Slashdot Mirror

← Back to Stories (view on slashdot.org)

Review of Microsoft's Anti-Spyware Tools

Posted by michael on from the better-than-nothing dept.

happyslayer writes "Matthew Fordahl has written a review of Microsoft's anti-spyware tool and has declared it, in a word, 'ineffective.' Though the methodology isn't carried out completely (he uses another anti-virus program after trying MS's tool, but doesn't do the same with the anti-spyware tool), it's a fairly good anecdote on the MS product's usefulness."

21 of 385 comments (clear)

  1. Call me crazy by edanshekar · · Score: 5, Informative

    But it's beta, and his methodology is just plain wrong. I'm not one to jump up and defend MS, but WTF?

    1. Re:Call me crazy by bollox4 · · Score: 2, Informative

      But, the app works! It's one of those rare beasties that does what it says. The only folk that should fear it are those with something to hide. :)

    2. Re:Call me crazy by Deathlizard · · Score: 2, Informative

      Spyware Warrior's Testing of AntiSpyware Clients. Basicially Replace Giant AS with Microsoft AS and there you go.

      I'm using MSAS. It works well, And it's one of the best realtime scanners i've seen so far. Although as you can see from the above comparisons, while Giant AS was one of the best performing apps in the tests, it didn't catch every spyware app out there. In fact no other app did.

      The only problems I see from MSAS so far is it might not be a free app and an MS lawsuit frenzy from every big name spyware company out there screaming Antitrust and monopoly all day.

      --
      In Soviet Russia, Trojan exploits YOU!
    3. Re:Call me crazy by JPriest · · Score: 4, Informative
      Beta software? They purchased and rebranded giant antspyware which is very much a mature product. It is only "beta" because they plan to make more changes before releasing it as their own.

      And yes, I thought the article painted a pretty clear view on the state of Windows security and I think they need to do more. I think part of Microsoft does not care if people's computers become slow and unusable, because computers are appliances. People buy a new one only after theirs quits working.

      Microsoft may own the desktop market share, but they do not own the internet and because of their careless decisions Windows boxes are constantly taken over and used for sending spam and DDoS's.

      For instance, they have a firewall on but all the services are still in listening state behind it. Email based worms have been successfully using the SAME TRICK for over 10 years now. This is clearly a problem that is not going to be fixed by antivirus companies. Instead of MS releasing a free secured email client, they mostly ignore the problem creating a cash cow for AV companies whose software is intentionally designed to keep users in the dark.

      --
      Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
  2. Found things the others didn't... by techstar25 · · Score: 2, Informative

    I ran the current version of Spybot, then I ran the current version of AdAware (free version), and when I ran Microsoft Antispyware, it still found stuff to remove that the others didn't. That's proof enough for me. Of course I immediately uninstalled the MS Antispyware after running it, but that's besides the point. I would never let it run in the systray because if MS's reputation for bloat.

    1. Re:Found things the others didn't... by Anonymous Coward · · Score: 1, Informative
      I would never let it run in the systray because if MS's reputation for bloat.
      So, let me get this straight... It did a good job... it found stuff neither AdAware nor Spybot found... and it's not bloated... but you won't run it because the people who make it have a REPUTATION for bloat?

      You, my friend, need to examine your priorities.
  3. Re:Microsoft Anti-Spyware by PoprocksCk · · Score: 2, Informative

    While the mods may be tempted to mod this up as "Funny," he's got a point. It's pretty well accepted nowadays that the only way to truly avoid spyware and viruses is to stop using Internet Explorer and Outlook.

  4. Hooray! Right? by Anonymous Coward · · Score: 1, Informative

    I'm sure the Slashdot crowd will love this, even though everything I've heard and seen says it's the best product on the market in that space...and it's beta.

  5. Labels competitors tools as spyware too. by tpgp · · Score: 4, Informative

    According to this story on the register, the MS anti spyware tool also labels Bitdefender (a romanian anti virus tool) as spyware.

    --
    My pics.
    1. Re:Labels competitors tools as spyware too. by Frennzy · · Score: 1, Informative

      Stop spreading FUD. MSAS clearly states that the app has legitimate uses. It only alerts the user to it's presence, in case they or their admin hasn't installed it.

    2. Re:Labels competitors tools as spyware too. by tpgp · · Score: 3, Informative
      Stop spreading FUD. MSAS clearly states that the app has legitimate uses. It only alerts the user to it's presence, in case they or their admin hasn't installed it.

      Did you read the article I linked to?
      According to Romanian anti-virus firm BitDefender, the first beta version of Microsoft's software wrongly detects a BitDefender ScanOnline object as being a piece of spyware called "Brilliant Digital".

      It labels it as Brilliant Digital - a tracking cookie. MSAS does not state the app has legitimate uses.
      --
      My pics.
  6. Take off your bandaid... by PoprocksCk · · Score: 1, Informative

    ... 'cause I don't believe in touchdowns.

    This is yet another band-aid supplied by none other than Microsoft. The company has become a bit of a holy saviour lately with all of these "solutions" to the problems with Windows.

    I think most of us remember how Netscape died (rough analogy, I know) -- they just kept piling feature upon feature without digging deep to fix the problem in its roots.

    If Microsoft keeps piling up all of this junk on top of Windows to fix other junk, they will soon see that these types of actions will soon become redundant, and they'll have to seriously start thinking harder about security.

  7. Not effective for me. by SteelV · · Score: 1, Informative

    I used it on my XP Pro. machine after running only ad-aware se personal, and it found nothing. Zero. The Big '0'. Guess it wasn't worthwhile, especially since my computer was noticeably laggy after it had run, which usually doesn't happen with other virus-scan/adware-scan programs.

  8. Re:Makes no sense by einhverfr · · Score: 4, Informative

    First, I have never found any spyware problem that I could not resolve in approx 2 hrs or so. It is realtively simple. If Adaware and/or Spybot fail to detect and remove the infection, you have a few options. I do as follows:

    1) Boot into safe mode.
    2) Delete all browser helper objects. I usually leave Java installed unless it too seems infected (can happen).
    3) Run msconfig. Select diagnostic boot. Then reboot into normal mode.
    4) Now comes the fun. Open MSConfig and look at the registry entries and startup items. I use Google to identify what they do and note any suspicious items.
    5) Just for protection, I create a restore point so I don't remove something I shouldn't and get into trouble. Then I use msconfig to select normal startup. When it asks if I want to reboot, I say "reboot later"
    6) I go through the run keys (under HKCU and HKLM). I delete suspicious values. Same with the startup folder. I also review the drivers for anything strange and backup/delete as needed (I have seen drivers which I believed were involved in spyware).
    7) Suggest to my customer (if it seems like a good idea) that we discuss migrating to Linux if they have continuing issues.

    Reboot to test. Make note of anything that comes back. Reboot in safe mode if necessary to remove those values.

    Granted this doesn't remove all the spyware programs, but it does disable their startup. By troubleshooting a problem for days and not being able to solve it, the author of the article has demonstrated that he doesn't really understand the Windows boot process or how to really troubleshoot it. Yes, I only run Linux, but I can troubleshoot Windows with the best.

    --

    LedgerSMB: Open source Accounting/ERP
  9. Concurs... by stephenisu · · Score: 3, Informative

    I can't believe this is story was posted. As much as I dislike MS on many levels, THIS IS BETA!!!!

    Furthermore, some of the most effective anti-spyware tools I have used have broken windows before. It is in Microsofts best interest to be carefull in their approach to this. If they break legitamite programs with their tool, they a looking at lawsuits (EULA or no) and they have money to go after.

    Please save the bashing until this thing is released officially as non-beta.

    --
    Sigs? We don't need no stinking sigs!
    1. Re:Concurs... by tehshen · · Score: 2, Informative

      Please save the bashing until this thing is released officially as non-beta.

      Why should being beta matter? It is not just a bit you can flip on, and suddenly all the flaws don't matter. It is still 'ineffective', and being beta does not change that.

      --
      Guy asked me for a quarter for a cup of coffee. So I bit him.
  10. Works great-detected what AdA and SpySD didn't! by solafide · · Score: 1, Informative
    I caught 2 spys with it on first day, and yes I do use Firefox!

    But it didn't remove the second because the file was a unist.exe. That didn't happen again!

    I still have Spybot S&D and Ad-Aware, but MS's is a good supplement.

    Billy

  11. I've said it before... by eomnimedia · · Score: 2, Informative

    ...and I'll say it again, but there are Anti-Spyware devices that are the of my eye.

  12. Re:Wow. Anecdotal Evidence! by Anonymous Coward · · Score: 1, Informative
    I don't know how well MSAS really works -- I've had some false positives on machines I've installed it on, but nothing that I found annoying.

    It is very slow however. I hope they make it less CPU intensive on startup when it comes out of beta.

  13. Pointer to a *competent* review by Beryllium+Sphere(tm) · · Score: 2, Informative
    Eric Howes tests anti-spyware products including the one Microsoft bought.

    A test of "I ran A but then I ran B and it found X left over" is meaningless by itself. You need to start over and run in the opposite order, to see how much A catches that B doesn't.

    What Eric Howes found matches what service techs find. There's no tool with 100% coverage. Which, if you know any statistics, tells you that even running multiple tools doesn't guarantee anything. I tell any client who will listen to focus on prevention.

    You know what else is wrong with the AP "review"? He keeps calling the "Malicious Software Removal Tool" (hilarious name, think about it) "antivirus". It's not intended to be. It's a bundle of a few cleanup utilities.

  14. No corporate solution by sremick · · Score: 2, Informative

    This article from a few days ago dubs spyware "IT's public enemy #1" and I have to agree. I admin a small network of about 100 Windows PCs and it's such a headache. Sure, I know how to clean a machine completely... but it involves an arsenal of different programs plus a lot of by-hand work and reboots and safe-mode and such.

    The problem is, there is no one effective tool. The antivirus industry has matured. Granted, Symantec might not catch EVERYTHING but what it DOES catch covers everything I've ever come across, and 99.999% of what most other people will too.

    SpyBot... AdAware... SpySweeper... Giant/MS Antispyware... each catches stuff the others don't. Doesn't matter what order you run them. And I can run ALL of them, and sometimes go into HijackThis and find more spyware still lingering. Sometimes it's remnants of some spyware the tool identified but wasn't effective in completely removing. Sometimes it's an entirely NEW piece of spyware.

    So what's a corporation to do? Sure, some of them offer corporate versions... but since none of the catch a reasonable amount, there's no single one worth investing that amount of money in. So what do you do... manually spend an hour ever week on each machine? x100? x1000? x10000? It's crazy.