Re: Microsoft AntiSpyware - First Impressions

["KF (lists)" <kf_lists () digitalmunition com>]

Do a software update check with this thing and you get 
GIANTAntiSpywareMain.exe  listening on port 2571 until the software is 
closed. Feel free to beat on and fuzz that port fellas. =]
-KF

KF (lists) wrote:

> I love how the icon for this product is a big Target. Very 
> appropreate. Anyone wanna takes bets on how long it takes for someone 
> to find a hole in the Spynet p2p functions of this beast, what port is 
> that listening on again?
> *grin*
> -KF
>
> James Patterson Wicks wrote:
>
> > We knew that Microsoft was going to put out an anti-spyware product 
> > after they bought Giant in December, but I did not figure they could 
> > re-brand Giant’s software in under a month. Their first shot at 
> > anti-spyware came out today – Microsoft AntiSpyware (Beta). I 
> > installed it on a test machine that I have in the office. Just to be 
> > safe, I ran a full Spybot S&D scan and then uninstalled the resident 
> > TEA program since Microsoft AntiSpyware will install an agent if you 
> > so wish. The only part of the installation that was strange was the 
> > “recommended” option of joining the “Spynet AntiSpyware Community” 
> > their ‘Spyware Neighborhood Watch’ that connects you to other 
> > computers running the Microsoft AntiSpyware software. Don’t know how 
> > many people will choose that option, but to me it does not make sense 
> > to connect to a peer-to-peer network of infected computers, encrypted 
> > traffic or not.
> >
> > I ran a full system scan and to my surprise, the software found some 
> > old Timbuktu and Dameware DLL’s that I thought were uninstalled a 
> > year ago. Were the files harmful? The tool stated that the Dameware 
> > files were low risk, but the Timbuktu files were high risk. The tool 
> > also found “iLookup.GlobalWebSearch Browser Hijacker”, “StartNow 
> > Hyperbar Toolbar” and a bunch of “MiniBug” instances. I was somewhat 
> > surprised since my machine was “clean” already. I then set up two lab 
> > desktops and applied the same clean image on both of them (no 
> > anti-virus or firewall installed). I then used IE to surf to the 
> > first ten sites Google brought up when searching for “online 
> > gambling” sites. I then ran full system scans using Microsoft 
> > AntiSpyware on one desktop and Spybot S&D on the other machine. 
> > Spybot found 65 objects, the Microsoft tool found 92 objects. The 
> > results were similar except that the Microsoft tool found a few more 
> > cookies, a bunch of minibugs and something called “SearchSquire.”
> >
> > While this was just a quick test to satisfy my curiosity about the 
> > Microsoft tool, my initial feeling is that the Microsoft AntiSpyware 
> > is worth a test deployment in the office. This beta expires in July. 
> > Hopefully the final version will be free and allow for centralized 
> > domain management. It’s the least that Microsoft can do.
> >
> > Pat Wicks
> >
> > Systems and Network Engineer

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html