Learning to Fly - Mika's Blog

I guess it's about the time to switch from holiday mode back to business. I've had a nice holiday between Xmas and New Year and also did a bit of travelling last week with my family. Came across with my cousin's brand new desktop PC which used to shut down almost everyday by itself - no fun for a home user not to mention the IE crashing sometimes several times a day :( I suspect memory or motherboard failure. The courier company picked up the PC to be repaired the same morning we left...

If you didn't hear this from somewhere else, last week Microsoft released the public beta of AntiSpyware. I've now installed it on three machines and nothing special has come up. The product works very well considering its beta status. The only problem I had with it was when I tried to start it as an ordinary user. With runas, no problems so far. BTW, I've referred my students frequently to Aaron Margosis' WebLog where Aaron has written great info on running apps as admin while locked on as an "normal" user. Yesterday, I also came across Michael Howard's article "Browsing the Web and Reading E-mail Safely as an Administrator" which also includes DropMyRights application and info on process tokens when using the app. You can also find a shell extension & some further discussion on http://blogs.msdn.com/michael_howard/archive/2004/12/23/331606.aspx.

On my production machine (Windows Server 2003 Std & ISA 2004 Std & Symantec SAVCE), the only threat that AntiSpyware reported was MSN Messenger add-on MessengerPlus! and its optional adaware called C2Media. I've got to like MessengerPlus! and its functionality and in this case usability takes over security...

I'm not going to write a comprehensive report on the functionality of the AntiSpyware, since Paul Thurrot has already done that. I found the most interesting part of the application to be the Advanced Tools that included System Explorers to find out details that might be hard to do otherwise. I've yet to study whether Microsoft has dropped some of the advanced tools that Paul mentions. Of course, some other companies have written similar apps, such as SysInternal's Autoruns utility which provides the info on the programs starting automatically.