Review: Microsoft Windows AntiSpyware (Beta)
Microsoft Windows AntiSpyware (Beta)
You may recall that Microsoft bought anti-spyware vendor GIANT less than a
month ago. Last week they came out with a beta of a "Microsoft" anti-spyware
tool as a result. I use the quotes there because it's clear from the timescale
that this is largely, or perhaps entirely, a rebadged copy of GIANT's tool;
there's no way in the world that Microsoft could grind out a completely new
piece of software in that timespan. (Indeed, the rebadging isn't finished yet;
the executable name still refers to Giant). Be that as it may, it's worth a look
now that Redmond has put it out for our consumption.
First, let's clear up a bit of confusion that's plaguing the
not-quite-technical press at the moment: "spyware" and "virus" are not synonyms.
Microsoft, ironically, made the confusion worse by releasing an antivirus tool
the same day as this antispyware tool. Spyware is software, installed without
the user's consent, that monitors the user's actions. It might decide to replace
banner ads with ads from some other server, intercept requests to buy books from
Amazon so as to hijack the affiliate dollars, reset your home page to a porn
site, or do many other nasty things. But it's not designed to spread directly
from machine to machine via e-mail or other direct vectors, the distinguishing
feature of viruses.
This new tool installs smoothly, though there's a major problem in the way
that Microsoft has made it available. Following the download link for the beta
takes you to a page with this text highlighted: "This download is available to
customers running genuine Microsoft Windows. Please click Continue to begin
Windows validation." To my mind, customers interested in whacking miscellaneous
unwanted junk off of their hard drives are among those least likely to be
interested in letting Microsoft install an ActiveX control to snoop around those
very same hard drives in search of evidence of dishonesty. Now, it turns out
that you can bypass this, but it's not at all obvious how (tell it to begin the
validation, and then tell it no, you've changed your mind). Microsoft really
needs to rethink the intersection between its security efforts and its
The software lets you make a number of decisions when you install it. You can
decide whether to install security agents that monitor vital parts of your
system to detect changes to the system and warn you about them, whether to
update your spyware definitions on a regular basis, and whether to participate
in the SpyNet community, which lets you send information collected by the
security agents back to Microsoft for comparison with reports from other users.
I'm glad to see that these things are optional; I personally don't care to load
up yet more agents in my computer's RAM. I'm not so glad that the program warns
me that some of these choices are critically dangerous every time I start it up.
Let me decide and then leave me alone, OK? Even worse: just looking at the
options page for the agents turns the agents back on, unless you manually
turn them off again. Bad UI design.
The heart of the program, of course, is the ability to scan your hard drive
and RAM for threats. This part works well and quickly, though you need to
exercise caution with the results; at least in this beta, there are some false
positives to be wary of. For example, on Windows 2003 the file tapicfg.exe is
detected as a high-risk browser hijacker, when in fact it's part of the system.
Several comparative tests have shown that the GIANT product detected more
threats than its competition; I wonder whether they do this by being a bit less
conservative in what they identify as a threat? Microsoft may have to ease off
on this a bit to make the tool foolproof for the general audience. Detected
threats can be easily removed, and the product keeps track of what it did
for later reporting and possible reversal.
There are also some interesting tools included in the product. The Browser
Hijack Restore tool will let you reset changes to IE's settings back to their
defaults (or back to defaults that you choose); this is an easy way to fix the
effects of much spyware, at least if you use IE as your browser. The Tracks
Eraser will get rid of things like your browser history and forms passwords.
Finally, the System Explorers will let you look at things like running
processes, IE BHO's, and shell execute hooks - information that power users can
collect elsewhere, but it's nice to have them all in one place.
Do you need this product? It really depends on your browsing habits. If
you're careful what sites you visit, sensible about what you click on, or (even
better) use a non-IE browser, probably not - though you might want to download a
copy to have on hand just in case. On the other hand, the average user will
probably benefit quite a bit from the monitoring and scrubbing functions here;
I'm going to suggest it to a selected group of friends and relatives.
Finally, I do have to note the irony involved in Microsoft's buying this
product and then rushing their own version out: were it not for the notoriously
flawed Internet Explorer and some of Microsoft's own architectural decisions,
this product wouldn't be needed at all. It's as if your home builder put screens
with rips in them over all the windows, and then gave you flyswatters for free
when the bugs got in. Better to repair the screens - though in the real world,
flyswatters will remain necessary so long as the flies remain clever.
Mike Gunderloy has been developing software for a quarter-century now, and writing about it for nearly as long. He walked away from a .NET development career in 2006 and has been a happy Rails user ever since. Mike blogs at A Fresh Cup.