spyware with rootkit features?

[Guest]

spyware like Cool Web Search have rootkit-like features
as i read an article on this site
http://www.eweek.com/article2/0,1759,1829744,00.asp. Will
Micrsoft able to remove spyware that have rootkit-like
featues?

 

[Ron Chamberlin]

More often now we see 'blended threats' which combine all sorts of junk when
they get into a machine.
Rootkits are gaining in popularity, and prescriptive guidance is available
at http://www.microsoft.com/athome/security/default.mspx

As usual a good, upto date current AV product, firewall, and installing the
latest Microsoft updates will help keep your head above water.

Ron Chamberlin
MS-MVP

 

[Bill Sanderson]

Microsoft antispyware is already able to remove spyware with rootkit-like
features:

http://support.microsoft.com/?id=894278

 

[Steve Winograd [MVP]]

Microsoft antispyware is already able to remove spyware with rootkit-like
features:

http://support.microsoft.com/?id=894278

The spyware files mentioned in that article simply have the hidden and
system attributes set. You can view, rename, and delete them using
normal Windows commands and tools.

That's quite different than the rootkits that I've seen, where
malicious files are invisible to the Windows APIs and can't be viewed,
renamed, or deleted using normal Windows commands and tools.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Bill Sanderson]

I took part in an online conversation today in which this article was again
cited by very knowledgable Microsoft staff as an example of spyware with
rootkit characteristics. They also talked about the current state of the
art in such things, which are quite different, as you've observed.

I should have asked questions with regards to the projected capabilities of
Microsoft Antispyware as a product, but I believe that spyware with rootkit
characteristics are clearly within the range of bugs targetted.

The Malicious Software Removal tool also targets certain rootkit variants,
and I would expect it to continue to do so.

I guess one question I have which it'd be nice to resolve is this: There's
likely to be a line drawn at some point between viruses and spyware. Each
vendor is drawing that line slightly differently today, I think, and I'm
unclear how Microsoft is drawing it, since they have no product in the
antivirus field.

That is scheduled to change before the end of the year, and the antivirus
tool won't be free. So the line between what can be detected/removed by the
free capabilities of Microsoft Antispyware, and what needs an antivirus tool
to remove--from whatever vendor--will become a little more significant. I'm
not sure I even know how to frame the question in order to feel like a
response is clear enough for the average person to understand.