Slashdot Mirror
MS AntiSpyware vs Ad-Aware vs. SpyBot
An anonymous reader writes "Flexbeta.net compares Microsoft's new spyware fighting tool, Windows AntiSpyware, to Ad-Aware and SpyBot S&D; the two leading spyware tools on the market today. The review sets up an infected PC using VMWare Workstation and scans the machine using all three tools to see which tool detects the most spyware. Though still in beta, Microsoft AntiSpyware does an amazing job at detecting spyware by finding twice as many infected files as Ad-Aware and nearly three times as SpyBot."
Microsoft knows what holes they have in the OS better than anyone else. They just don't bother to fix them in a timely fashion because it's not profitable The anti spyware isn't really a change in direction for them if you think about it. They are still applying a band-aid to the problems rather than a real fix.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
and apparently their detection of license keys has greatly improved... my key is invalid.
Anyone else have this problem using their obscure key of choice? SP2 installed fine a few months ago.
I don't read or respond to AC posts
A lot of people, especially on the popular antispyware forums, have simply decided that Spybot and AdAware are the best that there can possibly be, and anything that differs from them in bad.
I liked how it politely asked if I wanted to validate Windows
"Before obtaining the requested download, please take a moment to validate your genuine Microsoft Windows installation. Validation assures that you are running an authentic and fully-licensed copy of Windows. Validating now will enable faster access to genuine Windows downloads upon future visits to the Download Center. Please see the Why Validate? page to learn more about the Windows Genuine Advantage program and why validation is recommended."
Obviously clicked no.
I personally installed MS's new tool last night on my laptop and admittedly it did find more than Spybot, Ad-Aware or even a nifty one I sometimes use, SpySweeper. I can say that MS has come up with a winner.
Although, along with the real spyware, it found some "Adware Bundlers" such as KazaaLite, E-Mule and even TightVNC. This may mean that some of the claims of "twice or three times as many spyware files" should be taken with a grain of salt.
Check out the spyware video (https://www.microsoft.com/athome/security/spyware /video1.mspx)
and they'll explain you why M$ products are a piece of crap, it's quite funny how they manage security bugs to launch a new product.
Based on my experiences there's not much to choose from between Spybot and Ad-Aware, and I haven't really worked out where the MS/Giant program fits yet. Some programs that are missed by Ad-Aware get picked up by Spybot and vica-versa, so I'd expect there to be a few new things to be found by the MS effort. What worries me most is that discrepency between Spybot and Ad-Aware; I've never seen that kind of gap between the two in either direction. I suspect that inadvertantly or intentionally the selection of spyware installed on the testbed virtual PC may have been slightly biased.
UNIX? They're not even circumcised! Savages!
Amen to that.
Also, they bought Giant Antispyware, and christ on a crutch does that thing do a hell of a lot of false-positives.
I rennamed a textfile something like claria.exe and that thing started screaming immediately that bad people were trying to take over my life.
So seriously, I couldn't care less.
I enjoy large posteriors and I cannot prevaricate.
I doubt MS has done many changes to the code other than cosmetic and feature removal (since the features were provided elsewhere in Windows). Giant's software was already well-known for identifying things that Adaware and Spybot missed.
I, for one, welcome our new anti-spyware overlords.
Seriously.
Yes, it would be better if all the security holes in M$ SW were fixed but guess what: they're not gonna be fixed tomorrow. A good anti-spyware tool is sorely needed. I've cleaned a large number of home and office computers using a number of anti-spyware tools and frankly none of the cut it. At best, some of them suck a little bit less than the rest. I find that at least 3 separate tools are needed to find, clean and keep clean a normal luser's puter. If M$ can come up with a tool that is efficient, free and automagically upgradeable I'd sure as hell cheer.
SIG: TAKE OFF EVERY 'CAPTAIN'!!
Ok, I know spyware/adware/viri are a blight on our wonderful internet but here's what I find fascinating about them:
Computers are becoming analogous to small ecosystems. In my mind I often compare the idea to leaving a loaf of bread in my back yard to connecting a fresh windows XP install to a cable modem, maybe surfing a few shady websites and letting it sit for a few months.
In my backyard all kinds of organisms will appear to utilize the bread's resources, birds, insects, bacteria, mold, and who knows what else. And also on this hypothetical computer again all kinds of organisms will be drawn to use up all of the computer's resources (processing/bandwidth) including spyware, adware, virii, worms, etc. I just find it really fascinating how a natural phenomenom like this is finding its way into a manmade system like the internet.
My prediction along these lines is that we're going to see some amazing instances of AI coming from these 'weeds' of the internet (spyware,virii, spam, etc) since they're most 'organic stuff' in the internet system.
Discuss, discuss. (I hope I could express this idea well enough, the analogy seems so clear to me.)
I tried it. I found this particular interesting: Box: Compaq P4 2ghz 256mb memory XP SP1 on a Corp. net (yes I know, but some of our in-house apps fail under SP2): Fairly clean already machine with Adaware and Spybot already loaded. I downloaded the Microsoft beta and ran it. Many minutes later it reported a passle of stuff. Like with Adaware and Spybot I said "Ok dump it all" turned off the All time protection feature, said no to all the "Do you want me to be intrusive and make all your decisions for you?" typical Microsoft crap (didn't matter, it loaded itself anyway), then, and this is the curious part: I ran Spybot. It ran in 2 seconds flat. Say What? So I downloaded a NEW spybot and installed it. It then did a normal several minutes run and found a few chunks I said go ahead and dump. Does the M$ product consider Spybot....spyware?
- Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.
The first Ad-Aware scan revealed 1309 infected objects and a second scan immediately after a reboot resulted in 291 more infected objects reported. After removal of those objects, we ran Microsoft AntiSpyware Beta. AntiSpyware's scan revealed a whopping 1,877 infected files left over by the Ad-Aware not to mention the nearly 3,000 registry locations infected. One of the files which Ad-Aware failed to detect was WinTools which is suspected to be a Trojan with a maximum threat level.
It was time to pin Microsoft AntiSpyware against SpyBot S&D by first scanning with SpyBot then checking to see how many files SpyBot had left behind. SpyBot's initial scan resulted in 358 "problems" detected. After running SpyBot a second time to make sure it did not report any other "problems", we ran Microsoft AntiSpyware. AntiSpyware was able to detect 659 infected files on the machine with 2.223 registry keys infected.
So, to begin, Ad-Aware found 1,600 infected elements total. AntiSpyware found 4,877 more. Total: 6,477
SpyBot finds 358. AntiSpyware finds 2,882 more. Total: 3,240
Can anyone explain this? Even if the programs are giving false positives on spyware (and, considering that even having malicious spyware installed, 6,000+ detected compromised elements makes false positives almost a promise rather than a hunch), why would AntiSpyware inconsistently return false positives depending on what program scanned the PC first? Doesn't make any sense at all.
Running this on my parents' PC, I find that it has, in fact, found spyware that neither adaware nor spybot has found.
Only problem is that it's TightVNC. I can understand that -- I mean, someone could use that to access your computer! The weird thing is, it didn't flag Remote Assistance as spyware. Totally missed it.
I think I'll submit a bug.
I have to give credit to Microsoft purchasing the company who made this AntiSpyware program. Yesterday I went to a client site and their server got infected (surfing on a naughty site I'm sure) and AdAware and Spybot removed a few but the machine was still hosed. I was unable to double click on any icon on the desktop - I would get a GPF. I went in safe mode with networking, downloaded the MS AntiSpyware tool, went in regular mode to install it (LUCKILY that worked, not sure why), went back in safe mode to run the tool, and it wiped out over 20 different spyware signatures and over 100 files, much more than either of the other tools. After a few hours, the machine was running perfectly with the icons allowing to be double-clicked on.
I just ran it on my system and got 0 infected files; so it's probably not jus padding itself for the sake of padding itself. (I don't install lots of crap, so I'm not surprised it didn't find anything.)
paintball
It detected my "TightVNC" installation as possible spyware, but didn't say anything about the Windows Terminal Services service running ....
I just attempted to install Microsoft AntiSpyware on a machine from which Internet Exploder had been mostly removed via the utility Win98 Lite. It refused to install, insisting upon the presence of Internet Exploder 6. The machine in question uses Mozilla, with which we're quite happy. It appears that Microsoft is tying yet another product to the use of Internet Exploder 6, probably in violation of the recent DoJ Consent Decree. Will the Bush Justice Department do anything?
Linux will succeed becuase you have many groups contributing to computing some free some not so free but it creates a economy around it of sorts.
Microsoft however cant stand for some reason to be the OS that great things are built on like Linux can and is being today. They try to take their OS and adapt and squeeze out what they consider competition. Then they take the products that other companies make to run on Windows such a Ad-Aware, Norton Antivirus, Lotus Notes and a myriad of other programs out there and try to build them into Windows. Netscape employeed people who designed, maintained, and supported their browser. Microsoft rolled out IE and tied it into their OS sparking a controversy that eventually landed it in court. Yes the consumer has suffered but what about those Netscape employees? Did Microsoft give them jobs making IE better and supporting it? Hardly those guys were muscled out of the marketplace. Now I'm sure they got jobs elsewhere but what and where are they doing things.
This can go for any number of companies that are threatened becuase Microsoft refuses to make windows as good and secure as it can be they only want to add the next cool feature into their OS.
Symantec, Mcaffee, Real, and many other companies employ many good people with ideas and not just the engineers and software hackers, there are secretaries, janitors, and guards that also are employeed and probably buy Windows. Once they lose their jobs becuase Microsoft muscled their company out of business then they probably wont be buying as many computer products anymore.
Thus Microsoft sits there and kills their own bottom lines.
Of course were all eventually damned in that robots and smart computers will replace our jobs. Just look at those poor bastards that are being replaced in the Toyota autoplants here soon. This will spread to all auto makers across the world and it will not stop there. Productivity increases due to these robots will put strain initally on supply lines becusae those humans cant keep up and then one company will pick up the slack by having robots do that portion of the work and other companies will have to do so to keep up.
From there it's basically a self feeding reaction that eventually will nullify every job we have or can move to in the next 50-100 years.
Oh and governments would step up to help you?
It used to be pretty easy to get rid of spyware.
0. Get all Windows updates, patches, etc.
1. Get both programs (Spybot and Adaware)
2. Update both via downloading the newest signature files.
3. Reboot in safe mode. (press F8, etc.)
4. Run both programs.
5. Optionally open msconfig (not available in Win2K) and/or regedit and check to see what is still running and track down each item at http://www.pacs-portal.co.uk/startup_index.htm or similar.
6. Reboot.
7. Optionally take a look to see if any items you removed in step 5 recreate themselves.
8. Optionally install firefox, etc.
Heh heh. Re-reading this makes it seem not so easy, but everything is easy when you know how.
I have noticed newer spyware variations doing two VERY BAD THINGS.
1. Preventing adaware, spybot, norton, etc. from working. Via the hosts file or otherwise.
2. Modifying system files so that they can not be removed. I turned one friend's computer (running XP) into a paperweight. Because the program was manipulating winlogon.exe. Adaware removed it and the computer would logout every time you tried to logon. I had to extract the file from an XP boot disk.
OK. So the point of this post was that since Microsoft knows their files the best, one would assume they could check file checksums and file dates, etc. and prevent these sorts of shenanigans.
They have had a program called System File Checker sfc.exe since the windows 98 days. I always thought an adaware program combined with this would be nice.
Although I have never figured out how these spyware programs can circumvent "system file protection" when it is a royal pain for US to do so.
Another useless application...
...
:)
If Windows were to ASK the user during startup what services and programs to autostart (except for the well known and checksummed original, MS, services), most of the spyware wouldn't even start!
Some will say that users will answer "yes, start that too" to all programs, but that's mostly depending on the GUI used for the asking process:
* Perhaps all processes/services should by default not start automatically
* Each have a (short) warning text.
* Only one place for all autostarts! Not HKLM, HKCU, Startup,
* Figure out more stuff here yerselves... I don't work at MS and I don't want to invent stuff for them for free!
Since most users believe that they need to buy a new computer because the old one is slow, but it's due to spyware (are Intel/MS supporting the spyware creators to increase sales?), which clings to the OS like a spider in all of it's autostart places...
I have 1 Gbps Internet access@home
To be fair to Microsoft, their software picked up things on my PC which I knew were "dubious", but I knew were safe (e.g. Kazaa Lite as opposed to Kazaa, etc).
It's obvious that this software is aimed towards the uninformed masses in the same way SP2. I'd wager that most non-techie people barely know what spyware is, let alone how to find spyware-free "lite" versions of software, assuming they exist.
Also, the real time agent kicks serious ass. I'm amazed that people have even tried to criticise that (simply because its MS) by saying "oh great, yet another TSR program to run in the background, way to go M$!". When I installed the latest Sun JVM it informed me that a Browser Helper Object was installed and that it was "safe". A nice touch.
In other news, how come there hasn't been a front page story on these serious flaws in Mozilla and Firefox ? Double standards? I'm all for bashing MS when appropriate but lauding every single IE flaw with a seperate story and ignoring something like this doesn't exactly paint the site as unbiased.
I'm cleaning up a clients laptop, and decided to use the new microsoft spyware beta. I ran it first:
5 infected files
1 threat (real vnc)
Then I ran spybot after running the microsoft program:
12 files found
including valueclick
advertising.com
avenue a, inc
double click
DSO exploit
fastclick
mediaplex
and finally I ran adaware:
25 critical objects found
All of these programs had the signatures updated. Spybot and adaware collectively caught 37 more files than the microsoft beta did...
But it is still in beta I guess.
"Sometimes the most intelligent statement is the one that is left unsaid"
In any case, I uncheked the "install real time protection agents" option during installation, but after running the scan I ran through the options to see what other features it had. Surprise, RTP was enabled. Oh the irony of MS AntiSpyware behaving in the same shady fashion as Spyware apps. ;)
So if you do install it but don't want the RTP agents, make sure you hit up the options before quitting.
Freedom to fear. Freedom from thought. Freedom to kill.
I guess the War on Terror really is about freedom!
I just downloaded it and ran it and it did the same thing to me. Just about everything was re-enabled after I specifically un-checked it during the install.
It also made my PC run slower than before.
It found VNC as "spyware", but it set the "remove/ignore" option to "ignore" so that wasn't so bad.
Other than that, it didn't find anything. But I run FireFox with adblock and both spybot and ad-aware so I wasn't expecting anything to show up.
I've uninstalled Microsoft's anti-spyware and it left the directory and log files on my PC without giving me any uninstall warnings.
What I would like to know is, is the Microsoft version finding the same spyware in diffrent locations or finding diffrent types of spyware in the same locations? The reason I bring this up is for Microsoft to beat evreyone else by a factor of two just doesn't sound right. Not that it can't be done just that is was done.
The second case would be a factor of R&D which if confirmed that the detection does exist does prove a superior product.
Alternatively if the Microsoft product is finding more because they know exactly where the OS weaknesses are then that is an odd situation. Wouldn't that indicate that they know about these problems and instead of incorporating it into the OS they would charge you for them? That would also mean that those problems detected by the scanner will *not* be incorporated into the OS because it would come as a hotfix rather than in a def file.
I think this kind of software will do more to show the tigers true stripes then sell a new product. Maybe not today but eventually people will start to ask why.
2 more cents
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
Whether you think the anti-trust case was a good idea or a bad one, you have to concede that Microsoft might well have been broken up by now if Al Gore had won the election. Pointing out that fact doesn't make me a partisan.
Again, your memory needs refreshing. MS's dominance of the OS market is pretty much an accident. That actually got into the business against their own will. They wanted to sell development tools for the new IBM PC, but that meant that IBM had to adopt an OS those tools would run on. Which is why they steered IBM to CP/M. When that fell through, they hurriedly licensed a CP/M clone from Seattle Computer Products, which became the basis for MS-DOS.MS-DOS is one of the biggest abortions since the rise of modern technologies (find me a single OS expert who will give it high marks). Yet its very flaws created such a high level of lockin with the PC platform itself -- which was also pretty flawed. Since compatibility soon became the name of the game, clone computers had to reproduce all of IBMs mistakes. And since their biggest mistake was choosing MS-DOS, computer makers ended up paying a tithe to Bill for every box they sold.
But even if you were correct, and Bill achieved his success by technical brilliance and plain good business -- so what? He got his reward when he became the richest dude on the planet. He did not earn the right to destroy the very marketplace that made him rich. Microsoft's role in the current marketplace is bad for all of us -- including Microsoft. Calling me ideological names isn't going to change that.
It also felt the need to alter my hosts file for me. It didn't like the fact that I had "ads.msn.com" pointing to 127.0.0.1 (as well as over 100 other ad domains; the only one it cared about was MSN!)
A preposition is a terrible thing to end a sentence with.
I stopped using SpyBot & Adaware a long time ago.
They're most admirable projects, however, neither are comprehensive.
Often times, you have to run both to try to remove something, and there is still spyware installed.
Neither offers a preemptive system either (filtering web, watching the registry etc)
The *most* comprehensive program I have found is webroot SpySweeper.
It is incredibly thorough, has staff dedicated to finding new spyware strains, the ability to report suspicious files, the works.
Just FYI, MS Anti Spyware does report false positives. It believes that TightVNC is spyware. Hmm.. I guess it competes with the MS remote assitance tool. :-) It kinda makes you wonder how it finds "finding twice as many infected files", eh?
DouglasK Do Justly. Love Mercy. Walk humbly with your God.