Saturday, February 04, 2006

MS AntiSpyware

For the past several months I have been testing Microsoft’s beta release of its AntiSpyware tool. The approximately six megabyte download from the company’s web site was straightforward enough. Once installed, the spyware definitions file was updated to release 5691, time stamped a few hours prior to the install time.

The package gives users the opportunity to stay protected automatically, by downloading and applying spyware signature updates without user intervention, and it also notifies the user when updates, patches or new versions of the package are available.

In a test scan on the machine where these columns are written, the AntiSpyware package detected four threats, rated from moderate to severe. None of these were detected by SpyBot or Webroot Spy Sweeper scans. SpyBot is a widely used, well-regarded freeware anti-spyware utility program. Webroot markets a commercially available anti-spyware package that is carried locally by some electronics retailers.

Both SpyBot and Webroot have been reviewed in this space previously.

AntiSpyware rated as a significant threat a media player download from Rosoft Engineering, a product that apparently uses some targeted advertising.

A typical “hit” from AntiSpyware is shown below:

NCase
Type: Browser Modifier
Threat Level: Severe

Description: NCase is adware that looks for known URLs and keywords in URLs, and displays pop-up advertisements targeted at related Web sites. nCase also periodically opens non-targeted pop-up advertisements while you are using Internet Explorer.

Advice: Severe-risk items have an extreme potential for adverse effect, such as a security exploit, and should be removed.

About Browser Modifier: Software that changes browser settings, such as the homepage, without adequate consent.

While taking action on the identified threats, AntiSpyware turns off any active browser sessions.

I’m not sure I completely believed the MS AntiSpyware findings for my test machine, or at least the level of supposed threat posed by the products in question. And this on a machine that is regularly scanned by Ad-aware and SpyBot. Then again, it has become apparent in recent years that there is no one product that “does it all.”

For now the program is free and Microsoft hasn’t made it clear how that might change down the road. Bill Gates suggested that personal use of the software will remain free. Speaking at a major security conference he noted that "Just as spyware is something that we have to nip down today, we have decided that all licensed Windows users should have that protection at no charge."

For a beta release the download certainly has the look of a product with significant work behind it. Hardly a surprise when you realize that Microsoft “bought the company” on this one, a technique that Gates et al have used on numerous prior occasions. Giant Company Software (www.giantcompany.com), the acquired entity in this case, was already marketing its product at the time of purchase.

Early in the beta test Microsoft was forced to apologize to a Dutch company when scans identified its home page as potentially dangerous content. Compounding the subsequent animosity between the two companies was that the Dutch site was a major competitor for Microsoft’s own Dutch presence, MSN.nl.

As this is written, in early June, the spyware definitions file number is 5723, suggesting that updates are occurring at least a few times a week. My beta release also indicates that it will expire July 31 and that I should “contact Microsoft for an updated version.” The “Check for Updates” option in my release doesn’t seem to do the trick.

At this point it seems likely that Microsoft will release a second beta version of the product, at least for the home market, and possibly release a so-called enterprise or commercial version shortly thereafter.

For general information on computer security, admittedly from the Microsoft perspective, or to download the MS Antispyware package visit www.microsoft.com/athome/security.

You might also want to sign up for the monthly security newsletter at www.microsoft.com/athome/security/secnews.

To use MS Antispyware, the minimum requirements are a 300 MHz or faster processor, Internet Explorer 6.0 and either the Windows 2000 or XP operating system.

Watch For It Product of the Week
Microsoft has announced that within a matter of weeks it will be releasing its free RAW Image Thumbnailer and Viewer for Windows XP, allowing consumers to view thumbnails and preview and print Canon and Nikon raw image files from Windows Explorer in Windows XP.

Photography aficionados liken raw files to a negative, containing information that can subsequently be teased out at printing time. Traditional file formats such as jpeg are a product of significant processing, which by design removes some of the underlying data.

Peter Vogel is a Physics and Computer Sciences teacher at Notre Dame Regional Secondary School (www.ndrs.org). Suggestions and comments may be sent via email to peterv@portal.ca.








0 Comments:

Post a Comment

<< Home