Security optimize

Microsoft gets serious about security with beta of anti-spyware software

In this week's Locksmith column, John McCormick tries out Microsoft's AntiSpyware beta. He takes a look at its features and compares its spyware-scanning ability with Ad-Aware.

Details

The anti-spyware software recently announced by Microsoft is now mature enough to evaluate so I downloaded a copy and ran it head-to-head with a free utility: Lavasoft's Ad-Aware SE (Personal Edition). There is no word yet on whether Microsoft plans to charge for the product once it is out of beta.

Although Microsoft's AntiSpyware isn't intended to do exactly the same thing as Ad-Aware, the goals are similar—to locate and quarantine software that can capture information from your computer and transmit it to others without your knowledge or agreement. Most of these are relatively harmless cookies used to monitor advertising hits, but the same technology can be hiding code that captures keystrokes and harvests other critical information from systems.

Without the use of some tool it is very difficult for Windows users and administrators to detect these programs and know what they may be doing.

You can only obtain AntiSpyware, which is about 6 MB in size, as a download from a Microsoft site. The beta version won't be made available on CD-ROM. Installation went smoothly, although while trying to view some options it did lock up, and I had to kill it via Task Manager. The program started right up again when I tried it.

I ran both utilities on an older 2-GHz. P4 Dell with 512MB and running XP SP2. Both took about 12 minutes to complete a deep file scan but the results were significantly different.

AntiSpyware reported scanning 2398 memory processes, 18,973 files, and 8693 registry keys, finding no problems. I had just purged the system an hour earlier with Ad-Aware. There are few details provided about just how the software works so I don’t know why a later automatic scan reported checking 33970 files.

Immediately after running the Microsoft program Ad-Aware scanned 2564 process modules, and 157,212 "objects", the term Ad-Aware uses that approximates files. The important difference was that the Lavasoft utility found five data mining objects, including one from trafficmp.com and another from doubleclick.net. It’s a rare system that doesn’t have some doubleclick data mining objects, but AntiSpyware apparently isn’t intended to detect them.

AntiSpyware is more than just a spyware scanner; it also provides some management tools and provides real-time protection by watching for more than 50 ways spyware can insinuate its way onto your system. I’ve seen reports that this works pretty well, although it failed to block or notify me of six new tracking cookies installed on my system in a half hour online. Ad-Aware found them on a "smart" system scan while AntiSpyware failed to do so even on a deeper scan.

One AntiSpyware tool, Security Agents, monitors program and Internet activity as well as system changes.

System Explorers, another tool, provides a simple method to manage ActiveX, running processes, startup programs, IE settings, and other features that can be fine-tuned to make your system work the way you want it to.

The Running Processes tool is especially useful because it makes it easy to learn just what the processes do in considerable detail—far more than you get with Task Manager—although you still need TM to see what CPU time is being allocated to each process. One shortcoming is that additional information beyond some fairly basic data such as file path and version isn’t available yet for many processes, but bear in mind that this is a beta program.

Applicability

AntiSpyware runs on:

  • Windows 2000
  • 2000 Advanced Server
  • 2000 Professional Edition
  • 2000 Server and 2000 SP2, 2000 SP3, 2000 SP4
  • Server 2003
  • XP, XP Home Edition, XP Media Center, XP Pro, XP SP1 and SP2, and XP Tablet PC Edition

Final word

For a beta, this new Microsoft offering seems to work well, although you need to be aware that it certainly doesn't detect some ad-tracking utilities.

The constant monitoring and protection are the most important options but are difficult features to evaluate over the short term. I really can't say how effective they may be. The code missed by the utility on my system was quite benign, although I didn't want it and wish AntiSpyware had reported it.

The additional system management tools add some much-needed features that Windows was sadly lacking. It's hard to believe that it took this long for Microsoft to provide an easy and obvious way to stop unwanted programs from loading at startup. Even a novice could manage them using AntiSpyware.

With some improvements AntiSpyware could become quite useful; already it looks as if it may provide significant protection against new spyware. Improvements are certain to come because part of the program is the option to allow it to share information with other computers and build new spyware definitions on the fly. I recommend you check it out and see if it should be added to your toolkit. If nothing else, AntiSpyware will be endorsed by Microsoft which means a lot of administrators will feel more comfortable installing it. Out of management and security concerns, many large companies (and especially government agencies) prohibit installation of third-party freeware such as Lavasoft.

You can also turn to CNET’s Help.com for an online class on combating spyware.


Also watch for …

  • Gmail, the free Google e-mail service that has lots of nice features, apparently had a hole which let attackers who wrote a particular Perl script access portions of other users’ messages. The vulnerability has been patched. Remember that Gmail is still in beta—I’ve used it for a couple months and really like it but for now you need to know someone to get an account.
  • For those who were concerned about the FBI’s use of Carnivore to snoop on their e-mail messages, I want to mention that the agency has apparently dropped its use in favor of more powerful commercial products. The bad or good news, depending on your viewpoint, is that Carnivore probably isn’t needed now that the Feds can go to an ISP and, reminding them of 9-11, can just ask for e-mail records.
  • Securiteam.com reports several serious vulnerabilities in the Netgear FVS318 small office router/firewall.
  • Oracle users should check out the possible impact of 23 vulnerabilities listed this week by Secunia.
  • Federal Computer Week reports that the Homeland Security Department is going to build a baseline security database by surveying 36,000 businesses this spring.
  • I’ve warned about Tsunami e-mail scams and one alleged perpetrator has just been arrested by the FBI. Even better news is that out of 800K scam e-mails sent, Matthew Schmieder of Pittsburgh only collected $150 in the PayPal account he set up. As the penalties for being a spammer become more severe, it will require a bigger payoff to make the crime worthwhile. Perhaps we will see a drop in spam as more arrests are made and spammers generate less and less income. Perhaps Mr. Schmieder would have hesitated if he were more security savvy and knew that Pittsburgh’s FBI office is the home base of a special effort to combat spammers.