Microsoft Gets in the Anti-Spyware Business

You probably know this by now, but Microsoft is getting into the anti-spyware business. I, for one, am glad. I recently spent a couple of hours cleaning the spyware off my kids' PC, and I came away from it wondering how users that don't work with computers for a living cope with the deluge of crap that infects everyone's systems these days. Actually, I know how they cope it: they pay companies to clean up their systems, they rely on friends who know a thing or about computers, and more often, they just live with the spyware, wondering why their systems run half as fast as they did a month ago.

One of my friends recently paid CompUSA to come to his home and disinfect his system. $160 later, he had a clean system, but within a few days, he (not surprisingly) was infected again. My neighbor across the street called me a few weeks ago and asked if I could help him out. One of his PCs was so slammed with popups that they came up faster than he could click them away. Last week we took a close look at the PCs in the computer lab at the school my kids attend. Those PCs were so loaded down with spyware that they were barely functional. It's going to take time and money to clean them up. And then, within a few weeks, they'll be infected again.

Something has to be done. It's ridiculous that companies can install rogue software on your computer and stay (mostly) within the law when they do it. It's not an easy problem to legislate away, because in many cases you (or your kids) unknowingly provide consent for the stuff to be installed. But somehow, some way, we need laws that require the jerks that install spyware to be very explicit about what they're doing so you can make an informed decision about whether using the service or product they offer is worth what they do to your PC. Sure, not everyone will obey the law, but a few stiff prison sentences for those that don't would set a wonderful example.

I run Ad-Aware regularly and was surprised by how soon after a cleanup my PC got reinfected with “tracking” cookies. I found a simple solution for IE 6.0 users: go to Tools->Internet Options->Privacy and use the advanced options there to configure IE to accept first-party cookies but block third-party cookies. (Be sure to check “Override automatic cookie handling“ and “Always allow session cookies,” too.) Now I rarely ever find a tracking cookie on my PC.

I just downloaded and installed Microsoft's beta anti-spyware app and ran it for the first time. It found no malware on my box, so I ran Ad-Aware just to be sure. It also reported that my PC (actually, my laptop; I'm traveling this week) is clean. So I'll reserve judgement on Microsoft's software until I get a better feel for how thorough it is. Several reviewers, including Walt Mossberg of the Wall Street Journal, have complained that Microsoft's anti-spyware tool is IE-centric. That doesn't bother me, because IE is my primary browser.

As I get older, I grow continually more amazed at how many scumbags there are on the Internet. The relatively few spammers, virus writers, and spyware vendors out there have made life miserable for the millions of users that they prey upon. Hackers continually try to infiltrate and destroy networks. And as if that weren't enough, now there's comment spam, which this blog has recently become the target of. Is there no bottom to the lows that these people will stoop to?

On Jan 18 2005 2:12 AMBy jprosise
With 6 Comments Jeff Prosise

Comments (6)

  1. Johan Ericsson

    Many, including myself, don't lump tracking cookies in with "spyware". Tracking cookies don't bog down computers. They can't steal credit card information.

  2. Jeff Prosise

    It's true that tracking cookies don't fit the classic definition of spyware. But they do fit the definition of something I'd just as soon not have on my machine. According to some of the reviews I've read, Microsoft's new anti-spyware tool doesn't detect tracking cookies.

  3. Arnaud TOURNIER

    (sorry for the english talking of a french guy...) I am a devlopper and really feel ad-ware and others are a big suffer in a os life, and further for the user. But instead of thinking in 'law' terms, we have already seen the many problems of having a law on internet. The law musts then be supported by all states in the world, to have it really applicated. Thus I do not feel good with the law, it is such the basment of a social organisation that is coming (or will come) to die. Internet has bring a new social model to human on this earth : having relation ship independently of the physical place, having hackers and devloppers continuously increasing the performance of their software, it seems that a balance can appear. If we saw that situation with the point of view of the fight, yes we can say PC and OS runs pretty much well, either if there is some 'bad', for instance the adware, and so on... I think you have spotted a really important point, when saying the user "unknowingly provide consent for the stuff to be installed". Actually I think the very real problem is that users are not EDUCATED, they are not aware that sometimes a plugin needs to be installed to see flash movies, and sometimes, the same window can talk about an adaware... I recently desinfected a friend of mine's PC. His PC had never been connected to internet but when he did that all thing have triggered. Even using only magazine's cd, he has been infected so deeply, i had'nt seen that. (doesn't that makes the law even more difficult ?) Instead : I had never used an anti spyware, neither any antivirus (one or two times to test, but nothing important was found). When I tested all anti spy software I used on my friend's computer, I found nothing on mine even if I am 24/24 connected, have many softs running and so on. Why that ? Because I know what is happening when a message box ask a question. (but no user can decipher what it means, it is so badly explained). I think making users aware of the things happening can be a very good way lowering the spywares (maybe the best way). It is a big thread, but not impossible. One more thing : the email. More than 10 years after spams come up, nobody still know how to use a mailer. But nobody either tried to educate the users. There are antispam, but users continue to foward mails with many contacts in CC, not BCC for instance, they continue to believe they save lives when fowarding a hoax...

  4. Gary

    I am new in learning about the anti-spyware, and am lost with a couple of terms that are being thrown around. What do the terms "Detecting Cookes" and "Tracking Coooies" mean??? And if you get a spyware software that eliminates your cookies, then doesn't it also eliminate cookies from websites that recognize you as a visitor automatically, so you dont need to input information evertime you visit the site??? EXAMPLE: everytime you would visit Amazon.com, the site will recognize you automatically rather than have to make you logon every time you visit. Therefore if cookies is eliminated with the spyware, doesnt that mean all the sites such as Amazon.com that most users value cookies for (whether they know it or not) would have to be re-entered the next time you visit?? Also, unlike spyware, cookies prompts you for your personal information, so you have to make a conscious decision to give the website any information, and therefore your privacy has NOT been invaded without your knowledge. So isn't a spyware software that DOESN'T detect cookies, one that you better off with??? SOMEONE - PLEASE HELP ME !!!! IM LOST!!!!!! Sincerely, Gary

  5. Jeff Prosise

    There are two kinds of cookies: first-party cookies and third-party cookies. First-party cookies issued by, say, eBay only go back to eBay and are a good thing. Third-party cookies are the ones spyware companies use. They're issued by one site and submitted to another. These, I believe, are what anti-spyware tools refer to as "tracking cookies." IE 6 lets you disable third-party cookies while leaving first-party cookies enabled. It works great: Web sites that rely on cookies to provide stateful experiences work as normal, but sites that litter your hard disk with third-party cookies that spyware vendors have paid them to disseminate get foiled. In addition, IE 6 has an option for allowing "session cookies" even if third-party cookies are disabled. It's good to leave session cookies enabled, because tracking cookies are always (at least to my knowledge) persistent cookies. (Session cookies go away when you close your browser, but persistent cookies are stored to hard disk and outlive your browser session.) Hope this helps some.

  6. Dave

    I dont think tat it is possible. In addition, the software is still in beta phase and we cannot be sure of it...

Leave a Comment

Archives

Tags