MS AntiSpyware vs Ad-Aware vs. SpyBot

An anonymous reader writes "Flexbeta.net compares Microsoft's new spyware fighting tool, Windows AntiSpyware, to Ad-Aware and SpyBot S&D; the two leading spyware tools on the market today. The review sets up an infected PC using VMWare Workstation and scans the machine using all three tools to see which tool detects the most spyware. Though still in beta, Microsoft AntiSpyware does an amazing job at detecting spyware by finding twice as many infected files as Ad-Aware and nearly three times as SpyBot."

For fairness...

[Raindance]

To be fair, "infected files" is a rather ambiguous notation (perhaps "malicious packages" would be a better way to count things).

I would also feel better if the submitter hadn't been anonymous. Though it's probably not astroturfing.

RD

Twice as much

[ZeroExistenZ]

Not having read the article yet, I do wonder what the scanner reports as spyware in order to get "twice as much results as Adaware" and "three times as much as Spybot".

I'm just sceptical about MS + Anti-Spyware mix.

Unfair advantage?

[meckardt]

Wouldn't the MS product have an unfair advantage... after all, isn't the Redmond crew responsible for a lot of that stuff anyway?

Great!

[2MuchC0ffeeMan]

The Real-Time Protection agent is awesome. It automatically informs you of any changes being made to your current settings; such as if your IE homepage is trying to be changed. It also warns the user if any spyware is trying to be installed.
So it has to be running first. Just what i want my computer to do, run more stuff.

Also, I kinda know when our homepage is hijacked, and this is why i switched to firefox.

Missing Information

[sangreal66]

I only took a curory glance at the article before it was /.ed, but I did not see any attempt at analyzing how many of the additional items found by MSAS were false positives. This seems like pretty vital information.

MS = the Mob

[HeyBob!]

It's kind of like the Mob offering protection services to merchants. They're the problem in the first place!

This kind of protection should already be in Windows, or least, make the OS completely separate from the apps and the data.

You should be able to click on any process running and see complete details as to what it is, why it is running and access it's startup options.

The REAL Ultimate Windows Anti-Spyware Program

[BioCS.Nerd]

FireFox [mozilla.org]

An Ad-Aware/FireFox combination has served my parent's computer well for quite sometime. My father's business exclusively uses the above combination with great results.

Enough already.

[XorNand]

Ok, enough of the "MS should do better, they make the holes" comments. If you remember correctly, MS bought [theregister.co.uk] this code only a short while ago from Giant Company. About the only thing Redmond has done is repackage and rebranded it.

Re:Great!

[Anonymous Coward]

I think it's worth the speed decrease compared to the speed impact spyware creates.

Re:Why would this be a surprise?

[Flamesplash]

wow :)

On the counter point, *nix is like having 10 fingers but only knowing that 6 of them are there, and then only actually knowing how to use 3 of them.

I'm still waiting for the days of OSX but with windows.... cygwin will have to suffice for now.

Cry me a river

[js3]

MS leaves fixes to 3rd party. WAAAA!! why doesn't ms fix their own shit

MS releases patches to fix their product. WAAA!!! this patch broke my already broken system.

MS release tools to detect and fix malicious apps that ruin their product. WAAAA!! a lot of spam companies will go out of business

damned if you do, damned if you don't

Hold up!

[NeoSkink]

Wait wait wait! Microsoft is going to charge for their program?

Maybe I haven't been following the story very closely, but that seems like a stupid move. "Our operating system and browser allow this stuff in the first place, now pay us to remove it."

Keeping that in mind, I'll stick with the FREE AA and SB.

Re:For fairness...

[damiam]

Um, all /. submitters are anonymous. Just because they signed up for an account doesn't mean you have any idea who they are.

Re:The whore on the corner is selling condoms

[HiyaPower]

I think you have a problem that you should deal with. I have dealt with my M$ problem. I just do not use their crud. No crud, no spyware, no problem.

Spyware

[JohnyDog]

Both Ad-aware and Spybot are popular and estabilished, which means that newer spyware/adware knows them, knows how to hide, avoid them or even completely disable them, even if they're frequently updated. So it isn't surprising that MS AntiSpyware performs better now, but that doesn't tell anything about how it will perform in few months from now.

Re:Missing Information

[TheRaven64]

Since they are running this in VMWare, and are hence able to save the state of the system, the best way to run this test would be to first run each product on the test image and tell it to remove everything it recognised. Then run each other product on the resulting image and discover what had been missed. Simply comparing the number each reports finding is hardly a good comparison.

Disclaimer: TFA was slashdotted by the time I tried to R' it.

The advanced tools are worth the d/l alone

[British]

The MS utility fonud some Dutch porn dialer that was on my system since 2003. AdAware never found it.

But what wowed me were the useful utilities in the "advanced tools". I was finally able to disable a few annoying system tray icons(totally forgetting how to do it in Win2k). I still can't get the Nvidia driver utilities off, but MS is not to blame in that case.

The tracks eraser functionality goes way beyond a simple "url cleaner". You can clear the document history, etc for TONS of apps. I'm wondering when the anti-MS zealots will be yelling that it will be a useful tool for child pornographers(heh).

The GUI is a bit shoddy. I wish I could keep the heiarchial list of stuff when I'm inspecing the startup apps, etc, and there's no + to collapse/expand. Either way, I love the advanced utilities alone, and could probably clean out TONS of spyware, etc if I run this on my dad's PC.

Re:Why would this be a surprise?

[marktaw.com]

That's a load of crap, Microsoft bought this product, not develop it in house. All products Microsoft buys are great products - Visio, NT, DOS, (the list goes on and on) but they end up ruining them in a few years.

Re:Inconsistent results?

[Feztaa]

First, it's because you read "1" as "4" (reread your own post, you even quoted it properly). Second, it's because Adaware and spybot count the infections differently (and find different ones), thus the ones found by MSAS afterwards vary.

Basically, it's apples and oranges.

Re:Wow, is this for real

[Master of Transhuman]

Depends on your definition of "free software", doesn't it?

If someone writes a utility and gives it away, it rarely has spyware in it.

If a commercial or sports site "gives away" some lame "utility" to help you keep track of baseball scores, it usually has spyware in it.

This is not "free software".

I've NEVER seen spyware in GENUINE "freeware".

I frequent porn sites and I rarely even get spyware from THEM since they already know what you want and don't need to spy on you - and mainstream commercial advertisers don't advertise on them because it looks bad, so there is no motivation to put spyware on many porn sites. Of course, there are the lame sites that install overseas dialers and crap like that, but in general you get spyware from lame commercial sites selling crap.

Re:Wow, is this for real

[fm6]

You got modded up as funny. You deserve the upmod, but I think you make a serious point. Microsoft products don't always start out as total crap. Sometimes they buy a decent product from somebody, or invent something with a good basic design (their old Multiplan product was the first spreadsheet I didn't consider a total kludge), or invent some idea that could be really useful if it's implemented right. But then they throw their bureaucracy, their intense intracompany rivalies, their focus groups, their love of feature bloat, and (most of all) their compulsive tweaking at the product. Before you know it, you have some monstrosity that only runs on the latest hardware and that's a total pain to use.

That's why I'll always be sorry the Democrats didn't stay in power long enough to break Microsoft up. If Microsoft developers were forced to operate in a competitive environment where mistakes actually hurt them, we'd all be better off -- including the former Microsofters.

Re:False positives..

[cookiepus]

Also, it reported with glee that TightVNC is a dangerous hacking tool. I happen to use it to help out people, exactly the kind of people who are likely to remove it if AntiSpyware complains about it (e.g. my mom).

It reported RealVNC as "Commercial Remote Control Product" with a danger meter of 50%. Since I know I run RealVNC, I said "always ignore this". It won't show up in the hits again. But I would imagine there are people out there who have VNC installed on their systems by someone who spies on them (untrusting boyfriend perhaps?) so why shouldn't those people be warned? If they have VNC for a good reason (like you and I do) they can easily exclude it from future hits.

I also got a complaint about some eDonkey registry keys. I am not sure I ever ran eDonkey, perhaps it's because eMule registers itself to handle eDonkey links. I also said to ignore this always, so it won't show up again.

I see both of these as valuable features. There are people out there who may not know they have VNC installed, and there are people out there who may not know eDonkey has adware (or whatever the problem is) - those people should be warned of this. We can easily ignore the information and make it not appear in the future.

Also, its on-access scanner (for want of a better word) comes with an enormous performance hit, and is mostly concerned with Internet Explorer hacks. Those are a minor concern for me since I use firefox

So turn off the real-time checks.

It's trivial to generate false positives...

[John3]

How about attaching your claria.exe text file to all your outgoing emails, sending your emails out with a subject of "I'm not selling Viagra , Cialis, or Rolex Watches!!!!" and see what kind of false positives you get from anti-spam and anti-virus filters. It's not a precise science, so I'd expect false positives when you make a concious attempt to fool the program.

That's not to say they can't make it more accurate, but they may be trading off accuracy for speed (filename match rather than file signature). If I was designing it I wouldn't be real concerned with trying to correctly deal with bored users trying to fool our program by renaming their important documents to "claria.exe".

Re:Wow, is this for real

[imroy]

Maybe the MS product found the Spybot S&D definition file(s). Did you pay much attention to what the MS beta had found before telling it to delete them all?

RE: keep the politics out, please....

[King_TJ]

I'd agree with the first part of your point.... but when you go on the political rant by saying "you'll always be sorry the Democrats didn't stay in power long enough to break Microsoft up" - you lose me.

Why can't people get it through their heads that Microsoft's problems are part of the natural course of free-market economics? They didn't start out a huge business, placing their OS on everyone's computer. They *earned* that position through superior marketing and business deals. Now that they've become so huge, they're running into the problems that ALWAYS plague the "top dog" in a given market. They start slipping... failing to innovate, and resort to buyouts of other people's products. The mistakes they made years ago (bugs in products, security holes, etc.) come back to haunt them 10x over, because their products are in use by so many people now. The old "too many cooks spoil the soup" addage comes into play, because too many hands are involved in the production/updates of their software products.

Eventually, Microsoft will become a recipe for failure from the *inside* - and someone with more competitive edge will emerge as a new market leader. There's no need for Democrats to break this business up, and frankly, suggesting it's the "best way" to handle the problems they've caused seems truly un-American to me.

Re:Wow, is this for real

[Anonymous Coward]

That's why I'll always be sorry the Democrats didn't stay in power long enough to break Microsoft up.

The democraps were in power the entire time Microsoft was growing into a monopoly, if they were so concerned about it they should have done something then instead of retailiating when MS didn't pay them off like their competitors did.

No surprise, really

[MigLar2000]

It's no surprise that Microsoft is better at detecting spyware, most of it is their fault.

Re:Not a Microsoft Designed Product

[displaced80]

Indeed. What's worrying isn't that perfectly innocent user behaviour triggers detection. Rather, that string (or even filename pattern-matching) is a dumb way to detect.

Spyware makers will start (if they haven't already) randomizing the filenames, registry keys, etc. Then your anti-spyware software's gotta start doing what it should've in the first place -- something smart.

OOBE

[Ancient_Hacker]

lesse, just a few notes of my first look at it:

• Apparently they're not interested in bringing pirates into the MS fold, it only runs on "authorized" installations. Hmmm..
• It asks me if I want it to run at 2 AM, I click "no", then later it reports it's set to run at 2AM. Hmmm....
• I click on Manage 2AM runs, and I see no option to turn them off. If you deselect all runs, it complains that you havent selected any runs. Hmmm...
• Screen is a dog's breakfast:
• non standard panel borders that trail off, looking like a bad screen update.
• The app name appears several times, in different fonts and sizes. One instance is clickable, and takes you to an unexpected summary page. The next text isnt.
• There's a cacophony of active items. There's menus. There's clickable text. There's a separate area on the top right with BOTH icon-like things and clickable text.
• If you click on the things in the upper right, it immediatel;y and irrevokably cancels the current scan. Nice. Not only does it do something unexpected, it doesnt even ask if you want to do it, and you can't back out or continue. Sweet.
• Like many of these thingies, it feels it has to put up the name of every file it is scanning, and update the file totals. And run a dumb little static animation that really makes no sense, as it isnt moving files at all. This is not only useless and misleading information, it slows down the scanning process, especially with older video cards.
• It did find one registry key, but AFAICS it doesnt bother explaining what it is and what the ramifications are. And the button to remove it is inadequately labeled "Continue", which requires some extra text by it explaining what it really does.

I wouldnt call this a Beta, I've seen better preliminary prototype mock-ups.

Let me refresh your memory

[Anonymous Coward]

That's why I'll always be sorry the Democrats didn't stay in power long enough to break Microsoft up.

And yet, it was under the Democrats that we got the DMCA.