Good Riddance Microsoft AntiSpyware Beta

Discussion in 'Computer Support' started by Julie P., Mar 2, 2005.

  1. Julie P.

    Julie P. Guest

    I just uninstalled MS AntiSpyware Beta for the second time, after having
    decided to give it a second chance. Good riddance...

    The problem: you cannot disable real-time protection.

    Sure you can do it, but the next time you restart, it turns back on
    automatically, no matter what settings you have selected. And when it runs
    in the background, my computer significantly slows down. For example,
    instead of five Microsoft Word docs opening in less than a second, they open
    one document per second. Strange, SpywareBlaster and SpyBot running in the
    background don't have this effect.

    Another problem is false positives. I changed my homepage, and MS
    AntiSpyware said this was a hijack attempt. And it won't let me ignore this
    finding unless I shut down all IE windows.

    Well, no surprise here--this is what I get for installing a Microsoft
    product. Sigh...
    Julie P., Mar 2, 2005
    1. Advertisements

  2. It *is* beta, but Spybot and SpywareBlaster don't run in the background,
    they just make some changes to the registry. MS Antispyware does
    actively monitor for activity that spyware typically shows. I've had
    pretty good luck with MSAS (I just invented that acronym, you can tell
    all your friends that you know me) but no antispyware is a complete
    package, you need several. I frequently will install it, clean the
    machine and then disable it. It's stayed disabled for me.
    =?ISO-8859-1?Q?R=F4g=EAr?=, Mar 2, 2005
    1. Advertisements

  3. Julie P.

    Vanguard Guest

    How did you manage to open 5 Word docs in under 1 second? I'd like to
    perform the same test. Also, how large were these docs? Did you have
    the on-access scanner for your anti-virus software disabled to eliminate
    its checking of macro viruses?

    Did you ever try using msconfig.exe to disable the gcasServ program from
    loading on Windows startup? In MSAS, did you disable both real-time
    scanning and startup options (i.e., security agents)?
    You don't know how SpywareBlaster works. It doesn't run in the
    background; see my replies at
    Neither does Spybot except for its TeaTimer utility (but Prevx Home is a
    better intrusion detection system). Spybot's other protection is to add
    a BHO (browser helper object) to IE that monitors for "bad" address to,
    for example, prevent downloading of cookies from "bad" sites.
    Because it doesn't know who actually made the change. How would any
    software monitoring the registry and critical files know it was you that
    edited them or, say, some keyboard macro program issuing the same
    keystrokes? Altering the home and search pages is a common hijack ploy.
    If you don't want MSAS monitoring any changes then you did the right
    thing by uninstalling it, but then why did you install it in the first
    place? WinPatrol, PrevX, Abtrusion, firewalls with firehole protection
    and outbound authorization, and even anti-virus software prompts you to
    validate to commit an action. If you don't want any of that protection,
    don't install it.
    Well, no surprise there. We understand you wish to remain a newbie user
    regarding security. You want a free ride and not have to make any
    decisions, including RTFM. Hey, if you prefer being lazy regarding
    security then do so and don't have any. Security and ease-of-use are
    the antithesis of each other. You might get lucky and you computer
    never gets raped. If you are diligent with the other security tools and
    practice safe hex then you'll probably have a run of good luck ... until
    that day arrives when your luck runs out. Makes sure to do periodic
    data backups (for file recovery) and drive images (for system recovery)
    to cover your butt.

    By the way, complaining here about MSAS is as useful as spitting into
    the ocean to raise the sea level. MSAS has its own private newsgroup

    Complain there, but you might want to first start by asking how to make
    MSAS do what you want, or make suggestions of the same.
    Vanguard, Mar 2, 2005
  4. In
    If speed is your issue,disconnect your system from the internet,remove all
    protection,and there you go! It should fly now.A little performance slow
    down is a small price to pay for security.
    What's in a Name?, Mar 2, 2005
  5. Rôgêr, <>, the hurling, banged-up frotteur, and carter and
    hawker of rotten fish, repined:

    Bullshite you bulldyke.
    2-2-Phenyl-4-Phenylethyl-Propoxy-Radium-4-3-Diethy, Mar 2, 2005
  6. Julie P.

    elaich Guest

    Letting Microsoft manage malware on your computer is equivalent to letting
    the fox guard the henhouse. If they had a clue about the issue, they'd fix
    all the holes in Internet Explorer.
    elaich, Mar 2, 2005
  7. Julie P.

    bhskel Guest

    Hi there Julie are you today! have you ever tried spy sweeper by
    (webroot) they have a free trial on the net, I downloaded spy sweeper
    and a couple of weeks later I went and bought one. it works great!
    AD-Aware SE Personal is a good one to. I hope you get that (MS) off
    your pc! you have a nice day!

    Sincerely Bruce
    bhskel, Mar 2, 2005
  8. Drunk again, Bwuce?
    2-Methyl-3-Methoxybenzoyl-Bromophenoxy-Isoxazolyl-, Mar 2, 2005
  9. , <>, the pocket-sized, useless fungal
    infection, and person paid to clean the pavements in Paris of dog shit,
    Pilorum eos citi, ab pueri nonaginta ex nouem pube. Abes servabam dati se
    sana tuosque viasque, iustissimum uigor ius, iuvoque. Ciere cori vacua o
    uriique fidelibus it foedabam.

    Cuique unoque, alvo in vaco molleram narrantis bona pavidae it. Pacarit
    satiasse ara ex spretae spebus pascamini. Duarum sciremus facque, trinis ora
    lucubrantes, minoribus memineram obscena. Sata perosi peracta en nolo
    gazaque humero tridenta fuso via aula.
    Lachlan Walters, Mar 2, 2005
  10. Julie P.

    Old Gringo Guest

    Fun from the Mother Country:
    Old Gringo, Mar 2, 2005
  11. Julie P.

    mhicaoidh Guest

    Taking a moment's reflection, Julie P. mused:
    | I just uninstalled MS AntiSpyware Beta for the second time, after having
    | decided to give it a second chance. Good riddance...
    | The problem: you cannot disable real-time protection.
    | Sure you can do it, but the next time you restart, it turns back on
    | automatically, no matter what settings you have selected.

    There must be something wrong with your system then. Like your other
    issues, I cannot replicate them on my systems. When I disable real time
    protection, it stays inactive until I reactivate them ... even after
    rebooting. I have noticed, however, that it will reset some of the settings
    after receiving an update. But, I suspect this is by design so new/added
    features are not disabled unknowingly due to previous settings.

    | And when it runs
    | in the background, my computer significantly slows down. For example,
    | instead of five Microsoft Word docs opening in less than a second, they
    | open one document per second. Strange, SpywareBlaster and SpyBot running
    | in the background don't have this effect.

    MSAS doesn't do this on my system either. All documents/applications
    open as quickly as without it running.

    | Another problem is false positives. I changed my homepage, and MS
    | AntiSpyware said this was a hijack attempt. And it won't let me ignore
    | this finding unless I shut down all IE windows.

    Again, I am at a loss. If I change my homepage, MSAS pops up with a box
    alerting me to the change, and I can accept or deny this change.
    mhicaoidh, Mar 2, 2005
  12. Julie P.

    Julie P. Guest

    Ok, thanks. I do know that my SpyBot actively blocks dangerous donwloads in
    the background though.

    MS Antispyware does
    That sounds like a good idea. Maybe once a month. :)
    Julie P., Mar 2, 2005
  13. Julie P.

    Julie P. Guest

    I just went to the documents folder, control-clicked on 5 of them, and then
    clicked "Open". They were about 30 KB each.

    Also, how large were these docs? Did you have
    I use AVG, but have the email scanner uninstalled.
    No, I am a not too knowledgable about this.

    In MSAS, did you disable both real-time
    Yes. More on this later...

    ok, thanks for telling me that.
    Yep, the latter part is what I meant. It blocks bad IE downloads in the
    Ok, thnaks. I just wonder why Ad-Aware and SpyBot let me make changes with
    IE windows still open. See, I like to run MSAS in the backgorund, while
    working on IE, email, etc.

    Altering the home and search pages is a common hijack ploy.
    To be able to do weekly scans like I do with Ad-Aware, CWShredder, SpyBot,
    etc. they are all complementary.

    WinPatrol, PrevX, Abtrusion, firewalls with firehole protection

    I wanted to select "Always Ignore", but I didn't want to stop what I was
    doing and close all my windows.
    thanks for that link. I will investigage drive imaging and data back-up. I
    stopped backing up data ever since my Dell had no floppy disk drive and my
    zip drive became outdated.
    Julie P., Mar 2, 2005
  14. Julie P.

    Julie P. Guest

    thanks Bruce for the tip!
    Julie P., Mar 2, 2005
  15. Julie P.

    Julie P. Guest

    Yes, this is true, I think. What happened was the next day, after I turned
    off real-time protection and community reporting, after I restarted, it
    still ran in the background. But the settings still said the real-time
    protection was disabled.

    Then after the auto-update, I believe the settings reenabled real-time
    protection by themselves. the reason I checked was because my computer was
    still running slow.

    With me, I did the change before installing MSAS. then after I installed it
    and scanned, it found the homepage change, retroactively. It asked me if I
    wanted to delete, ignore, or always ignore. I chose ignore, but it would not
    let me do this without closing all IE windows first.
    Julie P., Mar 2, 2005
  16. Julie P.

    Demmin Rahl Guest

    you are using a microsoft product to write this.
    Demmin Rahl, Mar 2, 2005
  17. Julie P.

    Vanguard Guest

    Well, when I highlighted 5 .doc files in Explorer (so 5 were
    concurrently selected), I right-clicked and selected Open. In never saw
    winword.exe load in Task Manager's Processes tab. No documents opened.
    I could open them if I selected one and opened it. I then loaded Word
    and opened its browser window to select a file to open. I tried
    dragging across the 5 files to select them all but that wasn't allowed
    in that dialog window. I then tried to use Ctrl-click on multiple files
    but only one file could be selected. I'm using Outlook 2002. Maybe you
    have Outlook 2003 and it will let the user open multiple .doc files
    concurrently, or something in my setup prevent me from doing what you
    can do. Even when I open just one .doc file, it takes 4.2 seconds just
    to load the Word program itself before it even gets to start loading the
    document. Could be you have a system that is much faster than mine but
    it is likely the disk speed difference is insignificant.
    That is e-mail. You were stating that opening Word documents was
    slowed, not anything regarding e-mails. You would have to disable the
    on-access scanner of your anti-virus program, or just disable the
    anti-virus software altogether, to make sure it wasn't scanning your
    ..doc files for macros.
    Once you run msconfig.exe, there is a Startup tab that lists most of the
    startup programs (there are few other places to load programs but not
    commonly used). When you still had MSAS installed, the gcasServ.exe
    program should've have been listed in the Run key to have it load on
    Windows startup. After setting the option to NOT load MSAS in its
    options, it would've been interesting to see if its Run key was removed
    or not.
    Because Ad-Aware and Spybot are scanners and might add some entries to
    the registry. They don't monitor anything as would the on-access
    scanner for anti-virus software when a file is getting created or
    written to. Neither one is specifically defined to prevent browser
    hijacking. Prevx Home (free) which is an intrusion protection system
    that runs in the background, SpywareGuard (also free) which runs as a
    BHO in IE, and WinPatrol which runs in the background (but its poll
    interval is a bit too long) will alert you when a hijack attempt is made
    or something that would be typical of a hijack attempt. MSAS does the
    same thing.

    Ad-Aware and Spybot can't tell you anything because they are not running
    in the background. I haven't bothered with Spybot's TeaTimer because
    its protections are minimal and it is a flaky module. Ad-Aware and
    Spybot won't even complain about such changes when they are running
    because they are scanners that go out looking for malware. They are not
    monitors and they aren't geared to prevent browser hijacking. Ad-Aware
    and Spybot search for malware, not their effects. Similarly, an
    anti-virus program looks for the viruses but not the effects they have,
    like modifying the contents of other files that are themselves not
    infected, like config files. Ad-Aware has its Ad-Watch monitor that can
    check for browser hijacking and other effects caused by malware but you
    have to pay for that (and my guess is that you are using the freebie
    version of Ad-Aware so you don't have the use of Ad-Watch).
    And because you are doing manual scans using those products, they aren't
    loaded and monitoring for any malware in the interim between your manual
    scans. Do you disable the on-access scanner in your anti-virus
    software? Do you rely on just a manual run of the on-demand scanner for
    your anti-virus software to provide you with complete protection? No.
    But running manual scans of Ad-Aware, Spybot, CWshredder, and other
    on-demand scanners means that you have nothing to alert you to an
    infection between your manual scans. To protect you against viruses,
    you leave running the on-access scanner for your anti-virus program.
    Ad-Aware has its Ad-Watch utility but you have to pay for it. Spybot
    has its TeaTimer but it isn't worth wasting the memory to run it from
    what I've read regarding it.

    I also use Ad-Aware, Spybot, and CWshredder by running them
    occasionally. These manual scans provide some assurance that my system
    doesn't have any nasties in it but obviously they do nothing to deter
    the nasties from getting into my computer between when I run those
    manual scans. I'm not saying MSAS, when running its monitoring utility,
    is the ideal choice for catching malware that gets in but it does a
    reasonable job. I also use Prevx Home but it is not a product for
    newbies or anyone not willing to investigate what it is reporting to you
    when it detects critical system areas being altered. Prevx's detection
    of changes is much more immediate than for MSAS which seems to poll for
    changes and alerts you sometime later, like 10 seconds later, regarding
    the change it detected.
    That selection is specific to the process or program that caused the
    alert. For example, if you edit the hosts file using Notepad, you'll
    get an alert from MSAS where you can opt to allow or block the change.
    Some events are triggered in MSAS by its detection of the change but it
    polls for the change. That is why you takes something like 10 seconds
    before MSAS pops up to alert you to the change. The application is
    already unloaded from memory at that point so MSAS cannot identify who
    made the change, so it cannot create a hash value of that program's
    executable file (to keep track of it) so you could continue to allow
    that application to make further changes sometime later. All MSAS can
    tell you is what it monitors has changed, not necessarily what changed
    it. WinPatrol is even worse in that the minimal poll interval you can
    set for it to detect changes to monitored areas is one minute. That is
    a long time to be telling you that a change was made.

    Prevx is much more immediate, plus it knows what application is
    attempting to make the change (because it has halted the change so the
    application will hang until you decide how to let Prevx handle the
    alert). So with Prevx which intercepts the changes as they occur, it
    knows what program made the change so you can tell Prevx to always
    ignore any further changes made by that program. However, MSAS and
    WinPatrol poll for changes which means whatever made the change isn't
    around anymore so they have no way to identify the program. That means
    there is now way it can let you designate which program to always allow,
    always ignore, or always block regarding the change on which it alerts.
    In many ways, MSAS, WinPatrol, and other anti-spyware/anti-malware that
    poll for changes will tell you about them too late, but they usually let
    you revert to a prior state to undo those changes.

    MSAS, WinPatrol, SpywareGuard, Prevx, anti-virus software, and a
    firewall with outbound application rules will prompt you when they
    detect what they were supposed to detect. Some will permit you to
    select an "always" action provided the program is known that made the
    change that got detected. Some, like MSAS and WinPatrol, tell you
    sometime later when they get around to running their next poll and then
    detect the change(s) to alert you to them. However, how often do you
    really change your home page, your search engine, the contents of your
    hosts file, or other such files? How often do you change the list of
    startup programs? Not very often.
    Ad-Aware (without its paid Ad-Watch utility) and Spybot (without its
    TeaTimer) won't give you any protection between your manual scans. MSAS
    will. So will WinPatrol as will Prevx Home. MSAS and WinPatrol poll
    for changes so they always detect late, but better late than never.
    Prevx Home is much better but isn't something you should use if you have
    problems understanding or using MSAS or WinPatrol.

    My attitude is that if you don't backup your data then you have decided
    that it isn't important. Hard drives fail, malware sneaks in, users
    make [lost of] errors, cheap power supplies can cause data corruption,
    no UPS is employed to prevent the system crashing during an outage,
    there are conflicts between software products, and so on. Drive images
    let you get back quickly to the same state you were when you saved the
    snapshot of your partition(s). System Recovery is sometimes helpful
    *if* it works but don't rely on it to recovery your computer to a prior
    Vanguard, Mar 3, 2005
  18. Julie P.

    Vanguard Guest

    And, of course, Firefox would never permit a user from downloading
    software which carries covert spyware or malware, oh no, uh uh. And, of
    course, Firefox, Opera, or whatever non-IE browser of your choice would
    definitely prevent users from inserting floppies, CDs, Zip disks,
    removable hard drives, and other storage media that would be infected.
    The only way to guarantee that malware never gets into a computer is to
    eliminate the user. Geesh, if you think the only avenue for infection
    is through the browser then you have a lot more learning in store for
    Vanguard, Mar 3, 2005
  19. Julie P.

    Edward Guest

    What a idiot you are.
    Edward, Mar 5, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.