At last: an anti-spyware tool from Microsoft

Microsoft finally unvieled their AntiSpyware tool, its downloadable in beta-form. Having just spent several hours clensing the latest in a long line of spyware ridden PCs I thought I'd give it a try. So far its "two-thumbs up" from me. The download and install went without hitch, the instructions were simple and I selected a complete scan as opposed to a smart scan. Surprisingly the complete scan only looked at my C: drive and ignored my E: drive, but there are options to select other drives is available. You can also schedule scans to occur automatically and a daily 2am scan is by default scheduled after installation. A daily 11pm update of spyware definitions is also scheduled by default.

The complete system scan of the 35,000 files on my almost full 80Gb C: drive plus the registry took just under 15 minutes. Afterwards it reports 6 "threats" of which two were in an archive of files from an old laptop, three were left over files and registry settings from an old install of Kazaa (which may or may not include spyware), and one way a legitimate FTP server (Serv-U) that is sometimes installed by spyware as a backdoor to your system. Along with each threat was a list of all the files and settings that comprise that threat plus a description of what it was and how it might compromise the system.

I was offered options to remove, quarantine or ignore the threats, with a default selected on the severity of the threat. There was also an option to set a system restore point which was by default off (I think it should be on by default). I decided to remove all the threats except my FTP server which I told it to ignore so that further scans would not report it as a threat. The removal went fine except that my request to set a restore point first failed for unknown reasons. The things I chose to remove were not active spyware, just unused files and registry settings so it wasn't a great test of the removal functions.

My experience is that few if an anti-spyware tools can really do removal well - you at least have to boot into safe mode first, an unpleasent experience for most consumer users, and you may also have to kill other processes manually like Windows Explorer - something average consumers and even some more experienced users are not going to be able to achieve. Some threats also require manual hacking of the registry and other settings which is beyond the vast majority of PC users to achieve without a high risk of SNAFU.

The AntiSpyware tool also offers to report your infections to something called the SpyNet anti-spyware community, presumably for statistical tracking of threats. SpyNet was operated by the Giant company that Microsoft acquired it antispyware technology from so when you report to SpyNet you're actually reporting to Microsoft. I have not attempted to analyse what information is sent back but I'm reasonably confident its benign data.

Beyond spyware scanning the tool offers realtime protection by various "agents" it installs. These monitor registry settings to detect rogue processes that are attempting to install themselves into your system, or mess with your Internet Explorer setup. This sort of functionality has been available before in the Webroot SpySweeper tool, and in various standalone products. In general I'm highly in favour of this approach to stopping spyware because by the time spyware is actually installed its often too late to do an easy cleanup following a subsequent scan. Besides, blocking spyware before its installation is the only way to ensure that your privacy and systems security is preserved. I've yet to see what the various agents do when a threat is detected trying to install itself - if its as user friendly as the rest of the program then I'll be happy.

Some advanced tools and options do exist such as blocking any Visual basic and registry modification scripts from running, and selectively disabling all the various startup applications. The latter has always been available on Windows XP via the 'msconfig' application, but not in a very user friendly way. Having this integrated into the tool itself is a good idea and will aid those trying to assist spyware infected clients. There is also a page that lists all the Internet Explorer settings that are commonly used in browser "hijacks" and lets you selectively restore them to their defaults. Finally there is a privacy tool called "Track Eraser" that can be used to erase cookies, browser password and form settings, and other application stored histories. The list of applications it knows about seems to be a fixed one, but it does include several non-Microsoft applications such as Acrobat Reader, ICQ and Kazaa.

Overall I have to say two-thumbs up. When I have some experience of this tool with a real spyware infection I'll give a further report. My biggest concern so far is the rumours that Microsoft will actually charge to use this tool. I'm very surprised that they do not bite the bullet and admit that providing this service to Windows users free of charge should be a cost of doing business. I suspect that part of the reason for charging would be to avoid anti-trust issues as providing a really effective and free tool to block spyware (and eventually viruses from what I've heard) would put many anti-spyware companies out of business.

From my perspective I say "be gone parasites!". If they can do a better job then Microsofts free tool then they'll survive, if not then the have no legitimate reason to exist since they were just exploiting deficiencies in the core Windows OS that never should have existed. They never should have expected their business model to remain valid forever - just as all those people who were selling firewalls. Unlike browsers and media players anti-spyware, anti-virus and firewalls are things that not only should be provided with your OS, I would say they must be otherwise Microsoft is making its self liable to a huge class action suit by every Windows user. It also good for Microsoft to provide the tool for free because they must have a huge load on their customer support caused by spyware and viruses, ditto for every Windows reseller like Dell, Gateway, HP etc. etc. The simple act of including an effective and easy to use deterrent and save them and everyone huge amounts of money and resources and make desktop OSes much more economically viable and efficient proposition.