MS AntiSpyware vs Ad-Aware vs. SpyBot 535
An anonymous reader writes "Flexbeta.net compares Microsoft's new spyware fighting tool, Windows AntiSpyware, to Ad-Aware and SpyBot S&D; the two leading spyware tools on the market today. The review sets up an infected PC using VMWare Workstation and scans the machine using all three tools to see which tool detects the most spyware. Though still in beta, Microsoft AntiSpyware does an amazing job at detecting spyware by finding twice as many infected files as Ad-Aware and nearly three times as SpyBot."
Wow, is this for real (Score:5, Funny)
Re:Wow, is this for real (Score:3, Funny)
Re:Wow, is this for real (Score:3, Interesting)
Re:Wow, is this for real (Score:5, Insightful)
Re:Wow, is this for real (Score:5, Informative)
The same problem happens with legislation. The Bono anti-spyware bill as currently drafted would make most of the anti-spyware programs illegal. its not intentional, its just bad drafting. The problem is that what is spyware is at some level a consent issue and so drafting is horribly difficult.
Warning: Real-Time option reenables itself (Score:5, Interesting)
In any case, I uncheked the "install real time protection agents" option during installation, but after running the scan I ran through the options to see what other features it had. Surprise, RTP was enabled. Oh the irony of MS AntiSpyware behaving in the same shady fashion as Spyware apps. ;)
So if you do install it but don't want the RTP agents, make sure you hit up the options before quitting.
Behaviour confirmed. (Score:3, Interesting)
It also made my PC run slower than before.
It found VNC as "spyware", but it set the "remove/ignore" option to "ignore" so that wasn't so bad.
Other than that, it didn't find anything. But I run FireFox with adblock and both spybot and ad-aware so I wasn't expecting anything to show up.
I've uninstalled Microsoft's anti-spyware and it left the directory
Re:Behaviour confirmed. (Score:3, Interesting)
The rest is typical with microsoft.
I would be curious of an anti-spyware app could be written to run on a network, since profiles are stored on a central server and that server is never used to browse the Internet it would be the perfect environment to clean spyware from all the profiles out there.
It would also be nice if you could script the app so for instance, your organization uses Alexa or Viewpoint you could enable it to prevent apps fro
Re:Wow, is this for real (Score:5, Insightful)
That's why I'll always be sorry the Democrats didn't stay in power long enough to break Microsoft up. If Microsoft developers were forced to operate in a competitive environment where mistakes actually hurt them, we'd all be better off -- including the former Microsofters.
Re: keep the politics out, please.... (Score:5, Interesting)
Whether you think the anti-trust case was a good idea or a bad one, you have to concede that Microsoft might well have been broken up by now if Al Gore had won the election. Pointing out that fact doesn't make me a partisan.
Again, your memory needs refreshing. MS's dominance of the OS market is pretty much an accident. That actually got into the business against their own will. They wanted to sell development tools for the new IBM PC, but that meant that IBM had to adopt an OS those tools would run on. Which is why they steered IBM to CP/M. When that fell through, they hurriedly licensed a CP/M clone from Seattle Computer Products, which became the basis for MS-DOS.MS-DOS is one of the biggest abortions since the rise of modern technologies (find me a single OS expert who will give it high marks). Yet its very flaws created such a high level of lockin with the PC platform itself -- which was also pretty flawed. Since compatibility soon became the name of the game, clone computers had to reproduce all of IBMs mistakes. And since their biggest mistake was choosing MS-DOS, computer makers ended up paying a tithe to Bill for every box they sold.
But even if you were correct, and Bill achieved his success by technical brilliance and plain good business -- so what? He got his reward when he became the richest dude on the planet. He did not earn the right to destroy the very marketplace that made him rich. Microsoft's role in the current marketplace is bad for all of us -- including Microsoft. Calling me ideological names isn't going to change that.
Re:Wow, is this for real (Score:5, Informative)
It shouldn't suprise anybody that Spybot and AdAware miss a lot of stuff. There's a lot of crap out there -- I've heard reports of people having thousands of infections. The big problem is keeping those databases up to date. Since Spybot is basically some guy's hobby, and Lavasoft has never put a lot of effort into maintaining AdAware (a product that was given to them by its original author, on the condition that they always provide a free version), naturally their databases have lagged. It was inevitable that somebody with deep pockets would invest the time and money to do a better job.
Not a Microsoft Designed Product (Score:5, Informative)
Wait a few generations, then it will be a 'true' Microsoft Product..
Re:Not a Microsoft Designed Product (Score:3, Interesting)
Also, they bought Giant Antispyware, and christ on a crutch does that thing do a hell of a lot of false-positives.
I rennamed a textfile something like claria.exe and that thing started screaming immediately that bad people were trying to take over my life.
So seriously, I couldn't care less.
Re:Not a Microsoft Designed Product (Score:5, Funny)
Wow, how horrible. I can't imagine how annoying and dangerous that would be for me, given how often I rename text files to claria.exe.
Re:Not a Microsoft Designed Product (Score:3, Funny)
Re:Not a Microsoft Designed Product (Score:3, Insightful)
Spyware makers will start (if they haven't already) randomizing the filenames, registry keys, etc. Then your anti-spyware software's gotta start doing what it should've in the first place -- something smart.
It's trivial to generate false positives... (Score:5, Insightful)
That's not to say they can't make it more accurate, but they may be trading off accuracy for speed (filename match rather than file signature). If I was designing it I wouldn't be real concerned with trying to correctly deal with bored users trying to fool our program by renaming their important documents to "claria.exe".
Re:Not a Microsoft Designed Product (Score:3, Informative)
Re:Wow, is this for real (Score:3, Funny)
Re:Wow, is this for real (Score:3, Informative)
Netscape was always technically superior to IE.
Re:Wow, is this for real (Score:5, Funny)
Re:Wow, is this for real (Score:5, Informative)
I've noticed adaware often does this. It says there are 300 infections, but only 3 of them are program executables and only 1 is running. Many of them are cookies, so I suppose those could count individually, but seperate dlls for the 3 programs it found should not be counted as seperate infections.
Usually they do show what each file belongs to as well, so you can see roughly how many products they're removing. The number of files removed _is_ relavent however - many spyware programs tend to make multiple copies of themselves that'll happily restore each other when one is removed.
Re:Wow, is this for real (Score:5, Insightful)
Depends on your definition of "free software", doesn't it?
If someone writes a utility and gives it away, it rarely has spyware in it.
If a commercial or sports site "gives away" some lame "utility" to help you keep track of baseball scores, it usually has spyware in it.
This is not "free software".
I've NEVER seen spyware in GENUINE "freeware".
I frequent porn sites and I rarely even get spyware from THEM since they already know what you want and don't need to spy on you - and mainstream commercial advertisers don't advertise on them because it looks bad, so there is no motivation to put spyware on many porn sites. Of course, there are the lame sites that install overseas dialers and crap like that, but in general you get spyware from lame commercial sites selling crap.
Re:Wow, is this for real (Score:3, Informative)
For fairness... (Score:5, Insightful)
I would also feel better if the submitter hadn't been anonymous. Though it's probably not astroturfing.
RD
Single Data Point... (Score:3, Interesting)
Re:For fairness... (Score:3, Funny)
Where those 4000+ files in the spybot/adaware quarantine directories?
Wait a minute... (Score:5, Funny)
Funny... (Score:5, Funny)
Re:Funny... (Score:2)
Re:Funny... (Score:2)
Re:Funny... (Score:2)
fair and blanced (Score:2)
M$ Expertise (Score:2)
Twice as much (Score:2, Insightful)
Not having read the article yet, I do wonder what the scanner reports as spyware in order to get "twice as much results as Adaware" and "three times as much as Spybot".
I'm just sceptical about MS + Anti-Spyware mix.
Re:Twice as much (Score:5, Informative)
Adaware and Spybot report a lot of cookies. MS's program didn't. On the other hand, the AntiSpyware program found stuff the other two didn't. Total "hits" weren't 2-3x, but I've decided to keep AntiSpyware in addition to the other two programs.
Re:Twice as much (Score:3, Funny)
Re:Twice as much (Score:3, Interesting)
Based on my experiences there's not much to choose from between Spybot and Ad-Aware, and I have
Re:Twice as much (Score:5, Informative)
Re:Twice as much (Score:5, Informative)
Serv-U FTP Server is appearantly a "Trojan FTP", default action is to "quarantine" in MS's view.
Re:Twice as much (Score:5, Informative)
Yeah, it wanted to kill off pieces of eMule, Shareaza and Unreal Tournament 2004 on my box.
VNC is evil!!!!111 (Score:5, Interesting)
It also felt the need to alter my hosts file for me. It didn't like the fact that I had "ads.msn.com" pointing to 127.0.0.1 (as well as over 100 other ad domains; the only one it cared about was MSN!)
Unfair advantage? (Score:2, Insightful)
Why would this be a surprise? (Score:3, Interesting)
Re:Why would this be a surprise? (Score:3, Interesting)
They don't fix them because they meant them to be there.
Take the notorious problem with Outlook, that it will execute embedded VBscript in emails and send virii (or trojans or whatever) to the people in your address book. Well Outlook was designed to do that. If you have scriptable email, then you can use Exchange/Outlook as a platform to develop workflow applications. Doing it that way has nowadays been superseded by the
Re:Why would this be a surprise? (Score:5, Informative)
At least in the beginning they took measures to stop it; the original outlook couldn't even receive pop or imap email and hence the only incoming email was supposed to be from the corporate Exchange server.
It was only later, when the internet became popular, that, uh, by popular demand they produced add-on packs for exchange with which you could use pop, smtp and imap.
Then the email viruses began to take advantage...
I reckon that they should now go the other way around; produce a special add-on pack for the VB scripting and just leave it right out of the default install.
Re:Why would this be a surprise? (Score:3, Insightful)
Re:Why would this be a surprise? (Score:3, Insightful)
On the counter point, *nix is like having 10 fingers but only knowing that 6 of them are there, and then only actually knowing how to use 3 of them.
I'm still waiting for the days of OSX but with windows.... cygwin will have to suffice for now.
Great! (Score:5, Insightful)
The Real-Time Protection agent is awesome. It automatically informs you of any changes being made to your current settings; such as if your IE homepage is trying to be changed. It also warns the user if any spyware is trying to be installed.
So it has to be running first. Just what i want my computer to do, run more stuff.
Also, I kinda know when our homepage is hijacked, and this is why i switched to firefox.
Missing Information (Score:5, Insightful)
Re:Missing Information (Score:3, Insightful)
Disclaimer: TFA was slashdotted by the time I tried to R' it.
Re:Missing Information (Score:3, Funny)
MS = the Mob (Score:4, Insightful)
This kind of protection should already be in Windows, or least, make the OS completely separate from the apps and the data.
You should be able to click on any process running and see complete details as to what it is, why it is running and access it's startup options.
Re:MS = the Mob (Score:2)
I've no idea - I only use Windoze
The REAL Ultimate Windows Anti-Spyware Program (Score:3, Insightful)
An Ad-Aware/FireFox combination has served my parent's computer well for quite sometime. My father's business exclusively uses the above combination with great results.
Enough already. (Score:5, Insightful)
And if we a relucky (Score:2)
That said, at least they are doing something, even if it is only buying something.
Of course using it to have people prove they aren't guilty of copyright infringement is a little scummy. At least people can click no.
Just tried to install this MS AntiSpyware (Score:5, Interesting)
Anyone else have this problem using their obscure key of choice? SP2 installed fine a few months ago.
Re:Just tried to install this MS AntiSpyware (Score:5, Informative)
Finding more isn't necessarily good (Score:3, Interesting)
A lot of people, especially on the popular antispyware forums, have simply decided that Spybot and AdAware are the best that there can possibly be, and anything that differs from them in bad.
Re:Finding more isn't necessarily good (Score:4, Informative)
This is not to say that there are not other legitimate programs out there, but sadly, if it's not on the short list of proven applications [spywarewarrior.com] it should be scrutinized before it is endorsed.
I'm going to bite and try this out (Score:2, Interesting)
"Before obtaining the requested download, please take a moment to validate your genuine Microsoft Windows installation. Validation assures that you are running an authentic and fully-licensed copy of Windows. Validating now will enable faster access to genuine Windows downloads upon future visits to the Download Center. Please see the Why Validate? page to learn more about the Windows Genuine Advantage program and why validation is recommended."
They created the problem!!! (Score:2)
For some reason, I don't think I'll be trusting them to much.
spy vs spy (Score:2)
yeah... (Score:2)
This isn't really MS antispyware (Score:5, Informative)
MS just bought giant AS and rebranded their product as Microsoft. As far as I can tell there's very little change to the program itself beyond the branding.
Giant has always been among the top antispyware products, as evidenced by Failing Grades for most anti-spyware tools [slashdot.org] so this "MS should know their own security holes better than anyone" stuff isn't strictly relevant. I think MS should foucus more on fixing the secuity problems in IE that are responsible for 90%+ of spyware infections rather than sticking plaster over the holes by buying up anti-spyware solutions. Is this even going to be free when it's released?
Personally I prefer webroot spysweeper anyway, Giant has always generated too many false positives for me.
yep it really works (Score:2)
Unfair (Score:2)
but what about aol? (Score:2)
the reason i ask is that, like many of you, i am the CIO of my family, and my family is at the lower end of the spectrum that defines excellent computer using. a few family members have AOL, so i'm curious as to whether it saves me time and headaches to use the AOL tool as opposed to another. because if i have to spend half my chris
I had different results (Score:2)
The MS product found 3 problems: tightvnc, iMesh infecting every file in my Oracle client directory !!!, and a third one I can't remember. Spybot on the same computer found about 10 things, all different.
So in my little test, MS did pretty poorly. I'm sure that every file in the c:\orahome directory was not infected with adware. And it missed quite a bit that spybot found.
The b
I, for one... (Score:2, Interesting)
Seriously.
Yes, it would be better if all the security holes in M$ SW were fixed but guess what: they're not gonna be fixed tomorrow. A good anti-spyware tool is sorely needed. I've cleaned a large number of home and office computers using a number of anti-spyware tools and frankly none of the cut it. At best, some of them suck a little bit less than the rest. I find that at least 3 separate tools are needed to find, clean and keep clean a normal luser's p
Specific Firefox / Mozilla protection (Score:2)
I wouldn't be surprised if somehow the MS spyware removal tool fails to fix anything Moz related.
Too many hits (Score:2, Funny)
An email has been sent to the administrator notifying them of the problem. Please try again later.
They're letting us slashdot their mail server too?
It is good! (Score:2, Funny)
How long? (Score:2)
Hold up! (Score:4, Insightful)
Maybe I haven't been following the story very closely, but that seems like a stupid move. "Our operating system and browser allow this stuff in the first place, now pay us to remove it."
Keeping that in mind, I'll stick with the FREE AA and SB.
It caught itself trying to make changes (Score:3, Funny)
So this is how they are going to promote their new search engine.
Spyware (Score:4, Insightful)
The advanced tools are worth the d/l alone (Score:5, Insightful)
But what wowed me were the useful utilities in the "advanced tools". I was finally able to disable a few annoying system tray icons(totally forgetting how to do it in Win2k). I still can't get the Nvidia driver utilities off, but MS is not to blame in that case.
The tracks eraser functionality goes way beyond a simple "url cleaner". You can clear the document history, etc for TONS of apps. I'm wondering when the anti-MS zealots will be yelling that it will be a useful tool for child pornographers(heh).
The GUI is a bit shoddy. I wish I could keep the heiarchial list of stuff when I'm inspecing the startup apps, etc, and there's no + to collapse/expand. Either way, I love the advanced utilities alone, and could probably clean out TONS of spyware, etc if I run this on my dad's PC.
Inconsistent results? (Score:3, Interesting)
The first Ad-Aware scan revealed 1309 infected objects and a second scan immediately after a reboot resulted in 291 more infected objects reported. After removal of those objects, we ran Microsoft AntiSpyware Beta. AntiSpyware's scan revealed a whopping 1,877 infected files left over by the Ad-Aware not to mention the nearly 3,000 registry locations infected. One of the files which Ad-Aware failed to detect was WinTools which is suspected to be a Trojan with a maximum threat level.
It was time to pin Microsoft AntiSpyware against SpyBot S&D by first scanning with SpyBot then checking to see how many files SpyBot had left behind. SpyBot's initial scan resulted in 358 "problems" detected. After running SpyBot a second time to make sure it did not report any other "problems", we ran Microsoft AntiSpyware. AntiSpyware was able to detect 659 infected files on the machine with 2.223 registry keys infected.
So, to begin, Ad-Aware found 1,600 infected elements total. AntiSpyware found 4,877 more. Total: 6,477
SpyBot finds 358. AntiSpyware finds 2,882 more. Total: 3,240
Can anyone explain this? Even if the programs are giving false positives on spyware (and, considering that even having malicious spyware installed, 6,000+ detected compromised elements makes false positives almost a promise rather than a hunch), why would AntiSpyware inconsistently return false positives depending on what program scanned the PC first? Doesn't make any sense at all.
Re:Inconsistent results? (Score:3, Insightful)
Basically, it's apples and oranges.
Hey, wait a second (Score:3, Interesting)
Only problem is that it's TightVNC. I can understand that -- I mean, someone could use that to access your computer! The weird thing is, it didn't flag Remote Assistance as spyware. Totally missed it.
I think I'll submit a bug.
Priceless (Score:3, Funny)
They even detect their own crap!
I concur, MS's AntiSpyware program works well (Score:3, Interesting)
False positives.. (Score:5, Informative)
It even managed to warn against registry settings put in place by SpyBot to ensure a malicious site runs in internet explorer's restricted zone!
Also, it reported with glee that TightVNC is a dangerous hacking tool. I happen to use it to help out people, exactly the kind of people who are likely to remove it if AntiSpyware complains about it (e.g. my mom).
Then a load of DLLs that are actually dummy DLLs shipped with the "lite" version of a (once upon a time) popular ad/spyware ridden app - again, it's detecting its competition!
And then there are the residual files/empty directories/registry settings that adaware/spybot didn't remove some months ago when I tried an app that came with ad/spyware. No active components at all.
Another thing I don't like about it is that it's user interface doesn't scale properly when you've adjusted your DPI settings.
Also, its on-access scanner (for want of a better word) comes with an enormous performance hit, and is mostly concerned with Internet Explorer hacks. Those are a minor concern for me since I use firefox, and besides, Microsoft should fix IE, not ship cycle/ramhungy monitoring applications for it (though that's hardly GIANT's fault).
In other words, I'm underwhelmed.
Re:False positives.. (Score:3, Insightful)
It reported RealVNC as "Commercial Remote Control Product" with a danger meter of 50%. Since I know I run RealVNC, I said "always ignore this". It won't show up in the hits again. But I would imagine there are people out there who have VNC installed on their systems by someone who spies on them (
Re:False positives.. (Score:3, Informative)
Interesting. (Score:3, Interesting)
Microsoft AntiSpyware forces you to install IE 6 (Score:4, Interesting)
Microsoft is contributing to their demise (Score:4, Interesting)
Microsoft however cant stand for some reason to be the OS that great things are built on like Linux can and is being today. They try to take their OS and adapt and squeeze out what they consider competition. Then they take the products that other companies make to run on Windows such a Ad-Aware, Norton Antivirus, Lotus Notes and a myriad of other programs out there and try to build them into Windows. Netscape employeed people who designed, maintained, and supported their browser. Microsoft rolled out IE and tied it into their OS sparking a controversy that eventually landed it in court. Yes the consumer has suffered but what about those Netscape employees? Did Microsoft give them jobs making IE better and supporting it? Hardly those guys were muscled out of the marketplace. Now I'm sure they got jobs elsewhere but what and where are they doing things.
This can go for any number of companies that are threatened becuase Microsoft refuses to make windows as good and secure as it can be they only want to add the next cool feature into their OS.
Symantec, Mcaffee, Real, and many other companies employ many good people with ideas and not just the engineers and software hackers, there are secretaries, janitors, and guards that also are employeed and probably buy Windows. Once they lose their jobs becuase Microsoft muscled their company out of business then they probably wont be buying as many computer products anymore.
Thus Microsoft sits there and kills their own bottom lines.
Of course were all eventually damned in that robots and smart computers will replace our jobs. Just look at those poor bastards that are being replaced in the Toyota autoplants here soon. This will spread to all auto makers across the world and it will not stop there. Productivity increases due to these robots will put strain initally on supply lines becusae those humans cant keep up and then one company will pick up the slack by having robots do that portion of the work and other companies will have to do so to keep up.
From there it's basically a self feeding reaction that eventually will nullify every job we have or can move to in the next 50-100 years.
Oh and governments would step up to help you?
arghhh (Score:3, Funny)
Alternative Software (Score:3, Interesting)
They're most admirable projects, however, neither are comprehensive.
Often times, you have to run both to try to remove something, and there is still spyware installed.
Neither offers a preemptive system either (filtering web, watching the registry etc)
The *most* comprehensive program I have found is webroot SpySweeper [webroot.com].
It is incredibly thorough, has staff dedicated to finding new spyware strains, the ability to report suspicious files, the works.
OOBE (Score:3, Insightful)
- Apparently they're not interested in bringing pirates into the MS fold, it only runs on "authorized" installations. Hmmm..
- It asks me if I want it to run at 2 AM, I click "no", then later it reports it's set to run at 2AM. Hmmm....
- I click on Manage 2AM runs, and I see no option to turn them off. If you deselect all runs, it complains that you havent selected any runs. Hmmm...
- Screen is a dog's breakfast:
- non standard panel borders that trail off, looking like a bad screen update.
- The app name appears several times, in different fonts and sizes. One instance is clickable, and takes you to an unexpected summary page. The next text isnt.
- There's a cacophony of active items. There's menus. There's clickable text. There's a separate area on the top right with BOTH icon-like things and clickable text.
- If you click on the things in the upper right, it immediatel;y and irrevokably cancels the current scan. Nice. Not only does it do something unexpected, it doesnt even ask if you want to do it, and you can't back out or continue. Sweet.
- Like many of these thingies, it feels it has to put up the name of every file it is scanning, and update the file totals. And run a dumb little static animation that really makes no sense, as it isnt moving files at all. This is not only useless and misleading information, it slows down the scanning process, especially with older video cards.
- It did find one registry key, but AFAICS it doesnt bother explaining what it is and what the ramifications are. And the button to remove it is inadequately labeled "Continue", which requires some extra text by it explaining what it really does.
I wouldnt call this a Beta, I've seen better preliminary prototype mock-ups.Re:But MS Anti Spyware doesn't detect itself. (Score:2)
How so?
SpyNet only submits unknown application information to determine potential threats, similar to methods used by many antivirus programs.
This anonymous information is not nearly as dangerous as software that keeps track of where you surf the net, etc.
Plus: It's optional
Re:No more spying, please! (Score:2, Informative)
One factor behind MS AntiSpyware's successful may be the use of quadratic probing [nist.gov] in a secondary clustering to traverse file patterns, which are stored in an acylic graph.
Fleischer and Trippen [cs.ust.hk] elaborate further on this technique in a Java implementation [sourceforge.net], which of course Microsoft did not employ. The rationale, however, is the same.
VERY much of an aquisition (Score:2)
Cry me a river (Score:2, Insightful)
MS releases patches to fix their product. WAAA!!! this patch broke my already broken system.
MS release tools to detect and fix malicious apps that ruin their product. WAAAA!! a lot of spam companies will go out of business
damned if you do, damned if you don't
Re:The whore on the corner is selling condoms (Score:3, Insightful)
Re:Ugh (Score:2)
However, Giant's stuff works ok, that's good. The problem mainly is, that you don't solve a problem by dropping blankets on the stuff sdo you don't see it. If you know the houses you're building keep burning down by themselves every now and then, the solution is not to give away free fire extinguishers. Jus
Re:and Linsux is really Unix, so? (Score:4, Funny)
conspiracy to degrade MS software
Good heavens
Well, the ignorance part is harder to cure, 'cause it's more up to you then doctors.