The anti-spyware software recently announced by Microsoft is
now mature enough to evaluate so I downloaded a copy and ran it head-to-head
with a free utility: Lavasoft’s Ad-Aware SE (Personal Edition). There is no
word yet on whether Microsoft plans to charge for the product once it is out of

Although Microsoft’s AntiSpyware isn’t intended to do
exactly the same thing as Ad-Aware, the goals are similar—to locate and quarantine
software that can capture information from your computer and transmit it to
others without your knowledge or agreement. Most of these are relatively
harmless cookies used to monitor advertising hits, but the same technology can
be hiding code that captures keystrokes and harvests other critical information
from systems.

Without the use of some tool it is very difficult for
Windows users and administrators to detect these programs and know what they
may be doing.

You can only obtain AntiSpyware, which is about 6 MB in
size, as a download from a
Microsoft site
. The beta version won’t be made available on CD-ROM. Installation
went smoothly, although while trying to view some options it did lock up, and I
had to kill it via Task Manager. The program started right up again when I
tried it.

I ran both utilities on an older 2-GHz. P4 Dell with 512MB
and running XP SP2. Both took about 12 minutes to complete a deep file scan but
the results were significantly different.

AntiSpyware reported scanning 2398 memory processes, 18,973
files, and 8693 registry keys, finding no problems. I had just purged the
system an hour earlier with Ad-Aware. There are few details provided about just
how the software works so I don’t know why a later automatic scan reported
checking 33970 files.

Immediately after running the Microsoft program Ad-Aware scanned
2564 process modules, and 157,212 “objects”, the term Ad-Aware uses that approximates
files. The important difference was that the Lavasoft utility found five data
mining objects, including one from and another from It’s a rare system that doesn’t have some doubleclick data
mining objects, but AntiSpyware apparently isn’t intended to detect them.

AntiSpyware is more than just a spyware scanner; it also
provides some management tools and provides real-time protection by watching
for more than 50 ways spyware can insinuate its way onto your system. I’ve seen
reports that this works pretty well, although it failed to block or notify me
of six new tracking cookies installed on my system in a half hour online.
Ad-Aware found them on a “smart” system scan while AntiSpyware failed to do so
even on a deeper scan.

One AntiSpyware tool, Security Agents, monitors program and
Internet activity as well as system changes.

System Explorers, another tool, provides a simple method to
manage ActiveX, running processes, startup programs, IE settings, and other
features that can be fine-tuned to make your system work the way you want it

The Running Processes tool is especially useful because it
makes it easy to learn just what the processes do in considerable detail—far
more than you get with Task Manager—although you still need TM to see what CPU
time is being allocated to each process. One shortcoming is that additional
information beyond some fairly basic data such as file path and version isn’t
available yet for many processes, but bear in mind that this is a beta program.


AntiSpyware runs on:

  • Windows 2000
  • 2000 Advanced Server
  • 2000 Professional
  • 2000 Server and 2000 SP2, 2000 SP3, 2000 SP4
  • Server 2003
  • XP, XP Home
    Edition, XP Media Center, XP Pro, XP SP1 and SP2, and XP
    Tablet PC Edition

Final word

For a beta, this new Microsoft offering seems to work well,
although you need to be aware that it certainly doesn’t detect some ad-tracking

The constant monitoring and protection are the most
important options but are difficult features to evaluate over the short term. I
really can’t say how effective they may be. The code missed by the utility on
my system was quite benign, although I didn’t want it and wish AntiSpyware had reported

The additional system management tools add some much-needed
features that Windows was sadly lacking. It’s hard to believe that it took this
long for Microsoft to provide an easy and obvious way to stop unwanted programs
from loading at startup. Even a novice could manage them using AntiSpyware.

With some improvements AntiSpyware could become quite useful;
already it looks as if it may provide significant protection against new
spyware. Improvements are certain to come because part of the program is the
option to allow it to share information with other computers and build new
spyware definitions on the fly. I recommend you check it out and see if it
should be added to your toolkit. If nothing else, AntiSpyware will be endorsed
by Microsoft which means a lot of administrators will feel more comfortable
installing it. Out of management and security concerns, many large companies
(and especially government agencies) prohibit installation of third-party
freeware such as Lavasoft.

You can also turn to CNET’s for an online class
on combating spyware.

Also watch for …

  • Gmail,
    the free Google e-mail service that has lots of nice features, apparently
    had a hole which let attackers who wrote a particular Perl script access
    portions of other users’ messages. The vulnerability has been patched. Remember
    that Gmail is still in beta—I’ve used it for a couple months and really
    like it but for now you need to know someone to get an account.
  • For those who were concerned about the FBI’s use of Carnivore
    to snoop on their e-mail messages, I want to mention that the agency has
    apparently dropped its use in favor of more powerful commercial products.
    The bad or good news, depending on your viewpoint, is that Carnivore probably
    isn’t needed now that the Feds can go to an ISP and, reminding them of
    9-11, can just ask for e-mail records.
  • reports
    several serious vulnerabilities in the Netgear FVS318 small office router/firewall.
  • Oracle users should check out the possible impact of 23
    vulnerabilities listed this week by Secunia.
  • Federal Computer Week reports
    that the Homeland Security Department is going to build a baseline
    security database by surveying 36,000 businesses this spring.
  • I’ve warned about Tsunami e-mail scams and one alleged
    perpetrator has just
    been arrested by the FBI
    . Even better news is that out of 800K scam e-mails
    sent, Matthew Schmieder of Pittsburgh only
    collected $150 in the PayPal account he set up. As the penalties for being
    a spammer become more severe, it will require a bigger payoff to make the
    crime worthwhile. Perhaps we will see a drop in spam as more arrests are
    made and spammers generate less and less income. Perhaps Mr. Schmieder
    would have hesitated if he were more security savvy and knew that
    Pittsburgh’s FBI office is the home base of a special effort to
    combat spammers.