My Recent Spyware Experience

re: My Recent Spyware Experience

Kelly Jones — Wed, 06 Apr 2005 01:02:34 GMT

Hi Michael,

My brother had a similar incident recently. I won’t bore you with the war story, but the immediate problem was fixed by: a.) downloading our anti-spyware tool and b.) installing SP2. The real benefit I discovered from helping walk my brother through the problem was that his family is now using their computer again. The pop-ups and lord knows what else had become bad enough that they had quit using their computer. He was *very* happy that a few simple downloads from Microsoft could fix the problem. I had been somewhat ignorant to the real impact that malware was having on ordinary users and eventually, Microsoft’s bottom line; maybe because I always have had some sort of firewall and kept my family's systems updated. Anyways, kudos to you security folks for pushing the security initiative.

-Kelly

re: My Recent Spyware Experience

AC — Wed, 06 Apr 2005 11:54:12 GMT

Of course, it was "only a family computer" so your main assumptions have been:

- You'll come again, so you don't have to solve the problem 100% at once.

- Even if some software that makes outgoing connections remains there after the first visit, it's not so important, you'll see it in the logs on the second visit (and the hacker is probably not too clever/persistent to clear the logs).

Now imagine that you have had just a little stronger goal: to be able to claim after the first visit that the computer is safe. Boy, you'd have had much more work – installing the operating system and all the software on the machine from the CDs again. Only then SP2 etc.

And the people haven't had anything bad, they just used the computer with the default configuration, as Microsoft made it.

By the way, the mother probably still surfs/reads e-mails as admin. One her accidental "yes" instead of "no" on some dialog and the problems start again. And for the CD in the tray, when she's logged, the "Autorun" is executed as admin too.

MS should really, among other things, organize things so that only the system software must be installed as admin, and all the games and "normal" software ("Office" kind of stuff) can be both installed and run under restricted account. Even things like database servers shouldn't need administrator rights to be installed for single user.

Deep in the OS, the protection mechanisms always existed, they were just not used by the rest of MS and developers.

re: My Recent Spyware Experience

Mendy Werne — Wed, 06 Apr 2005 18:38:27 GMT

Spyware can be a pain....try DriveShield PLUS by Centurion Technologies. This product write-protects your hard drive and spyware and other malicous programs can't even penetrate your hard drive and it erases unwanted or unintended changes when the computer is rebooted – restoring it to the desired state.

Check it out at
http://www.centuriontech.com/dsplus-about.htm

re: My Recent Spyware Experience

Kevin Remde — Tue, 12 Apr 2005 17:55:56 GMT

Wow... Michael, this is almost word-for-word the same experience I've had with many of my neighbors. Minor difference in the wine (a bottle of a California Merlot offered as payment).. but other than that, it's scary what people DON'T know, and how easy it is for such control of machines to be taken. You and I and most if not all of our coworkers are doing great things in our neighborhoods by offering such assistance whenever we can - if only to educate our neighbors, friends, and families about the list of tips you mentioned.

Great posting!

techSupport for Wine

Keni Barwick's Blog — Wed, 20 Apr 2005 11:37:59 GMT