Slashdot Mirror
MS AntiSpyware vs Ad-Aware vs. SpyBot
An anonymous reader writes "Flexbeta.net compares Microsoft's new spyware fighting tool, Windows AntiSpyware, to Ad-Aware and SpyBot S&D; the two leading spyware tools on the market today. The review sets up an infected PC using VMWare Workstation and scans the machine using all three tools to see which tool detects the most spyware. Though still in beta, Microsoft AntiSpyware does an amazing job at detecting spyware by finding twice as many infected files as Ad-Aware and nearly three times as SpyBot."
To be fair, "infected files" is a rather ambiguous notation (perhaps "malicious packages" would be a better way to count things).
I would also feel better if the submitter hadn't been anonymous. Though it's probably not astroturfing.
RD
Not having read the article yet, I do wonder what the scanner reports as spyware in order to get "twice as much results as Adaware" and "three times as much as Spybot".
I'm just sceptical about MS + Anti-Spyware mix.
I think we can keep recursing like this until someone returns 1
Wouldn't the MS product have an unfair advantage... after all, isn't the Redmond crew responsible for a lot of that stuff anyway?
The Real-Time Protection agent is awesome. It automatically informs you of any changes being made to your current settings; such as if your IE homepage is trying to be changed. It also warns the user if any spyware is trying to be installed.
So it has to be running first. Just what i want my computer to do, run more stuff.
Also, I kinda know when our homepage is hijacked, and this is why i switched to firefox.
Runnin' On Empty
I only took a curory glance at the article before it was /.ed, but I did not see any attempt at analyzing how many of the additional items found by MSAS were false positives. This seems like pretty vital information.
It's kind of like the Mob offering protection services to merchants. They're the problem in the first place!
This kind of protection should already be in Windows, or least, make the OS completely separate from the apps and the data.
You should be able to click on any process running and see complete details as to what it is, why it is running and access it's startup options.
An Ad-Aware/FireFox combination has served my parent's computer well for quite sometime. My father's business exclusively uses the above combination with great results.
Ok, enough of the "MS should do better, they make the holes" comments. If you remember correctly, MS bought this code only a short while ago from Giant Company. About the only thing Redmond has done is repackage and rebranded it.
Entrepreneur : (noun), French for "unemployed"
wow :)
On the counter point, *nix is like having 10 fingers but only knowing that 6 of them are there, and then only actually knowing how to use 3 of them.
I'm still waiting for the days of OSX but with windows.... cygwin will have to suffice for now.
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
MS leaves fixes to 3rd party. WAAAA!! why doesn't ms fix their own shit
MS releases patches to fix their product. WAAA!!! this patch broke my already broken system.
MS release tools to detect and fix malicious apps that ruin their product. WAAAA!! a lot of spam companies will go out of business
damned if you do, damned if you don't
did you forget to take your meds?
Wait wait wait! Microsoft is going to charge for their program?
Maybe I haven't been following the story very closely, but that seems like a stupid move. "Our operating system and browser allow this stuff in the first place, now pay us to remove it."
Keeping that in mind, I'll stick with the FREE AA and SB.
I think you have a problem that you should deal with. I have dealt with my M$ problem. I just do not use their crud. No crud, no spyware, no problem.
Both Ad-aware and Spybot are popular and estabilished, which means that newer spyware/adware knows them, knows how to hide, avoid them or even completely disable them, even if they're frequently updated. So it isn't surprising that MS AntiSpyware performs better now, but that doesn't tell anything about how it will perform in few months from now.
People who like this sort of sig will find this the sort of sig they like.
The MS utility fonud some Dutch porn dialer that was on my system since 2003. AdAware never found it.
But what wowed me were the useful utilities in the "advanced tools". I was finally able to disable a few annoying system tray icons(totally forgetting how to do it in Win2k). I still can't get the Nvidia driver utilities off, but MS is not to blame in that case.
The tracks eraser functionality goes way beyond a simple "url cleaner". You can clear the document history, etc for TONS of apps. I'm wondering when the anti-MS zealots will be yelling that it will be a useful tool for child pornographers(heh).
The GUI is a bit shoddy. I wish I could keep the heiarchial list of stuff when I'm inspecing the startup apps, etc, and there's no + to collapse/expand. Either way, I love the advanced utilities alone, and could probably clean out TONS of spyware, etc if I run this on my dad's PC.
That's a load of crap, Microsoft bought this product, not develop it in house. All products Microsoft buys are great products - Visio, NT, DOS, (the list goes on and on) but they end up ruining them in a few years.
First, it's because you read "1" as "4" (reread your own post, you even quoted it properly). Second, it's because Adaware and spybot count the infections differently (and find different ones), thus the ones found by MSAS afterwards vary.
Basically, it's apples and oranges.
Depends on your definition of "free software", doesn't it?
If someone writes a utility and gives it away, it rarely has spyware in it.
If a commercial or sports site "gives away" some lame "utility" to help you keep track of baseball scores, it usually has spyware in it.
This is not "free software".
I've NEVER seen spyware in GENUINE "freeware".
I frequent porn sites and I rarely even get spyware from THEM since they already know what you want and don't need to spy on you - and mainstream commercial advertisers don't advertise on them because it looks bad, so there is no motivation to put spyware on many porn sites. Of course, there are the lame sites that install overseas dialers and crap like that, but in general you get spyware from lame commercial sites selling crap.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
That's why I'll always be sorry the Democrats didn't stay in power long enough to break Microsoft up. If Microsoft developers were forced to operate in a competitive environment where mistakes actually hurt them, we'd all be better off -- including the former Microsofters.
Also, it reported with glee that TightVNC is a dangerous hacking tool. I happen to use it to help out people, exactly the kind of people who are likely to remove it if AntiSpyware complains about it (e.g. my mom).
It reported RealVNC as "Commercial Remote Control Product" with a danger meter of 50%. Since I know I run RealVNC, I said "always ignore this". It won't show up in the hits again. But I would imagine there are people out there who have VNC installed on their systems by someone who spies on them (untrusting boyfriend perhaps?) so why shouldn't those people be warned? If they have VNC for a good reason (like you and I do) they can easily exclude it from future hits.
I also got a complaint about some eDonkey registry keys. I am not sure I ever ran eDonkey, perhaps it's because eMule registers itself to handle eDonkey links. I also said to ignore this always, so it won't show up again.
I see both of these as valuable features. There are people out there who may not know they have VNC installed, and there are people out there who may not know eDonkey has adware (or whatever the problem is) - those people should be warned of this. We can easily ignore the information and make it not appear in the future.
Also, its on-access scanner (for want of a better word) comes with an enormous performance hit, and is mostly concerned with Internet Explorer hacks. Those are a minor concern for me since I use firefox
So turn off the real-time checks.
Ecce Europa - Web Design for Business
How about attaching your claria.exe text file to all your outgoing emails, sending your emails out with a subject of "I'm not selling Viagra , Cialis, or Rolex Watches!!!!" and see what kind of false positives you get from anti-spam and anti-virus filters. It's not a precise science, so I'd expect false positives when you make a concious attempt to fool the program.
That's not to say they can't make it more accurate, but they may be trading off accuracy for speed (filename match rather than file signature). If I was designing it I wouldn't be real concerned with trying to correctly deal with bored users trying to fool our program by renaming their important documents to "claria.exe".
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
Maybe the MS product found the Spybot S&D definition file(s). Did you pay much attention to what the MS beta had found before telling it to delete them all?
I'd agree with the first part of your point.... but when you go on the political rant by saying "you'll always be sorry the Democrats didn't stay in power long enough to break Microsoft up" - you lose me.
Why can't people get it through their heads that Microsoft's problems are part of the natural course of free-market economics? They didn't start out a huge business, placing their OS on everyone's computer. They *earned* that position through superior marketing and business deals. Now that they've become so huge, they're running into the problems that ALWAYS plague the "top dog" in a given market. They start slipping... failing to innovate, and resort to buyouts of other people's products. The mistakes they made years ago (bugs in products, security holes, etc.) come back to haunt them 10x over, because their products are in use by so many people now. The old "too many cooks spoil the soup" addage comes into play, because too many hands are involved in the production/updates of their software products.
Eventually, Microsoft will become a recipe for failure from the *inside* - and someone with more competitive edge will emerge as a new market leader. There's no need for Democrats to break this business up, and frankly, suggesting it's the "best way" to handle the problems they've caused seems truly un-American to me.
The democraps were in power the entire time Microsoft was growing into a monopoly, if they were so concerned about it they should have done something then instead of retailiating when MS didn't pay them off like their competitors did.
It's no surprise that Microsoft is better at detecting spyware, most of it is their fault.
-----
Without a God, life is only a matter of opinion.
--Douglas Adams
Indeed. What's worrying isn't that perfectly innocent user behaviour triggers detection. Rather, that string (or even filename pattern-matching) is a dumb way to detect.
Spyware makers will start (if they haven't already) randomizing the filenames, registry keys, etc. Then your anti-spyware software's gotta start doing what it should've in the first place -- something smart.
What's the frequency, Kenneth?
- Apparently they're not interested in bringing pirates into the MS fold, it only runs on "authorized" installations. Hmmm..
- It asks me if I want it to run at 2 AM, I click "no", then later it reports it's set to run at 2AM. Hmmm....
- I click on Manage 2AM runs, and I see no option to turn them off. If you deselect all runs, it complains that you havent selected any runs. Hmmm...
- Screen is a dog's breakfast:
- non standard panel borders that trail off, looking like a bad screen update.
- The app name appears several times, in different fonts and sizes. One instance is clickable, and takes you to an unexpected summary page. The next text isnt.
- There's a cacophony of active items. There's menus. There's clickable text. There's a separate area on the top right with BOTH icon-like things and clickable text.
- If you click on the things in the upper right, it immediatel;y and irrevokably cancels the current scan. Nice. Not only does it do something unexpected, it doesnt even ask if you want to do it, and you can't back out or continue. Sweet.
- Like many of these thingies, it feels it has to put up the name of every file it is scanning, and update the file totals. And run a dumb little static animation that really makes no sense, as it isnt moving files at all. This is not only useless and misleading information, it slows down the scanning process, especially with older video cards.
- It did find one registry key, but AFAICS it doesnt bother explaining what it is and what the ramifications are. And the button to remove it is inadequately labeled "Continue", which requires some extra text by it explaining what it really does.
I wouldnt call this a Beta, I've seen better preliminary prototype mock-ups.That's why I'll always be sorry the Democrats didn't stay in power long enough to break Microsoft up.
And yet, it was under the Democrats that we got the DMCA.