h a l f b a k e r yEureka! Keeping naked people off the streets since 1999.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Lately, I've been battling a plague of scumware that Ad-Aware hasn't quite picked up. Cashback Buddy and its evil spawn simply won't die. I've killed a dozen files a dozen times, yet some sleeper always resurrects the thing. Most of the files are, however, nicely documented as being created by 'eXact
advertising,' or at least have a modified date identical to these.
It'd be nice if I could search and destroy all files based on file property details, like company, for instance. That'd be a quick and dirty way to get rid of 'em, at least until they start misidentifying themselves.
Browsing the Web and Reading E-mail Safely as an Administrator
http://msdn.microso.../secure01182005.asp Highly recommended if you run as administrator [krelnik, Mar 10 2005]
Microsoft anti-spyware cookie note
http://www.microsof...rrentcustomers.mspx "[enabling] a great user experience" is cited as a reason [krelnik, Mar 11 2005]
[link]
|
|
If you're running XP, might I suggest Microsoft's anti-spyware beta. It's quite well done. It sort of combines the functions of Ad-Aware and WinPatrol, and does both functions better, I think. |
|
|
Been pretty happy with the Norton anti-spyware offering -- my kids computers are now usable despite AOL. |
|
|
Unfortunately some of the variants out there are making registry changes, too, so just deleting isn't going to do it. |
|
|
You know, if you don't run as "admin" or root you'll have a lot better time defending your machine. Registry changes and other deep processes can't happen without root permissions. |
|
|
Alas, XP Home Edition only allows users as admin. |
|
|
[Microsoft's anti-spyware beta]....That phrase summons up visions of two-headed monsters battling themselves...... |
|
|
Michael Howard posted a great article about how to restrict the rights of the browser even when you are logged in as administrator. Only works on XP and 2003, but I highly recommend it. See link. |
|
|
Personally, I turn off everything (ActiveX, Javascript, Java, etc) in the Internet zone, and then only enable web sites on an as-needed basis. Its sort of a pain, because so many sites require Javascript even to render their home page now. On the other hand, I use IE and I have never been blindsided by adware. |
|
|
One final note: the Microsoft anti-spyware product does have some neat features, but it does not kill cookies. If you don't like advertising companies tracking where you surf, that could be a deal-breaking omission. |
|
|
I wonder why that isn't a feature? Assumably, responses to beta releases will include complaints about no-cookie crumbling and maybe they'll add it. |
|
|
Of course, maybe MS thinks that mal-cookie signatures are so dynamic that it isn't a useful feature. |
|
|
Probably corporate policy. Didn't Microsloth invent cookies back when? |
|
|
The concept of cookies predates the internet by decades but it was Netscape that first made use of the "web cookie" as a way of maintaining a session. It was DoubleClick that pioneered the use of third-party or tracking cookies. |
|
|
It's possible that MS chose not to address cookies because they are not active or executable in any way and so not mal- or spyware. |
|
|
There's a FAQ somewhere that says the cookie-killing feature was deliberately removed from the product when Microsoft bought it from its original publisher. They didn't say this, but I believe the real reason is a business reason: it is in Microsoft's best interest not to piss off internet advertisers. Maybe they'll add it back in and prove me wrong. |
|
|
I think that that is jumping to conclusions. |
|
|
Fact is, first party cookies are generally good and third party, less so. This can be controlled preventatively. |
|
|
In order to search for every file created by "x", you'd have to create a new standard in which every file had some "created by x" tag embedded. |
|
|
Some of the nastier bits of adware have clauses in the EULA that prohibit the removal of said software by any third party programs, along with clauses that state that if you do remove the software with a third party program (i.e. AdAware), that it is explicitly allowed to reinstall or "repair" itself. In order to do this, they often include randomized registry entries pointing to bits of hidden executables designed solely to go online and reinstall the adware. Since these registry keys are different on each installation, they're next to impossible to find and remove. Instead of searching for stuff that "is part of x adware", you have to search for stuff that "is not part of anything that I want". The first search is easy if you have something to search for. The second part requires that you keep a database of every registry key that is known good. |
|
|
I got hit with an infection of "CoolWebSearch" a while back. I had to do a full reinstall of WinXP to get back to a usable machine. |
|
|
I spent an afternoon trying to get rid of CoolWebSearch on a friends machine a couple of weeks ago. I couldn't get rid of it, either. |
|
|
[freefall]: by what mechanism or vector, if you know, did CWS get on to the machine? |
|
|
// I think that that is jumping to conclusions.//
Well, the fact is that MSN and other Microsoft web sites sell paid advertising. Therefore, Microsoft has a fiduciary obligation to serve the best interests of web advertisers. |
|
|
// clauses in the EULA //
Which puts Microsoft in the interesting position of both defending EULA's in court (which they have done several times) and also distributing a piece of software that helps you violate another vendor's EULA. It will be interesting to see if one of the spyware vendors decides to press this point. |
|
|
Are there, in fact, any spyware EULA's that say you cannot uninstall the product? I believe that there are application EULA's, like kazaa, that say that you cannot use the kazaa client if you uninstall the companion malware that gets installed alongside the main application. |
|
|
If a EULA says "you cannot uninstall me using a third-party product" than the act of flattening and re-installing the OS itself would be a violation of the term as the OS is a third-party application.The enforceability of a EULA that says "you can't ever [in effect] uninstall me" is so questionable that a spyware removal tool vendor probably has little to fear and may, in fact, relish a legal dispute over such terms so that such future re-install or repair language is invalidated by precedent. |
|
|
Maybe I'm confusing it with the Intel chip ID thing way back when. |
|
|
[-]"It'd be nice if,"....=WIBNI. Sorry, but on this one I don't see any real proposal as to HOW you might identify all files created by a company. Searching "created on date", is baked. |
|
|
And if the software is maliciously clinging, nearly any such "search & destroy" would be a step behind the company's evasion efforts. Gotta find another way, which some annos above are getting at.,, |
|
| |