Sometimes it's a heck of a lot easier and quicker to rebuild a computer
then fight a heavy spyware infection. I can save peoples files and
re-ghost a computer in < 10 minutes. Fighting a spyware infection with
multi products can take 3-4 times longer than that.
Multi-layer approach is a good idea, but in the enterprise, if the
products cannot be centrally managed, I find it extremely difficult to
use these products and their active protection. I install Spybot and
Ad-aware on every machine, but I use no active protection for these
products. We have them there for when a user calls us who is already
infected with spyware/adware.
I'm trying to decide on an enterprise app. MSAS looked very promising
in it's stand-alone beta, and hopefully an enterprise version will
continue on the path. CounterSpy doesn't scale in the way I'd like it
to in it's current versions for a distributed WAN. Webroot seemed nice,
but pricing was ridiculous. I've been told you can get the pricing way
down if you nudge a little. Pest Patrol (prior to CA purchasing it) was
absolutely horrible IMO. I have not seen it since CA has had a chance
to develop it.
That leaves what's included with AV vendors. Symantec is late to the
game (compared to McAfee in Trend) with v10, but it's decent. Trend's
and McAfee's door a pretty good job of active protection an removal, but
they lack the robustness of a product like Spybot S&D or even Ad-Aware,
IMO. In time they will develop, but it's hard to play catchup to these
already established products.
-----Original Message-----
From: Joe George [mailto:j.george (at) conservation (dot) org [email concealed]]
Sent: Wednesday, October 26, 2005 11:08 AM
To: Planz; Quark IT - Hilton Travis
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: Microsoft AntiSpyware falling further behind
I would also recommend running MSAS and/or any other anti-spyware
utility on normal mode and once in safe mode for good measure. I was
amazed at what wasn't being picked up in some cases after running once.
I definitely agree with Bruce Klein. Using more anti-spyware apps maybe
overkill, but if it doesn't affect the host machine negatively, might as
well. Rebuilding computers should be a last resort.
Best,
Joe
-----Original Message-----
From: Planz [mailto:planz2009 (at) gmail (dot) com [email concealed]]
Sent: Tuesday, October 25, 2005 9:36 PM
To: Quark IT - Hilton Travis
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Re: Microsoft AntiSpyware falling further behind
My experience with MSAS was also similar. To verify whether MSAS is
really working, I used SpybotS&D to scan my PC after surfing for
sometime. MSAS, didn't alert me during the surfing, but SpybotS&D
detected a lot. No single security solution is a saviour.
Quark IT - Hilton Travis wrote:
>Hi All,
>
>It seems that not only does Microsoft AntiSpyware recommend that
>Claria's spyware is ignored, but it also misses a significant amount of
>cookies that are placed on a system - I have a VPC environment where I
>browse the Internet so that anywhere I go won't affect my regular
>Windows session/installation. Regularly CounterSpy is detecting
cookies
>(such as Cok.ad.yieldmanager, CGI-Bin, Cok.AssassinTrojan2.0 and Zedo
>(from yesterday's browsing)) that Microsoft AntiSpyware simply does not
>know about.
>
>Now, this is not only disappointing, but potentially dangerous. Any
>customer or end user running Microsoft AntiSpyware or CounterSpy is not
>being protected from these cookies, and MSAS doesn't even detect them -
>that's right, neither program's active monitoring is stopping the
>installation of these cookies, but at least CounterSpy is detecting
them
>post-installation.
>
>AntiSpyware is far, far from the accuracy of antivirus, especially
>something like NOD32. I wonder how long it will be before a decent
>AntiSpyware application is released that, like NOD32 does with viruses,
>actually stops spyware *before* it is installed?
>
>--
>
>Regards,
>
>Hilton Travis Phone: +61 (0)7 3344 3889
>(Brisbane, Australia) Phone: +61 (0)419 792 394
>Manager, Quark IT http://www.quarkit.com.au
> Quark Group http://quarkgroup.com.au/
>
>Microsoft Small Business Specialists
>
>http://www.threatcode.com/ <-- its now time to shame poor coders into
>writing code that is acceptable for use on today's networks
>
>War doesn't determine who is right. War determines who is left.
>
>This document and any attachments are for the intended recipient
> only. It may contain confidential, privileged or copyright
> material which must not be disclosed or distributed.
>
>
>
then fight a heavy spyware infection. I can save peoples files and
re-ghost a computer in < 10 minutes. Fighting a spyware infection with
multi products can take 3-4 times longer than that.
Multi-layer approach is a good idea, but in the enterprise, if the
products cannot be centrally managed, I find it extremely difficult to
use these products and their active protection. I install Spybot and
Ad-aware on every machine, but I use no active protection for these
products. We have them there for when a user calls us who is already
infected with spyware/adware.
I'm trying to decide on an enterprise app. MSAS looked very promising
in it's stand-alone beta, and hopefully an enterprise version will
continue on the path. CounterSpy doesn't scale in the way I'd like it
to in it's current versions for a distributed WAN. Webroot seemed nice,
but pricing was ridiculous. I've been told you can get the pricing way
down if you nudge a little. Pest Patrol (prior to CA purchasing it) was
absolutely horrible IMO. I have not seen it since CA has had a chance
to develop it.
That leaves what's included with AV vendors. Symantec is late to the
game (compared to McAfee in Trend) with v10, but it's decent. Trend's
and McAfee's door a pretty good job of active protection an removal, but
they lack the robustness of a product like Spybot S&D or even Ad-Aware,
IMO. In time they will develop, but it's hard to play catchup to these
already established products.
-----Original Message-----
From: Joe George [mailto:j.george (at) conservation (dot) org [email concealed]]
Sent: Wednesday, October 26, 2005 11:08 AM
To: Planz; Quark IT - Hilton Travis
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: Microsoft AntiSpyware falling further behind
I would also recommend running MSAS and/or any other anti-spyware
utility on normal mode and once in safe mode for good measure. I was
amazed at what wasn't being picked up in some cases after running once.
I definitely agree with Bruce Klein. Using more anti-spyware apps maybe
overkill, but if it doesn't affect the host machine negatively, might as
well. Rebuilding computers should be a last resort.
Best,
Joe
-----Original Message-----
From: Planz [mailto:planz2009 (at) gmail (dot) com [email concealed]]
Sent: Tuesday, October 25, 2005 9:36 PM
To: Quark IT - Hilton Travis
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Re: Microsoft AntiSpyware falling further behind
My experience with MSAS was also similar. To verify whether MSAS is
really working, I used SpybotS&D to scan my PC after surfing for
sometime. MSAS, didn't alert me during the surfing, but SpybotS&D
detected a lot. No single security solution is a saviour.
Quark IT - Hilton Travis wrote:
>Hi All,
>
>It seems that not only does Microsoft AntiSpyware recommend that
>Claria's spyware is ignored, but it also misses a significant amount of
>cookies that are placed on a system - I have a VPC environment where I
>browse the Internet so that anywhere I go won't affect my regular
>Windows session/installation. Regularly CounterSpy is detecting
cookies
>(such as Cok.ad.yieldmanager, CGI-Bin, Cok.AssassinTrojan2.0 and Zedo
>(from yesterday's browsing)) that Microsoft AntiSpyware simply does not
>know about.
>
>Now, this is not only disappointing, but potentially dangerous. Any
>customer or end user running Microsoft AntiSpyware or CounterSpy is not
>being protected from these cookies, and MSAS doesn't even detect them -
>that's right, neither program's active monitoring is stopping the
>installation of these cookies, but at least CounterSpy is detecting
them
>post-installation.
>
>AntiSpyware is far, far from the accuracy of antivirus, especially
>something like NOD32. I wonder how long it will be before a decent
>AntiSpyware application is released that, like NOD32 does with viruses,
>actually stops spyware *before* it is installed?
>
>--
>
>Regards,
>
>Hilton Travis Phone: +61 (0)7 3344 3889
>(Brisbane, Australia) Phone: +61 (0)419 792 394
>Manager, Quark IT http://www.quarkit.com.au
> Quark Group http://quarkgroup.com.au/
>
>Microsoft Small Business Specialists
>
>http://www.threatcode.com/ <-- its now time to shame poor coders into
>writing code that is acceptable for use on today's networks
>
>War doesn't determine who is right. War determines who is left.
>
>This document and any attachments are for the intended recipient
> only. It may contain confidential, privileged or copyright
> material which must not be disclosed or distributed.
>
>
>
[ reply ]