The anti-spyware software recently announced by Microsoft is
now mature enough to evaluate so I downloaded a copy and ran it head-to-head
with a free utility: Lavasoft’s Ad-Aware SE (Personal Edition). There is no
word yet on whether Microsoft plans to charge for the product once it is out of
Although Microsoft’s AntiSpyware isn’t intended to do
exactly the same thing as Ad-Aware, the goals are similar—to locate and quarantine
software that can capture information from your computer and transmit it to
others without your knowledge or agreement. Most of these are relatively
harmless cookies used to monitor advertising hits, but the same technology can
be hiding code that captures keystrokes and harvests other critical information
Without the use of some tool it is very difficult for
Windows users and administrators to detect these programs and know what they
may be doing.
You can only obtain AntiSpyware, which is about 6 MB in
size, as a download from a
Microsoft site. The beta version won’t be made available on CD-ROM. Installation
went smoothly, although while trying to view some options it did lock up, and I
had to kill it via Task Manager. The program started right up again when I
I ran both utilities on an older 2-GHz. P4 Dell with 512MB
and running XP SP2. Both took about 12 minutes to complete a deep file scan but
the results were significantly different.
AntiSpyware reported scanning 2398 memory processes, 18,973
files, and 8693 registry keys, finding no problems. I had just purged the
system an hour earlier with Ad-Aware. There are few details provided about just
how the software works so I don’t know why a later automatic scan reported
checking 33970 files.
Immediately after running the Microsoft program Ad-Aware scanned
2564 process modules, and 157,212 “objects”, the term Ad-Aware uses that approximates
files. The important difference was that the Lavasoft utility found five data
mining objects, including one from trafficmp.com and another from
doubleclick.net. It’s a rare system that doesn’t have some doubleclick data
mining objects, but AntiSpyware apparently isn’t intended to detect them.
AntiSpyware is more than just a spyware scanner; it also
provides some management tools and provides real-time protection by watching
for more than 50 ways spyware can insinuate its way onto your system. I’ve seen
reports that this works pretty well, although it failed to block or notify me
of six new tracking cookies installed on my system in a half hour online.
Ad-Aware found them on a “smart” system scan while AntiSpyware failed to do so
even on a deeper scan.
One AntiSpyware tool, Security Agents, monitors program and
Internet activity as well as system changes.
System Explorers, another tool, provides a simple method to
manage ActiveX, running processes, startup programs, IE settings, and other
features that can be fine-tuned to make your system work the way you want it
The Running Processes tool is especially useful because it
makes it easy to learn just what the processes do in considerable detail—far
more than you get with Task Manager—although you still need TM to see what CPU
time is being allocated to each process. One shortcoming is that additional
information beyond some fairly basic data such as file path and version isn’t
available yet for many processes, but bear in mind that this is a beta program.
AntiSpyware runs on:
- Windows 2000
- 2000 Advanced Server
- 2000 Professional
- 2000 Server and 2000 SP2, 2000 SP3, 2000 SP4
- Server 2003
- XP, XP Home
Edition, XP Media Center, XP Pro, XP SP1 and SP2, and XP
Tablet PC Edition
For a beta, this new Microsoft offering seems to work well,
although you need to be aware that it certainly doesn’t detect some ad-tracking
The constant monitoring and protection are the most
important options but are difficult features to evaluate over the short term. I
really can’t say how effective they may be. The code missed by the utility on
my system was quite benign, although I didn’t want it and wish AntiSpyware had reported
The additional system management tools add some much-needed
features that Windows was sadly lacking. It’s hard to believe that it took this
long for Microsoft to provide an easy and obvious way to stop unwanted programs
from loading at startup. Even a novice could manage them using AntiSpyware.
With some improvements AntiSpyware could become quite useful;
already it looks as if it may provide significant protection against new
spyware. Improvements are certain to come because part of the program is the
option to allow it to share information with other computers and build new
spyware definitions on the fly. I recommend you check it out and see if it
should be added to your toolkit. If nothing else, AntiSpyware will be endorsed
by Microsoft which means a lot of administrators will feel more comfortable
installing it. Out of management and security concerns, many large companies
(and especially government agencies) prohibit installation of third-party
freeware such as Lavasoft.
You can also turn to CNET’s Help.com for an online class
on combating spyware.
Also watch for …
the free Google e-mail service that has lots of nice features, apparently
had a hole which let attackers who wrote a particular Perl script access
portions of other users’ messages. The vulnerability has been patched. Remember
that Gmail is still in beta—I’ve used it for a couple months and really
like it but for now you need to know someone to get an account.
- For those who were concerned about the FBI’s use of Carnivore
to snoop on their e-mail messages, I want to mention that the agency has
apparently dropped its use in favor of more powerful commercial products.
The bad or good news, depending on your viewpoint, is that Carnivore probably
isn’t needed now that the Feds can go to an ISP and, reminding them of
9-11, can just ask for e-mail records.
- Securiteam.com reports
several serious vulnerabilities in the Netgear FVS318 small office router/firewall.
- Oracle users should check out the possible impact of 23
vulnerabilities listed this week by Secunia.
- Federal Computer Week reports
that the Homeland Security Department is going to build a baseline
security database by surveying 36,000 businesses this spring.
- I’ve warned about Tsunami e-mail scams and one alleged
perpetrator has just
been arrested by the FBI. Even better news is that out of 800K scam e-mails
sent, Matthew Schmieder of Pittsburgh only
collected $150 in the PayPal account he set up. As the penalties for being
a spammer become more severe, it will require a bigger payoff to make the
crime worthwhile. Perhaps we will see a drop in spam as more arrests are
made and spammers generate less and less income. Perhaps Mr. Schmieder
would have hesitated if he were more security savvy and knew that
Pittsburgh’s FBI office is the home base of a special effort to