Slashdot Mirror
MS AntiSpyware vs Ad-Aware vs. SpyBot
An anonymous reader writes "Flexbeta.net compares Microsoft's new spyware fighting tool, Windows AntiSpyware, to Ad-Aware and SpyBot S&D; the two leading spyware tools on the market today. The review sets up an infected PC using VMWare Workstation and scans the machine using all three tools to see which tool detects the most spyware. Though still in beta, Microsoft AntiSpyware does an amazing job at detecting spyware by finding twice as many infected files as Ad-Aware and nearly three times as SpyBot."
To be fair, "infected files" is a rather ambiguous notation (perhaps "malicious packages" would be a better way to count things).
I would also feel better if the submitter hadn't been anonymous. Though it's probably not astroturfing.
RD
The Real-Time Protection agent is awesome. It automatically informs you of any changes being made to your current settings; such as if your IE homepage is trying to be changed. It also warns the user if any spyware is trying to be installed.
So it has to be running first. Just what i want my computer to do, run more stuff.
Also, I kinda know when our homepage is hijacked, and this is why i switched to firefox.
Runnin' On Empty
I only took a curory glance at the article before it was /.ed, but I did not see any attempt at analyzing how many of the additional items found by MSAS were false positives. This seems like pretty vital information.
It's kind of like the Mob offering protection services to merchants. They're the problem in the first place!
This kind of protection should already be in Windows, or least, make the OS completely separate from the apps and the data.
You should be able to click on any process running and see complete details as to what it is, why it is running and access it's startup options.
An Ad-Aware/FireFox combination has served my parent's computer well for quite sometime. My father's business exclusively uses the above combination with great results.
Ok, enough of the "MS should do better, they make the holes" comments. If you remember correctly, MS bought this code only a short while ago from Giant Company. About the only thing Redmond has done is repackage and rebranded it.
Entrepreneur : (noun), French for "unemployed"
Wait wait wait! Microsoft is going to charge for their program?
Maybe I haven't been following the story very closely, but that seems like a stupid move. "Our operating system and browser allow this stuff in the first place, now pay us to remove it."
Keeping that in mind, I'll stick with the FREE AA and SB.
Both Ad-aware and Spybot are popular and estabilished, which means that newer spyware/adware knows them, knows how to hide, avoid them or even completely disable them, even if they're frequently updated. So it isn't surprising that MS AntiSpyware performs better now, but that doesn't tell anything about how it will perform in few months from now.
People who like this sort of sig will find this the sort of sig they like.
The MS utility fonud some Dutch porn dialer that was on my system since 2003. AdAware never found it.
But what wowed me were the useful utilities in the "advanced tools". I was finally able to disable a few annoying system tray icons(totally forgetting how to do it in Win2k). I still can't get the Nvidia driver utilities off, but MS is not to blame in that case.
The tracks eraser functionality goes way beyond a simple "url cleaner". You can clear the document history, etc for TONS of apps. I'm wondering when the anti-MS zealots will be yelling that it will be a useful tool for child pornographers(heh).
The GUI is a bit shoddy. I wish I could keep the heiarchial list of stuff when I'm inspecing the startup apps, etc, and there's no + to collapse/expand. Either way, I love the advanced utilities alone, and could probably clean out TONS of spyware, etc if I run this on my dad's PC.
Depends on your definition of "free software", doesn't it?
If someone writes a utility and gives it away, it rarely has spyware in it.
If a commercial or sports site "gives away" some lame "utility" to help you keep track of baseball scores, it usually has spyware in it.
This is not "free software".
I've NEVER seen spyware in GENUINE "freeware".
I frequent porn sites and I rarely even get spyware from THEM since they already know what you want and don't need to spy on you - and mainstream commercial advertisers don't advertise on them because it looks bad, so there is no motivation to put spyware on many porn sites. Of course, there are the lame sites that install overseas dialers and crap like that, but in general you get spyware from lame commercial sites selling crap.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
That's why I'll always be sorry the Democrats didn't stay in power long enough to break Microsoft up. If Microsoft developers were forced to operate in a competitive environment where mistakes actually hurt them, we'd all be better off -- including the former Microsofters.
How about attaching your claria.exe text file to all your outgoing emails, sending your emails out with a subject of "I'm not selling Viagra , Cialis, or Rolex Watches!!!!" and see what kind of false positives you get from anti-spam and anti-virus filters. It's not a precise science, so I'd expect false positives when you make a concious attempt to fool the program.
That's not to say they can't make it more accurate, but they may be trading off accuracy for speed (filename match rather than file signature). If I was designing it I wouldn't be real concerned with trying to correctly deal with bored users trying to fool our program by renaming their important documents to "claria.exe".
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
Maybe the MS product found the Spybot S&D definition file(s). Did you pay much attention to what the MS beta had found before telling it to delete them all?
Indeed. What's worrying isn't that perfectly innocent user behaviour triggers detection. Rather, that string (or even filename pattern-matching) is a dumb way to detect.
Spyware makers will start (if they haven't already) randomizing the filenames, registry keys, etc. Then your anti-spyware software's gotta start doing what it should've in the first place -- something smart.
What's the frequency, Kenneth?