The value of MSAS (IMHO)

  • Thread starter Thread starter Walterius
  • Start date Start date
W

Walterius

I find it far more useful at blocking stuff (e.g. attempt to install a BHO
w/o my knowledge) than at spotting stuff (e.g. existing spyware). Since it
is from MSFT, it also seems good at defense against MSFT problems, such as
when I first ran it, it offered to turn off Win2000 Messenger.

What do others think/feel about the idea that it is a better (useful)
blocker and a poor detector?
 
The detection is above average, except if you are looking
at tracking cookies which MSAS doesn't currently deal
with. The thing is with tracking ccokies, they can be
managed to a fairly high degree by blocking third-party
cookies. Therefore, running a scan to detect these
cookies is usually pointless unless you have allowed them
and want to get rid of them. Even then, all you have to
do is go to c:\documents and
settings\place_user_name_here\cookies and delete the
cookies you want to have removed from your system.

What you have to remember is that people are always
writing new variants of existing spyware/malware and the
antispyware developers are almost always playing catch-up
to try to detect and remove the new variants. This
causes many users to feel that the product isn't
effective, yet if they try almost any other product they
will find that the others are having the same problems.

I feel that many people are frustrated with MSAS because
they can't remove certain spyware. The main reason for
this is that spyware writers are now frequently using
registered components to prevent the total removal of the
spyware unless that component is unregistered. And many
times the spyware is loaded in conjuntion with a Trojan
that downloads new spyware and keeps redownloading
spyware that has been removed from the system. Since
antispyware products are not meant to deal with Trojans,
then problems abound. This means that it is very
important to have a few good antispyware apps, a very
good AV app, AND a properly configured firewall at the
very minimum. For any one running broadband I suggest
buying a router that has a hardware firewall, which will
make it hard for anyone to hack your system and also help
prevent packets of data that you didn't request from
getting onto your system. As for my system, I have a
router connected between my cable modem and my PC,
ZoneAlarm Pro, McAfee VirusScan Online, ewido, Ad-Aware,
Spybot, and MSAS all protecting my system. NOTE: Turn
real-time protection on in only one antispyware app, and
most reviewers will tell you that MSAS has the best
protection out there. Also people running XP need to
check their prefetch folder (c:\windows\prefetch) and
delete all the files there if they become infected since
fragments of code left there by the spyware/Trojan can
cause the system to get "reinfected" when the app that
the code is linked to is launched.

Even Ad-Aware and Spybot have problems removing many
toolbars since they have registered components that must
be unregistered before they can be removed.

This means that some manual work is now required to
properly remove many spyware products these days.
Hopefully things will change in the near future, but
don't count on it. This is not only because of the
sophistication of the spyware products out there, but
also because many times they become intertwined with
system files and removing them can cause one to lose data
(let's hope this doesn't happen).

If you run almost any uninstaller for a fairly large app
you will see that it is removing registered components.
The same must be done when trying to remove many newer
spyware products.

Alan
 
Hi

MSAS is a really good real time protection application,
scanning OK.

Users must learn RTP instead of scanning their PC to death.

And of course this is a combination with a good AV, a real firewall
with both inbound and outbound control, NOT SP2 firewall.

Most important is nevertheless to NOT install anything without
references, "Click Here-For Free", "Your PC is in danger"-"Click Here"
, New fantastic toolbar-For Free-Click here, Basic to prevent spyware
!!!

And the combination, CCleaner-Lavasoft Adaware-MSAS cleans a majority
of PCs, for emergency cleanings then also Ewido.

But this is just a theatre beacuse MS probably puts all money on
the new securitychip for Vista and a upgrade version with a USB
security chip and also blows away all competition. MSAS and One Care
are both emergency apps until we have security chips within all PCs.

https://www.trustedcomputinggroup.org/home

George Orwell scenario ! I hope I´m wrong ;)
 
Plun said:
... until we have security chips within all PCs.
Click to expand...

Never happen. In my time as a PC consultant, I met people who were still
running Windows 95, 98x, 3.x, and DOS. They have no intention of upgrading
either their computers or their beloved business software.
 
Walterius wrote :
Never happen. In my time as a PC consultant, I met people who were still
running Windows 95, 98x, 3.x, and DOS. They have no intention of upgrading
either their computers or their beloved business software.
Click to expand...

Hi Walterius

With these members, all of them "Giants", probably nothing
can stop this chip........... ;( OS, software, hardware, cellphones,
operators, media

https://www.trustedcomputinggroup.org/about/members/

You can sit there with your "shit" they probably will say/mean but
perhaps in a more polite way and with offers the majority of users
cannot reject ;) and maybe also to use a USB security chip for
users without built in motherboard chip and a Vista light version.

But this is a "fog" right now and MS tells nothing how they exactly
will
use this chip within Vista.

This article is interresting:

"That sounds good, but what does "security" mean in that context?
Security of the user against malicious code? Security of big media
against people copying music and videos? Security of software vendors
against competition? The big problem with TCG technology is that it can
be used to further all three of these "security" goals, and this
document is where "security" should be better defined."

http://news.zdnet.com/2100-1009_22-5844520.html
 
Plun,

Which firewall do you recommend. I assume that after
downloading it one would disable the SP2 firewall. Is that
correct?

CL
 
I have the Trend Micro firewall but also what I think is the best
firewall---Kerio. You can try it for free for 30 days aand the nit cuts off
some of the advanced features.
Ira
: Hi
:
: I have Trend Micros PC-Cillin, built in firewall installed on my PC.
: Also using Zone Alarm Free on others.
:
: Zone Alarm or Sygate are two good free choises.
:
:
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?dc=12bms&ctry=&lang=sv
:
: http://smb.sygate.com/products/spf_standard.htm
:
: --
: plun
:
:
: CL wrote:
: > Plun,
: >
: > Which firewall do you recommend. I assume that after
: > downloading it one would disable the SP2 firewall. Is that
: > correct?
: >
: > CL
: >
: >
: >> -----Original Message-----
: >> Hi
: >>
: >> MSAS is a really good real time protection application,
: >> scanning OK.
: >>
: >> Users must learn RTP instead of scanning their PC to death.
: >>
: >> And of course this is a combination with a good AV, a real firewall
: >> with both inbound and outbound control, NOT SP2 firewall.
: >>
: >> Most important is nevertheless to NOT install anything without
: >> references, "Click Here-For Free", "Your PC is in danger"-"Click Here"
: >> , New fantastic toolbar-For Free-Click here, Basic to prevent spyware
: >> !!!
: >>
: >> And the combination, CCleaner-Lavasoft Adaware-MSAS cleans a majority
: >> of PCs, for emergency cleanings then also Ewido.
: >>
: >> But this is just a theatre beacuse MS probably puts all money on
: >> the new securitychip for Vista and a upgrade version with a USB
: >> security chip and also blows away all competition. MSAS and One Care
: >> are both emergency apps until we have security chips within all PCs.
: >>
: >> https://www.trustedcomputinggroup.org/home
: >>
: >> George Orwell scenario ! I hope I´m wrong ;)
: >>
: >> --
: >> plun
: >>
: >>
: >> Walterius pretended :
: >>> I find it far more useful at blocking stuff (e.g. attempt to install a
BHO
: >>> w/o my knowledge) than at spotting stuff (e.g. existing spyware).
Since it
: >>> is from MSFT, it also seems good at defense against MSFT problems,
such as
: >>> when I first ran it, it offered to turn off Win2000 Messenger.
: >>>
: >>> What do others think/feel about the idea that it is a better (useful)
: >>> blocker and a poor detector?
: >>
: >>
: >> .
:
:
 
Hi

Kerio is knocked out , One Care ?

"Kerio ServerFirewall will be discontinued as of September 30, 2005.
Technical support and security updates will be provided to all
customers with valid or expired licenses until September 30, 2006."

http://www.kerio.com/ksf_home.html
 
The way I would state it is that the blocking features are more important
than the detection and cleaning features. However, I also think that the
detection and cleaning are going to be among the best in the industry by the
time the beta is completed.
 
Hmm - I think there is some public information about how this chip will be
used within Vista. Google on "TPM vista Microsoft"

This result in particular looks pretty good to me:

http://www.activewin.com/winvista/thestateofvista.shtml

There are a lot of details here, but one thing to be aware of is that there
are going to be a number of skus or versions of Vista, and there will be
enterprise features that won't be in the Home versions, for example. I
doubt that anything related to TPM will be in the versions designed for sale
to individuals, although there will be an "everything and the kitchen sink"
version that power users will go for, I suspect.

--
 
Hi Bill

Well......... :) Of course I have Googled a lot about this.

Nothing about this from MS ? Until then I will use this article
http://news.zdnet.com/2100-1009_22-5844520.html

MS only talks user security "mantras" about this and nothing more.

It was also announced within Trustedcomputinggroup website that
TPM was going to be used within Vista but that news was rapidly
removed ;) (2 weeks ago)

And this must be a perfect plan to maintain security, remove p2p and
also remove competition. MS will then drag this master plan with Vista.
Every director/shareholder for these companys must be delighted if this
succeed.

Thats it ! I hope I´m wrong !

Story about this:
I have a cellphone with a 512 MB memory card, this is also perfect for
a PC and Windows XP, within this phone I cannot remember that I have
ever bought any mp3 beacuse the media maffia takes out too much for a
mp3 file. I can see signs now that this changes with lower prices.
They cut in all local country organisations and starts worldwide
centers for downloading music or media with lower prices.

Nevertheless with this Media Center revolution of course this business
will use a TPM chip ! Then some director in Hollywood can by 3
airjets, 4 houses and 10 cars and be happy.

NHL icehockey understood this problem last year and now we have another
situation with lower costs and in the end lower ticket prices.

IMHO again.
 
I picked that reference because the graphics appeared very much like some
that I saw last week. I don't know when the precise details of the various
Vista versions and their feature sets will become public, but I don't
believe Microsoft is going to pitch TPM to consumers, or to anyone marketing
to consumers. If I wanted to be sure about this, I'd keep an eye on stuff
from this guy:

http://www.zachd.com/ I'm not sure if Media Player is still what he does,
but the question you are asking is something he'd know about, and he's
pretty candid, as I recall. That said, nobody at Microsoft who values their
job is going to talk about future plans unless that information is already
public. The stuff at Channel 9 is also a good source of info on what is
happening in Vista:

http://channel9.msdn.com/



--
 
Back
Top