Alerting - Malicious software removal tool

November 27, 2008

Thank you! That answers all my questions.

Jo-Anne

"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

news:%23mK5fbBUJHA.5024@TK2MSFTNGP03.phx.gbl...

>

> "Jo-Anne" <Jo-AnneATnowhere.com> wrote in message

> news:uQzeJA4TJHA.3952@TK2MSFTNGP06.phx.gbl...

>

>> Thank you, David! I'm not sure how to run the program the way you have

>> it. Would I need to type it in at the command prompt?

>

> The "run" box - actually "mrt /fy" should do it.

>

> You could type "mrt /?" to see the "switches" available and what

> they mean.

>

>> What if I just double-clicked on the MRT.exe file? Would it offer me the

>> /f:y option?

>

> It prompts you for additional input, whereas Davids suggestion answers its

> prompts automatically.

>

>> And for the log file, would I type that in at the command prompt?

>

> The "run" box again.

>

November 27, 2008

It works for me if typed into the command prompt too (XP machine).

You're welcome.

"Jo-Anne" <Jo-AnneATnowhere.com> wrote in message

news:euPx4VCUJHA.3952@TK2MSFTNGP06.phx.gbl...

> Thank you! That answers all my questions.

>

> Jo-Anne

>

> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

> news:%23mK5fbBUJHA.5024@TK2MSFTNGP03.phx.gbl...

>>

>> "Jo-Anne" <Jo-AnneATnowhere.com> wrote in message

>> news:uQzeJA4TJHA.3952@TK2MSFTNGP06.phx.gbl...

>>

>>> Thank you, David! I'm not sure how to run the program the way you have

>>> it. Would I need to type it in at the command prompt?

>>

>> The "run" box - actually "mrt /fy" should do it.

>>

>> You could type "mrt /?" to see the "switches" available and what

>> they mean.

>>

>>> What if I just double-clicked on the MRT.exe file? Would it offer me the

>>> /f:y option?

>>

>> It prompts you for additional input, whereas Davids suggestion answers

>> its

>> prompts automatically.

>>

>>> And for the log file, would I type that in at the command prompt?

>>

>> The "run" box again.

>>

>

>

November 27, 2008

Leythos, which "security people" claim the tool is useless?

Your claim is certainly unsubstantiated by the data. We released the tool in

early 2005. As of June 2008, the tool has executed almost three billion

times and has performed over 62 million disinfections on almost 24 million

distinct computers.

This information, plus much more research, is available from our

twice-yearly Security Intelligence Report. You can download the latest

edition from http://www.microsoft.com/sir. You can see a list of the malware

families the MSRT recognizes at

http://www.microsoft.com/security/malwarer.../families.mspx; we update

this page each time we update the tool.

--

Steve Riley

steve.riley@microsoft.com

http://blogs.technet.com/steriley

Protect Your Windows Network: http://www.amazon.com/dp/0321336437

"Leythos" <spam999free@rrohio.com> wrote in message

news:MPG.23961e7a3a10bda989715@us.news.astraweb.com...

> In article <AAB34DA4-BCE3-4295-9232-CF0AB26E5E82@microsoft.com>,

> Jeepn@discussions.microsoft.com says...

>> Thanks, but I am refering to Microsofts Malicious Software Removal tool

>> not

>> 3rd party antivirus software.

>>

>

> The MSRT is useless as far as most security people are concerned, why

> bother with it?

November 27, 2008

From: "Steve Riley [MSFT]" <steve.riley@microsoft.com>

| Leythos, which "security people" claim the tool is useless?

| Your claim is certainly unsubstantiated by the data. We released the tool in

| early 2005. As of June 2008, the tool has executed almost three billion

| times and has performed over 62 million disinfections on almost 24 million

| distinct computers.

| This information, plus much more research, is available from our

| twice-yearly Security Intelligence Report. You can download the latest

| edition from http://www.microsoft.com/sir. You can see a list of the malware

| families the MSRT recognizes at

| http://www.microsoft.com/security/malwarer.../families.mspx; we update

| this page each time we update the tool.

| --

| Steve Riley

| steve.riley@microsoft.com

| http://blogs.technet.com/steriley

| Protect Your Windows Network: http://www.amazon.com/dp/0321336437

Thank you Steve.

May I ask how those statistics are gathered and if they are collated into what infector

they were and their success or failure ?

For example the the Rustock which is a Trojan using RootKit techniques.

Are there statistics on how how many PCs were infected and the numbers for successfully

removed and those that failed ?

BTW: Since I mentioned Rustock, have you read the HostExploit White paper on McColo ?

http://hostexploit.com/downloads/Hostexplo...02.0%201108.pdf

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

November 27, 2008

On Wed, 26 Nov 2008 05:32:17 +0700, Kayman wrote:

> On Tue, 25 Nov 2008 14:39:26 -0500, Leythos wrote:

>

>> In article <AAB34DA4-BCE3-4295-9232-CF0AB26E5E82@microsoft.com>,

>> Jeepn@discussions.microsoft.com says...

>>> Thanks, but I am refering to Microsofts Malicious Software Removal tool not

>>> 3rd party antivirus software.

>>>

>>

>> The MSRT is useless as far as most security people are concerned, why

>> bother with it?

>

> Useless? You're obviously not a security person!

> http://www.computerworld.com/action/articl...ce=rss_topic125

http://blogs.technet.com/mmpc/archive/2008...sen-rogues.aspx

November 27, 2008

In article <9AAC7AE5-48B8-4E88-9163-59674962BF01@microsoft.com>,

steve.riley@microsoft.com says...

> Leythos, which "security people" claim the tool is useless?

>

> Your claim is certainly unsubstantiated by the data. We released the tool in

> early 2005. As of June 2008, the tool has executed almost three billion

> times and has performed over 62 million disinfections on almost 24 million

> distinct computers.

>

> This information, plus much more research, is available from our

> twice-yearly Security Intelligence Report. You can download the latest

> edition from http://www.microsoft.com/sir. You can see a list of the malware

> families the MSRT recognizes at

> http://www.microsoft.com/security/malwarer.../families.mspx; we update

How many people, other than MS people, do you see suggesting that it's

the proper tool to use when removing malware?

How many people, other than MS people, do you see suggesting that

compromised computers should be cleaned with it?

How many machines were not cleaned by the MS provided tool?

You don't have to take my word for any of it, all you have to do is a

LITTLE research to see that noone in the community puts any serious

faith in using the tool.

I have NO connection to any vendors products or tools, I have no

investment in any vendors products or tools - I make this statement to

affirm that my opinion is not biased by greed.

My personal experience with over 3700 machines this year, is that it's

not effective when compared to other tools. I think the MSRT is a noble

effort and was a good thing, but actually securing the OS would have

been more worthy and a better allocation of money.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

November 27, 2008

On Thu, 27 Nov 2008 08:38:55 -0500, Leythos wrote:

> In article <9AAC7AE5-48B8-4E88-9163-59674962BF01@microsoft.com>,

> steve.riley@microsoft.com says...

>> Leythos, which "security people" claim the tool is useless?

>>

>> Your claim is certainly unsubstantiated by the data. We released the tool in

>> early 2005. As of June 2008, the tool has executed almost three billion

>> times and has performed over 62 million disinfections on almost 24 million

>> distinct computers.

>>

>> This information, plus much more research, is available from our

>> twice-yearly Security Intelligence Report. You can download the latest

>> edition from http://www.microsoft.com/sir. You can see a list of the malware

>> families the MSRT recognizes at

>> http://www.microsoft.com/security/malwarer.../families.mspx; we update

>

> How many people, other than MS people, do you see suggesting that it's

> the proper tool to use when removing malware?

Not necessary to promote as most of the users with genuine os download an

update and run it every month.

> How many people, other than MS people, do you see suggesting that

> compromised computers should be cleaned with it?

Lack of knowledge?

And most users with compromised computers do not cite specifics when

seeking help for malware removal, furthermore most malware come in

different names.

> How many machines were not cleaned by the MS provided tool?

Irrelevant guess work. Fact is that MRT cleaned 24 million machines thus

far.

> You don't have to take my word for any of it, all you have to do is a

> LITTLE research to see that noone in the community puts any serious

> faith in using the tool.

And which community would that be?

Maybe they should have a look here:

http://www.computerworld.com/action/articl...ce=rss_topic125

http://blogs.technet.com/mmpc/archive/2008...sen-rogues.aspx

> I have NO connection to any vendors products or tools, I have no

> investment in any vendors products or tools - I make this statement to

> affirm that my opinion is not biased by greed.

Gee, dismount of that high (ethical) horse you see yourself sitting on.

You sound like a born again Christian? <shudder>

> My personal experience with over 3700 machines this year, is that it's

> not effective when compared to other tools.

You probably didn't know using it.

Your numbers look a bit 'thin'

Whereas:

"...62 million disinfections on almost 24 million distinct computers."

look a tad more impressive.

> I think the MSRT is a noble effort and was a good thing,

> but actually securing the OS would have been more worthy and a better

> allocation of money.

All you have to do is a LITTLE research in relation to the specific purpose

of MRT.

November 27, 2008

Leythos wrote:

> In article <9AAC7AE5-48B8-4E88-9163-59674962BF01@microsoft.com>,

> steve.riley@microsoft.com says...

>> Leythos, which "security people" claim the tool is useless?

>>

>> Your claim is certainly unsubstantiated by the data. We released the tool in

>> early 2005. As of June 2008, the tool has executed almost three billion

>> times and has performed over 62 million disinfections on almost 24 million

>> distinct computers.

>>

>> This information, plus much more research, is available from our

>> twice-yearly Security Intelligence Report. You can download the latest

>> edition from http://www.microsoft.com/sir. You can see a list of the malware

>> families the MSRT recognizes at

>> http://www.microsoft.com/security/malwarer.../families.mspx; we update

>

> How many people, other than MS people, do you see suggesting that it's

> the proper tool to use when removing malware?

>

> How many people, other than MS people, do you see suggesting that

> compromised computers should be cleaned with it?

>

> How many machines were not cleaned by the MS provided tool?

>

> You don't have to take my word for any of it, all you have to do is a

> LITTLE research to see that noone in the community puts any serious

> faith in using the tool.

>

> I have NO connection to any vendors products or tools, I have no

> investment in any vendors products or tools - I make this statement to

> affirm that my opinion is not biased by greed.

>

> My personal experience with over 3700 machines this year, is that it's

> not effective when compared to other tools. I think the MSRT is a noble

> effort and was a good thing, but actually securing the OS would have

> been more worthy and a better allocation of money.

>

>

People usually do not recommend MRT because, on a computer that has

automatic updates allowed (the default setting) it is run the first

Tuesday of every month when new Windows updates are released.

I place a shortcut to the MRT on the desktop of every Vista computer I

work on so the computer owner can run it "on demand" - along with any

other antimalware the may run.

If you are not recommending people to run this when they have an

infection, or do not utilize it yourself, you are not using an important

tool that is at your disposal.

November 27, 2008

"Kayman" <kaymanDeleteThis@operamail.com> wrote in message

"Gee, dismount of that high (ethical) horse you see yourself sitting on.

You sound like a born again Christian? <shudder>"

You are kidding right? Leythos is the ethical KING. Don't waste your breath

on him.

--

The Real Truth http://pcbutts1-therealtruth.blogspot.com/

"Kayman" <kaymanDeleteThis@operamail.com> wrote in message

news:uDCBfNKUJHA.5408@TK2MSFTNGP04.phx.gbl...

> On Thu, 27 Nov 2008 08:38:55 -0500, Leythos wrote:

>

>> In article <9AAC7AE5-48B8-4E88-9163-59674962BF01@microsoft.com>,

>> steve.riley@microsoft.com says...

>>> Leythos, which "security people" claim the tool is useless?

>>>

>>> Your claim is certainly unsubstantiated by the data. We released the

>>> tool in

>>> early 2005. As of June 2008, the tool has executed almost three billion

>>> times and has performed over 62 million disinfections on almost 24

>>> million

>>> distinct computers.

>>>

>>> This information, plus much more research, is available from our

>>> twice-yearly Security Intelligence Report. You can download the latest

>>> edition from http://www.microsoft.com/sir. You can see a list of the

>>> malware

>>> families the MSRT recognizes at

>>> http://www.microsoft.com/security/malwarer.../families.mspx; we update

>>

>> How many people, other than MS people, do you see suggesting that it's

>> the proper tool to use when removing malware?

>

> Not necessary to promote as most of the users with genuine os download an

> update and run it every month.

>

>> How many people, other than MS people, do you see suggesting that

>> compromised computers should be cleaned with it?

>

> Lack of knowledge?

> And most users with compromised computers do not cite specifics when

> seeking help for malware removal, furthermore most malware come in

> different names.

>

>> How many machines were not cleaned by the MS provided tool?

>

> Irrelevant guess work. Fact is that MRT cleaned 24 million machines thus

> far.

>

>> You don't have to take my word for any of it, all you have to do is a

>> LITTLE research to see that noone in the community puts any serious

>> faith in using the tool.

>

> And which community would that be?

> Maybe they should have a look here:

> http://www.computerworld.com/action/articl...ce=rss_topic125

> http://blogs.technet.com/mmpc/archive/2008...sen-rogues.aspx

>

>> I have NO connection to any vendors products or tools, I have no

>> investment in any vendors products or tools - I make this statement to

>> affirm that my opinion is not biased by greed.

>

> Gee, dismount of that high (ethical) horse you see yourself sitting on.

> You sound like a born again Christian? <shudder>

>

>> My personal experience with over 3700 machines this year, is that it's

>> not effective when compared to other tools.

>

> You probably didn't know using it.

> Your numbers look a bit 'thin'

> Whereas:

> "...62 million disinfections on almost 24 million distinct computers."

> look a tad more impressive.

>

>> I think the MSRT is a noble effort and was a good thing,

>> but actually securing the OS would have been more worthy and a better

>> allocation of money.

>

> All you have to do is a LITTLE research in relation to the specific

> purpose

> of MRT.

November 27, 2008

In article <#13M1cKUJHA.6092@TK2MSFTNGP04.phx.gbl>, none <""richard\"@

(none)"> says...

> If you are not recommending people to run this when they have an

> infection, or do not utilize it yourself, you are not using an important

> tool that is at your disposal.

>

I'm not suggesting that people NOT run it, I'm stating that in all this

time I've not seen it to be of any benefit in cleaning machines.

There are free tools that are MORE valuable and do a better job of

cleaning compromised machines that are not hidden from most users.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

November 27, 2008

In article <ggmfks$svm$1@news.motzarella.org>, not@real.atall says...

> You are kidding right? Leythos is the ethical KING. Don't waste your breath

> on him.

>

My ethics are well above yours Chris, as I don't steal code from others,

and I don't create Porno can them spam the groups with it like you do.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

November 28, 2008

The Security Intelligence Report has a bit of information on that, see page

140 of the current edition. Here are some details:

During the first half of 2008, the MSRT removed malware from 23.9

million distinct computers worldwide, a 50 percent increase over the

second half of 2007. The number of total disinfections performed in

the first half of 2008 rose to 62 million, an increase of 47 percent

over the second half of 2008. A disinfection is defined as the

removal of a distinct type of malware, such as a specific file

infector variant, that is present on an infected computer. The number

of total disinfections is greater than the number of distinct

computers cleaned because the MSRT often detects multiple infections

on a single computer and because computers can become reinfected from

month to month.

Since the initial release of the MSRT, the infection rate measured by

the MSRT has gone from a low of 2.9 computers cleaned for every 1000

executions in the first half of 2006 to the current high of 10

computers cleaned for every 1000 executions. This increase can be

attributed to a number of factors, including detection improvements,

the continual addition of new and newly prevalent families to the

MSRT, and a general rise in malware prevalence worldwide.

The tool reports each time it executes -- that's how we know the total

number of executions. If the tool finds and removes a piece of malware, it

reports that, too -- that's how we know the total number of disinfections. I

don't know whether it has a "find-but-fail" report, although I think I might

ask around to see whether it does.

--

Steve Riley

steve.riley@microsoft.com

http://blogs.technet.com/steriley

Protect Your Windows Network: http://www.amazon.com/dp/0321336437

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:eFIGxMIUJHA.4180@TK2MSFTNGP02.phx.gbl...

> From: "Steve Riley [MSFT]" <steve.riley@microsoft.com>

>

> | Leythos, which "security people" claim the tool is useless?

>

> | Your claim is certainly unsubstantiated by the data. We released the

> tool in

> | early 2005. As of June 2008, the tool has executed almost three billion

> | times and has performed over 62 million disinfections on almost 24

> million

> | distinct computers.

>

> | This information, plus much more research, is available from our

> | twice-yearly Security Intelligence Report. You can download the latest

> | edition from http://www.microsoft.com/sir. You can see a list of the

> malware

> | families the MSRT recognizes at

> | http://www.microsoft.com/security/malwarer.../families.mspx; we update

> | this page each time we update the tool.

>

> | --

> | Steve Riley

> | steve.riley@microsoft.com

> | http://blogs.technet.com/steriley

> | Protect Your Windows Network: http://www.amazon.com/dp/0321336437

>

> Thank you Steve.

>

> May I ask how those statistics are gathered and if they are collated into

> what infector

> they were and their success or failure ?

>

> For example the the Rustock which is a Trojan using RootKit techniques.

> Are there statistics on how how many PCs were infected and the numbers for

> successfully

> removed and those that failed ?

>

> BTW: Since I mentioned Rustock, have you read the HostExploit White paper

> on McColo ?

> http://hostexploit.com/downloads/Hostexplo...02.0%201108.pdf

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

>

November 28, 2008

I can only surmise, then, that the 3700 PCs you referred to in your other

post are very well taken care of and not included in the 24 million

computers for which the tool has had benefit. Good job.

Meanwhile, the customers I consult with are grateful for this tool. The CSOs

and CTOs and security architects I work with around the world, who represent

several million client computers, have commented that the MSRT is one of the

most responsible things they've seen us do -- in addition to all the work

we've done to improve the quality of Windows. Plus, much of what the MSRT

removes are worms that exploit vulnerabilities in humans, not

vulnerabilities in the software -- even a perfect operating system (which is

impossible to build) can't protect itself from that.

--

Steve Riley

steve.riley@microsoft.com

http://blogs.technet.com/steriley

Protect Your Windows Network: http://www.amazon.com/dp/0321336437

"Leythos" <spam999free@rrohio.com> wrote in message

news:MPG.23989b0450ccb07298971e@us.news.astraweb.com...

> In article <#13M1cKUJHA.6092@TK2MSFTNGP04.phx.gbl>, none <""richard"@

> (none)"> says...

>> If you are not recommending people to run this when they have an

>> infection, or do not utilize it yourself, you are not using an important

>> tool that is at your disposal.

>>

>

> I'm not suggesting that people NOT run it, I'm stating that in all this

> time I've not seen it to be of any benefit in cleaning machines.

>

> There are free tools that are MORE valuable and do a better job of

> cleaning compromised machines that are not hidden from most users.

>

> --

> - Igitur qui desiderat pacem, praeparet bellum.

> - Calling an illegal alien an "undocumented worker" is like calling a

> drug dealer an "unlicensed pharmacist"

> spam999free@rrohio.com (remove 999 for proper email address)

November 28, 2008

Oops. I edited a minor error in the SIR and introduced one of my own in

doing so. The second sentence in my quote should say:

The number of total disinfections performed in the first half

of 2008 rose to 62 million, an increase of 47 percent over

the second half of _2007_.

Oh, and thanks for the link, Dave. I hadn't seen that report.

--

Steve Riley

steve.riley@microsoft.com

http://blogs.technet.com/steriley

Protect Your Windows Network: http://www.amazon.com/dp/0321336437

"Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in message

news:7C3D29AB-4506-4669-85CE-C57C95D258A8@microsoft.com...

> The Security Intelligence Report has a bit of information on that, see

> page 140 of the current edition. Here are some details:

>

> During the first half of 2008, the MSRT removed malware from 23.9

> million distinct computers worldwide, a 50 percent increase over the

> second half of 2007. The number of total disinfections performed in

> the first half of 2008 rose to 62 million, an increase of 47 percent

> over the second half of 2008. A disinfection is defined as the

> removal of a distinct type of malware, such as a specific file

> infector variant, that is present on an infected computer. The number

> of total disinfections is greater than the number of distinct

> computers cleaned because the MSRT often detects multiple infections

> on a single computer and because computers can become reinfected from

> month to month.

>

> Since the initial release of the MSRT, the infection rate measured by

> the MSRT has gone from a low of 2.9 computers cleaned for every 1000

> executions in the first half of 2006 to the current high of 10

> computers cleaned for every 1000 executions. This increase can be

> attributed to a number of factors, including detection improvements,

> the continual addition of new and newly prevalent families to the

> MSRT, and a general rise in malware prevalence worldwide.

>

> The tool reports each time it executes -- that's how we know the total

> number of executions. If the tool finds and removes a piece of malware, it

> reports that, too -- that's how we know the total number of disinfections.

> I don't know whether it has a "find-but-fail" report, although I think I

> might ask around to see whether it does.

>

> --

> Steve Riley

> steve.riley@microsoft.com

> http://blogs.technet.com/steriley

> Protect Your Windows Network: http://www.amazon.com/dp/0321336437

>

> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

> news:eFIGxMIUJHA.4180@TK2MSFTNGP02.phx.gbl...

>> From: "Steve Riley [MSFT]" <steve.riley@microsoft.com>

>>

>> | Leythos, which "security people" claim the tool is useless?

>>

>> | Your claim is certainly unsubstantiated by the data. We released the

>> tool in

>> | early 2005. As of June 2008, the tool has executed almost three billion

>> | times and has performed over 62 million disinfections on almost 24

>> million

>> | distinct computers.

>>

>> | This information, plus much more research, is available from our

>> | twice-yearly Security Intelligence Report. You can download the latest

>> | edition from http://www.microsoft.com/sir. You can see a list of the

>> malware

>> | families the MSRT recognizes at

>> | http://www.microsoft.com/security/malwarer.../families.mspx; we

>> update

>> | this page each time we update the tool.

>>

>> | --

>> | Steve Riley

>> | steve.riley@microsoft.com

>> | http://blogs.technet.com/steriley

>> | Protect Your Windows Network: http://www.amazon.com/dp/0321336437

>>

>> Thank you Steve.

>>

>> May I ask how those statistics are gathered and if they are collated into

>> what infector

>> they were and their success or failure ?

>>

>> For example the the Rustock which is a Trojan using RootKit techniques.

>> Are there statistics on how how many PCs were infected and the numbers

>> for successfully

>> removed and those that failed ?

>>

>> BTW: Since I mentioned Rustock, have you read the HostExploit White

>> paper on McColo ?

>> http://hostexploit.com/downloads/Hostexplo...02.0%201108.pdf

>>

>> --

>> Dave

>> http://www.claymania.com/removal-trojan-adware.html

>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>>

>>

November 28, 2008

On 11/26/2008 08:43 PM, Steve Riley [MSFT] sent:

> Leythos, which "security people" claim the tool is useless?

>

> Your claim is certainly unsubstantiated by the data. We released the

> tool in early 2005. As of June 2008, the tool has executed almost three

> billion times and has performed over 62 million disinfections on almost

> 24 million distinct computers.

>

> This information, plus much more research, is available from our

> twice-yearly Security Intelligence Report. You can download the latest

> edition from http://www.microsoft.com/sir. You can see a list of the

> malware families the MSRT recognizes at

> http://www.microsoft.com/security/malwarer.../families.mspx; we update

> this page each time we update the tool.

One can't help but notice from the map, in the SIR, that Japan seems to

have remarkably less reported detections, compared to all other

countries. I wonder if this is a statistical anomaly or if another

reason exists.

Pete

--

1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

November 28, 2008

"1PW" <barcrnahgjuvfgyr@nby.pbz> wrote in message

news:ggo4rq$6qk$1@news.motzarella.org...

<snip>

>

> One can't help but notice from the map, in the SIR, that Japan seems to

> have remarkably less reported detections, compared to all other

> countries. I wonder if this is a statistical anomaly or if another

> reason exists.

>

> Pete

> --

> 1PW

>

> @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

--

Microsoft says ............

"As a general rule, more malware is proportionally found by the MSRT in

developingcountries/regions than in developed countries/regions. For

example, the most infected country/region in Europe is Albania, while the

least infected countries/regions in Europe are Austria and Finland. In the

Asia-Pacific region, the most infected countries/regions are Mongolia and

Vietnam, while the least infected countries/regions are Taiwan and Japan.

The United States is proportionally less infected than most of the

countries/regions in the Americas. This trend may occur because the

deployment of security products is generally wider in developed

countries/regions, and user education around computer safety is usually

better."

HTH

Dave

--

November 28, 2008

From: "Steve Riley [MSFT]" <steve.riley@microsoft.com>

| Oops. I edited a minor error in the SIR and introduced one of my own in

| doing so. The second sentence in my quote should say:

| The number of total disinfections performed in the first half

| of 2008 rose to 62 million, an increase of 47 percent over

| the second half of _2007_.

| Oh, and thanks for the link, Dave. I hadn't seen that report.

| --

| Steve Riley

| steve.riley@microsoft.com

| http://blogs.technet.com/steriley

| Protect Your Windows Network: http://www.amazon.com/dp/0321336437

Thank you Steve! :-)

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

November 28, 2008

In article <2587A271-ED15-49A5-A39F-556393F20D68@microsoft.com>,

steve.riley@microsoft.com says...

>

> Meanwhile, the customers I consult with are grateful for this tool. The CSOs

> and CTOs and security architects I work with around the world, who represent

> several million client computers, have commented that the MSRT is one of the

> most responsible things they've seen us do -- in addition to all the work

> we've done to improve the quality of Windows. Plus, much of what the MSRT

> removes are worms that exploit vulnerabilities in humans, not

> vulnerabilities in the software -- even a perfect operating system (which is

> impossible to build) can't protect itself from that.

Steve, you wrote that "CSO's and CTO's.... 'commented that the MSRT is

one of the most responsible things they've seen us do..."

I agree, it's great that you, Microsoft, put out a tool to clean malware

off your OS that you have spend years not securing against that malware.

Don't get me wrong, I own a company that is a MS partner, sells MS based

solutions, never had a compromised computer on any of our customers

networks, and I've been doing this since the late 70's.

The only compromised PC's we see are ones from improperly guarded

networks and or improperly guarded home networks (even if it's just a PC

of one). Of those compromised machines, all of them were running Windows

(mostly XP, but now even vista), all had major brand AV software

actively working, some had stopped using IE because of the risks and

switched for Fire Fox or Opera, but, the key point is that all of them

were being used by people that COULD have learned more and didn't

because they thought they had done enough.

I'll give you an example of what happens to many HOME users - a nice

lady owned a computer, running Windows XP + SP2 (sp3 was not released

yet), used MS Works, had a single account, administrator level logon

(which is the default for most computers), 1 kid, about 8 years old,

using the computer also. They could not get it to respond properly, pop-

ups, etc.... I attempted to clean it, decided that after 5 passes with

different tools that it was not worth the "Time" to "clean" it and wiped

and reinstalled XP.

I provided three accounts for them to use "Administrator" with password,

"Mom" and "Son", M/S were limited user accounts. Set IE to high-security

Mode, bought them a NAT Router (no inbound Port forwarding), installed

all updates and patches. Installed AVG Free (and updates), and several

manual scanners. Automatic Updates enabled. I explained that they should

not use the Administrator account except in rare cases where "MOM"

needed to install an application that she could not install from

her/son's accounts, that they were NOT to run anything as the

"Administrator" account.

I got the computer back in two weeks, hosed again. The "Mom" had let the

kid use the administrator account because he could not get his "Games"

to run under his account, etc.... Needless to say, it was compromised

again in less than two weeks because the OS, using MS Suggested High-

Security settings would not provide the user with what they needed to

run the programs that they wanted to use while protecting them from

malware.

I installed Ubuntu, OO, and setup email and FireFox for them, machine

has been used for almost a year now and it's doing all that they NEED,

unable to play some of the games (online) that the kid wanted (since

they need active-x), but the computer is STILL running smooth and no

problems reported (and I check about once a month).

While I was out of the state my mother-inlaw bought a PC and her oldest

son installed it for her - XP Home, all updates, bought a Linksys NAT

appliance, but they didn't install it, connected directly to cable modem

for internet - Windows Firewall enabled.... By the time I got back the

PC wasn't working, bad things on the screen, etc... All the typical

signs of being hacked. The MS Firewall had default holes for

File/Printer sharing setup by Dell, and software installed more holes

for itself to use... Wiped her machine, installed NAT Router, setup

three accounts "Admin", "XXXX" (her name), "Visitors", same as the one

above - in this case she kept the computer clean, but she had to logon

as Admin to run QuickBooks since it would not run as "XXXX" user as a

limited account. She gave up things like the online game site POGO since

it would not install/run as a limited account, and she's basically used

the computer for QB, Browsing the web in IE HS Mode (which breaks many

sites) and for email.....

So, your story about the CSO/CTO is great, they appreciate that you've

(Microsoft) taken a "Responsible" step, but what you didn't report is

how many malware were removed from their networks by the MSRT.

We all agree, the MSRT is a 'Responsible' step from Microsoft, but it's

a day late and a $1 short. The problem is the OS lack of security

against malware and a tool like the MSRT is not preventing anything,

only reacting AFTER the compromise.

Again, my company provides MS platform solutions all over the USA and

India, we secure our networks and systems against threats and have

managed to never have a compromised system on any of our managed

networks. I am not a Linux advocate, don't believe it's ready for the

masses, but I also see LOTS of compromised non-client systems and home

systems each year, all of which would not have been compromised if MS

had just bite-the-bullet and change the foundation to a more secure

platform instead of trying to remain compatible.

In "My" experience I've yet to see that MSRT clean a system, and I know

this because after running it I can still experience problems that are

cleaned up by other tools - SBS&D, Symantec, MBAM, Multi-AV, even

registry edits manually.

I'm not here to argue with you, don't take it that way, but you've not

posted anything to contradict my statement. You've only posted that

people thing the MSRT is a great step, that it's removed malware, but

you've not posted all the information that would be needed to show that

it's a good tool.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

November 28, 2008

On Fri, 28 Nov 2008 09:12:53 -0500, Leythos <spam999free@rrohio.com> wrote:

>I provided three accounts for them to use "Administrator" with password,

>"Mom" and "Son", M/S were limited user accounts. Set IE to high-security

>Mode, bought them a NAT Router (no inbound Port forwarding), installed

>all updates and patches. Installed AVG Free (and updates), and several

>manual scanners. Automatic Updates enabled. I explained that they should

>not use the Administrator account except in rare cases where "MOM"

>needed to install an application that she could not install from

>her/son's accounts, that they were NOT to run anything as the

>"Administrator" account.

>

>I got the computer back in two weeks, hosed again. The "Mom" had let the

>kid use the administrator account because he could not get his "Games"

>to run under his account, etc.... Needless to say, it was compromised

>again in less than two weeks because the OS, using MS Suggested High-

>Security settings would not provide the user with what they needed to

>run the programs that they wanted to use while protecting them from

>malware.

>

>I installed Ubuntu, OO, and setup email and FireFox for them, machine

>has been used for almost a year now and it's doing all that they NEED,

>unable to play some of the games (online) that the kid wanted (since

>they need active-x), but the computer is STILL running smooth and no

>problems reported (and I check about once a month).

A very typical scenario. But the real security breach was the humans. The

mother let the kid use the administrator account and he was the source of

the original infection. You failed to analyze the root cause and correct it

on the first iteration.

The money they spent on your fixes would have been better spent on a new

computer for her and letting the kid use the old one with a reinstalled OS.

So you installed an OS that neither of them understand and I'll bet you

didn't give them the root access password so neither of them can get very

far. You would have done just as well reinstalling XP and denying them the

administrator password.

--

They don't call rootkits rootkits because they first appeared on Windows.

November 28, 2008

In article <fva0j4h7ln2crtfa9kempmasq533i5ifu9@4ax.com>,

geoff@invalid.invalid says...

> On Fri, 28 Nov 2008 09:12:53 -0500, Leythos <spam999free@rrohio.com> wrote:

>

> >I provided three accounts for them to use "Administrator" with password,

> >"Mom" and "Son", M/S were limited user accounts. Set IE to high-security

> >Mode, bought them a NAT Router (no inbound Port forwarding), installed

> >all updates and patches. Installed AVG Free (and updates), and several

> >manual scanners. Automatic Updates enabled. I explained that they should

> >not use the Administrator account except in rare cases where "MOM"

> >needed to install an application that she could not install from

> >her/son's accounts, that they were NOT to run anything as the

> >"Administrator" account.

> >

> >I got the computer back in two weeks, hosed again. The "Mom" had let the

> >kid use the administrator account because he could not get his "Games"

> >to run under his account, etc.... Needless to say, it was compromised

> >again in less than two weeks because the OS, using MS Suggested High-

> >Security settings would not provide the user with what they needed to

> >run the programs that they wanted to use while protecting them from

> >malware.

> >

> >I installed Ubuntu, OO, and setup email and FireFox for them, machine

> >has been used for almost a year now and it's doing all that they NEED,

> >unable to play some of the games (online) that the kid wanted (since

> >they need active-x), but the computer is STILL running smooth and no

> >problems reported (and I check about once a month).

>

> A very typical scenario. But the real security breach was the humans. The

> mother let the kid use the administrator account and he was the source of

> the original infection. You failed to analyze the root cause and correct it

> on the first iteration.

No, I clearly understood the root cause - users that don't want to be

locked down or "will not be" locked down. Users that want the freedom to

use their computers to have fun.

> The money they spent on your fixes would have been better spent on a new

> computer for her and letting the kid use the old one with a reinstalled OS.

> So you installed an OS that neither of them understand and I'll bet you

> didn't give them the root access password so neither of them can get very

> far. You would have done just as well reinstalling XP and denying them the

> administrator password.

It's not my computer, so the mother has the ROOT password, she has to

have it in order to apply updates - Ubuntu needs root access to do

updates. Your solution is not viable, not giving the password, in the

real world.

I didn't charge them, don't charge home users to fix their system.

So, again, YOU missed the real root cause:

1) Root cause of compromised computers - OS with exploits and holes that

can't be closed while allow the masses to easily use their computers

without LOTS of extra effort that most are not willing to put out.

2) Humans that are not willing to use their computers in the MS

recommended HIGH-Security settings mode, since most vendors apps for

residential users won't install or run while HS mode is in use.

I was actually hoping that MS would abandon the legacy idea when they

came out with Vista - all of the crap they put into it to look pretty,

to require Core 2 processors with 2GB ram, and 512MB video cards just to

have a machine that performs as well as the 2.5Ghz P4, 512MB RAM, and a

128MB video card, but they failed again on changing the OS to be secure.

We've all seen Vista machines compromised by the same crap that hits our

XP machines, and yea, it's great that MS is trying to clean up the mess

that gets ISP's residential networks black-listed for spamming/zombies,

but they didn't address the core problem - THE OS ITSELF.

I would be willing to pay $400 for a new 3 CAL license of XYZ OS from MS

if they could keep the pretty stuff, find a way to run Office 2003

(since 2007 is so dang bad) and to play the 1 or 2 games that I like -

having it spawn them in a VM so that it's destroyed after the session

ends, but only if they could ELIMINATE the threats for most users.

Before you reply, consider your idea of the root cause against what MAC

and Linux people have, and look at how some of them run as ROOT and

don't experience the issues that masses of Win people experience.

So, would the MSRT have prevented any of this - nope, would it have

completely cleaned their machines - nope. So, we're back to the idea

that the MSRT is not effective.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

November 28, 2008

Leythos wrote:

> In article <2587A271-ED15-49A5-A39F-556393F20D68@microsoft.com>,

> steve.riley@microsoft.com says...

>> Meanwhile, the customers I consult with are grateful for this tool. The CSOs

>> and CTOs and security architects I work with around the world, who represent

>> several million client computers, have commented that the MSRT is one of the

>> most responsible things they've seen us do -- in addition to all the work

>> we've done to improve the quality of Windows. Plus, much of what the MSRT

>> removes are worms that exploit vulnerabilities in humans, not

>> vulnerabilities in the software -- even a perfect operating system (which is

>> impossible to build) can't protect itself from that.

>

> Steve, you wrote that "CSO's and CTO's.... 'commented that the MSRT is

> one of the most responsible things they've seen us do..."

>

> I agree, it's great that you, Microsoft, put out a tool to clean malware

> off your OS that you have spend years not securing against that malware.

The big problem is the users, they want to be connected but don't

understand the risks. And some businesses choose to ignore them.

The end users just want a machine that is cheap and works, they really

don't want to pay a premium.

Otherwise they would either learn or pay someone else to admin the box

The malware protection companies are no better because they really don't

provide much informatin past the marketing spew

>

> Don't get me wrong, I own a company that is a MS partner, sells MS based

> solutions, never had a compromised computer on any of our customers

> networks, and I've been doing this since the late 70's.

>

> The only compromised PC's we see are ones from improperly guarded

> networks and or improperly guarded home networks (even if it's just a PC

> of one). Of those compromised machines, all of them were running Windows

> (mostly XP, but now even vista), all had major brand AV software

> actively working, some had stopped using IE because of the risks and

> switched for Fire Fox or Opera, but, the key point is that all of them

> were being used by people that COULD have learned more and didn't

> because they thought they had done enough.

>

> I'll give you an example of what happens to many HOME users - a nice

> lady owned a computer, running Windows XP + SP2 (sp3 was not released

> yet), used MS Works, had a single account, administrator level logon

> (which is the default for most computers), 1 kid, about 8 years old,

> using the computer also. They could not get it to respond properly, pop-

> ups, etc.... I attempted to clean it, decided that after 5 passes with

> different tools that it was not worth the "Time" to "clean" it and wiped

> and reinstalled XP.

>

> I provided three accounts for them to use "Administrator" with password,

> "Mom" and "Son", M/S were limited user accounts. Set IE to high-security

> Mode, bought them a NAT Router (no inbound Port forwarding), installed

> all updates and patches. Installed AVG Free (and updates), and several

> manual scanners. Automatic Updates enabled. I explained that they should

> not use the Administrator account except in rare cases where "MOM"

> needed to install an application that she could not install from

> her/son's accounts, that they were NOT to run anything as the

> "Administrator" account.

>

> I got the computer back in two weeks, hosed again. The "Mom" had let the

> kid use the administrator account because he could not get his "Games"

> to run under his account, etc.... Needless to say, it was compromised

> again in less than two weeks because the OS, using MS Suggested High-

> Security settings would not provide the user with what they needed to

> run the programs that they wanted to use while protecting them from

> malware.

You had a user bypass the security, can't really blame MS for this one

unless it was an MS game

>

> I installed Ubuntu, OO, and setup email and FireFox for them, machine

> has been used for almost a year now and it's doing all that they NEED,

> unable to play some of the games (online) that the kid wanted (since

> they need active-x), but the computer is STILL running smooth and no

> problems reported (and I check about once a month).

How about using wine to run IE or setup a virtual machine

>

> While I was out of the state my mother-inlaw bought a PC and her oldest

> son installed it for her - XP Home, all updates, bought a Linksys NAT

> appliance, but they didn't install it, connected directly to cable modem

> for internet - Windows Firewall enabled.... By the time I got back the

> PC wasn't working, bad things on the screen, etc... All the typical

> signs of being hacked. The MS Firewall had default holes for

> File/Printer sharing setup by Dell, and software installed more holes

> for itself to use... Wiped her machine, installed NAT Router, setup

> three accounts "Admin", "XXXX" (her name), "Visitors", same as the one

> above - in this case she kept the computer clean, but she had to logon

> as Admin to run QuickBooks since it would not run as "XXXX" user as a

> limited account. She gave up things like the online game site POGO since

> it would not install/run as a limited account, and she's basically used

> the computer for QB, Browsing the web in IE HS Mode (which breaks many

> sites) and for email.....

Sounds like intuit needs to work on their install program, or maybe do

the install in an area that the user has full rights too.

How about troubleshooting the problem with sysinternals utilities and or

LUA Bug light

<http://blogs.msdn.com/aaron_margosis/archive/2006/08/07/LuaBuglight.aspx>

When I setup a computer I ask the user(s) to make a list of programs

required and then test before the job is considered complete

>

> So, your story about the CSO/CTO is great, they appreciate that you've

> (Microsoft) taken a "Responsible" step, but what you didn't report is

> how many malware were removed from their networks by the MSRT.

>

> We all agree, the MSRT is a 'Responsible' step from Microsoft, but it's

> a day late and a $1 short. The problem is the OS lack of security

> against malware and a tool like the MSRT is not preventing anything,

> only reacting AFTER the compromise.

>

> Again, my company provides MS platform solutions all over the USA and

> India, we secure our networks and systems against threats and have

> managed to never have a compromised system on any of our managed

> networks. I am not a Linux advocate, don't believe it's ready for the

> masses, but I also see LOTS of compromised non-client systems and home

> systems each year, all of which would not have been compromised if MS

> had just bite-the-bullet and change the foundation to a more secure

> platform instead of trying to remain compatible.

>

> In "My" experience I've yet to see that MSRT clean a system, and I know

> this because after running it I can still experience problems that are

> cleaned up by other tools - SBS&D, Symantec, MBAM, Multi-AV, even

> registry edits manually.

I don't believe that is the main use of the program

from :http://www.microsoft.com/security/malwarer.../families.mspx:

The Microsoft Windows Malicious Software Removal Tool removes specific,

prevalent malicious software families from computers running compatible

versions of Windows. Microsoft releases a new version of the tool on the

second Tuesday of every month, and as needed to respond to security

incidents.

>

> I'm not here to argue with you, don't take it that way, but you've not

> posted anything to contradict my statement. You've only posted that

> people thing the MSRT is a great step, that it's removed malware, but

> you've not posted all the information that would be needed to show that

> it's a good tool.

It would be really interesting if mrt could identify the more info about

the box it helped fix

- patch status

- installed anti malware software (and update status)

Maybe some of the concerns will be helped by the free av MS is releasing

, though from earlier testing it appears it could use some work

John

>

>

November 28, 2008

In article <ggpfj0$h6h$1@nntp.motzarella.org>, notvalid@cox.net.invalid

says...

> Leythos wrote:

> > In article <2587A271-ED15-49A5-A39F-556393F20D68@microsoft.com>,

> > steve.riley@microsoft.com says...

> >> Meanwhile, the customers I consult with are grateful for this tool. The CSOs

> >> and CTOs and security architects I work with around the world, who represent

> >> several million client computers, have commented that the MSRT is one of the

> >> most responsible things they've seen us do -- in addition to all the work

> >> we've done to improve the quality of Windows. Plus, much of what the MSRT

> >> removes are worms that exploit vulnerabilities in humans, not

> >> vulnerabilities in the software -- even a perfect operating system (which is

> >> impossible to build) can't protect itself from that.

> >

> > Steve, you wrote that "CSO's and CTO's.... 'commented that the MSRT is

> > one of the most responsible things they've seen us do..."

> >

> > I agree, it's great that you, Microsoft, put out a tool to clean malware

> > off your OS that you have spend years not securing against that malware.

>

> The big problem is the users, they want to be connected but don't

> understand the risks. And some businesses choose to ignore them.

>

> The end users just want a machine that is cheap and works, they really

> don't want to pay a premium.

>

> Otherwise they would either learn or pay someone else to admin the box

>

> The malware protection companies are no better because they really don't

> provide much informatin past the marketing spew

I think the issue is more two issues:

1) Insecure OS that hasn't fixed the problems because MS is afraid they

will take a hit (sales) if they don't support older applications, so

they keep producing an OS/Versions that have the same fatal flaw.

2) Users that think of computers as appliances.

With that in mind, why shouldn't users think of their computers as

appliances? If the OS was secure it would be just another appliance.

> > Don't get me wrong, I own a company that is a MS partner, sells MS based

> > solutions, never had a compromised computer on any of our customers

> > networks, and I've been doing this since the late 70's.

[snip]

> > I'll give you an example of what happens to many HOME users - a nice

[snip]

> > I got the computer back in two weeks, hosed again. The "Mom" had let the

> > kid use the administrator account because he could not get his "Games"

> > to run under his account, etc.... Needless to say, it was compromised

> > again in less than two weeks because the OS, using MS Suggested High-

> > Security settings would not provide the user with what they needed to

> > run the programs that they wanted to use while protecting them from

> > malware.

>

> You had a user bypass the security, can't really blame MS for this one

> unless it was an MS game

User "Didn't bypass" security, they used the computer in a normal

manner. It's normal to install applications as Administrator, and it's

"normal" to run many applications as Administrator since they won't run

as a limited user.

So, again, the flaw is in the OS, allowing itself to be compromised.

> > I installed Ubuntu, OO, and setup email and FireFox for them, machine

> > has been used for almost a year now and it's doing all that they NEED,

> > unable to play some of the games (online) that the kid wanted (since

> > they need active-x), but the computer is STILL running smooth and no

> > problems reported (and I check about once a month).

>

> How about using wine to run IE or setup a virtual machine

If I can't make them understand simple things I'm sure not going to get

them to understand Wine. If I was going to go that route I would have

installed Fedora.

> > While I was out of the state my mother-inlaw bought a PC and her oldest

[snip]

> > sites) and for email.....

>

> Sounds like intuit needs to work on their install program, or maybe do

> the install in an area that the user has full rights too.

It's been that way for many years, many, and there are hacks, but

nothing a typical masses type user is going to learn/do.

[snip]

> When I setup a computer I ask the user(s) to make a list of programs

> required and then test before the job is considered complete

Yes, so do we. and with most MS systems we even image the drive and put

it on DVD(s) so that we can restore it to like-new status for people

that we support (home computers) so that it's easier to rebuild when

they screw it up again :-)

> > So, your story about the CSO/CTO is great, they appreciate that you've

> > (Microsoft) taken a "Responsible" step, but what you didn't report is

> > how many malware were removed from their networks by the MSRT.

[snip]

> > In "My" experience I've yet to see that MSRT clean a system, and I know

> > this because after running it I can still experience problems that are

> > cleaned up by other tools - SBS&D, Symantec, MBAM, Multi-AV, even

> > registry edits manually.

>

> I don't believe that is the main use of the program

>

> from :http://www.microsoft.com/security/malwarer.../families.mspx:

[snip]

And I agree, but it's still a day late and a $1 short. Why build

something to fix the compromise AFTER you know it's going to happen

instead of creating a tool that protects the users in real time.

> > I'm not here to argue with you, don't take it that way, but you've not

> > posted anything to contradict my statement. You've only posted that

> > people thing the MSRT is a great step, that it's removed malware, but

> > you've not posted all the information that would be needed to show that

> > it's a good tool.

>

> It would be really interesting if mrt could identify the more info about

> the box it helped fix

[snip]

It would be more interesting to see if the money they have invested in

the MSRT was worth it - and the only way to know if it was worth

anything is to know how much it fixed vs how much it didn't fix.

Since all we have is marketing hype, like NAT router vendors calling

their hardware a "Firewall", we don't really know how good the MSRT is,

except that most of us never see it find/fix anything.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

November 28, 2008

On 11/28/2008 12:04 AM, ~BD~ sent:

> "1PW" <barcrnahgjuvfgyr@nby.pbz> wrote in message

> news:ggo4rq$6qk$1@news.motzarella.org...

> <snip>

>> One can't help but notice from the map, in the SIR, that Japan seems to

>> have remarkably less reported detections, compared to all other

>> countries. I wonder if this is a statistical anomaly or if another

>> reason exists.

>>

>> Pete

>> --

>> 1PW

>>

>> @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

>

> --

>

> Microsoft says ............

> "As a general rule, more malware is proportionally found by the MSRT in

> developing countries/regions than in developed countries/regions. For

> example, the most infected country/region in Europe is Albania, while the

> least infected countries/regions in Europe are Austria and Finland. In the

> Asia-Pacific region, the most infected countries/regions are Mongolia and

> Vietnam, while the least infected countries/regions are Taiwan and Japan.

> The United States is proportionally less infected than most of the

> countries/regions in the Americas. This trend may occur because the

> deployment of security products is generally wider in developed

> countries/regions, and user education around computer safety is usually

> better."

>

> HTH

>

> Dave

Hello Dave:

I know you were trying to be helpful. However, this was a follow-up to

Steve Riley's post.

I've read what you read. I am not quite ready to accept the above on

its face value just yet. However, my mind will remain open.

Let's let Mr. Riley expand on this, if he's a mind to.

Thank you though Dave. Mr. Riley: If you would sir. Thank you.

--

1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

November 28, 2008

From: "1PW" <barcrnahgjuvfgyr@nby.pbz>

| Hello Dave:

| I know you were trying to be helpful. However, this was a follow-up to

| Steve Riley's post.

| I've read what you read. I am not quite ready to accept the above on

| its face value just yet. However, my mind will remain open.

| Let's let Mr. Riley expand on this, if he's a mind to.

| Thank you though Dave. Mr. Riley: If you would sir. Thank you.

| --

| 1PW

Would be even better if Mr. R. Treit (Microsoft) would post some information. I haven't

communicated with him since 11/'05.

I don't know if Steve Riley works with Mr. Treit or not.

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

November 28, 2008

Leythos wrote:

> In article <ggpfj0$h6h$1@nntp.motzarella.org>, notvalid@cox.net.invalid

> says...

>> Leythos wrote:

>>> In article <2587A271-ED15-49A5-A39F-556393F20D68@microsoft.com>,

>>> steve.riley@microsoft.com says...

>>>> Meanwhile, the customers I consult with are grateful for this tool. The CSOs

>>>> and CTOs and security architects I work with around the world, who represent

>>>> several million client computers, have commented that the MSRT is one of the

>>>> most responsible things they've seen us do -- in addition to all the work

>>>> we've done to improve the quality of Windows. Plus, much of what the MSRT

>>>> removes are worms that exploit vulnerabilities in humans, not

>>>> vulnerabilities in the software -- even a perfect operating system (which is

>>>> impossible to build) can't protect itself from that.

>>> Steve, you wrote that "CSO's and CTO's.... 'commented that the MSRT is

>>> one of the most responsible things they've seen us do..."

>>>

>>> I agree, it's great that you, Microsoft, put out a tool to clean malware

>>> off your OS that you have spend years not securing against that malware.

>> The big problem is the users, they want to be connected but don't

>> understand the risks. And some businesses choose to ignore them.

>>

>> The end users just want a machine that is cheap and works, they really

>> don't want to pay a premium.

>>

>> Otherwise they would either learn or pay someone else to admin the box

>>

>> The malware protection companies are no better because they really don't

>> provide much informatin past the marketing spew

>

> I think the issue is more two issues:

>

> 1) Insecure OS that hasn't fixed the problems because MS is afraid they

> will take a hit (sales) if they don't support older applications, so

> they keep producing an OS/Versions that have the same fatal flaw.

>

> 2) Users that think of computers as appliances.

>

> With that in mind, why shouldn't users think of their computers as

> appliances? If the OS was secure it would be just another appliance.

>

>

>>> Don't get me wrong, I own a company that is a MS partner, sells MS based

>>> solutions, never had a compromised computer on any of our customers

>>> networks, and I've been doing this since the late 70's.

> [snip]

>>> I'll give you an example of what happens to many HOME users - a nice

> [snip]

>>> I got the computer back in two weeks, hosed again. The "Mom" had let the

>>> kid use the administrator account because he could not get his "Games"

>>> to run under his account, etc.... Needless to say, it was compromised

>>> again in less than two weeks because the OS, using MS Suggested High-

>>> Security settings would not provide the user with what they needed to

>>> run the programs that they wanted to use while protecting them from

>>> malware.

>> You had a user bypass the security, can't really blame MS for this one

>> unless it was an MS game

>

> User "Didn't bypass" security, they used the computer in a normal

> manner. It's normal to install applications as Administrator, and it's

> "normal" to run many applications as Administrator since they won't run

> as a limited user.

>

> So, again, the flaw is in the OS, allowing itself to be compromised.

>

But if the individual is running as root/admin privs then they must

accept some level of responsibility.

Though I do agree MS does have some level of responsibility mostly by

ommision not making it clear to the new user where they could be vulnerable.

The other software manufacturers should also bear part of the blame for

not properly configuring their programs to run with an appropriate level

of privileges.

John

<snip>

Sign In

Alerting - Malicious software removal tool

Recommended Posts

Guest Jo-Anne

Popular Days

Popular Days

Guest FromTheRafters

Guest Steve Riley [MSFT]

Guest David H. Lipman

Guest Kayman

Guest Leythos

Guest Kayman

Guest none

Guest The Real Truth MVP

Guest Leythos

Guest Leythos

Guest Steve Riley [MSFT]

Guest Steve Riley [MSFT]

Guest Steve Riley [MSFT]

Guest 1PW

Guest ~BD~

Guest David H. Lipman

Guest Leythos

Guest Geoff

Guest Leythos

Guest John Mason Jr

Guest Leythos

Guest 1PW

Guest David H. Lipman

Guest John Mason Jr

Join the conversation

Browse

Activity

Support