What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)

Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
Author: Message:
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
O.P. Roll Eyes  Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
There has been talked much already about the Microsoft AntiSpyware Beta1 software on this forum. ..

Microsoft's Anti-spyware Software...
Microsoft® Windows AntiSpyware (Beta)
MS Antispyware says Messenger Plus is adware

Most topics say that Microsoft's new beta gives a false detection of Messenger Plus!, i decided to try it myself today.

Click on the images in this post to see a bigger version


I did a "full system scan" on all my harddisks and had all these options turned on...
  • Scan memory locations and runnign processes
  • Scan selected drives/folders (All 4 partitions on my system were selected)
  • Deep scan folders (recommended but will increase scan time)
After it scanned my entire system it came up with 7 threats.

[Image: 2_results.png]

I will list the results one by one:



NetSpy KeyLogger (key logger)
[Image: 3_threat1_NetSpy Keylogger.png]
  • Detected 2 files on harddisk and a lot of registry settings.
  • This is a threat according to Symantec and listed as spyware too.
  • Not something you would wish on your system either, since it can run in hidden mode :s.
  • Not sure how this ended up on my system, probally when i tested this software on my own system a long time ago.
  • Note that this spyware was not running at the moment of scan, but it was indeed sitting on my harddisk.
  • Microsoft AntiSpyware is right to detect this spyware as a severe threat (y).
  • The default action "remove"" is very appropriate (y).


Messenger Plus! (adware bundler)
[Image: 4_threat2_Messenger_Plus.png]
  • Detected (almost) all Messenger Plus! files and registry settings
  • The sponsor is not installed on my system, it actually never was.
  • It's listed a "adware bundler" even while (in my case) the sponsor doesn't exist anywhere on my system. And it isn't possible to get the Plus! sponsor either from the files it detected. The only way is by downloading the Plus! installer from some site, run it and choose to have the sponsor installed. Even whe using the auto update feature you will always need to choose if you want to have the sponsor installed or not with this update.
  • Microsoft AntiSpyware does detect Plus! as spyware, even without the sponsor. But it does not detect the Messenger Plus! setup file as spyware. Strange, the setup file has much more risk of being 'spyware' (50% depending on if you choose to install the sponsor or not) then a Plus! installation without the sponsor (0%, totally harmless).
  • Microsoft AntiSpyware is not right in any way to detect Messenger Plus! as spyware, it could be right to detect the sponsor itself or the Messenger Plus! installer, but never the Plus! software itself (n).
  • Using "ignore" as default action is the least they can do, shouldn't even be detected (n).
  • Can go on about this much longer, but just browse the other topics about this.


RealVNC (Commercial Remote Control)
[Image: 5_threat3_RealVNC.png]
  • Detected start menu shortcuts to RealVNC.
  • I use RealVNC to connect to my PC over the internet when i'm away from home. It's simulair to Microsoft's Remote Desktop which isn't detected BTW :o. I installed RealVNC myself and you need to login with a password before you can do anything with it. Also, it only seems to detect the start menu shortcuts and not the files itself, wierd.
  • Altough it's strange to detect VNC, they have a point. The people who install this will know it's harmless for them and ignore it. People who don't know VNC and have it on their system probally won't want it.
  • But, this program is used by a lot of admins to configure systems remotely. In over 90% of the cases it will be harmless.


KaZaA (adware bundler)
[Image: 6_threat4_KaZaA.png]
  • Detected a lot of registry settings from KaZaA Lite.
  • Would make sense to detect KazaA, but not the original KaZaA Lite K++ (v2.4.5.4) since this version has of ad/spyware removed.
  • Stupid to detect this, causing stupid rumours and confused users


eDonkey2000 (adware bundler)
[Image: 7_threat5_eDonkey2000.png]
  • Detected various eMule registry settings.
  • Doesn't make sense at all, it detects eMule as eDonkey, WTF!?!?
  • eMule doesn't contain any spy/adware. I don't know if eDonkey does, but that isn't on my system anyway.


Grokster (adware)
[Image: 8_threat6_Grokster.png]
  • That isn't Grokster, but part of KazaA Lite (see what i said about KazaA Lite).
  • Makes no sense to detect this as Grokster


MSN Sniffer (commercial key logger
[Image: 9_threat7_MSN_Sniffer.png]
  • Had this installed once, but it is already un-installed these are just some left behinds.
  • Good to detect this tough



I know this is still beta software, Microsoft has a lot todo before they release Giant's software as public software.


I was on a Dutch site, in the user comments it said that the following programs are detected too:
  • Emule Morphxt (low threat) - Harmless add-on for eMule.
  • Several online banking programs - How does that have anything todo with spyware? Pleople just want to do their banking stuff online.
  • WebHancer SpOrder.dll - This is a file which can be related to spyware, but in many cases is part of normal software too. Removing this file could very well be more dangerous then leaving it on your harddisk.
  • Timbukto Pro (Commercial Remote Control) - This turned out to be part of the Symantec VPN Client, which is harmless. Probally detected because of the same reason as RealVNC, but i really don't get that reason.

Also i see that alot of people on other sites agree that Messenger Plus! shoudn't be detected as spyware :). People seem to have learned after the first few Plus! releases with sponsor. Most people making comments about Messenger Plus! being detected by Microsoft's new tool are aware the sponsor is optional and think Plus! alone shouldn't be detected as spyware, certainly not when the sponsor wasn't installed.


I really wonder what Microsoft is planning with this software. I know that most false detections have "ignore" as default action. But people trust Microsoft, if they tell users that for example Messenger Plus! or eMule is a threat to their system, then alot of users would want to remove those programs. Also they will tell their friends software like eMule and Messenger Plus! is bad. One thing leads to another and you end up with stupid rumours.

Consider this my open comment to Microsoft (yes, i know it's Giant's technology. But Microsoft is responsible now).
Finish the problem
Menthix.net | Contact Me
01-08-2005 08:51 PM
Profile E-Mail PM Web Find Quote Report
« Next Oldest Return to Top Next Newest »

Messages In This Thread
Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Menthix on 01-08-2005 at 08:51 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by *Saint* on 01-08-2005 at 08:57 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Menthix on 01-08-2005 at 09:01 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by *Saint* on 01-08-2005 at 09:07 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by lopardo on 01-08-2005 at 09:08 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Vilkku on 01-08-2005 at 09:22 PM
RE: RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Anubis on 01-08-2005 at 09:27 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by lopardo on 01-08-2005 at 09:26 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by paperless on 01-08-2005 at 09:56 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Striker on 01-08-2005 at 10:00 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Menthix on 01-08-2005 at 10:03 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by juanfrank11 on 01-08-2005 at 10:07 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Flames on 01-08-2005 at 10:09 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Menthix on 01-08-2005 at 11:08 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by paperless on 01-08-2005 at 11:41 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by mad_onion on 01-09-2005 at 05:22 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Plik on 01-09-2005 at 05:29 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Menthix on 01-09-2005 at 05:50 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by zaidgs on 01-09-2005 at 07:28 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Jhrono on 01-09-2005 at 07:47 PM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by ChrisTorng on 01-10-2005 at 01:39 AM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Guido on 01-10-2005 at 04:41 AM
RE: RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by CookieRevised on 01-10-2005 at 08:50 AM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by WDZ on 01-10-2005 at 06:51 AM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by (insert name here) on 04-27-2005 at 07:32 AM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by Sunshine on 04-27-2005 at 11:40 AM
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!) - by CookieRevised on 04-27-2005 at 12:49 PM
An unusual false positive in MS-AntiSpyware - by zaidgs on 01-10-2005 at 08:03 PM
RE: An unusual false positive in MS-AntiSpyware - by zaidgs on 01-10-2005 at 08:07 PM


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On