1) Checked status with both Adaware & Spybot. AdAware clear, Sybot no threats found!

2) Ultimate startup - no entries in any of the 4 categories

3) Started Firefox & went to Astalavista
- 1st meaasge I got was that I needed a plug-in - Plug-in finder Mozilla Firefox seemed to want Java. I eventually shut that window as I couldn't make any sense of what it was that was supposed to be downloaded
- At Astalavista I selected (from Underground search I selected ms******.com) & used A***** as th search arg
- upon reaching that site I had a request to install a 'Content Access Plugin 1.01' - I declined.
- From the ms******.com site I clicked on a link to the****.ws site
- I clicked on their enter link
- I had an unsolicited pop-up window that said timeout trying to access 81.13.66.62 - I closed it
- at the******.ws I clicked on 1st link in their list
- I did a search on M**** (the full name :-)
- I selected a product belonging to the nominated company
- A window opened with the requested info & also there was a request to vote on this site
- I clicked 'vote for us' (several screens later I gave up)
- At this point I had had enough & closed all the windows

- upon exiting firefox I got an error screen ...
'Firefox.exe has encountered a problem and needs to close'
I was advise to notify Microsoft. I clicked the don't send button
- next I disabled the VPC XP's network adapter & ran Spybot, Adaware & Starter


RESULT
======

Adaware:
No malware or cookies or any new problems

Spybot:
'No immediate threats found' !!!!

Starter:
Clean

- I am surprised, I thought there would be some artifacts of this fact finding exercise :-)

#2 - I later found that Spybot immunization was active - for reasons I can't determine at this time, the immunisation won't switch off - I may have to restore the original VPC and repeat everything without having invoked the immunisation which I had done for a separate test.

no crash after using Firefox to visit Iwethey.

Will reconfirm results by doing same test but with IE

Doug M

1) Firefox

- www.astalavista.com
- 'A web site has attempted to open a pop-up without your permission' (I clicked ok to continue - popup blocked)
- 'Plug-in not loaded' - java-vm (I clicked get the plug-in)
- I then seemed to be at a Netscape page. I closed it
- Then selected ms******.com with a search arg of ****** (censored)
- Then clicked the 4th item in the displyed list
- The requested data displayed but also a window with a msg ..
'A web site is requesting permission to install the following item:'
'Content Access Plugin 1.01' (I declined)
- I returned to he list & selcetd another item
- The requested data appeared (no window this time)
- I then chose the 1st ref link on left side of ms******.com home screen
- (<something>Spider.net) - entered a search arg & clicked search
- Nothing came back so shut that site's window
- Clicked another ref link from ms*****.com (*****Portal.com)
- No results so used The****.ws search engine
- Ended up at *****Search.ws
- Clicked a link to #####.nu
- Went to 4 more sites and at 1 downloaded 4 small files - Firefox asked me what I wanted to do with them
I clicked 'save to disk' but I don't really know (yet) where Firefox was putting them\\
- Had enough (by this time, if this was MSIE, I would expect 20+ cookies & 6 malware entries)
When I had exited all the web sites I found the downloaded files on the desktop.


Ran AdAware and Spybot plus Starter

ALL 3 WERE PRISTINE - NO NEW THREATS


2) MSIE on WinXP Home (pristine install)

Now to do same with Windows MSIE (Home Edition WinXP)
- www.astalavista.com
- Got a pop-up window (closed it)
- Got cookie warning (closed it)
- Got a Security Warning window - asked me if I wanted to accept some 'must be older than 18 pgm' (clicked close)
- Got similar Security Windows 4 more time in visiting same sites as in test 1 above. Closed them each time


Ran Adaware and SpyBot plus Ulimate Starter

Hmmmm -- this time apart from 3 tracking cookies and Spybot recording 'Error During Check
- Hotbar (Ungultige Gleitkommaoperation)' same result as for FireFox - no new threats.

This I don't follow - the main difference between today's & yesterdays tests has been setting up a newly
installed VM of WinXP home whereas the other was a copy of WinXP Pro.

The test I had done with WinXP Pro I did 3 times & got the corruptions each time.

There has to be some other thing I am missing here.

Doug Marker