Microsoft Antispyware Beta 1

[deuces wild]

Although not my review, PC World magazine wrote a nice review of the Microsoft Windows Antispyware beta progam relesed earlier this year. The program is essentially the old Sunbelt Software CounterSpy, rated tops by PC World magazine in tests against the likes of Webroot Spy Sweeper, Lavasoft Adaware, Spybot Search and Destroy, InterMute SpySubtract, Spyware Eliminator, PestPatrol, among others.

Microsoft purchased Sunbelt/Giant Software CounterSpy in December, 2004 and updated the signature files, making the program even more effective.

Here are some key notes of the review:

PC World tested seven products in the $20 to $40 range from big and small vendors: Allume Systems' (formerly Aladdin Systems') Internet Cleanup, Aluria Software's Spyware Eliminator, Computer Associates' ETrust PestPatrol Anti-Spyware, InterMute's SpySubtract Pro, McAfee's AntiSpyware, Sunbelt Software's CounterSpy, and Webroot Software's Spy Sweeper. In addition, we tested two popular free programs--Lavasoft's Ad-Aware SE Personal and Safer Networking's Spybot Search & Destroy--and a third free program that operates very differently but no less effectively, Merijn.org's HijackThis. (You can get all three free products here.) We did not include HijackThis in our charts because, unlike the others, it does not scan for infections. We also tested one product in beta, Microsoft's new Windows AntiSpyware, which was until late last year Giant Software's AntiSpyware. (See "Future Windows AntiSpyware Looks Like a Winner.")

We pitted the anti-spyware utilities against 45 adware and spyware programs we've frequently run into in our work. These 45 applications created 81 separate files and processes--which proved a challenge for our apps to remove completely. Spyware infections can begin with a single installation of advertising-supported software. Often, the adware alerts the user to its intentions and the user willingly makes the trade-off in exchange for access to the free program (or blithely clicks the agreement without reading it). But although many adware programs seek your approval prior to installation, not all are so obliging. And even the free application that promises only limited advertising can morph into a system full of spyware by downloading and installing third-party applications.

Cleanup

We first tested how effectively a program could remove the spyware's active components; we then looked at each app's real-time protection, for preventing the installations in the first place.

Sunbelt Software's CounterSpy proved the most capable of the bunch, finding and stopping 93 percent of all the running processes created by our 45 test programs. CounterSpy was the only product in our tests that was able to shut down and remove the tenacious WinTools from our system. Webroot Software's Spy Sweeper came in a close second, clearing 89 percent of the active processes (but leaving behind elements associated with both WinTools and Slotchbar). The least effective were McAfee's AntiSpyware and Allume Systems' Internet Cleanup, at a removal rate of 33 percent and 11 percent, respectively.

When we tested the anti-spyware programs' detection of potentially unwanted BHOs, both CounterSpy and Spy Sweeper caught 100 percent. Ad-Aware, eTrust PestPatrol Anti-Spyware, Spybot, and SpySubtract all managed 62 percent, compared with McAfee AntiSpyware and Spyware Eliminator, at 31 percent. Internet Cleanup detected none of the BHOs and toolbars.

Windows Registry run keys and system startup folders are also favorite launching pads for adware and spyware. Items added to these critical areas will launch each time Windows starts. Unfortunately, the anti-spyware scanners produced less-than-stellar results in this category. CounterSpy detected the most at 86 percent, followed by Spy Sweeper at 82 percent and Ad-Aware at 77 percent. Internet Cleanup found only 5 percent.

Our tests challenged the anti-spyware utilities with 45 adware and spyware programs that created a total of 81 infections in different forms. Sunbelt's CounterSpy and Webroot's Spy Sweeper fixed 85 percent and 81 percent, respectively, giving them a comfortable lead over the rest of the field. Allume's Internet Cleanup, on the other hand, detected only 5 percent of infections.

We saw a significant difference among scan speeds. The most effective scanner--CounterSpy--was also the fastest, taking only a minute to perform a complete scan of a system with 2.7GB of data. Also fast were Spybot and Spy Sweeper, which scanned our test system in just over 2 minutes. Conversely, Spyware Eliminator was inconsistent and slowest at scanning, taking anywhere from 10 minutes to an hour (we performed multiple scans). The remainder of the scanners took between 4 and 5 minutes.

Real-Time Monitoring

The ability to remove spyware threats after a machine is infected is vital, but preventing an infection in the first place is even more desirable. One of the most effective tools in this respect was Spybot. Using the included add-on Resident TeaTimer, the utility warned us when any program attempted to make changes to critical areas of the system Registry. Even the spyware processes that were able to load themselves into memory were prevented from changing the Registry and thus were quickly squashed with a simple reboot of the system.

Spybot also includes a feature to protect the Hosts file from modification. The Hosts file provides a sort of road map for the browser; each entry consists of a Web site address and the corresponding IP address to which it is to be redirected. Malicious software creators frequently exploit the file to prevent users from visiting security-oriented pages such as those on antivirus companies' sites.

CounterSpy and Spy Sweeper also blocked attempts to modify the Hosts file, stopped edits to the system Registry, prevented our browser home page and search pages from being changed, and detected suspicious processes in memory.

Ad-Aware SE Personal does not include real-time protection, although you can set it to block edits to the Hosts file. The paid versions of Ad-Aware--SE Plus and SE Professional ($27 and $40, respectively)--include Ad-Watch, which has features similar to CounterSpy's and Spy Sweeper's. ETrust PestPatrol Anti-Spyware was able to detect suspicious processes in memory, but it failed to alert us when changes were made to critical system settings. SpySubtract Pro warned us when changes were made to our browser home and search pages, and it detected suspicious processes in memory. McAfee AntiSpyware includes real-time protection, but its low recognition rates diminished its effectiveness.

Ease of Use

CounterSpy's interface is attractive and simple to use. The Scan Now button appears prominently on the welcome screen, menus are easy to traverse, and shutting down the program does not result in a loss of real-time protection. Ad-Aware's interface is equally attractive, but the program's menus are hidden behind unlabeled icons and require a bit of guesswork to find. Spybot requires the user to first switch to Advanced mode and then sort through various categories to find the most useful settings and tools options. Both Ad-Aware and CounterSpy provided reports that were easy to understand, but Ad-Aware listed a few cookies as "critical" objects--giving the impression that some benign cookies are a high-risk threat.

Our Picks

You can get an anti-spyware utility for free, but this is one area where going cheap isn't worth the savings. The no-cost Spybot Search & Destroy offers an overall detection rate of 54 percent and provides effective real-time scanning. Keeping on the free path, you could combine Spybot with Ad-Aware SE Personal, whose detection rate for active infections was slightly higher than Spybot's in most categories. However, even when combining Ad-Aware, Spybot, and the free HijackThis, we were unable to remove 100 percent of the infections on our test system.

Sunbelt Software's CounterSpy, our new Best Buy, proved the most capable of the products we tested, with the highest detection rates, cleanest interface, and fastest scan speeds. And its $20 price for a year of updates and tech support is a bargain. You also won't be disappointed by Webroot's Spy Sweeper, which was almost as effective as CounterSpy, scans quickly, and is easy to use. Combining either product with HijackThis--and reasonable caution when installing dubious goodies--you should be able to keep your system pretty well spyware-free.

Beta Update: Future Windows AntiSpyware Looks Like a Winner

Click here to view full-size image. As we were completing testing for this story, Microsoft released a beta version of its new Windows AntiSpyware, the product formerly owned by Giant Software, which Microsoft acquired in December 2004. The beta turned in excellent results in our tests. Because its signature files were more up-to-date than those in the rest of the products, we didn't compare it directly with the others in this roundup; nonetheless, AntiSpyware looks like it will be a top-notch product when it's ready for shipping.

It was able to detect 91 percent of the adware/spyware in our test suite, including 96 percent of processes running in memory, 67 percent of home- or search-page modifications, 100 percent of BHOs and toolbars, 95 percent of Registry additions, and 100 percent of other items such as menus an buttons added to programs. The utility scanned our 2.7GB of data in less than 3 minutes. AntiSpyware's real-time monitoring stops infections by preventing changes to the browser home and search pages, identifying unknown processes in memory, blocking unauthorized edits to the Hosts file, and preventing changes to Registry run keys.

Thanks to PC World . The full article can be found at http://www.pcworld.com/reviews/article/0,aid,119572,00.asp