What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)

Pages: (3): « First [ 1 ] 2 3 » Last »
Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
Author: Message:
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
O.P. Roll Eyes  Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
There has been talked much already about the Microsoft AntiSpyware Beta1 software on this forum. ..

Microsoft's Anti-spyware Software...
Microsoft® Windows AntiSpyware (Beta)
MS Antispyware says Messenger Plus is adware

Most topics say that Microsoft's new beta gives a false detection of Messenger Plus!, i decided to try it myself today.

Click on the images in this post to see a bigger version


I did a "full system scan" on all my harddisks and had all these options turned on...
  • Scan memory locations and runnign processes
  • Scan selected drives/folders (All 4 partitions on my system were selected)
  • Deep scan folders (recommended but will increase scan time)
After it scanned my entire system it came up with 7 threats.

[Image: 2_results.png]

I will list the results one by one:



NetSpy KeyLogger (key logger)
[Image: 3_threat1_NetSpy Keylogger.png]
  • Detected 2 files on harddisk and a lot of registry settings.
  • This is a threat according to Symantec and listed as spyware too.
  • Not something you would wish on your system either, since it can run in hidden mode :s.
  • Not sure how this ended up on my system, probally when i tested this software on my own system a long time ago.
  • Note that this spyware was not running at the moment of scan, but it was indeed sitting on my harddisk.
  • Microsoft AntiSpyware is right to detect this spyware as a severe threat (y).
  • The default action "remove"" is very appropriate (y).


Messenger Plus! (adware bundler)
[Image: 4_threat2_Messenger_Plus.png]
  • Detected (almost) all Messenger Plus! files and registry settings
  • The sponsor is not installed on my system, it actually never was.
  • It's listed a "adware bundler" even while (in my case) the sponsor doesn't exist anywhere on my system. And it isn't possible to get the Plus! sponsor either from the files it detected. The only way is by downloading the Plus! installer from some site, run it and choose to have the sponsor installed. Even whe using the auto update feature you will always need to choose if you want to have the sponsor installed or not with this update.
  • Microsoft AntiSpyware does detect Plus! as spyware, even without the sponsor. But it does not detect the Messenger Plus! setup file as spyware. Strange, the setup file has much more risk of being 'spyware' (50% depending on if you choose to install the sponsor or not) then a Plus! installation without the sponsor (0%, totally harmless).
  • Microsoft AntiSpyware is not right in any way to detect Messenger Plus! as spyware, it could be right to detect the sponsor itself or the Messenger Plus! installer, but never the Plus! software itself (n).
  • Using "ignore" as default action is the least they can do, shouldn't even be detected (n).
  • Can go on about this much longer, but just browse the other topics about this.


RealVNC (Commercial Remote Control)
[Image: 5_threat3_RealVNC.png]
  • Detected start menu shortcuts to RealVNC.
  • I use RealVNC to connect to my PC over the internet when i'm away from home. It's simulair to Microsoft's Remote Desktop which isn't detected BTW :o. I installed RealVNC myself and you need to login with a password before you can do anything with it. Also, it only seems to detect the start menu shortcuts and not the files itself, wierd.
  • Altough it's strange to detect VNC, they have a point. The people who install this will know it's harmless for them and ignore it. People who don't know VNC and have it on their system probally won't want it.
  • But, this program is used by a lot of admins to configure systems remotely. In over 90% of the cases it will be harmless.


KaZaA (adware bundler)
[Image: 6_threat4_KaZaA.png]
  • Detected a lot of registry settings from KaZaA Lite.
  • Would make sense to detect KazaA, but not the original KaZaA Lite K++ (v2.4.5.4) since this version has of ad/spyware removed.
  • Stupid to detect this, causing stupid rumours and confused users


eDonkey2000 (adware bundler)
[Image: 7_threat5_eDonkey2000.png]
  • Detected various eMule registry settings.
  • Doesn't make sense at all, it detects eMule as eDonkey, WTF!?!?
  • eMule doesn't contain any spy/adware. I don't know if eDonkey does, but that isn't on my system anyway.


Grokster (adware)
[Image: 8_threat6_Grokster.png]
  • That isn't Grokster, but part of KazaA Lite (see what i said about KazaA Lite).
  • Makes no sense to detect this as Grokster


MSN Sniffer (commercial key logger
[Image: 9_threat7_MSN_Sniffer.png]
  • Had this installed once, but it is already un-installed these are just some left behinds.
  • Good to detect this tough



I know this is still beta software, Microsoft has a lot todo before they release Giant's software as public software.


I was on a Dutch site, in the user comments it said that the following programs are detected too:
  • Emule Morphxt (low threat) - Harmless add-on for eMule.
  • Several online banking programs - How does that have anything todo with spyware? Pleople just want to do their banking stuff online.
  • WebHancer SpOrder.dll - This is a file which can be related to spyware, but in many cases is part of normal software too. Removing this file could very well be more dangerous then leaving it on your harddisk.
  • Timbukto Pro (Commercial Remote Control) - This turned out to be part of the Symantec VPN Client, which is harmless. Probally detected because of the same reason as RealVNC, but i really don't get that reason.

Also i see that alot of people on other sites agree that Messenger Plus! shoudn't be detected as spyware :). People seem to have learned after the first few Plus! releases with sponsor. Most people making comments about Messenger Plus! being detected by Microsoft's new tool are aware the sponsor is optional and think Plus! alone shouldn't be detected as spyware, certainly not when the sponsor wasn't installed.


I really wonder what Microsoft is planning with this software. I know that most false detections have "ignore" as default action. But people trust Microsoft, if they tell users that for example Messenger Plus! or eMule is a threat to their system, then alot of users would want to remove those programs. Also they will tell their friends software like eMule and Messenger Plus! is bad. One thing leads to another and you end up with stupid rumours.

Consider this my open comment to Microsoft (yes, i know it's Giant's technology. But Microsoft is responsible now).
Finish the problem
Menthix.net | Contact Me
01-08-2005 08:51 PM
Profile E-Mail PM Web Find Quote Report
*Saint*
Senior Member
****

Avatar

Posts: 570
Reputation: 25
36 / Male / Flag
Joined: Jan 2004
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
is it posible for me to get this program
01-08-2005 08:57 PM
Profile PM Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
O.P. RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
quote:
Originally posted by Saint
is it posible for me to get this program
Yes, download it here.

Already linked to it at the beginning of my post BTW.

This post was edited on 01-08-2005 at 09:01 PM by Menthix.
Finish the problem
Menthix.net | Contact Me
01-08-2005 09:01 PM
Profile E-Mail PM Web Find Quote Report
*Saint*
Senior Member
****

Avatar

Posts: 570
Reputation: 25
36 / Male / Flag
Joined: Jan 2004
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
ok thanks
01-08-2005 09:07 PM
Profile PM Find Quote Report
lopardo
Veteran Member
*****


Posts: 1395
Reputation: 33
38 / Male / Flag
Joined: Nov 2002
Status: Away
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
Yes, it's a public beta (not a final version).
Menthix posted the direct download URL above, but check Microsoft Windows AntiSpyware (Beta) Home first.
[Image: userbar452797dd.gif]
01-08-2005 09:08 PM
Profile PM Find Quote Report
Vilkku
Veteran Member
*****

Avatar

Posts: 1411
Reputation: 27
36 / Male / Flag
Joined: Mar 2003
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
It recommended me to quarantine my anti-virus programs auto-updater. :dodgy:
[Image: signature.php]
01-08-2005 09:22 PM
Profile E-Mail PM Web Find Quote Report
lopardo
Veteran Member
*****


Posts: 1395
Reputation: 33
38 / Male / Flag
Joined: Nov 2002
Status: Away
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
:lol: What antivirus?

Well, it's still a beta, so I just hope they'll improve it for the final version...
[Image: userbar452797dd.gif]
01-08-2005 09:26 PM
Profile PM Find Quote Report
Anubis
Elite Member
*****

Avatar
42

Posts: 2695
Reputation: 64
34 / Male / Flag
Joined: Oct 2003
RE: RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
quote:
Originally posted by Vilkku
It recommended me to quarantine my anti-virus programs auto-updater. :dodgy:

I can just see this turning into anti-MS thread after that...I'm not saying it's your fault Vikku, I can just see someone taking that one step further and insulting all MS products.
Please remember that this is a BETA program, and that MS may not know of all these problems, and it doesn't show the full standards of the finished program.
And all bugs should be reported to MS, in the spirit of co-operation of making better software to help and aid computer users in general...
[Image: anubis5hq.png]
01-08-2005 09:27 PM
Profile PM Find Quote Report
paperless
Veteran Member
*****

Avatar
Saved by the bell

Posts: 1113
Reputation: 37
35 / Male / Flag
Joined: Apr 2003
Status: Away
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
I dont think any of them are false... keylogger is in fact a threat for your privacy msn sniffer also msgplus they explain clrearly that msgplus installs an OPTIONAL adware so nothing wrong to me u people are also trying to look for a motive to blame microsoft and u get  ur objectivity damaged...

I dont like microsoft(strategies and some other things) also but im objective in my opinions.
01-08-2005 09:56 PM
Profile E-Mail PM Find Quote Report
Striker
Full Member
***

Avatar

Posts: 129
Reputation: 3
41 / Male / –
Joined: Oct 2002
RE: Microsoft ANtiSpyware Beta1 - False detections (not only Plus!)
i dont hate MS, but im not going to provide them FREE beta testing. They have enough money to test their own products somewhere other than my comp, unless of course they want to pay me :)
01-08-2005 10:00 PM
Profile PM Web Find Quote Report
Pages: (3): « First [ 1 ] 2 3 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On