Review: Microsoft Windows AntiSpyware (Beta)

• By Mike Gunderloy
• January 10, 2005

Microsoft Windows AntiSpyware (Beta)
Microsoft
Redmond, Washington
www.microsoft.com

You may recall that Microsoft bought anti-spyware vendor GIANT less than a month ago. Last week they came out with a beta of a "Microsoft" anti-spyware tool as a result. I use the quotes there because it's clear from the timescale that this is largely, or perhaps entirely, a rebadged copy of GIANT's tool; there's no way in the world that Microsoft could grind out a completely new piece of software in that timespan. (Indeed, the rebadging isn't finished yet; the executable name still refers to Giant). Be that as it may, it's worth a look now that Redmond has put it out for our consumption.

First, let's clear up a bit of confusion that's plaguing the not-quite-technical press at the moment: "spyware" and "virus" are not synonyms. Microsoft, ironically, made the confusion worse by releasing an antivirus tool the same day as this antispyware tool. Spyware is software, installed without the user's consent, that monitors the user's actions. It might decide to replace banner ads with ads from some other server, intercept requests to buy books from Amazon so as to hijack the affiliate dollars, reset your home page to a porn site, or do many other nasty things. But it's not designed to spread directly from machine to machine via e-mail or other direct vectors, the distinguishing feature of viruses.

This new tool installs smoothly, though there's a major problem in the way that Microsoft has made it available. Following the download link for the beta takes you to a page with this text highlighted: "This download is available to customers running genuine Microsoft Windows. Please click Continue to begin Windows validation." To my mind, customers interested in whacking miscellaneous unwanted junk off of their hard drives are among those least likely to be interested in letting Microsoft install an ActiveX control to snoop around those very same hard drives in search of evidence of dishonesty. Now, it turns out that you can bypass this, but it's not at all obvious how (tell it to begin the validation, and then tell it no, you've changed your mind). Microsoft really needs to rethink the intersection between its security efforts and its anti-piracy efforts.

The software lets you make a number of decisions when you install it. You can decide whether to install security agents that monitor vital parts of your system to detect changes to the system and warn you about them, whether to update your spyware definitions on a regular basis, and whether to participate in the SpyNet community, which lets you send information collected by the security agents back to Microsoft for comparison with reports from other users. I'm glad to see that these things are optional; I personally don't care to load up yet more agents in my computer's RAM. I'm not so glad that the program warns me that some of these choices are critically dangerous every time I start it up. Let me decide and then leave me alone, OK? Even worse: just looking at the options page for the agents turns the agents back on, unless you manually turn them off again. Bad UI design.

The heart of the program, of course, is the ability to scan your hard drive and RAM for threats. This part works well and quickly, though you need to exercise caution with the results; at least in this beta, there are some false positives to be wary of. For example, on Windows 2003 the file tapicfg.exe is detected as a high-risk browser hijacker, when in fact it's part of the system. Several comparative tests have shown that the GIANT product detected more threats than its competition; I wonder whether they do this by being a bit less conservative in what they identify as a threat? Microsoft may have to ease off on this a bit to make the tool foolproof for the general audience. Detected threats can be easily removed, and the product keeps track of what it did for later reporting and possible reversal.

There are also some interesting tools included in the product. The Browser Hijack Restore tool will let you reset changes to IE's settings back to their defaults (or back to defaults that you choose); this is an easy way to fix the effects of much spyware, at least if you use IE as your browser. The Tracks Eraser will get rid of things like your browser history and forms passwords. Finally, the System Explorers will let you look at things like running processes, IE BHO's, and shell execute hooks - information that power users can collect elsewhere, but it's nice to have them all in one place.

Do you need this product? It really depends on your browsing habits. If you're careful what sites you visit, sensible about what you click on, or (even better) use a non-IE browser, probably not - though you might want to download a copy to have on hand just in case. On the other hand, the average user will probably benefit quite a bit from the monitoring and scrubbing functions here; I'm going to suggest it to a selected group of friends and relatives.

Finally, I do have to note the irony involved in Microsoft's buying this product and then rushing their own version out: were it not for the notoriously flawed Internet Explorer and some of Microsoft's own architectural decisions, this product wouldn't be needed at all. It's as if your home builder put screens with rips in them over all the windows, and then gave you flyswatters for free when the bugs got in. Better to repair the screens - though in the real world, flyswatters will remain necessary so long as the flies remain clever.