Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Microsoft Spyware Updates

Status
Not open for further replies.
aquias

aquias

MIS
Jun 13, 2003
820
US
Hiho everyone,

I'm tinkering a bit and I was curious if anyone knew what the address of the update site is for the MS Spyware beta? Does it go through the windows update site or does it come from somewhere else? I did a brief bit of digging and came up empty (and right now I'm a bit buried so I don't know if I'll get to digging today).

Thanks!

For those of you curious as to why I'm looking for this, I'm locking down a few users to a very restrictive web surfing. I'd like to ensure the Beta client stays up to date if a different user logs onto the system.
 
Sort by date Sort by votes
Aquias,

When I do a netstat when trying to update MS Antispyware I get the following resolution:

service.giantcompany.com:http

So, I believe that is where the defs are coming from. I am be wrong, but this is what I have seen.

I always appreciate your opinions and thoughts Aquias.

Erik
 
Upvote 0 Downvote
Dohp, that's one heckuva thought Erik!!! I'm quite impressed!! It didn't even occur to me to do a netstat!

And thanks Erik, I consider that some high praise given that you're one of the most reliable on advice and how to's.
 
Upvote 0 Downvote
Although, in my netstat I didn't go to Giant or my timing was off each test I tried. I received the following information with mine...

spynet.com:http
crl.microsoft.com:http
207.46.230.48

Erik, what (if I can keep bothering you on this) version of the client are you running?

I'm running 1.0.509, build 2600.
 
Upvote 0 Downvote
Aquias,

I am running build 1.0.501. I will try installing the latest and greatest and see if that makes a difference, but I would think that they are being pulled from the same place.

Erik
 
Upvote 0 Downvote
I would, generally, agree with you. That each build should pull from one location, but it's possible that they've hardcoded where to pull from. Meaning that previous versions would pull from a different site during times of change over.

At least that's all I can come up with, I'm not a developer nor do I claim to be :p
 
Upvote 0 Downvote
OK,

I upgraded to the latest and now I am resolving the following:



207.46.249.56:http

The last one is a windows update, which I am not sure if it was just a happening that I hit it at the same time I updated defs...

What think ye?

Erik
 
Upvote 0 Downvote
Yeah, I agree, so if I were you I would allow for windowsupdates.com
spynet.com
and service.giantcompany.com

It very well may depend on the version as to where they are pulling from.

Erik
 
Upvote 0 Downvote
My thoughts, and I'm hoping that someone more familiar with programing will jump in and slap me if I'm speaking incorrectly here, is that the update site for Giant was hardcoded. Dunno by which vendor though, now with the later builds, MS has adjusted that specific branch of coding to incorporate the updates into their "standard" updating procedures.

I'm betting that with each update we run, we'll always see the connection to the spynet.com, and then a varying IP address that is connecting to windows update. I'm going to try something out for testing (which I probably should have done prior to posting this question) and see if I can get the MS beta to update when I disallow all traffic, except to the windows update site.
 
Upvote 0 Downvote
Alrighty,

Using Ethereal to capture the packets and make certain I didn't miss anything, it seems there are two primary spots that MS Beta hits.

One is an IP address, which may be for the Windows Update site to look for new software (honestly, I'm not certain what it's for).

The other, like we saw earlier, is Spynet.com. Spynet is what controls the spyware definitions. However, in testing this I did catch a problem with the MS beta software, if you have an internet connection, but cannot connect to spynet.com it will report that your definitions are up to date. Now, to find out where the bug reporting site is for this bloody program.

Well, Erik I appreciate the help. Being the only tech guy in a shop it's helpful to have someone to help get me from point A to R!
 
Upvote 0 Downvote
'My thoughts, and I'm hoping that someone more familiar with programing will jump in and slap me if I'm speaking incorrectly here, is that the update site for Giant was hardcoded."

All of those resource are now owned by Microsoft.

I you guys could just wait a little bit...

You are likely at V4 or V5 of "Windows Update".

It will soon change to "Microsoft Update" and will soon deal with this and a lot of other issues.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
244
2ffat
2ffat
goombawaho
  • Locked
  • Question
Stop Microsoft Security Essentials pop-up on XP machines 1
Replies
9
Views
224
goombawaho
goombawaho
harebrain
  • Locked
  • Question
Does Microsoft call you? 10
Replies
15
Views
237
jlockley
jlockley
jlockley
  • Locked
  • Helpful tip
The Crawler/Spyware terminator issue
Replies
5
Views
133
jlockley
jlockley
kjv1611
  • Locked
  • Question
Anyone used Microsoft Standalone System Sweeper Offline Virus Scanner?
Replies
7
Views
152
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top