Slashdot Mirror

← Back to Stories (view on slashdot.org)

Review of Microsoft's Anti-Spyware Tools

Posted by michael on from the better-than-nothing dept.

happyslayer writes "Matthew Fordahl has written a review of Microsoft's anti-spyware tool and has declared it, in a word, 'ineffective.' Though the methodology isn't carried out completely (he uses another anti-virus program after trying MS's tool, but doesn't do the same with the anti-spyware tool), it's a fairly good anecdote on the MS product's usefulness."

14 of 385 comments (clear)

  1. Call me crazy by edanshekar · · Score: 5, Informative

    But it's beta, and his methodology is just plain wrong. I'm not one to jump up and defend MS, but WTF?

    1. Re:Call me crazy by bollox4 · · Score: 2, Informative

      But, the app works! It's one of those rare beasties that does what it says. The only folk that should fear it are those with something to hide. :)

    2. Re:Call me crazy by Deathlizard · · Score: 2, Informative

      Spyware Warrior's Testing of AntiSpyware Clients. Basicially Replace Giant AS with Microsoft AS and there you go.

      I'm using MSAS. It works well, And it's one of the best realtime scanners i've seen so far. Although as you can see from the above comparisons, while Giant AS was one of the best performing apps in the tests, it didn't catch every spyware app out there. In fact no other app did.

      The only problems I see from MSAS so far is it might not be a free app and an MS lawsuit frenzy from every big name spyware company out there screaming Antitrust and monopoly all day.

      --
      In Soviet Russia, Trojan exploits YOU!
    3. Re:Call me crazy by JPriest · · Score: 4, Informative
      Beta software? They purchased and rebranded giant antspyware which is very much a mature product. It is only "beta" because they plan to make more changes before releasing it as their own.

      And yes, I thought the article painted a pretty clear view on the state of Windows security and I think they need to do more. I think part of Microsoft does not care if people's computers become slow and unusable, because computers are appliances. People buy a new one only after theirs quits working.

      Microsoft may own the desktop market share, but they do not own the internet and because of their careless decisions Windows boxes are constantly taken over and used for sending spam and DDoS's.

      For instance, they have a firewall on but all the services are still in listening state behind it. Email based worms have been successfully using the SAME TRICK for over 10 years now. This is clearly a problem that is not going to be fixed by antivirus companies. Instead of MS releasing a free secured email client, they mostly ignore the problem creating a cash cow for AV companies whose software is intentionally designed to keep users in the dark.

      --
      Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
  2. Found things the others didn't... by techstar25 · · Score: 2, Informative

    I ran the current version of Spybot, then I ran the current version of AdAware (free version), and when I ran Microsoft Antispyware, it still found stuff to remove that the others didn't. That's proof enough for me. Of course I immediately uninstalled the MS Antispyware after running it, but that's besides the point. I would never let it run in the systray because if MS's reputation for bloat.

  3. Re:Microsoft Anti-Spyware by PoprocksCk · · Score: 2, Informative

    While the mods may be tempted to mod this up as "Funny," he's got a point. It's pretty well accepted nowadays that the only way to truly avoid spyware and viruses is to stop using Internet Explorer and Outlook.

  4. Labels competitors tools as spyware too. by tpgp · · Score: 4, Informative

    According to this story on the register, the MS anti spyware tool also labels Bitdefender (a romanian anti virus tool) as spyware.

    --
    My pics.
    1. Re:Labels competitors tools as spyware too. by tpgp · · Score: 3, Informative
      Stop spreading FUD. MSAS clearly states that the app has legitimate uses. It only alerts the user to it's presence, in case they or their admin hasn't installed it.

      Did you read the article I linked to?
      According to Romanian anti-virus firm BitDefender, the first beta version of Microsoft's software wrongly detects a BitDefender ScanOnline object as being a piece of spyware called "Brilliant Digital".

      It labels it as Brilliant Digital - a tracking cookie. MSAS does not state the app has legitimate uses.
      --
      My pics.
  5. Re:Makes no sense by einhverfr · · Score: 4, Informative

    First, I have never found any spyware problem that I could not resolve in approx 2 hrs or so. It is realtively simple. If Adaware and/or Spybot fail to detect and remove the infection, you have a few options. I do as follows:

    1) Boot into safe mode.
    2) Delete all browser helper objects. I usually leave Java installed unless it too seems infected (can happen).
    3) Run msconfig. Select diagnostic boot. Then reboot into normal mode.
    4) Now comes the fun. Open MSConfig and look at the registry entries and startup items. I use Google to identify what they do and note any suspicious items.
    5) Just for protection, I create a restore point so I don't remove something I shouldn't and get into trouble. Then I use msconfig to select normal startup. When it asks if I want to reboot, I say "reboot later"
    6) I go through the run keys (under HKCU and HKLM). I delete suspicious values. Same with the startup folder. I also review the drivers for anything strange and backup/delete as needed (I have seen drivers which I believed were involved in spyware).
    7) Suggest to my customer (if it seems like a good idea) that we discuss migrating to Linux if they have continuing issues.

    Reboot to test. Make note of anything that comes back. Reboot in safe mode if necessary to remove those values.

    Granted this doesn't remove all the spyware programs, but it does disable their startup. By troubleshooting a problem for days and not being able to solve it, the author of the article has demonstrated that he doesn't really understand the Windows boot process or how to really troubleshoot it. Yes, I only run Linux, but I can troubleshoot Windows with the best.

    --

    LedgerSMB: Open source Accounting/ERP
  6. Concurs... by stephenisu · · Score: 3, Informative

    I can't believe this is story was posted. As much as I dislike MS on many levels, THIS IS BETA!!!!

    Furthermore, some of the most effective anti-spyware tools I have used have broken windows before. It is in Microsofts best interest to be carefull in their approach to this. If they break legitamite programs with their tool, they a looking at lawsuits (EULA or no) and they have money to go after.

    Please save the bashing until this thing is released officially as non-beta.

    --
    Sigs? We don't need no stinking sigs!
    1. Re:Concurs... by tehshen · · Score: 2, Informative

      Please save the bashing until this thing is released officially as non-beta.

      Why should being beta matter? It is not just a bit you can flip on, and suddenly all the flaws don't matter. It is still 'ineffective', and being beta does not change that.

      --
      Guy asked me for a quarter for a cup of coffee. So I bit him.
  7. I've said it before... by eomnimedia · · Score: 2, Informative

    ...and I'll say it again, but there are Anti-Spyware devices that are the of my eye.

  8. Pointer to a *competent* review by Beryllium+Sphere(tm) · · Score: 2, Informative
    Eric Howes tests anti-spyware products including the one Microsoft bought.

    A test of "I ran A but then I ran B and it found X left over" is meaningless by itself. You need to start over and run in the opposite order, to see how much A catches that B doesn't.

    What Eric Howes found matches what service techs find. There's no tool with 100% coverage. Which, if you know any statistics, tells you that even running multiple tools doesn't guarantee anything. I tell any client who will listen to focus on prevention.

    You know what else is wrong with the AP "review"? He keeps calling the "Malicious Software Removal Tool" (hilarious name, think about it) "antivirus". It's not intended to be. It's a bundle of a few cleanup utilities.

  9. No corporate solution by sremick · · Score: 2, Informative

    This article from a few days ago dubs spyware "IT's public enemy #1" and I have to agree. I admin a small network of about 100 Windows PCs and it's such a headache. Sure, I know how to clean a machine completely... but it involves an arsenal of different programs plus a lot of by-hand work and reboots and safe-mode and such.

    The problem is, there is no one effective tool. The antivirus industry has matured. Granted, Symantec might not catch EVERYTHING but what it DOES catch covers everything I've ever come across, and 99.999% of what most other people will too.

    SpyBot... AdAware... SpySweeper... Giant/MS Antispyware... each catches stuff the others don't. Doesn't matter what order you run them. And I can run ALL of them, and sometimes go into HijackThis and find more spyware still lingering. Sometimes it's remnants of some spyware the tool identified but wasn't effective in completely removing. Sometimes it's an entirely NEW piece of spyware.

    So what's a corporation to do? Sure, some of them offer corporate versions... but since none of the catch a reasonable amount, there's no single one worth investing that amount of money in. So what do you do... manually spend an hour ever week on each machine? x100? x1000? x10000? It's crazy.