Slashdot Mirror
Review of Microsoft's Anti-Spyware Tools
happyslayer writes "Matthew Fordahl has written a review of Microsoft's anti-spyware tool and has declared it, in a word, 'ineffective.' Though the methodology isn't carried out completely (he uses another anti-virus program after trying MS's tool, but doesn't do the same with the anti-spyware tool), it's a fairly good anecdote on the MS product's usefulness."
But it's beta, and his methodology is just plain wrong. I'm not one to jump up and defend MS, but WTF?
From the end of the article:
Overall, I was more impressed with the antispyware program's protective measures and simple interface than with its ability to cleanse existing infections. Still, Microsoft seems to be on the right path to fixing the mess caused by the careless users, malicious programmers, unethical companies and vulnerable software.
Twenties Retirement
This is great news!
/. intentionally trolling?
Is someone at
I can tell you that I had to clean a machine today that had 56,000 instances of 'Claria' (GAIM aka Gator)
Ad-aware missed them on the first pass...so I used MSAS, and it caught them all. And removed them. Successfully. (whereas Ad-aware would have just quarantined them).
I know I'll get roasted for this obvious 'fanboi' ism, but remember, MSAS is actually still GIANT, who they brought it from. (check your process names while running it...you'll see)
According to this story on the register, the MS anti spyware tool also labels Bitdefender (a romanian anti virus tool) as spyware.
My pics.
What's up with all these "reviews" immediately condemning this new tool? As far as I can tell, it's an honest attempt on Microsoft's part to actively aid it's customers in removing crap from their computers. I've used it myself at work, and after running Spybot, Ad-Aware, SpySweeper, and HijackThis, Microsoft Antispyware still manages to flag and remove quite a few leftovers.
Granted, by itself it may not be the most effective thing in the world, but the same can be said for any antispyware/antivirus software. We need to run at least 3 antispyware programs at work, and at least 2 antivirus programs before we feel confident that a computer is clean enough to return to the customer.
Besides the fact that it's just a beta, it's worked out pretty well for what it is. The interface is easy enough to figure out and use, and it identifies software which comes bundled with adware/spyware. When was the last time Spybot or Ad-Aware flagged Kazaa or Imesh as adware bundlers, while the default action is "ignore," but removal and quarantine are obvious choices? I say enough of these reviews. I'll be "reviewing" it myself by using it for what it can do well. If the final version works as well as this does, or better, it'll stay on my list of removal tools for my customers.
That seems to be the common mindset amongst a good majority of /.'s. While I don't necessarily agree with their business practices, I admit that they put out some pretty good software. The visual studio family of compilers for one. Another thing, I've /never/ experienced a crash with XP. Because I know how to use it. I've never had a crash with Slackware either. You know why? Yup. Because I know how to use it. Also, firefox is not some magical solution to spyware. I'll admit it's a bit harder to become infected if you use ff instead of ie, but a stupid user is a stupid user regardless of what software you place in front of them.
In short, MS AntiSpyware looks like a very promising app. One which I hope MicroSoft continues to improve.
I ran the current version of Spybot, then I ran the current version of AdAware (free version), and when I ran Microsoft Antispyware, it still found stuff to remove that the others didn't
Of course, the program has been criticized for the huge number of false positives that it detects. Did you check to see if the things it found were in fact spyware?
I ran MSAS first, and it found some spyware it was not able to remove. Then running Ad-Aware which identified the spyware correctly, and also removed it. That's proof enough for me that MS AS is not ready.
-- If god wanted me to have a sig, he'd have given me a sense of humor.
First, I have never found any spyware problem that I could not resolve in approx 2 hrs or so. It is realtively simple. If Adaware and/or Spybot fail to detect and remove the infection, you have a few options. I do as follows:
1) Boot into safe mode.
2) Delete all browser helper objects. I usually leave Java installed unless it too seems infected (can happen).
3) Run msconfig. Select diagnostic boot. Then reboot into normal mode.
4) Now comes the fun. Open MSConfig and look at the registry entries and startup items. I use Google to identify what they do and note any suspicious items.
5) Just for protection, I create a restore point so I don't remove something I shouldn't and get into trouble. Then I use msconfig to select normal startup. When it asks if I want to reboot, I say "reboot later"
6) I go through the run keys (under HKCU and HKLM). I delete suspicious values. Same with the startup folder. I also review the drivers for anything strange and backup/delete as needed (I have seen drivers which I believed were involved in spyware).
7) Suggest to my customer (if it seems like a good idea) that we discuss migrating to Linux if they have continuing issues.
Reboot to test. Make note of anything that comes back. Reboot in safe mode if necessary to remove those values.
Granted this doesn't remove all the spyware programs, but it does disable their startup. By troubleshooting a problem for days and not being able to solve it, the author of the article has demonstrated that he doesn't really understand the Windows boot process or how to really troubleshoot it. Yes, I only run Linux, but I can troubleshoot Windows with the best.
LedgerSMB: Open source Accounting/ERP
I also ran it after Spybot and AdAware and it found more items.
Quite frankly, I was impressed.
Perhaps the author of the review went in with the intent of giving a bad review?
I can't believe this is story was posted. As much as I dislike MS on many levels, THIS IS BETA!!!!
Furthermore, some of the most effective anti-spyware tools I have used have broken windows before. It is in Microsofts best interest to be carefull in their approach to this. If they break legitamite programs with their tool, they a looking at lawsuits (EULA or no) and they have money to go after.
Please save the bashing until this thing is released officially as non-beta.
Sigs? We don't need no stinking sigs!
I think it's great. Nooo, definitely no sarcasm here. uh-uh.
I only post comments when someone on the internet is wrong.
The author is ineffective at system recovery.
I tested the programs on a Windows XP computer I borrowed from my wife's cousin. The 3-year-old PC, a Gateway running Windows XP Home Edition, was basically unusable.
Me too, except this was a customer.
Error messages appeared when I tried to open the Task Manager, a Windows utility that shows running programs and processes. It refused to load Windows Update, Microsoft's site for downloading security patches and other fixes.
Those plus the TCP stack was corrupt on this machine...wouldn't renew the DHCP lease. Had to manually rebuild that as well.
To load Microsoft's Malicious Software Removal Tool, I had to get it using another machine, load it on a USB drive and install it manually. (It's usually available through Windows Update.)
Or you could have just put the executable on a CD with SP2's executable and MS Anti-Spyware's executable. But that would make sense for someone in the system recovery business and we can't have that!
The tool looks for a limited number of pests, such as "Sasser" and "MSBlaster," so it didn't find the worm, "Netsky.P," that had infected this PC.
The program was designed to search for a few insanely critical bugs. It COMPLIMENTS your set of tools...not replaces them.
But bizarre behaviors -- including multiple pop ups, unwanted toolbars and generally sluggish behavior -- continued.
That's because you're not in safe mode and you haven't stopped the programs from regenerating.
So I rebooted the PC in safe mode...
Now we're going in the right direction!
After rebooting again, the PC continued to show signs of infection, though it did seem less bogged down. Having spent two days disinfecting the system, I broke down and reformatted the hard drive. I then reinstalled Windows XP and all its patches.
Pfffft. Ineffective computer technician.
I don't have the option to just backup whatever I feel is important on a customer's PC...they're paying me to recover their system, not pick which files have to disappear forever and cause them to lose all their settings and programs.
Once again for clarity: INEFFECTIVE COMPUTER TECHNICIAN.
MS Anti-Spyware has done an EXCELLENT job on every single customer PC. The Malware tools from MS make a quick and easy check during the in-home visit for those REALLY nasty bugs.
Who is this guy, anyway? Oh wait...
MATTHEW FORDAHL, AP Technology Writer
Technology WRITER. Leave the tech stuff up to the tech people and have fun with your little Word.
From everybody's stories about which one ran first, second, then third, and there are always things left over after each one, I'd say that's the nature of spyware removal tools.
It's been my experience that with the few tools I've tried, there's always stuff left over. Like someone else said, it may be Microsoft's now, but it was a different brand before. I've never had any real problem with malware on my PC's (home and work), but for my coworkers' and family members' computers, I've never really seen any of the removal tools that were 100% effective.
I neither hate it nor love it or Microsoft. The simple fact is that the review was crap. The methodology was lacking and the scientific process non-existant. We've done several anti-virus and anti-spyware comparisons. What you do is simple: - Load up a virtual machine with XP and take a snapshot - then kill it with viruses or spyware - run a tool and find what it catches/cleans - revert to the snapshot and run the next tool - do some simple math
1. Unix users are self-selecting; they tend to be technically competent and less likely to be infected than the general populace.
2. Unix systems use a wide range of email applications and web browsers, almost all of which have fewer holes than IE/OE. No Unix mail client will execute an attachment for you; you have to save it, enable the execution flag, and then run it yourself.
3. Unix desktops are not nearly as common as Windows desktops, so there're fewer incentives to hack them. They're also quite diverse; a binary for PPC MacOS isn't going to work under x86 OpenBSD, Sparc Solaris, or ARM Linux, which reduces the pool of target machines for a given virus.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
"I've never really seen any of the removal tools that were 100% effective"
Fdisk.
I heard that Norton Antivirus 2004 and above check for pirate key generator programs and report them as "hacker programs" or some such and then delete them.
You hit an interesting point, can the program check registrations to see if the software is pirated, and then remove it if it is pirated and report it as Spyware? Already BitDefender, a competing product, is seen as Spyware. So we see the MS tactic here to report competitors as Spyware, which makes MSAS look even better.
Think about it, Mozilla Firefox, Thunderbird, Opera, Eudora, OpenOffice.org, etc can be seen as Spyware this way, and the user is forced to use the Microsoft products that compete with them, to avoid the Spyware alerts.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Whenever a Microsoft bashing article comes up on slashdot we need a little video song clip to come on with pasty aggressive nerds emerging from their basements in homemade rockets with the lyrics blaring: SLASHDOT! FUCK YEAH! Coming again, to save the mother fucking day yeah, SLASHDOT, FUCK YEAH! Linux is the only way yeah, Microsoft your game is through cause now you have to answer too, SLASHDOT, FUCK YEAH! So lick my slanted posting, and suck on my trolls, SLASHDOT, FUCK YEAH! What you going to do when we come for you now, it's the open-source dream that we all share; it's the hope for tomorrow. FUCK YEAH! OpenBSD, FUCK YEAH! Spybot S&D, FUCK YEAH! Beowulf CLusters, FUCK YEAH! Neil Stephenson, FUCK YEAH! MMORPG, FUCK, YEAH!
I sincerely hope they never do charge for this product.
MS selling anti-spyware is like Goodyear selling anti-defective-tire-glue-or-something.
1.Build defective product
2.Let customer get flooded with problems
3.Instead of fixing defective product, sell customer
some kind of half working fix you bought from someone else
4.profit!!!
We should have been
So much more by now
Too dead inside
To even know the guilt
After burning tens of thousands of R&D hours, the brains at MS labs will be adding add a dancing, blinking magnifying glass that will pop up with the caption "I see you're trying to get rid of spyware!"
Sigs are bad for your health.