Review of Microsoft's Anti-Spyware Tools

happyslayer writes "Matthew Fordahl has written a review of Microsoft's anti-spyware tool and has declared it, in a word, 'ineffective.' Though the methodology isn't carried out completely (he uses another anti-virus program after trying MS's tool, but doesn't do the same with the anti-spyware tool), it's a fairly good anecdote on the MS product's usefulness."

Call me crazy

[edanshekar]

But it's beta, and his methodology is just plain wrong. I'm not one to jump up and defend MS, but WTF?

Re:Call me crazy

[JPriest]

Beta software? They purchased and rebranded giant antspyware which is very much a mature product. It is only "beta" because they plan to make more changes before releasing it as their own.

And yes, I thought the article painted a pretty clear view on the state of Windows security and I think they need to do more. I think part of Microsoft does not care if people's computers become slow and unusable, because computers are appliances. People buy a new one only after theirs quits working.

Microsoft may own the desktop market share, but they do not own the internet and because of their careless decisions Windows boxes are constantly taken over and used for sending spam and DDoS's.

For instance, they have a firewall on but all the services are still in listening state behind it. Email based worms have been successfully using the SAME TRICK for over 10 years now. This is clearly a problem that is not going to be fixed by antivirus companies. Instead of MS releasing a free secured email client, they mostly ignore the problem creating a cash cow for AV companies whose software is intentionally designed to keep users in the dark.

Labels competitors tools as spyware too.

[tpgp]

According to this story on the register, the MS anti spyware tool also labels Bitdefender (a romanian anti virus tool) as spyware.

Re:Makes no sense

[einhverfr]

First, I have never found any spyware problem that I could not resolve in approx 2 hrs or so. It is realtively simple. If Adaware and/or Spybot fail to detect and remove the infection, you have a few options. I do as follows:

1) Boot into safe mode.
2) Delete all browser helper objects. I usually leave Java installed unless it too seems infected (can happen).
3) Run msconfig. Select diagnostic boot. Then reboot into normal mode.
4) Now comes the fun. Open MSConfig and look at the registry entries and startup items. I use Google to identify what they do and note any suspicious items.
5) Just for protection, I create a restore point so I don't remove something I shouldn't and get into trouble. Then I use msconfig to select normal startup. When it asks if I want to reboot, I say "reboot later"
6) I go through the run keys (under HKCU and HKLM). I delete suspicious values. Same with the startup folder. I also review the drivers for anything strange and backup/delete as needed (I have seen drivers which I believed were involved in spyware).
7) Suggest to my customer (if it seems like a good idea) that we discuss migrating to Linux if they have continuing issues.

Reboot to test. Make note of anything that comes back. Reboot in safe mode if necessary to remove those values.

Granted this doesn't remove all the spyware programs, but it does disable their startup. By troubleshooting a problem for days and not being able to solve it, the author of the article has demonstrated that he doesn't really understand the Windows boot process or how to really troubleshoot it. Yes, I only run Linux, but I can troubleshoot Windows with the best.