Good Riddance Microsoft AntiSpyware Beta

Discussion in 'Computer Support' started by Julie P., Mar 2, 2005.

  1. Julie P.

    Julie P. Guest

    I just uninstalled MS AntiSpyware Beta for the second time, after having
    decided to give it a second chance. Good riddance...

    The problem: you cannot disable real-time protection.

    Sure you can do it, but the next time you restart, it turns back on
    automatically, no matter what settings you have selected. And when it runs
    in the background, my computer significantly slows down. For example,
    instead of five Microsoft Word docs opening in less than a second, they open
    one document per second. Strange, SpywareBlaster and SpyBot running in the
    background don't have this effect.

    Another problem is false positives. I changed my homepage, and MS
    AntiSpyware said this was a hijack attempt. And it won't let me ignore this
    finding unless I shut down all IE windows.

    Well, no surprise here--this is what I get for installing a Microsoft
    product. Sigh...
    Julie P., Mar 2, 2005
    #1
    1. Advertising

  2. Julie P. wrote:

    > I just uninstalled MS AntiSpyware Beta for the second time, after having
    > decided to give it a second chance. Good riddance...
    >
    > The problem: you cannot disable real-time protection.
    >
    > Sure you can do it, but the next time you restart, it turns back on
    > automatically, no matter what settings you have selected. And when it runs
    > in the background, my computer significantly slows down. For example,
    > instead of five Microsoft Word docs opening in less than a second, they open
    > one document per second. Strange, SpywareBlaster and SpyBot running in the
    > background don't have this effect.
    >
    > Another problem is false positives. I changed my homepage, and MS
    > AntiSpyware said this was a hijack attempt. And it won't let me ignore this
    > finding unless I shut down all IE windows.
    >
    > Well, no surprise here--this is what I get for installing a Microsoft
    > product. Sigh...


    It *is* beta, but Spybot and SpywareBlaster don't run in the background,
    they just make some changes to the registry. MS Antispyware does
    actively monitor for activity that spyware typically shows. I've had
    pretty good luck with MSAS (I just invented that acronym, you can tell
    all your friends that you know me) but no antispyware is a complete
    package, you need several. I frequently will install it, clean the
    machine and then disable it. It's stayed disabled for me.
    =?ISO-8859-1?Q?R=F4g=EAr?=, Mar 2, 2005
    #2
    1. Advertising

  3. Julie P.

    Vanguard Guest

    "Julie P." <> wrote in message
    news:...
    >I just uninstalled MS AntiSpyware Beta for the second time, after
    >having decided to give it a second chance. Good riddance...
    >
    > The problem: you cannot disable real-time protection.
    >
    > Sure you can do it, but the next time you restart, it turns back on
    > automatically, no matter what settings you have selected. And when it
    > runs in the background, my computer significantly slows down. For
    > example, instead of five Microsoft Word docs opening in less than a
    > second, they open one document per second.


    How did you manage to open 5 Word docs in under 1 second? I'd like to
    perform the same test. Also, how large were these docs? Did you have
    the on-access scanner for your anti-virus software disabled to eliminate
    its checking of macro viruses?

    Did you ever try using msconfig.exe to disable the gcasServ program from
    loading on Windows startup? In MSAS, did you disable both real-time
    scanning and startup options (i.e., security agents)?

    > Strange, SpywareBlaster and SpyBot running in the background don't
    > have this effect.


    You don't know how SpywareBlaster works. It doesn't run in the
    background; see my replies at
    http://groups-beta.google.com/group..._frm/thread/f86a01f72965f825/eb870da23c684d27.
    Neither does Spybot except for its TeaTimer utility (but Prevx Home is a
    better intrusion detection system). Spybot's other protection is to add
    a BHO (browser helper object) to IE that monitors for "bad" address to,
    for example, prevent downloading of cookies from "bad" sites.

    > Another problem is false positives. I changed my homepage, and MS
    > AntiSpyware said this was a hijack attempt. And it won't let me ignore
    > this finding unless I shut down all IE windows.


    Because it doesn't know who actually made the change. How would any
    software monitoring the registry and critical files know it was you that
    edited them or, say, some keyboard macro program issuing the same
    keystrokes? Altering the home and search pages is a common hijack ploy.
    If you don't want MSAS monitoring any changes then you did the right
    thing by uninstalling it, but then why did you install it in the first
    place? WinPatrol, PrevX, Abtrusion, firewalls with firehole protection
    and outbound authorization, and even anti-virus software prompts you to
    validate to commit an action. If you don't want any of that protection,
    don't install it.

    > Well, no surprise here--this is what I get for installing a Microsoft
    > product. Sigh...


    Well, no surprise there. We understand you wish to remain a newbie user
    regarding security. You want a free ride and not have to make any
    decisions, including RTFM. Hey, if you prefer being lazy regarding
    security then do so and don't have any. Security and ease-of-use are
    the antithesis of each other. You might get lucky and you computer
    never gets raped. If you are diligent with the other security tools and
    practice safe hex then you'll probably have a run of good luck ... until
    that day arrives when your luck runs out. Makes sure to do periodic
    data backups (for file recovery) and drive images (for system recovery)
    to cover your butt.

    By the way, complaining here about MSAS is as useful as spitting into
    the ocean to raise the sea level. MSAS has its own private newsgroup
    at:

    http://communities.microsoft.com/newsgroups/default.asp?ICP=spyware

    Complain there, but you might want to first start by asking how to make
    MSAS do what you want, or make suggestions of the same.
    Vanguard, Mar 2, 2005
    #3
  4. In news:,
    Julie P. <> typed:
    > I just uninstalled MS AntiSpyware Beta for the second time, after
    > having decided to give it a second chance. Good riddance...
    >
    > The problem: you cannot disable real-time protection.
    >
    > Sure you can do it, but the next time you restart, it turns back on
    > automatically, no matter what settings you have selected. And when it
    > runs in the background, my computer significantly slows down. For
    > example, instead of five Microsoft Word docs opening in less than a
    > second, they open one document per second. Strange, SpywareBlaster
    > and SpyBot running in the background don't have this effect.
    >
    > Another problem is false positives. I changed my homepage, and MS
    > AntiSpyware said this was a hijack attempt. And it won't let me
    > ignore this finding unless I shut down all IE windows.
    >
    > Well, no surprise here--this is what I get for installing a Microsoft
    > product. Sigh...


    If speed is your issue,disconnect your system from the internet,remove all
    protection,and there you go! It should fly now.A little performance slow
    down is a small price to pay for security.
    -max
    --
    Virus Removal Instructions: http://home.neo.rr.com/manna4u/
    You can find my e-mail address on my pages
    This message is virus free as far as I can tell
    What's in a Name?, Mar 2, 2005
    #4
  5. Re: GIANT AntiSpyware

    Rôgêr, <>, the hurling, banged-up frotteur, and carter and
    hawker of rotten fish, repined:


    > no antispyware is a complete package, you need several.


    Bullshite you bulldyke.
    2-2-Phenyl-4-Phenylethyl-Propoxy-Radium-4-3-Diethy, Mar 2, 2005
    #5
  6. Julie P.

    elaich Guest

    "Julie P." <> wrote in news:TN6dnUtQDIH-SLjfRVn-
    :

    > Well, no surprise here--this is what I get for installing a Microsoft
    > product. Sigh...


    Letting Microsoft manage malware on your computer is equivalent to letting
    the fox guard the henhouse. If they had a clue about the issue, they'd fix
    all the holes in Internet Explorer.
    elaich, Mar 2, 2005
    #6
  7. Julie P.

    Guest

    Hi there Julie P.how are you today! have you ever tried spy sweeper by
    (webroot) they have a free trial on the net, I downloaded spy sweeper
    and a couple of weeks later I went and bought one. it works great!
    AD-Aware SE Personal is a good one to. I hope you get that (MS) off
    your pc! you have a nice day!

    Sincerely Bruce
    , Mar 2, 2005
    #7
  8. , <>, the left over, reptilian idiot, and pig
    drover, evangelised:

    > Hah thuhre Julie P.how are yew tuhday! have yew ever tried spy sweeper by
    > (webroot) thuhy have a free trial on thuh net, Ah downloaded spy sweeper
    > an' a coupl'a weeks later Ah done went an' bought one. *snort* it works
    > great! AD-Aware SE Personal is a good one tuh. Ah hope yew git that (MS)
    > uhf yore pc! yew have a right nice day!
    >
    > Sincerely Bruce


    Drunk again, Bwuce?
    2-Methyl-3-Methoxybenzoyl-Bromophenoxy-Isoxazolyl-, Mar 2, 2005
    #8
  9. , <>, the pocket-sized, useless fungal
    infection, and person paid to clean the pavements in Paris of dog shit,
    reproved:

    > Hi dewe Juwie P.how awe you today! have you evew twied spy sweepew by
    > (webwoot) dey have a fwee twiaw on de net, I downwoaded spy sweepew and a
    > coupwe of weeks watew I went and bought one. it wowks gweat! AD-Awawe SE
    > Pewsonaw is a good one to. I hope you get dat (MS) off youw pc! you have a
    > nice day!
    >
    > Sincewewy Bwuce


    Pilorum eos citi, ab pueri nonaginta ex nouem pube. Abes servabam dati se
    sana tuosque viasque, iustissimum uigor ius, iuvoque. Ciere cori vacua o
    uriique fidelibus it foedabam.

    Cuique unoque, alvo in vaco molleram narrantis bona pavidae it. Pacarit
    satiasse ara ex spretae spebus pascamini. Duarum sciremus facque, trinis ora
    lucubrantes, minoribus memineram obscena. Sata perosi peracta en nolo
    gazaque humero tridenta fuso via aula.
    Lachlan Walters, Mar 2, 2005
    #9
  10. Julie P.

    Old Gringo Guest

    Julie P. wrote:
    > I just uninstalled MS AntiSpyware Beta for the second time, after having
    > decided to give it a second chance. Good riddance...
    >
    > The problem: you cannot disable real-time protection.
    >
    > Sure you can do it, but the next time you restart, it turns back on
    > automatically, no matter what settings you have selected. And when it runs
    > in the background, my computer significantly slows down. For example,
    > instead of five Microsoft Word docs opening in less than a second, they open
    > one document per second. Strange, SpywareBlaster and SpyBot running in the
    > background don't have this effect.
    >
    > Another problem is false positives. I changed my homepage, and MS
    > AntiSpyware said this was a hijack attempt. And it won't let me ignore this
    > finding unless I shut down all IE windows.
    >
    > Well, no surprise here--this is what I get for installing a Microsoft
    > product. Sigh...
    >
    >
    >

    Fun from the Mother Country: http://tinyurl.com/5jpoa

    --
    Old Gringo George
    Magic Weaver Of Life
    Enjoy Life And Live It To Its Fullest
    Freedom For The World <http://www.nuboy-industries.com/>
    Old Gringo, Mar 2, 2005
    #10
  11. Julie P.

    mhicaoidh Guest

    Taking a moment's reflection, Julie P. mused:
    |
    | I just uninstalled MS AntiSpyware Beta for the second time, after having
    | decided to give it a second chance. Good riddance...
    |
    | The problem: you cannot disable real-time protection.
    |
    | Sure you can do it, but the next time you restart, it turns back on
    | automatically, no matter what settings you have selected.

    There must be something wrong with your system then. Like your other
    issues, I cannot replicate them on my systems. When I disable real time
    protection, it stays inactive until I reactivate them ... even after
    rebooting. I have noticed, however, that it will reset some of the settings
    after receiving an update. But, I suspect this is by design so new/added
    features are not disabled unknowingly due to previous settings.

    | And when it runs
    | in the background, my computer significantly slows down. For example,
    | instead of five Microsoft Word docs opening in less than a second, they
    | open one document per second. Strange, SpywareBlaster and SpyBot running
    | in the background don't have this effect.

    MSAS doesn't do this on my system either. All documents/applications
    open as quickly as without it running.

    | Another problem is false positives. I changed my homepage, and MS
    | AntiSpyware said this was a hijack attempt. And it won't let me ignore
    | this finding unless I shut down all IE windows.

    Again, I am at a loss. If I change my homepage, MSAS pops up with a box
    alerting me to the change, and I can accept or deny this change.
    mhicaoidh, Mar 2, 2005
    #11
  12. Julie P.

    Julie P. Guest

    "Rôgêr" <> wrote in message
    news:...
    > Julie P. wrote:
    >
    >> I just uninstalled MS AntiSpyware Beta for the second time, after having
    >> decided to give it a second chance. Good riddance...
    >>
    >> The problem: you cannot disable real-time protection.
    >>
    >> Sure you can do it, but the next time you restart, it turns back on
    >> automatically, no matter what settings you have selected. And when it
    >> runs in the background, my computer significantly slows down. For
    >> example, instead of five Microsoft Word docs opening in less than a
    >> second, they open one document per second. Strange, SpywareBlaster and
    >> SpyBot running in the background don't have this effect.
    >>
    >> Another problem is false positives. I changed my homepage, and MS
    >> AntiSpyware said this was a hijack attempt. And it won't let me ignore
    >> this finding unless I shut down all IE windows.
    >>
    >> Well, no surprise here--this is what I get for installing a Microsoft
    >> product. Sigh...

    >
    > It *is* beta, but Spybot and SpywareBlaster don't run in the background,
    > they just make some changes to the registry.


    Ok, thanks. I do know that my SpyBot actively blocks dangerous donwloads in
    the background though.

    MS Antispyware does
    > actively monitor for activity that spyware typically shows. I've had
    > pretty good luck with MSAS (I just invented that acronym, you can tell all
    > your friends that you know me) but no antispyware is a complete package,
    > you need several. I frequently will install it, clean the machine and then
    > disable it. It's stayed disabled for me.


    That sounds like a good idea. Maybe once a month. :)
    Julie P., Mar 2, 2005
    #12
  13. Julie P.

    Julie P. Guest

    "Vanguard" <> wrote in message
    news:...
    > "Julie P." <> wrote in message
    > news:...
    >>I just uninstalled MS AntiSpyware Beta for the second time, after having
    >>decided to give it a second chance. Good riddance...
    >>
    >> The problem: you cannot disable real-time protection.
    >>
    >> Sure you can do it, but the next time you restart, it turns back on
    >> automatically, no matter what settings you have selected. And when it
    >> runs in the background, my computer significantly slows down. For
    >> example, instead of five Microsoft Word docs opening in less than a
    >> second, they open one document per second.

    >
    > How did you manage to open 5 Word docs in under 1 second? I'd like to
    > perform the same test.


    I just went to the documents folder, control-clicked on 5 of them, and then
    clicked "Open". They were about 30 KB each.

    Also, how large were these docs? Did you have
    > the on-access scanner for your anti-virus software disabled to eliminate
    > its checking of macro viruses?


    I use AVG, but have the email scanner uninstalled.

    >
    > Did you ever try using msconfig.exe to disable the gcasServ program from
    > loading on Windows startup?


    No, I am a not too knowledgable about this.

    In MSAS, did you disable both real-time
    > scanning and startup options (i.e., security agents)?
    >


    Yes. More on this later...

    >> Strange, SpywareBlaster and SpyBot running in the background don't have
    >> this effect.

    >
    > You don't know how SpywareBlaster works. It doesn't run in the
    > background; see my replies at
    > http://groups-beta.google.com/group..._frm/thread/f86a01f72965f825/eb870da23c684d27.



    ok, thanks for telling me that.

    > Neither does Spybot except for its TeaTimer utility (but Prevx Home is a
    > better intrusion detection system). Spybot's other protection is to add a
    > BHO (browser helper object) to IE that monitors for "bad" address to, for
    > example, prevent downloading of cookies from "bad" sites.


    Yep, the latter part is what I meant. It blocks bad IE downloads in the
    backgorund.

    >
    >> Another problem is false positives. I changed my homepage, and MS
    >> AntiSpyware said this was a hijack attempt. And it won't let me ignore
    >> this finding unless I shut down all IE windows.

    >
    > Because it doesn't know who actually made the change. How would any
    > software monitoring the registry and critical files know it was you that
    > edited them or, say, some keyboard macro program issuing the same
    > keystrokes?


    Ok, thnaks. I just wonder why Ad-Aware and SpyBot let me make changes with
    IE windows still open. See, I like to run MSAS in the backgorund, while
    working on IE, email, etc.

    Altering the home and search pages is a common hijack ploy.
    > If you don't want MSAS monitoring any changes then you did the right thing
    > by uninstalling it, but then why did you install it in the first place?


    To be able to do weekly scans like I do with Ad-Aware, CWShredder, SpyBot,
    etc. they are all complementary.

    WinPatrol, PrevX, Abtrusion, firewalls with firehole protection
    > and outbound authorization, and even anti-virus software prompts you to
    > validate to commit an action. If you don't want any of that protection,
    > don't install it.



    I wanted to select "Always Ignore", but I didn't want to stop what I was
    doing and close all my windows.

    >
    >> Well, no surprise here--this is what I get for installing a Microsoft
    >> product. Sigh...

    >
    > Well, no surprise there. We understand you wish to remain a newbie user
    > regarding security. You want a free ride and not have to make any
    > decisions, including RTFM. Hey, if you prefer being lazy regarding
    > security then do so and don't have any. Security and ease-of-use are the
    > antithesis of each other. You might get lucky and you computer never gets
    > raped. If you are diligent with the other security tools and practice
    > safe hex then you'll probably have a run of good luck ... until that day
    > arrives when your luck runs out. Makes sure to do periodic data backups
    > (for file recovery) and drive images (for system recovery) to cover your
    > butt.
    >
    > By the way, complaining here about MSAS is as useful as spitting into the
    > ocean to raise the sea level. MSAS has its own private newsgroup at:
    >
    > http://communities.microsoft.com/newsgroups/default.asp?ICP=spyware
    >
    > Complain there, but you might want to first start by asking how to make
    > MSAS do what you want, or make suggestions of the same.
    >


    thanks for that link. I will investigage drive imaging and data back-up. I
    stopped backing up data ever since my Dell had no floppy disk drive and my
    zip drive became outdated.
    Julie P., Mar 2, 2005
    #13
  14. Julie P.

    Julie P. Guest

    <> wrote in message
    news:...
    > Hi there Julie P.how are you today! have you ever tried spy sweeper by
    > (webroot) they have a free trial on the net, I downloaded spy sweeper
    > and a couple of weeks later I went and bought one. it works great!
    > AD-Aware SE Personal is a good one to. I hope you get that (MS) off
    > your pc! you have a nice day!
    >
    > Sincerely Bruce
    >


    thanks Bruce for the tip!
    Julie P., Mar 2, 2005
    #14
  15. Julie P.

    Julie P. Guest

    "mhicaoidh" <®êmõvé_mhic_aoidh@hotÑîXmailSPäM.com> wrote in message
    news:SInVd.83978$tl3.30816@attbi_s02...
    > Taking a moment's reflection, Julie P. mused:
    > |
    > | I just uninstalled MS AntiSpyware Beta for the second time, after having
    > | decided to give it a second chance. Good riddance...
    > |
    > | The problem: you cannot disable real-time protection.
    > |
    > | Sure you can do it, but the next time you restart, it turns back on
    > | automatically, no matter what settings you have selected.
    >
    > There must be something wrong with your system then. Like your other
    > issues, I cannot replicate them on my systems. When I disable real time
    > protection, it stays inactive until I reactivate them ... even after
    > rebooting. I have noticed, however, that it will reset some of the
    > settings
    > after receiving an update. But, I suspect this is by design so new/added
    > features are not disabled unknowingly due to previous settings.
    >


    Yes, this is true, I think. What happened was the next day, after I turned
    off real-time protection and community reporting, after I restarted, it
    still ran in the background. But the settings still said the real-time
    protection was disabled.

    Then after the auto-update, I believe the settings reenabled real-time
    protection by themselves. the reason I checked was because my computer was
    still running slow.


    > | And when it runs
    > | in the background, my computer significantly slows down. For example,
    > | instead of five Microsoft Word docs opening in less than a second, they
    > | open one document per second. Strange, SpywareBlaster and SpyBot running
    > | in the background don't have this effect.
    >
    > MSAS doesn't do this on my system either. All documents/applications
    > open as quickly as without it running.
    >
    > | Another problem is false positives. I changed my homepage, and MS
    > | AntiSpyware said this was a hijack attempt. And it won't let me ignore
    > | this finding unless I shut down all IE windows.
    >
    > Again, I am at a loss. If I change my homepage, MSAS pops up with a
    > box
    > alerting me to the change, and I can accept or deny this change.
    >
    >


    With me, I did the change before installing MSAS. then after I installed it
    and scanned, it found the homepage change, retroactively. It asked me if I
    wanted to delete, ignore, or always ignore. I chose ignore, but it would not
    let me do this without closing all IE windows first.
    Julie P., Mar 2, 2005
    #15
  16. Julie P.

    Demmin Rahl Guest

    you are using a microsoft product to write this.

    "Julie P." <> wrote in message
    news:...
    > I just uninstalled MS AntiSpyware Beta for the second time, after having
    > decided to give it a second chance. Good riddance...
    >
    > The problem: you cannot disable real-time protection.
    >
    > Sure you can do it, but the next time you restart, it turns back on
    > automatically, no matter what settings you have selected. And when it runs
    > in the background, my computer significantly slows down. For example,
    > instead of five Microsoft Word docs opening in less than a second, they

    open
    > one document per second. Strange, SpywareBlaster and SpyBot running in the
    > background don't have this effect.
    >
    > Another problem is false positives. I changed my homepage, and MS
    > AntiSpyware said this was a hijack attempt. And it won't let me ignore

    this
    > finding unless I shut down all IE windows.
    >
    > Well, no surprise here--this is what I get for installing a Microsoft
    > product. Sigh...
    >
    >
    >
    Demmin Rahl, Mar 2, 2005
    #16
  17. Julie P.

    Vanguard Guest

    "Julie P." <> wrote in message
    news:...
    > "Vanguard" <> wrote in message
    > news:...
    >> "Julie P." <> wrote in message
    >> news:...
    >>>I just uninstalled MS AntiSpyware Beta for the second time, after
    >>>having decided to give it a second chance. Good riddance...
    >>>
    >>> The problem: you cannot disable real-time protection.
    >>>
    >>> Sure you can do it, but the next time you restart, it turns back on
    >>> automatically, no matter what settings you have selected. And when
    >>> it runs in the background, my computer significantly slows down. For
    >>> example, instead of five Microsoft Word docs opening in less than a
    >>> second, they open one document per second.

    >>
    >> How did you manage to open 5 Word docs in under 1 second? I'd like
    >> to perform the same test.

    >
    > I just went to the documents folder, control-clicked on 5 of them, and
    > then clicked "Open". They were about 30 KB each.


    Well, when I highlighted 5 .doc files in Explorer (so 5 were
    concurrently selected), I right-clicked and selected Open. In never saw
    winword.exe load in Task Manager's Processes tab. No documents opened.
    I could open them if I selected one and opened it. I then loaded Word
    and opened its browser window to select a file to open. I tried
    dragging across the 5 files to select them all but that wasn't allowed
    in that dialog window. I then tried to use Ctrl-click on multiple files
    but only one file could be selected. I'm using Outlook 2002. Maybe you
    have Outlook 2003 and it will let the user open multiple .doc files
    concurrently, or something in my setup prevent me from doing what you
    can do. Even when I open just one .doc file, it takes 4.2 seconds just
    to load the Word program itself before it even gets to start loading the
    document. Could be you have a system that is much faster than mine but
    it is likely the disk speed difference is insignificant.

    > Also, how large were these docs? Did you have
    >> the on-access scanner for your anti-virus software disabled to
    >> eliminate its checking of macro viruses?

    >
    > I use AVG, but have the email scanner uninstalled.


    That is e-mail. You were stating that opening Word documents was
    slowed, not anything regarding e-mails. You would have to disable the
    on-access scanner of your anti-virus program, or just disable the
    anti-virus software altogether, to make sure it wasn't scanning your
    ..doc files for macros.

    >> Did you ever try using msconfig.exe to disable the gcasServ program
    >> from loading on Windows startup?

    >
    > No, I am a not too knowledgable about this.


    Once you run msconfig.exe, there is a Startup tab that lists most of the
    startup programs (there are few other places to load programs but not
    commonly used). When you still had MSAS installed, the gcasServ.exe
    program should've have been listed in the Run key to have it load on
    Windows startup. After setting the option to NOT load MSAS in its
    options, it would've been interesting to see if its Run key was removed
    or not.

    > In MSAS, did you disable both real-time
    >> scanning and startup options (i.e., security agents)?
    >>

    >
    > Yes. More on this later...
    >
    >>> Strange, SpywareBlaster and SpyBot running in the background don't
    >>> have this effect.

    >>
    >> You don't know how SpywareBlaster works. It doesn't run in the
    >> background; see my replies at
    >> http://groups-beta.google.com/group..._frm/thread/f86a01f72965f825/eb870da23c684d27.

    >
    >
    > ok, thanks for telling me that.
    >
    >> Neither does Spybot except for its TeaTimer utility (but Prevx Home
    >> is a better intrusion detection system). Spybot's other protection
    >> is to add a BHO (browser helper object) to IE that monitors for "bad"
    >> address to, for example, prevent downloading of cookies from "bad"
    >> sites.

    >
    > Yep, the latter part is what I meant. It blocks bad IE downloads in
    > the backgorund.
    >
    >>
    >>> Another problem is false positives. I changed my homepage, and MS
    >>> AntiSpyware said this was a hijack attempt. And it won't let me
    >>> ignore this finding unless I shut down all IE windows.

    >>
    >> Because it doesn't know who actually made the change. How would any
    >> software monitoring the registry and critical files know it was you
    >> that edited them or, say, some keyboard macro program issuing the
    >> same keystrokes?

    >
    > Ok, thnaks. I just wonder why Ad-Aware and SpyBot let me make changes
    > with IE windows still open. See, I like to run MSAS in the backgorund,
    > while working on IE, email, etc.


    Because Ad-Aware and Spybot are scanners and might add some entries to
    the registry. They don't monitor anything as would the on-access
    scanner for anti-virus software when a file is getting created or
    written to. Neither one is specifically defined to prevent browser
    hijacking. Prevx Home (free) which is an intrusion protection system
    that runs in the background, SpywareGuard (also free) which runs as a
    BHO in IE, and WinPatrol which runs in the background (but its poll
    interval is a bit too long) will alert you when a hijack attempt is made
    or something that would be typical of a hijack attempt. MSAS does the
    same thing.

    Ad-Aware and Spybot can't tell you anything because they are not running
    in the background. I haven't bothered with Spybot's TeaTimer because
    its protections are minimal and it is a flaky module. Ad-Aware and
    Spybot won't even complain about such changes when they are running
    because they are scanners that go out looking for malware. They are not
    monitors and they aren't geared to prevent browser hijacking. Ad-Aware
    and Spybot search for malware, not their effects. Similarly, an
    anti-virus program looks for the viruses but not the effects they have,
    like modifying the contents of other files that are themselves not
    infected, like config files. Ad-Aware has its Ad-Watch monitor that can
    check for browser hijacking and other effects caused by malware but you
    have to pay for that (and my guess is that you are using the freebie
    version of Ad-Aware so you don't have the use of Ad-Watch).

    > Altering the home and search pages is a common hijack ploy.
    >> If you don't want MSAS monitoring any changes then you did the right
    >> thing by uninstalling it, but then why did you install it in the
    >> first place?

    >
    > To be able to do weekly scans like I do with Ad-Aware, CWShredder,
    > SpyBot, etc. they are all complementary.


    And because you are doing manual scans using those products, they aren't
    loaded and monitoring for any malware in the interim between your manual
    scans. Do you disable the on-access scanner in your anti-virus
    software? Do you rely on just a manual run of the on-demand scanner for
    your anti-virus software to provide you with complete protection? No.
    But running manual scans of Ad-Aware, Spybot, CWshredder, and other
    on-demand scanners means that you have nothing to alert you to an
    infection between your manual scans. To protect you against viruses,
    you leave running the on-access scanner for your anti-virus program.
    Ad-Aware has its Ad-Watch utility but you have to pay for it. Spybot
    has its TeaTimer but it isn't worth wasting the memory to run it from
    what I've read regarding it.

    I also use Ad-Aware, Spybot, and CWshredder by running them
    occasionally. These manual scans provide some assurance that my system
    doesn't have any nasties in it but obviously they do nothing to deter
    the nasties from getting into my computer between when I run those
    manual scans. I'm not saying MSAS, when running its monitoring utility,
    is the ideal choice for catching malware that gets in but it does a
    reasonable job. I also use Prevx Home but it is not a product for
    newbies or anyone not willing to investigate what it is reporting to you
    when it detects critical system areas being altered. Prevx's detection
    of changes is much more immediate than for MSAS which seems to poll for
    changes and alerts you sometime later, like 10 seconds later, regarding
    the change it detected.

    > WinPatrol, PrevX, Abtrusion, firewalls with firehole protection
    >> and outbound authorization, and even anti-virus software prompts you
    >> to validate to commit an action. If you don't want any of that
    >> protection, don't install it.

    >
    >
    > I wanted to select "Always Ignore", but I didn't want to stop what I
    > was doing and close all my windows.


    That selection is specific to the process or program that caused the
    alert. For example, if you edit the hosts file using Notepad, you'll
    get an alert from MSAS where you can opt to allow or block the change.
    Some events are triggered in MSAS by its detection of the change but it
    polls for the change. That is why you takes something like 10 seconds
    before MSAS pops up to alert you to the change. The application is
    already unloaded from memory at that point so MSAS cannot identify who
    made the change, so it cannot create a hash value of that program's
    executable file (to keep track of it) so you could continue to allow
    that application to make further changes sometime later. All MSAS can
    tell you is what it monitors has changed, not necessarily what changed
    it. WinPatrol is even worse in that the minimal poll interval you can
    set for it to detect changes to monitored areas is one minute. That is
    a long time to be telling you that a change was made.

    Prevx is much more immediate, plus it knows what application is
    attempting to make the change (because it has halted the change so the
    application will hang until you decide how to let Prevx handle the
    alert). So with Prevx which intercepts the changes as they occur, it
    knows what program made the change so you can tell Prevx to always
    ignore any further changes made by that program. However, MSAS and
    WinPatrol poll for changes which means whatever made the change isn't
    around anymore so they have no way to identify the program. That means
    there is now way it can let you designate which program to always allow,
    always ignore, or always block regarding the change on which it alerts.
    In many ways, MSAS, WinPatrol, and other anti-spyware/anti-malware that
    poll for changes will tell you about them too late, but they usually let
    you revert to a prior state to undo those changes.

    MSAS, WinPatrol, SpywareGuard, Prevx, anti-virus software, and a
    firewall with outbound application rules will prompt you when they
    detect what they were supposed to detect. Some will permit you to
    select an "always" action provided the program is known that made the
    change that got detected. Some, like MSAS and WinPatrol, tell you
    sometime later when they get around to running their next poll and then
    detect the change(s) to alert you to them. However, how often do you
    really change your home page, your search engine, the contents of your
    hosts file, or other such files? How often do you change the list of
    startup programs? Not very often.

    >>> Well, no surprise here--this is what I get for installing a
    >>> Microsoft product. Sigh...

    >>
    >> Well, no surprise there. We understand you wish to remain a newbie
    >> user regarding security. You want a free ride and not have to make
    >> any decisions, including RTFM. Hey, if you prefer being lazy
    >> regarding security then do so and don't have any. Security and
    >> ease-of-use are the antithesis of each other. You might get lucky
    >> and you computer never gets raped. If you are diligent with the
    >> other security tools and practice safe hex then you'll probably have
    >> a run of good luck ... until that day arrives when your luck runs
    >> out. Makes sure to do periodic data backups (for file recovery) and
    >> drive images (for system recovery) to cover your butt.
    >>
    >> By the way, complaining here about MSAS is as useful as spitting into
    >> the ocean to raise the sea level. MSAS has its own private newsgroup
    >> at:
    >>
    >> http://communities.microsoft.com/newsgroups/default.asp?ICP=spyware
    >>
    >> Complain there, but you might want to first start by asking how to
    >> make MSAS do what you want, or make suggestions of the same.
    >>

    >
    > thanks for that link. I will investigage drive imaging and data
    > back-up. I stopped backing up data ever since my Dell had no floppy
    > disk drive and my zip drive became outdated.


    Ad-Aware (without its paid Ad-Watch utility) and Spybot (without its
    TeaTimer) won't give you any protection between your manual scans. MSAS
    will. So will WinPatrol as will Prevx Home. MSAS and WinPatrol poll
    for changes so they always detect late, but better late than never.
    Prevx Home is much better but isn't something you should use if you have
    problems understanding or using MSAS or WinPatrol.

    My attitude is that if you don't backup your data then you have decided
    that it isn't important. Hard drives fail, malware sneaks in, users
    make [lost of] errors, cheap power supplies can cause data corruption,
    no UPS is employed to prevent the system crashing during an outage,
    there are conflicts between software products, and so on. Drive images
    let you get back quickly to the same state you were when you saved the
    snapshot of your partition(s). System Recovery is sometimes helpful
    *if* it works but don't rely on it to recovery your computer to a prior
    state.


    --
    ____________________________________________________________
    Post your replies to the newsgroup. Share with others.
    E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
    ____________________________________________________________
    Vanguard, Mar 3, 2005
    #17
  18. Julie P.

    Vanguard Guest

    "elaich" <> wrote in message news:...
    > "Julie P." <> wrote in news:TN6dnUtQDIH-SLjfRVn-
    > :
    >
    >> Well, no surprise here--this is what I get for installing a Microsoft
    >> product. Sigh...

    >
    > Letting Microsoft manage malware on your computer is equivalent to
    > letting
    > the fox guard the henhouse. If they had a clue about the issue, they'd
    > fix
    > all the holes in Internet Explorer.



    And, of course, Firefox would never permit a user from downloading
    software which carries covert spyware or malware, oh no, uh uh. And, of
    course, Firefox, Opera, or whatever non-IE browser of your choice would
    definitely prevent users from inserting floppies, CDs, Zip disks,
    removable hard drives, and other storage media that would be infected.
    The only way to guarantee that malware never gets into a computer is to
    eliminate the user. Geesh, if you think the only avenue for infection
    is through the browser then you have a lot more learning in store for
    you.
    Vanguard, Mar 3, 2005
    #18
  19. Julie P.

    Edward Guest

    What a idiot you are.

    On Wed, 2 Mar 2005 10:01:52 -0500, "Julie P." <>
    wrote:

    >I just uninstalled MS AntiSpyware Beta for the second time, after having
    >decided to give it a second chance. Good riddance...
    >
    >The problem: you cannot disable real-time protection.
    >
    >Sure you can do it, but the next time you restart, it turns back on
    >automatically, no matter what settings you have selected. And when it runs
    >in the background, my computer significantly slows down. For example,
    >instead of five Microsoft Word docs opening in less than a second, they open
    >one document per second. Strange, SpywareBlaster and SpyBot running in the
    >background don't have this effect.
    >
    >Another problem is false positives. I changed my homepage, and MS
    >AntiSpyware said this was a hijack attempt. And it won't let me ignore this
    >finding unless I shut down all IE windows.
    >
    >Well, no surprise here--this is what I get for installing a Microsoft
    >product. Sigh...
    >
    >
    Edward, Mar 5, 2005
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. paul
    Replies:
    135
    Views:
    2,262
  2. Julie P.

    Warning about Microsoft AntiSpyware Beta

    Julie P., Jan 12, 2005, in forum: Computer Support
    Replies:
    37
    Views:
    1,019
    The Black Laced One
    Jan 26, 2005
  3. Nick Withers

    Microsoft AntiSpyware Beta 1

    Nick Withers, Feb 11, 2005, in forum: Computer Support
    Replies:
    15
    Views:
    870
    Oxford Systems
    Feb 12, 2005
  4. Lester Bangs

    Good Riddance : DVDSoon

    Lester Bangs, Dec 17, 2005, in forum: DVD Video
    Replies:
    50
    Views:
    1,329
    Lordy.UK
    Dec 24, 2005
  5. JohnO

    Good Riddance, 2003 A+ Exams

    JohnO, Jul 2, 2007, in forum: A+ Certification
    Replies:
    5
    Views:
    872
    JohnO
    Jul 6, 2007
Loading...

Share This Page