Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
It might be better to just get another gerbil.

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


                                     

Search all files created by Company 'X'

eXact advertising, to be particular.
  (+4, -2)
(+4, -2)
  [vote for,
against]

Lately, I've been battling a plague of scumware that Ad-Aware hasn't quite picked up. Cashback Buddy and its evil spawn simply won't die. I've killed a dozen files a dozen times, yet some sleeper always resurrects the thing. Most of the files are, however, nicely documented as being created by 'eXact advertising,' or at least have a modified date identical to these.

It'd be nice if I could search and destroy all files based on file property details, like company, for instance. That'd be a quick and dirty way to get rid of 'em, at least until they start misidentifying themselves.

RayfordSteele, Mar 10 2005

Browsing the Web and Reading E-mail Safely as an Administrator http://msdn.microso.../secure01182005.asp
Highly recommended if you run as administrator [krelnik, Mar 10 2005]

Microsoft anti-spyware cookie note http://www.microsof...rrentcustomers.mspx
"[enabling] a great user experience" is cited as a reason [krelnik, Mar 11 2005]


Please log in.
If you're not logged in, you can see what this page looks like, but you will not be able to add anything.



Annotation:







       If you're running XP, might I suggest Microsoft's anti-spyware beta. It's quite well done. It sort of combines the functions of Ad-Aware and WinPatrol, and does both functions better, I think.
waugsqueke, Mar 10 2005
  

       Been pretty happy with the Norton anti-spyware offering -- my kids computers are now usable despite AOL.
theircompetitor, Mar 10 2005
  

       Unfortunately some of the variants out there are making registry changes, too, so just deleting isn't going to do it.   

       You know, if you don't run as "admin" or root you'll have a lot better time defending your machine. Registry changes and other deep processes can't happen without root permissions.   

       Alas, XP Home Edition only allows users as admin.
bristolz, Mar 10 2005
  

       [Microsoft's anti-spyware beta]....That phrase summons up visions of two-headed monsters battling themselves......
normzone, Mar 10 2005
  

       Michael Howard posted a great article about how to restrict the rights of the browser even when you are logged in as administrator. Only works on XP and 2003, but I highly recommend it. See link.   

       Personally, I turn off everything (ActiveX, Javascript, Java, etc) in the Internet zone, and then only enable web sites on an as-needed basis. Its sort of a pain, because so many sites require Javascript even to render their home page now. On the other hand, I use IE and I have never been blindsided by adware.   

       One final note: the Microsoft anti-spyware product does have some neat features, but it does not kill cookies. If you don't like advertising companies tracking where you surf, that could be a deal-breaking omission.
krelnik, Mar 10 2005
  

       I wonder why that isn't a feature? Assumably, responses to beta releases will include complaints about no-cookie crumbling and maybe they'll add it.   

       Of course, maybe MS thinks that mal-cookie signatures are so dynamic that it isn't a useful feature.
bristolz, Mar 10 2005
  

       Probably corporate policy. Didn't Microsloth invent cookies back when?
RayfordSteele, Mar 10 2005
  

       The concept of cookies predates the internet by decades but it was Netscape that first made use of the "web cookie" as a way of maintaining a session. It was DoubleClick that pioneered the use of third-party or tracking cookies.   

       It's possible that MS chose not to address cookies because they are not active or executable in any way and so not mal- or spyware.
bristolz, Mar 10 2005
  

       There's a FAQ somewhere that says the cookie-killing feature was deliberately removed from the product when Microsoft bought it from its original publisher. They didn't say this, but I believe the real reason is a business reason: it is in Microsoft's best interest not to piss off internet advertisers. Maybe they'll add it back in and prove me wrong.
krelnik, Mar 11 2005
  

       I think that that is jumping to conclusions.   

       Fact is, first party cookies are generally good and third party, less so. This can be controlled preventatively.
bristolz, Mar 11 2005
  

       In order to search for every file created by "x", you'd have to create a new standard in which every file had some "created by x" tag embedded.   

       Some of the nastier bits of adware have clauses in the EULA that prohibit the removal of said software by any third party programs, along with clauses that state that if you do remove the software with a third party program (i.e. AdAware), that it is explicitly allowed to reinstall or "repair" itself. In order to do this, they often include randomized registry entries pointing to bits of hidden executables designed solely to go online and reinstall the adware. Since these registry keys are different on each installation, they're next to impossible to find and remove. Instead of searching for stuff that "is part of x adware", you have to search for stuff that "is not part of anything that I want". The first search is easy if you have something to search for. The second part requires that you keep a database of every registry key that is known good.   

       I got hit with an infection of "CoolWebSearch" a while back. I had to do a full reinstall of WinXP to get back to a usable machine.
Freefall, Mar 11 2005
  

       I spent an afternoon trying to get rid of CoolWebSearch on a friends machine a couple of weeks ago. I couldn't get rid of it, either.   

       [freefall]: by what mechanism or vector, if you know, did CWS get on to the machine?
bristolz, Mar 11 2005
  

       // I think that that is jumping to conclusions.//
Well, the fact is that MSN and other Microsoft web sites sell paid advertising. Therefore, Microsoft has a fiduciary obligation to serve the best interests of web advertisers.
  

       // clauses in the EULA //
Which puts Microsoft in the interesting position of both defending EULA's in court (which they have done several times) and also distributing a piece of software that helps you violate another vendor's EULA. It will be interesting to see if one of the spyware vendors decides to press this point.
krelnik, Mar 11 2005
  

       Are there, in fact, any spyware EULA's that say you cannot uninstall the product? I believe that there are application EULA's, like kazaa, that say that you cannot use the kazaa client if you uninstall the companion malware that gets installed alongside the main application.   

       If a EULA says "you cannot uninstall me using a third-party product" than the act of flattening and re-installing the OS itself would be a violation of the term as the OS is a third-party application.The enforceability of a EULA that says "you can't ever [in effect] uninstall me" is so questionable that a spyware removal tool vendor probably has little to fear and may, in fact, relish a legal dispute over such terms so that such future re-install or repair language is invalidated by precedent.
bristolz, Mar 11 2005
  

       Maybe I'm confusing it with the Intel chip ID thing way back when.
RayfordSteele, Mar 16 2005
  

       [-]"It'd be nice if,"....=WIBNI. Sorry, but on this one I don't see any real proposal as to HOW you might identify all files created by a company. Searching "created on date", is baked.   

       And if the software is maliciously clinging, nearly any such "search & destroy" would be a step behind the company's evasion efforts. Gotta find another way, which some annos above are getting at.,,
sophocles, Mar 16 2005
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle