Microsoft Anti-Spyware Beta
There's an internal beta of a Microsoft tool for spyware detection/removal being tested, and the plan is to release something to the public very soon. A public beta in January has been mentioned.
By the looks of it, the software (code-named Atlanta) is basically a re-branded version of an anti-spyware product from Giant Company Software, acquired by Microsoft late last year. This was the scan result after running the application (a time-limited version, Microsoft "hasn't yet decided on licensing and pricing") on my Windows computer:
The "threat level" is a bit exaggerated; those browser hijackers are remnants from software I have disabled manually, and the remote control is Ultr@VNC which I have installed and use occasionally. TinyBar was nevertheless a good catch, tinybar.exe shouldn't be there and the file wasn't detected by Ad-Aware. The Grokster entry is a false positive: I don't use Grokster (which appears to be some kind of P2P program) and the registry entries detected are harmless.
Microsoft releasing an anti-spyware tool is... interesting. They have been harshly criticized, and rightly so, for not doing enough to prevent the spread of malicious software. It looks like they are trying to do something, but so far it has almost exclusively been about treating the symptoms (e.g. the software firewall in XP and security settings that are restrictive but virtually unusable). This is yet another example.
Anti-spyware tools are the epitome of post-exploit recovery. You use them in an attempt to repair your system when it's too late – after being tricked into running hostile code. In general it's extremely difficult (maybe impossible) to identify software designed to be deceptive, so such tools have their place. A regular need for them, however, strongly suggests serious problems with the design and use of the systems affected. A good system will help you avoid being tricked a second time.
Unfortunately, the business of repairing damage is much more lucrative than preventing it from happening in the first place.
3 January, 2005
The Physics of Immortality
Feedback
Feedback is closed for this entry.
