J
JS
A warning on anything that plants itself to run the next time you boot the
PC AND an option to allow or deny it to run.
JS
PC AND an option to allow or deny it to run.
JS
R
Robin
ty joe 
robin
robin
Joe Faulhaber said:
G
Guest
Dear Joe Faulhaber,
I would like to see in the Grafical User Interface of Windows Defender 2 the
number of spyware definitions, possible grouped, when right clicked, in
categories like spyware, adware, keyloggers, trojans, dialers or rootkits
etceteri.
Further I would like to see the (I mean) 49 ways of stopping spyware before
it installs on the computer like it was in Microsoft AntiSpyware, while now
there are only 9 ways of stopping spyware in Windows Defender 1593.
Kind regards, Michael R. Brans.
I would like to see in the Grafical User Interface of Windows Defender 2 the
number of spyware definitions, possible grouped, when right clicked, in
categories like spyware, adware, keyloggers, trojans, dialers or rootkits
etceteri.
Further I would like to see the (I mean) 49 ways of stopping spyware before
it installs on the computer like it was in Microsoft AntiSpyware, while now
there are only 9 ways of stopping spyware in Windows Defender 1593.
Kind regards, Michael R. Brans.
G
Guest
When Defender detects system changes, for instance in the hosts file, a
taskbar icon pops up with a superimposed question mark. Four clicks are then
needed:
* Click icon, click Open, click Review and Take Action, click Apply Actions.
This is way too clumsy. Two clicks, or preferably one (a pop-up display)
should do it all.
Popups which concerns computer security are not considered offensive.
taskbar icon pops up with a superimposed question mark. Four clicks are then
needed:
* Click icon, click Open, click Review and Take Action, click Apply Actions.
This is way too clumsy. Two clicks, or preferably one (a pop-up display)
should do it all.
Popups which concerns computer security are not considered offensive.
G
Guest
Also I would like that Windows Defender updates on its own apart from Windows
Updates, with no restore point after the update. And Windows Defender must
not hinder to open normal programs like Sonic DigitalMedia 7 Plus.
Updates, with no restore point after the update. And Windows Defender must
not hinder to open normal programs like Sonic DigitalMedia 7 Plus.
G
Guest
Joe,
I would like to schedule Defender to run when the computer is in Standby or
Hybernate without going to Windows Scheduled Tasks to check "Wake computer to
run this task". It took a Defender tech to tell me to do this. It seems to
me most people will run scans during computer down time.
I would like to schedule Defender to run when the computer is in Standby or
Hybernate without going to Windows Scheduled Tasks to check "Wake computer to
run this task". It took a Defender tech to tell me to do this. It seems to
me most people will run scans during computer down time.
J
Joe Faulhaber[MSFT]
Hi Michael,
I'm not clear what UI change you're asking for - do you want detected things
grouped by category? Or on the settings page for default actions?
As for the 49 ways of stopping spyware, there were actually far fewer than
49 working on MSAS, and there's more than 49 in Windows Defender 1593 - some
that are far advanced over MSAS, too, like scanning files and archives that
IE downloads. The UI groups the checkpoints (which group registry keys sets
again) into agents, since it's very hard to explain to everybody what a Gina
DLL does. For example, there's up to 15 run keys and 10 runonce keys being
monitored by Windows Defender. Which all shows with several additional
locations as one of the 9 things you're looking at. But for V2 of
WinDefend, I hope there will be far better protection still.
Regards,
Joe
I'm not clear what UI change you're asking for - do you want detected things
grouped by category? Or on the settings page for default actions?
As for the 49 ways of stopping spyware, there were actually far fewer than
49 working on MSAS, and there's more than 49 in Windows Defender 1593 - some
that are far advanced over MSAS, too, like scanning files and archives that
IE downloads. The UI groups the checkpoints (which group registry keys sets
again) into agents, since it's very hard to explain to everybody what a Gina
DLL does. For example, there's up to 15 run keys and 10 runonce keys being
monitored by Windows Defender. Which all shows with several additional
locations as one of the 9 things you're looking at. But for V2 of
WinDefend, I hope there will be far better protection still.
Regards,
Joe
G
Guest
Dear Joe,
I was meaning to show in Windows Defender the total number of spyware
definitions, in other words, how many spyware Windows Defender can detect, or
the total number of spyware signatures in the database of Windows Defender.
Kind Regards, Michael R. Brans.
I was meaning to show in Windows Defender the total number of spyware
definitions, in other words, how many spyware Windows Defender can detect, or
the total number of spyware signatures in the database of Windows Defender.
Kind Regards, Michael R. Brans.
R
Retired
How about blocking web bugs and other privacy threats:Joe said:
http://news.com.com/How+HP+bugged+e-mail/2100-1029_3-6121048.html
"HP investigators used the services of ReadNotify.com to trace an e-mail
sent to reporter Dawn Kawamoto in an attempt to uncover her source in a
media link, Fred Adler, an HP security employee, said during testimony
before a U.S. House of Representatives subcommittee."
[...]
"ReadNotify offers a range of tracking options. Users can see the IP
addresses of those who opened bugged e-mails or documents, including
details on when the mail or file was opened. The service also shows some
data on the PC and e-mail program. If the mail or file was forwarded, it
shows the same data on that person."
[...]
"ReadNotify uses a combination of up to 36 different simultaneous
tracking techniques," Chris Drake, the company's Sydney, Australia-based
chief technology officer said in an e-mail interview. "One or more of
these usually works in all different e-mail clients and operating
systems, making us the most powerful and reliable tracking service on
the Internet."
P
Paul Baker [MVP, Windows - Networking]
I imagine that the reason HP was able to use ReadNotify.com to bug email was
that they had control over the email systems used by their employees.
I wonder why they didn't just log SMTP and POP3 traffic for those same
systems. Probably because oursourcing development and using ready-made
solutions that are not quite appropriate but work is rampant
Paul
that they had control over the email systems used by their employees.
I wonder why they didn't just log SMTP and POP3 traffic for those same
systems. Probably because oursourcing development and using ready-made
solutions that are not quite appropriate but work is rampant
Paul
Retired said:
R
Retired
Are you saying that ReadNotifiy only works within a corporate
environment? I don't think so! Those bugged emails were forwarded out
of HP and when they were opened by non-employees outside,
"notifications" were sent back to HP. If this isn't spyware, I don't
know what is.
Retired
environment? I don't think so! Those bugged emails were forwarded out
of HP and when they were opened by non-employees outside,
"notifications" were sent back to HP. If this isn't spyware, I don't
know what is.
Retired
P
Paul Baker [MVP, Windows - Networking]
Hi. No, I'm not saying that. Sorry if this was too far off topic. Sure,
anyone could potentially get this spyware through the usual methods of
attack. My point was that it's easy for HP to force their employees to
install it than for some random person to accidentally get infected using
the Internet.
Paul
anyone could potentially get this spyware through the usual methods of
attack. My point was that it's easy for HP to force their employees to
install it than for some random person to accidentally get infected using
the Internet.
Paul
Retired said:Are you saying that ReadNotifiy only works within a corporate environment?
I don't think so! Those bugged emails were forwarded out of HP and when
they were opened by non-employees outside, "notifications" were sent back
to HP. If this isn't spyware, I don't know what is.
Retired
I imagine that the reason HP was able to use ReadNotify.com to bug email
was that they had control over the email systems used by their employees.
I wonder why they didn't just log SMTP and POP3 traffic for those same
systems. Probably because oursourcing development and using ready-made
solutions that are not quite appropriate but work is rampant
Paul
Retired said:
R
Retired
All you have to do is send a bugged email to someone else. You don't
have to force anyone else to install anything. The only real question
is this: Is it spyware?
If you were a journalist who wanted to protect your sources, you would
be looking for some way to block this crap. Is WD 2.0 going to do it?
If not, you would look elsewhere. Simple methods such as a HOSTS file
entry are no longer effective.
Thanks for your replies in any case, Paul.
Retired
have to force anyone else to install anything. The only real question
is this: Is it spyware?
If you were a journalist who wanted to protect your sources, you would
be looking for some way to block this crap. Is WD 2.0 going to do it?
If not, you would look elsewhere. Simple methods such as a HOSTS file
entry are no longer effective.
Thanks for your replies in any case, Paul.
Retired
P
Paul Baker [MVP, Windows - Networking]
I think it's spyware, unless it obtains explicit consent.
What is the method of infection? Are you saying that merely opening an email
gets you infected? How? If so, there is a security flaw somewhere and it is
more important to fix that than it is to have WD 2.0 detect it.
Paul
What is the method of infection? Are you saying that merely opening an email
gets you infected? How? If so, there is a security flaw somewhere and it is
more important to fix that than it is to have WD 2.0 detect it.
Paul
R
Retired
Thanks again, Paul, for the quick reply.
It looks as though opening a bugged email results in a "notification" to
the sender without the recipient's knowledge or consent.
Is this an "infection"? Not sure, since they use "up to 36 different
simultaneous tracking techniques" and I don't know what they all are.
Is it spyware? Yes, I think so.
From the article I posted originally:
http://news.com.com/How+HP+bugged+e-mail/2100-1029_3-6121048.html
-------------------- Quote -------------------------------------
The ReadNotify service appears to use what's known as a Web bug, a
technique also employed by some e-mail marketers. An e-mail or a
document sent through ReadNotify includes hidden links to one or more
files hosted by the service. When the message or the file is opened, the
program retrieves the files and by doing so checks in with ReadNotify.
A typical recipient will not notice this. The e-mail is crafted in HTML,
or Hypertext Markup Language, and the tracer files are not visible. The
actual links that retrieve the files will only show when viewing the
source of the e-mail, for example through a program like Notepad. A
firewall could alert the user of the Web traffic, however.
"ReadNotify uses a combination of up to 36 different simultaneous
tracking techniques," Chris Drake, the company's Sydney, Australia-based
chief technology officer said in an e-mail interview. "One or more of
these usually works in all different e-mail clients and operating
systems, making us the most powerful and reliable tracking service on
the Internet."
In short, ReadNotify uses more technologies than simple Web bugs, Drake
said. "All good e-mail programs have blocked these now and most
anti-spam programs reject them too, so we no longer rely on this
simplistic tracking idea."
----------------------- End Quote -----------------------------
HTH
Retired
It looks as though opening a bugged email results in a "notification" to
the sender without the recipient's knowledge or consent.
Is this an "infection"? Not sure, since they use "up to 36 different
simultaneous tracking techniques" and I don't know what they all are.
Is it spyware? Yes, I think so.
From the article I posted originally:
http://news.com.com/How+HP+bugged+e-mail/2100-1029_3-6121048.html
-------------------- Quote -------------------------------------
The ReadNotify service appears to use what's known as a Web bug, a
technique also employed by some e-mail marketers. An e-mail or a
document sent through ReadNotify includes hidden links to one or more
files hosted by the service. When the message or the file is opened, the
program retrieves the files and by doing so checks in with ReadNotify.
A typical recipient will not notice this. The e-mail is crafted in HTML,
or Hypertext Markup Language, and the tracer files are not visible. The
actual links that retrieve the files will only show when viewing the
source of the e-mail, for example through a program like Notepad. A
firewall could alert the user of the Web traffic, however.
"ReadNotify uses a combination of up to 36 different simultaneous
tracking techniques," Chris Drake, the company's Sydney, Australia-based
chief technology officer said in an e-mail interview. "One or more of
these usually works in all different e-mail clients and operating
systems, making us the most powerful and reliable tracking service on
the Internet."
In short, ReadNotify uses more technologies than simple Web bugs, Drake
said. "All good e-mail programs have blocked these now and most
anti-spam programs reject them too, so we no longer rely on this
simplistic tracking idea."
----------------------- End Quote -----------------------------
HTH
Retired
P
Paul Baker [MVP, Windows - Networking]
Yeah, I read that part of the article, but it didn't get me any closer to
understanding the method of infection.
A "web bug" is kind of meaningless to me.
Paul
understanding the method of infection.
A "web bug" is kind of meaningless to me.
Paul
R
Retired
Perhaps this will help:
http://en.wikipedia.org/wiki/Web_bug
After that, there are the other 35 remaining simultaneous tracking
methods.
Retired
http://en.wikipedia.org/wiki/Web_bug
After that, there are the other 35 remaining simultaneous tracking
methods.
Retired
P
Paul Baker [MVP, Windows - Networking]
Thanks for the enlightenment!
Soon after I sent this message, I realised to some extent what a web bug is
and posted another reply.
This FAQ, liked to from your Wikipedia article, taught me things I didn't
know, though:
http://www.eff.org/Privacy/Marketing/web_bug.html
So, Outlook 2003 is keeping me safe from web bugs using the IMG tag, but it
sounds like it is not keeing me safe from web bugs using certain other tags
like IFRAME. Nice. I was also a little suprised to see the list of well
known companies that employ this dubious technique. If this is true, shame
on Microsoft for on the one hand emphasizing the importance of security
while on the other hand employing web bugs! Shame on the other companies
too, but they don't talk about security as much as Microsoft has been.
The FAQ also expressed the same concern as I did in another post, that it is
difficult to distinguish a web bug from a legitimate HTTP request.
Specifically, it is difficult to *heuristically* know whether the process
that is making the request ought to be and it is virtually impossible to
know what the server is going to do with it. And so, what is the solution?
It's all very well asking that Windows Defender 2.0 detect them, but how?
Does it need to go so far as allowing HTTP requests only for digitally
signed EXEs that are white-listed as legitimate HTTP clients with adequate
web bug protection? Does it need to actually monitor network traffic, not
just WinInet calls? Will any less work?
More can be done in email software to disable them, but this must be done on
a case by case basis.
Paul
Soon after I sent this message, I realised to some extent what a web bug is
and posted another reply.
This FAQ, liked to from your Wikipedia article, taught me things I didn't
know, though:
http://www.eff.org/Privacy/Marketing/web_bug.html
So, Outlook 2003 is keeping me safe from web bugs using the IMG tag, but it
sounds like it is not keeing me safe from web bugs using certain other tags
like IFRAME. Nice. I was also a little suprised to see the list of well
known companies that employ this dubious technique. If this is true, shame
on Microsoft for on the one hand emphasizing the importance of security
while on the other hand employing web bugs! Shame on the other companies
too, but they don't talk about security as much as Microsoft has been.
The FAQ also expressed the same concern as I did in another post, that it is
difficult to distinguish a web bug from a legitimate HTTP request.
Specifically, it is difficult to *heuristically* know whether the process
that is making the request ought to be and it is virtually impossible to
know what the server is going to do with it. And so, what is the solution?
It's all very well asking that Windows Defender 2.0 detect them, but how?
Does it need to go so far as allowing HTTP requests only for digitally
signed EXEs that are white-listed as legitimate HTTP clients with adequate
web bug protection? Does it need to actually monitor network traffic, not
just WinInet calls? Will any less work?
More can be done in email software to disable them, but this must be done on
a case by case basis.
Paul
R
Retired
Nobody said it was going to be easy, Paul! Isn't that why the WD
team gets paid the big bucks?
Retired
Isn't that why the WDteam gets paid the big bucks?
Retired
J
Joe Faulhaber[MSFT]
Got it, Michael.
Thanks for the clarification, it's an interesting idea. I think I would like
it, too.
Regards,
Joe
Thanks for the clarification, it's an interesting idea. I think I would like
it, too.
Regards,
Joe