Forgot your password?
typodupeerror
Security Operating Systems Software Windows IT

MS AntiSpyware vs Ad-Aware vs. SpyBot 535

Posted by timothy
from the more-amazing-is-what-people-tolerate dept.
An anonymous reader writes "Flexbeta.net compares Microsoft's new spyware fighting tool, Windows AntiSpyware, to Ad-Aware and SpyBot S&D; the two leading spyware tools on the market today. The review sets up an infected PC using VMWare Workstation and scans the machine using all three tools to see which tool detects the most spyware. Though still in beta, Microsoft AntiSpyware does an amazing job at detecting spyware by finding twice as many infected files as Ad-Aware and nearly three times as SpyBot."
This discussion has been archived. No new comments can be posted.

MS AntiSpyware vs Ad-Aware vs. SpyBot

Comments Filter:
  • by Cracell (788266) <cracell@gmail.OPENBSDcom minus bsd> on Saturday January 08, 2005 @03:22PM (#11298310)
    So wait a sec Microsoft's product is actual good?
    • They have only owned it for a few weeks. Even Microsoft has limits on how fast they can screw stuff up.
      • I tried it. I found this particular interesting: Box: Compaq P4 2ghz 256mb memory XP SP1 on a Corp. net (yes I know, but some of our in-house apps fail under SP2): Fairly clean already machine with Adaware and Spybot already loaded. I downloaded the Microsoft beta and ran it. Many minutes later it reported a passle of stuff. Like with Adaware and Spybot I said "Ok dump it all" turned off the All time protection feature, said no to all the "Do you want me to be intrusive and make all your decisions
        • by imroy (755) <imroykun@gmail.com> on Saturday January 08, 2005 @05:20PM (#11299270) Homepage Journal
          Maybe the MS product found the Spybot S&D definition file(s). Did you pay much attention to what the MS beta had found before telling it to delete them all?
          • by Zeinfeld (263942) on Saturday January 08, 2005 @06:30PM (#11299786) Homepage
            Actually there is a huge problem with anti-spyware deleting anti-spyware. The problem is that the anti-spyware ends up looking very much like spyware as far as heuristic checks go. So for example it tries to resist being clobbered by the spyware, it scans the disk, it hooks into similar entry points.

            The same problem happens with legislation. The Bono anti-spyware bill as currently drafted would make most of the anti-spyware programs illegal. its not intentional, its just bad drafting. The problem is that what is spyware is at some level a consent issue and so drafting is horribly difficult.

        • by PatientZero (25929) on Saturday January 08, 2005 @06:02PM (#11299571)
          I tested it out too on my home machine, and the only thing it found was the Download Manager for Gamespot (based on Kontiki). Thank you Mozilla. :)

          In any case, I uncheked the "install real time protection agents" option during installation, but after running the scan I ran through the options to see what other features it had. Surprise, RTP was enabled. Oh the irony of MS AntiSpyware behaving in the same shady fashion as Spyware apps. ;)

          So if you do install it but don't want the RTP agents, make sure you hit up the options before quitting.

          • Behaviour confirmed. (Score:3, Interesting)

            by khasim (1285)
            I just downloaded it and ran it and it did the same thing to me. Just about everything was re-enabled after I specifically un-checked it during the install.

            It also made my PC run slower than before.

            It found VNC as "spyware", but it set the "remove/ignore" option to "ignore" so that wasn't so bad.

            Other than that, it didn't find anything. But I run FireFox with adblock and both spybot and ad-aware so I wasn't expecting anything to show up.

            I've uninstalled Microsoft's anti-spyware and it left the directory
            • by Vancorps (746090)
              VNC is commonly used as a trojan so that behavior makes sense.

              The rest is typical with microsoft.

              I would be curious of an anti-spyware app could be written to run on a network, since profiles are stored on a central server and that server is never used to browse the Internet it would be the perfect environment to clean spyware from all the profiles out there.

              It would also be nice if you could script the app so for instance, your organization uses Alexa or Viewpoint you could enable it to prevent apps fro

      • by fm6 (162816) on Saturday January 08, 2005 @05:03PM (#11299127) Homepage Journal
        You got modded up as funny. You deserve the upmod, but I think you make a serious point. Microsoft products don't always start out as total crap. Sometimes they buy a decent product from somebody, or invent something with a good basic design (their old Multiplan product was the first spreadsheet I didn't consider a total kludge), or invent some idea that could be really useful if it's implemented right. But then they throw their bureaucracy, their intense intracompany rivalies, their focus groups, their love of feature bloat, and (most of all) their compulsive tweaking at the product. Before you know it, you have some monstrosity that only runs on the latest hardware and that's a total pain to use.

        That's why I'll always be sorry the Democrats didn't stay in power long enough to break Microsoft up. If Microsoft developers were forced to operate in a competitive environment where mistakes actually hurt them, we'd all be better off -- including the former Microsofters.

    • by nurb432 (527695) on Saturday January 08, 2005 @03:31PM (#11298402) Homepage Journal
      They just bought a company and rebranded..

      Wait a few generations, then it will be a 'true' Microsoft Product..
      • Amen to that.

        Also, they bought Giant Antispyware, and christ on a crutch does that thing do a hell of a lot of false-positives.

        I rennamed a textfile something like claria.exe and that thing started screaming immediately that bad people were trying to take over my life.

        So seriously, I couldn't care less.
        • by Jesus 2.0 (701858) on Saturday January 08, 2005 @04:26PM (#11298866)
          I rennamed a textfile something like claria.exe and that thing started screaming immediately that bad people were trying to take over my life.

          Wow, how horrible. I can't imagine how annoying and dangerous that would be for me, given how often I rename text files to claria.exe.
          • OTOH, I learned the hard way not to trust file names. A routing cleaning of core dumps on our fileserver at school managed to destroy the work of half of the VLSI class. Who would've thought that students would be designing CPU cores and just call the output file "core"...
        • by John3 (85454) <john3NO@SPAMcornells.com> on Saturday January 08, 2005 @05:12PM (#11299200) Homepage Journal
          How about attaching your claria.exe text file to all your outgoing emails, sending your emails out with a subject of "I'm not selling Viagra , Cialis, or Rolex Watches!!!!" and see what kind of false positives you get from anti-spam and anti-virus filters. It's not a precise science, so I'd expect false positives when you make a concious attempt to fool the program.

          That's not to say they can't make it more accurate, but they may be trading off accuracy for speed (filename match rather than file signature). If I was designing it I wouldn't be real concerned with trying to correctly deal with bored users trying to fool our program by renaming their important documents to "claria.exe".
        • Also the default installs of TightVNC, RealVNC and winpcap are flagged as spyware. As if only crackers use these items for anything and no respectable user would.
    • What there gonna do is make it good so it becomes what 95% of users use, Then start mostly ignoreing it cause they have a monopoly, just like what happened to Internet Exploder. It will also be bundled with Windows XP SP3 and Longhorn.
      • Don't confuse the issue, 95% of the users didn't use IE because it was good, they used it because it was good enough and bundled with the OS. You act as if the two things are seperate ;)

        Netscape was always technically superior to IE.
    • by wankledot (712148) on Saturday January 08, 2005 @03:33PM (#11298427)
      Of course it's good, they know where to find spyware and viruses because they're the ones that created them!!@# [/tinfoilhat]
  • For fairness... (Score:5, Insightful)

    by Raindance (680694) * <johnsonmx@g[ ]l.com ['mai' in gap]> on Saturday January 08, 2005 @03:22PM (#11298314) Homepage Journal
    To be fair, "infected files" is a rather ambiguous notation (perhaps "malicious packages" would be a better way to count things).

    I would also feel better if the submitter hadn't been anonymous. Though it's probably not astroturfing.

    RD
    • Single Data Point... (Score:3, Interesting)

      by raehl (609729)
      I just ran it on my system and got 0 infected files; so it's probably not jus padding itself for the sake of padding itself. (I don't install lots of crap, so I'm not surprised it didn't find anything.)
  • by Anonymous Coward on Saturday January 08, 2005 @03:22PM (#11298317)
    Wait.. aren't we supposed to hate Microsoft? I'm confused.
  • Funny... (Score:5, Funny)

    by lga (172042) * on Saturday January 08, 2005 @03:23PM (#11298320) Homepage Journal
    Does anyone else think it funny that the advert at the bottom of this review is for Smiley Central, a well known piece of computer-invading crap?
  • that's all we ask. Microsoft is the most suitable candidate to find spyware infecting their product. Hopefully this is step one, followed by OS changes eliminating/reducing the possibility. Dream over...
  • Why wouldn't it surprise me that Microsoft would be able to find and remove everyone else's product on the box even if it is spyware.
  • Twice as much (Score:2, Insightful)

    by ZeroExistenZ (721849)

    Not having read the article yet, I do wonder what the scanner reports as spyware in order to get "twice as much results as Adaware" and "three times as much as Spybot".

    I'm just sceptical about MS + Anti-Spyware mix.

    • Re:Twice as much (Score:5, Informative)

      by Rob Carr (780861) on Saturday January 08, 2005 @03:36PM (#11298462) Homepage Journal
      After a vicious round with spyware, I switched to Firefox and regularly running AdAware and Spybot. Still, I ran the MS program to see what would happen.

      Adaware and Spybot report a lot of cookies. MS's program didn't. On the other hand, the AntiSpyware program found stuff the other two didn't. Total "hits" weren't 2-3x, but I've decided to keep AntiSpyware in addition to the other two programs.

    • Re:Twice as much (Score:3, Interesting)

      by Zocalo (252965)
      I'm guessing that the only thing that would account for this kind of discrepency is how registry keys are counted. Whether you count each individual registry key, registry branch, or just piece of spyware on a case-by-case basis will make a huge difference. Also, spyware typically installs copies of its registry settings in several places, and on a system with multiple logins there is even more room for abuse.

      Based on my experiences there's not much to choose from between Spybot and Ad-Aware, and I have

    • Re:Twice as much (Score:5, Informative)

      by damiam (409504) on Saturday January 08, 2005 @05:17PM (#11299248)
      Some of what it detects are definitely false positives. On my machine, it claimed to find registry traces of eDonkey and Grokster, which it says contain adware. But the keys it found were put there by Shareaza, a non-spyware open-source client.
      • Re:Twice as much (Score:5, Informative)

        by ZeroExistenZ (721849) on Saturday January 08, 2005 @05:36PM (#11299395)
        I second that.

        Serv-U FTP Server is appearantly a "Trojan FTP", default action is to "quarantine" in MS's view.
      • Re:Twice as much (Score:5, Informative)

        by CritterNYC (190163) on Saturday January 08, 2005 @07:53PM (#11300372) Homepage
        Some of what it detects are definitely false positives. On my machine, it claimed to find registry traces of eDonkey and Grokster, which it says contain adware. But the keys it found were put there by Shareaza, a non-spyware open-source client.

        Yeah, it wanted to kill off pieces of eMule, Shareaza and Unreal Tournament 2004 on my box.
      • VNC is evil!!!!111 (Score:5, Interesting)

        by Venner (59051) on Saturday January 08, 2005 @08:06PM (#11300450)
        Some of what it detects are definitely false positives. On my machine, it claimed to find registry traces of eDonkey and Grokster, which it says contain adware. But the keys it found were put there by Shareaza, a non-spyware open-source client.
        Yep. Same here. It decided that VNC was obviously an attempt to remotely hijack my computer.

        It also felt the need to alter my hosts file for me. It didn't like the fact that I had "ads.msn.com" pointing to 127.0.0.1 (as well as over 100 other ad domains; the only one it cared about was MSN!)
  • Unfair advantage? (Score:2, Insightful)

    by meckardt (113120)
    Wouldn't the MS product have an unfair advantage... after all, isn't the Redmond crew responsible for a lot of that stuff anyway?
  • by eno2001 (527078) on Saturday January 08, 2005 @03:25PM (#11298347) Homepage Journal
    Microsoft knows what holes they have in the OS better than anyone else. They just don't bother to fix them in a timely fashion because it's not profitable The anti spyware isn't really a change in direction for them if you think about it. They are still applying a band-aid to the problems rather than a real fix.
    • They just don't bother to fix them in a timely fashion because it's not profitable

      They don't fix them because they meant them to be there.

      Take the notorious problem with Outlook, that it will execute embedded VBscript in emails and send virii (or trojans or whatever) to the people in your address book. Well Outlook was designed to do that. If you have scriptable email, then you can use Exchange/Outlook as a platform to develop workflow applications. Doing it that way has nowadays been superseded by the
      • by myowntrueself (607117) on Saturday January 08, 2005 @04:10PM (#11298742)
        "Now, MS were naive to think that no-one would ever exploit that feature maliciously"

        At least in the beginning they took measures to stop it; the original outlook couldn't even receive pop or imap email and hence the only incoming email was supposed to be from the corporate Exchange server.

        It was only later, when the internet became popular, that, uh, by popular demand they produced add-on packs for exchange with which you could use pop, smtp and imap.

        Then the email viruses began to take advantage...

        I reckon that they should now go the other way around; produce a special add-on pack for the VB scripting and just leave it right out of the default install.
    • That's a load of crap, Microsoft bought this product, not develop it in house. All products Microsoft buys are great products - Visio, NT, DOS, (the list goes on and on) but they end up ruining them in a few years.
  • Great! (Score:5, Insightful)

    by 2MuchC0ffeeMan (201987) on Saturday January 08, 2005 @03:27PM (#11298359) Homepage

    The Real-Time Protection agent is awesome. It automatically informs you of any changes being made to your current settings; such as if your IE homepage is trying to be changed. It also warns the user if any spyware is trying to be installed.
    So it has to be running first. Just what i want my computer to do, run more stuff.

    Also, I kinda know when our homepage is hijacked, and this is why i switched to firefox.
  • by sangreal66 (740295) on Saturday January 08, 2005 @03:28PM (#11298365)
    I only took a curory glance at the article before it was /.ed, but I did not see any attempt at analyzing how many of the additional items found by MSAS were false positives. This seems like pretty vital information.
    • Since they are running this in VMWare, and are hence able to save the state of the system, the best way to run this test would be to first run each product on the test image and tell it to remove everything it recognised. Then run each other product on the resulting image and discover what had been missed. Simply comparing the number each reports finding is hardly a good comparison.

      Disclaimer: TFA was slashdotted by the time I tried to R' it.

    • good point. I ran the MS beta on my desktop. It detected a win32 port of gnu cat (cat.exe) as "Norwegian Porn Dialer". Don't recall seeing that option added...
  • MS = the Mob (Score:4, Insightful)

    by HeyBob! (111243) on Saturday January 08, 2005 @03:29PM (#11298372)
    It's kind of like the Mob offering protection services to merchants. They're the problem in the first place!

    This kind of protection should already be in Windows, or least, make the OS completely separate from the apps and the data.

    You should be able to click on any process running and see complete details as to what it is, why it is running and access it's startup options.

  • by BioCS.Nerd (847372) on Saturday January 08, 2005 @03:29PM (#11298376) Homepage
    FireFox [mozilla.org]

    An Ad-Aware/FireFox combination has served my parent's computer well for quite sometime. My father's business exclusively uses the above combination with great results.

  • Enough already. (Score:5, Insightful)

    by XorNand (517466) on Saturday January 08, 2005 @03:29PM (#11298379)
    Ok, enough of the "MS should do better, they make the holes" comments. If you remember correctly, MS bought [theregister.co.uk] this code only a short while ago from Giant Company. About the only thing Redmond has done is repackage and rebranded it.
    • thats all they'll do.
      That said, at least they are doing something, even if it is only buying something.
      Of course using it to have people prove they aren't guilty of copyright infringement is a little scummy. At least people can click no.
  • by benzapp (464105) on Saturday January 08, 2005 @03:29PM (#11298381)
    and apparently their detection of license keys has greatly improved... my key is invalid.

    Anyone else have this problem using their obscure key of choice? SP2 installed fine a few months ago.
  • by harlows_monkeys (106428) on Saturday January 08, 2005 @03:31PM (#11298399) Homepage
    What we've seen where I work, with our antivirus/antispyware product is that if we miss something that AdAware of Spybot finds, then poeple say we are ineffective, and if we find something that they miss, people say we are generating false positives in order to frighten people into buying. (And then, when the thing we found that Spybot or AdAware missed actually causes problems, they say we put it there and start saying we pushing spyware).

    A lot of people, especially on the popular antispyware forums, have simply decided that Spybot and AdAware are the best that there can possibly be, and anything that differs from them in bad.

  • I liked how it politely asked if I wanted to validate Windows
    "Before obtaining the requested download, please take a moment to validate your genuine Microsoft Windows installation. Validation assures that you are running an authentic and fully-licensed copy of Windows. Validating now will enable faster access to genuine Windows downloads upon future visits to the Download Center. Please see the Why Validate? page to learn more about the Windows Genuine Advantage program and why validation is recommended."
  • Dudes, they made the problem, they left in the weak code, and now they are saying they can fix it best???

    For some reason, I don't think I'll be trusting them to much.
  • Let's see the real deathmatch: shop for spyware as a sleazy spammer, paying for the best spyware installer malware available, then run that against MSAntiSpyWare, Ad-Aware and SpyBot. I bet the malware mafia comes out on top.
  • It's a pretty poor article offering at best a cursorary look at MS's offering. To sum it up in a few words : Yeah, Microsoft's new anti-spyware solution works; but you knew that without reading th earticle.
  • by mutilated_cattle (846847) on Saturday January 08, 2005 @03:40PM (#11298499)

    MS just bought giant AS and rebranded their product as Microsoft. As far as I can tell there's very little change to the program itself beyond the branding.

    Giant has always been among the top antispyware products, as evidenced by Failing Grades for most anti-spyware tools [slashdot.org] so this "MS should know their own security holes better than anyone" stuff isn't strictly relevant. I think MS should foucus more on fixing the secuity problems in IE that are responsible for 90%+ of spyware infections rather than sticking plaster over the holes by buying up anti-spyware solutions. Is this even going to be free when it's released?

    Personally I prefer webroot spysweeper anyway, Giant has always generated too many false positives for me.

  • I always thought my pc was well protected, mcafee antivirus, router, no porn sites (I'm a developer so it takes a lot to fool me) and yet ms antispyware found a file that contained a trojan on one of my drives. Last night when I was about to shut own my computer it gave a warning about the asus probe utility using "fishy" methods to ensure it run on startup
  • Who here only uses 1 or the other of spybot and adaware? Most people know adaware and spybot pick up different things. Hence putting them together VS Microsoft would be a better judge.
  • i know this sounds like heresy, and i'm embarrassed to ask -- but does anyone know how effective these tools are in relation to the one that comes with the new version of AOL?
    the reason i ask is that, like many of you, i am the CIO of my family, and my family is at the lower end of the spectrum that defines excellent computer using. a few family members have AOL, so i'm curious as to whether it saves me time and headaches to use the AOL tool as opposed to another. because if i have to spend half my chris
  • I tested a test lab computer at work. No special attempt to infect it, just running a lot of test freeware and average junk.

    The MS product found 3 problems: tightvnc, iMesh infecting every file in my Oracle client directory !!!, and a third one I can't remember. Spybot on the same computer found about 10 things, all different.

    So in my little test, MS did pretty poorly. I'm sure that every file in the c:\orahome directory was not infected with adware. And it missed quite a bit that spybot found.

    The b
  • I, for one... (Score:2, Interesting)

    by Big Nothing (229456)
    I, for one, welcome our new anti-spyware overlords.

    Seriously.

    Yes, it would be better if all the security holes in M$ SW were fixed but guess what: they're not gonna be fixed tomorrow. A good anti-spyware tool is sorely needed. I've cleaned a large number of home and office computers using a number of anti-spyware tools and frankly none of the cut it. At best, some of them suck a little bit less than the rest. I find that at least 3 separate tools are needed to find, clean and keep clean a normal luser's p
  • Spyware blaster has a seperate section for Explorer and Mozilla/FF protection. Anyone know if this is the is the same for the MS products.

    I wouldn't be surprised if somehow the MS spyware removal tool fails to fix anything Moz related.

  • by tehshen (794722)
    There is a problem with the database that is preventing the site from working.
    An email has been sent to the administrator notifying them of the problem. Please try again later.


    They're letting us slashdot their mail server too?
  • It is good! (Score:2, Funny)

    by Further82 (720625)
    It even detected and removed Firefox and my Linux partition. Ad-aware missed those.
  • Until companies pay off Microsoft to allow their spyware to be installed?
  • Hold up! (Score:4, Insightful)

    by NeoSkink (737843) on Saturday January 08, 2005 @03:52PM (#11298610)
    Wait wait wait! Microsoft is going to charge for their program?

    Maybe I haven't been following the story very closely, but that seems like a stupid move. "Our operating system and browser allow this stuff in the first place, now pay us to remove it."

    Keeping that in mind, I'll stick with the FREE AA and SB.
  • by srNeu (559432) on Saturday January 08, 2005 @03:54PM (#11298625)
    I just ran it and got a message:

    The Internet Explorer URL for your Search Assistant is attempting to be changed from http://www.google.com/ie to http://ie.search.msn.com/{SUB_RFC1766}/srchasst/sr chcust.htm.


    So this is how they are going to promote their new search engine.
  • Spyware (Score:4, Insightful)

    by JohnyDog (129809) on Saturday January 08, 2005 @04:01PM (#11298677)
    Both Ad-aware and Spybot are popular and estabilished, which means that newer spyware/adware knows them, knows how to hide, avoid them or even completely disable them, even if they're frequently updated. So it isn't surprising that MS AntiSpyware performs better now, but that doesn't tell anything about how it will perform in few months from now.
  • by British (51765) <british1500@gmail.com> on Saturday January 08, 2005 @04:03PM (#11298688) Homepage Journal
    The MS utility fonud some Dutch porn dialer that was on my system since 2003. AdAware never found it.

    But what wowed me were the useful utilities in the "advanced tools". I was finally able to disable a few annoying system tray icons(totally forgetting how to do it in Win2k). I still can't get the Nvidia driver utilities off, but MS is not to blame in that case.

    The tracks eraser functionality goes way beyond a simple "url cleaner". You can clear the document history, etc for TONS of apps. I'm wondering when the anti-MS zealots will be yelling that it will be a useful tool for child pornographers(heh).

    The GUI is a bit shoddy. I wish I could keep the heiarchial list of stuff when I'm inspecing the startup apps, etc, and there's no + to collapse/expand. Either way, I love the advanced utilities alone, and could probably clean out TONS of spyware, etc if I run this on my dad's PC.
  • by MunchMunch (670504) on Saturday January 08, 2005 @04:05PM (#11298705) Homepage
    Can someone explain how this could be?

    The first Ad-Aware scan revealed 1309 infected objects and a second scan immediately after a reboot resulted in 291 more infected objects reported. After removal of those objects, we ran Microsoft AntiSpyware Beta. AntiSpyware's scan revealed a whopping 1,877 infected files left over by the Ad-Aware not to mention the nearly 3,000 registry locations infected. One of the files which Ad-Aware failed to detect was WinTools which is suspected to be a Trojan with a maximum threat level.

    It was time to pin Microsoft AntiSpyware against SpyBot S&D by first scanning with SpyBot then checking to see how many files SpyBot had left behind. SpyBot's initial scan resulted in 358 "problems" detected. After running SpyBot a second time to make sure it did not report any other "problems", we ran Microsoft AntiSpyware. AntiSpyware was able to detect 659 infected files on the machine with 2.223 registry keys infected.

    So, to begin, Ad-Aware found 1,600 infected elements total. AntiSpyware found 4,877 more. Total: 6,477

    SpyBot finds 358. AntiSpyware finds 2,882 more. Total: 3,240

    Can anyone explain this? Even if the programs are giving false positives on spyware (and, considering that even having malicious spyware installed, 6,000+ detected compromised elements makes false positives almost a promise rather than a hunch), why would AntiSpyware inconsistently return false positives depending on what program scanned the PC first? Doesn't make any sense at all.

    • by Feztaa (633745)
      First, it's because you read "1" as "4" (reread your own post, you even quoted it properly). Second, it's because Adaware and spybot count the infections differently (and find different ones), thus the ones found by MSAS afterwards vary.

      Basically, it's apples and oranges.
  • Hey, wait a second (Score:3, Interesting)

    by CrankyFool (680025) on Saturday January 08, 2005 @04:15PM (#11298784)
    Running this on my parents' PC, I find that it has, in fact, found spyware that neither adaware nor spybot has found.

    Only problem is that it's TightVNC. I can understand that -- I mean, someone could use that to access your computer! The weird thing is, it didn't flag Remote Assistance as spyware. Totally missed it.

    I think I'll submit a bug.
  • Priceless (Score:3, Funny)

    by lxs (131946) on Saturday January 08, 2005 @04:19PM (#11298807)
    This is the first alert I got after running it:

    Microsoft AntiSpyware has detected that the Window's Messenger Service is currently running. The messenger service is sometimes used in corporate networks to send information from the administrator to its users. However, this service has been a wide source for pop-up message spam, and for most users not on a corporate network should be turned off and disabled.


    They even detect their own crap!
  • by phaetonic (621542) * on Saturday January 08, 2005 @04:29PM (#11298892)
    I have to give credit to Microsoft purchasing the company who made this AntiSpyware program. Yesterday I went to a client site and their server got infected (surfing on a naughty site I'm sure) and AdAware and Spybot removed a few but the machine was still hosed. I was unable to double click on any icon on the desktop - I would get a GPF. I went in safe mode with networking, downloaded the MS AntiSpyware tool, went in regular mode to install it (LUCKILY that worked, not sure why), went back in safe mode to run the tool, and it wiped out over 20 different spyware signatures and over 100 files, much more than either of the other tools. After a few hours, the machine was running perfectly with the icons allowing to be double-clicked on.
  • False positives.. (Score:5, Informative)

    by wfberg (24378) on Saturday January 08, 2005 @04:30PM (#11298900)
    Among the things MS Anti-Spyware found on my system (which is actually well-maintained, so perhaps not the best test-bed) none was a real hit, they were all false positives.

    It even managed to warn against registry settings put in place by SpyBot to ensure a malicious site runs in internet explorer's restricted zone!

    Also, it reported with glee that TightVNC is a dangerous hacking tool. I happen to use it to help out people, exactly the kind of people who are likely to remove it if AntiSpyware complains about it (e.g. my mom).

    Then a load of DLLs that are actually dummy DLLs shipped with the "lite" version of a (once upon a time) popular ad/spyware ridden app - again, it's detecting its competition!

    And then there are the residual files/empty directories/registry settings that adaware/spybot didn't remove some months ago when I tried an app that came with ad/spyware. No active components at all.

    Another thing I don't like about it is that it's user interface doesn't scale properly when you've adjusted your DPI settings.

    Also, its on-access scanner (for want of a better word) comes with an enormous performance hit, and is mostly concerned with Internet Explorer hacks. Those are a minor concern for me since I use firefox, and besides, Microsoft should fix IE, not ship cycle/ramhungy monitoring applications for it (though that's hardly GIANT's fault).

    In other words, I'm underwhelmed.
    • by cookiepus (154655)
      Also, it reported with glee that TightVNC is a dangerous hacking tool. I happen to use it to help out people, exactly the kind of people who are likely to remove it if AntiSpyware complains about it (e.g. my mom).

      It reported RealVNC as "Commercial Remote Control Product" with a danger meter of 50%. Since I know I run RealVNC, I said "always ignore this". It won't show up in the hits again. But I would imagine there are people out there who have VNC installed on their systems by someone who spies on them (
    • Re:False positives.. (Score:3, Informative)

      by Warskull (846730)
      I got a similar result here, it turned up all false positives. I heard a lot of people claim Giant Anti-Spyware is the best, but from what I can tell Spybot search and destroy is still by far the best with a bit of back-up from lavasoft's ad-aware. So what this means is people are fine just running spybot and ad-aware. This microsoft rebranding of Giant looks to be the super paranoid version of anti-spyware. Not only does it mark spyware, but it also marks programs that install spyware, and marks progra
  • Interesting. (Score:3, Interesting)

    by Aggrazel (13616) <aggrazel@gmail.com> on Saturday January 08, 2005 @04:32PM (#11298916) Journal
    It detected my "TightVNC" installation as possible spyware, but didn't say anything about the Windows Terminal Services service running ....
  • by Brett Glass (98525) on Saturday January 08, 2005 @04:57PM (#11299087) Homepage
    I just attempted to install Microsoft AntiSpyware on a machine from which Internet Exploder had been mostly removed via the utility Win98 Lite. It refused to install, insisting upon the presence of Internet Exploder 6. The machine in question uses Mozilla, with which we're quite happy. It appears that Microsoft is tying yet another product to the use of Internet Exploder 6, probably in violation of the recent DoJ Consent Decree. Will the Bush Justice Department do anything?
  • by Bruha (412869) on Saturday January 08, 2005 @04:57PM (#11299090) Homepage Journal
    Linux will succeed becuase you have many groups contributing to computing some free some not so free but it creates a economy around it of sorts.

    Microsoft however cant stand for some reason to be the OS that great things are built on like Linux can and is being today. They try to take their OS and adapt and squeeze out what they consider competition. Then they take the products that other companies make to run on Windows such a Ad-Aware, Norton Antivirus, Lotus Notes and a myriad of other programs out there and try to build them into Windows. Netscape employeed people who designed, maintained, and supported their browser. Microsoft rolled out IE and tied it into their OS sparking a controversy that eventually landed it in court. Yes the consumer has suffered but what about those Netscape employees? Did Microsoft give them jobs making IE better and supporting it? Hardly those guys were muscled out of the marketplace. Now I'm sure they got jobs elsewhere but what and where are they doing things.

    This can go for any number of companies that are threatened becuase Microsoft refuses to make windows as good and secure as it can be they only want to add the next cool feature into their OS.

    Symantec, Mcaffee, Real, and many other companies employ many good people with ideas and not just the engineers and software hackers, there are secretaries, janitors, and guards that also are employeed and probably buy Windows. Once they lose their jobs becuase Microsoft muscled their company out of business then they probably wont be buying as many computer products anymore.

    Thus Microsoft sits there and kills their own bottom lines.

    Of course were all eventually damned in that robots and smart computers will replace our jobs. Just look at those poor bastards that are being replaced in the Toyota autoplants here soon. This will spread to all auto makers across the world and it will not stop there. Productivity increases due to these robots will put strain initally on supply lines becusae those humans cant keep up and then one company will pick up the slack by having robots do that portion of the work and other companies will have to do so to keep up.

    From there it's basically a self feeding reaction that eventually will nullify every job we have or can move to in the next 50-100 years.

    Oh and governments would step up to help you?
  • arghhh (Score:3, Funny)

    by TCP Pimp (847753) on Saturday January 08, 2005 @07:55PM (#11300381)
    Yeah works great, I ran it on a client's PC and it uninstalled Windows. :)
  • Alternative Software (Score:3, Interesting)

    by Archon-X (264195) on Saturday January 08, 2005 @09:32PM (#11300923)
    I stopped using SpyBot & Adaware a long time ago.
    They're most admirable projects, however, neither are comprehensive.
    Often times, you have to run both to try to remove something, and there is still spyware installed.
    Neither offers a preemptive system either (filtering web, watching the registry etc)

    The *most* comprehensive program I have found is webroot SpySweeper [webroot.com].

    It is incredibly thorough, has staff dedicated to finding new spyware strains, the ability to report suspicious files, the works.

  • OOBE (Score:3, Insightful)

    by Ancient_Hacker (751168) on Saturday January 08, 2005 @10:46PM (#11301297)
    lesse, just a few notes of my first look at it:
    • Apparently they're not interested in bringing pirates into the MS fold, it only runs on "authorized" installations. Hmmm..
    • It asks me if I want it to run at 2 AM, I click "no", then later it reports it's set to run at 2AM. Hmmm....
    • I click on Manage 2AM runs, and I see no option to turn them off. If you deselect all runs, it complains that you havent selected any runs. Hmmm...
    • Screen is a dog's breakfast:
    • non standard panel borders that trail off, looking like a bad screen update.
    • The app name appears several times, in different fonts and sizes. One instance is clickable, and takes you to an unexpected summary page. The next text isnt.
    • There's a cacophony of active items. There's menus. There's clickable text. There's a separate area on the top right with BOTH icon-like things and clickable text.
    • If you click on the things in the upper right, it immediatel;y and irrevokably cancels the current scan. Nice. Not only does it do something unexpected, it doesnt even ask if you want to do it, and you can't back out or continue. Sweet.
    • Like many of these thingies, it feels it has to put up the name of every file it is scanning, and update the file totals. And run a dumb little static animation that really makes no sense, as it isnt moving files at all. This is not only useless and misleading information, it slows down the scanning process, especially with older video cards.
    • It did find one registry key, but AFAICS it doesnt bother explaining what it is and what the ramifications are. And the button to remove it is inadequately labeled "Continue", which requires some extra text by it explaining what it really does.
    I wouldnt call this a Beta, I've seen better preliminary prototype mock-ups.

Pause for storage relocation.

Working...