[unisog] Initial Observations of the Microsoft AntiSpyware Be ta1

Gary Flynn flynngn at jmu.edu
Sat Jan 8 01:52:40 GMT 2005

I thought the extra functionality adding restrictions or
warnings to things like scripts running, browser helper
object installations, and startup programs was interesting.

It looks like it adds HIDS/application firewall-like
functionality to the old malware signature detection
model which means it should help with all malware.

The statement of Microsoft's strategy concerning spyware
is also interesting:

"Microsoft's vision for anti-spyware solutions is that
 customers should be empowered to make informed
 decisions about the software that installs and runs on
 their PCs. Microsoft will take steps toward this vision
 by making it easier for customers to gain insight into 
 what's running on the system, to better discern good
 software from bad software, and to block and remove
 spyware from a PC."


As Microsoft backs out or fixes troublesome features in I.E.
and Windows that take control of software away from the
end user, keeping unwanted software off computers will fall
more and more on the operators of the computers whether
the software is called a virus, trojan, spyware, or something
else. Whether the customers can or will handle the complexity
of the information supplied by the HIDS/application firewall/
outgoing firewall software will be the question. In most
corporate settings I think the best answer is a white list of
applications allowed to run rather than continually trying to
come up with a black list. XP and 2003 have the ability to
do that built in with their software restrictions policies.

Gary Flynn
Security Engineer
James Madison University

More information about the unisog mailing list