SolutionBase: Stop spyware with Microsoft's AntiSpyware Beta

Spyware is an ever increasing problem for IT professionals. Microsoft has weighed in with its solution to the problem: the Microsoft AntiSpyware Beta. This article shows that even the beta might be worth a look.

Stop Spyware with Microsoft's AntiSpyware Beta

Poll just about any IT professional and ask them what their biggest headache is, and the answer will be the same: spyware. Viruses and hackers can do damage, but spyware is much more widespread, and even thought it's not deadly, it can slow down users and be annoying. Many companies have tried to solve this problem, and now Microsoft has put its foot down too. Here's a look at Microsoft AntiSpyware and how it can help reduce the threat of spyware in your organization.

A beta? Who cares?!

We don't often talk about Beta software as being used in a production environment. Microsoft has worked pretty hard in making AntiSpyware solid, and it has some compelling features that make it worth a look even as a beta.

First, you can configure Microsoft AntiSpyware to automatically update itself. Other popular anti-spyware applications like Spybot and AdAware require you to manually update them before they run. This is important because much like anti-virus software, if your anti-spyware signatures are out of date, your software is useless.

Second, Microsoft AntiSpyware will scan for spyware activity on a real-time basis. Most anti-spyware software requires you start them and run them to find spyware. If you don't scan often enough, your computer can become infected and cause damage until you remove it. Microsoft AntiSpyware takes a page from virus scanners and runs in the background, looking for spyware activity. When it detects something fishy, it will display a warning box in the lower left hand corner of your screen.

Microsoft AntiSpyware runs on Windows 2000 Professional computers or later, including Windows XP and Windows Server 2003. If you're still running Windows 9x, you're out of luck.

Obtaining Microsoft AntiSpyware

You can obtain Microsoft AntiSpyware by downloading it directly from Microsoft's Web site. Microsoft AntiSpyware is offered as part of the Genuine Windows program, which means that before you can download it, you must first validate that your copy of Windows XP in genuine. You do that by clicking the Continue button next to the Validation Required title on the Web page.

You then must download a run an ActiveX Control from Microsoft that checks to make sure you have a legitimate copy of Windows before allowing you to download the program. Once your copy has been validated, you can download Microsoft AntiSpyware freely. It's only 6.5Mb, so it won't take too long to download.

Author's Note

Microsoft created the Genuine Windows Program in an effort to encourage people not to pirate Windows. By offering Microsoft AntiSpyware for free, as well as other programs and updates, Microsoft hopes to bypass the sharing of Windows XP and security keys over the Internet. Windows Product Activation (WPA) was supposed to stop Windows piracy, but it hasn't completely.

Installing and configuring Microsoft AntiSpyware

To install Microsoft AntiSpyware, run AntiSpywareInstall.exe. This will begin the installation Wizard. This wizard runs like just about every other Windows installation you've ever done. You can just accept all of the defaults. At the end of the Wizard select Launch Microsoft AntiSpyware.

When Microsoft AntiSpyware starts, you'll see the Microsoft AntiSpyware Setup Assistant appear as shown in Figure A. Here you'll configure Microsoft AntiSpyware before you can use it.

Figure A

Before you can use Microsoft AntiSpyware, you must configure it.

Start by downloading the available updates. Remember, unless you keep Microsoft AntiSpyware updated, it won't be effective. It may actually be worse than running no anti-spyware software at all, because outdated software lulls you into a false sense of security. To that end, as part of downloading updates during this step, you should make sure you enable the AutoUpdater.

Next as you can see in Figure B, you can enable Microsoft AntiSpyware's Real-Time Security Agent protection. This will protect your computer as it runs, but be aware that it can also impact system performance. If you have a workstation with low resources, you may not want to enable real-time security. Select Yes and click Next.

Figure B

You can configure Microsoft AntiSpyware to scan constantly for spyware activity.

You're then asked if you want to join the SpyNet Community. This is supposed to inform other computers in the network when spyware has been encountered. Microsoft encourages you to do so, but it's purely optional.

The last step of the configuration is to run a scan. Click Run Quick Scan Now. You'll want to do this to remove any spyware that's already on your system.

Running Microsoft AntiSpyware

As you can see in Figure C, Microsoft AntiSpyware runs very similarly to an anti-virus program, scanning memory first, then programs on your hard drive and the system registry.

Figure C

Microsoft AntiSpyware operates much like anti-virus software.

When the scan completes, you'll see a scan similar to the one in Figure D. This will show you how many pieces of spyware the program as found and how long it took to find it. When you close this screen you can then treat the spyware that's been found.

Figure D

Microsoft AntiSpyware displays results.

For each piece of spyware found, you have four choices:

  1. Ignore: Ignore the scan results for this scan and take no action.
  2. Quarantine: Move the spyware to a safe place but don't' delete it.
  3. Remove: Remove the spyware from your system.
  4. Always Ignore: Ignore the scan results and don't report this item as spyware in the future.

Select the choice from the dropdown list box and click Continue. If you use System Restore, you can create a Restore Point by selecting the Create Restore Point checkbox. Doing so may help you recover in case you accidentally remove something important. After Microsoft AntiSpyware finishes, your system should be spyware-free.