That didn't take long
February 11, 2005 2:06 PM   Subscribe

Microsoft AntiSpyware Program Hit by Trojan. Microsoft's Antispyware isn't out of beta yet, and already the virus writers are on the attack. "The Bankash-A Trojan shuts down the AntiSpyware program and then logs keystrokes in hopes of stealing passwords from users. The Trojan is triggered when the user opens the malicious e-mail attachment."
posted by Outlawyr (38 comments total)
 


Thanks, quonsar! I needed a good laugh.
posted by jperkins at 2:14 PM on February 11, 2005


You know, when this was posted on Slashdot two days ago, the consensus was that it was a dumb microsoft bashing non-story.

If slashdot thinks its microsoft bashing, your in rarified territory.
posted by PissOnYourParade at 2:20 PM on February 11, 2005


I tried the beta, and after the first time I ran it, when it found and removed 8 instances of spyware, it hasn't found a darn thing. I'll stick with AdAware and SpyBot, I guess.
posted by alumshubby at 2:22 PM on February 11, 2005


When I posted this on Metafilter two minutes ago, the consensus was that we don't care what those pocket protector wearing geeks think.

Quonsar, that article was from the Bizarro planet, right?
"It’s a lot similar to the one that is already available with the Internet Explorer." A lot similar?
posted by Outlawyr at 2:35 PM on February 11, 2005


Uh...how often are you downloading and installing spyware, anyway, alumshubby? If you're working your computer right, you should be able to run it once, clean out everything, and then you're clean basically indefinitely, as long as you aren't downloading random shareware apps. I run AdAware and SpyBot once every 3 months or so, and it's rare that it finds anything at all.

Now, running AdAware on a shared computer at work? Different story.
posted by Bugbread at 2:37 PM on February 11, 2005


And, quonsar, is that a joke site, or what? I looked at some of the other articles, but they seemed relatively straightforward.
posted by Bugbread at 2:38 PM on February 11, 2005


i don't think it's a joke, i found it on google news, right under the story about MS anti-spyware. i figure it's a paid MS plant, timed to spread disinfo about firefox and viruses and trojans concurrent with the release of thier product. i made use of the feedback link on the site to ridicule the author.
posted by quonsar at 2:51 PM on February 11, 2005


i don't think it's a joke, i found it on google news, right under the story about MS anti-spyware. i figure it's a paid MS plant, timed to spread disinfo about firefox and viruses and trojans concurrent with the release of thier product.

Could it possibly be? When Microsoft wants to do something like that, they'll pay a think tank to write a report. That article looks like it was written by a 12-year-old, quoting sources such as "analysts" and "a senior exec from marketing". Does the Mozilla Foundation even have "execs" or a marketing department? It looks like the whole thing was invented impromptu. Microsoft isn't that incompetent. Is it?
posted by mr_roboto at 3:57 PM on February 11, 2005


I downloaded the MS Anti-Spyware program as a last ditch effort to get rid of a persistent malicious program without a reformat, and it sure does find it alright (where Ad-aware had failed), but it doesn't remove it even after it says it has. Every time I run the damn thing, it finds the problem, says it's cleaned it, and then will find it directly afterward if I run it again. I realize it's still in beta, but it simply doesn't work at all (at least, in my case).

As for quonsar's little gem of a thread hijack, I can't believe that wasn't written in jest. And if it wasn't...wow. Just, wow.
posted by rooftop secrets at 4:28 PM on February 11, 2005


Well, then I'm kinda curious what you are trying to point out here then?

That Microsoft's anti-spyware product is defective since some 16 year old wrote a vbs script that uninstalls it?

Well, I guess they all suck since many pieces of malware have been disabling various virus scanners, systems scanners and replacing host files for years.

Microsoft has made and bought a couple of pretty farty programs over the years, but this little spyware scanner they bought seems to be pretty good.

Software like this combined with the security advances in XP service pack 2, the new server OS's and religious patch release cycle seem to represent a pretty concerted effort by them to change the direction of the ship.

(And I was pointing out slashdot since if the majority opinion on that site that a microsoft bashing article is idiocy, you can be pretty sure there isn't even a smallest granule of real news to latch onto)
posted by PissOnYourParade at 4:43 PM on February 11, 2005


I remember reading that MS was intentionally hamstringing their anti-spyware app (again, this sounds like a joke, but isn't) because some of the spyware/malware comes with a clickthrough agreement saying "you agree not to remove this from your computer" and MS doesn't want to violate those clickthrough agreements, lest they give people the impression those agreements don't mean anything.
posted by adamrice at 5:02 PM on February 11, 2005


WARNING: Viruses do bad things! Film at 11.
posted by Dark Messiah at 5:07 PM on February 11, 2005


POYP, I think "ship" is a bad metaphor.

I see a computing world dominated by a single supplier's products more like a monoculture ecology, and it has pretty much the same feature set: it's convenient, you know what you're getting, a lot of people know how to manage it, and every disease is at least potentially disastrous.

It seems to me that it doesn't matter how hard M$ works to secure its stuff. As long as that stuff maintains a 90%+ market share, it is going to remain the primary target for every pestware coder on the planet, and its users will continue to suffer from the effects of that.

I can't see how "trustworthy computing" and "massive monopoly" can be made to co-exist. Can you?
posted by flabdablet at 5:09 PM on February 11, 2005


a clickthrough agreement saying "you agree not to remove this from your computer"

If this isn't bullshit, is it legally enforceable?

If so, what's next: "you agree to never divorce me"?
posted by davy at 5:14 PM on February 11, 2005


Microsoft isn't that incompetent. Is it?

Let's go to the Videotape

Maybe better marketing would help.

But how about that mainland China market?

That's enough; this is too easy.

posted by Kirth Gerson at 5:49 PM on February 11, 2005


bugbread, thanks for asking...I think I'm getting the same spyware over and over again from hitting Accuweather's web site and the TV Guide one. It seems like I go there and I instantly have spyware. No biggie; it's not clobbering my performance on this Pavilion, but it does bug me a little that the stuff keeps coming back. I wish ZA Pro blocked the junk.
posted by alumshubby at 5:56 PM on February 11, 2005


Alumshubby: You may want to turn off javascript and give it a shot. Also, are you using IE, Opera, Firefox, or something else.

a clickthrough agreement saying "you agree not to remove this from your computer"

If this isn't bullshit, is it legally enforceable?

If so, what's next: "you agree to never divorce me"?


Er, I think you're missing the context. The "you agree not to remove this from your computer" is part of the common, but much longer, "Software X comes with Software Y (spyware), and you agree not to uninstall Software Y while Software X is installed on your computer". That is, you can't remove the spyware bundled with a piece of software (Kazaa, etc.) without removing the parent software as well. It doesn't mean you can never uninstall the spyware ever.
posted by Bugbread at 7:22 PM on February 11, 2005


I've been using MS Anti-Spyware on co-workers pc's and it's seemed to work best, I've seen it report an instance of spyware repeatedly, but it's usually in the system restore point. Ad-aware/Spybot/nor MS Anti-spyware will remove spyware from the system restore points.... if that's where it's living you need to disable the system restore points before running. Overall, I'm adding it to my regular cocktail of spyware removal tools.
posted by TuxHeDoh at 7:31 PM on February 11, 2005


Wow, okay.. I would love to have a non-invective filled discussion about the state of the software industry and I think flabdablet got it off to a great start.

I think he brings up a great point, which is that perhaps the issues plaguing Microsoft desktop software are almost inevitable in a homogenous environment.

This definitely has analogies in the biological world. If you plant a field with a single species of crop, it is much easier for a blight to take root. There is strength in diversity, in so much that different species often are not susceptible to the same diseases.

The problem with software, which is a surprisingly similar process, is that its much easier plant, fertilize, harvest and sell a single crop (err, Operating System) that 10 different ones.

As I see it, two things are going on;
1) Management difficulties
2) Network Effect

Anybody who has had the unenviable job of managing machines for other people know that it's just a fact a life that managing a heterogeneous environment is exponentially more difficult than a homogenous one. You need to certify software on multiple OS's, handle patches for multiple versions and deal with wildly different security issues. This trends people to choose a single provider. It's just easier and in the understaffed, overworked world of I.T. , 'easy as possible' is a requirement.

That's leads us to second point, which is the network effect. Like fax machines, software becomes exponentially more valuable the more installed seats. The greater the user base, the greater number of people writing software and the greater number of people available to help solve problems. For hobbyists, taking the path less traveled can be fun, but for people who need to do this stuff for a living, the journey is not the reward.

So, I would argue that software, like VCR tape format trends to a monoculture naturally. Now you can argue that the reason Microsoft became the standard was due to some less than savory business practices, and you might be right,. But in the end, someone was going to end up the majority provider. And once someone became the primary species we are dealing with the homogenous problems. Now, some species are more resistant to disease than others, but in the end, a homogenous environment is going to breed blight.

Add onto the fact that whoever is the primary provider needs to worry about backwards compatibility more than anyone else, and that really very few people in the consumer space were thinking about network security before the internet, and its a recipe for problems.

In fact, lets do a hypothetical experiment and say that Apple became the majority OS provider, back before OS/X. Say that at the height of its popularity that MacOS 8.1 was installed on 9 out of 10 desktops.

This was another OS that designed before the network was the computer. It had no preemptive multitasking and no protected memory. Back in college, I remember saving term papers every 5 minutes because you never knew when the dreaded system bomb would pop-up.

Additionally, with such a large and diversified installed userbase, Apple would have had a much harder time pushing the change to OS/X and its imperfect classic emulation. Many of the legacy issues would have been hell to get rid of and we would be fighting much of the same fight now and we do with Microsoft products.

I think its just a bit lazy to blame all the security growing pains on incompetence inside Microsoft. There have been good Microsoft products, and some really, really crappy Microsoft products.

But the challenges they face now are as much inevitable as they are purposeful.

It's just that this is not a black and white issue. Somewhere in between Micro$oft=EVIL and the marketing propaganda lives the real world and those of us that have to work and play in it.
posted by PissOnYourParade at 7:54 PM on February 11, 2005


This is pretty weak.

Both adaware and spybot are also tampered with by trojans and spyware as are many antivirus programs and so on. The fact that microsoft's anti spyware program can be shut down a trojan reflects a weakness in window's process control. If the trojan writer wanted to they could shut down any application - even firefox.

In a recent comparision i saw the conclusion was that no anti-spyware was better than 70% and that the company that microsoft bought actually had a competitive product.

As a related topic: Why does firefox allow websites to install software by default?
posted by srboisvert at 8:05 PM on February 11, 2005


Its really nothing to do with technical issues around Windows process control and much more to do with the cultural propensity of Window's users to run as Administrator (root for you Unix-heads)

In Windows you can't shutdown processes you don't have rights to, same as in Unix.
posted by PissOnYourParade at 8:26 PM on February 11, 2005


srboisvert: my copy of Firefox (1.0 running on Windows XP) defaulted to blocking software installs from sites I haven't added to its trusted list. What version do you have?

POYP: I'm doing my best to educate the people whose machines I clean up about the virtues of setting up a single Admin user with admin rights for admin jobs and doing all their day-to-day use with limited-rights users. Unfortunately Windows XP Home makes this harder to do than it needs to be; all it takes is for one of those limited-rights users to click the "make this folder private" box, and the admin user can't see into their My Documents folder any more. This makes system-wide spyware and virus scans cumbersome. The only way I know to work around this is to boot into Safe mode after adding a new user and do violence to the standard security permissions, and that's fiddly enough to be beyond most XP Home users.

You make an interesting point about the inevitability of the software monocrop - but compare the current state of the software industry with that of the PC hardware manufacturing industry. Sure, there's a dominant architecture, but there's also a lot of manufacturer diversity. It will be real real interesting to see what happens to the first open-source office-tools suite that (a) has a UI very close to that of the existing M$ tools and (b) uses the existing M$ file formats by default.
posted by flabdablet at 4:38 AM on February 12, 2005


srboisvert: my copy of Firefox (1.0 running on Windows XP) defaulted to blocking software installs from sites I haven't added to its trusted list. What version do you have?

I'm running 1.0 as well. I had to unselect a check box under Tools -> Options ->Web Features. Mind you have been upgrading from older version so maybe it was carry over. Still seemed odd to me...I had to do the same on my gf's laptop.
posted by srboisvert at 5:28 AM on February 12, 2005


srboisvert: The check box is on by default, to allow sites to install software - but only those sites you have specifically allowed to do so. Click on the Allowed Sites button next to that option - only those sites (if any) listed will be able to install anything.

It's perfectly safe to leave the check box selected - when a site tries to install something, Firefox will inform you of this, and stop it. It then gives you the option to add the site to your allowed sites list, if you want to.
posted by ralphyk at 7:26 AM on February 12, 2005


"Pre-beta software found to have a possible bug! News at 11!"

Feh. The only reason this even warrants notice is that the "Microsoft" tag is on it.
posted by FormlessOne at 9:23 AM on February 12, 2005


"The only reason this even warrants notice is that the "Microsoft" tag is on it."

Or so that people are aware of the problem. It's also interesting that the lag time between a software release from MS and a virus written for that program is shrinking.
posted by Outlawyr at 9:37 AM on February 12, 2005


people are still opening email attachments?!
posted by NationalKato at 10:14 AM on February 12, 2005


Heh, yes without doubt something was bound to become the dominant species...

Please excuse the metaphor mixing but: Windows is a freak, a mess, a gangly, goofy problem child. It's dominance has less to do with its capabilities and more to do with the, let's say 'sharp', management practices and inevitable market forces well described above. It's the lumpy polluted snowball that got the earliest strongest push down the hill.

Since then it's also been unnaturally protected by lawyers and money from darwinian market effects. So in itself technically it's not strong, it's vulnerable to environmental problems. It and the whole software industry grew perhaps too quickly and now we're in for a long period of consolidation and fixing past mistakes. It will be interesting to watch the progress of Firefox, as it's numbers grow will it become as problematical as IE?
posted by scheptech at 10:25 AM on February 12, 2005


I don't want to start any crazy debate, but I don't have to worry about any of this on a Mac. Mr. Morford at SFGate puts it best.
posted by boymilo at 10:50 AM on February 12, 2005


Ehh scheptech,

It's true, Windows is a mess, but we have to be fair here. What are you comparing it to?

It's my postulation that whoever became the mono-species has the hardest time evolving because of backwards compatibility issues.

Specifically, looking at Mac OS/X, I don't believe that Apple could have pushed through the change to a modern Unix based kernel if it had a much larger installed base. The Classic compatibility layer works admirably well, but it's not perfect.

So, back in the days Windows 3.1, the world could have leaned towards classic Mac, towards OS/2, towards GEOS, or some other player.

Certainly, some of these were better than windows. OS/2 in particular had some great architectural advantages.

However, if any one of those OS's were still with us today, the way that design decisions in Win 3.1 and Windows 95 live in Windows XP because of legacy issues, I think we would have many (maybe not all) of the same problems.

Really, all those thinking as Mac OS as impenetrable, imagine if there were still 40 million seats of Mac OS 8.1 toiling away, connected to the internet using the Appletalk-TCP/IP connectivity layer hacked together when the network world burst upon us.

Here was an OS without even protected memory or real file permissions. If it was a large enough target, it could have been a wonderful host for virus's, malware or spyware.

If your going to compare oranges to oranges per say, compare Windows Server 2003 (the first version of windows I think that Microsoft has felt comfortable enough throwing out backwards compatibility) to OS/X
posted by PissOnYourParade at 12:53 PM on February 12, 2005


per say

say what, per se?
posted by quonsar at 3:20 PM on February 12, 2005


Oy vey,

4k of an attempt at reasoned discourse and that's what I get?

I'm dyslexic and a computer programmer. I've always had trouble writing the way things sound vs. the way things are spelled.

You want to fucking shoot me over it also?
posted by PissOnYourParade at 8:05 PM on February 12, 2005


Boymilo, your link author doesn't really address the majority-target argument when he says


And I know, finally, the argument that says that if the world was using Macs instead of PCs, the hackers would be attacking the Macs. It's a game of numbers, after all. Anti-Mac pundits always mutter the same thing as they install yet another PC bug fix: there just aren't enough Macs out there to warrant a hacker's attention.

Which is, of course, mostly bull. I'm no programmer


[Clearly, since any number of Russian hacker sites will give you explicit instructions for how to put a *nix virus together.</snark>]

but I know what I read, and I know my experience: the Mac OS architecture is much more robust, much more solid, much more difficult to hack into. Apple's software is, by default, more sound and reliable, given its more stable core.


A clue for the author: not hacked into and more difficult to hack into are quite different things. My house is very easy to break into because I tend to leave it unlocked a lot, but I live in a small town instead of a big city precisely so I don't have to worry about things like that.

It is clearly true that people with Macs have fewer problems with pestware than people with Winboxen. The lesson here is not that Mac OS is by its very nature superior - but that if freedom from pests is your priority, you should certainly consider running a minority OS.

If the ability to use commodity hardware and hassle-free interoperation with the rest of the world are more important to you, use the dominant OS and either live with pests or teach yourself how to use your machine in ways that keep them out.

FWIW, my main computer is a 1.7GHz Linux-only laptop. The machine I'm on right this instant is an elderly 266MHz HP destop running Windows XP Home (it runs Gentoo Linux when I want to use it as a media vault). I keep XP clean with limited user accounts, the inbuilt Windows firewall, and Firefox and Thunderbird for browsing and e-mail.

I run AVG 7.0 Free to look for viruses, and occasionally run Spybot S&D to check for pests. Neither has found anything in the six months this system's been in use.

I got interested in Windows security a couple of years ago, when this same box was running Windows 95. I had just turned on file sharing to fool around with networking the new laptop; all naive and innocent, I had shared the Win95 root directory. I got my first virus the same day I connected the Win95 box to the Net with its own modem instead of running NAT at the laptop. Until then, I had thought the only way to get a virus was by clicking on dodgy e-mail attachments.

The bottom line for me is that computers will always find some way to waste your time. Careful choice of an OS will determine whether you waste time stopping them doing things you don't want them to do, or waste time persuading them to do things you do want them to do.

Of course, whatever OS you choose you will end up spending endless hours on Metafilter :-)
posted by flabdablet at 9:27 PM on February 12, 2005


Fair enough on the windows vs mac comparison. What I'm talking about is the software engineering vs every other kind of engineering situation. I work in the industry so I'm pretty sensitive to how hard it is to make things work given the usual time pressures but really there's just nothing like software for quality problems.

It's not a mature industry even yet and I guess my main complaint about MS is they've done very little to help it mature quality-wise and therefor to improve the general publics perception of software engineering as a serious dicipline even though they've been in a better position to do so than anyone for a very long time. Stuff like this anti-spyware trojan-already goofiness just makes us all look like a bunch of flakes. IMHO, of course.
posted by scheptech at 9:38 PM on February 12, 2005


There's nothing like software for quality problems because there's nothing like software, full stop. Fred Brooks was the first author I read who took this position, and in twenty years of programming I have yet to be convinced by a counter-argument.

I can't see how the software industry is ever going to get mature. As far as I can tell, writing good software is as much of an aesthetic/artistic exercise as an engineering discipline, and is likely to remain so; the more you try to control complexity in one part of a software design, the more it breaks out everywhere else and it takes a powerful intuitive feel to get the balance right.

I see the displacement of the term "computer programming" by the term "software engineering" as more of a marketing triumph than anything else - and, like most marketing triumphs, it has caused a certain degree of blowback.

As far as programming for a living goes, I'm now burnt out; I can no longer take pleasure in having large amounts of money depending on my unfailing competence. To all you young 'uns out there still trying to make "software engineering" as reliable as building things in concrete and steel, I say: more power to you, but don't be too upset when your best stuff still ends up happening under the influence of excess caffeine and/or sleep deprivation. Behind that pocket protector beats the heart of an artist, dahling.

Which reminds me - it's midnight and I need to be awake for work in the morning. 'night all.
posted by flabdablet at 5:07 AM on February 13, 2005


"The Trojan is triggered when the user opens the malicious e-mail attachment."

Because no program can protect against stupid people
posted by Reverend Mykeru at 11:11 AM on February 13, 2005


I know that no one is reading this thread anymore, but this was the most reasoned, thoughtful discussion I've seen on Microsoft monoculture in years.

Bravo metafilter..
Boo to the fanboys....
posted by PissOnYourParade at 11:21 AM on February 13, 2005


« Older eBay Soapbox   |   Opening the Gates Newer »


This thread has been archived and is closed to new comments