[unisog] Initial Observations of the Microsoft AntiSpyware Be ta1
flynngn at jmu.edu
Sat Jan 8 01:52:40 GMT 2005
I thought the extra functionality adding restrictions or
warnings to things like scripts running, browser helper
object installations, and startup programs was interesting.
It looks like it adds HIDS/application firewall-like
functionality to the old malware signature detection
model which means it should help with all malware.
The statement of Microsoft's strategy concerning spyware
is also interesting:
"Microsoft's vision for anti-spyware solutions is that
customers should be empowered to make informed
decisions about the software that installs and runs on
their PCs. Microsoft will take steps toward this vision
by making it easier for customers to gain insight into
what's running on the system, to better discern good
software from bad software, and to block and remove
spyware from a PC."
As Microsoft backs out or fixes troublesome features in I.E.
and Windows that take control of software away from the
end user, keeping unwanted software off computers will fall
more and more on the operators of the computers whether
the software is called a virus, trojan, spyware, or something
else. Whether the customers can or will handle the complexity
of the information supplied by the HIDS/application firewall/
outgoing firewall software will be the question. In most
corporate settings I think the best answer is a white list of
applications allowed to run rather than continually trying to
come up with a black list. XP and 2003 have the ability to
do that built in with their software restrictions policies.
James Madison University
More information about the unisog