So, Microsoft's got its own spyware, now.

http://www.microsoft.com/spyware/

It's free. It's in "beta". It's supposed to be released with IE 7 this summer.

Running it now on the home computer. Will compare it to Ad-Aware SE.

Speed seems about the same.

Microsoft's spyware found --
TightVNC and RealVNC. No threat.

Ad-Aware didn't. Hm. I should check the settings.

we have been using the beta here at work for over a month now. has to be one of the best spyware removal tools ever. plus bill gates just announced that it's going to stay free.

Hmm. Will they charge for the enterprise version? I don't see a deployable MSI...

Hmm. Will they charge for the enterprise version? I don't see a deployable MSI...


Microsoft on Tuesday confirmed plans to roll out anti-virus and anti-spyware products for enterprise customers, but details on pricing and release dates remain tightly under wraps.

He also announced that a consumer version of Microsoft's anti-spyware software will be free for genuine Windows users.

That's pretty cool! I wonder if microsoft is trying to turn over a new leaf.

I was wondering, but it use to be GIANT spyware before. Why hasn't anyone heard of them when they were GIANT?

they took the site down?

A review: 91% overall. I guess that's okay.

http://antivirus.about.com/od/antivirussoftwarereviews/a/msantispy.htm

Jan 7 2005

A public beta of Microsoft AntiSpyware was released on January 6, 2005. Beta software is software that has not been thoroughly tested and may exhibit unexpected behavior ranging from benign inconsistencies (i.e. misspelling in dialog boxes, inability to use certain features, etc.) to serious incompatibilities (i.e. inability to access the Internet, system crashes, etc). Beta software should never be installed on production systems. Participation in the public beta is at your own risk. Tech support is not available. Those who wish to test the public beta for themselves may download a copy at http://www.microsoft.com/spyware.
Microsoft AntiSpyware (beta1) was tested against a representative set of commonly labeled adware/spyware, including 180 Solutions, Avenue Media, BargainBuddy, BonziBuddy, Claria, CoolWebSearch, Cydoor, Dashbar, Exact Searchbar, Hotbar, Huntbar (WinTools), Internet Optimizer, IST.SlotchBar, NEO, Troj_StartPage, WebSearch, WhenUSearch, WinTools, Xrenoder, and Zango Search Assistant.

While programs in the above list may commonly be tagged as adware/spyware, not all are installed surreptitiously.

For the purposes of this review, spyware is considered any application installed surreptitiously and without the user’s express approval, whereas adware is considered advertising-supported software the user deliberately or knowingly installed.
Superb detection
Microsoft AntiSpyware (beta1) achieved an overall score of 91% effectiveness in removing the active components of the adware/spyware used in the tests, tackling:

96% of processes running in memory
67% of start/search page modifications
100% of BHO/Toolbars
95% of startup vectors
100% of other (buttons/menu items, etc)
Unfortunately, leaving even one startup vector or running process behind can result in the spyware infection reinitiating itself. Though Microsoft AntiSpyware provides realtime registry monitoring – preventing recognizable spyware from reinstalling itself – unrecognizable spyware, like new viruses, remain undetected until signatures are created.

During the tests, we encountered a few downloader components that were not detectable by Microsoft AntiSpyware (or by other anti-spyware apps we tested). After ‘cleaning’ our system with these products, the downloaders would surreptitiously do as their name suggests – they would download other components to our system and attempt to reinfect it with spyware.

For comparison purposes, the free versions of Ad-Aware and Spybot achieved only 65% and 55% detection respectively in the same tests.

False positives
Microsoft AntiSpyware left several benign registry keys behind; other anti-spyware packages registered false positives – identification of non-existent threats – when scanning after the system had been cleaned with Microsoft AntiSpyware.

Other beta testers report that Microsoft AntiSpyware triggers false alarms with non-spyare/adware components, ranging from remote management tools to Internet Explorer restricted zone settings.

Vendors who find their products flagged by Microsoft AntiSpyware may wish to view the Microsoft criteria for spyware designation and file a report at the Vendor dispute page should the designation prove to be erroneous. Note that this site has experienced some outages, likely a result of heavy traffic. If unable to access the URL provided, try again at a later time.

Glitches, bugs, and crashes
Problems have been reported with the scheduling feature, history cleaning, and back button. Still others claim system crashes, an inability to access the Internet, and problems with Outlook Express after installing the beta. While our tests did not result in any system anomalies, we did encounter some program bugs that we felt could lead to infection.

For example, when prompted to allow or disallow a change to the system, “Remember this action” is the default setting. A user who makes the wrong decision will not be prompted again should the action reoccur. Additionally, alerts that do occur disappear rather quickly; oftentimes there is not enough time to read and respond appropriately. It would be preferable if the alert waited for confirmation from the user prior to closing.

Overall impression
It’s important to remember that these tests involved beta product. It can be expected that many, if not most or all, of the reported bugs will be fixed prior to its being released as commercial product. The unsurpassed detection rates provided by Microsoft AntiSpyware are coupled with an interface that is exceptionally easy to use and understand. This is a product that will benefit both novice and expert, and provide a significant improvement over existing anti-spyware solutions.

Requires Win 2K or XP.

Guess it may finally be time to upgrade from Win98.

Requires Win 2K or XP.

Guess it may finally be time to upgrade from Win98.
2k 2k 2k 2k

they've been buying up anti-virus firms and such before this 'beta' rollout. looks like they haven't learned anything from the ie debacle. and looks like nobody gives a damn. =(

oh, i remember that bill gates, under oath during the monopoly trials, said that it's impossible to create a version of windows without internet explorer. he also said it's impossible to remove windows media player. right now in europe, they're going to sell "windows xp reduced media edition"...with windows media player removed. so bill lied? is he lying about internet explorer also?

actually, i'll stand by this spyware and say that it's caught things that even through mutiple scans with spybot, adware, and trendmicro.com wasn't able to catch. especially, on my brother's computer which was infested with viruses, the microsoft program catch 8 instances of adware and one trojan that all of the aforementioned programs missed.

Giant's antispyware program is very good and I would recommend it as part of a stable including Spybot and AdAware. Spybot's been attacked and it's been getting worse in terms of catching things since spyware writers are targetting it specifically. AdAware has another problem where it no longer considers WhenU as spyware because of (not sure) legal threats or payola. The biggest problem I find with MS AntiSpyware is that as the official antispyware program, will be targetted very much like Spybot is, and will eventually be rendered useless.

I think it's a good step in the right direction, as long as Microsoft aggressively deals with the other entrypoint in terms of security holes. People's stupidity/ignorance/gullibility isn't as bad as that.

I was wondering, but it use to be GIANT spyware before. Why hasn't anyone heard of them when they were GIANT?
Take a look at the Windows Task Manager processes list, and what do you see running but GiantAntiSpywareMain.exe (http://www.liutilities.com/products/wintaskspro/processlibrary/giantantispywaremain/).

I had a client today with a major spyware problem. I pit MS against Spybot and AdAware. Spybot managed to tag a bunch MS couldn't -- including new CoolWebSearch variants, and WildTangent, although I am pretty sure MS didn't tag WT since Spybot has a more militant definition of spyware.

Spybot also has a nice immunization list, which is really an IE restricted zone blacklist of known sites, as well as a BHO that blocks ActiveX. MS's product will prevent unknown BHOs from even installing, so it is a slightly more general protection that I think works for most users better.

MS's product, as an active protection, works smoother than Spybot's SDHelper, along the same level of complexity as ZoneAlarm's alerts. I disabled most of the alerts for my client since she is a novice, and just let it kill stuff silently.

I like it a lot. The integrated reporting, in conjunction with the number of users I believe will use it, will help accelerate the anti-spyware efforts in a technical manner, and should offset the liability it incurs for being a juicy target.

For now, MS's product is good for a cleaned system. You will still need a bunch of other tools to do cleaning. It was unable to deal with a hijacker, and to make things worse, it believed it cleaned it, only to have it reinstall and alert over and over, while not preventing IE from being hijacked. To be fair, Spybot and AdAware couldn't deal with it either, except they don't have an alert coming up every 5 seconds.

ZoneAlarm=most annoying alert system

I had a client today with a major spyware problem. I pit MS against Spybot and AdAware. Spybot managed to tag a bunch MS couldn't -- including new CoolWebSearch variants, and WildTangent, although I am pretty sure MS didn't tag WT since Spybot has a more militant definition of spyware.

Spybot also has a nice immunization list, which is really an IE restricted zone blacklist of known sites, as well as a BHO that blocks ActiveX. MS's product will prevent unknown BHOs from even installing, so it is a slightly more general protection that I think works for most users better.

MS's product, as an active protection, works smoother than Spybot's SDHelper, along the same level of complexity as ZoneAlarm's alerts. I disabled most of the alerts for my client since she is a novice, and just let it kill stuff silently.

I like it a lot. The integrated reporting, in conjunction with the number of users I believe will use it, will help accelerate the anti-spyware efforts in a technical manner, and should offset the liability it incurs for being a juicy target.

For now, MS's product is good for a cleaned system. You will still need a bunch of other tools to do cleaning. It was unable to deal with a hijacker, and to make things worse, it believed it cleaned it, only to have it reinstall and alert over and over, while not preventing IE from being hijacked. To be fair, Spybot and AdAware couldn't deal with it either, except they don't have an alert coming up every 5 seconds.
Hm, that's interesting to read about CWS, since I think MS was touting this ability to get rid of it.

What order did you run the spyware check?

I ran MS (since it's active in the background), Spybot, then AdAware. Order shouldn't matter since once they detected stuff I let the program wait rather than fixing/deleting/quarantining/whatevering. This is a single computer so don't use my results in any scientific manner. I wanted to talk more about the different approaches and what their individual strengths are.

If I had more time I'd create a VMware session and let every spyware bog it down, clone the image 3 times, and run each product independently. I know the results though -- you need to run all of them, plus all the little utilities not mentioned, as well as some manual cleaning.

ZoneAlarm=most annoying alert systemIt's more managable once you set it up and turn the alert levels down, but on laptop/mobile systems it's hell every time you connect to a new network. I recommend Agnitum Outpost for mobile users. Home users should just get a firewalling router and save themselves the trouble.