Microsoft AntiSpyware - First Impressions

["James Patterson Wicks" <pwicks () oxygen com>]

We knew that Microsoft was going to put out an anti-spyware product
after they bought Giant in December, but I did not figure they could
re-brand Giant's software in under a month.  Their first shot at
anti-spyware came out today - Microsoft AntiSpyware (Beta).  I installed
it on a test machine that I have in the office.  Just to be safe, I ran
a full Spybot S&D scan and then uninstalled the resident TEA program
since Microsoft AntiSpyware will install an agent if you so wish.  The
only part of the installation that was strange was the "recommended"
option of joining the "Spynet AntiSpyware Community" their 'Spyware
Neighborhood Watch' that connects you to other computers running the
Microsoft AntiSpyware software.  Don't know how many people will choose
that option, but to me it does not make sense to connect to a
peer-to-peer network of infected computers, encrypted traffic or not.

 

I ran a full system scan and to my surprise, the software found some old
Timbuktu and Dameware DLL's that I thought were uninstalled a year ago.
Were the files harmful?  The tool stated that the Dameware files were
low risk, but the Timbuktu files were high risk.  The tool also found
"iLookup.GlobalWebSearch Browser Hijacker", "StartNow Hyperbar Toolbar"
and a bunch of "MiniBug" instances.  I was somewhat surprised since my
machine was "clean" already.  I then set up two lab desktops and applied
the same clean image on both of them (no anti-virus or firewall
installed).  I then used IE to surf to the first ten sites Google
brought up when searching for "online gambling" sites.  I then ran full
system scans using Microsoft AntiSpyware on one desktop and Spybot S&D
on the other machine.  Spybot found 65 objects, the Microsoft tool found
92 objects.  The results were similar except that the Microsoft tool
found a few more cookies, a bunch of minibugs and something called
"SearchSquire."  

 

While this was just a quick test to satisfy my curiosity about the
Microsoft tool, my initial feeling is that the Microsoft AntiSpyware is
worth a test deployment in the office.  This beta expires in July.
Hopefully the final version will be free and allow for centralized
domain management.  It's the least that Microsoft can do.

 

 

 

Pat Wicks

Systems and Network Engineer


This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is 
addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. 
Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient 
is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to 
postmaster () oxygen com and destroy all electronic and paper copies of this e-mail.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html