D
Dudley
Here are some test results with screenshots.
The images are 1024x768 for full effect, but are less
than 200kb each in jpeg format.
I took a Win2kPro SP4 machine with IE6. In the interests
of science (heh) I left it woefully unpatched (probably 6
months out of date at least). I did this to guage how
Microsoft AntiSpyware might handle spyware exploiting
[/unpatched/] vulnerabilities in the future.
First I installed HotBar for the hell of it. Then I
installed MSAS, ran a scan, it detected the harmless and
harmful parts of HotBar. Fair enough.
Then I went to a crack site, and tried to download a
crack for an application. I clicked "Yes" to the first
ActiveX popup that appeared, and the fun began. MSAS
warned me of *5 attempts* to install some sort of agent,
as well as a browser home page hijack. I
selected "Block" to all of them.
Then I ran a Quick Scan with MSAS. It found [*17*]
spyware items (remember 2 of them are HotBar). So of the
5 things I was warned about, it either stopped none of
them and allowed another 10 in, or it stopped those 5 and
allowed 15 others in. Also my homepage had changed, so
the hijack protection failed.
Screenshots:
http://img7.exs.cx/img7/4871/msas19ib.jpg
http://img77.exs.cx/img77/2208/msas21jz.jpg
Some good ones in there. I performed the recommended
action on all of them; "Ignore" for the low threat HotBar
item, "Remove" for the nasties. MSAS did its thing and
subsequent Quick Scans detect nothing but the ignored
item. Amusingly, MSAS warned me that my home page was
being changed... back to the original URL by MSAS. In
other words, it warned me about one of its own actions.
I then installed Spybot with the latest sigs and did a
scan.
Screenshot:
http://img31.exs.cx/img31/531/spybot6az.jpg
Spybot says there are still *18 problems*.
I guess its still a beta, but it failed to both stop and
remove some really common, nasty spyware.
The images are 1024x768 for full effect, but are less
than 200kb each in jpeg format.
I took a Win2kPro SP4 machine with IE6. In the interests
of science (heh) I left it woefully unpatched (probably 6
months out of date at least). I did this to guage how
Microsoft AntiSpyware might handle spyware exploiting
[/unpatched/] vulnerabilities in the future.
First I installed HotBar for the hell of it. Then I
installed MSAS, ran a scan, it detected the harmless and
harmful parts of HotBar. Fair enough.
Then I went to a crack site, and tried to download a
crack for an application. I clicked "Yes" to the first
ActiveX popup that appeared, and the fun began. MSAS
warned me of *5 attempts* to install some sort of agent,
as well as a browser home page hijack. I
selected "Block" to all of them.
Then I ran a Quick Scan with MSAS. It found [*17*]
spyware items (remember 2 of them are HotBar). So of the
5 things I was warned about, it either stopped none of
them and allowed another 10 in, or it stopped those 5 and
allowed 15 others in. Also my homepage had changed, so
the hijack protection failed.
Screenshots:
http://img7.exs.cx/img7/4871/msas19ib.jpg
http://img77.exs.cx/img77/2208/msas21jz.jpg
Some good ones in there. I performed the recommended
action on all of them; "Ignore" for the low threat HotBar
item, "Remove" for the nasties. MSAS did its thing and
subsequent Quick Scans detect nothing but the ignored
item. Amusingly, MSAS warned me that my home page was
being changed... back to the original URL by MSAS. In
other words, it warned me about one of its own actions.
I then installed Spybot with the latest sigs and did a
scan.
Screenshot:
http://img31.exs.cx/img31/531/spybot6az.jpg
Spybot says there are still *18 problems*.
I guess its still a beta, but it failed to both stop and
remove some really common, nasty spyware.