used with older OS.

Mark at Sysinternals writes about "The Antispyware Conspiracy"
so maybe this is a road cross for future.......and something important
to discuss.

regards
plun
 
Mike Williams said:
Well for the vast majority of users, who can barely tell the difference
between a PC, Windows and Office, that would be as useful as making
brain-surgery kits available in supermarkets.
Click to expand...

As opposed to giving them a file defragmenter, a backup program, telnet.exe,
all the configuration options for TCP, and so on which, according to you,
users should not bother educating themselves and will always remain beyond
their capacity to understand. They don't know because it isn't explained to
them. They don't know because it isn't exposed using the intrinsic tools
provided with the operating system. It's real easy to keep users stupid
about a thing if you don't tell them about a thing. Yeah, let's not tell
the customer that the feet are adjustable on the washing machine and instead
require a 3rd party to come it do that for you. God forbid you get out a
crescent wrench and adjust the height of the feet.
The Microsoft/industry effort needs to go into making the benefits of any
protection technology work for these people without exposing them to the
inner workings. And then it's a good thing for third-party companies to
make geek-level tools.
Click to expand...

Yes, right, like closed operating systems are really highly desirable.
Those make for disposable systems because the user has no way to fix or
adapt it. Hide everything so users can't fix anything, uh huh. It is
supposed to be a *general-purpose* operating system. So while *NIX users
have been traditionally forced to be smarter, let's not do that with Windows
and instead breed a community of fat, lazy, and highly stupid users.
Somehow I wonder if you're not involved in computer repair maintenance and
are attempting to protect your market.
 
plun said:
Hi Vanguard

Well, I am screaming about Trojans and PUPs.........

A neighbour to me paid for this shit som now
I am really angry.
Click to expand...

Your neighbor *paid* for MSAS? Paid who? If your neighbor bought it from
Giant, how is that Microsoft's fault for crappy code written by Giant? You
would have preferred that Microsoft yank the product off the shelf, made it
completely unreachable, until someday 2 years later when they finally got
around to fixing all of Giant's screwups? You are bitching at Microsoft
about *users* that choose to use B-E-T-A software? Why is your neighbor's
stupidity in his behavior that gets him infected your problem? Even if you
were unpaid and helping a friend, you do get to choose whether to waste your
time helping him out.

From what alerts that I've heard regarding PUPs (*probably* unwanted
programs), often those were programs that the user chose to install, like
Foundstone's Attacker used to scan ports. On the 50+ hosts where I tried
MSAS, the PUPs were something we installed and wanted installed. Yeah, they
might be programs that the average user doesn't know how to use, but that
would also apply to MSAS or any anti-malware product that attempts to
cleanup the host, along with all those registry cleaners out there.
Really sad situation but maybe the bad guys
has the right to trick "a little home user".
Click to expand...

Well, then that would apply to EVERY anti-malware product out there. Not
one finds it all. That's why overlap for on-demand scanning is mandatory.
I really hope that someone respected citizen higher up
pays for this shit and understands that
someone fraud him.
Click to expand...

Pretty hard to sue a company (Giant) that doesn't own the product anymore.
Does Giant even exist anymore? And don't give me "Microsoft bought it so
now it's their fault" crap. When you buy a used car, do you really think
you are responsible for the death of a child from the prior owner
deliberately running the kid over? I was surprised that Microsoft wanted
the lemon. I trialed it when Giant was proliferating the product and was
not impressed. I'm still not impressed. I only installed it and then
neutered it to only use it as an on-demand scanner, just like how I use
Ad-Aware, Spybot, ewido, a-squared, and other anti-malware products. MSAS
has not and is not potent enough to be your only shield.
And of course cookie, the text file isn´t dangerous, but
they are used to track also infested users.
Click to expand...

But why waste the time to plug the little holes when you have torrents
rushing through gaping holes? There are more important problems and
weaknesses to fix than cookies. It seems stupid to waste any time creating
code to manage cookies along with having to compile and maintain a huge list
of ever-changing "bad" domains when there are so many tools already
available, including configuration options.
 
Hi

He paid for a useless spyware scanner, I don´t
know exact which rouge app it was.

But everyone have fun to him in my neighbourhood.


Nevertheless I am going to build my own "PUP" scanner and maybe
detect Alexa as a serious threat.

Then sell it for $10 ........ ;)

Really nice distribution system with a OS called Windows, also
a system warning and a prompt for paying to remove this Alexa threat.
Only to use some trojan.downloaders and distribute.

I take VISA and Mastercard of course without secure payment and
"skinning" is also included for cardnumber distribution
to other "bad guys".

Maybe I also can make some money to sell Noadfears URL for Smitrem.exe
removals to some users.

Big money and a easy earnings...... nice place Internet.


best regards
plun






Vanguard formulated on fredag :
 
Hi Plun,
Best LOL I have had in a while.
Ira


: Hi
:
: He paid for a useless spyware scanner, I don´t
: know exact which rouge app it was.
:
: But everyone have fun to him in my neighbourhood.
:
:
: Nevertheless I am going to build my own "PUP" scanner and maybe
: detect Alexa as a serious threat.
:
: Then sell it for $10 ........ ;)
:
: Really nice distribution system with a OS called Windows, also
: a system warning and a prompt for paying to remove this Alexa threat.
: Only to use some trojan.downloaders and distribute.
:
: I take VISA and Mastercard of course without secure payment and
: "skinning" is also included for cardnumber distribution
: to other "bad guys".
:
: Maybe I also can make some money to sell Noadfears URL for Smitrem.exe
: removals to some users.
:
: Big money and a easy earnings...... nice place Internet.
:
:
: best regards
: plun
:
:
:
:
:
:
: Vanguard formulated on fredag :
: > : >> Hi Vanguard
: >>
: >> Well, I am screaming about Trojans and PUPs.........
: >>
: >> A neighbour to me paid for this shit som now
: >> I am really angry.
: >
: > Your neighbor *paid* for MSAS? Paid who? If your neighbor bought it
from
: > Giant, how is that Microsoft's fault for crappy code written by Giant?
You
: > would have preferred that Microsoft yank the product off the shelf, made
it
: > completely unreachable, until someday 2 years later when they finally
got
: > around to fixing all of Giant's screwups? You are bitching at Microsoft
: > about *users* that choose to use B-E-T-A software? Why is your
neighbor's
: > stupidity in his behavior that gets him infected your problem? Even if
you
: > were unpaid and helping a friend, you do get to choose whether to waste
your
: > time helping him out.
: >
: > From what alerts that I've heard regarding PUPs (*probably* unwanted
: > programs), often those were programs that the user chose to install,
like
: > Foundstone's Attacker used to scan ports. On the 50+ hosts where I
tried
: > MSAS, the PUPs were something we installed and wanted installed. Yeah,
they
: > might be programs that the average user doesn't know how to use, but
that
: > would also apply to MSAS or any anti-malware product that attempts to
cleanup
: > the host, along with all those registry cleaners out there.
: >
: >> Really sad situation but maybe the bad guys
: >> has the right to trick "a little home user".
: >
: > Well, then that would apply to EVERY anti-malware product out there.
Not one
: > finds it all. That's why overlap for on-demand scanning is mandatory.
: >
: >> I really hope that someone respected citizen higher up
: >> pays for this shit and understands that
: >> someone fraud him.
: >
: > Pretty hard to sue a company (Giant) that doesn't own the product
anymore.
: > Does Giant even exist anymore? And don't give me "Microsoft bought it
so now
: > it's their fault" crap. When you buy a used car, do you really think
you are
: > responsible for the death of a child from the prior owner deliberately
: > running the kid over? I was surprised that Microsoft wanted the lemon.
I
: > trialed it when Giant was proliferating the product and was not
impressed.
: > I'm still not impressed. I only installed it and then neutered it to
only
: > use it as an on-demand scanner, just like how I use Ad-Aware, Spybot,
ewido,
: > a-squared, and other anti-malware products. MSAS has not and is not
potent
: > enough to be your only shield.
: >
: >> And of course cookie, the text file isn´t dangerous, but
: >> they are used to track also infested users.
: >
: > But why waste the time to plug the little holes when you have torrents
: > rushing through gaping holes? There are more important problems and
: > weaknesses to fix than cookies. It seems stupid to waste any time
creating
: > code to manage cookies along with having to compile and maintain a huge
list
: > of ever-changing "bad" domains when there are so many tools already
: > available, including configuration options.
: >
: >>
: >> regards
: >> plun
: >>
: >> Vanguard explained on 2006-01-13 :
: >>> : >>>> Hi Ira
: >>>>
: >>>> I´ve seen the same from Vanguard.......... ;)
: >>>>
: >>>> It must come to a conclusion beacuse this is
: >>>> a mess.
: >>>
: >>>
: >>> Gee, I didn't think it would be over everyone's head here. All these
: >>> users screaming about cookies but don't bother with more subtle ways
to
: >>> screw over a host.
:
:
 
Vanguard said:
As opposed to giving them a file defragmenter, a backup program,
telnet.exe, all the configuration options for TCP, and so on which,
according to you, users should not bother educating themselves and will
always remain beyond their capacity to understand. They don't know
because it isn't explained to them. They don't know because it isn't
exposed using the intrinsic tools provided with the operating system.
Click to expand...

And most would not be interested if you attempted to explain any of
these things. Most people have no idea what goes under the lid of their
sink, the plumbing of their house or a thousand other more practical things.

It's real easy to keep users stupid about a thing if you don't tell them
about a thing. Yeah, let's not tell the customer that the feet are
adjustable on the washing machine and instead require a 3rd party to
come it do that for you. God forbid you get out a crescent wrench and
adjust the height of the feet.
Click to expand...

So I don't think that any of these people are likely to be receptive to
a lecture on ADS.

Yes, right, like closed operating systems are really highly desirable.
Click to expand...


Hey, you're the one asking if Microsoft is going to do this....
Those make for disposable systems because the user has no way to fix or
adapt it. Hide everything so users can't fix anything, uh huh. It is
supposed to be a *general-purpose* operating system. So while *NIX
users have been traditionally forced to be smarter, let's not do that
with Windows and instead breed a community of fat, lazy, and highly
stupid users. Somehow I wonder if you're not involved in computer repair
maintenance and are attempting to protect your market.
Click to expand...
Then you may be in the paranoi industry.
 
plun said:
Hi

He paid for a useless spyware scanner, I don´t
know exact which rouge app it was.

But everyone have fun to him in my neighbourhood.


Nevertheless I am going to build my own "PUP" scanner and maybe
detect Alexa as a serious threat.
Click to expand...

:-)) Ha hah hah. That was a good one. Yeah, Alexa
(http://www.spywareguide.com/product_show.php?id=418), soooo dangerous.
Then came the Google Toolbar with its "advanced" options to know how often a
site is visited and find related sites because the links go through their
server to record to where you navigate. Disabling the advanced options gets
rid of those redirected links. Don't remember MSAS ever alerting on the
Google Toolbar.
 
plun said:
Hi again

Also a serious answer !

Read Marks blog:

http://www.sysinternals.com/Blog/

Also watch the video:

http://www.sysinternals.com/blog/images/spyware-infestation.wmv

This is insane...........
Click to expand...


Yeah, but why single out just bogus anti-malware products? How about:

- Registry defragmenters despite the fact that the registry gets copied into
memory and used from there.
- Anti-virus scanners that have always been as effective a wet paper towel
in holding back a linebacker.
- TCP tweaking tools that do nothing to speed up the Internet connection.
- Duping users into thinking that "web accelerators" (that simply don't
download all of the content of graphics) are somehow really increasing the
real bandwidth.
- Conning users into thinking that a Blocked Senders list of e-mail
addresses really deters spam as though spammers would really use their own
valid e-mail addresses and use the same one each time they spew.
- Memory managers that push processes into much slower virtual memory so the
user feels cozy that they lots of "free" memory available which really means
that they waste their memory.
- Misleading consumers into thinking that a consumer-grade UPS protects
against surges.
- Stiff twisted braided cable with steel balls on each end that is worn
around the wrist and is supposed to cure everything that ails the wearer.
- Ron Propiel's spray on hair. Guess that wrist "healer" doesn't cover
balding.

Okay the last two don't fit in a computer list but, hey, there are stupid
consumers buying lots of junk. Computer software has more than its fair
share of snake oil peddlers, and they aren't limited to just anti-malware
products.
 
Vanguard wrote :
Yeah, but why single out just bogus anti-malware products? How about:

- Registry defragmenters despite the fact that the registry gets copied into
memory and used from there.
- Anti-virus scanners that have always been as effective a wet paper towel in
holding back a linebacker.
- TCP tweaking tools that do nothing to speed up the Internet connection.
- Duping users into thinking that "web accelerators" (that simply don't
download all of the content of graphics) are somehow really increasing the
real bandwidth.
- Conning users into thinking that a Blocked Senders list of e-mail addresses
really deters spam as though spammers would really use their own valid e-mail
addresses and use the same one each time they spew.
- Memory managers that push processes into much slower virtual memory so the
user feels cozy that they lots of "free" memory available which really means
that they waste their memory.
- Misleading consumers into thinking that a consumer-grade UPS protects
against surges.
- Stiff twisted braided cable with steel balls on each end that is worn
around the wrist and is supposed to cure everything that ails the wearer.
- Ron Propiel's spray on hair. Guess that wrist "healer" doesn't cover
balding.

Okay the last two don't fit in a computer list but, hey, there are stupid
consumers buying lots of junk. Computer software has more than its fair
share of snake oil peddlers, and they aren't limited to just anti-malware
products.
Click to expand...

Hi

Yes, of course and maybe some users deserve to be tricked with all
above.

The major problem now is security applications and frauds from
organised gangs which we have seen with the WMF exploit.

For a newbie/normal user it is so difficult to see frauds, and
IE6 is really helpful to run everything in automagic mode.

And this is dangerous.

The first step is Information, not XBOX360 ads everywhere ;)
Or some other stupid information from MS.

And this information campaign must be worldwide.

Also that MSAS directly detects these probably unwanted programs.
But maybe MS is afraid ........... !? They cannot wait to include
apps within definitions like Spywarestrike.

regards
plun
 
Back
Top