ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security threats Toolkit

Microsoft AntiSpyware: Is it worth bothering with?

John McCormick Tech Republic

Published: 24 Jan 2005 14:15 GMT

The anti-spyware software recently announced by Microsoft is now mature enough to evaluate so I downloaded a copy and ran it head-to-head with a free utility: Lavasoft's Ad-Aware SE (Personal Edition). There is no word yet on whether Microsoft plans to charge for the product once it is out of beta.

Although Microsoft's AntiSpyware isn't intended to do exactly the same thing as Ad-Aware, the goals are similar -- to locate and quarantine software that can capture information from your computer and transmit it to others without your knowledge or agreement. Most of these are relatively harmless cookies used to monitor advertising hits, but the same technology can be hiding code that captures keystrokes and harvests other critical information from systems.

Without the use of some tool it is very difficult for Windows users and administrators to detect these programs and know what they may be doing.

You can only obtain AntiSpyware, which is about 6 MB in size, as a download from Microsoft's Web site. The beta version won't be made available on CD-ROM. Installation went smoothly, although while trying to view some options it did lock up, and I had to kill it via Task Manager. The program started right up again when I tried it. I already had Ad-aware on my machine, but if you want a copy it can be downloaded from ZDNet UK's download area.

I ran both utilities on an older 2-GHz P4 Dell with 512MB of RAM and running XP SP2. Both took about 12 minutes to complete a deep file scan but the results were significantly different.

AntiSpyware reported scanning 2398 memory processes, 18,973 files, and 8693 registry keys, finding no problems. I had just purged the system an hour earlier with Ad-Aware. There are few details provided about just how the software works so I don’t know why a later automatic scan reported checking 33970 files.

Immediately after running the Microsoft program Ad-Aware scanned 2564 process modules, and 157,212 "objects", the term Ad-Aware uses that approximates files. The important difference was that the Lavasoft utility found five data-mining objects, including one from trafficmp.com and another from doubleclick.net. It’s a rare system that doesn’t have some doubleclick data mining objects, but AntiSpyware apparently isn’t intended to detect them.

AntiSpyware is more than just a spyware scanner; it also provides some management tools and provides real-time protection by watching for more than 50 ways spyware can insinuate its way onto your system. I’ve seen reports that this works pretty well, although it failed to block or notify me of six new tracking cookies installed on my system in a half hour online. Ad-Aware found them on a "smart" system scan while AntiSpyware failed to do so even on a deeper scan.

One AntiSpyware tool, Security Agents, monitors program and Internet activity as well as system changes.

System Explorers, another tool, provides a simple method to manage ActiveX, running processes, startup programs, IE settings, and other features that can be fine-tuned to make your system work the way you want it to.

The Running Processes tool is especially useful because it makes it easy to learn just what the processes do in considerable detail -- far more than you get with Task Manager -- although you still need TM to see what CPU time is being allocated to each process. One shortcoming is that additional information beyond some fairly basic data such as file path and version isn’t available yet for many processes, but bear in mind that this is a beta program.