Microsoft Antispyware Beta
Microsoft has quietly launched a beta test of a tool for antispyware. It's a bit embarrassing that a tool of this nature should be needed at all, largely due to security holes in their OWN software (Internet Explorer, predominantly), but for what it's worth, it does look rather user-friendly and capable.
Entering the anti-spyware market that's already too crowded, Microsoft has launched a beta tool all of its own called Microsoft Antispyware.
In a first impression review, WSJ Personal Tech gives it a not-very-promising rating:
Still, it's worth the effort I thought, so off I went to grab my copy.
Painful Installation Rigmaroles
Strangely, you need to first validate your Windows before you can so much as download this beta. I tried this with Opera, so I did not see any activex warning bar as suggested below.
I went with the "Alternative Download", it downloaded a quick utility of some sort (my guess: an activex) which generates a "Validation Code" for your Windows. Fair enough. Did this, and moved on. Another window followed, which asked me to type in my Windows XP activation code, the 25 letter one. Fair, done.
Once you do manage to get through this initial pop-up window mayhem, the installation is clear and seamless:
Neat Interface
The initial screen is simple, tests are offered in Quick or Full-System scans. This is very similar to the Giant Company product; does anyone remember Spam Postmaster offering? That's at the root of this tool as Microsoft acquired Giant Company in December. Fairly simple, easily laid out interface:
My favorite section, and the noteworthy feature of this tool, is the "Advanced Tools" section, which shows a lot of common culprits in a very well categorized interface:
These tools list a wide variety of installed system elements along with detailed information for each and, in most cases, the ability to disable the particular element. For example, one lists running processes and can stop any particular process. Another lists programs that launch at startup and lets the user either block or permanently remove them. Among the others are tools to explore ActiveX controls, Browser Helper Objects, and the Hosts file. Also in Advanced Tools, the Browser Hijack Restore page will reset about 20 Internet Explorer settings to their original values (though we think MSAS should prevent these from being hijacked in the first place). Finally, the product includes a Tracks Eraser module that can delete temporary files and history lists.
Well, I don't have too much spyware left (thanks to persistent use of Firefox and Opera) but for an "initial beta" with minor redesigns for a Microsoft look, the product is useful. The performance in terms of catching spyware isn't outstanding. I don't use Webroot's tool so cannot compare it with that, but between Spybot and Ad-Aware, there were many more potentials (adware, spyware, and keyloggers on a typical infested test system) listed than this tool.
It's In The Details, Stupid
The good things are in the details offered for the Microsoft AntiSpyware (MSAS) offers wonderfully detailed information about the threats it does detect. To start, it assigns suspicious items a threat rating (Moderate, High, Elevated, or Severe) along with a color-coded warning bar. It also sets a default disposition for the item: Ignore, Quarantine, or Remove. The user can change the disposition and can also choose Always Ignore, thereby preventing MSAS from flagging that item in the future.
Next time you install a software, you may also get a useful warning like this:
The numerous file and Registry traces that reveal the presence of a particular threat are hidden by default, but can be revealed if needed. And, of course, you can click on a link for more information about the selected item. I do wish that the program would allow sorting of the results by threat level or disposition; when the confirmation dialog reports it will remove 50 spyware threats and ignore one, I'd like an easy way to find out just which one will be ignored.
While removing spyware is important, MSAS also protects your system's security in a number of other ways. Its Real-time Protection system includes over 50 "agents" that watch for and prevent specific security exploits. Clicking through the Security Agents and reading their descriptions is an impressive lesson in just how much homework Giant did. Hacker exploits, such as getting Windows to allow anonymous enumeration of user accounts or attempting Wi-Fi system entry, are blocked when they occur. We were pleased to see some of the stuff that's taught in hacking classes blocked automatically. With the user's permission, these agents report detected threats to the SpyNet Anti-Spyware Community for analysis and eventual inclusion in spyware definitions.
Conclusion
Microsoft AntiSpyware admittedly needs to ramp up its performance in the two main tasks of an antispyware utility: removing spyware and preventing any new spyware from installing. But it's technically a beta, so some of the missing features are surely forgiveable. The tool is VERY fast, quite intuitive to use for Windows users, and certainly on the right track.
Ultimately, integration is far more important than innovation — there are all sorts of people who come up with new things, but recognizing what is practical and developing it to its fullest extent as part of a system is what makes Microsoft work. And I'm really glad they've picked up an anti-spyware package instead of developing one in-house because they can capitalize on someone else's focus on the spyware problem, to our benefit.
Meanwhile, I am not uninstalling my Ad-Aware free version and Spybot Detect anytime soon.