Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

How to block Microsoft SpyNet

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg | del.icio.us

Microsoft Security Essentials

Microsoft Security Essentials is the latest avatar of Microsoft antispyware. It is a signature based free antimalware software that can be used to protect your system against potential threats, such as viruses, spyware, and other potentially unwanted software.

Microsoft Spynet

When you first install Microsoft Security Essentials you agree to become a part of this unfortunately named community of Windows Defender and Microsoft Security Essentials users. Microsoft SpyNet helps Microsoft in differentiating a malware program from a legitimate program based on inputs automatically collected from the Microsoft SpyNet members.

There are two types of memberships basic and advanced. As a basic member -which is the default- your copy of Microsoft Security Essentials “sends basic information to Microsoft about software that Microsoft Security Essentials detects, including where the software came from, the actions that you apply or that Microsoft Security Essentials applies automatically, and whether the actions were successful. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or to contact you.”

An advanced member sends more information in addition to what is stated above and again “in some instances, personal information might unintentionally be sent to Microsoft.” Microsoft Security Essentials also collects standard computer information, which includes information about your computer software and hardware, such as your IP address, operating system, Web browser software, and version.”

There is no option not to participate in the SpyNet community. Microsoft Security Essentials privacy policy confirms that “to continue using Microsoft Security Essentials, you will need to remain a member of this online community.”

The mandatory enrolling of members in the SpyNet community makes many people to see red and seek ways to disable Microsoft SpyNet without losing the functionality of Microsoft Security Essentials.

Blocking Microsoft SpyNet without losing functionality

According to Microsoft documentation “The online Microsoft SpyNet community helps you see how other people respond to software that has not yet been classified for risks. You can use this information to help you choose whether to allow this software on your computer. In turn, if you participate, your choices are added to the community ratings to help other people decide what to do. ” The community also helps stop the spread of new infections.

This means that if you block Microsoft SpyNet your choices in rating the programs that you run are NOT added to the community while you use other people’s choices to respond to potential threats. If you really want to do this, proceed further.

There are two ways to go about this. One is through editing the registry and the other is by entering couple of entries to your hosts file.

Block Microsoft SpyNet by editing the Registry

All caveats about editing the Windows registry apply here. Before you edit the registry, export the keys in the registry that you plan to edit, or back up the whole registry. How to back up and restore the registry in Windows

Type regedit in the run command box and press enter to open the registry editor. Navigate and select the following key on the left pane:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet

microsoft spynet1 How to block Microsoft SpyNet

Now Click on the Edit menu and click Permissions to open the Permissions for SpyNet settings box. Select your user name in the Group or user names and check mark the box Full Control to Allow editing of this key. Note that this maneuver will give the selected user full control over the SpyNet key only.

microsoft spynet2 How to block Microsoft SpyNet

Click Apply and OK your way out. On the right pane of the registry editor, right click SpyNetReporting and click Modify.

microsoft spynet3 How to block Microsoft SpyNet

Change the Value data to 0 for no membership to Microsoft SpyNet.

  • A value of 1= Basic Membership
  • A value of 2= Advanced Membership

If you are successful in changing the value to 0, your Microsoft SpyNet screen in Microsoft Security Essentials should look like this:

microsoft spynet4 How to block Microsoft SpyNet

Note both the boxes remain unselected.

Block Microsoft SpyNet using the hosts file

Microsoft Security Essentials and Windows Defender both use the following domains to communicate with Microsoft:

  • spynet2.microsoft.com
  • spynettest.microsoft.com

Add the following lines to your hosts file to blackhole the communication:

  • 127.0.0.1 spynet2.microsoft.com
  • 127.0.0.1 spynettest.microsoft.com

It doesn’t affect the virus and spyware definitions update as Microsoft Security Essentials uses Automatic Updates/Windows Updates for updates.

Did this work for you? Should we block Microsoft SpyNet? or do you think every user should participate in the Microsoft SpyNet online community keeping in mind the larger scheme of things to minimize the number of unprotected PC’s?

Are you paranoid enough to try both the fixes?

Update 08 Oct 2009 – According to Aaron Hulett | Microsoft Malware Protection Center “if you disable SpyNet, you’ll also disable Dynamic Signature Service” Re: Microsoft confirms Security Essentials to be released 9/29 – dslreports.com.

Dynamic Signature Service is a mechanism used by Security Essentials to query a designated server for signatures when it detects an unknown program. If it finds the signatures match a known malware, it downloads the signatures and removes the offender. On the other hand if the offending programs’ signature appears new, then the DSS may request a sample code from the client machine to create new signatures.

To put it in simple terms, this means that if you decide to opt-out of the Microsoft Spynet, Dynamic Signature Service will also be disabled and you will not be protected against the emerging threats.

Looking for more articles on Microsoft Security Essentials?

Note: The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.

You may also like to read



{ 18 comments… read them below or add one }

John October 2, 2009 at 6:52 PM

It would be nice if they gave you the option within the GUI…but this is easy enough. Maybe if they showed exactly what they were sending it wouldn’t be so bad…maybe a history of what was sent, etc. But instead, they leave it fairly vague and open-ended….

By the way, has it been verified that these settings work and not just illusions?

Reply

Mike November 19, 2009 at 3:27 PM

I can’t get past the “edit Permissions”. I have tried running REGEDIT with and without admin rights.

No matter which user name I select, it will not allow me to save the edited permission, so I stand no chance in editing the key value!

Reply

Shanmuga November 19, 2009 at 4:33 PM

Hi, Which version of Windows and what is the error message you are seeing when you click “Apply”?

Reply

Anonymous November 28, 2009 at 1:37 AM

It appears this is also part of Windows 7.

Reply

Shanmuga November 28, 2009 at 7:28 AM

Microsoft Spynet is part of Windows Defender in Windows 7, but you have the option not to participate in the program interface itself. No need to hack the registry.

Mr. Anon December 27, 2009 at 3:30 AM

Microsoft once again proves they do not give a damn about their customers privacy.

According to the above item, if you want to opt out of this stupidly-named “spy-net” service, they have made the program become somewhat disabled.

Not only that, but since I installed this on my XP machine, it has caused the machine to freeze up.

I have tried everything to get it to work properly, but it apparently cannot be fixed.

As much as everyone seems to claim it is the best anti-virus program out there, the draconian measures instituted by Microsoft and the inability of the program to function without freezing my machine are going to force me to go back to using Norton Antivirus.

Microsoft simply cannot get it through their thick skulls that USERS WANT TO RETAIN CONTROL OVER THEIR OWN COMPUTERS! They seem to think that because Windows is the dominant OS on the planet, THEY and THEY ALONE know what their customers want, which is absolutely not true.

I refuse to use any product from Microsoft which will not allow me to have control over something I own.

Using their OS is bad enough. Not interested in spending my days in Kernel-land with Linux, or spending too much money on a Mac which will not allow me to upgrade hardware and would force me to learn a new OS.

Therefore I must continue to use Windows. But as much as I would have liked to use MSE for my antivirus, I give this program a big FAIL.

Back to Norton.

To hell with Microsoft Security Essentials.

Reply

kurt January 5, 2010 at 11:17 AM

You also can’t turn off real-time protection of any kind without the annoying, “your computer might be at risk!” nag, and a RED icon in the system tray. So much for using this as an on=demand scanner. Typical Microsoft, they always know what’s best for their customers.

I’m so glad I just bought a mac (but sorry I still own a PC).

Reply

kurt January 6, 2010 at 3:47 AM

A couple more annoyances with Microsoft Security Essentials: When I installed MSE, the program reactivated automatic updates, which I had set to manual. What’s worse, it apparently changed the security policy to disabled AU access in control panel (greyed out). I had to go into the policy editor (run gpedit.msc) and change the current value of “Remove access to all Windows Update features” to “not configured” to reestablish control on *my* computer.

Nice, huh? You get more than you bargained for when you let Microsoft mess around with your operating system in the name of security.. Not only is it phoning home with possible personal information (they admit as much, read their policy), they also freely change your security policy without asking permission. I have uninstalled MSE.

(I was planning to buy Windows 7 to run virtualized on my Mac. After this latest insult, I think I’ll pirate it. They still owe me for WinME. Cheers.)

Reply

Shanmuga January 6, 2010 at 7:49 AM

kurt, while MSE changes the automatic updates setting behind the user’s back, I have not come across it editing the group policy. The setting “Remove access to all Windows Update Features” remained “Not configured”, atleast on a default installation of Windows XP Pro SP3.

Reply

bigsky March 1, 2010 at 3:57 PM

I installed Microsoft Security Essentials, then ran the update feature while I went out for awhile. When I came back, not only had it updated, but it “upgraded” Windows Update to Microsoft Update without asking me, which I had not done on this machine because I didn’t want it. As far as I know, there is no way to reverse this. This is extremely intrusive.
As far as the whole “SpyNet” thing goes, what a load of garbage that to use their “free” antivirus/antimalware they jam an anti-privacy feature down your throat.
I’m doing a fresh install of Windows and not going to install Microsoft Security Essentials again. They really think they own anything that runs Windows, don’t they?

Reply

perm April 7, 2010 at 6:32 AM

@Mike, under permissions, click advanced instead of giving full control to your current username. Then add yourself as the owner with full permissions from there.

Reply

Kermonk September 2, 2010 at 4:59 AM

Well, as that dude said – you can just switch it if on the control panel.

Perhaps you couldn’t when the article was written.

Reply

cr4zyu October 5, 2010 at 5:15 AM

“Spy-Net” the name says it all. If you choose to voluntarily give up/ reveal your personal information in this ‘day and age’ you’re nuts. History recounts that “Papers please?” was a standard demand of enforcement authorities everywhere you went in Nazi Germany circa WWII. What a bunch of “twits” the world has become. The New World Order will soon ‘set us straight’ with zero alternatives for anything like personal freedom/ choice. That worldwide TV hit, Big Brother was more than just a game show, it was social conditioning, the, ‘get used to it’/ ‘you will like this intrusion’ brain massage. Then came thousands more city cameras, biometric ID technologies, auto number plate detection, etc, etc. What’s wrong privacy? The fact that it is, that’s all! This crap about, “If you have nothing to hide you have nothing to worry about” presupposes benevolent government. Times change; people do and so do political climates. Global political change is what the propaganda of climate change is all about. “History” tells every generation that ever forgets – history. Screw Microsoft Security Essentials. I’m uninstalling and using a commercial product. ‘Spy-Net’ like all other digital data gathering, will be readily/ easily commandeered when the ‘climate is right’. “The price of freedom is eternal vigilance”… yada, yada.

Reply

2ply November 17, 2010 at 3:20 AM

Security Essentials doesn’t appear to do anymore than Windows Defender already did, seems like they just repackaged WD to include the “spy-net” feature, so I just uninstalled it and left WD as it was.

Reply

2ply November 17, 2010 at 3:23 AM

Er.. forgot to mention I uninstalled because no matter what I did it wouldn’t allow me alter anything in it’s registery, couldn’t even set administator to allow changes, so just went to control panel and uninstalled it.

Reply

Barry December 16, 2010 at 1:33 AM

Create this file with the name spynetfix.reg and run it
————————————————————–
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet]
“SpyNetReporting”=dword:00000000
————————————————————–

Reply

Mikey2 February 6, 2011 at 11:38 AM

FYI you can now fully Opt-Out of SpyNet straight from the GUI

I don’t understand what all of you are whining about. I have used practically every Anti-Virus program out there and essentially *all* of them have similar “Spy”/group functionality options. (e.g. ESET’s Threatwork Alliance, AVG Community Protection Network etc…)

Mr. Anon and others: If you think that “forced conformist functionality” is bad at Microsoft, you should stay FAR away from anything made by Apple. (They are so strict, even with their iPhones, that many users “Jailbreak” their phones just so they can use them freely without every single app use and played song not under the big-brother eyes of Apple.)

Furthermore, I am sorry to say that the entire world is moving in this direction: From Facebook farming statistics based on your actions/sign-ups, to cable/satellite companies recording everything you watch, to GPS-phones that can be monitored by anyone, to the over 50% of employers who really do record everything you do on your computer… The loss of our “freedom” and anonymity is a fact that almost intrinsically goes along with new innovations. I’m not saying I love it, but this is a clear case of needing to let go because there is nothing that can be done about it…

…And besides, it is arrogant to assume that Microsoft or any other company really cares about what you as an individual does. I’m an engineer that once worked on a metrics-mining project: macroscopic trends were the only thing we were interested in. (And yes, I know that it is obvious that you guys are trying to hide illegal software – even then it is not even close to cost-effective to actually prosecute on a case-by-case basis. Even the infamous Napster case only went after 0.001 percent of users simply as a scare tactic.)

In short – trust me, you are not that important! If you cannot grasp this nor accept this, well good luck living in the 21st century…

Reply

me April 13, 2012 at 8:49 AM

and why do you suppose you can now change it from the GUI?? – because people complained and worked around it.
as for .001 percent – how many people is that, i’m certain the “.001% people” are heartend to know they count as “only”
as for not being interested in individuals that just means YET if you become inconvient or somthing is wanted of you someone you know see how fast any collected info on you and yours is collated.
ok – it’s the way things are going, i’m sure the “well everone was doing it” defense works well at war criminal trials as well. If everyone behaves like you and does nothing but “stop whining and get used to it” we’ll all be really happy on animal farm.
all people think it only happens to someone else until it happens to them and by then it’s too late- civilised society should always stand up for others, lest they become others.

Reply

Leave a Comment

{ 3 trackbacks }

Previous post:

Next post: