Slashdot Mirror
Review of Microsoft's Anti-Spyware Tools
happyslayer writes "Matthew Fordahl has written a review of Microsoft's anti-spyware tool and has declared it, in a word, 'ineffective.' Though the methodology isn't carried out completely (he uses another anti-virus program after trying MS's tool, but doesn't do the same with the anti-spyware tool), it's a fairly good anecdote on the MS product's usefulness."
From the end of the article:
Overall, I was more impressed with the antispyware program's protective measures and simple interface than with its ability to cleanse existing infections. Still, Microsoft seems to be on the right path to fixing the mess caused by the careless users, malicious programmers, unethical companies and vulnerable software.
Twenties Retirement
This is great news!
/. intentionally trolling?
Is someone at
I can tell you that I had to clean a machine today that had 56,000 instances of 'Claria' (GAIM aka Gator)
Ad-aware missed them on the first pass...so I used MSAS, and it caught them all. And removed them. Successfully. (whereas Ad-aware would have just quarantined them).
I know I'll get roasted for this obvious 'fanboi' ism, but remember, MSAS is actually still GIANT, who they brought it from. (check your process names while running it...you'll see)
I ran the current version of Spybot, then I ran the current version of AdAware (free version), and when I ran Microsoft Antispyware, it still found stuff to remove that the others didn't
Of course, the program has been criticized for the huge number of false positives that it detects. Did you check to see if the things it found were in fact spyware?
I ran MSAS first, and it found some spyware it was not able to remove. Then running Ad-Aware which identified the spyware correctly, and also removed it. That's proof enough for me that MS AS is not ready.
-- If god wanted me to have a sig, he'd have given me a sense of humor.
If M$ puts this on windows autoupdate as they SHOULD (the browser that brings the crap is free, so the cleanup tool should be equally free), then this will at least put a basic measure of protection in place for the majority of Win users who don't frequent /. for the latest spyware news.
I'm tempted to give kudos to M$ for the effort, but I fear I would get modded Troll for doing so.
Why, oh why, didn't I take the Blue Pill?
Tracking cookies were the only thing MS anti-spyware didn't find, and there is nothing in the documentation about MS antispyware going after such items.... so in other words it performed as advertised -- and needs improvement.
That said I am switching to Mac and leaving this spyware crap behind me.
Did I mention that these services usually cost $40-$60/hr where I live, minimum 1 billable hour (I charge $40 because I don't have a lot of overhead but will raise my rates in the fall).
So that is $40 to $120 everytime the get hit with anything and want help! Yes, I offer to talk to them about migrating to Linux because althoug they get to pay me for my time to help them with the migration, it is far cheaper over a reasonable length of time than it is to call me everytime they get spyware.
LedgerSMB: Open source Accounting/ERP
That's not very fair or informative. You've already run Ad-Aware SE, so chances are your system is clean anyway. Then you run this and find nothing and assume it's not worthwhile?
As for lagginess, that could be attributed to anything, from user perception to it still unloading itself from memory (you didn't mention how long the lagginess lasted).
Come on. This isn't even out of beta form yet.
The author is ineffective at system recovery.
I tested the programs on a Windows XP computer I borrowed from my wife's cousin. The 3-year-old PC, a Gateway running Windows XP Home Edition, was basically unusable.
Me too, except this was a customer.
Error messages appeared when I tried to open the Task Manager, a Windows utility that shows running programs and processes. It refused to load Windows Update, Microsoft's site for downloading security patches and other fixes.
Those plus the TCP stack was corrupt on this machine...wouldn't renew the DHCP lease. Had to manually rebuild that as well.
To load Microsoft's Malicious Software Removal Tool, I had to get it using another machine, load it on a USB drive and install it manually. (It's usually available through Windows Update.)
Or you could have just put the executable on a CD with SP2's executable and MS Anti-Spyware's executable. But that would make sense for someone in the system recovery business and we can't have that!
The tool looks for a limited number of pests, such as "Sasser" and "MSBlaster," so it didn't find the worm, "Netsky.P," that had infected this PC.
The program was designed to search for a few insanely critical bugs. It COMPLIMENTS your set of tools...not replaces them.
But bizarre behaviors -- including multiple pop ups, unwanted toolbars and generally sluggish behavior -- continued.
That's because you're not in safe mode and you haven't stopped the programs from regenerating.
So I rebooted the PC in safe mode...
Now we're going in the right direction!
After rebooting again, the PC continued to show signs of infection, though it did seem less bogged down. Having spent two days disinfecting the system, I broke down and reformatted the hard drive. I then reinstalled Windows XP and all its patches.
Pfffft. Ineffective computer technician.
I don't have the option to just backup whatever I feel is important on a customer's PC...they're paying me to recover their system, not pick which files have to disappear forever and cause them to lose all their settings and programs.
Once again for clarity: INEFFECTIVE COMPUTER TECHNICIAN.
MS Anti-Spyware has done an EXCELLENT job on every single customer PC. The Malware tools from MS make a quick and easy check during the in-home visit for those REALLY nasty bugs.
Who is this guy, anyway? Oh wait...
MATTHEW FORDAHL, AP Technology Writer
Technology WRITER. Leave the tech stuff up to the tech people and have fun with your little Word.
From everybody's stories about which one ran first, second, then third, and there are always things left over after each one, I'd say that's the nature of spyware removal tools.
It's been my experience that with the few tools I've tried, there's always stuff left over. Like someone else said, it may be Microsoft's now, but it was a different brand before. I've never had any real problem with malware on my PC's (home and work), but for my coworkers' and family members' computers, I've never really seen any of the removal tools that were 100% effective.
1. Unix users are self-selecting; they tend to be technically competent and less likely to be infected than the general populace.
2. Unix systems use a wide range of email applications and web browsers, almost all of which have fewer holes than IE/OE. No Unix mail client will execute an attachment for you; you have to save it, enable the execution flag, and then run it yourself.
3. Unix desktops are not nearly as common as Windows desktops, so there're fewer incentives to hack them. They're also quite diverse; a binary for PPC MacOS isn't going to work under x86 OpenBSD, Sparc Solaris, or ARM Linux, which reduces the pool of target machines for a given virus.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Well, this is slashdot, after all. Anything bad you say about Microsoft will be accepted uncritically. Anything you say which doesn't take the appropriate anti-Microsoft tone will get you labeled an astroturfer.
This is pretty typical. Somebody who knows a little something about computers appoints themselves an expert. And they get away with it, because the people around them (in this case the other reporters at AP) know even less. Sad, but not exactly unprecedented. Look at all the other "computer experts" who write total BS in various newspapers and online columns.
I heard that Norton Antivirus 2004 and above check for pirate key generator programs and report them as "hacker programs" or some such and then delete them.
You hit an interesting point, can the program check registrations to see if the software is pirated, and then remove it if it is pirated and report it as Spyware? Already BitDefender, a competing product, is seen as Spyware. So we see the MS tactic here to report competitors as Spyware, which makes MSAS look even better.
Think about it, Mozilla Firefox, Thunderbird, Opera, Eudora, OpenOffice.org, etc can be seen as Spyware this way, and the user is forced to use the Microsoft products that compete with them, to avoid the Spyware alerts.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
I've dealt with a lot of fubared systems. I've dealt with systems that were so full of nefarious DLL hooks that using the machine was literally impossible; ads would pop up, IE instances would launch instead of the action the user was trying to perform. I've dealt with systems that barely managed to boot outside of safe mode due to spyware infestation. And through all this, I've never had the holy triumvirate (AdAware, SpyBot, HijackThis) come up with more than a couple of hundred individual spyware objects. I haven't kept a particular running "high score," but I don't think I've ever seen more than 500, and I know I've never seen 1,000.
I'm not counting cookies, I'm talking about actual spyware, though cookies are often included in the "spyware" reports of popular programs. Still, I don't believe that Windows could even keep up with 56,000 cookies, let alone processes.
I'd like to see a screenshot from any spyware removal tool showing anywhere near 56,000 objects found. I simply don't think it's possible.
I've tried Microsoft Anti-Spyware, and it's really not that bad, but it does generate false positives. On my own system, among other things, it claimed to find a "WhenU SaveNow" infestation inside of a batch file with the following contents:While BearShare does arrive with stowaways like SaveNow and Weathercast, I nuke that junk manually after installation, and neither of those cretins get installed into BearShare's working directory to begin with. There is nothing in that directory infested with any sort of spyware, but MSAS really, really wanted me to quarantine or delete the batch file (along with most of the other files in the BearShare directory). It just makes me curious.
MSAS is not a bad app. I kind of like its "Tracks Eraser" feature. I wrote an app a few years ago called WinSanitizer which does a lot of that, and if I ever decide to finish it up and give it to anyone else, I might include a few of the new ideas that MSAS's "Tracks Eraser" has given me. The "System Explorers" feature is beautiful, and IMO more useful than the anti-spyware feature of the program.
Overall I'd say MSAS is one more tool for the toolbox. I wouldn't dare trust it alone any more than I trust the apps which comprise the triumvirate alone. But I hope during the beta process, they weed out the false positives.
(BTW, I presume you meant GAIN and not GAIM...
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
A lot of the problems with Windows security is that "fixing" much of it will make user's computers just stop working as they expect. I'm not going to defend their email and browser products, but Windows is in an interesting quandary with security.
As for Spyware (which is what I thought the article was about), it's not significantly more difficult to implement on GNU/Linux than Windows -- the main obstacles are the more-experienced users and the lack of actual profit in such an endeavour. The only real technical hitch is that it's much more difficult to install such an app for "all users" on a *nix box than on Windows (thanks to the default Administrator priveleges), but on most desktop systems this will be moot, as either they are single user, or the "host" application will be being installed for all users which will require root priveleges.
I personally see the faults that Spyware exploits more as faults in user knowledge than the underlying system.
I too deal with spyware infested systems quite a bit, and I also doubt the 56,000 number. I've never seen anything remotely close to that, but I have seen a combination of Aluria, MSAS, and Ad-Aware come up with a total of nearly 2000 objects. FWIW.
Emory: Uh..we're still..beta testing that.
Oglethorpe: What you're testing is me and my patience!