[guispeak] Re: Install Logs.
- From: "Laura Eaves" <leaves1@xxxxxxxxxxxxxxx>
- To: <guispeak@xxxxxxxxxxxxx>
- Date: Thu, 30 Dec 2004 08:01:24 -0800
Hi again George Z and all --
Actually the following was posted yesterday on the gui-talk list that might
be relevant -- it might be overkill compared to what you were asking for,
but the description is interesting and I think this type of safeguard should
have been put in windows from the ground up, but alas hindsight is always
20/20 -- oh and getting the windows product out the door probably was more
important at the time than such minor issues as security -- oh well, I won't
repeat the long discussions on the other lists I'm on, but here's the
article...
Oh and as a sidelight, someone on another list is checking out the
accessibility of giant anti spyware and will be reporting back at some
point. But by the time longhorn (the next incarnation of windows) comes
out, this functionality will be built into windows.
Meanwhile, I still prefer unix/linux, which has always had good security
from the outset...
Take care and happy new year!
--le
*******
This article is taken from
www.winsupersite.com/reviews/ms_antispyware_preview.asp. -
Steve.
Microsoft Anti-Spyware Preview
On December 17, 2004, Microsoft announced the acquisition of an
anti-spyware company,
surprising many in the industry. The acquisition is notable for two
reasons. First,
Microsoft had already revealed its intention to get into the
anti-spyware market.
Second, the company it purchased, Giant Software Company, was largely
an unknown
in the industry. But in a rare moment of luck, I'd actually been a fan,
customer,
and advocate of Giant AntiSpyware, as their anti-spyware solution is
logically named,
for several months. In fact, I've found it to be far more effective
than the industry
darlings, Ad-aware and Spybot Search & Destroy. And I've been
recommending it to
friends and family ever since.
Super Ad Blocker Removed Image - Click to View
But wait, the luck doesn't end there. While my experience using Giant
Antispyware
gives me a unique perspective of this product, I was also lucky enough
to interview
Giant co-founder Andrew Newman just days before his company was
purchased by Microsoft.
Newman discussed with me Giant's plans for future versions of the
product, including
a centrally-managed enterprise version
that, I suspect, played a large part in Microsoft's interest. Newman
explained
to me why Giant's approach to tackling spyware is superior to that of
the competition,
and provided some valuable insight into how spyware can be confronted
and defeated.
First, a bit about Giant
Giant Software Company was founded by Ron Franczyk and Andrew Newman in
Chicago in
November 2000. The pair were both working in corporations and were
frustrated by
spam and the horrible anti-spam solutions that were available at the
time. Rallying
around the message "Online Peace of Mind," the two started Giant
Software Company
with the goal of creating a better anti-spam mousetrap. The resulting
product, Giant
Spam Inspector, now protects over 2 million email inboxes from spam.
Despite their name, Giant Software Company was never a giant company.
It grew from
the two cofounders to 11 employees who are today based in Chicago,
Atlanta, and New
York, and it also sells a pop-up ad blocker and the anti-spyware
solution that we're
now most interested in. But Giant has been profitable and
self-sustaining since its
inception, Newman told me, and its products are currently used by
almost 1 million
customers. That success, he said, has been driven by Giant's
community-based approach.
"We decided to leverage the power of community and create an anti-spam
community,"
he said. "Many products are like that now, including Cloudmark and
others. But there
wasn't anything like that four years ago. We allow the Internet
community to help
us solve a huge problem, and we build into that system an intelligent
approach to
anti-spam that combines [traditional anti-spam] rules with heuristics."
About a year ago, Giant began looking into anti-spyware for both
consumers and enterprises.
Here, the company knew it could use some of its existing anti-spam
technology. But
it also solidified its community-based approach into a community Web
site called
Spynet, which helps ensure that Giant customers know about spyware
threats before
anyone else. Spynet was an immediate success, with over 200,000
contributors in its
first month alone.
Why Giant AntiSpyware is better
Because many of the companies that are getting into the anti-spyware
market come
from an anti-spam background, they tend to bring with them the habits
and methods
that worked there. That makes some sense, Newman told me, because
spyware is essentially
an extension of spam, or the technological successor to spam. However,
Newman told
me that battling spam and spyware are not identical. That's because
spyware is typically
more pathological and invasive than is spam.
"Windows was developed as a platform, and is extremely extensible, so
we can integrate
into the system," Newman said. "The problem is, anyone can do that,
including malware
writers." To effectively fight spyware, he said, you need software that
can do more
than just look at a file, poll a list of known bad files, and identify
it as good
or malicious. Spyware often imitates legitimate files, or finds ways of
hiding itself
on your system. For this reason, Giant AntiSpyware uses logic that is
based partially
on feedback from Spynet to examine the "genetic fingerprints" of files
and determine
whether those files are valid. "We can detect variations of files,"
Newman said.
"The way anti-virus works is it looks at strings and patterns in file.
This looks
at the file as a whole. They're completely different approaches."
Indeed, the signature-based methods used to combat spam are ineffective
against spyware,
because the methods spyware use to attack your system change so often.
Newman said
Giant AntiSpyware provides a three-pronged attack on spyware. First,
the product
can perform spyware scanning and cleaning, as you'd expect. Second, the
aforementioned
Spynet provides Giant with valuable community contributions. And third,
Giant AntiSpyware
runs constantly in your system, providing real-time protection from
spyware, preventing
it from getting a foothold in your system. It's better to prevent an
attack from
happening than to try and remove malware after it's already infested
your system.
"Real-time protection is the key," Newman told me. "Spyware has to
integrate into
your computer somehow, using a Brower Helper Object or whatever. The
real-time protection
monitors virtually every single auto start point on your system,
detecting changes
and notifying you, via a pop-up window, when anything changes." If
you're installing
an application, for example, you will know to dismiss the pop-up,
because you've
instituted the changes it's detecting. But if you're browsing the Web
(with IE, no
doubt), and you receive such a notification, it's time to start paying
attention.
In my own admittedly unscientific testing, Giant AntiSpyware has proven
notably superior
to perennial favorites like Ad-aware and Spybot Search & Destroy.
Indeed, I find
it interesting that so many reviewers recommend that users install both
Ad-aware
and Spybot in order to fully protect themselves from spyware. That's
because neither
seems to be able to remove all of the spyware on any PC I've tested.
I've had much
better success with Giant AntiSpyware. And I'm not alone: In a
Spywarewarrior.com
product tests, Giant AntiSpyware came out on top, detecting 111 of 138
possible spyware
installs, compared to just 79 for Ad-aware (second place) and 69 for
Spybot (fourth
place). None of those programs reported any false positives, though
another popular
product, Pest Patrol, suffered a whopping 10 false positives and found
just 55 real
spyware installs.
Effectiveness is obviously the most important aspect of any spyware
solution, but
I'm also a big fan of Giant's user interface, which is far nicer than
that of Ad-aware
or Spybot, and more Windows-like. Let's take a look.
A look at Giant Antispyware
If you set it up correctly, you'll never see the AntiSpyware
application after your
first manual spyware scan, because it will sit resident in your system
and automatically
deal with most spyware attacks, prompting you only with pop-up windows
occasionally
as needed. However, Giant AntiSpyware, unlike some other spyware
solutions, presents
a pleasant, easily-navigated user interface that is similar, in some
ways, to a Microsoft
taskpad or activity center.
Spyware Scanning
There are three main screens. From the Spyware Scan screen, you can
initiate a manual
spyware scan, set scan options, and view information about prior scans.
If you choose to run a scan now, Giant AntiSpyware can perform a number
of scan
types, including a deep scan, which scans all files and folders, and a
more typical
intelligent scan, which will just test common entry points for spyware.
When a scan
is complete, you can view the scan results
and then optionally decide what to do with any found spyware;
spyware can be ignored, quarantined, removed (the default), or always
ignored.
Real-time Protection
In the Real-time Protection screen,
you can configure whether the real-time protection feature is active
and view
the status of Giant AntiSpyware's three agent types (Internet, System,
and Application).
The Internet Agents prevent applications from modifying or monitoring
your Internet
connection and settings. The System Agents prevent against threats
making unauthorized
or hazardous changes to your system, including alerting security
permissions. The
Application Agents prevent threats from installing, deleting, or
modifying Internet
Explorer or downloading ActiveX controls, which can contain malicious
code.
Currently, these three agent types protect 58 so-called system
checkpoints, entry-points
in your system where malicious code can be inserted. For example, one
typical checkpoint
is called process execution. This checkpoint prevents spyware from
executing processes
(applications or services) on your PC. If an unknown process attempts
to execute
on your computer, the process will be blocked and you will receive an
alert, which
lets you remove the process. This is, possibly, the most critical
function of this
software: It blocks errant software from executing on your system,
before it happens.
>From the Real-time Protection screen, you can also access information
about blocked
events, which are changes to your system that you have chosen to block.
Advanced Tools
The third screen, Advanced Tools
provides you with links to numerous other functions, including System
Explorers,
which are system settings that are often hard or impossible to
otherwise configure.
For example, you may be familiar with the new Manage Add-ons
functionality that is
included with the Windows XP SP2 version of Internet Explorer; this
feature lets
you enable or disable Browser Helper Objects and other IE plug-ins.
However, the
Internet Explorer System Explorer in Giant AntiSpyware also lets you
permanently
remove such add-ons, which, frankly, is exactly what you need.
There are all kinds of System Explorers in Giant AntiSpyware, and if
you're interested
in security, you should spend some time here. You can configure such
things as which
applications run when Windows starts, which ActiveX controls are
installed, and which
processes are currently running. It's a wonderful set of functionality
that Microsoft
should bubble up more obviously from within Windows itself.
Other Advanced Tools include System Inoculation, which examines your PC
for possible
security holes;
Browser Hijack Restore, which helps restore features of IE that have
been hijacked
by malware,
Tracks Eraser, which can be used to remove the history of your
activities in a
surprisingly wide range of applications and system services, such as
Adobe Acrobat
Reader, Microsoft's Windows Common Dialog, the Google Toolbar;
and Secure File Shredder, a wonderful utility that can be used to
completely eliminate
files from your PC using US Department of Justice (DOJ) recommendations
for secure
file destruction.
How this product doesn't have the word "suite" in its title is beyond
me.
AntiSpyware pop-ups
Like a firewall or anti-virus application, Giant AntiSpyware more
typically makes
itself known by popping up the occasional pop-up window in the lower
right corner
of your desktop. These pop-ups arrive when the product detects a
potential spyware
attack, or, by default, when it's completed a spyware scan (you can
turn that latter
feature off, which I recommend).
Some of the pop-ups are innocuous. For example, you may upgrade a
product to a newer
version. In such a case, Giant AntiSpyware will typically note that an
acceptable
application change has occurred and let you get on with your life
without having
to approve the change.
Some of the pop-ups, however, warn of more dangerous problems. Perhaps
you've navigated
to a malicious Web site that is attempting to install some spyware. Or
maybe you
or an application is attempting a system configuration change with
which Giant Spyware
is not familiar. In such a case, you're provided with information about
the change
and prompted to Allow or Block it.
Enter Microsoft
So now that Microsoft has purchased Giant and its anti-spyware
solution, attention
logically turns toward what the company will do with it. Previously,
Microsoft had
revealed that it would release an anti-spyware solution in 2005, a year
ahead of
the mid-2006 release of Longhorn (where its anti-spyware solution was
originally
set to appear). The company has internal anti-spyware and malware
projects, codenamed
Strider and GhostBuster, respectively, which would have fulfilled those
goals, and
sources I've spoken with suggest that Microsoft understands, perhaps
better than
anyone, how today's malicious spyware is now hooking into Windows
systems and intends
to rectify that situation.
To date, Giant AntiSpyware has been made available as a yearly
subscription fee,
and my expectation is that Microsoft will continue using that model.
However, that
isn't, in my opinion, what the company should do. Instead, I'd like to
see Microsoft
offer Giant AntiSpyware free to all Windows users, as a benefit of
using their OS.
Frankly, it is the architectural problems in Windows that lets spyware
and other
malicious malware infect users' systems, and Microsoft should fix that
problem for
free. For now, the software giant says it hasn't yet decided on
licensing and pricing.
Time will tell, of course. I'll be talking to Microsoft soon about its
anti-spyware
plans, and the company will ship a public beta of its Giant
AntiSpyware-derived anti-spyware
solution before the end of January 2005, so I'll be looking at that to
see whether
it's any different from the product I'm already using. When those
events transpire,
I'll update this preview as needed. In the meantime, I'm ecstatic that
Microsoft
purchased Giant. They made the right decision about the anti-spyware
solution acquisition.
Let's hope the good decision making continues.
--Paul Thurrott
December 20, 2004
Updated December 22, 2004
** To leave the list, click on the immediately-following link:-
** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** guispeak-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** guispeak-request@xxxxxxxxxxxxx with the Subject:- faq
Other related posts:
