Microsoft gets serious about security with beta of anti-spyware software

In this week's Locksmith column, TechRepublic's John McCormick tries out Microsoft's AntiSpyware beta. He takes a look at its features and compares its spyware-scanning ability with Ad-Aware.

The anti-spyware software recently announced by Microsoft is now mature enough to evaluate so I downloaded a copy and ran it head-to-head with a free utility: Lavasoft's Ad-Aware SE (Personal Edition). There is no word yet on whether Microsoft plans to charge for the product once it is out of beta.

Although Microsoft's AntiSpyware isn't intended to do exactly the same thing as Ad-Aware, the goals are similar?to locate and quarantine software that can capture information from your computer and transmit it to others without your knowledge or agreement. Most of these are relatively harmless cookies used to monitor advertising hits, but the same technology can be hiding code that captures keystrokes and harvests other critical information from systems.

Without the use of some tool it is very difficult for Windows users and administrators to detect these programs and know what they may be doing.

You can only obtain AntiSpyware, which is about 6 MB in size, as a download from a Microsoft site. The beta version won't be made available on CD-ROM. Installation went smoothly, although while trying to view some options it did lock up, and I had to kill it via Task Manager. The program started right up again when I tried it.

I ran both utilities on an older 2-GHz. P4 Dell with 512MB and running XP SP2. Both took about 12 minutes to complete a deep file scan but the results were significantly different.

AntiSpyware reported scanning 2398 memory processes, 18,973 files, and 8693 registry keys, finding no problems. I had just purged the system an hour earlier with Ad-Aware. There are few details provided about just how the software works so I don?t know why a later automatic scan reported checking 33970 files.

Immediately after running the Microsoft program Ad-Aware scanned 2564 process modules, and 157,212 "objects", the term Ad-Aware uses that approximates files. The important difference was that the Lavasoft utility found five data mining objects, including one from trafficmp.com and another from doubleclick.net. It?s a rare system that doesn?t have some doubleclick data mining objects, but AntiSpyware apparently isn?t intended to detect them.

AntiSpyware is more than just a spyware scanner; it also provides some management tools and provides real-time protection by watching for more than 50 ways spyware can insinuate its way onto your system. I?ve seen reports that this works pretty well, although it failed to block or notify me of six new tracking cookies installed on my system in a half hour online. Ad-Aware found them on a "smart" system scan while AntiSpyware failed to do so even on a deeper scan.

One AntiSpyware tool, Security Agents, monitors program and Internet activity as well as system changes.

System Explorers, another tool, provides a simple method to manage ActiveX, running processes, startup programs, IE settings, and other features that can be fine-tuned to make your system work the way you want it to.

The Running Processes tool is especially useful because it makes it easy to learn just what the processes do in considerable detail?far more than you get with Task Manager?although you still need TM to see what CPU time is being allocated to each process. One shortcoming is that additional information beyond some fairly basic data such as file path and version isn?t available yet for many processes, but bear in mind that this is a beta program.

Applicability

AntiSpyware runs on:

Windows 2000
2000 Advanced Server
2000 Professional Edition
2000 Server and 2000 SP2, 2000 SP3, 2000 SP4
Server 2003
XP, XP Home Edition, XP Media Center, XP Pro, XP SP1 and SP2, and XP Tablet PC Edition

Final word

For a beta, this new Microsoft offering seems to work well, although you need to be aware that it certainly doesn't detect some ad-tracking utilities.

The constant monitoring and protection are the most important options but are difficult features to evaluate over the short term. I really can't say how effective they may be. The code missed by the utility on my system was quite benign, although I didn't want it and wish AntiSpyware had reported it.

The additional system management tools add some much-needed features that Windows was sadly lacking. It's hard to believe that it took this long for Microsoft to provide an easy and obvious way to stop unwanted programs from loading at startup. Even a novice could manage them using AntiSpyware.

With some improvements AntiSpyware could become quite useful; already it looks as if it may provide significant protection against new spyware. Improvements are certain to come because part of the program is the option to allow it to share information with other computers and build new spyware definitions on the fly. I recommend you check it out and see if it should be added to your toolkit. If nothing else, AntiSpyware will be endorsed by Microsoft which means a lot of administrators will feel more comfortable installing it. Out of management and security concerns, many large companies (and especially government agencies) prohibit installation of third-party freeware such as Lavasoft.

You can also turn to CNET?s Help.com for an online class on combating spyware.