Review of Microsoft's Anti-Spyware Tools

happyslayer writes "Matthew Fordahl has written a review of Microsoft's anti-spyware tool and has declared it, in a word, 'ineffective.' Though the methodology isn't carried out completely (he uses another anti-virus program after trying MS's tool, but doesn't do the same with the anti-spyware tool), it's a fairly good anecdote on the MS product's usefulness."

Call me crazy

[edanshekar]

But it's beta, and his methodology is just plain wrong. I'm not one to jump up and defend MS, but WTF?

Re:Call me crazy

[ikkonoishi]

I know... I mean why test if you don't do an objective test. And how is this news?

This kevlar armor is ineffective. I mean I tried it out and the knife went right through it.

The MS thing is mostly to get rid of the most annoying worms at this point.

Re:Call me crazy

[JPriest]

You didn't read the article, and it is really more of a rant than an actual review. But it was really quite good. I thought the points he made were pretty much spot on.

Re:Call me crazy

[LurkerXXX]

Wow, some beta software doesn't work entirely well. Yep, that's pretty much 'spot on'. Great. Do you think he has any other great insights to make? Do you really think they are worth a slashdot article?

Re:Call me crazy

[tsotha]

Well, this is slashdot, after all. Anything bad you say about Microsoft will be accepted uncritically. Anything you say which doesn't take the appropriate anti-Microsoft tone will get you labeled an astroturfer.

Re:Call me crazy

[bollox4]

But, the app works! It's one of those rare beasties that does what it says. The only folk that should fear it are those with something to hide. :)

Re:Call me crazy

[Deathlizard]

Spyware Warrior's Testing of AntiSpyware Clients. Basicially Replace Giant AS with Microsoft AS and there you go.

I'm using MSAS. It works well, And it's one of the best realtime scanners i've seen so far. Although as you can see from the above comparisons, while Giant AS was one of the best performing apps in the tests, it didn't catch every spyware app out there. In fact no other app did.

The only problems I see from MSAS so far is it might not be a free app and an MS lawsuit frenzy from every big name spyware company out there screaming Antitrust and monopoly all day.

Re:Call me crazy

[fm6]

This is pretty typical. Somebody who knows a little something about computers appoints themselves an expert. And they get away with it, because the people around them (in this case the other reporters at AP) know even less. Sad, but not exactly unprecedented. Look at all the other "computer experts" who write total BS in various newspapers and online columns.

Re:Call me crazy

[MotherSuperior]

This statement is getting ridiculous. In any thread that even vaguely mentions Microsoft (And many that don't.) Someone rants about how everyone on Slashdot is anti-Microsoft.

Am I the only one reading the comments? Or just the only one noticing that for every Microsoft-basher, there's someone jumping into Bill Gates' corner. Granted, there might be a marginally higher population of [Insert trendy alternate OS here] fanboys than MS ones, but come on. I see /tons/ of Highly-Moderated comments that favor Microsoft on any given issue. Considering the comments are moderated by the slashdot readership, one has to assume that not everyone here is a MS basher, doesn't one?

Bottom Line: Microsoft is not entirely evil, nor entirely good. Intelligent people will not label them as such. Rational, right-thinking people will examine each story/issue/what have you, and make judgements accordingly.

Microsoft-bashers: Shut up

Microsoft-basher-bashers: Shut up

Re:Call me crazy

[gl4ss]

it's a "beta". it's only beta in ms's usage..

doesn't change the fact that it's crap, either, compared to others. the bottom line is that you can't live with just it.. you need other tools to cover it's shortcomings.

it's just msav all over again..

Re:Call me crazy

[detlev409]

Happens at my work all the time. "I took my computer to a friend of mine who knows about computers, and he said that pulling a 192 ip address means I need to reimage my machine. I don't know what an eye-pee is, but it sounded technical, so I believe him over the people paid to do this job."

Re:Call me crazy

[JPriest]

Beta software? They purchased and rebranded giant antspyware which is very much a mature product. It is only "beta" because they plan to make more changes before releasing it as their own.

And yes, I thought the article painted a pretty clear view on the state of Windows security and I think they need to do more. I think part of Microsoft does not care if people's computers become slow and unusable, because computers are appliances. People buy a new one only after theirs quits working.

Microsoft may own the desktop market share, but they do not own the internet and because of their careless decisions Windows boxes are constantly taken over and used for sending spam and DDoS's.

For instance, they have a firewall on but all the services are still in listening state behind it. Email based worms have been successfully using the SAME TRICK for over 10 years now. This is clearly a problem that is not going to be fixed by antivirus companies. Instead of MS releasing a free secured email client, they mostly ignore the problem creating a cash cow for AV companies whose software is intentionally designed to keep users in the dark.

Re:Call me crazy

[m50d]

Slashdot just appears anti-MS because you won't find Linux zealots anywhere else. Really, try any other discussion forum on the web. A few Linux zealots get visible posts on OSNews, but they usually get modded down. When I was IP-banned for a month or so I spent days looking for a site like it, but there isn't one. Here are a bunch of people who believe that Linux is superior to Windows. This really is a unique situation. And so we appear to outsiders to be anti-MS.

Re:Call me crazy

I totally agree with you on things not being black & white. But implying that Slashdot in sum is almost neutral on Linux/Google/Mac vs MS an others is really pushing it IMO.

And Slashdot has sort of always been in that camp. But for me it has seemed to get a lot worse lately. Where "we" increasingly use and mod up fud and bullshit, which "we" used to be against, just because it is anti-MS or pro Linux/Google/Mac.

Maybe that is why you now are seeing so many posts complainging about it? I miss that Slashdot was more news for nerds and less religion for nerds.

Re:Call me crazy

[zootm]

A lot of the problems with Windows security is that "fixing" much of it will make user's computers just stop working as they expect. I'm not going to defend their email and browser products, but Windows is in an interesting quandary with security.

As for Spyware (which is what I thought the article was about), it's not significantly more difficult to implement on GNU/Linux than Windows -- the main obstacles are the more-experienced users and the lack of actual profit in such an endeavour. The only real technical hitch is that it's much more difficult to install such an app for "all users" on a *nix box than on Windows (thanks to the default Administrator priveleges), but on most desktop systems this will be moot, as either they are single user, or the "host" application will be being installed for all users which will require root priveleges.

I personally see the faults that Spyware exploits more as faults in user knowledge than the underlying system.

Re:Call me crazy

[ssimontis]

I tried it out on our family PC. After a scan with Spybot, I still found spyware with the MS solution. However, I didn't test it with AdAware. Still, I found it surprising that it worked so well, but I have no plans to install it on my machine.

Re:Call me crazy

[fm6]

Happens everywhere. Once I had to change my seat in a restaurant because I couldn't listen to the technogibberish a guy was spouting to impress his date.

I'm a technical writer, and I think a major reason my profession has such a lousy reputation is that it attracts people who learn a little tech, and then get their egos all bound up in proving how much they know. Which is can be a real problem, since half the job is sitting quietly, listening to people who know more than you do.

But what really bugs me is when otherwise intelligent people just totally overestimate their knowledge. Two of my favorite genre writers are Michael Connelly and John Sandford -- but when they try to write techno-thrillers, they manage to get so much stuff wrong, it's hilarious.

Re:Call me crazy

[sumdumass]

I saw some sites that claimed it found spyware inside quarentine folders as well as removing parts of spyware that do not do anythign but are requied for shareware programs and the likes to still work.

Re:Call me crazy

[fm6]

You mean, "Can Mossburg count?" and the answer is "Obviously not."

Microsoft Anti-Spyware

[sjrstory]

Oxymoron?

Re:Microsoft Anti-Spyware

[PoprocksCk]

While the mods may be tempted to mod this up as "Funny," he's got a point. It's pretty well accepted nowadays that the only way to truly avoid spyware and viruses is to stop using Internet Explorer and Outlook.

Re:Microsoft Anti-Spyware

[NanoGator]

" It's pretty well accepted nowadays that the only way to truly avoid spyware and viruses is to stop using Internet Explorer and Outlook."

Nitpick: I think you mean Outlook Express. Outlook is a very different mail app, and it's significantly more secure. I wouldn't say it's as strong as Firefox, but I have been using OL2k for the last .. err. since it came out and STILL haven't been bitten.

Re:Microsoft Anti-Spyware

[maotx]

One of our users who failed to heed the advice of thee allmighty IT department was infected through Microsoft Outlook with a mass-mailing worm.

Re:Microsoft Anti-Spyware

[KinkifyTheNation]

Using Firefox i've never needed to run any AVs or Anti-Spyware programs. I run them every few months or so, just to be sure, and never get anything more than a cookie here and there.

Re:Microsoft Anti-Spyware

[sjrstory]

There is a fine line between troll and funny it would seem :/

Re:Microsoft Anti-Spyware

[Babbster]

I'm pushing this post down to 1 because, frankly, I don't want to encourage anyone else, but I use Outlook Express (out of sheer laziness) for my e-mail and I don't have a single problem. Of course, the fact that I run an e-mail virus scanner that activates before the mail even reaches the inbox, the fact that I don't open any message from an unknown source, the fact that I would never open an attachment (or even a .jpeg) unless I've been notified in advance that it's coming), AND the fact that I turned off the preview pane makes OE plenty secure enough for me.

Oh yeah, and I get about 10 legitimate e-mails per week which makes it easy to determine what's right and what's wrong at a glance.

Bottom line is that for a lazy, but reasonably smart, computer user who just doesn't deal with e-mail that much, OE works fine after it's been crippled up. That being said, I wouldn't use IE more than once a month on my home PC if somebody paid me. :)

Found things the others didn't...

[techstar25]

I ran the current version of Spybot, then I ran the current version of AdAware (free version), and when I ran Microsoft Antispyware, it still found stuff to remove that the others didn't. That's proof enough for me. Of course I immediately uninstalled the MS Antispyware after running it, but that's besides the point. I would never let it run in the systray because if MS's reputation for bloat.

Re:Found things the others didn't...

I would never let it run in the systray because if MS's reputation for bloat.

So, let me get this straight... It did a good job... it found stuff neither AdAware nor Spybot found... and it's not bloated... but you won't run it because the people who make it have a REPUTATION for bloat?

You, my friend, need to examine your priorities.

Re:Found things the others didn't...

[Tenebrious1]

I ran the current version of Spybot, then I ran the current version of AdAware (free version), and when I ran Microsoft Antispyware, it still found stuff to remove that the others didn't

Of course, the program has been criticized for the huge number of false positives that it detects. Did you check to see if the things it found were in fact spyware?

I ran MSAS first, and it found some spyware it was not able to remove. Then running Ad-Aware which identified the spyware correctly, and also removed it. That's proof enough for me that MS AS is not ready.

Re:Found things the others didn't...

[Hork_Monkey]

I also ran it after Spybot and AdAware and it found more items.

Quite frankly, I was impressed.

Perhaps the author of the review went in with the intent of giving a bad review?

Re:Found things the others didn't...

[theconartist]

The fact that its BETA doesn't change that the point was invalid. And what does Jesus have to do with this...?

Re:Found things the others didn't...

[10101001+10101001]

Clearly, when Jesus isn't busy helping rap artists and football stars he's busy fucking up software. Just further proof that Jesus is pro hos; bitches; guys with bling, bling; and large sweaty guys while he's against fat and thin geeks and the internet in general.

Re:Found things the others didn't...

[norminator]

From everybody's stories about which one ran first, second, then third, and there are always things left over after each one, I'd say that's the nature of spyware removal tools.

It's been my experience that with the few tools I've tried, there's always stuff left over. Like someone else said, it may be Microsoft's now, but it was a different brand before. I've never had any real problem with malware on my PC's (home and work), but for my coworkers' and family members' computers, I've never really seen any of the removal tools that were 100% effective.

Re:Found things the others didn't...

[st0rmshad0w]

"I've never really seen any of the removal tools that were 100% effective"

Fdisk.

Re:Found things the others didn't...

[DarkEdgeX]

I've never ran an anti-spyware tool before, so I ran Microsoft's. It came up with one hit, for eDonkey 2000 (which it says installs spyware). Problem was, I hadn't installed eDonkey 2000. What it detected was the presence of eMule being installed (it looked at the protocol handler for ed2k:// to determine that eDonkey 2000 was installed). It did, though, rank the threat level as "Low", but still a false positive nonetheless.

Other than that, it didn't find anything (I don't install anything that has spyware). It was also very quick, and the real-time monitoring is pretty informative about what apps are doing behind your back. I'll probably use it in the background regularly once they get out of beta with it (assuming it remains free).

Re:Found things the others didn't...

[ArsenneLupin]

Pfft. That's really easy to fix, you just have to run it again and recreate the partitions.

That's why you plop that SuSE CD in, right after running fdisk...

Re:Found things the others didn't...

[prisoner]

This always the way it is. Adaware updates their files and it finds stuff that spybot doesn't. Spybot updates and finds stuff left over from adaware. I switched between believing in one or the other until I figured out that you simply have to run both. There isn't any way around it. If it is more than minimally infected you're going to have to hijaak it and continue to dig....

Re:Found things the others didn't...

[gstoddart]

I ran the current version of Spybot, then I ran the current version of AdAware (free version), and when I ran Microsoft Antispyware, it still found stuff to remove that the others didn't.

You ran it? I installed it last week and I've yet to find a way to launch it.

Anyone care to post easy instructions for those of us too thick to track it down yet?

Re:Found things the others didn't...

[babybird]

I've seen a few instances where windows fdisk was not able to do anything with the drive. There can be conditions where it will neither create a new partition, nor delete the existing partitions. It takes Linux fdisk to fix it, or Partition Magic or similar program. So fdisk is out, if you're refering to the Windows/DOS version. ;)

Again?

How many times are we going to have a Slashdot blurb about someone reviewing this thing?

Makes no sense

If Giant Anti-Spyware is ineffective, then please, what do you call Spybot S&D? Worthless?

Giant and Webroot's are the only two that work at all, and neither is overly impressive. So what is the author trying to say?

Re:Makes no sense

[einhverfr]

First, I have never found any spyware problem that I could not resolve in approx 2 hrs or so. It is realtively simple. If Adaware and/or Spybot fail to detect and remove the infection, you have a few options. I do as follows:

1) Boot into safe mode.
2) Delete all browser helper objects. I usually leave Java installed unless it too seems infected (can happen).
3) Run msconfig. Select diagnostic boot. Then reboot into normal mode.
4) Now comes the fun. Open MSConfig and look at the registry entries and startup items. I use Google to identify what they do and note any suspicious items.
5) Just for protection, I create a restore point so I don't remove something I shouldn't and get into trouble. Then I use msconfig to select normal startup. When it asks if I want to reboot, I say "reboot later"
6) I go through the run keys (under HKCU and HKLM). I delete suspicious values. Same with the startup folder. I also review the drivers for anything strange and backup/delete as needed (I have seen drivers which I believed were involved in spyware).
7) Suggest to my customer (if it seems like a good idea) that we discuss migrating to Linux if they have continuing issues.

Reboot to test. Make note of anything that comes back. Reboot in safe mode if necessary to remove those values.

Granted this doesn't remove all the spyware programs, but it does disable their startup. By troubleshooting a problem for days and not being able to solve it, the author of the article has demonstrated that he doesn't really understand the Windows boot process or how to really troubleshoot it. Yes, I only run Linux, but I can troubleshoot Windows with the best.

Re:Makes no sense

[einhverfr]

Did I mention that these services usually cost $40-$60/hr where I live, minimum 1 billable hour (I charge $40 because I don't have a lot of overhead but will raise my rates in the fall).

So that is $40 to $120 everytime the get hit with anything and want help! Yes, I offer to talk to them about migrating to Linux because althoug they get to pay me for my time to help them with the migration, it is far cheaper over a reasonable length of time than it is to call me everytime they get spyware.

Re:Makes no sense

[st0rmshad0w]

If thats the extent of your process, you aren't anywhere near completing the cleanup.

Re:Makes no sense

[1000101]

"It is realtively simple."

You have completely missed the point of why Microsoft is releasing this spyware removal tool (or any other spyware removal company). Do you really think they are releasing this for service professionals like yourself?? Hell no. They are releasing this so people don't have to go to people like you for help. It is "relatively simple" for you because you are a pro. But for John Avg. Doe, what you just described is both a major pain in the ass as well as way over his head.

Re:Makes no sense

[einhverfr]

Note, this only prevents all the spyware from running in the computers in about 90% of my customer's cases. In the other cases, I have to rely on additional tools including (but not limited to):

netstat
comparing filenames from the root C and D directories with those in the Windows directories
filemon
regmon

Additionally, sometimes, I have had to uninstall infected copies of Java, and a few other odds and ends.

Re:Makes no sense

[SithGod]

Just out of curiosity, what would you do at this point? It's one thing to say that a person isn't done but an entirely different thing to say why and what else they should do.

Re:Makes no sense

[neotuli]

I beleive you're wrong. You see, currently, there exists virtually no spyware/malware for the Linux world, so for now it is not an issue. If Linux does, however become more popular, I'm sure the number will rise.
I think you've missed how spyware/malware spread themselves, user stupidity. So, in theory, on a Linux system, you would need root privalege to install such an item system wide. The problem here is that if Joe Sixpack begins using Linux, he is also his own system admin, and has root access.
So I pose the question: Would Joe stop to think for even a moment if there was some 'cool' program he wanted to try out, but it was loaded with spyware?
I'd tend to think he would not in fact stop to think, because this is how most adware/spyware/whateverware end up on Windows machines in the first place, people make stupid decisions. For instance, in my case, back in my Windows days, I simply did not install things with spyware and did not stupidly click on random popups, and thus I had a very clean and well running Windows system.

Re:Makes no sense

[mackkie]

You forgot to check for nonsense keys under

HKLM/software/microsoft/windows NT/current_version/winlogon/notify

keys which don't have one of these as dllname:
crypt32.dll
cryptnet.dll
cscdll.dll
w lnotify.dll
sclgntfy.dll

Anything that loads keys in there I consider the "nasty" spyware cause even in safe mode they will load.

Re:Makes no sense

[st0rmshad0w]

"But for John Avg. Doe, what you just described is both a major pain in the ass as well as way over his head."

But lets say for sake of argument that the process mentioned is correct and reasonable complete, how is MS's app going to help a person needing a pro tech to fix his/her machine if the app doesn't get the same results as athe cleanup process? Not to mention that a machine already messed up is likely to but uncleanable without professional help. Why doesn't MS just fix its bloody vulnerabilities?

This app doesn't do Joe Avg. any good at all since it doesn't solve the bloody problem, it's just another band-aid, just a way for MS to dodge a lawsuit by saying "hey, we gave people a repair tool!"

Re:Makes no sense

[st0rmshad0w]

Well first off, before anything else, I'd wipe out all the temp files, all of them, everywhere, all profiles. I'd also clear out the prefetch folder and anything that looks like a dump for non-necessary code.

Be real careful to check running services.

System Restore, I have concluded, is the devil and should not be trusted, it brings back evil as well as good. Best to turn it off until the machine is cleaned.

Make certain the recycler is emptied.

Check the add/remove programs, some of these nasties actually include easy uninstallers to be viewed as legitamate.

All else fails, get a young priest and an old priest.

Re:Makes no sense

[einhverfr]

The point of my procedure is to disarm the harmful software and prevent it from running. I do usually purge system restore, recycle bin, and temporary files after, and there are a couple of registry keys (the shell key, winlogon/notify, etc) which I didn't include but should have in my list.

Always prevent the software from running *before* removing the files. Otherwise you are asking for problems.

Re:Makes no sense

[Agret]

Lavasoft Ad-Aware works the best in most cases. Remove the stuff it didn't detect manually with hijackthis after your scan.

Re:Makes no sense

[st0rmshad0w]

"Always prevent the software from running *before* removing the files. Otherwise you are asking for problems."

Total agreement there, I generally will not start a cleanup without first purging all that stuff by putting the drive in a cage and accessing it from a laptop, after that you can proceed in relative safety.

I wonder when it becomes legal to curb-stomp the people who write these blasted things?

Re:Makes no sense

[i_bill]

Giant? Webroot? WTF? Spybot is rather effective, but recently I've found that it's not cleaning everything. I clean approx. 5 machines a week (usually the same ones) at my school. They're Windows 98 Machines. (ya, i'm gonna kill the persons responsible for MyWebSearch, after castrating them with a spoon--it hurts more--and beating them senselessly--ya, that's a threat. Anyone wanna help) but enough rambling. Ad-Aware catches about 500 items, while Spybot only catches 70. However, Ad-Aware hangs up trying to delete the selection. Perhaps it's because it's windows 98, or they're slow machines, I don't know. Neither seems terribly effective. The only solution seems to be formatting for badly infected machines (which often have viruses anyways...), or unplugging the stupid thing and refusing to allow the users to access the internet if they're gonna be so stupid as to use CoolWWWSearch instead of google as their primary search engine Anyways, it's a constant uphill battle, and I don't understand why a normal human being could possibly be so stupid as to offer such crap to stupid people. Sure, hacking and virus writing can be used as a status symbol, but Adware and Spyware are just sick. I generally use the two most popular removal tools in concert, or just format. Wow, I need to lay off the caffiene so that I don't post freaking books lmao. ~Not-so-anonymous Caffienated Coward

Re:Makes no sense

[st0rmshad0w]

Lots more expensive around here, in the neighborhood of $120-$180 per hour depending, one heavy infection on a 2-3 year old machine could easily approach the cost of a POS Dell.

I've started recommending Mac's for people's internet needs.

Re:Makes no sense

[einhverfr]

Actually that is not what I meant. YOu can quickly hose a system by deleting an exe that is referred to in the shell key. Always remove the ability of the software to startup before removing it.

Re:Makes no sense

[einhverfr]

I beleive you're wrong. You see, currently, there exists virtually no spyware/malware for the Linux world, so for now it is not an issue. If Linux does, however become more popular, I'm sure the number will rise.

The only problem is how does spyware-infected-gratis compete with libre-Free? I think that ad

I think you've missed how spyware/malware spread themselves, user stupidity. So, in theory, on a Linux system, you would need root privalege to install such an item system wide. The problem here is that if Joe Sixpack begins using Linux, he is also his own system admin, and has root access.

Actually this point is one you actually understate. Actually, who says you need a system-wide install? It seems to me that adware and spyware would be more targetted if they were installed for specific users. And this need not require root privilage at all.

As a thought experiment, try designing adware for Linux sometime. it isn;t hard as long as you assume voluntary install, but I think market forces will continue to mitigate the threat.

Yes, it is possible to set things up so that a normal user cannot install ANY executable content but this is actually remarkably difficult as there are so many ways to run a program (which may not have executable permissions).

Image, a shell script that waits a random time, forks, and opens a menuless Mozilla window with an ad...

So I pose the question: Would Joe stop to think for even a moment if there was some 'cool' program he wanted to try out, but it was loaded with spyware?

The fact that all his friends say that this other program is better and doesn't mess with his system. Libre beats Gratis any day. And Linux has an open source ecology that Windows generally lacks when it comes to simple free utilities.

I'd tend to think he would not in fact stop to think, because this is how most adware/spyware/whateverware end up on Windows machines in the first place, people make stupid decisions. For instance, in my case, back in my Windows days, I simply did not install things with spyware and did not stupidly click on random popups, and thus I had a very clean and well running Windows system.

Most spyware used to get installed because of the means you suggest but as users become more wary, the software becomes more sneaky. It is happening now, but Linux is more resistant to this tactic too.

I am not saying that these won';t exist on Linux (they are trivial to write), but rather that there are other reasons why they will not be the horrible problem that they are on Windows.

Re:Makes no sense

[jim_v2000]

You know, I rather miss having to remove adware and spyware since I started using Firefox and a firewall.

Re:Makes no sense

[detlev409]

First, I have never found any spyware problem that I could not resolve in approx 2 hrs or so.

Never met a VX2 infection, have you? I have yet to come across a single consistent removal method for that shite. We spent 8 hours tag-teaming a laptop at work, just to see if we could get rid of it. Ended up wiping it.

Re:Makes no sense

[lee+n.+field]

First, I have never found any spyware problem that I could not resolve in approx 2 hrs or so. It is realtively simple.

In the last month I've run into several systems with Coolwebsearch variants that appear, so far, to be unremovable. Every tool I have. Everywhere I know to look (and I look more places than you), and it keeps coming back, overwriting the hosts file, hijacking the home page.

If it's taking more than two hours, it's probably time (the clock is ticking, $69/hr) to think about backing up user data and repaving the system.

Re:Makes no sense

[iamwahoo2]

Because you cannot just download and easily install most programs on Linux, it usually takes at least some knowledge of package management. Most software is installed by using Suse or Mandrake or Debian's special package management fromtend which you know only has software that is monitored by the distribution. I am not saying it is impossible to make a binary that would be easy to install on many distros with very little knowledge of package management, but it is not easy.

Re:Makes no sense

[v1]

Do you expect more than 5% of pc users to be able to do those things? And you, an expert with them, take two hours to do this? My god, how many days would it take Joe Average to do the same thing, and what are the chances of him managing this without breaking his system?

Saying this is a reasonable solution is like saying send a mechanic to fix the mars rover. Possible? maybe. Practical? Get outa here.

Re:Makes no sense

[prisoner]

Is VX2 the one where the executable is renamed every time you reboot? That one is nasty.

Re:Makes no sense

[einhverfr]

Do you expect more than 5% of pc users to be able to do those things?

No. That is why they pay me to do this.

And you, an expert with them, take two hours to do this? My god, how many days would it take Joe Average to do the same thing, and what are the chances of him managing this without breaking his system?

I always tell my customers to call me if standard adware removal tools fail to remove the adware. No, these techniques are NOT average user safe (neither is anything to do with the registry-- "Look ma! I just deleted this think called "HKEY_LOCAL_MACHINE").

Part of my solution is trying to tell customers to migrate to firefox and/or Linux.

Saying this is a reasonable solution is like saying send a mechanic to fix the mars rover.

What I was trying to say is that if he claims to have spent several days on this problem that he doesn't know how to troubleshoot it. Nothing more.

Re:Makes no sense

[einhverfr]

Careful auditing of the system should be enough to keep it from running. Removal is then possible once you prevent it from starting up. Since it renames itself on every reboot, you have to focus on preventing it from starting. This means:

Run keys
Startup folder
Check for files in the C and D drives which have the same name as files in %windir%
winlogon\notify keys
Running services
Process list
command-line keys in HKCR (nasty-- always check though before removing files)

Here is the thing-- you can never expect to remove all spyware by looking for the executables. Instead you look for a means for them to start. Once this is found, it is a quick jump to removing or at least disarming the virus.

Re:Makes no sense

[rakxzo]

I've cleaned probably hundreds of VX2 infections, successfully by using the Ad-aware plugin for VX2. I did spend hours at first but once you get it down, its quite simple.

Re:Makes no sense

[detlev409]

Well, I'm glad that thing is working for somebody. I'd run that thing all day long, safe mode or not, and it'd be ineffectual. I'd get it down to guard.tmp and one random dll. Sure, Ad-Aware would say it cleaned it all, but running a scan would reveal it back in no time. Not every infarktion is that bad, but it's usually one or two a week at our place.

Actual conclusion

[wmspringer]

From the end of the article:

Overall, I was more impressed with the antispyware program's protective measures and simple interface than with its ability to cleanse existing infections. Still, Microsoft seems to be on the right path to fixing the mess caused by the careless users, malicious programmers, unethical companies and vulnerable software.

Hooray! Right?

I'm sure the Slashdot crowd will love this, even though everything I've heard and seen says it's the best product on the market in that space...and it's beta.

Re:Hooray! Right?

[oddfox]

It's a beta, sure, but you have to remember that so far all it seems that Microsoft has done is re-branded it and, apparently, released updated definitions. I had it installed a while back and was surprised that in the process of the public beta stuff they're updating the definitions, although it makes sense, either way. One of the parts of it that I found really nice was all the false positives that it generated, most notably the one that a lot of users experience, registry entries for the ed2k protocol are thought to be something that should be warned about on the first run, even though it's not only edonkey2k that uses the network.

As far as how viable this tool is compared to the others -- Those are free, this one will NOT be, and there's even discussion of it being a subscription based service. I don't see many people jumping on the bandwagon to pay for an anti-spyware program that's more style than substance as far as I've experienced. It looks great, it functions great, it's a good program, but it's not worth the money IMHO.

P.S. -- If it is decided by Microsoft to release this as freeware, then hats off to them for finally deciding -not- to screw their userbase once more. It's really, really easy for spyware/adware to get on your computer unless you're savvy about computer usage in general, which, unfortunately, the majority of computer users are not. I would love them to make me take back my statement that it will not be free.

Wow. Anecdotal Evidence!

[Frennzy]

This is great news!

Is someone at /. intentionally trolling?

I can tell you that I had to clean a machine today that had 56,000 instances of 'Claria' (GAIM aka Gator)

Ad-aware missed them on the first pass...so I used MSAS, and it caught them all. And removed them. Successfully. (whereas Ad-aware would have just quarantined them).

I know I'll get roasted for this obvious 'fanboi' ism, but remember, MSAS is actually still GIANT, who they brought it from. (check your process names while running it...you'll see)

Well...

[Mad+Merlin]

I don't know about you, but I'd get pretty nervous about using any software that Microsoft *openly* admits is beta.

Re:Well...

[SenorChuck]

Heh. From my personal experience, most of their beta software is more stable than the shrinkwrapped stuff. I think so far Windows 2000 and Windows XP have been the exceptions. Most instability there has been caused by crap platform drivers from nVidia or crap video drivers from ATi, or crap platform drivers from VIA. Pick your poison, as they say. Thankfully, the stability of said drivers has vastly improved over the months and years..

ive said it before

[TedCheshireAcad]

PHIARPHOCKS You should not have had to download this MS tool in the first place.

Re:ive said it before

[AutoTheme]

Why not? Because all of the Linux/SunOS and MacOs distros include one?

Re:ive said it before

[Agret]

A lot of spyware is bundled with other applications. You don't just get it from the net. Case example is the recent Public Beta of Exeem. It contains Cydoor.

Labels competitors tools as spyware too.

[tpgp]

According to this story on the register, the MS anti spyware tool also labels Bitdefender (a romanian anti virus tool) as spyware.

Re:Labels competitors tools as spyware too.

[Frennzy]

Stop spreading FUD. MSAS clearly states that the app has legitimate uses. It only alerts the user to it's presence, in case they or their admin hasn't installed it.

Re:Labels competitors tools as spyware too.

[tpgp]

Stop spreading FUD. MSAS clearly states that the app has legitimate uses. It only alerts the user to it's presence, in case they or their admin hasn't installed it.

Did you read the article I linked to?

According to Romanian anti-virus firm BitDefender, the first beta version of Microsoft's software wrongly detects a BitDefender ScanOnline object as being a piece of spyware called "Brilliant Digital".

It labels it as Brilliant Digital - a tracking cookie. MSAS does not state the app has legitimate uses.

Re:Labels competitors tools as spyware too.

[Frennzy]

My bad...a mass confusion of open windows, and too many people giving "omg VNC is not teh spyware!". Sorry...the link does state what you said.

Re:Labels competitors tools as spyware too.

[spacefight]

Irfanview gets also listed ase BDE for no reason.

Take off your bandaid...

[PoprocksCk]

... 'cause I don't believe in touchdowns.

This is yet another band-aid supplied by none other than Microsoft. The company has become a bit of a holy saviour lately with all of these "solutions" to the problems with Windows.

I think most of us remember how Netscape died (rough analogy, I know) -- they just kept piling feature upon feature without digging deep to fix the problem in its roots.

If Microsoft keeps piling up all of this junk on top of Windows to fix other junk, they will soon see that these types of actions will soon become redundant, and they'll have to seriously start thinking harder about security.

Er, isn't this a duplicate? like 2 days ago

like they don't even read their own site?

Not effective for me.

[SteelV]

I used it on my XP Pro. machine after running only ad-aware se personal, and it found nothing. Zero. The Big '0'. Guess it wasn't worthwhile, especially since my computer was noticeably laggy after it had run, which usually doesn't happen with other virus-scan/adware-scan programs.

Re:Not effective for me.

[bonch]

That's not very fair or informative. You've already run Ad-Aware SE, so chances are your system is clean anyway. Then you run this and find nothing and assume it's not worthwhile?

As for lagginess, that could be attributed to anything, from user perception to it still unloading itself from memory (you didn't mention how long the lagginess lasted).

Come on. This isn't even out of beta form yet.

It's not a bug....

[St.Anne]

I think the reviewer may have accidentally installed "Home" rather than "Pro Edition"

It works very well in the real world.

[phaetonic]

I have to give credit to Microsoft purchasing the company who made this AntiSpyware program. Yesterday I went to a client site and their server got infected (surfing on a naughty site I'm sure) and AdAware and Spybot removed a few but the machine was still hosed. I was unable to double click on any icon on the desktop - I would get a GPF. I went in safe mode with networking, downloaded the MS AntiSpyware tool, went in regular mode to install it (LUCKILY that worked, not sure why), went back in safe mode to run the tool, and it wiped out over 20 different spyware signatures and over 100 files, much more than either of the other tools. After a few hours, the machine was running perfectly with the icons allowing to be double-clicked on.

Re:It works very well in the real world.

[theconartist]

This doesn't really prove that MSAS out-preformed SpyBot or AdAware...
Did you even consider that you should have run the other 2 in safe mode before downloading and trying MSAS...?

Re:It works very well in the real world.

[detlev409]

It did what the other two could not. What exactly did you expect it to do, serve tea when it was done? Running Adaware in safe mode doesn't change anything. It may make it easier to remove items, but you don't find anything else you didn't find in regular mode.

Re:It works very well in the real world.

[theconartist]

No. There is no logical way you could come to that conclusion. It didn't outpreform the other 2, it most likely did worse. The person that made this comment was to stupid to try spybot and adaware in safe mode, which is reccomended because spyware can mask themself otherwise.

WTF?

[DarkBlackFox]

What's up with all these "reviews" immediately condemning this new tool? As far as I can tell, it's an honest attempt on Microsoft's part to actively aid it's customers in removing crap from their computers. I've used it myself at work, and after running Spybot, Ad-Aware, SpySweeper, and HijackThis, Microsoft Antispyware still manages to flag and remove quite a few leftovers.

Granted, by itself it may not be the most effective thing in the world, but the same can be said for any antispyware/antivirus software. We need to run at least 3 antispyware programs at work, and at least 2 antivirus programs before we feel confident that a computer is clean enough to return to the customer.

Besides the fact that it's just a beta, it's worked out pretty well for what it is. The interface is easy enough to figure out and use, and it identifies software which comes bundled with adware/spyware. When was the last time Spybot or Ad-Aware flagged Kazaa or Imesh as adware bundlers, while the default action is "ignore," but removal and quarantine are obvious choices? I say enough of these reviews. I'll be "reviewing" it myself by using it for what it can do well. If the final version works as well as this does, or better, it'll stay on my list of removal tools for my customers.

Re:WTF?

[st0rmshad0w]

"We need to run at least 3 antispyware programs at work, and at least 2 antivirus programs before we feel confident that a computer is clean enough to return to the customer."

And that my friend is the reason that I've begun to recommend Mac's even tho I work for an MS partner. It has now become more cost effective to replace the machine than clean/repair it if it's a Windows box. Sad but true.

Re:WTF?

[DarkBlackFox]

Windows XP's SP2 is a step in the right direction. Computers I've loaded that on have yet to return with any more serious infections. Building the OS properly in the first place would have made life easier for us techs, but more difficult for the people who simply "want things to work."

I completely agree with you (although it's not often I reply and can say such about an AC) that the platform is not best for the customer. However, my primary customers are laypersons who know only enough about the computer to identify the case/tower as the "modem" and that Windows is "the thing with the start thingey I click." All they know is they need Word to type stuff, AOL is the internet, and they think the flashing banner ads saying "your system clock is not accurate" are legitimate windows messages. Securing the platform is only half the battle though. All the consumer level security we can provide is useless against a kid who does everything in his power to install Kazaa to download the latest pop crap music. All the kid needs to do is click past the numerous "are you sure you want to install this even though it may cause death, temporary blindness, spyware infections, various heart conditions, etc" warnings associated with installing software on a "secure" system. The solution? Give them a limited or locked down account. But wait, now the tax software they purchased from Staples won't install or function properly.

There is no magic bullet to the problems the common user faces these days, other than a mass migration to Mac or Linux. Even that would only pose a temporary solution though. The former doesn't seem likely when our userbase prefers lower price over quality of components, e.g. $399 PC with monitor, kb/mouse/speakers vs. even $499 for the new Mac, without kb/mouse/monitor. Education can help to an extent, but there are only so many users with the will to learn the WHY as opposed to the HOW of the way software operates. Hence the later solution of Linux, or the lack of current viability thereof. People are afraid of what they don't know, and even more afraid of something they don't know when it doesn't work. I'd gladly recommend linux for 80% of the clients I serve, only these clients have the expectation of things just "working" without explanation, rhyme, or reason. They would try to install Windows software on linux, even after multiple explanations of why that wouldn't work.

Along the same lines are the security concepts in OSX. It's all great and fine to use an admin password to control installing software, but what of it when some adware/spyware bundled software package is cobbled together for Mac, installed alongside some Mac Kazaa equivalent. It's not so much a problem now, but if Mac and Linux were both to become totally mainstream and at some point surpass Windows as the dominant operating systems, I have no doubt we will see an increase in the number of malicious programs for both systems. Spammers and phishers will not so easily give up their target audience, and will gladly shift platforms accordingly, using whatever methodologies to ensnare the unsuspecting and ignorant consumer.

That turned into a rant pretty quickly, and for that I apologize. To answer the parent post, yes, perhaps the customers are better off on other platforms, but while a portion of my job is based around cleaning the messes, I do have a conscious, and I don't keep people pinned to any particular platform for my own gain. At this point in time, the needs of my customers are based in a win32 world, and until something more drastic than a $90 repair bill comes their way to convince them otherwise, they will happily sit there and accept whatever crap the internet decides to gargle up.

Re:WTF?

[cooldev]

Why offer this app when they can fix Windows to make it either very difficult or impossible for spyware/viruses to install. They're lazy.

Explain to me how we can prevent individual users from running software that may be "bad" without significantly degrading the user experience (including backwards compatibility), and I will make sure it's implemented...

Re:WTF?

[Tim+Browse]

It has now become more cost effective to replace the machine than clean/repair it if it's a Windows box. Sad but true.

Surely it would be more cost effective to format the hard drive and reinstall than pay for a whole new PC?

Or do you mean you replace it with a Mac?

Re:WTF?

[st0rmshad0w]

Once you factor in all the app reinstall time and applying updates/patches etc to something 2 years or more older, the cost of a new pc is not much more, and the benefits of newer hardware, software and things like warrantees make it more than worthwhile.

Re:WTF?

[Tim+Browse]

Still not convinced :)

If you format and reinstall, then it's not 2 years or more older, is it? I'm assuming you just install, e.g. the latest version of XP from CD. As for re-installing apps, won't you have to do that on a new PC as well, unless it comes with MS Office and that's all the user wants...in which case, installing Office is not that big a deal anyway.

With the 'newer hardware, software' bit, you're straying somewhat from the original "Windows is so crap it's more cost effective to buy a new PC" hyperbole, imho.

I'm not saying that overall it's not a good strategy, but by the same token, it's more cost effective to buy a new Mac when you get problems with it, as you'll get the latest new hardware and software (especially true with the almost yearly chargeable OS X upgrades).

(Not to mention that from my point of view, pretty much anyone who will sell me a PC with Windows installed on it will also install a whole bunch of crap I don't want, so I'll end up vaping the HDD and reinstalling anyway. I once got a new laptop at work, and it had 14 icons in the system tray when I first turned it on. 14!)

Re:WTF?

[st0rmshad0w]

Trust me, I deal with this on a daily basis, once you factor in the OS, patches, updates etc, and then the installed application software, its cheaper for someone to buy anew pc and hire me.us to transfer their data.

Re:WTF?

[st0rmshad0w]

"With the 'newer hardware, software' bit, you're straying somewhat from the original "Windows is so crap it's more cost effective to buy a new PC" hyperbole, imho."

Two words, Windows Millenium.

M$ is Evil!!

[ontheheap]

That seems to be the common mindset amongst a good majority of /.'s. While I don't necessarily agree with their business practices, I admit that they put out some pretty good software. The visual studio family of compilers for one. Another thing, I've /never/ experienced a crash with XP. Because I know how to use it. I've never had a crash with Slackware either. You know why? Yup. Because I know how to use it. Also, firefox is not some magical solution to spyware. I'll admit it's a bit harder to become infected if you use ff instead of ie, but a stupid user is a stupid user regardless of what software you place in front of them. In short, MS AntiSpyware looks like a very promising app. One which I hope MicroSoft continues to improve.

Re:M$ is Evil!!

[ontheheap]

I don't know what I'd do without ACs putting me in my place.

Re:M$ is Evil!!

Yep, the Visual Studio development tools are light years ahead of anything Linux can offer. Strangely its my geekiness that actually *keeps* me using Windows, for the kickass development environment. OK mod me down now :(

Re:M$ is Evil!!

[Anubis350]

allright, let's cut to the chase here. You're right, MS does make some good software (visual studio, MS office (2000 at least was actually a good office suite), etc). You're also right that if you know how to use it the winnt based OS's (NT, 2K, XP) are quite stable. I have a number of windows 2000 machines in my house which are well protected, well maintained, and are almost as stable (not quite actually but not pariculary unstable) as my main desktop (debian) or my laptop (Mac OSX). The majority of users however do not know how to use their systems.

Look, I repair people's computer's for my spending money, I also do user support and watch a lab at my college. Most system problems are caused by users not knowing how to use windows and windows not being configured to account for that. *nix machines are configured with user stupidity in mind. Yes stupidity knows no bounds. Yes many users will still screw up their computers, but god its much harder to do it easily. The same is true of firefox. Yes it wont stop everything, but you'd be amazed at how much "casual" crap it does stop.

So yes, MS makes some decent software sometimes, but its not safe for most users. It's ironic really, most of the users who could use MS safely use something else. That leaves the cluesless users with a vulnerable platform. Here's a mantra most /. users should repeat every so often: "we are not the typical users". Keep it in mind.

Didn't Slashdot JUST have an article on this?

[Refrozen]

In which the author said it was better than Adaware and Spybot combined?

By the way, after testing it out, I find it to be quite effective.

Re:Didn't Slashdot JUST have an article on this?

[kneeless]

It's called being objective. You print two radical articles that oppose each other to give a guise of impartiality.

Re:Imagine that, an article critical of MS!

[DavidLeblond]

Right... we don't need anti-spyware cause we all use Firefox.

And as for the Open Source virus scanners, look harder.

I'm surprised.

[beeswax]

I'm sure in this thread we'll see those who say how they hate it or love it, and then someone will mention firefox. Does it ever end?

It's Groundhog Day on slashdot.

Some of you that do like it will change your mind when you learn that Microsoft Anti-Spyware was written in VISUAL BASIC 6.0 (here comes more bloatware comments)

I'm sure those people will change their mind just to conform so they can find a spot on the Slashdot bandwagon along with the firefox fanboys that hate Visual Basic and Microsoft.

Re:I'm surprised.

[imemyself]

Have you ever used VB? I feel like I need to take a shower to rid myself of its dirty syntax.

Honestly, atleast its a start that M$ is realizing that their OS's have some serious problems, but the only things that will really stop spyware is user education, and fixing the problems in their OS's(yes, they made a start w/ SP2, though many of the things are very bloated/useless for anyone who has a clue). The problem with making big changes in their OS is that so many apps will be broken because they've waited so long to make their OS's reasonable secure(when did Windows 95/NT4 come out?), so M$ is stuck between a rock and a hard place. I can't say I feel terribly sorry for them.

Re:I'm surprised.

[beeswax]

I've used VB for almost 8 years.

The majority of the syntax is derived from BASIC, which was designed to make programming simple for the average Joe.

I do know other languages as well. I must say that it is difficult? crazy? to code in C++ for a few months and go back to VB and vice versa due to syntax differences.

Re:I'm surprised.

[vettemph]

>I'm sure in this thread we'll see those who say how they hate it or love it, and then someone will mention firefox. Does it ever end?

Sure it does. I don't like firefox, I use mozilla. I don't have time for all this wacky virus, trojan Adware stuff you folks speak of. I don't know it well enough to hate it. I'm to busy working the stock market and playing UT2004 on my linux workstation. I have files that date back to 1997 yet no adware. :)

Webmasters Should Hate MSAS!

[Refrozen]

MSAS detects cookies used for common affiliate tracking programs such as Azoogleads and CommisionJunction as 'spyware', while all they really are is cookies that say that you were refered to the site from 'PUBLISHER_ID' and that 'PUBLISHER_ID' should get credit for your purchase.

If someone uses your affiliate link, runs MSAS, then goes back and buys the product, you will not get credit!

How many reviews of this thing do we need?

[glrotate]

I think this is the third. How about holding off until a final product, or at least a new version, is released?

Re:Imagine that, an article critical of MS!

[Pax00]

so umm... where are the links to your project? or even a fourm... I am no coder... I just play with hardware... I would help if I could... but I know jack...

Concurs...

[stephenisu]

I can't believe this is story was posted. As much as I dislike MS on many levels, THIS IS BETA!!!!

Furthermore, some of the most effective anti-spyware tools I have used have broken windows before. It is in Microsofts best interest to be carefull in their approach to this. If they break legitamite programs with their tool, they a looking at lawsuits (EULA or no) and they have money to go after.

Please save the bashing until this thing is released officially as non-beta.

Re:Concurs...

[rokzy]

it was a fully functioning program MS bought. they just change the name.

they'll probably stop calling it beta when they figure out how to bloat it into total uselessness (so far they've made it auto start without option to turn off, and have a long and annoying splash screen)

Re:Concurs...

" I can't believe this is story was posted. As much as I dislike MS on many levels, THIS IS BETA!!!!"

And to why the story was posted , THIS IS SLASHDOT!!!!

Re:Concurs...

[tehshen]

Please save the bashing until this thing is released officially as non-beta.

Why should being beta matter? It is not just a bit you can flip on, and suddenly all the flaws don't matter. It is still 'ineffective', and being beta does not change that.

Re:Concurs...

[Chess_the_cat]

Well that's real interesting. Especially as how loved this software when it was Giant's and now that MS has bought it, it's suddenly shite. Gimme a break.

Who's Mathew Foradal?

[stratjakt]

The spyware tool is better than what they had before; nothing.

Once it's a regular part of windows update, it can't get anything but better (it's beta for a reason), and the worst that can happen is the volume of spam and bullshit on the 'net will go down a little bit.

Microsoft owns it, didn't write it.

[jogbra]

I like how microsoft buys a company, rebrands its software and suddenly it as if this product has been written from scratch by microsoft. Maybe in a few years you can complain about anti-spyware microsoft this, anty-spyware microsoft that... but this is a little premature.

Re:Wow. Anecdotal Evidence!

Since when can Windows run 56,000 instances of anything?

Works great-detected what AdA and SpySD didn't!

[solafide]

I caught 2 spys with it on first day, and yes I do use Firefox!

But it didn't remove the second because the file was a unist.exe. That didn't happen again!

I still have Spybot S&D and Ad-Aware, but MS's is a good supplement.

Billy

Better than nothing?

[hanshotfirst]

I'm not a M$ fan by any means, but this has got to be better than nothing. Mom and Pop aren't going to install firefox/adaware/etc. unless /we install it for them.

If M$ puts this on windows autoupdate as they SHOULD (the browser that brings the crap is free, so the cleanup tool should be equally free), then this will at least put a basic measure of protection in place for the majority of Win users who don't frequent /. for the latest spyware news.

I'm tempted to give kudos to M$ for the effort, but I fear I would get modded Troll for doing so.

Re:Better than nothing?

[dedazo]

the browser that brings the crap is free

The browser brings absolutely nothing, the users clicking "OK" when they shouldn't (because they just have to look at this cool page on teh interweb) and installing crap that in turn installs more crap ad nauseaum - that's what "brings the crap".

I'm tempted to give kudos to M$ for the effort, but I fear I would get modded Troll for doing so

No, no, your use of "M$" is prolific enough to warrant at least a +1, Sheepbot. Kudos to you.

Re:Better than nothing?

[hanshotfirst]

baa. touche.

Ineffective? Are you so sure?

[Kozz]

I think it's great. Nooo, definitely no sarcasm here. uh-uh.

Tracking cookies...

[parvenu74]

Tracking cookies were the only thing MS anti-spyware didn't find, and there is nothing in the documentation about MS antispyware going after such items.... so in other words it performed as advertised -- and needs improvement.

That said I am switching to Mac and leaving this spyware crap behind me.

Re:Tracking cookies...

[iq+in+binary]

That said I am switching to Mac and leaving this spyware crap behind me.

Many people don't realize that spyware is not necessarily inherent to the Windows OS. Dos/Windows itself is secure, as long as you don't run programs that give anything the opportunity to compromise said security. I.E. microsoft software. Want to keep your computer spyware free? Do what I did, uninstall IE and Outlook, and install Firefox, Thunderbird and Ad-Aware. Haven't had any problems since, and my system is still secure, spy/adware free, and running at optimum level. I can handle MC9 at breakneck speed /w only 512M RAM , runnin XP.

It doesn't take much to avoid problems, it just takes regular light effort.

Re:Tracking cookies...

[DrSkwid]

It doesn't take much to avoid problems, it just takes regular light effort.

My FreeBSD boxes & My OpenBSD boxes and my plan9 boxes have never had any spyware. And that takes zero regular effort.

Re:Wow. Anecdotal Evidence!

[paranoidgeek]

And removed them. Successfully. (whereas Ad-aware would have just quarantined them).

Errr and how is quarantining worse than deletion ??
I personally would find quarantining a feature because .. well sometimes computers *do* make mistakes and i prefer it if they can undo the mistakes.

Re:Where the F is it?

[beeswax]

There is usually a shortcut on the desktop.

Or

C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe

Users & Spyware

[Vulture101]

what seems to escape most posters is that the majority of spyware on computers was instaled by the people that uses them. There is no OS or antispyware or whatever that can do anything about that, average joe is dumb in windows in linux or os2, average joe will click on ad or will install bonzi budy just to watch some naked chicks. its mostly a problem of user education, not software.

Operator Error

[SamMichaels]

The author is ineffective at system recovery.

I tested the programs on a Windows XP computer I borrowed from my wife's cousin. The 3-year-old PC, a Gateway running Windows XP Home Edition, was basically unusable.

Me too, except this was a customer.

Error messages appeared when I tried to open the Task Manager, a Windows utility that shows running programs and processes. It refused to load Windows Update, Microsoft's site for downloading security patches and other fixes.

Those plus the TCP stack was corrupt on this machine...wouldn't renew the DHCP lease. Had to manually rebuild that as well.

To load Microsoft's Malicious Software Removal Tool, I had to get it using another machine, load it on a USB drive and install it manually. (It's usually available through Windows Update.)

Or you could have just put the executable on a CD with SP2's executable and MS Anti-Spyware's executable. But that would make sense for someone in the system recovery business and we can't have that!

The tool looks for a limited number of pests, such as "Sasser" and "MSBlaster," so it didn't find the worm, "Netsky.P," that had infected this PC.

The program was designed to search for a few insanely critical bugs. It COMPLIMENTS your set of tools...not replaces them.

But bizarre behaviors -- including multiple pop ups, unwanted toolbars and generally sluggish behavior -- continued.

That's because you're not in safe mode and you haven't stopped the programs from regenerating.

So I rebooted the PC in safe mode...

Now we're going in the right direction!

After rebooting again, the PC continued to show signs of infection, though it did seem less bogged down. Having spent two days disinfecting the system, I broke down and reformatted the hard drive. I then reinstalled Windows XP and all its patches.

Pfffft. Ineffective computer technician.

I don't have the option to just backup whatever I feel is important on a customer's PC...they're paying me to recover their system, not pick which files have to disappear forever and cause them to lose all their settings and programs.

Once again for clarity: INEFFECTIVE COMPUTER TECHNICIAN.

MS Anti-Spyware has done an EXCELLENT job on every single customer PC. The Malware tools from MS make a quick and easy check during the in-home visit for those REALLY nasty bugs.

Who is this guy, anyway? Oh wait...

MATTHEW FORDAHL, AP Technology Writer

Technology WRITER. Leave the tech stuff up to the tech people and have fun with your little Word.

Re:Operator Error

[st0rmshad0w]

"It COMPLIMENTS your set of tools...not replaces them."

Which is why it isn't really useful. I have several tools that compliment one another, but all that adds up to is needing to have 4 or 5 different apps scan 150000+ files (on average) one after the other to effectively clean a machine, rather than one app that gets 98% or more nasties in one sweep. This is the difference between 20-30 minutes and 2-3 hours, and often the difference between the customer fixing or replacing their 2 year old pc due to labor costs.

Re:Operator Error

Excellent advice from the expert himself.

Oh, by the way, how'd the whole investigation into your shady online business go?

http://www.dc.bbb.org/report.html?national=Y&com pi d=70003493

Re:Operator Error

[mankey+wanker]

How can your ego be so bloated that you actually think you can find everything that might be wrong with a computer manually? I get the idea you enjoy your share of call backs.

Sometimes the best solution is to do a clean install and set up a proper backup and recovery protocol - but yes, doing so ultimately makes the services you provide obsolete (or very nearly so).

Re:Operator Error

[st0rmshad0w]

"Sometimes the best solution is to do a clean install and set up a proper backup and recovery protocol - but yes, doing so ultimately makes the services you provide obsolete (or very nearly so)"

Often that is the best solution, but also often more than the cost of a new pc, once you factor in all the application installs, updates, patches, etc etc etc.

I don't know about the parent but I be glad to make myself obsolete to most of the people I have to deal with.

Most Windows users seem to operate their machines with a level of common sense that would make handing out crack and handguns to middle-schoolers seem like a good idea.

Re:Operator Error

[mikeb39]

Your elitism is undeserved and annoying. In actual repair shops (it sounds to me like you just do it freelance without knowing much), the quickest and best way we do things is by backing up the data, then reformatting. You can dink around forever fixing this little bug or that one, or get the whole job done in about 2 hours. One of those choices is the one used by actual professionals.

Re:Operator Error

[spac3manspiff]

"computer TECHNICIAN"

I'm sorry, but WTF . Is that some psudo-sys-admin?

Anyways I agree with the step, "[I] reformatted the hard drive". However Knoppix would help ya recover the data. So he was on the right track...

Re:Operator Error

[sahrss]

Agree completely. You can rarely pick away enough of the amazing amount of junk people amass on their installations. I usually just take a hard drive, hook it up on an IDE cable in their computer (firewire etc. I can do too, but everyone has IDE ports,) and copy everything onto the drive as a backup.

Then wipe, fresh install, give them as much quality freeware as they'll accept, scan and clean the backup (anti-virus and anti-malware,) then copy everything back for them.

This takes between 1-3 hours and is 100% reliable in fixing *all* of their OS corruption problems. It can also be done in a housecall (family mostly, doh) or with their box at the shop.

Re:Operator Error

[NFNNMIDATA]

I agree with the elitist guy. Someone who is an "actual professional" should know what they are doing enough to avoid this in most cases. Unfortunately, most "actual professionals" I run across do this is a 3rd or 4th troubleshooting step Because They Are Lazy. If you take the time to find out the root cause of the issue, you will more easily solve it next time and also be able to educate the user as to what happened. But most techs don't see the big picture, they just see that they need to get this done so they can move on.

"Actual professionals" who are not necessarily Lazy but just reinstall Windows without doing much troubleshooting are often the kind of peson who believes in magic, that "clutter" exists and can "slow things down", so we'd better "start fresh".

Re:Operator Error

[jrutley]

"The program was designed to search for a few insanely critical bugs. It COMPLIMENTS your set of tools...not replaces them."

Ohh, nice removal! Good style!

Re:Operator Error

[SamMichaels]

I hear that a lot, too, usually from naked women.

(complements)

Teeheehee. That's why I fix the computers and why Matthew Fordahl, AP Technology Writer, does the editing ;)

Jeez...

[virid]

Another review for this Anti-Spyware tool that hasn't removed a thing from my box (I usually find a lttle thing or two after updating my definitions in AdWare)...

Did Microsft warn everyone else about the dangers of RealVNC???

You must be....

[deadmongrel]

>>Is someone at /. intentionally trolling?
...New to /.

Re:How many MS anti spyware reviews will be on /.

[Frennzy]

y'know...modding the parent 'redundant' would be funny.

I've said it before...

[eomnimedia]

...and I'll say it again, but there are Anti-Spyware devices that are the of my eye.

Spyware on Linux/Unix

[parvenu74]

Okay, slightly OT, but answer me this: why is it that Linux and Unix based systems (like Mac OS X) don't have problems with spyware and viruses? The popular argument by Windows fanboys is that because there is not enough of a market share for *nix to matter to malware authors. I've read it also has to do with package management on *nix, and that you cannot just simply execute a script or binary on a *nix system? TECHNICALLY SPEAKING, what is the strait answer here?

Re:Spyware on Linux/Unix

[damiam]

Several straight answers:

1. Unix users are self-selecting; they tend to be technically competent and less likely to be infected than the general populace.

2. Unix systems use a wide range of email applications and web browsers, almost all of which have fewer holes than IE/OE. No Unix mail client will execute an attachment for you; you have to save it, enable the execution flag, and then run it yourself.

3. Unix desktops are not nearly as common as Windows desktops, so there're fewer incentives to hack them. They're also quite diverse; a binary for PPC MacOS isn't going to work under x86 OpenBSD, Sparc Solaris, or ARM Linux, which reduces the pool of target machines for a given virus.

Re:Spyware on Linux/Unix

[parvenu74]

So the overly-simple answer of "there is not enough popularity/market share" to target them is more or less accurate? I didn't think this was the case -- even though I realize there is no amount of destruction impossible to a determined idiot-user...

Re:Spyware on Linux/Unix

[0x461FAB0BD7D2]

The straight answer is a mixture of both.

Many malware authors prefer to exploit Windows vulnerabilities because they are published more widely, and the chance of spreading is a lot more, infecting far more, thus increasing the fame of the malware.

However, on the flip side, most *nix users (especially BSD ones) tend to be more tech-savvy, and thus configure and administrate their system a lot better than Windows users. They tend to run their system at the user level rather than at the root level, and thus many scripts cannot be run by them without the specific passwords and security levels. Add to that the obvious premise that each Linux/BSD distro is quite different from any other (the services running, the kernel, the environment, etc.) and you have a harder time attacking a significant number of these systems. Also, *nix systems tend to be more modular than Windows systems (this has changed with NT, which has seen far fewer exploits than say ME or Win98).

Re:Spyware on Linux/Unix

[yintercept]

why is it that Linux and Unix based systems (like Mac OS X) don't have problems with spyware and viruses?

The biggest difference is not technical, but about the end user and the sales channel that brought the computer to the end user. Most Linux machines have a technically savvy computer user somewhere close by. Either the owner of the machine takes great care of their hardware, or the person using the machine has a friend who installed Linux.

There is a large number of people who have both Linux and Microsoft machines in their family. A good question is how many of these people who have both types of machines get MS Spyware infections?

Now, I am little bit cynical. I suspect one of the reason that so many MS machines catch spyware is because the industry that is supplying PCs sees the machines the sell as ad delivery tools. A great deal of spyware activity was developed by computer manufacturers wanting to find a way to increase their profit margins. Most new computers seem to come with a large number of things that you can purchase after market. They will come with 90 days free virus protection which turns into an ad for McAfee, and there generally is preinstalled programs wanting to sell music subscriptions.

As Linux because more popular and we see more channels selling Linux boxes, we will start seeing manufacturers including such ads in their Linux configurations.

Re:Spyware on Linux/Unix

[oddfox]

Think of it more as there's simply no way to reliably target Linux/Unix/Etc on a major scale with the same way you see on Windows, regardless of how many users there are. It's simply because of how much easier it is on Windows because it's one platform, one hardware architecture, etc. There's too much variation otherwise. If Mac were to become really popular, I would expect it'd see more problems than any OS based in *nix attitudes.

Re:Spyware on Linux/Unix

[ArsenneLupin]

So the overly-simple answer of "there is not enough popularity/market share" to target them is more or less accurate?

No. People uttering such argument often (mistakenly) think that Microsoft is the main player in every area of computing, and are thus confident that the affirmation would be hard to disprove. Unfortunately (for them), there are areas where Microsoft doesn't have the lead...

One such example is Web servers, where Apache currently holds 70% of market share, and IIS is only a (very) distant second (20%). However, IIS still has the most worms (Code Red, Nimbda, ...) whereas Apache worms are unheard of! Of course, not many Microsoft fanboys know this (and if they do, they hope you don't know it...), and will avoid the "popularity/market share" argument once you point this out to them.

Re:Spyware on Linux/Unix

[rpozz]

I'm not an MS fanboy (far from it, in fact), but you are aware that Apache runs on a variety of different CPUs and OSs, right?

Re:Spyware on Linux/Unix

[dirk]

2. Unix systems use a wide range of email applications and web browsers, almost all of which have fewer holes than IE/OE. No Unix mail client will execute an attachment for you; you have to save it, enable the execution flag, and then run it yourself.
How does not executing an attachment make it more secure? All it does is make it less usable. What people fail to understand is that the user WANT to open these attachements that contain viruses. They want to see the cute little movie or program that Uncle Bob sent them. It doesn't matter if they just have to click on the attachment of if they have to save it, mark it executable, and then click on it. Either way, they are going to do it because they want to see what the attachment is. The problem isn't that it's easy to open an attachment but that the user doesn't understand why it could be dangerous to open it. Adding a step or 2 to the process won't help solve the actual problem.

Re:Spyware on Linux/Unix

[damiam]

They want to see the cute little movie

You don't "execute" movies. You open them in a movie player, and the major graphical mail clients support that just fine. An executable program is different, and there's really no legitimate reason to be emailing them around. There's certainly no excuse for indescriminately running them.

Re:shouldn't be needed

[einhverfr]

Remember though that there are two major types of adware. The first is what you refer to, and involves compromising browsers and what not.

But the second which can be just as annoying is the stuff that becomes bundled with freeware programs and which is actualyl installed by legitimate user. To illustrate this, lets look at how Linux spyware might work.

I could create adware for KDE or Gnome too if I wanted and ask people to install it. And if they do (or if some nifty free utility installes it for them), then they will get popup ads (popup random KHTML or GHTML-based windows with content from various sites). If you fully lock this down, you will make it impossible for people to install any software of their own under any circumstances. And even then one can probably use sh paired with a shell script.

Yes, once a program is installed in Linux, it could download instructions from a remote site, and do any of the other things that these Windows trojans do.

So security isn;t the only answer, especially where there is money to be made. Linux, however, also highlights the real solution to all spyware: Gratis w/spyware is unlikely to compete with Libre. So in Linux, there will likely never be money to be made in selling spyware. This also means that until open source takes over the Windows free cool utility market, spyware will continue to be a problem on this market.

I just had a chance to tell 10 people yesterday to migrate to Firefox. That is a start. In two weeks, I can show off the Linux desktop.

Apples, oranges and bananas...

[holiggan]

I guess that the reviewer is mixing 2 (or 3) very diferent things: the Microsoft anti-virus-light (wich looks like a sort of Stinger, from NAI) and the anti-spyware tool itself, wich has 2 main components: remove and prevent spyware.

About the antivirus bit, I see those kinds of tools as a sort of "quick fix": they can catch half a dozen virus (usually the group of viruses of the month/week and it's variants) but won't do much more. I usually use them as the "first wave" against an infected PC, followed by a proper full, *updated* scan by an antivirus.

About the spyware tool itself, in my opinion, its really well put together (I didn't knew the GIANT product, so the MS version was my first contact with it). But I guess that spyware poses a diferent problem concerning detections and all: how do we count a "hit"? by the simple count of files and reg keys? by the grouping of "infected" objects from a certain product? it's really a very murky area, as I've come to figure, after a long time using the "wonder-trio": Ad-Aware, Spybot and Spyblaster.

And I guess that this hole "counting" problem is in the genesis of a lot of confusion about how efective an anti-spyware tool can be. If the MS Tool removes, for example, 129 objects and Ad-Aware (on the same test bed) removes just 89, does it mean that the MS tool is more efective? I don't think so.

I think that the main problem resides in the fact that spyware is a much more complex beast than a virus: a virus *must* be simple and discrete enough so that it can pass unnoticed on a given system. Spyware, on the other hand, can aford to be much more "loud" and rub it's efects on the user's face. Ergo, they can aford to be much larger and complex, passing as "legit" apps. A virus can consist in just a single file, and have an identified/identifiable "fingerprint" on the infected files, but spyware can take up several megabytes and be as complex as a normal windows aplication. For example, given the today soup of files and regs and stuff, how can anyone say for certain: this reg key belongs to this and *only this* application?

Eventually the coder of the application can anwser that, but in this case the coders are a bunch of sinister, evil looking goblins, so we can't expect much colaboration from them :P

So, even if tool A gets 3445 "hits", tool B gets 1298 "hits" and tool C gets 982 "hits", I think that we should use A+B+C, instead of dumping C and "idolyzing" A. All the help is welcome on this battle, since the spyware itself is getting nastiers, going for the antispyware tools itself. So if the tools cover each other's asses, as well as misses, that's fine by me.

So are we (the cleaning guys, the sysadmins, the helpdesks, the "white hats" of this world) loosing the batle? I don't think so. Logically, the solution resides in pluging the hole(s), and in my opinion, Microsoft is moving in the right direction, altough slowly, no doubt. I just hope that this hole thing about virus and spyware and stuff won't put the DRM, locked computer (sorry, Windows-inside computer) a couple of steps closer...

Anyways, summing it up: are the MS Antivirus and Spyware tools totally worthless? I don't think so. They are not 100% efective (neither is Ad-Aware, or Spybot or anyother), but they are a much needed help in this "batle". Add then to your usual swiss-army-knife/bootcd of cleaning/security tools, and you'll have adden horsepower, wich is good :D

In oposition to antivirus (1 is enough, 2 is a mess), another *good* spyware tool on the system is allways welcome.

80% of my job is eliminating spyware

[vudufixit]

I work seven days a week, 10-14 hours a day as a freelance computer repair person. Most of my clients are residential, and about 80% of their problems are related to viruses and spyware, most of it brought on my the downloading and usage of "bundlers" such as Kazaa. I've found AdAware and Spybot to be very effective, followed closely by Hijack This and CW Shredder. Security Task Manager is also pretty good, and Killbox is great for eliminating hard-to-delete individual files. I was glad when Giant came out, and still OK with it when MS bought them out. Giant/MS antispyware finds stuff the others don't - each of these utilities complement one another. In addition, as another poster said, I take stuff out of MSCONFIG and the "Run" keys. I also delete executables and .dll files I recognize as bad, as well as go into Add/Remove and take a lot of rogue programs out of there, as well. c:\windows\prefetch and c:\windows\temp get an emptying out, too. Oh, and the 2004, 2005 versions of Norton and McAfee do seem to include some malware detection beyond viruses.

Re:Wow. Anecdotal Evidence!

I don't know how well MSAS really works -- I've had some false positives on machines I've installed it on, but nothing that I found annoying.

It is very slow however. I hope they make it less CPU intensive on startup when it comes out of beta.

Crap article

[AutoTheme]

I neither hate it nor love it or Microsoft. The simple fact is that the review was crap. The methodology was lacking and the scientific process non-existant. We've done several anti-virus and anti-spyware comparisons. What you do is simple: - Load up a virtual machine with XP and take a snapshot - then kill it with viruses or spyware - run a tool and find what it catches/cleans - revert to the snapshot and run the next tool - do some simple math

Re:Crap article

[spac3manspiff]

then kill it with viruses or spyware

Damn you, right when I think I see the last of my relatives.. I have to call them back to use my computer.

Reviewer's Final Paragraph

[OwnedByTheMan]

"Overall, I was more impressed with the antispyware program's protective measures and simple interface than with its ability to cleanse existing infections. Still, Microsoft seems to be on the right path to fixing the mess caused by the careless users, malicious programmers, unethical companies and vulnerable software."

This is by no means a positive review, however it is a far cry from the one word characterization "ineffective" used in the teaser for this "story".

Are we really that afraid of them that we need to hyperbolize this way?

micehal is a tool.

[dextr0us]

I spelled his name wrong, because i didn't want to get modded into oblivion, but i think micheal's posts are getting more and more lame. That last story said how effective it was, and in my experience it is effective (plus systray bloat).

Pointer to a *competent* review

[Beryllium+Sphere(tm)]

Eric Howes tests anti-spyware products including the one Microsoft bought.

A test of "I ran A but then I ran B and it found X left over" is meaningless by itself. You need to start over and run in the opposite order, to see how much A catches that B doesn't.

What Eric Howes found matches what service techs find. There's no tool with 100% coverage. Which, if you know any statistics, tells you that even running multiple tools doesn't guarantee anything. I tell any client who will listen to focus on prevention.

You know what else is wrong with the AP "review"? He keeps calling the "Malicious Software Removal Tool" (hilarious name, think about it) "antivirus". It's not intended to be. It's a bundle of a few cleanup utilities.

Re:Pointer to a *competent* review

[Quarters]

"You know what else is wrong with the AP 'review'? He keeps calling (it) the "Malicious Software Removal Tool" (hilarious name, think about it)..."

You know what is wrong with your quote? You don't know what the author is refering to. He's not reviewing MS AntiSpyware. He's reviewing the Microsoft Malicious Software Removal Tool just like he says.

It's a web based tool that removes the 5-6 most nasty worms. Do a bit of research before you take the high road next time.

Re:New Anti Spyware?

[SenorChuck]

If I had mod points and you were logged in, I'd mod you +1, Funny. I laughed, I cried, it was a wash.

MS really better than Lavasoft?

[kg4gyt]

Even though it found things that Ad-Aware and Spybot didn't find. Perhaps it should be tried the other way. What do they find that Microsoft doesn't find, and how serious are they really? Is it that much better, or is it merely different.

Secondly, has Microsoft really had time to make any major changes to the scan engine, or have they changed the update servers, and the skin (The Icon hasn't even changed) and called it beta? Keep in mind that when Microsoft bought out Giant they were merely continuing their great tradition of acquiring from someone else rather than writing their own code from scratch.

I personlly think that one cannon judge the software this early on its life. I feel that we will definatley need to re-visit the software when it has been fully "Microsoft-ized". I look forward to seeing what happens next.

Re:Pirates?

[Orion+Blastar]

I heard that Norton Antivirus 2004 and above check for pirate key generator programs and report them as "hacker programs" or some such and then delete them.

You hit an interesting point, can the program check registrations to see if the software is pirated, and then remove it if it is pirated and report it as Spyware? Already BitDefender, a competing product, is seen as Spyware. So we see the MS tactic here to report competitors as Spyware, which makes MSAS look even better.

Think about it, Mozilla Firefox, Thunderbird, Opera, Eudora, OpenOffice.org, etc can be seen as Spyware this way, and the user is forced to use the Microsoft products that compete with them, to avoid the Spyware alerts.

Technically Savvy my ass!

[parvenu74]

There are plenty of AOL users on Mac OS X... but they get virii and spyware too -- or does the obscurity of the platform shield them from thier sins?

Re:Technically Savvy my ass!

[0x461FAB0BD7D2]

I didn't say anything about Mac OS X.

In any case, using AOL has nothing to do with getting exploited. Moreover, I mentioned that the straight answer was a combination of a multitude of factors. It's not a 1-1 thing.

Re:Technically Savvy my ass!

[1u3hr]

There are plenty of AOL users on Mac OS X... but they get virii and spyware too

Really? Not that I've heard. There are viruses, but they don't get much distribution, and I've never heard of any OSX spyware at all.

Re:Technically Savvy my ass!

[parvenu74]

Fair enough -- but I am picking on an easy and unsophisticated target in AOL (ab)users because they typically embody the essense of the clueless computer user. Give 1,000,000 of these dolts Suse, Mac OS X, Sun Java Desktop, or what-have-you-*nix, this is the group that would be stupid enough to get thier machines jacked up.

THAT SAID, my original question was more fundamental to the operating system not to the technical savvy (or lack thereof) of the user base, and why linux and unix like systems don't seem to have as many infections. I particularly pick on Mac OS X in this query because they would logically be the leasy savvy of users on a *nix based system and should render the "savviness of the user" arguement moot.

Re:Technically Savvy my ass!

[0x461FAB0BD7D2]

The operating system, and the applications which run on it, have a lot to do with the security too.

Because Mac OS X, *nix and BSD generally force people to create their own users on the systems, this increases the likelihood that any spyware/malware/scripts will not be run as root, decreasing the likelihood of system corruption.

The other issue is that most apps on these systems are not tied inextricably to the OS, but rather work through some sort of messaging system. This reduces the chance for any malware to exploit user-level apps to infect the system.

That being said, Unix has a longer and more academic development history, while Windows' development is more commercial, consumer-oriented, and far shorter. It is true that Mac OS X is also quite consumer-oriented, but the underlying system is BSD-based, the development of which historically focused a lot of resources on security and stability.

Re:Technically Savvy my ass!

[DrSkwid]

what are these "virii" of which you speak ?

Re:Er, isn't this a duplicate? like 2 days ago

[Jeff+DeMaagd]

It seems they have been more lately because there haven't been as many duped stories lately.

Hurrah for Microsoft bashing on slashdot!

[bildungsroman_yorick]

Whenever a Microsoft bashing article comes up on slashdot we need a little video song clip to come on with pasty aggressive nerds emerging from their basements in homemade rockets with the lyrics blaring: SLASHDOT! FUCK YEAH! Coming again, to save the mother fucking day yeah, SLASHDOT, FUCK YEAH! Linux is the only way yeah, Microsoft your game is through cause now you have to answer too, SLASHDOT, FUCK YEAH! So lick my slanted posting, and suck on my trolls, SLASHDOT, FUCK YEAH! What you going to do when we come for you now, it's the open-source dream that we all share; it's the hope for tomorrow. FUCK YEAH! OpenBSD, FUCK YEAH! Spybot S&D, FUCK YEAH! Beowulf CLusters, FUCK YEAH! Neil Stephenson, FUCK YEAH! MMORPG, FUCK, YEAH!

Re:Hurrah for Microsoft bashing on slashdot!

[m50d]

Much as I appreciate the song, how could you make something like that without reference to Natalie Portman?

Linux/MacOS Spyware

[mferrare]

Is there anything happening on the anti-spyware/malware front for Linux and MacOS X? The usual argument I hear is that the *nixes are more secure as they don't allow root privilege access by default as Windows does. However, spyware, malware and other crapware doesn't need root privilege does it? I have enough privileges on MacOS X to have spyware install rogue apps and have them start when I login. Same goes for linux. These *wares don't need to run as root to cause damage.

So what's happening in the *nix world to ensure that all this crapware doesn't affect us? Not having root access is not the solution.

MSNBC carried this story too.

[Utopia]

I know that the so called "ineffectiveness" of this tool is another Slashdot Bull-crap.
My personal experience with this tool has been very satifying.
I never had spyware or virus on my XP so I downloaded some malware off the web to a Virtual PC session to test this out.
The developers have done a stupendous job on this program.

I am sure as hell surprised that MSNBC carried this story too.
Review: Microsoft Anti-Spyware Ineffective

Quarantine

[Agret]

You have the wrong idea. When ad-aware quarantine's something it does remove it. The "quarantine" is just a fancy word for "backup" it backs up whatever it is going to delete into the "quarantine" file and then proceeds to delete it. If something on your computer stops working you can "restore" parts of the "quarantine" file.

WTF???

[Lxy]

Let's just bash everything Microsoft makes. Better yet, let's bash the BETAS that Microsoft is publishing.

Longhorn:
I installed this piece of crap on my laptop. It didn't ask if I wanted to keep my linux partitions, it juts made me delete them. The default wallpaper is stupid, and how many users know to right click the desktop to change it? Also, the Win95 drivers shipped with my laptop don't work in Longhorn. And it keeps telling me about this "beta" thing that I supposedly installed. It's really slow on my PII-400.

WUS:
This thing requires an OS preinstalled. A WINDOWS OS. It requires IIS and IE installed. It doesn't deploy linux patches. Don't bother switching from yum to WUS, it's not going to work. It's still using that femmy blue theme.

What do you people want? Oh that's right, we want to see Microsoft fall flat on their face. Never fear, this is the probable cycle:

* MS buys technology
* MS repackages technology
* MS publishes betas and eventually ver 1.0
* Slashdot crowd gets nervous, posts negative reviews only.
* ver 1.0 is halfway decent
* MS decides to add "features"
* ver 2.0 ships. Twice as big as ver 1.0, and where are these alleged features?
* MS decides it should send mail (Zawinski's law)
* ver 3.0 ships. It sends e-mail now, but still puzzles users as to why they upgraded from ver 1.0
* ver 4.0 ships as an e-mail client, and no one remembers what the product was actually supposed to do
* ver 5.0 ships. It no longer sends mail or does what it originally did. Users await ver 6.0
* Product is EOL'd

Maybe we should just...

[miyako]

You know, i've been thinking, maybe having all of these anti-spyware programs in the long run isn't such a good thing. Maybe if people had to do a complete re-install and lose all their data everytime they do something stupid on the net, then people would learn to be a little more careful.
In all seriousness though, I've done my best to try to educate my own friend and family for whom I have to do tech support, and it seems like some of these people either don't get it at all, or have decided that it's just much easier for me to take a couple hours every couple of weeks out of my life to come over and clean up their machines. What have other people done to educate the clueless in taking proper care of their computers from malware?

Re:Maybe we should just...

[BCW2]

I work in a white box store. When I take the $50 - $150 that we charge to clean a system up, I explain that all pop-ups are evil. No exceptions, no excuses, if you click on a pop up you have spyware. Then I show them how to update and run Ad-Aware and Spybot and tell them to do it weekly. Every box that leaves our store has these installed, repaired or brand new. I just treat it as part of the Win installation process on a new or reformatted machine. I also run Win update on everything, had a dial up connected machine last week that didn't even have SP1 on it yet. We have DSL so it only makes sense.

I'm still trying to get the owner to print on receipts that if you don't update and run an Anti-Virus program regulary, there is no warranty! It's not perfect but it is another education tool. The more we educate the masses the fewer problems we will have.

Marklar...

[Eric_Cartman_South_P]

"Still, Microsoft seems to be on the right path to fixing the mess caused by the careless users, malicious programmers, unethical companies and vulnerable software."

Those last 4 are all Microsoft too.

Ineffective?

[iCEBaLM]

I'm the last to support MS in any way shape or form, but seeing as this is nothing but a rebranded version of Giant Anti-Spyware, and Giant Anti-Spyware was shown to have the best batting average of removing spyware why are we jumping on the bandwagon to bash it so soon without allowing it to get out of "beta" (which it really isn't, as Giant Anti-Spyware wasn't beta).

Re:Ineffective?

[gid]

why are we jumping on the bandwagon to bash it so soon without allowing it to get out of "beta"

WE aren't, look around, the majority of people I see talking are linux people defending the spyware tool--myself included. This article is a troll, move along.

No argument necessary

[jayloden]

There's no reason to bash this tool yet. It's still in beta - it's going to crash. On top of that, from what the reviews have said, it's still Giant's software with a new UI.

This existing does not mean that Spybot or Ad-Aware are going to in any way become obsolete. No one spyware removal program to date can remove **all** components of spyware on an infected machine. When we have to clean computers for work, we use both Ad-Aware and Spybot and sometimes other tools on top of that, such as CWShredder or HijackThis.

This is just _one_more_ tool to work with, and so far, it's getting pretty good reviews. I don't know about the rest of you, but I hate spyware, and even though I run Linux, I still want less spyware around, so as long as this thing removes at least SOME spyware, then great. But this doesn't mean I'm going to be uninstalling Ad-Aware from users machines because "MS to the rescue!" On the other hand, just because it's got the Microsoft seal on it, it doesn't make it inherently crap...past history notwithstanding.

-Jay

I found it less than useless as well

[sirshannon]

I recreated the only spyware infection I've ever had in order to test MS AntiSpyware.

Bottom line: MS AntiSpyware did almost nothing to protect me and using it to "clean" the spyware left me in a much worse position than when I started. After using MS AntiSpyware to clean my PC, I still had a new IE toolbar, a popup ad whenever I opened IE, and a big search bar over my taskbar and, thanks to MS AntiSpyware, I couldn't get rid of them. I had to reinstall the spyware and uninstall using add/remove programs.

Re:How so?

If Gentoo was used by 90% of the install base, spyware vendors would find a way.

Maybe so, but it would be the cleanest, most optimized and up-to-date spyware on the planet.

No corporate solution

[sremick]

This article from a few days ago dubs spyware "IT's public enemy #1" and I have to agree. I admin a small network of about 100 Windows PCs and it's such a headache. Sure, I know how to clean a machine completely... but it involves an arsenal of different programs plus a lot of by-hand work and reboots and safe-mode and such.

The problem is, there is no one effective tool. The antivirus industry has matured. Granted, Symantec might not catch EVERYTHING but what it DOES catch covers everything I've ever come across, and 99.999% of what most other people will too.

SpyBot... AdAware... SpySweeper... Giant/MS Antispyware... each catches stuff the others don't. Doesn't matter what order you run them. And I can run ALL of them, and sometimes go into HijackThis and find more spyware still lingering. Sometimes it's remnants of some spyware the tool identified but wasn't effective in completely removing. Sometimes it's an entirely NEW piece of spyware.

So what's a corporation to do? Sure, some of them offer corporate versions... but since none of the catch a reasonable amount, there's no single one worth investing that amount of money in. So what do you do... manually spend an hour ever week on each machine? x100? x1000? x10000? It's crazy.

Re:What a moron....

[Cid+Highwind]

Not reformatting the hard drive would have been faster, and he wouldn't have lost any data.

He also wouldn't have lost any spyware...

utter nonsense

[Diabolus777]

I sincerely hope they never do charge for this product.

MS selling anti-spyware is like Goodyear selling anti-defective-tire-glue-or-something.

1.Build defective product
2.Let customer get flooded with problems
3.Instead of fixing defective product, sell customer
some kind of half working fix you bought from someone else
4.profit!!!

Re:utter nonsense

[One+Childish+N00b]

They'll never charge for it, it's not MS's style.

The anti-spyware market looks to be the next area they're looking to conquer, at the same time as fighting on the Home Office and Media Player fronts. There is a reason most new PCs (over here in the UK anyway) come with MS Office (or at least Word and Excel) pre-installed - because MS want to continue to dominate that market and the best way to do that is to include it with the OS. Actually, as Word et al. use their proprietary standards to lock people in, a closer analogy is probably with Windows Media Player - they know that there are people who could easily recommend a better player with probably more features, that some kind company like Apple or Nullsoft are giving away for free, they keep adding all these bells and whistles like easy CD burning, ripping (only to WMA of course), etc and then they bundle it with the OS to give people no reason to search out their alternatives.

I think it's pretty much going to be the same deal with MS AntiSpyware - they'll never charge for it when there are enough average people out there who know of the alternatives (hell, even my mother knows to run SpyBot once a week and she still thinks that little blue 'e' is 'the internet') and know they're free. Spyware is such a huge problem that people will automatically seek a quick solution once IE wont stop popping up 'Super-Breasted Megababes Only $14.99!!!!' at them and a paid-for solution will not draw people in - how many people, for instance, use Ad-Aware's paid-for version? I'm betting hardly any. It's a Download-Run-Relief business, and the only way MS is going to conquer this market is to cut out the first step - Expect MS AntiSpyware to start coming preinstalled on shop-bought PCs in the next few months, but don't expect them to ever demand payment.

Re:utter nonsense

[Darth_Burrito]

MS selling anti-spyware is like Goodyear selling anti-defective-tire-glue-or-something.

People keep saying this. It's not really true. Of course some of this spyware is getting on because of exploits in things like internet explorer. However, they have been plenty of exploits in other browsers like Firefox.

The bottom line is that as long as users just click on executables without caring where they came from or reading what is included in the install, there will be spyware problems. Microsoft can not change this. They can improve their software, and they are improving their software. However, a malicious code detection and removal tool will probably always be part of the solution on any OS targeted towards popular use amongst cluefree users.

maybe competitive freeware

[harvey+the+nerd]

MS' Spyware seemed roughly competitive for my home use with Spybot and Adaware in my very limited use (W2k). Got rid of a corrupted IE toolbar, gets some misses some. Better run all three occasionally. I hope MS is not seriously thinking of trying to charge us for this. Subscription - ha! The recurring auto features I probably will turn off. I can honestly say BG bytes the big one too, since OS/2 fud ~1992 (I did not have DR DOS).

MS Did A Good Job

[Mike626]

I am the last person to push MS on anyone, but they did a grest job. I normally run Spybot once a week, and I always thought of my box as rather safe.

I wanted to test Microsoft's program, so I ran Spybot first, rebooted and ran Anti-Spybot.

Their software detected 28 types of threats that Spyware missed. 1 memory process, 70 files and 328 registry keys that we infecting my system.

...all that an updated Spybot missed over the course of six months.

Re:hrm..

[Loonacy]

I'm not a big Microsoft fan, but not all spyware is installed through IE or Outlook. Some people actually download programs that have spyware in them (generally small games and such).

Shocking revalation

[capn_buzzcut]

Wow, I never imaginged a critical review of a Microsoft Product on Slashdot. Thank you for your unbridled enthusiasm.

Their tool sucks ass...

[HaloZero]

It doesn't work at all. I couldn't even get it to open the installer on my PowerBook. I mean, really, what good is software that you can't even install? I had to fight with Safari just to get the microsoft webpage to load. Sheesh, you think they'd know SOMETHING about Information Technology by now.

it's a vicious cycle

[louden+obscure]

which i personally have solved at home by cresting the learning curve of *nix. yeah it's not a perfect solution by any means. but instead of chasing my tail and trying to bludgeon an ms OS into submission, i have been slowly learning how to tailor a linux based OS to my needs and wants. i'm not chasing a moving target of virus, spyware, adware or what have you. to me, joe sixpack, my choice just seems easier. oh yeah, and the free beer aspect...duh!

This one says even more than that one

[Trejkaz]

"Microsoft Excel"...

Re:This one says even more than that one

[hdparm]

"Start" button...

Re:Wow. Anecdotal Evidence!

[ShaunC]

I can tell you that I had to clean a machine today that had 56,000 instances of 'Claria' (GAIM aka Gator)

I'd call bullshit even if you'd said 5,600 instances.

I've dealt with a lot of fubared systems. I've dealt with systems that were so full of nefarious DLL hooks that using the machine was literally impossible; ads would pop up, IE instances would launch instead of the action the user was trying to perform. I've dealt with systems that barely managed to boot outside of safe mode due to spyware infestation. And through all this, I've never had the holy triumvirate (AdAware, SpyBot, HijackThis) come up with more than a couple of hundred individual spyware objects. I haven't kept a particular running "high score," but I don't think I've ever seen more than 500, and I know I've never seen 1,000.

I'm not counting cookies, I'm talking about actual spyware, though cookies are often included in the "spyware" reports of popular programs. Still, I don't believe that Windows could even keep up with 56,000 cookies, let alone processes.
I'd like to see a screenshot from any spyware removal tool showing anywhere near 56,000 objects found. I simply don't think it's possible.

I've tried Microsoft Anti-Spyware, and it's really not that bad, but it does generate false positives. On my own system, among other things, it claimed to find a "WhenU SaveNow" infestation inside of a batch file with the following contents:

@ECHO OFF
ECHO --- BearShare Usage Statistics ---
if not exist .\WebStats MD .\WebStats
if not exist .\Logs MD .\Logs
if not exist .\Logs\access.txt goto errend
.\WebStats.exe
Start .\Webstats\index.html
goto end

:errend
Echo Upload logging is now activated, but there
ECHO isn't any upload activity to report yet.
PAUSE
:end
exit

While BearShare does arrive with stowaways like SaveNow and Weathercast, I nuke that junk manually after installation, and neither of those cretins get installed into BearShare's working directory to begin with. There is nothing in that directory infested with any sort of spyware, but MSAS really, really wanted me to quarantine or delete the batch file (along with most of the other files in the BearShare directory). It just makes me curious.

MSAS is not a bad app. I kind of like its "Tracks Eraser" feature. I wrote an app a few years ago called WinSanitizer which does a lot of that, and if I ever decide to finish it up and give it to anyone else, I might include a few of the new ideas that MSAS's "Tracks Eraser" has given me. The "System Explorers" feature is beautiful, and IMO more useful than the anti-spyware feature of the program.

Overall I'd say MSAS is one more tool for the toolbox. I wouldn't dare trust it alone any more than I trust the apps which comprise the triumvirate alone. But I hope during the beta process, they weed out the false positives.

(BTW, I presume you meant GAIN and not GAIM... :)

This moron

[Jeremiah+Cornelius]

can't figure between anti-virus and spyware protection.

I guess that means there no hope for most ither folks, either...

No, they will make REAL improvements ...

[Snork+Asaurus]

they'll probably stop calling it beta when they figure out how to bloat it into total uselessness (so far they've made it auto start without option to turn off, and have a long and annoying splash screen)

After burning tens of thousands of R&D hours, the brains at MS labs will be adding add a dancing, blinking magnifying glass that will pop up with the caption "I see you're trying to get rid of spyware!"

It Removes Internet Explorer!

[RikRat]

I don't see what's wrong with it? Microsoft's AntiSpyware Tool Removes Internet Explorer!

It classifies MSN SmartTags as Spyware

[ndverdo]

MS is apparently having seconds thoughts about their own software. MSN SmartTags are classified as threats which 'should be removed or quarantined from your computer'. You can see it here

Not only that

[Sycraft-fu]

I would label all spyware tools as inefficitive, or at the very least suboptimal and flawed. I know of no tool that will autommatically remove all spyware safely and reliably, and block it form the system. I can find this technology in a virus scanner, several in fact. They have essentially a 100% detection rate, frequently updated definitions, ability to block viruses before they reach the system, and with heuristic analysis the ability to block unknown vairants.

All the spyware software is flawed in some way. The automatic software fails to completely remove all spyware. Even good ones like SPybot and Adaware fail to remove everything, in fact one often finds what the other misses. Also, sometimes when it does remove a peice of spyware, it does so in a manner that causes harm to the system (Adaware improperly removed new.net and one point and left DNS inoperable on the system). Manual ones, like Hijack This, do a much better job, but only if a skilled and knowledgable individual is operating them.

So I'd say, if MS's tool finds a lot, but not all spyware, they are on par with other good tools. It would be desirable to see it get better, and become the first to find all spyware, but you can't knock them for not totally succeding when no one else has come close.

Re:Not only that

[detlev409]

Not that this invalidates your answer (indeed, I tend to agree with you), but just as a random aside, I've had Symantec AV pull a stunt similar to adaware's. SAV improperly removed an LSP, calsp.dll, and ended up hosing winsock.

Re:Not only that

[jp10558]

One software product that might allow you to prevent spyware installs would be DiamondCS's processguard. However, it's not a pancea, it just puts the decisions on what should run(with what priviledges) onto the user.

I'm not sure any automated tool can make these decisions reliabily until we develop strong AI.

I trialed process guard for a while, but I ended up ditching it because it managed to screw up Sygate, which I think is more important to my overall security.

Yes, that's what we need

[fishbot]

Good, solid anecdotes. That'll put the world to rights.

Re:mother fucking slashdot idiots...

[Gallowsgod]

In the end, let me tell you that my IQ is above 160! So, it is a scientific fact, that I can NOT be an idiot!

So how come you're able to write something as stupid as this? Actually IQ tests doesn't measure anything else than how good you are taking IQ tests. And high IQ is not connected to a high social intelligence. A lot of "intelligent" people has done and said stupid things. Do you really think name calling is such a brilliant way to prove your opponents are wrong? And why do you feel the need to brag about your IQ at all?

Re:What a moron....

[mshurpik]

He also wouldn't have lost any spyware...

Quick refresher on how software works: Programs are invoked by other programs, or explicitly by the user. Programs do not run by themselves. When the operating system is re-installed, existing spyware becomes stranded and ready for garbage collection.

Spyware does not run after a system re-install. What, you thought it did? I can't stop laughing.

spyware features built-in in anti-spyware tool

[cyrilc]

from the article : In theory, Microsoft AntiSpyware should get better over time. It's programmed to send reports back to Microsoft to improve and update spyware definitions.

...which clearly means that potentially some informations about what is installed are sent back to M$ !

reminds you of something back in 1995 when they tried to send the registry back to Redmond ?

Actually Microsoft Anti-Spyware is really good

[Idimmu+Xul]

Yesterday I wanted to test Exeem, but as everyone knows it comes with Cydoor, so I was a little wary. So I installed Adaware and Microsoft Anti-Spyware beta. I ran Adaware and it found 1 dubious registry entry, that wasn't, and 8 tracker cookies, so I used it to clean the cookies. I then ran MSAS and it only picked up Kazaa, suggesting it may have installed spyware along with it. I run a fairly tight system, 3 firefox, so was happy with the results.

I then installed Exeem!

DUN DUN DUNAAH

I ran Adaware again, and it picked up nothing at all.

I ran MSAS again, and as well as finding Kazaa it picked up Cydoor, 2 clicks later and Cydoor was gone! To check I googled and found out how to manually remove Cydoor then went through my system by hand and indeed it was no longer there.

So what am I saying? MSAS is actually pretty good.

So there.

The false positives make it unusable

[badzilla]

I ran it on several machines I knew (hoped anyway) to be clean but it still turned up some hits. Guess what the Microsoft NT4 and Windows 2000 Resource Kits are choc full of spyware! So is my Bluetooth driver, and so on.

OK I knew not to accept its recommendations to delete those files but falsies like these mean I dare not allow non-technical users to run it.

Re:hrm..

[VanillaCoke420]

Yes, a lot of spyware is actually installed when the user says "Yes". The problem is they often have no idea what they agree to... they just want that really cool searchbar, or IM or download manager or whatever. As long as they can chat on MSN or logon to their community online they're happy. That's why software must be as secure as possible right from the start, obviously it can't be left to the average user to secure their computer. If it affected only them... But on the Internet it could affect everyone else too, and since no one is willing to take responsibility for what they do on their own computer, someone else has to.

This guy used the wrong tool!

[Gubbe]

Microsoft released two tools: a "Malicious software removal tool" on Windows Update and MS AntiSpyware in the timespan of a couple of days.

"The tool looks for a limited number of pests, such as "Sasser" and "MSBlaster," so it didn't find the worm, "Netsky.P," that had infected this PC. The program, though, will be updated each month and will presumably become more effective."

According to that quote, the guy never even installed MS Anti-Spyware, but only the "Malicious software removal tool" that only removes some worms as mentioned in the quote itself.

To my understanding, the AntiSpyware program is not even available on Windows Update, only as a separate Beta-download.

The "reviewer" also said "To load Microsoft's Malicious Software Removal Tool, I had to get it using another machine, load it on a USB drive and install it manually. (It's usually available through Windows Update.)"

That pretty much removes all doubt.

Yup, this guy is definitely a pro. He can review software without ever even installing or seeing it.

d0h, NEVER MIND, feel free to mod parent (me) down

[Gubbe]

Showing my smartness here again, I guess I should have read the entire article. Yes, I'm stupid, mod me down all you want. Point and laugh.

Yoo hoo! Idiot here!

Not just market share

[Gnavpot]

So the overly-simple answer of "there is not enough popularity/market share" to target them is more or less accurate?

Mostly less accurate.

Such a statement would mean that if there were as many Linux/Unix systems as Windows systems, they would be as spyware infested as Windows. If one states that, one ignores two facts:

1. Much of the automatically installed malware depends on Windows mail clients' and web browsers' tendency to do too much too easily or even fully automatically without asking the user.

One of the classic examples is the Mime type exploit where you could send someone a mail containing an .exe file and use Mime types to declare it as a sound file. Many mail clients (including Netscape and perhaps even Mozilla) would think "Great! A mail with music. I will play this for my user without asking. She will be thrilled!". And then the mail client would ask the OS to play the file. The OS would think "Hm, I have been told to start this file. It seems to be a program file, so I will just run it."

This exploit type would be difficult to recreate under Linux. A mail program can't just hand the OS a music file and let the OS chose how to open it. The mail program would have to ask a music player to play the music file. The music player would hopefully say "Uhh, no. This is not a valid music file".

However, other exploit types would be just as likely under Linux, given the "right" client software. For example, nothing prevents someone from writing a mail client which can execute program files if the user doubleclicks them. The typical claim is "This is impossible under Linux, since the 'executable' bit must be set in the file's permissions.". This claim is void, since anyone purposely writing a Linux mail client with the ability to execute attached program files would of course have to include the functionality of setting the 'executable' bit.


2. On a default installed Linux system, a regular user do not have the priviledges to infect other accounts than his own with spyware. On a default installed Windows system, all users have admin rights, meaning that one user can infect all other user's accounts. As it is becoming quite common to create individual logins for each family member on a typical household PC, this difference is important.

Microsoft could do something to even out this difference. They would just have to change the default user account type to an unpriviledged account. However, that would create a lot of problems in everyday use, since many everyday programs for Windows (including some written by MS) are so badly written that running them without admin rights is difficult or impossible. I know this from my own experience, because in our household we run as unpriviledged users on both Windows and Linux PCs. There are almost no problems under Linux, since all everyday programs are designed to be run without admin rights. The Windows PCs are a nightmare.

What's the bets...

[Ciderx]

that if he was reviewing Giant Anti-Spyware instead of MS Anti-Spyware (and let's face it, all it is, is rebadged), the review would have been a lot more positive?

Windows in Usermode?

[zerojoker]

Why don't people just run Windows in usermode and not as an Administrator? I mean, it's not that difficult, just check
http://blogs.msdn.com/Aaron_Margosis/
and you'll see.
No one uses Linux as root all the time. Just run Windows as a user and suddenly all of the spyware, trojan and virus problems are gone. Or at least 99% of them. No need for an antispam software...

Re:No, they will make REAL improvements ...

[aurispector]

MS isn't the only one that does this sort of thing.

The trend in electronics in general is to add in lots of flashing lights, beepy noises, etc., that say "look at me and my pimped-out cell phone"

I recently installed a new stereo in my car that runs an ad-like "feature list" on the display when it's turned off, has an entirely useless but very sparkly graphic "output" display that is entirely useless and doesnt reflect the music that's playing. Most annoyingly, it beeps and boops when the engine is turned off. Fortunately it stops after a few seconds but MY GOD IS IT ANNOYING.

Anyway I actually RTFA and the question he should have raised was whether ANY anti-virus or spyware could have fixed the PC, or even if malware was the whole problem. He ends up formatting and re-installing his OS, but sometimes that's not a bad idea even if malware isn't involved.

i don't need anti-spyware tools

[fabgonber]

Mi simple solution to Win-problems.
1. i don't use windows

well in the past, i was use windows, and my solucion was be:
1. kerio personal firewall
2. never use IE (or IE motor)
3. never use 0utl00k

When will it end??

[DarkMantle]

How many times do we need to see reviews on ANY anti-spyware programs. NONE of them get rid of all spyware!!!!!!!!!!!

I'm going to point to a review that was on /. a while ago please check it out. It seems from the review that Giant AntiSpyware was this best in this review. Odd, how about 2 weeks later Microsoft has an AS program, that looks like Giants. Oh wait, MS bought Giant Company. Oddly enough it's the same product. I wonder if the reviewer in this article would have gave it a better review if it still siad "Giant" instead of "Microsoft."

I for one am not a fan of Mr. Gates, or MS, but this is still a quality product. I've been using Giant AS for a while and and a change in name doesn't change the product. Well, not yet anyway.

MS Anti Spyware the fix?

[Zebra_X]

Let have a quick look at the PC in question that was used for testing.

If you had a "3-year-old PC, a Gateway running Windows XP Home Edition, was basically unusable." And upon starting the machine you were inundadted with "Annoying pop-up windows" and "The modem dialed phone numbers even though the PC was hooked up to a broadband connection". Indeed even "Error messages appeared when I tried to open the Task Manager".

Really, what would you do with a machine like this? I'm pretty sure that a PC that is demon dialing the outside world, and that is no longer loading basic OS files is completely and irrevocably 0wned. Really, is it *reasonable* to expect that an anti-spyware application of any type would be able to fix this level of compromise? Even if "appears" to, how could you know that your PC is completely safe?

I think the real solution to this particular problem is "format c:". Not only will it leave the end user with a safe, clean install - it will save time.

The bottom line is the author of this article doesn't know what he doesn't know. He is not the first to have made the same mistake, as this article was published hot on the heels of another piece by Mossburg in the Wall Street Journal. Mossburg decried ms anti-spyware as "Seriously Flawed" becuase it did not remove tracking cookies, that it did not have incremental IE setting rollback and it did not support other web browsers. In similar fashion his assesment is a bit too zelous, and incorrect. He fails to recognize that his "flaws" have nothing to do with the removal of spyware.

Tracking cookies are easily removed, and easily blocked, and in the grand scheme of things - they do not cause your computer to behave strangely. In addition Mossburg did not do his homework; the ability to remove cookies is in the application under advanced -> tracks eraser. As far as setting restore goes, the MS anti-spyware tool acutally resets all of the browser settings to their factory defaults, by default - however you can easily control each setting with the "Change restore setting to a new URL..." link. Also, one features that is not mentioned are the System Explorers. These give access to some windows settings - such as Start Up items, but not just the applications in your startup folder - ALL of them including your logon shell, tremendously useful in determining if something is starting when it should not be. Finally ubiquitous browser support is absurd. There is no complelling reason for MS to release a free product that supports the competition. Now they could make you pay for that feature...

In short - the product would appear to work as advertised for the task it was designed for, despite what "technology buffs" would have to say about it.

Bashing

[Blitzenn]

Slashdot could never post an article saying the product was good. I will concede that there is not a product out there that does the job completely, yet. I have found though, that the MS tool is so far the most comprehensive one of all of them. I haven't had any trouble since it's install. That seems to fly in the face of the author's article to me. Before that I had continual problems. I am not heralding it as a great product, but so far it is the best one I have tried out of the big six. I think the willingness to bash any MS product, regardless of wheter it is true or now is pretty clear here at Slashdot.

I hope they *do* charge for this product

[Chriscypher]

Microsoft has built its empire by announcing, acquiring or developing products to compete with already existing products. Often these products are at least initially inferior, but often cost less and are bundled with the OS.

For example: Netscape Navigator -> Internet Explorer, Macintosh Finder -> Windows, RealAudio -> Media Player, WordPerfect -> Word, and tried to do this with Money -> Quicken stopped by the FTC. I'm sure there are many more examples of this strategy you historians can name.

If they do charge money for a anti-spyware/virus product, this will undermine Norton and the other companies which so far HAVE SAVED MICROSOFT's ARSE. If it is a pay-product, then it will garner resentment. If this product is inferior, it will make Windows as a platform less viable by exposing its own weaknesses.

Hey Microsoft, here is a *great* opportunity for you to finally get recurring subscription fees from your user base!!!!

Where do you want to go today? What's in your wallet?

.

He's right!

[3vi1]

It's only in beta. By the time MS is finished with it, it will be so good that Lavasoft and Kolla will be forced to bundle their programs with some Claria software just to make money.

Re:Pirates?

[Mjec]

I really hope you're not serious. MS could never get away with that. It just simply wouldn't stand the publicity - real publicity - it would attract. Far worse than the overused antitrust crap.

Re:Wow. Anecdotal Evidence!

[Frennzy]

yes, I meant GAIN. It was a typo.

Call bullshit all you want, but it's true. Under the folder c:\program files\common files\GMT, were about 60 folders, with randomly generated names consisting of (I think) 10 characcters each. Each of those had multiple folders underneath, usually consisting of ga, gb, gc, etc. Each of those folders had an enormous amount of folders underneath consisting of 5 numbers each. Each of those folders had a file in it, consisting of the same name as it's parent folder, with a .gdb extension (I think).

All told, there were 56000 of them, and each registered in MSAS as a file 'infected' with Claria. (they were actually generated by it)

I thought about getting a screenshot, but didn't because I thought it was kind of a stupid thing to brag about.

It gets even worse. Instead of trying to let MSAS deal with them, I first cancelled the scan, and went to manually delete them. Use windows explorer, it look like it would take over an hour. So I killed explorer, dropped to a command prompt, and deleted the entire tree that way. On reboot, the entire tree was back. Claria had done it's own system restore, invisibly. I had to disable system restore and run through the process again.

Re:Wow. Anecdotal Evidence!

[wuzfuzzy]

I have seen over 25,000. Mostly cookies of course! Sorry, that I didn't grab a screen shot.

Ok

[DOS-5]

So how many times is a review of this software going to be mentioned here?

Re:Wow. Anecdotal Evidence!

[gargan]

I too deal with spyware infested systems quite a bit, and I also doubt the 56,000 number. I've never seen anything remotely close to that, but I have seen a combination of Aluria, MSAS, and Ad-Aware come up with a total of nearly 2000 objects. FWIW.

All Anti-Spyware tools are ineffective

[llzackll]

First of all, this program is beta, and should not be subject to review. Secondly, I've found all of the anti-spyware programs to be ineffective. They will remove a lot of it, and detect most, but there are a lot of spyware out there that these programs will not remove, and must be removed manually.

These spyware programs employ some pretty nasty tricks. We've found that with some of them, we need to remove the hard drive completely and put them on a seperate system to be removed, or use something like Knoppix, or BartPE, which loads a different OS instead, so the files can be removed.

What about us poor linux users?

[mretallack]

How do we get rid of all that SpyWare? I wonder if it will run under Wine?

Not looking at the issue correctly...

[NipsMG]

It seems in general people aren't looking at the software for its two valuable functions: A) Removing Spyware B) Protecting the user against future spyware "infections". When cleaning up a client's computer or a friend's computer, you can give them a list of 3 anti-spyware programs to run weekly, and set all of their security settings, and tell them not to download and install weatherbug, but that behavior will only last a week. Unfortunately, the free version of AdAware does not install AdWatch, and Spybot doesn't have an agent running in the background anyways. MS's anti-spyware tool not only does an effective job at removing spyware, but out of the box it loads agents that prompt when registry keys are being modified, and blocks malware. A simple instruction to the user to ALWAYS BLOCK unless they are legitimately trying to install something leads to a much cleaner and spyware free computer. Nothing's perfect, but I wish people would give some goddamn unbiased reviews. MS Fanboys are going to say MS Anti-Spyware is the best thing since sliced bread, Linux fanboys are going to say "See, you should be on linux, MS sux0rz", and the Apple fans are going to say, "I swear to god the iPod shuffle is the best MP3 player ever. SO WHAT if it doesn't have a screen.. IT RULES!! SHUT UP!!! *tear*"

Well

[BuddyJesus]

Am I the only one to have used it more successfully than Spybot AND Ad-Aware put together? Or are you all crazy mofo's trying to run it on a mac?

Re:Well

[RedWolves2]

Well again I'll point out that the author didn't read the article as did not the majority of commenters in here...laziness or ignorance I can't figure out which...but the reviewer was reffering to the Maliscious Virus Remover as being 'ineffective' and he gave the anti-spyware tool a good score for protecting a already clean system.

Useful augmentation

[quigley6]

Working in a little repair shop that does 90% of it's business fighting spyware, I've got an understandable interest in any new anti-spyware tool. After all, anything that makes my job easier (and keeps billable hours up) is a good thing. I normally run Ad-aware SE Personal for basic cleanups, with judicious use of msconfig and various 3rd party startup controls (Winpatrol is great!). The more obstinate machines will get hand cleaned via the previously mentioned "Google the process names" method. Massive infections get an OS reload. My own experience with MS Antispyware has been mixed. I've been running it on everything in the shop, and am rapidly coming to the conclusion that it definately has it's place. For the basic, everyday spyware cleanup, MS is just too damn slow (averaging 3 hours for a deep scan/removal). It's even too slow for moderate infections, and doesn't detect/remove enough of the threats to make the wait worthwhile. However, there is that occaisonal machine that's been completely, absolutely possessed by pure evil. The kind of machine that glows with an eerie green light as the customer brings it through the door, and sends the other techs running out the door, screaming for holy water and a legion of priests. Machines with a number of infections uncountable by modern mathematics. On these machines, MS Antispyware can often save the day. Sure, it takes 5 or 6 hours to run, and doesnt detect nearly everything that's in there (doesnt even get all the running processes), but it can usually clean out the nastiest things, which can stabilize the machine enough to run Ad-aware and Spybot, and thereby avoid a full OS reload. In short, MS Antispyware is a good "last resort" for those machines that can't be reloaded.

The author of this post obviously didn't read it

[RedWolves2]

The author of this post (happyslayer) obviously didn't read the article because then he would have understood that the author of the review was referring to the Maliscious Virus remover as being 'ineffective' not the anti-spyware software. The reviewer said that the anti-spyware software did a great job at the role of being a protector of a clean machine, which it should be because that is hopefully going to be the primary use.

But thanks micheal for not reading the post and the article to see if what you posted on Slashdot was credible. You know people at CBS lost their jobs for reporting without checking facts.

Re:this is bull crap

[RedWolves2]

Sounds like a great idea. I think Apple and Linux also need to make their OS just as secure then...why only hold Microsoft to a higher standard.

Linux and Apple have just as many holes ... the only problem is they don't have the marketshare..

But this has been argued to death so it shouldn't be new to anyone.

[OT] Re:Operator Error

[cnj]

Those plus the TCP stack was corrupt on this machine...wouldn't renew the DHCP lease. Had to manually rebuild that as well.

Is this "normal" for MicroSoft machines? I'm asking because that is one of the things my last MicroSoft Windows(TM) machine did before I decided to kick it to the curb, and nobody I've mentioned it to had heard of anything like it.
Is the cause generally just bit-rot? How would one go about rebuilding the stack?

As a 'furthermore', I found it interesting that I left OSX after it did a similar thing--it would renew the lease but wouldn't pick up the DNS servers. Two hours in the Apple store resulted in a more broken machine followed by a demonstration of the magical self-healing powers of OSX--but even then it only returned to the state it was in when I got there and a "You'll have to reinstall." :p

If someone could explain the likely cause of either problem, and possibly a solution, I might change my view on these operating systems. As it is, I don't feel they should just break like they seem to have--and in neither case has somebody I've asked seems to be able to tell me why.

Re:this is bull crap

[RedWolves2]

What are you holed up? Or do you just get your information from Slashdot which only reports on negative Microsoft stories and positive everything else.

But I'll give you some links to show there is more to life then reading 2-3 day old stories where the submitter spins reality to show their ignorance as is the case with this story:

Mac OS X holes

Linux Security Patches

Microsoft Patches

All recent patches/holes and all came out about the same time. So please don't tell me your shit don't stink every operating system has their flaws it's the nature of software development.

Re:Pirates?

[babybird]

Most likely BitDefender was seen as spyware because by necessity, an anti-spyware program would have spyware signatures in it to recognize spyware. This sort of thing has been common in the anti-virus market for years, in fact it has always been recommended that no more than one anti-virus package be installed on a system at one time because of unresolved/unresolveable conflicts between the packages.

I'd say it's more likely that MSAS didn't have an exception for that version of BitDefender, or possibly that version of BitDefender was infected, or had its quarantine folder unencrypted or in a non-standard location. This kind of thing is not at all uncommon, and not at all surprising in beta software either.

Nothing's perfect

[dbbd]

Every few weeks I need to help someone (son. daughter, sister etc.) get rid of spyware, hijackers etc. I've adaware, spybot, hijackthis all installed and typically need to use all three. I've installed the new Microsoft tool, and it is a worthwhile addition to the arsenal of tools I'm using. First - the advanced tool restore hijacked explorer settings is great. I found it in no other tool. Yes, hijackthis will report those, but won't help you restore defaults. Second - think of the regular user, not the pros - the extra checkpoints are really helpfull since they call attention to situations normal users miss. Third - its not perfect, but it looks a good tool and it does the work. I think the auto-updates it has are very important. Adaware does not auto-update (unless you buy the retail), spybot does not auto-update. So bottom line - regardless of liking microsoft or not, this is a keeper. I just hope when they mature it from beta it will remain free - after all, its windows that lacks the security and they should be held responsible for fixing their own problems.

MS Anti-Spyware Beta1 Really Cool!

[leferris]

I love Microsoft, with that being said I download and installed MS's Anti-Spyware Beta1 and ran it. WOW! It detected, deleted spyware I thought I had deleted and found others more serious that I could not find on my own. I was blaming my ISP but now my 3MB connect is back! WOW! I have been watching Microsft's beta programs forever, and I am impressed on how this hits the street running! It even updated itself while it was running a scan. Hey I love to bad mouth something that's bad, but you're not going to get it from me on this beta, can't wait for the final product.

Microsoft AntiSpyware = Good.

[civilwar]

I found Microsoft's AntiSpyware tool to be a good one. I used it on my sister's computer which was not functioning well at all and by the time it was finished it was functioning beautifully. I think they have made an excellent product.

Re:Pirates?

[Orion+Blastar]

Well Microsoft used to break competitors programs with new releases of Windows, and they got away with that. Microsoft even scans to detect if the Windows key is a valid one now on their web site. If someone steals your key via Spyware, and publishes it on the Internet, your key just became invalid.

MS/Giant

[sharkden]

As of far, no popups, or other crap, running it ever 24hrs, and man. For a BETA, cant wait for the full. I just hope it comes included in the OS bundle!
Rock Out!

Re:hrm..

[VanillaCoke420]

How did I blame it on the OS? And I'm not even using Linux, so I'm not sure what you're talking about.