The anti-spyware software recently announced by Microsoft is now mature enough to evaluate so I downloaded a copy and ran it head-to-head with a free utility: Lavasoft's Ad-Aware SE (Personal Edition). There is no word yet on whether Microsoft plans to charge for the product once it is out of beta.
Although Microsoft's AntiSpyware isn't intended to do exactly the same thing as Ad-Aware, the goals are similar -- to locate and quarantine software that can capture information from your computer and transmit it to others without your knowledge or agreement. Most of these are relatively harmless cookies used to monitor advertising hits, but the same technology can be hiding code that captures keystrokes and harvests other critical information from systems.
Without the use of some tool it is very difficult for Windows users and administrators to detect these programs and know what they may be doing.
You can only obtain AntiSpyware, which is about 6 MB in size, as a download from Microsoft's Web site. The beta version won't be made available on CD-ROM. Installation went smoothly, although while trying to view some options it did lock up, and I had to kill it via Task Manager. The program started right up again when I tried it. I already had Ad-aware on my machine, but if you want a copy it can be downloaded from ZDNet UK's download area.
I ran both utilities on an older 2-GHz P4 Dell with 512MB of RAM and running XP SP2. Both took about 12 minutes to complete a deep file scan but the results were significantly different.
AntiSpyware reported scanning 2398 memory processes, 18,973 files, and 8693 registry keys, finding no problems. I had just purged the system an hour earlier with Ad-Aware. There are few details provided about just how the software works so I don’t know why a later automatic scan reported checking 33970 files.
Immediately after running the Microsoft program Ad-Aware scanned 2564 process modules, and 157,212 "objects", the term Ad-Aware uses that approximates files. The important difference was that the Lavasoft utility found five data-mining objects, including one from trafficmp.com and another from doubleclick.net. It’s a rare system that doesn’t have some doubleclick data mining objects, but AntiSpyware apparently isn’t intended to detect them.
AntiSpyware is more than just a spyware scanner; it also provides some management tools and provides real-time protection by watching for more than 50 ways spyware can insinuate its way onto your system. I’ve seen reports that this works pretty well, although it failed to block or notify me of six new tracking cookies installed on my system in a half hour online. Ad-Aware found them on a "smart" system scan while AntiSpyware failed to do so even on a deeper scan.
One AntiSpyware tool, Security Agents, monitors program and Internet activity as well as system changes.
System Explorers, another tool, provides a simple method to manage ActiveX, running processes, startup programs, IE settings, and other features that can be fine-tuned to make your system work the way you want it to.
The Running Processes tool is especially useful because it makes it easy to learn just what the processes do in considerable detail -- far more than you get with Task Manager -- although you still need TM to see what CPU time is being allocated to each process. One shortcoming is that additional information beyond some fairly basic data such as file path and version isn’t available yet for many processes, but bear in mind that this is a beta program.
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Membership FAQ
Google, Viacom trade blows in YouTube copyright spat: [zdnet.co.uk] Google and the US media giant Viacom have issued... http://dlvr.it/Knht
25 minutes ago on Twitter by cybfor
Be sure to include an audio option - eg. a beep tone - to intensify and reiterate the action. This will greatly benefit some consumers and give...
27 minutes ago by CIMITL Data disposal is really important to get right. There are standards set by UK and US federal governments to ensure that data is kept secure. If...
59 minutes ago by DataSecurityUK Online Fiber Optic Certification Join a talented group of professionals, who are dedicated to Fiber Optic Networking technology. The online course...
3 hours ago by chaycon1 on BT launches 40Mbps fibre-based broadband Online Fiber Optic Certification Join a talented group of professionals, who are dedicated to Fiber Optic Networking technology. The online course...
3 hours ago by chaycon1 on Google to build gigabit broadband to the home
Hi Dava, I'm glad to hear from you, and glad that you see things from the other side. I think that is the most important point of the whole...
3 hours ago by J.A. Watson on Ubuntu 10.04 (Lucid Lynx) and the Latest Tempest
please please please please please please kill that spam bot.
4 hours ago by dava4444 on ZDNet UK: faster, smarter, still IT all the way it didn't post the link it's 'Ubuntu 10.04 Lucid Lynx Beta-1 First Look' on youtube :) Dava
7 hours ago by dava4444 on Ubuntu 10.04 (Lucid Lynx) and the Latest Tempest Hi James I disagree, Ubuntu needs a GUI update and this one IMO is quite good. your pics show a low res. here's a high res. on YouTube* The...
7 hours ago by dava4444 on Ubuntu 10.04 (Lucid Lynx) and the Latest Tempest Hi any news on the comment bot? knocking me back from my own blog is a bit cheeky lol *Mulder to Scully* "I think it has an agenda.." I know, I...
8 hours ago by dava4444 on ZDNet UK: faster, smarter, still IT all the way if you look at the Brentwood exchange on samknows it servers 21,000 residential propertiesm, Lowestoft serves 31,000! Come on BT sort yourselves...
8 hours ago by benny boy on BT fibre broadband coming to 69 more towns
[programming] H.264 - a sting in the tail http://reddit.com/bfu4q [zdnet.co.uk]
9 hours ago on Twitter by pbreddit
H.264 - a sting in the tail [programming] 13 points, submitted by zigzag [zdnet.co.uk] http://reddit.com/bfu4q
10 hours ago on Twitter by reddit Malware infects second Vodafone HTC phone: [zdnet.co.uk] A second Android-based HTC Magic from Vodafone has been... http://dlvr.it/KhKx
12 hours ago on Twitter by cybfor US gov t considers undercover social networking: [zdnet.co.uk] The Obama administration has considered sending... http://dlvr.it/Kh3L
13 hours ago on Twitter by cybfor
Chatter preview http://www.zdnet.co.uk/news/application-development/2010/03/17/salesforce-opens-up-chatter-developer-preview-40088348/
13 hours ago on Twitter by miyabi81 Please give me chance in the vodafone essar Ltd as back office executive
15 hours ago by sudipta_vodafone on Vodafone culls 375 'mainly back-office' jobs I want to get a back office job in vodafone direct payroll
15 hours ago by sudipta_vodafone on Vodafone culls 375 'mainly back-office' jobsFor multi-store outlets, including retail, banking, grocery, gas, hospitality, convenience stores and others, reducing (or avoiding) the cost of in-store system support and maintenance while maintaining compliance with PCI and other requirements has become a strategic challenge.
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk Management, Forrester Research, Inc. As Enterprises are increasingly connected to the Internet and as hard organizational boundaries are fast disappearing, security professionals are facing fresh challenges in Enterprise computing.
This tutorial is for new MindManager users and teaches you how to get started, by creating maps, reading maps and organizing your information.
Talkback
Is it worth bothering with? You bet!
25 Jan 05 13:56 ReplyI use Ad-Aware and Spybot (always with the latest adware dictionaries) on a regular basis, and when I saw details on ZDNet of MS's new AntiSpyware beta I naturally thought I'd give it a go, out of curiosity. Thank god I did.
I ran Ad-Aware & Spybot first, on 2 PCs. Both machines were found to have an assortment of the usual tracking cookies but nothing nasty. I then let the MS tool loose and was horrified when it found a keystroke logger embedded on my corporate laptop and an ad displayer on the other machine, a corporate desktop.
So what if it isn't designed to root out pesky tracking cookies? These aren't really a threat, though they irritate the heck out of me. The MS jobbie saved my bacon and I have recommended all my colleagues to try it.
God knows how long that malware was on those machines; as a supposedly savvy consultant I pride myself in running clean machines. Much like Firefox users, I felt that any tool offered by MS would be grossly inferior to the excellent Ad-Aware & Spybot, but it turns out that their aquisition of Giant Software was a bloody smart move.
I hate to sound like an MS flunky, and if they charge loads for this once it's out of beta then I take it all back, but for now I am bloody thankful they released it.
Chris, strange that your anti-virus software didn't detect the keystroke logger. Which keystroke logger was it anyway? And was it a confirmed find or a false positive?
26 Jan 05 22:09 ReplyNot sure how it got past AV, I think I may have turned On Access Scan off for a couple of hours while trying to find why McAfee hogs CPU. So partly my fault.
27 Jan 05 09:25 ReplyI don't recall the malware's name byt Microsoft AntiSpyware gave full details, one of the best reports from a tool such as this I've seen yet. Using it I went on-line and checked out the keylogger and found it was a professional version used by corporations to monitor staff, but also available as Shareware. Worryingly it also had the capability to remotely view my screen!
Whether my fault for disabling AV for a short while or not, only the MS tool found this hideous system invader. It gets top marks from me!
Interestingly Spybot detects "Avenue A, Inc" attempting to install itself when accessing this web site!
27 Jan 05 12:23 ReplyTry runnning it on a PC that's been connected to the Internet with 'Ordinary Users' hammering it for years and you'll see the Microsoft one wins hands down,
27 Jan 05 12:53 ReplyMost of the machines Browsers have been hijacked and the Microsoft Utility allows you to resert the Hijack easily. Just hope they don't charge.
I am a techie, and manage about 500 customers. The reviewer did the scan on a relatively clean machine used by an advanced user. This is is thus an inaccurate review.
27 Jan 05 15:37 ReplyWhat he shoudl have done is load it on a novice users pc. It worked a dream and most importantly continued to run in the background. It also has a great anti hijack facility.
For advanced users don't bother and just keep running ad aware. if you are a novice (like most of my clients) who don't know what to do with ad aware then install it now!!
Great tool for novices but techies and advanced users don't bother
By the way the tracking cookies that lavasoft finds are regenerated within a day and they are watching you again! thus even lavasoft is not very effective!
I installed the Beta MS anti spyware on Jan 9, and it was runnign smoothly until i had an auto update from MS on 2-10, when the MS antispyware was then unable to access the internet for updates. My experience is that the MS anti spyware did get malware which Adaware and Spybot missed, and this is matches Eric Howes from Uof Illinois in his test of popular anti malware tools. He said that of 134 "planted" malware items, the MS found 100, while spybot only found 40. Adaware I think was at 70's and Spysweeper in the 80's.
11 Feb 05 21:20 ReplyMeanwhile, I did a system restore to B4 the MS update, as I am not a techie and want the protection of the updates...I'm attempting to put a link the the eweek article showing the test results here: http://www.eweek.com/article2/0,1759,1731474,00.asp?kc=EWRSS03129TX1K0000614
Ashwin
Well, I've seen this Microsoft AntiSpyware in action.
17 Feb 05 23:19 ReplyFirst of all, I have my doubts about the License Agreement that comes with this product but then I'm not a laywer.
Also, on a perfectly clean machine (checked by pro's) it claimed to have found XferPro based on nothing but registry keys (no executable found) that have nothing do with XferPro.
That's not hopefull but then this is still beta software. But that might be a reason why Microsoft AntiSpyware finds things that others do not.
Other then that this Microsoft AntiSpyware seems no better then the more proven solutions already available out there. With the exception that Microsoft AntiSpyware falls into the category of nagware as far as I'm concerned because it keeps on popping up questions for as long as the user doesn't comply with what the program thinks is best. As such I wouldn't recommend putting beta software into production. Certainly when there are more experienced and proven solutions out there that don't nag as much.
This "review" was so lame i laughed!
22 Feb 05 19:00 Replyit was good in the sense that he wanted to compare them but the article sounded rushed.
I used both earlier today, Adaware == 9 spywares
MS Antispyware.......14254
what a difference. the MS antispyware was the correct one!! adaware fell a long way short!
I tried the BETA for about 2 weeks and was unimpressed. The thing deleted my Kazaa registry keys so now Kazaa is useless even though I have taken the files out of quarrantine. I mean the program did what it was supposed to do but as pointed out i nthe article some spyware was missed and well I just think that a combination of spyware and adware ttols would be better, personally I use Spyware Blaster, Spy Bot S&D, and Ad-Aware and with these 3 I am very impressed with the amount of protection my computer has.
24 Feb 05 17:08 Reply