[unisog] Initial Observations of the Microsoft AntiSpyware Be ta1

Harris, Michael C. HarrisMC at health.missouri.edu
Mon Jan 10 21:42:30 GMT 2005


Where is the central console for management in larger organizations be
it a stand alone central console or MS OP center plug-in or what ever.
Without centralized reporting and centralized control it isn't giving me
much of anything that other products are not...

(I know MS staffers lurk about on this list, so listen up guys)

Go ahead and give away the basic AntiSpyware client side for
Joe_home_user but hurry up and give me a server side to manage it with,
Then you might have something worth paying for.  Especially true if it
can someday evolve into a malware solution that deals with Virus,
Malware, Patching and local log events in the larger Microsoft system
management framework. Give me tools that make management of a bunch of
systems easier not harder.

I realize it is a Quick release, an alpha product based upon the
purchase of Giant but MS needs to look back at lessons learned with
their patching systems and from their competitors in the AV market.   

Without the back end it just ends up, at best, another tool in the kit
along with Adaware and SpyBot.  From what I see it is a long way from
being that good yet.  The malware definition set is lacking, but seems
to be evolving fairly quickly based upon the updates from MS the past
week.  How quickly they build a good definition set and how well they
maintain it will be critical.  I am worried that I am not seeing
published statements from Microsoft about how fully they are staffing
this effort and what resources are being put to it.  That would go a
long way in pushing us into adopting it as it becomes a real product as
well.

Mike Harris

System Security Analyst & Instructor
University of Missouri Health Center
harrismc at health.missouri.edu KC0PAH



-----Original Message-----
From: unisog-bounces at lists.sans.org 
On Fri, 7 Jan 2005, Gary Flynn wrote:
> Whether the customers can or will handle the complexity of the 
> information supplied by the HIDS/application firewall/ outgoing 
> firewall software will be the question. In most corporate settings I 
> think the best answer is a white list of applications allowed to run 
> rather than continually trying to come up with a black list.

On Behalf Of jef moskot
This will be fine for moderately sophisticated users, but in my
experience, the average user in my department will click just about any
OK button in front of them if it claims to be a helpful thing.
Actually, most of my users would probably click the button even it said
"Hey, check it out, I'm about to erase your hard drive, and install a
virus that will load your machine with child porn.  You MUST click the
OK button to proceed." given the way they respond to legit warnings.





More information about the unisog mailing list