How to block Microsoft SpyNet
Microsoft Security Essentials
Microsoft Security Essentials is the latest avatar of Microsoft antispyware. It is a signature based free antimalware software that can be used to protect your system against potential threats, such as viruses, spyware, and other potentially unwanted software.
Microsoft Spynet
When you first install Microsoft Security Essentials you agree to become a part of this unfortunately named community of Windows Defender and Microsoft Security Essentials users. Microsoft SpyNet helps Microsoft in differentiating a malware program from a legitimate program based on inputs automatically collected from the Microsoft SpyNet members.
There are two types of memberships basic and advanced. As a basic member -which is the default- your copy of Microsoft Security Essentials “sends basic information to Microsoft about software that Microsoft Security Essentials detects, including where the software came from, the actions that you apply or that Microsoft Security Essentials applies automatically, and whether the actions were successful. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or to contact you.”
An advanced member sends more information in addition to what is stated above and again “in some instances, personal information might unintentionally be sent to Microsoft.” Microsoft Security Essentials also collects standard computer information, which includes information about your computer software and hardware, such as your IP address, operating system, Web browser software, and version.”
There is no option not to participate in the SpyNet community. Microsoft Security Essentials privacy policy confirms that “to continue using Microsoft Security Essentials, you will need to remain a member of this online community.”
The mandatory enrolling of members in the SpyNet community makes many people to see red and seek ways to disable Microsoft SpyNet without losing the functionality of Microsoft Security Essentials.
Blocking Microsoft SpyNet without losing functionality
According to Microsoft documentation “The online Microsoft SpyNet community helps you see how other people respond to software that has not yet been classified for risks. You can use this information to help you choose whether to allow this software on your computer. In turn, if you participate, your choices are added to the community ratings to help other people decide what to do. ” The community also helps stop the spread of new infections.
This means that if you block Microsoft SpyNet your choices in rating the programs that you run are NOT added to the community while you use other people’s choices to respond to potential threats. If you really want to do this, proceed further.
There are two ways to go about this. One is through editing the registry and the other is by entering couple of entries to your hosts file.
Block Microsoft SpyNet by editing the Registry
All caveats about editing the Windows registry apply here. Before you edit the registry, export the keys in the registry that you plan to edit, or back up the whole registry. How to back up and restore the registry in Windows
Type regedit in the run command box and press enter to open the registry editor. Navigate and select the following key on the left pane:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet
Now Click on the Edit menu and click Permissions to open the Permissions for SpyNet settings box. Select your user name in the Group or user names and check mark the box Full Control to Allow editing of this key. Note that this maneuver will give the selected user full control over the SpyNet key only.
Click Apply and OK your way out. On the right pane of the registry editor, right click SpyNetReporting and click Modify.
Change the Value data to 0 for no membership to Microsoft SpyNet.
- A value of 1= Basic Membership
- A value of 2= Advanced Membership
If you are successful in changing the value to 0, your Microsoft SpyNet screen in Microsoft Security Essentials should look like this:
Note both the boxes remain unselected.
Block Microsoft SpyNet using the hosts file
Microsoft Security Essentials and Windows Defender both use the following domains to communicate with Microsoft:
- spynet2.microsoft.com
- spynettest.microsoft.com
Add the following lines to your hosts file to blackhole the communication:
- 127.0.0.1 spynet2.microsoft.com
- 127.0.0.1 spynettest.microsoft.com
It doesn’t affect the virus and spyware definitions update as Microsoft Security Essentials uses Automatic Updates/Windows Updates for updates.
Did this work for you? Should we block Microsoft SpyNet? or do you think every user should participate in the Microsoft SpyNet online community keeping in mind the larger scheme of things to minimize the number of unprotected PC’s?
Are you paranoid enough to try both the fixes?
Update 08 Oct 2009 – According to Aaron Hulett | Microsoft Malware Protection Center “if you disable SpyNet, you’ll also disable Dynamic Signature Service” Re: Microsoft confirms Security Essentials to be released 9/29 – dslreports.com.
Dynamic Signature Service is a mechanism used by Security Essentials to query a designated server for signatures when it detects an unknown program. If it finds the signatures match a known malware, it downloads the signatures and removes the offender. On the other hand if the offending programs’ signature appears new, then the DSS may request a sample code from the client machine to create new signatures.
To put it in simple terms, this means that if you decide to opt-out of the Microsoft Spynet, Dynamic Signature Service will also be disabled and you will not be protected against the emerging threats.
Looking for more articles on Microsoft Security Essentials?
- Microsoft Security Essentials – What you need to know?
- Microsoft Security Essentials – How to download, Install and Update
- Microsoft Security Essentials – How to Set-up
- Microsoft Security Essentials – Real-time protection, Alert levels and Actions
Note: The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.
It would be nice if they gave you the option within the GUI…but this is easy enough. Maybe if they showed exactly what they were sending it wouldn’t be so bad…maybe a history of what was sent, etc. But instead, they leave it fairly vague and open-ended….
By the way, has it been verified that these settings work and not just illusions?
[...] This post was mentioned on Twitter by Amer Tabsh. Amer Tabsh said: RT @SamerKaram: HOW TO block Microsoft SpyNet Spyware that's built into MS Security Essentials: http://bit.ly/IuSEb [...]
I can’t get past the “edit Permissions”. I have tried running REGEDIT with and without admin rights.
No matter which user name I select, it will not allow me to save the edited permission, so I stand no chance in editing the key value!
Hi, Which version of Windows and what is the error message you are seeing when you click “Apply”?
[...] For privacy reasons, you might want to opt out of the Microsoft SpyNet. Opting out is a very manual process though, with instructions here [...]
It appears this is also part of Windows 7.
Microsoft Spynet is part of Windows Defender in Windows 7, but you have the option not to participate in the program interface itself. No need to hack the registry.
Microsoft once again proves they do not give a damn about their customers privacy.
According to the above item, if you want to opt out of this stupidly-named “spy-net” service, they have made the program become somewhat disabled.
Not only that, but since I installed this on my XP machine, it has caused the machine to freeze up.
I have tried everything to get it to work properly, but it apparently cannot be fixed.
As much as everyone seems to claim it is the best anti-virus program out there, the draconian measures instituted by Microsoft and the inability of the program to function without freezing my machine are going to force me to go back to using Norton Antivirus.
Microsoft simply cannot get it through their thick skulls that USERS WANT TO RETAIN CONTROL OVER THEIR OWN COMPUTERS! They seem to think that because Windows is the dominant OS on the planet, THEY and THEY ALONE know what their customers want, which is absolutely not true.
I refuse to use any product from Microsoft which will not allow me to have control over something I own.
Using their OS is bad enough. Not interested in spending my days in Kernel-land with Linux, or spending too much money on a Mac which will not allow me to upgrade hardware and would force me to learn a new OS.
Therefore I must continue to use Windows. But as much as I would have liked to use MSE for my antivirus, I give this program a big FAIL.
Back to Norton.
To hell with Microsoft Security Essentials.
[...] with this fix. http://www.malwarehelp.org/how-to-bl…ynet-2009.html __________________ E7200 @ 3.9 GHZ New cooler for it to breach the 4.0 GHZ mark. Tropical [...]
You also can’t turn off real-time protection of any kind without the annoying, “your computer might be at risk!” nag, and a RED icon in the system tray. So much for using this as an on=demand scanner. Typical Microsoft, they always know what’s best for their customers.
I’m so glad I just bought a mac (but sorry I still own a PC).
A couple more annoyances with Microsoft Security Essentials: When I installed MSE, the program reactivated automatic updates, which I had set to manual. What’s worse, it apparently changed the security policy to disabled AU access in control panel (greyed out). I had to go into the policy editor (run gpedit.msc) and change the current value of “Remove access to all Windows Update features” to “not configured” to reestablish control on *my* computer.
Nice, huh? You get more than you bargained for when you let Microsoft mess around with your operating system in the name of security.. Not only is it phoning home with possible personal information (they admit as much, read their policy), they also freely change your security policy without asking permission. I have uninstalled MSE.
(I was planning to buy Windows 7 to run virtualized on my Mac. After this latest insult, I think I’ll pirate it. They still owe me for WinME. Cheers.)
kurt, while MSE changes the automatic updates setting behind the user’s back, I have not come across it editing the group policy. The setting “Remove access to all Windows Update Features” remained “Not configured”, atleast on a default installation of Windows XP Pro SP3.