Microsoft Antispyware Beta

Microsoft has qui­etly launched a beta test of a tool for anti­spy­ware. It's a bit embar­rass­ing that a tool of this nature should be needed at all, largely due to secu­rity holes in their OWN soft­ware (Inter­net Explorer, pre­dom­i­nantly), but for what it's worth, it does look rather user-friendly and capable.

Enter­ing the anti-spyware mar­ket that's already too crowded, Microsoft has launched a beta tool all of its own called Microsoft Anti­spy­ware.

In a first impres­sion review, WSJ Per­sonal Tech gives it a not-very-promising rating:

"…it has some seri­ous flaws and lapses.…I can't rec­om­mend it, in its present form, over the lead­ing third-party anti­spy­ware pro­gram I have favored, Webroot's Spy Sweeper."

Still, it's worth the effort I thought, so off I went to grab my copy.

Painful Instal­la­tion Rigmaroles

Strangely, you need to first val­i­date your Win­dows before you can so much as down­load this beta. I tried this with Opera, so I did not see any activex warn­ing bar as sug­gested below.

I went with the "Alter­na­tive Down­load", it down­loaded a quick util­ity of some sort (my guess: an activex) which gen­er­ates a "Val­i­da­tion Code" for your Win­dows. Fair enough. Did this, and moved on. Another win­dow fol­lowed, which asked me to type in my Win­dows XP acti­va­tion code, the 25 let­ter one. Fair, done.

Once you do man­age to get through this ini­tial pop-up win­dow may­hem, the instal­la­tion is clear and seamless:

Neat Inter­face

The ini­tial screen is sim­ple, tests are offered in Quick or Full-System scans. This is very sim­i­lar to the Giant Com­pany prod­uct; does any­one remem­ber Spam Post­mas­ter offer­ing? That's at the root of this tool as Microsoft acquired Giant Com­pany in Decem­ber. Fairly sim­ple, eas­ily laid out interface:

My favorite sec­tion, and the note­wor­thy fea­ture of this tool, is the "Advanced Tools" sec­tion, which shows a lot of com­mon cul­prits in a very well cat­e­go­rized interface:

These tools list a wide vari­ety of installed sys­tem ele­ments along with detailed infor­ma­tion for each and, in most cases, the abil­ity to dis­able the par­tic­u­lar ele­ment. For exam­ple, one lists run­ning processes and can stop any par­tic­u­lar process. Another lists pro­grams that launch at startup and lets the user either block or per­ma­nently remove them. Among the oth­ers are tools to explore ActiveX con­trols, Browser Helper Objects, and the Hosts file. Also in Advanced Tools, the Browser Hijack Restore page will reset about 20 Inter­net Explorer set­tings to their orig­i­nal val­ues (though we think MSAS should pre­vent these from being hijacked in the first place). Finally, the prod­uct includes a Tracks Eraser mod­ule that can delete tem­po­rary files and his­tory lists.

Well, I don't have too much spy­ware left (thanks to per­sis­tent use of Fire­fox and Opera) but for an "ini­tial beta" with minor redesigns for a Microsoft look, the prod­uct is use­ful. The per­for­mance in terms of catch­ing spy­ware isn't out­stand­ing. I don't use Webroot's tool so can­not com­pare it with that, but between Spy­bot and Ad-Aware, there were many more poten­tials (adware, spy­ware, and key­log­gers on a typ­i­cal infested test sys­tem) listed than this tool.

It's In The Details, Stupid

The good things are in the details offered for the Microsoft Anti­Spy­ware (MSAS) offers won­der­fully detailed infor­ma­tion about the threats it does detect. To start, it assigns sus­pi­cious items a threat rat­ing (Mod­er­ate, High, Ele­vated, or Severe) along with a color-coded warn­ing bar. It also sets a default dis­po­si­tion for the item: Ignore, Quar­an­tine, or Remove. The user can change the dis­po­si­tion and can also choose Always Ignore, thereby pre­vent­ing MSAS from flag­ging that item in the future.

Next time you install a soft­ware, you may also get a use­ful warn­ing like this:

The numer­ous file and Reg­istry traces that reveal the pres­ence of a par­tic­u­lar threat are hid­den by default, but can be revealed if needed. And, of course, you can click on a link for more infor­ma­tion about the selected item. I do wish that the pro­gram would allow sort­ing of the results by threat level or dis­po­si­tion; when the con­fir­ma­tion dia­log reports it will remove 50 spy­ware threats and ignore one, I'd like an easy way to find out just which one will be ignored.

While remov­ing spy­ware is impor­tant, MSAS also pro­tects your system's secu­rity in a num­ber of other ways. Its Real-time Pro­tec­tion sys­tem includes over 50 "agents" that watch for and pre­vent spe­cific secu­rity exploits. Click­ing through the Secu­rity Agents and read­ing their descrip­tions is an impres­sive les­son in just how much home­work Giant did. Hacker exploits, such as get­ting Win­dows to allow anony­mous enu­mer­a­tion of user accounts or attempt­ing Wi-Fi sys­tem entry, are blocked when they occur. We were pleased to see some of the stuff that's taught in hack­ing classes blocked auto­mat­i­cally. With the user's per­mis­sion, these agents report detected threats to the SpyNet Anti-Spyware Com­mu­nity for analy­sis and even­tual inclu­sion in spy­ware definitions.

Con­clu­sion

Microsoft Anti­Spy­ware admit­tedly needs to ramp up its per­for­mance in the two main tasks of an anti­spy­ware util­ity: remov­ing spy­ware and pre­vent­ing any new spy­ware from installing. But it's tech­ni­cally a beta, so some of the miss­ing fea­tures are surely for­give­able. The tool is VERY fast, quite intu­itive to use for Win­dows users, and cer­tainly on the right track.

Ulti­mately, inte­gra­tion is far more impor­tant than inno­va­tion — there are all sorts of peo­ple who come up with new things, but rec­og­niz­ing what is prac­ti­cal and devel­op­ing it to its fullest extent as part of a sys­tem is what makes Microsoft work. And I'm really glad they've picked up an anti-spyware pack­age instead of devel­op­ing one in-house because they can cap­i­tal­ize on some­one else's focus on the spy­ware prob­lem, to our benefit.

Mean­while, I am not unin­stalling my Ad-Aware free ver­sion and Spy­bot Detect any­time soon.

  • milo

    Microsoft is buy­ing some anti-virus prod­uct already.

  • Chris

    Not true that you need to val­i­date Win­dows before you down­load. You can choose not to and still get it. I believe they want you to think you must val­i­date, but don't make it an absolute require­ment so they will get fewer complaints.

  • dee

    My puter froze up. I sent error report to MS. Their reply was that I had the IBIS tool­bar and it needed to be removed. So I down­loaded their MCAS. The down­load was easy, I ran the scan. Fine and dandy. Nowhere in the post scan results was IBIS tool­bar men­tioned.
    Now my sys­tem has slowed to a crawl !
    Any­body know what is going on?
    I ' ve had Spy­bot for a year. PLus Nor­ton Inter­net Secu­rity 2005.