1. Introduction
Microsoft Antispyware - Page 1
- Introduction
Whether
we like it or not, the Internet has become an everyday necessity for most
users. Since virtually no operating system is 100% fullproof, the dangers and
risks are a worry
for users,
everyday.
Till now, Microsoft, even with its latest Service Pack 2 release for Windows
XP, hadn't offered any protection against trojans, dialers and all that
nasty stuff
that
makes
our daily surfing a nightmare. Some days ago however, Microsoft announced
new Antispyware software that plans to, or we can say, will, eliminate most
of the internet risks. In this review, we will try to demonstrate the software's
main features and test how well it performs compared against other,
well known spyware software..
- What is spyware?
Microsoft gives a complete answer: "...Spyware is a general term used for software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent. You might have spyware or other unwanted software on your computer if:
• You see pop-up advertisements even when you're not on the Web.
• The page your Web browser first opens to (your home page) or your browser search settings have changed without your knowledge.
• You notice a new toolbar in your browser that you didn't want, and find it difficult to get rid of.
• Your computer takes longer than usual to complete certain tasks.
• You experience a sudden rise in computer crashes.
Spyware
is often associated with software that displays advertisements (called adware),
or software that tracks personal or sensitive information. That does not mean
all software which provides ads or tracks your online activities is bad. For
example, you might sign up for a free music service, although you "pay
the price" for the service by agreeing to receive targeted ads. If you understand
the terms
and agree to them, you may have decided that it is a fair tradeoff. You might
also agree to let the company track your online activities to determine which
ads to show you.
Other kinds of unwanted software will make changes to your computer that can
be annoying and can cause your computer to slow down or even crash. These programs
have the ability to change your Web browser's home page or search page, or
add additional components to your browser you don't need or want. These programs
also make it very difficult for you to change your settings back to the way
you originally had them. These types of unwanted programs are also often classified
as spyware.
The point in all cases, is whether or not you (or someone who uses your
computer) understand what the software will do and have agreed to install the
software
on your computer.
There are a number of ways spyware or other unwanted software can get on your
system. A common trick is to covertly install the software during the installation
of other software you want such as a music or video file sharing program. Whenever
you are installing something on your computer, make sure you carefully read
all disclosures, including the license agreement and privacy statement. Sometimes,
the inclusion of unwanted software in a given software installation is documented,
but it may appear at the end of a license agreement or privacy statement..."
I think that even if you had never heard of the term "Spyware",
you have figured out by now, that it is something unwanted on your machine...
The current
beta from Microsoft
is free to download, hence the word beta, but when the final version comes,
it is expected that there will be some kind of subscription to keep up with
the latest updates and use the advanced features.
2. Installation
Microsoft Antispyware - Page 2
- Installation
Microsoft didn't develop the Antispyware software in-house, but rather followed
its age old tactic, "...what you cannot build, buy...", and bought
the software called "GIANT
AntiSpyware". After our download finished (6.6mb), the installation
process started:
We read carefully the license agreement, didn't find anything strange...
The installation finished, and we are now ready to launch the application...
3. Installation - Page 2
Microsoft Antispyware - Page 3
The software splash screen loaded:
and immediatly, a setup assistant will help you configure the software. Aas
we can see in the following screenshot, there are four steps involved:
Step 1: AutoUpdater
Step 2: Real-time Protection
Step 3: SpyNet - The Anti-Spyware Community
Step 4: Scan Your PC Now!
4. Real-time Protection
Microsoft Antispyware - Page 4
We decided not to run a full scan at this time, and we eventually
got the software's main screen. As you can see, the software is split into
different work areas. There are the usual Menu Bar with File, Options, Tools
and Help. Then there is the Scan, Real
Time protection and Advanced Tools, and the main area where we can see info
about our system's status, update the spyware definitions, etc...
Zooming in on the System Summary, we can see that when the mouse hovers over
each action, we get additional options, information, help:
Clicking on the "About" option, brings up some pertinent
information about the Microsoft AntiSpyware Beta1 release. As you will notice,
the software has
an exparation date around June of 2005, probably by that time, newer builds
will have been released or else you might have to fork out some money to update
your subscription...
5. Updates
Microsoft Antispyware - Page 5
Lets try updating our antispyware definitions. Our firewall prompts us whether
to allow or deny access to a specific IP/port:
In order for the software to communicate with the Microsoft servers (is that
really a good idea?), you have to allow it:
- TCP 216.32.240.26 port 80
- UDP 127.0.0.1 port 4764
- TCP 216.32.240.24 port 80
- TCP 131.107.103.243 port 80
After allowing access, the auto-updater installed the latest set of definitions:
After several days, we tried to download again a new set of trojan definitions.
This time, the above screen was somewhat different:
6. Scan Process
Microsoft Antispyware - Page 6
After updating the definitions, it was about time to use the software and
scan our system to see if anything suspicious would be detected. We had already
checked our system with Adware 1.05SE with the latest set of definitions installed,
something
came up:
Hmm, the installed Flashget was recognized as Spyware, however after the total
scan finished, we had two more possible threats installed on our system along
with hundreds of infected registry keys:
The next screen gave us details about the possible threats, detailed info,
threat level and possible actions:
You can Remove, Ignore, Quarantine, each specific threat. Rather interesting
that edonkey2000 is considered as Adware...
After deciding to leave our system intact, without cleaning up, another
window popped up asking if we wanted to restore possible Internet Explorer
Hijacks:
After choosing "Skip", we returned to the main screen, where we
could see the results of the last scans, and choose quick/full system scan:
7. Protection
Microsoft Antispyware - Page 7
Lets now see what other levels of protection we have. The real time agent
helps by preventing unwanted ActiveX from being installed and causing problems
on our PC.
You can adjust the protection level that Internet Agent will protect from
with an easy, guided screen:
The Advanced tools contains several other tools: System explorer, Browser
Hijack restore and Tracks eraser:
Lastly, under the settings option, we can change various, important software
options:
8. Tests
Microsoft Antispyware - Page 8
- Tests
At the same system, running WinXP SP2, Kaspersky AntiVirus Personal, we use
each software's "Smart" or "Quick" scan method to see
what kind of protection each software can give us. The results are rather
surprising, since the freeware Ad-Aware software, didn't report any serious
threat, only
some negligble objects
The ScanSpyware software reported 205 possible infections, including Flashget, Cydoor, Grokster:
while with Spybot Seek & Destroy v1.30:
Microsoft's Antispyware reported three major threats and various registry
keys that need to be removed
We also tried the full scan option with Microsoft Antispyware, the total scan time was a little higher, however the same spyware threats were found
Now it was time to remove the spyware software. According to Microsoft
Spyware
As it seems that all trojans were removed, we are now safe...Or
are we?
After removing all spyware entries, we used another software
program to re-scan our PC. ScanSpyware software found more entries
So did Spybot Seek and Destroy.
After we removed the newly detected above entries, we tried to re-install
FlashGet. A popup screen came up, from the Real-Time protection agent, warning
us about
the adware that Flashget includes:
9. Conslusion
Microsoft Antispyware - Page 9
- Conslusion
Without
a doubt, Microsoft has a winning product here, even if its not 100% built-in
house. It offers many options, features and of course, performance. Microsoft's
Antispyware
comes to fill a gap which Microsoft has left blank, everyday trojans/dialers/spyware
software threatens our PC privacy and causes us no end of worry. We would
expect from Microsoft, to have the software pre-install with upcoming Service
pack
releases
since
newbies may not care much or understand the meaning of installing antispyware
software.
The performance was very good, comparing the test results against well known
adware scanners (Ad-Aware, Spybot Seek & Destroy, ScanSpyware). The real-time
agent offers additional protection and of course, Microsoft's SpyNet online
community is a good addition and possibly will offer much protection in the
near future. Don't forget that the software is still in beta stage. Hopefully
the final versions would offer more protection and other interesting features.
In the meantime, we will continue to keep the software installed on our
PC. Some may think that using Microsoft software to remove trojans is somewhat
ironic,
but only time will tell :-)