spyware included in windows security updates

can someone please explain to me why, after downloading and express
installing windows security updates on my clean windows xp system, i have to
immediately run my freedom antispyware program and remove at least a half
dozen spyware programs from my system? midaddle seems to be the most popular
included spyware program. what's up with that? who am i protecting my
system from -- hackers or microsoft?? thanks!

From: "maeiouw" <>

| can someone please explain to me why, after downloading and express
| installing windows security updates on my clean windows xp system, i have to
| immediately run my freedom antispyware program and remove at least a half
| dozen spyware programs from my system? midaddle seems to be the most popular
| included spyware program. what's up with that? who am i protecting my
| system from -- hackers or microsoft?? thanks!


The malware didn't come from Microsoft ! That's a faux conclusion.

Chances are the Malicious Software Removal tool was downloaded and executed causing a scan
of your computer. The MRT didn't find malware but the scanning of the hard disk kicked off
Freedom AV as the files were being scanned.

Be careful about drawing conclusion and then making wild accusations.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

yes, wild accusations, thank you......i've been studying this "wild
phenomenon" for several months now and it seems to work out the same way -- i
get notified that i have security updates. i run an antispyware scan BEFORE
downloading the updates and either come up with none (usually, since i run
the antispyware program everyday), or if there are any, delete them BEFORE
downloading the updates. then, after installing the updates i IMMEDIATELY
run the antispyware program again, and lo and behold, spyware!!! yes, it is
wild! thank you for your input.

"David H. Lipman" wrote:

> From: "maeiouw" <>
>
> | can someone please explain to me why, after downloading and express
> | installing windows security updates on my clean windows xp system, i have to
> | immediately run my freedom antispyware program and remove at least a half
> | dozen spyware programs from my system? midaddle seems to be the most popular
> | included spyware program. what's up with that? who am i protecting my
> | system from -- hackers or microsoft?? thanks!
>
>
> The malware didn't come from Microsoft ! That's a faux conclusion.
>
> Chances are the Malicious Software Removal tool was downloaded and executed causing a scan
> of your computer. The MRT didn't find malware but the scanning of the hard disk kicked off
> Freedom AV as the files were being scanned.
>
> Be careful about drawing conclusion and then making wild accusations.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

From: "maeiouw" <>

| yes, wild accusations, thank you......i've been studying this "wild
| phenomenon" for several months now and it seems to work out the same way -- i
| get notified that i have security updates. i run an antispyware scan BEFORE
| downloading the updates and either come up with none (usually, since i run
| the antispyware program everyday), or if there are any, delete them BEFORE
| downloading the updates. then, after installing the updates i IMMEDIATELY
| run the antispyware program again, and lo and behold, spyware!!! yes, it is
| wild! thank you for your input.
|


Yes, it is wild, wild accusations without a factual basis.

/* Like I said this is a FAUX conclusion. */

I spend numerous hours studying all forms of malware, viral and non-viral. I am in touch
with numerous anti malware groups, organizations, MS MVPs and and anti malware vendors. To
date there have been NO instances of Microsoft pushing malware via the Windows Update
service -- NONE.

Now to properly discuss this we need to disect your statements and quantify as well as
qualify them properly.

This will include the identification of the files (fully qualified names and paths) deemed
to be malware as well as the anti malware applications flagging the files as being infected.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

maeiouw wrote:
> can someone please explain to me why, after downloading and
> express installing windows security updates on my clean windows
> xp system, I have to immediately run my freedom antispyware
> program and remove at least a half dozen spyware programs from my
> system? midaddle seems to be the most popular included spyware
> program. what's up with that? who am I protecting my system
> from -- hackers or Microsoft?? thanks!

David H. Lipman wrote:
> The malware didn't come from Microsoft ! That's a faux conclusion.
>
> Chances are the Malicious Software Removal tool was downloaded and
> executed causing a scan of your computer. The MRT didn't find
> malware but the scanning of the hard disk kicked off Freedom AV as
> the files were being scanned.
>
> Be careful about drawing conclusion and then making wild
> accusations.

maeiouw wrote:
> yes, wild accusations, thank you......I've been studying this "wild
> phenomenon" for several months now and it seems to work out the
> same way -- I get notified that I have security updates. I run an
> antispyware scan BEFORE downloading the updates and either come up
> with none (usually, since I run the antispyware program everyday),
> or if there are any, delete them BEFORE downloading the updates.
> then, after installing the updates I IMMEDIATELY run the
> antispyware program again, and lo and behold, spyware!!! yes, it
> is wild! thank you for your input.

Then support them... Don't just throw them out.

Screaming "the sky is falling" without a piece of the sky as proof is about
as effective as what you are doing now. Most of us will make a snide
comment or ignore you completely and drift away, leaving you screaming about
the sky falling in the middle of the town square.

Certainly - if you have been "studying" this for "several months", you have
documented the spyware you do find. You have possibly recorded
screen-capture motion video you can post (or at least screenshots) showing
your pre-scan, download of updates and post-scan results. Show us what you
have. Also - prove to yourself that it is Windows Updates... Scan with
your scanner, reboot, visit 3 to 5 non-Microsoft web pages and reboot..
Scan again... Find anything? Also - I might suggest using OTHER
antiSpyware applications... I cannot speak out for/against "Freedom
Antispyware" - But I know it is not one of the ones I see recommended on
these newsgroups...

I personally have not seen this on any of the machines I manage... And they
ALL get scanned with various antispyware applications periodically and many
of them have not reported ANY spyware in several months --> and they are all
updated regularly. Could I show you proof of this? Probably not - because
I just keep track of when I find spyware and I push all the updates to these
machines - so I know when they got those too... But I am not the one making
claims I need to support here. I am accusing my systems of working as
advertised - showing proof of that would be... unnecessary and obsessive.

Right now you are standing in the town square - in your Spiderman pajamas no
less - screaming about the sky falling. Show us a piece of the sky. ;-)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

From: "Shenan Stanley" <>


|
| Then support them... Don't just throw them out.
|
| Screaming "the sky is falling" without a piece of the sky as proof is about
| as effective as what you are doing now. Most of us will make a snide
| comment or ignore you completely and drift away, leaving you screaming about
| the sky falling in the middle of the town square.
|
| Certainly - if you have been "studying" this for "several months", you have
| documented the spyware you do find. You have possibly recorded
| screen-capture motion video you can post (or at least screenshots) showing
| your pre-scan, download of updates and post-scan results. Show us what you
| have. Also - prove to yourself that it is Windows Updates... Scan with
| your scanner, reboot, visit 3 to 5 non-Microsoft web pages and reboot..
| Scan again... Find anything? Also - I might suggest using OTHER
| antiSpyware applications... I cannot speak out for/against "Freedom
| Antispyware" - But I know it is not one of the ones I see recommended on
| these newsgroups...
|
| I personally have not seen this on any of the machines I manage... And they
| ALL get scanned with various antispyware applications periodically and many
| of them have not reported ANY spyware in several months --> and they are all
| updated regularly. Could I show you proof of this? Probably not - because
| I just keep track of when I find spyware and I push all the updates to these
| machines - so I know when they got those too... But I am not the one making
| claims I need to support here. I am accusing my systems of working as
| advertised - showing proof of that would be... unnecessary and obsessive.
|
| Right now you are standing in the town square - in your Spiderman pajamas no
| less - screaming about the sky falling. Show us a piece of the sky. ;-)
|
| --
| Shenan Stanley
| MS-MVP

Shenan:

Freedom AV is an OEM of the Frisk Frot Engine and Signature files like Authentium anti
virus.

Freedom AV is by Radialpoint (formally ZeroKnowledge) and is often bundled by ISPs.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Shenan Stanley wrote:
<snipped for this part of the thread...>
> Also - I might suggest using OTHER
> antiSpyware applications... I cannot speak out for/against
> "Freedom Antispyware" - But I know it is not one of the ones I see
> recommended on these newsgroups...

David H. Lipman wrote:
> Shenan:
>
> Freedom AV is an OEM of the Frisk Frot Engine and Signature files
> like Authentium anti virus.
>
> Freedom AV is by Radialpoint (formally ZeroKnowledge) and is often
> bundled by ISPs.

Much appreciated, David.

I was just researching and reading up on it.

Interesting Thread on it...
http://www.wilderssecurity.com/showthread.php?t=3072

Thanks for the heads up, though!

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

David H. Lipman wrote:

> To
> date there have been NO instances of Microsoft pushing malware via the Windows Update
> service -- NONE.

WGA/N ring a bell?

Alias

From: "Alias~-" <>

| David H. Lipman wrote:
|
>> To
>> date there have been NO instances of Microsoft pushing malware via the Windows Update
>> service -- NONE.
|
| WGA/N ring a bell?
|
| Alias

Ha, ha, ha...

Yes, many are calling Windows Genuine Advantage "malware" as a derrogatory reference but not
in a "real" sense. No anti malware applications I know of will flag the genuine WGA as
malware.

There ARE fake Windows Genuine Advantage Trojans but they do NOT come from Microsoft. One
actually runs as a NT Service.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

From: "Shenan Stanley" <>


|
| Much appreciated, David.
|
| I was just researching and reading up on it.
|
| Interesting Thread on it...
| http://www.wilderssecurity.com/showthread.php?t=3072
|
| Thanks for the heads up, though!
|
| --
| Shenan Stanley
| MS-MVP

Notice in that thread it references Command Anti Virus. That's Autium's anti virus product.

http://www.f-prot.com/partners/oem/c..._partners.html

http://www.authentium.com/partners/
{ BTW: My present employer is listed as a partner in the above URL :-) }

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm