How good is MSAS at detecting trojans?

My experiences with MS are that they are primarily (exclusively?) concerned with making money, without any real concern with user security. If there is any belated concern (e.g. MSAS), it is only because there is a perceived "market" with which they can make more money (e.g. One Care), especially since the growth in their primary OS and Office markets has slowed considerably.

If you are a Microsoft shareholder, you get back some of the money and time lost with MS in the form of dividends. For the rest of us, it is non-stop grief. It is pretty straightfoward to build a reasonably safe operating system. MS Windows has so many problems because it was designed to "peek into" users desktops - not protect them. So be it. When I think the time is right, I'll switch to another operating sytem. It will probably be a few more years though. I am thinking that Apple may get into the "operating system business" once they port their OS to the Intel chip.

Rich

 

Rich,

It is reasonably easy to build an OS, correct. It is not however easy to build one that nobody will try to find an exploit for, especially when your Microsoft. I think you need to take a step back, and rethink your general position. Your looking at this from a single user point of view. Microsoft is the largest OS supplier, with this title they subject themselves to every wannabe hacker on the planet. What better praise from your elders then being able to say you hacked into Microsoft's OS, found a weakness, and exploited it to show everyone how smart you are. Microsoft has its weaknesses, but you need to pay more attention to the losers who are creating the problems (hackers). If these morons werent always trying to break it, the average user wouldnt even realize it needed fixed.

Also, show me a corporation who isnt interested in making money?>


Trekk

 

Hi Trekk,

There is a continuum, and MS Windows is at the extreme end of a monstrosity. There are ways to "secure" systems" as opposed to "opening them up" so that every Tom, Dick, and Harry, can do what ever they want to do. On a scale of 1 -10, in terms of how Windows NT was initally designed, I would give it a 1. In terms of MS's efforts to fix the giant holes that they created, I'll give them a 4 - but they were only responding to enormous bad publicity from the press.

It is alright for them to make money. And it is also alright for me to say that the the way that they are making money is at my expense. Sort of like the way Enron made money (for a period of time) at the enormous expense of California utility users. MS is not a company I trust, and hopefully other companies over time can address this market. If not, then I can make do. But I will not give any credit to MS, who's Windows design is the basic source of all the security problems.

So to answer you question. Yes, MS could have done much better. Was it within their means? Absolutely. Why didn't they do it? Because they didn't care.

Rich

 

Not to take this thread OT, but there are lots of other solutions out there Rich ... Linux 100s of variants, Unix multiple variants, MAC OS ... have you ever actually tried any of them? BTW they all have some weaknesses/security holes too ... but open source stuff tends to get patched rather quickly. If you do decide to try a Linux Distro I would suggest you start with SuSE.

 

I dont trust any company who is after my money Anytime you include the all mighty dollar in the picture, the level of dishonestly increases exponentially. I dont think they are as evil as everyone says, I do however think they are guilty of releasing their OS's to soon in the interest of showing a quick ROI. I also dont like how they use us all as guiney pigs, instead of issuing a version of an OS, then waiting for the hackers to show the exploits, they need to spend more time looking for weaknesses prior to release. Im simply pointing out ALL operating systems have vulnerabilities, Microsoft's are just noticed more since they own so much of the market.

One more thing; Microsoft is NOT the cause of the security issues, the people who exploit them are. Please dont make the mistake of ignoring the dirtbags who create these virus' etc, THEY are the cause of the millions of dollars in lost productivity.


Take Care,

Trekk

 

Thanks for the reference dog. I will probably be investigating alternatives at the beginning of next year. But I will continue to look out for users experiences with products such as SuSE.

Thanks.

Rich

 

See https://www.wilderssecurity.com/showthread.php?t=93713

 

Nope! They are just the largest so the most focused on. Its sad to say, but I think people are mostly jealous because Gates was just a common schmuck with good timing.

 

Sorry guys, but all the arguments that have been mentioned to whitewash MS, don't satisfy me.

Charity ? Most people give money to charity, not all of us have $23 billion dollars to spend on charity like MS.
What has charity to do with development of software anyway ? I don't see the connection.

The most spread OS and any other software in the world is of course the most vulnerable one.
Even Firefox, one of the safest browser, will become a target of the bad guys and it's already happening.
As I said before, you have to run faster than the bad guys. Which means brains, research and above all motivation.
A company and certainly not MS, doesn't wait until their software is hacked, they have to work constantly on that problem.

One of the basic rules of testing is that you NEVER use the same group of people, who created the OS, for testing.
These people aren't good in testing, because creating and testing software isn't the same.
I'm not talking about bugs in software due to bad coding, beta testers will find these errors easily.
I'm talking about security holes within bug-free softwares.

That's why you need another group of people to test an OS.
A test group that has only one goal : crack the OS in every possible way they can and report it to the developers.
And you don't give that job to people with an average I.Q., because they won't find anything or only the easy security holes.
That's why you need brilliant people, that think like the bad guys and do everything to destroy the OS.
That requires a total different attitude and way of thinking, than creating an OS.
How long the testing of an OS has to be ? Until the NEXT OS is ready for testing.
That doesn't count only for OS, that counts for every software, even MSAS.

And please don't try to convince me that a bad uninstaller is an excuse for freeware.
There are some BASIC RULES in good programming, that NEVER change and UNINSTALLING is one of them.
An uninstaller that doesn't work is due to poor programming. Period and being freeware has nothing to do with it.
Each programmer, that respects himself, will never make a bad uninstaller, not the programmers, I know in real life.
They are ashamed for each mistake they made in their programs and they will correct them as soon as possible.

If I hurt somebody, sorry about that, I'm really a nice guy, but I have my opinions about computer softwares and I have a language problem, which doesn't make it easier for me to explain things in a more diplomatic way like I do in my own language (Dutch).

 

No offense taken at all Erik. We are all entitled to our opinions, and everyone has a different perspective.

Take Care Bud,

Trekk

 

That's the way I see it. Any beta tester could have told MS (for example) that their uninstaller does not complete back out MSAS. It is rather simple. But if a company doesn't care, it doesn't care. And there is nothing anyone can do about it, except avoid the product. In any case, I couldn't dream of a situation where I would trust MS to secure any aspect of my computer. There is only one MS product that I use, by default, and that is Windows XP. And most of the other products that I have purchased in the last year (maybe all) have been to secure XP so that I can use Firefox to browse the Web.

Cya,
Rich

 

So....

Does anyone think that security software companies like:

DiamondCS
Webroot
Ghost Security
McAfee
Norton/Symantec
Sunbelt
PC Tools
Kaspersky Labs
Lavasoft
Privacy Software Corporation
Mischel Internet Security
Computer Associates
Eset
Soft4Ever
Agnitum, Ltd.
BillP Studios
Zonelabs, Inc.
Emsisoft
StarForce
Greatis Software
Softwin
Authentium
Kerio Technologies
Norman
Trend Micro
Panda Software
PestPatrol, Inc.
Tall Emu
SalD Ltd.
FRISK Software
etc.
etc.
etc., ..........

*are all upset that Microsoft has some flaws with it's operating system?

*Has anyone thought that perhaps without these flaws, that these businesses don't exist?

*And without these businesses in existence, there's an aweful lot of people either out of work or in a different professional other than the one they've chosen?

*And that if that's the case, the world economy is in a totally different position?

So while Microsoft's operating system flaws are being exploited by people who have bad intentions.......it has also provided an aweful lot of other people OTHER THAN MICROSOFT an opportunity to MAKE MONEY and keep the economy rolling. And this has helped put people to work, and provide them with a livelihood and a means necessary to put their IT and computer science degrees to work and to use?

So go ahead and bash the "computer giant" if you want to, but when you do...just realize that Microsoft not only offers a product for tens of millions of users....but also employs several thousands of people as well. And if not directly, indirectly by allowing the above type security software vendors the opportunity to exist and to employ people themselves in this marketplace.

Besides, Trekk was right earlier when he said "Microsoft is NOT the cause of the security issues, the people who exploit them are." This is so very true.

SEE....it can always be spun to be looked at as a positive....if you want and/or allow it to be.

 

JRCATES,
I agree with you and the security industry offers indeed alot of jobs/hobbies for many people.
That's the only good side of malware, it puts food on the table for all, who are involved.

I thought about this too, but even that doesn't make sense to me and I will explain it.

1. Malwares are created by malware writers and in most cases their work is destroyed by anti-malware writers, who detect/remove their malware.
What is the final result : NOTHING, because that what was created is destroyed.

2. Users are infected by malware and they remove it, no matter how long it takes.
What is the final result : NOTHING, because the infection was removed.
They just brought their computer from malware-free back to malware-free.

The whole malware/anti-malware industry is based on "create and destroy" without any positive result.
It's like building a bridge and then destroy that bridge and we still don't have a bridge.
Even worse, we all waste our talent, our money and above all our time on NOTHING.

Well I can create alot of jobs that are based on "create and destroy".
Don't we have better things to do than working without results to be proud of ?
There are SO MANY OTHER problems in the world that need a solution, let us take care about them in stead of creating and removing malware.

 

True

True again

OK, well this is where I differ somewhat, Erik. By security software vendors CREATING a product that counters what the nasty developers want and are trying to do, and the user is saved from harm and returned to a normal state....there IS positive taking place. The bridge was rebuilt!

Think of it this way: There are criminals in society. No matter how much those of us law-abiding citizens do not want them to be there, they still exist. OK....now think of a society without COPS (Police). The criminals would reign supreme. So the security vendors are more or less the internet/PC Cops....making sure that the "bad guys" don't have the upper hand. And by having Police on duty, people are put to work in a legal and ethical fashion, and people are protected and criminal activity deterred and punished somewhat. Criminal activity still exists, but not to the degree that it would if there were no police (who are earning a living and providing the means to support their family) on patrol.

OK, I know...it's not the perfect analogy...it's flawed. Just like Microsoft's operating system. But honestly, if Microsoft was in the position of Linux.....and Linux was in the position of Microsoft (marketshare wise).....who does everyone think the "hackers" and malware authors would be targetting? It would no longer be Microsoft, I'd bet my bottom dollar on that!

And I agree with this as well. But it's not a perfect world, and there is no perfect operating system. And unfortunately, there are criminals who will continue to be criminals no matter what roadblocks or obstacles (i.e. - Police) we throw in their way. So while it is frustrating to those of us who don't want to "worry" about malware, it's going to exist - like it or not. So the best thing to do is prepare ourselves, and handle it the best way accordingly.

It's like the expression...."If someone hands you a lemon, make lemonade!" In other words, make the best of a bad situation.....and in the case of Microsoft, they're the "bad situation" because they are targetted by the malware authors simply because they have the marketshare that will affect the most customers. Everyone wants to be the guy that "defeated the champion". Or remember the children's game "king of the hill" that kids play? Where everyone tried to knock the guy standing on top of the hill off of the hill so they could be standing on the top of it? That's really why Microsoft is targetted so much by the bad guys, not because of "horrible design strategy", but primarily because of marketshare.

 

I think something some people are forgetting here is that MSAS is still beta software, so why should it function flawlessly? Beta software usually has flaws and bugs, and you agree to test the software and report any bugs found. I hope that's what the folks bitching here so much, about a piece of beta software, are doing. Nobody made you try a beta software program. You should be reporting all bugs to MS so they can be fixed.

 

Hi John,

I have X amount of disposable cash/time available to me. I can spend part of it securing XP or I can use it to do something enjoyable - such as purchasing a book. The former I consider necessary, but "wasteful" (since a decent operating system would have avoided this whole problem), the second I consider a pleasure in life.

As for the AV/AT companies, they are fulfilling a need in the marketplace, because MS doesn't care about security. Kudos to those who do provide security, and the Bronx cheer for MS.

Cya,
Rich

 

Hi thinkdeeper,

This problem could be fixed in less than one programmer day if MS wanted to. But, as the saying goes: "You can lead a horse to water, but you can't make it drink." MS is a company that simply doesn't care about these kind of things. It costs money to fix and doesn't make money. Pretty simple.

Cya,
Rich

 

I was unable to update MSAS, and so disabled it with Win Patrol. I also have Counterspy which is what I depend upon for AS.
I understand that if you have both on your machine, and uninstall one of them it causes all sorts of problems. For that reason I have not uninstalled MSAS.

I like Counterspy, and will stick with it. I had no objection to MSAS, except at the point where I was unable to update. I tried a lot of things, but finally gave up. I don't miss it, and suppose that since I have a lot of room on my harddrive it can just sit there forever.

Jerry

 

@JRCATES,
What you said in your last post makes also sense. We can't allow the bad guys taking over the internet.
Sometimes I have to remove the frustration in my brain and write it down in a post to get rid of it .

@RICHRF,
I fully agree with your last post too.
The uninstaller is a separate program of MSAS with a total different function than the scanner and should work properly from the start, beta or not.

 

I think the main problem here is that for every X number of home users that want MS to change that stuff, you've got a mega corporation (with thousands of licenses) that demands the opposite. MY opinion is that they need to create a real home version that is more secure for home users (not just the same thing with the ability to conotrol/secure those components removed).. it's mostly the enterprise level features that have a lot of these bugs.. you can do a lot by just disabling those features. There will still always be problems, though.. don't forget that there were Mac virii until it became more profitable to write malware exclusively for PC. It may be "straight forward" to write a secure operating system (since I'm not a programmer, I can't really say), but it's quite another thing to make a secure operating system suitable for literally billions of people and companies alike. Split them up (home users and businesses), and I think you might have a chance, though.

But I agree.. if you're paranoid that MS is out to spy on you, there are plenty of alternatives. Try out Knoppix for a while, you won't have to install anything.

 

Well that makes sense. But I don't need to be a programmer or even need to have even seen other Operating systems to say windows design is unsecure.

.

I also have a stack of ubuntu cds, they seem to be appearing everywhere free, 2 CD pack, one of them is a live CD that runs without installing.

Works great.

 

It's really sad there are so many malware in the world.

As a matter of facts, the world is not all roses. We have police who catch bad guys. We have shop-detectives to catch thieves, and so on. All these postions are somewhat wasteful. But since there are bad guys, the resources spent are not really wasteful. Sad but true.

The best solution is to prevent them from becoming bad guys in the first place. Nowadays the education system focus too much on teaching people knowledge, but they don't realise the importance of teaching them to use their knowledge on the right/good side.

No matter how knowledgeable a person is, if it uses his talents on bad side, what's the point? We are just helping these bad guys to do evil things.

Ethics and morals are what we should really learn nowadays.

 

Ethics and morals are best taught in the home. I dont need a teacher to do my parenting for me