Review of Microsoft's Anti-Spyware Tools 385
happyslayer writes "Matthew Fordahl has written a review of Microsoft's anti-spyware tool and has declared it, in a word, 'ineffective.' Though the methodology isn't carried out completely (he uses another anti-virus program after trying MS's tool, but doesn't do the same with the anti-spyware tool), it's a fairly good anecdote on the MS product's usefulness."
Call me crazy (Score:5, Informative)
Re:Call me crazy (Score:4, Insightful)
This kevlar armor is ineffective. I mean I tried it out and the knife went right through it.
The MS thing is mostly to get rid of the most annoying worms at this point.
Concurs... (Score:4, Informative)
Furthermore, some of the most effective anti-spyware tools I have used have broken windows before. It is in Microsofts best interest to be carefull in their approach to this. If they break legitamite programs with their tool, they a looking at lawsuits (EULA or no) and they have money to go after.
Please save the bashing until this thing is released officially as non-beta.
Re:Concurs... (Score:2, Funny)
And to why the story was posted , THIS IS SLASHDOT!!!!
No, they will make REAL improvements ... (Score:4, Funny)
After burning tens of thousands of R&D hours, the brains at MS labs will be adding add a dancing, blinking magnifying glass that will pop up with the caption "I see you're trying to get rid of spyware!"
Re:Concurs... (Score:4, Insightful)
Re:Call me crazy (Score:2, Interesting)
Re:Call me crazy (Score:5, Insightful)
Am I the only one reading the comments? Or just the only one noticing that for every Microsoft-basher, there's someone jumping into Bill Gates' corner. Granted, there might be a marginally higher population of [Insert trendy alternate OS here] fanboys than MS ones, but come on. I see /tons/ of Highly-Moderated comments that favor Microsoft on any given issue. Considering the comments are moderated by the slashdot readership, one has to assume that not everyone here is a MS basher, doesn't one?
Bottom Line: Microsoft is not entirely evil, nor entirely good. Intelligent people will not label them as such. Rational, right-thinking people will examine each story/issue/what have you, and make judgements accordingly.
Microsoft-bashers: Shut up
Microsoft-basher-bashers: Shut up
Re:Call me crazy (Score:2, Informative)
Re:Call me crazy (Score:3, Informative)
I'm using MSAS. It works well, And it's one of the best realtime scanners i've seen so far. Although as you can see from the above comparisons, while Giant AS was one of the best performing apps in the tests, it didn't catch every spyware app out there. In fact no other app did.
The only problems I see from MSAS so far is it might not be a free app and an MS lawsuit frenzy from every big name sp
Re:Call me crazy (Score:3, Interesting)
Not only that (Score:3, Insightful)
All the spyware software is flawed in some
Re:Call me crazy (Score:2)
Re:Call me crazy (Score:5, Informative)
And yes, I thought the article painted a pretty clear view on the state of Windows security and I think they need to do more. I think part of Microsoft does not care if people's computers become slow and unusable, because computers are appliances. People buy a new one only after theirs quits working.
Microsoft may own the desktop market share, but they do not own the internet and because of their careless decisions Windows boxes are constantly taken over and used for sending spam and DDoS's.
For instance, they have a firewall on but all the services are still in listening state behind it. Email based worms have been successfully using the SAME TRICK for over 10 years now. This is clearly a problem that is not going to be fixed by antivirus companies. Instead of MS releasing a free secured email client, they mostly ignore the problem creating a cash cow for AV companies whose software is intentionally designed to keep users in the dark.
Re:Call me crazy (Score:3, Interesting)
As for Spyware (which is what I thought the article was about), it's not significantly more difficult to implement on GNU/Linux than Windows -- the main obstacles are the more-experienced users and the lack of actual profit in such an endeavour. The only real te
Found things the others didn't... (Score:3, Informative)
Re:Found things the others didn't... (Score:4, Interesting)
Of course, the program has been criticized for the huge number of false positives that it detects. Did you check to see if the things it found were in fact spyware?
I ran MSAS first, and it found some spyware it was not able to remove. Then running Ad-Aware which identified the spyware correctly, and also removed it. That's proof enough for me that MS AS is not ready.
Re:Found things the others didn't... (Score:4, Interesting)
It's been my experience that with the few tools I've tried, there's always stuff left over. Like someone else said, it may be Microsoft's now, but it was a different brand before. I've never had any real problem with malware on my PC's (home and work), but for my coworkers' and family members' computers, I've never really seen any of the removal tools that were 100% effective.
Re:Found things the others didn't... (Score:5, Insightful)
Fdisk.
Re:Found things the others didn't... (Score:2)
Other than that, it didn't find anything (I don't install anything that has spyware
Re:Found things the others didn't... (Score:2, Funny)
Re:Found things the others didn't... (Score:3, Insightful)
Quite frankly, I was impressed.
Perhaps the author of the review went in with the intent of giving a bad review?
Tracking cookies... (Score:3, Interesting)
That said I am switching to Mac and leaving this spyware crap behind me.
Re:Tracking cookies... (Score:2)
Many people don't realize that spyware is not necessarily inherent to the Windows OS. Dos/Windows itself is secure, as long as you don't run programs that give anything the opportunity to compromise said security. I.E. microsoft software. Want to keep your computer spyware free? Do what I did, uninstall IE and Outlook, and install Firefox, Thunderbird and Ad-Aware. Haven't had any problems since, and my system is still secure, spy/adw
Again? (Score:2, Insightful)
Actual conclusion (Score:5, Interesting)
Overall, I was more impressed with the antispyware program's protective measures and simple interface than with its ability to cleanse existing infections. Still, Microsoft seems to be on the right path to fixing the mess caused by the careless users, malicious programmers, unethical companies and vulnerable software.
Hurrah for Microsoft bashing on slashdot! (Score:3, Funny)
Marklar... (Score:3, Funny)
Those last 4 are all Microsoft too.
Wow. Anecdotal Evidence! (Score:5, Interesting)
Is someone at
I can tell you that I had to clean a machine today that had 56,000 instances of 'Claria' (GAIM aka Gator)
Ad-aware missed them on the first pass...so I used MSAS, and it caught them all. And removed them. Successfully. (whereas Ad-aware would have just quarantined them).
I know I'll get roasted for this obvious 'fanboi' ism, but remember, MSAS is actually still GIANT, who they brought it from. (check your process names while running it...you'll see)
Re:Wow. Anecdotal Evidence! (Score:2, Funny)
Re:Wow. Anecdotal Evidence! (Score:2, Insightful)
Errr and how is quarantining worse than deletion ??
I personally would find quarantining a feature because
You must be.... (Score:2)
Re:Wow. Anecdotal Evidence! (Score:3, Interesting)
I'd call bullshit even if you'd said 5,600 instances.
I've dealt with a lot of fubared systems. I've dealt with systems that were so full of nefarious DLL hooks that using the machine was literally impossible; ads would pop up, IE instances would launch instead of the action the user was trying to perform. I've dealt with systems that barely managed to boot outside of safe mode due to spyware infestation
Well... (Score:2, Funny)
Labels competitors tools as spyware too. (Score:5, Informative)
Re:Labels competitors tools as spyware too. (Score:2, Informative)
Re:Labels competitors tools as spyware too. (Score:4, Informative)
Did you read the article I linked to?
It labels it as Brilliant Digital [pestpatrol.com] - a tracking cookie. MSAS does not state the app has legitimate uses.
Re:Labels competitors tools as spyware too. (Score:3)
Er, isn't this a duplicate? like 2 days ago (Score:2, Insightful)
Re:Er, isn't this a duplicate? like 2 days ago (Score:2)
It works very well in the real world. (Score:2)
WTF? (Score:5, Insightful)
Granted, by itself it may not be the most effective thing in the world, but the same can be said for any antispyware/antivirus software. We need to run at least 3 antispyware programs at work, and at least 2 antivirus programs before we feel confident that a computer is clean enough to return to the customer.
Besides the fact that it's just a beta, it's worked out pretty well for what it is. The interface is easy enough to figure out and use, and it identifies software which comes bundled with adware/spyware. When was the last time Spybot or Ad-Aware flagged Kazaa or Imesh as adware bundlers, while the default action is "ignore," but removal and quarantine are obvious choices? I say enough of these reviews. I'll be "reviewing" it myself by using it for what it can do well. If the final version works as well as this does, or better, it'll stay on my list of removal tools for my customers.
Re:WTF? (Score:2)
And that my friend is the reason that I've begun to recommend Mac's even tho I work for an MS partner. It has now become more cost effective to replace the machine than clean/repair it if it's a Windows box. Sad but true.
Re:WTF? (Score:3, Insightful)
I completely agree with you (although it's not often I reply and can say such about an AC) that the platform is not best for the customer. However, my primary customers are laypersons who know only enough about the comput
M$ is Evil!! (Score:3, Insightful)
Re:M$ is Evil!! (Score:2)
How many reviews of this thing do we need? (Score:3, Insightful)
Better than nothing? (Score:2, Interesting)
If M$ puts this on windows autoupdate as they SHOULD (the browser that brings the crap is free, so the cleanup tool should be equally free), then this will at least put a basic measure of protection in place for the majority of Win users who don't frequent /. for the latest spyware news.
I'm tempted to give kudos to M$ for the effort, but I fe
Re:Better than nothing? (Score:2)
The browser brings absolutely nothing, the users clicking "OK" when they shouldn't (because they just have to look at this cool page on teh interweb) and installing crap that in turn installs more crap ad nauseaum - that's what "brings the crap".
I'm tempted to give kudos to M$ for the effort, but I fear I would get modded Troll for doing so
No, no, your use of "M$" is prolific enough to warrant at least a +1, Sheepbot. Kudos to you.
Ineffective? Are you so sure? (Score:5, Funny)
Users & Spyware (Score:2, Insightful)
Operator Error (Score:4, Interesting)
I tested the programs on a Windows XP computer I borrowed from my wife's cousin. The 3-year-old PC, a Gateway running Windows XP Home Edition, was basically unusable.
Me too, except this was a customer.
Error messages appeared when I tried to open the Task Manager, a Windows utility that shows running programs and processes. It refused to load Windows Update, Microsoft's site for downloading security patches and other fixes.
Those plus the TCP stack was corrupt on this machine...wouldn't renew the DHCP lease. Had to manually rebuild that as well.
To load Microsoft's Malicious Software Removal Tool, I had to get it using another machine, load it on a USB drive and install it manually. (It's usually available through Windows Update.)
Or you could have just put the executable on a CD with SP2's executable and MS Anti-Spyware's executable. But that would make sense for someone in the system recovery business and we can't have that!
The tool looks for a limited number of pests, such as "Sasser" and "MSBlaster," so it didn't find the worm, "Netsky.P," that had infected this PC.
The program was designed to search for a few insanely critical bugs. It COMPLIMENTS your set of tools...not replaces them.
But bizarre behaviors -- including multiple pop ups, unwanted toolbars and generally sluggish behavior -- continued.
That's because you're not in safe mode and you haven't stopped the programs from regenerating.
So I rebooted the PC in safe mode...
Now we're going in the right direction!
After rebooting again, the PC continued to show signs of infection, though it did seem less bogged down. Having spent two days disinfecting the system, I broke down and reformatted the hard drive. I then reinstalled Windows XP and all its patches.
Pfffft. Ineffective computer technician.
I don't have the option to just backup whatever I feel is important on a customer's PC...they're paying me to recover their system, not pick which files have to disappear forever and cause them to lose all their settings and programs.
Once again for clarity: INEFFECTIVE COMPUTER TECHNICIAN.
MS Anti-Spyware has done an EXCELLENT job on every single customer PC. The Malware tools from MS make a quick and easy check during the in-home visit for those REALLY nasty bugs.
Who is this guy, anyway? Oh wait...
MATTHEW FORDAHL, AP Technology Writer
Technology WRITER. Leave the tech stuff up to the tech people and have fun with your little Word.
Re:Operator Error (Score:2)
Which is why it isn't really useful. I have several tools that compliment one another, but all that adds up to is needing to have 4 or 5 different apps scan 150000+ files (on average) one after the other to effectively clean a machine, rather than one app that gets 98% or more nasties in one sweep. This is the difference between 20-30 minutes and 2-3 hours, and often the difference between the customer fixing or replacing their 2 year old pc due to la
Re:Operator Error (Score:2)
Sometimes the best solution is to do a clean install and set up a proper backup and recovery protocol - but yes, doing so ultimately makes the services you provide obsolete (or very nearly so).
Re:Operator Error (Score:2)
Often that is the best solution, but also often more than the cost of a new pc, once you factor in all the application installs, updates, patches, etc etc etc.
I don't know about the parent but I be glad to make myself obsolete to most of the people I have to deal with.
Most Windows users seem to operate their machi
Re:Operator Error (Score:2, Insightful)
I've said it before... (Score:2, Informative)
80% of my job is eliminating spyware (Score:2, Insightful)
Crap article (Score:3, Insightful)
micehal is a tool. (Score:2)
Pointer to a *competent* review (Score:3, Informative)
A test of "I ran A but then I ran B and it found X left over" is meaningless by itself. You need to start over and run in the opposite order, to see how much A catches that B doesn't.
What Eric Howes found matches what service techs find. There's no tool with 100% coverage. Which, if you know any statistics, tells you that even running multiple tools doesn't guarantee anything. I tell any client who will listen to focus on prevention.
You know what else is wrong with the AP "review"? He keeps calling the "Malicious Software Removal Tool" (hilarious name, think about it) "antivirus". It's not intended to be. It's a bundle of a few cleanup utilities.
Re:Pointer to a *competent* review (Score:2)
You know what is wrong with your quote? You don't know what the author is refering to. He's not reviewing MS AntiSpyware. He's reviewing the Microsoft Malicious Software Removal Tool [microsoft.com] just like he says.
It's a web based tool that removes the 5-6 most nasty worms. Do a bit of research before you take the high road next time.
MSNBC carried this story too. (Score:2)
My personal experience with this tool has been very satifying.
I never had spyware or virus on my XP so I downloaded some malware off the web to a Virtual PC session to test this out.
The developers have done a stupendous job on this program.
I am sure as hell surprised that MSNBC carried this story too.
Review: Microsoft Anti-Spyware Ineffective [msn.com]
WTF??? (Score:2, Troll)
Longhorn:
I installed this piece of crap on my laptop. It didn't ask if I wanted to keep my linux partitions, it juts made me delete them. The default wallpaper is stupid, and how many users know to right click the desktop to change it? Also, the Win95 drivers shipped with my laptop don't work in Longhorn. And it keeps telling me about this "beta" thing that I supposedly installed. It's really slo
Maybe we should just... (Score:2)
In all seriousness though, I've done my best to try to educate my own friend and family for whom I have to do tech support, and it seems like some of these people either don't get it at all, or have decided that it's jus
Re:Maybe we should just... (Score:2)
Ineffective? (Score:3)
I found it less than useless as well (Score:2)
Bottom line: MS AntiSpyware did almost nothing to protect me and using it to "clean" the spyware left me in a much worse position than when I started. After using MS AntiSpyware to clean my PC, I still had a new IE toolbar, a popup ad whenever I opened IE, and a big search bar over my taskbar and, thanks to MS AntiSpyware, I couldn't get rid of them. I had to reinstall the spyware and uninstall using add/remove program
No corporate solution (Score:3, Informative)
The problem is, there is no one effective tool. The antivirus industry has matured. Granted, Symantec might not catch EVERYTHING but what it DOES catch covers everything I've ever come across, and 99.999% of what most other people will too.
SpyBot... AdAware... SpySweeper... Giant/MS Antispyware... each catches stuff the others don't. Doesn't matter what order you run them. And I can run ALL of them, and sometimes go into HijackThis and find more spyware still lingering. Sometimes it's remnants of some spyware the tool identified but wasn't effective in completely removing. Sometimes it's an entirely NEW piece of spyware.
So what's a corporation to do? Sure, some of them offer corporate versions... but since none of the catch a reasonable amount, there's no single one worth investing that amount of money in. So what do you do... manually spend an hour ever week on each machine? x100? x1000? x10000? It's crazy.
utter nonsense (Score:5, Insightful)
MS selling anti-spyware is like Goodyear selling anti-defective-tire-glue-or-something.
1.Build defective product
2.Let customer get flooded with problems
3.Instead of fixing defective product, sell customer
some kind of half working fix you bought from someone else
4.profit!!!
Their tool sucks ass... (Score:2)
it's a vicious cycle (Score:2, Insightful)
Re:Microsoft Anti-Spyware (Score:2, Informative)
Re:Microsoft Anti-Spyware (Score:2)
Nitpick: I think you mean Outlook Express. Outlook is a very different mail app, and it's significantly more secure. I wouldn't say it's as strong as Firefox, but I have been using OL2k for the last
Spyware on Linux/Unix (Score:3, Insightful)
Re:Spyware on Linux/Unix (Score:5, Interesting)
1. Unix users are self-selecting; they tend to be technically competent and less likely to be infected than the general populace.
2. Unix systems use a wide range of email applications and web browsers, almost all of which have fewer holes than IE/OE. No Unix mail client will execute an attachment for you; you have to save it, enable the execution flag, and then run it yourself.
3. Unix desktops are not nearly as common as Windows desktops, so there're fewer incentives to hack them. They're also quite diverse; a binary for PPC MacOS isn't going to work under x86 OpenBSD, Sparc Solaris, or ARM Linux, which reduces the pool of target machines for a given virus.
Re:Spyware on Linux/Unix (Score:2)
Re:Spyware on Linux/Unix (Score:2)
The biggest difference is not technical, but about the end user and the sales channel that brought the computer to the end user. Most Linux machines have a technically savvy computer user somewhere close by. Either the owner of the machine takes great care of their hardware, or the person using the machine has a friend who installed Linux.
There is a large number of people who have both Linux and
Technically Savvy my ass! (Score:2)
Re:Technically Savvy my ass! (Score:2)
Really? Not that I've heard. There are viruses, but they don't get much distribution, and I've never heard of any OSX spyware at all.
Re:Technically Savvy my ass! (Score:2)
THAT SAID, my original question was more fundamental to the operating system not to the technical savvy (or lack thereof) of the user base, and why linux and unix like systems don't seem
Re:How so? (Score:2, Funny)
Maybe so, but it would be the cleanest, most optimized and up-to-date spyware on the planet.
This one says even more than that one (Score:2)
Re:Imagine that, an article critical of MS! (Score:2)
And as for the Open Source virus scanners, look harder.
Re:Makes no sense (Score:5, Informative)
1) Boot into safe mode.
2) Delete all browser helper objects. I usually leave Java installed unless it too seems infected (can happen).
3) Run msconfig. Select diagnostic boot. Then reboot into normal mode.
4) Now comes the fun. Open MSConfig and look at the registry entries and startup items. I use Google to identify what they do and note any suspicious items.
5) Just for protection, I create a restore point so I don't remove something I shouldn't and get into trouble. Then I use msconfig to select normal startup. When it asks if I want to reboot, I say "reboot later"
6) I go through the run keys (under HKCU and HKLM). I delete suspicious values. Same with the startup folder. I also review the drivers for anything strange and backup/delete as needed (I have seen drivers which I believed were involved in spyware).
7) Suggest to my customer (if it seems like a good idea) that we discuss migrating to Linux if they have continuing issues.
Reboot to test. Make note of anything that comes back. Reboot in safe mode if necessary to remove those values.
Granted this doesn't remove all the spyware programs, but it does disable their startup. By troubleshooting a problem for days and not being able to solve it, the author of the article has demonstrated that he doesn't really understand the Windows boot process or how to really troubleshoot it. Yes, I only run Linux, but I can troubleshoot Windows with the best.
Re:Makes no sense (Score:2)
Re:Makes no sense (Score:2)
netstat
comparing filenames from the root C and D directories with those in the Windows directories
filemon
regmon
Additionally, sometimes, I have had to uninstall infected copies of Java, and a few other odds and ends.
Re:Makes no sense (Score:2)
Be real careful to check running services.
System Restore, I have concluded, is the devil and should not be trusted, it brings back evil as well as good. Best to turn it off until the machine is cleaned.
Make certain the recycler is emptied.
Check the add/remove programs, some of these nasties actually
Re:Makes no sense (Score:2)
Always prevent the software from running *before* removing the files. Otherwise you are asking for problems.
Re:Makes no sense (Score:2)
Total agreement there, I generally will not start a cleanup without first purging all that stuff by putting the drive in a cage and accessing it from a laptop, after that you can proceed in relative safety.
I wonder when it becomes legal to curb-stomp the people who write these blasted things?
Re:Makes no sense (Score:2)
Re:Makes no sense (Score:2)
You have completely missed the point of why Microsoft is releasing this spyware removal tool (or any other spyware removal company). Do you really think they are releasing this for service professionals like yourself?? Hell no. They are releasing this so people don't have to go to people like you for help. It is "relatively simple" for you because you are a pro. But for John Avg. Doe, what you just described is both a major pain in the ass as well as way over his head.
Re:Makes no sense (Score:2)
But lets say for sake of argument that the process mentioned is correct and reasonable complete, how is MS's app going to help a person needing a pro tech to fix his/her machine if the app doesn't get the same results as athe cleanup process? Not to mention that a machine already messed up is likely to but uncleanable without professional help. Why doesn't MS just fix its bloody vulnerabilities?
T
Re:Makes no sense (Score:3, Interesting)
So that is $40 to $120 everytime the get hit with anything and want help! Yes, I offer to talk to them about migrating to Linux because althoug they get to pay me for my time to help them with the migration, it is far cheaper over a reasonable length of time than it is to call me everytime they get spyware.
Re:Makes no sense (Score:2)
I've started recommending Mac's for people's internet needs.
Re:Makes no sense (Score:2)
The only problem is how does spyware-infected-gratis compete with libre-Free? I think that ad
I think you've missed how spyware/malware spread themselves, user stupidity. So, in theory, on a Linux system, you would need root privalege to install such an item system wide. The problem here is that
Re:Not effective for me. (Score:2, Interesting)
As for lagginess, that could be attributed to anything, from user perception to it still unloading itself from memory (you didn't mention how long the lagginess lasted).
Come on. This isn't even out of beta form yet.
Re:How many MS anti spyware reviews will be on /. (Score:2)
Re:shouldn't be needed (Score:2)
But the second which can be just as annoying is the stuff that becomes bundled with freeware programs and which is actualyl installed by legitimate user. To illustrate this, lets look at how Linux spyware might work.
I could create adware for KDE or Gnome too if I wanted and ask people to install it. And if they do (or if some nifty free utility installes it for them)
Re:Pirates? (Score:4, Interesting)
You hit an interesting point, can the program check registrations to see if the software is pirated, and then remove it if it is pirated and report it as Spyware? Already BitDefender, a competing product, is seen as Spyware. So we see the MS tactic here to report competitors as Spyware, which makes MSAS look even better.
Think about it, Mozilla Firefox, Thunderbird, Opera, Eudora, OpenOffice.org, etc can be seen as Spyware this way, and the user is forced to use the Microsoft products that compete with them, to avoid the Spyware alerts.