Protection On A Schedule??

[Dick]

The Microsoft AntiSpyware product seems to be under development on a
schedule of milestones. I wonder if this reflects the urgency of the need
for its customers to have a comprehensive product that offers a strong level
of protection from the various evils of the Internet. Perhaps a more
frequent development schedule that reflects the need for the product ASAP
would be prudent.

Today the customers of Microsoft must blindly, on faith, spend money to
acquire a variety of protection schemes, some of which are clearly either
bogus, or are security violations themselves. While a VERY small segment of
the customer base will frequent forums such as this, the extreme majority of
the millions of customers are either unprotected, believe they are
protected, or in are fact fully protected. Even the latter group is open to
hard debate.

Microsoft should "improve" the development ot the program. They MUST include
UNBIASED detection of cookies that are suspect. A list of firm functional
objectives should be on their web-site.

Once again most of Microsoft's customers when faced with "what is a cookie"
will say - Oreo. Don't they deserve protection?

Dick

 

[Bill Sanderson]

The beta1 program provides real-time protection which is at least as good as
any other. It has been freely available since early this year, and there's
been considerable publicity about it. It is the most popular download at
Microsoft.com, and at least 18,000,000 installations are in regular use and
pulling in definitions.

I'm impatient about the development schedule, too--but I want to credit them
for getting the protection out there, for free, very quickly.

Microsoft does have KB articles on spyware related issues, which refer to
third-party products which do handle cookies:
http://support.microsoft.com/default.aspx?scid=kb;en-us;827315
http://support.microsoft.com/default.aspx?scid=kb;en-us;898583

 

[Dick]

My point is that there are a variety of malicious elements that can invade a
personal computer which, for some, is used for serious and meaningful
activities. To-date we only know that AntiSpyware detects things that can
log your activities. However, there are even worse chunks of code out there
that will log your keystrokes! With some simple logic the data is filtered
and periodically forwarded to a central data mining computer. Here your
account names and passwords, as well as social security number, drivers
license number, date of birth, and other "interesting" info is sliced and
diced and eventually sold to the highest bidder. Some claim that this is an
urban myth while others offer proof that it is a real activity. I believe
that this is a form of spyware and as such should be detected by MS
AntiSpyware. Detection DOES NOT mean a result of a scan. By that time your
info may be long gone. The AntiSpyware real-time protection should block
these things before they can enter the system. Real-time protection is the
best protection we have and should be expanded to catch as much as possible.

So, Microsoft should not tell customers about other products but incorporate
the needed protections into their product. They should list the objectives
in plain English on the web site telling customers - we are here now. and
here is where we intend to go. AntiSpyware is a great program but the fuzzy
objectives do not reflect a firm stance by Microsoft against various forms
of security threats.

This leaves only one other category - virus detection. I would set that
aside that as something for more distant releases once the spyware stuff is
handled. I have little faith in small companies devoting the extensive
resources needed to keep current on virus signatures. One key person has a
problem with the organization and things can deteriorate quickly while the
customers continue to believe they are protected. Microsoft is the only
company I fully trust to create and maintain security software. I just want
it to be as good, and as comprehensive, as possible.

Dick

 

[Bill Sanderson]

Microsoft antispyware detects keyloggers, and some rootkits. It will, for
example, detect the Sony Digitial Rights Management code included in some
"copy protected" CD's which opens your system to further
vulnerabilities--probably with Thursdays definition update.

There is a spectrum of malware. Microsoft Antispyware is intended to handle
the end of the spectrum that involves privacy issues and unwanted software.
In the middle is an antivirus app--Microsoft has antivirus apps in beta or
soon to be in beta for both home users and business desktops. At the upper
end of the spectrum are worms and rootkits. Microsoft's Malicious Software
Removal tool, which is updated at least monthly, and is cumulative, is
designed to remove this class of threat--and is demonstrably effective.

Both Microsoft Antispyware and the Malicious Software Removal tool are
freely available and very widely adopted--there are over 18,000,000 users of
Microsoft antispyware picking up definitions weekly.

The classes of software targeted for detection and removal by Microsoft
Antispyware are defined in this document:

http://www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx

This probably is not as clear-cut as you might wish. I believe this is
intentional--it helps keep spyware vendors from defining the behavior of
their apps in precise ways that skirt the letter of an overly precise
definition.


There is a very clear document on Microsoft's overall security strategy--let
me see if I can find it:

http://download.microsoft.com/downl...2945e472dda/TechInvestmentHelpCustomersWP.doc

This is a word document that I think provides clarity on much of what you've
discussed here.

--