MS AntiSpyware vs Ad-Aware vs. SpyBot 535
An anonymous reader writes "Flexbeta.net compares Microsoft's new spyware fighting tool, Windows AntiSpyware, to Ad-Aware and SpyBot S&D; the two leading spyware tools on the market today. The review sets up an infected PC using VMWare Workstation and scans the machine using all three tools to see which tool detects the most spyware. Though still in beta, Microsoft AntiSpyware does an amazing job at detecting spyware by finding twice as many infected files as Ad-Aware and nearly three times as SpyBot."
Why would this be a surprise? (Score:3, Interesting)
Just tried to install this MS AntiSpyware (Score:5, Interesting)
Anyone else have this problem using their obscure key of choice? SP2 installed fine a few months ago.
Finding more isn't necessarily good (Score:3, Interesting)
A lot of people, especially on the popular antispyware forums, have simply decided that Spybot and AdAware are the best that there can possibly be, and anything that differs from them in bad.
I'm going to bite and try this out (Score:2, Interesting)
"Before obtaining the requested download, please take a moment to validate your genuine Microsoft Windows installation. Validation assures that you are running an authentic and fully-licensed copy of Windows. Validating now will enable faster access to genuine Windows downloads upon future visits to the Download Center. Please see the Why Validate? page to learn more about the Windows Genuine Advantage program and why validation is recommended."
Obviously clicked no.
False Findings (Score:1, Interesting)
Although, along with the real spyware, it found some "Adware Bundlers" such as KazaaLite, E-Mule and even TightVNC. This may mean that some of the claims of "twice or three times as many spyware files" should be taken with a grain of salt.
Amazing video (Score:1, Interesting)
and they'll explain you why M$ products are a piece of crap, it's quite funny how they manage security bugs to launch a new product.
Re:Twice as much (Score:3, Interesting)
Based on my experiences there's not much to choose from between Spybot and Ad-Aware, and I haven't really worked out where the MS/Giant program fits yet. Some programs that are missed by Ad-Aware get picked up by Spybot and vica-versa, so I'd expect there to be a few new things to be found by the MS effort. What worries me most is that discrepency between Spybot and Ad-Aware; I've never seen that kind of gap between the two in either direction. I suspect that inadvertantly or intentionally the selection of spyware installed on the testbed virtual PC may have been slightly biased.
Re:Not a Microsoft Designed Product (Score:3, Interesting)
Also, they bought Giant Antispyware, and christ on a crutch does that thing do a hell of a lot of false-positives.
I rennamed a textfile something like claria.exe and that thing started screaming immediately that bad people were trying to take over my life.
So seriously, I couldn't care less.
Re:Why would this be a surprise? (Score:3, Interesting)
They don't fix them because they meant them to be there.
Take the notorious problem with Outlook, that it will execute embedded VBscript in emails and send virii (or trojans or whatever) to the people in your address book. Well Outlook was designed to do that. If you have scriptable email, then you can use Exchange/Outlook as a platform to develop workflow applications. Doing it that way has nowadays been superseded by the web, of course. Now, MS were naive to think that no-one would ever exploit that feature maliciously, no-one's denying that. But they can't simply remove VBscript from Outlook because that would break the platform for people who did use it for application building.
Re:isn't it odd (Score:1, Interesting)
I, for one... (Score:2, Interesting)
Seriously.
Yes, it would be better if all the security holes in M$ SW were fixed but guess what: they're not gonna be fixed tomorrow. A good anti-spyware tool is sorely needed. I've cleaned a large number of home and office computers using a number of anti-spyware tools and frankly none of the cut it. At best, some of them suck a little bit less than the rest. I find that at least 3 separate tools are needed to find, clean and keep clean a normal luser's puter. If M$ can come up with a tool that is efficient, free and automagically upgradeable I'd sure as hell cheer.
A small silver lining to all this spyware (Score:2, Interesting)
Ok, I know spyware/adware/viri are a blight on our wonderful internet but here's what I find fascinating about them:
Computers are becoming analogous to small ecosystems. In my mind I often compare the idea to leaving a loaf of bread in my back yard to connecting a fresh windows XP install to a cable modem, maybe surfing a few shady websites and letting it sit for a few months.
In my backyard all kinds of organisms will appear to utilize the bread's resources, birds, insects, bacteria, mold, and who knows what else. And also on this hypothetical computer again all kinds of organisms will be drawn to use up all of the computer's resources (processing/bandwidth) including spyware, adware, virii, worms, etc. I just find it really fascinating how a natural phenomenom like this is finding its way into a manmade system like the internet.
My prediction along these lines is that we're going to see some amazing instances of AI coming from these 'weeds' of the internet (spyware,virii, spam, etc) since they're most 'organic stuff' in the internet system.
Discuss, discuss. (I hope I could express this idea well enough, the analogy seems so clear to me.)
Re:Wow, is this for real (Score:3, Interesting)
Inconsistent results? (Score:3, Interesting)
The first Ad-Aware scan revealed 1309 infected objects and a second scan immediately after a reboot resulted in 291 more infected objects reported. After removal of those objects, we ran Microsoft AntiSpyware Beta. AntiSpyware's scan revealed a whopping 1,877 infected files left over by the Ad-Aware not to mention the nearly 3,000 registry locations infected. One of the files which Ad-Aware failed to detect was WinTools which is suspected to be a Trojan with a maximum threat level.
It was time to pin Microsoft AntiSpyware against SpyBot S&D by first scanning with SpyBot then checking to see how many files SpyBot had left behind. SpyBot's initial scan resulted in 358 "problems" detected. After running SpyBot a second time to make sure it did not report any other "problems", we ran Microsoft AntiSpyware. AntiSpyware was able to detect 659 infected files on the machine with 2.223 registry keys infected.
So, to begin, Ad-Aware found 1,600 infected elements total. AntiSpyware found 4,877 more. Total: 6,477
SpyBot finds 358. AntiSpyware finds 2,882 more. Total: 3,240
Can anyone explain this? Even if the programs are giving false positives on spyware (and, considering that even having malicious spyware installed, 6,000+ detected compromised elements makes false positives almost a promise rather than a hunch), why would AntiSpyware inconsistently return false positives depending on what program scanned the PC first? Doesn't make any sense at all.
Hey, wait a second (Score:3, Interesting)
Only problem is that it's TightVNC. I can understand that -- I mean, someone could use that to access your computer! The weird thing is, it didn't flag Remote Assistance as spyware. Totally missed it.
I think I'll submit a bug.
I concur, MS's AntiSpyware program works well (Score:3, Interesting)
Single Data Point... (Score:3, Interesting)
Interesting. (Score:3, Interesting)
Microsoft AntiSpyware forces you to install IE 6 (Score:4, Interesting)
Microsoft is contributing to their demise (Score:4, Interesting)
Microsoft however cant stand for some reason to be the OS that great things are built on like Linux can and is being today. They try to take their OS and adapt and squeeze out what they consider competition. Then they take the products that other companies make to run on Windows such a Ad-Aware, Norton Antivirus, Lotus Notes and a myriad of other programs out there and try to build them into Windows. Netscape employeed people who designed, maintained, and supported their browser. Microsoft rolled out IE and tied it into their OS sparking a controversy that eventually landed it in court. Yes the consumer has suffered but what about those Netscape employees? Did Microsoft give them jobs making IE better and supporting it? Hardly those guys were muscled out of the marketplace. Now I'm sure they got jobs elsewhere but what and where are they doing things.
This can go for any number of companies that are threatened becuase Microsoft refuses to make windows as good and secure as it can be they only want to add the next cool feature into their OS.
Symantec, Mcaffee, Real, and many other companies employ many good people with ideas and not just the engineers and software hackers, there are secretaries, janitors, and guards that also are employeed and probably buy Windows. Once they lose their jobs becuase Microsoft muscled their company out of business then they probably wont be buying as many computer products anymore.
Thus Microsoft sits there and kills their own bottom lines.
Of course were all eventually damned in that robots and smart computers will replace our jobs. Just look at those poor bastards that are being replaced in the Toyota autoplants here soon. This will spread to all auto makers across the world and it will not stop there. Productivity increases due to these robots will put strain initally on supply lines becusae those humans cant keep up and then one company will pick up the slack by having robots do that portion of the work and other companies will have to do so to keep up.
From there it's basically a self feeding reaction that eventually will nullify every job we have or can move to in the next 50-100 years.
Oh and governments would step up to help you?
System File Checker (Score:2, Interesting)
0. Get all Windows updates, patches, etc.
1. Get both programs (Spybot and Adaware)
2. Update both via downloading the newest signature files.
3. Reboot in safe mode. (press F8, etc.)
4. Run both programs.
5. Optionally open msconfig (not available in Win2K) and/or regedit and check to see what is still running and track down each item at http://www.pacs-portal.co.uk/startup_index.htm [pacs-portal.co.uk] or similar.
6. Reboot.
7. Optionally take a look to see if any items you removed in step 5 recreate themselves.
8. Optionally install firefox, etc.
Heh heh. Re-reading this makes it seem not so easy, but everything is easy when you know how.
I have noticed newer spyware variations doing two VERY BAD THINGS.
1. Preventing adaware, spybot, norton, etc. from working. Via the hosts file or otherwise.
2. Modifying system files so that they can not be removed. I turned one friend's computer (running XP) into a paperweight. Because the program was manipulating winlogon.exe. Adaware removed it and the computer would logout every time you tried to logon. I had to extract the file from an XP boot disk.
OK. So the point of this post was that since Microsoft knows their files the best, one would assume they could check file checksums and file dates, etc. and prevent these sorts of shenanigans.
They have had a program called System File Checker sfc.exe since the windows 98 days. I always thought an adaware program combined with this would be nice.
Although I have never figured out how these spyware programs can circumvent "system file protection" when it is a royal pain for US to do so.
Unnecessary app, fix the autostart instead! (Score:2, Interesting)
If Windows were to ASK the user during startup what services and programs to autostart (except for the well known and checksummed original, MS, services), most of the spyware wouldn't even start!
Some will say that users will answer "yes, start that too" to all programs, but that's mostly depending on the GUI used for the asking process:
* Perhaps all processes/services should by default not start automatically
* Each have a (short) warning text.
* Only one place for all autostarts! Not HKLM, HKCU, Startup,
* Figure out more stuff here yerselves... I don't work at MS and I don't want to invent stuff for them for free!
Since most users believe that they need to buy a new computer because the old one is slow, but it's due to spyware (are Intel/MS supporting the spyware creators to increase sales?), which clings to the OS like a spider in all of it's autostart places...
Aimed at the masses (Score:2, Interesting)
It's obvious that this software is aimed towards the uninformed masses in the same way SP2. I'd wager that most non-techie people barely know what spyware is, let alone how to find spyware-free "lite" versions of software, assuming they exist.
Also, the real time agent kicks serious ass. I'm amazed that people have even tried to criticise that (simply because its MS) by saying "oh great, yet another TSR program to run in the background, way to go M$!". When I installed the latest Sun JVM it informed me that a Browser Helper Object was installed and that it was "safe". A nice touch.
In other news, how come there hasn't been a front page story on these serious flaws in Mozilla and Firefox [securityfocus.com] ? Double standards? I'm all for bashing MS when appropriate but lauding every single IE flaw with a seperate story and ignoring something like this doesn't exactly paint the site as unbiased.
spybot/adaware combo still works better for me... (Score:2, Interesting)
5 infected files
1 threat (real vnc)
Then I ran spybot after running the microsoft program:
12 files found
including valueclick
advertising.com
avenue a, inc
double click
DSO exploit
fastclick
mediaplex
and finally I ran adaware:
25 critical objects found
All of these programs had the signatures updated. Spybot and adaware collectively caught 37 more files than the microsoft beta did...
But it is still in beta I guess.
Warning: Real-Time option reenables itself (Score:5, Interesting)
In any case, I uncheked the "install real time protection agents" option during installation, but after running the scan I ran through the options to see what other features it had. Surprise, RTP was enabled. Oh the irony of MS AntiSpyware behaving in the same shady fashion as Spyware apps. ;)
So if you do install it but don't want the RTP agents, make sure you hit up the options before quitting.
Behaviour confirmed. (Score:3, Interesting)
It also made my PC run slower than before.
It found VNC as "spyware", but it set the "remove/ignore" option to "ignore" so that wasn't so bad.
Other than that, it didn't find anything. But I run FireFox with adblock and both spybot and ad-aware so I wasn't expecting anything to show up.
I've uninstalled Microsoft's anti-spyware and it left the directory and log files on my PC without giving me any uninstall warnings.
Re:Behaviour confirmed. (Score:3, Interesting)
The rest is typical with microsoft.
I would be curious of an anti-spyware app could be written to run on a network, since profiles are stored on a central server and that server is never used to browse the Internet it would be the perfect environment to clean spyware from all the profiles out there.It would also be nice if you could script the app so for instance, your organization uses Alexa or Viewpoint you could enable it to prevent apps from breaking while disabling or removing all other spyware.
Re:Wow, is this for real (Score:2, Interesting)
The second case would be a factor of R&D which if confirmed that the detection does exist does prove a superior product.
Alternatively if the Microsoft product is finding more because they know exactly where the OS weaknesses are then that is an odd situation. Wouldn't that indicate that they know about these problems and instead of incorporating it into the OS they would charge you for them? That would also mean that those problems detected by the scanner will *not* be incorporated into the OS because it would come as a hotfix rather than in a def file.
I think this kind of software will do more to show the tigers true stripes then sell a new product. Maybe not today but eventually people will start to ask why.
2 more cents
Re: keep the politics out, please.... (Score:5, Interesting)
Whether you think the anti-trust case was a good idea or a bad one, you have to concede that Microsoft might well have been broken up by now if Al Gore had won the election. Pointing out that fact doesn't make me a partisan.
Again, your memory needs refreshing. MS's dominance of the OS market is pretty much an accident. That actually got into the business against their own will. They wanted to sell development tools for the new IBM PC, but that meant that IBM had to adopt an OS those tools would run on. Which is why they steered IBM to CP/M. When that fell through, they hurriedly licensed a CP/M clone from Seattle Computer Products, which became the basis for MS-DOS.MS-DOS is one of the biggest abortions since the rise of modern technologies (find me a single OS expert who will give it high marks). Yet its very flaws created such a high level of lockin with the PC platform itself -- which was also pretty flawed. Since compatibility soon became the name of the game, clone computers had to reproduce all of IBMs mistakes. And since their biggest mistake was choosing MS-DOS, computer makers ended up paying a tithe to Bill for every box they sold.
But even if you were correct, and Bill achieved his success by technical brilliance and plain good business -- so what? He got his reward when he became the richest dude on the planet. He did not earn the right to destroy the very marketplace that made him rich. Microsoft's role in the current marketplace is bad for all of us -- including Microsoft. Calling me ideological names isn't going to change that.
VNC is evil!!!!111 (Score:5, Interesting)
It also felt the need to alter my hosts file for me. It didn't like the fact that I had "ads.msn.com" pointing to 127.0.0.1 (as well as over 100 other ad domains; the only one it cared about was MSN!)
Alternative Software (Score:3, Interesting)
They're most admirable projects, however, neither are comprehensive.
Often times, you have to run both to try to remove something, and there is still spyware installed.
Neither offers a preemptive system either (filtering web, watching the registry etc)
The *most* comprehensive program I have found is webroot SpySweeper [webroot.com].
It is incredibly thorough, has staff dedicated to finding new spyware strains, the ability to report suspicious files, the works.
False Positives... (Score:2, Interesting)