True to their word, Microsoft has released the beta of their Anti-Spyware software to the Net for those folks who want to try it out.
I’ve already downloaded and installed a copy and I let it loose to see what it would come up with. I’m pretty good at keeping my system clean and I ran both Ad-AwareSE and Spybot Search & Destroy not too long ago so I was surprised when it came back with a couple of hits, both of which turned out to be false positives.
Microsoft’s new tool seems to think I have eDonkey2000 and Grokster installed except that I don’t. Both of these are P2P file sharing applications which use third-party advertising systems to display ads in the program unless you pay to register the product. These third-party systems aren’t necessarily adware themselves, but they could be used to install adware so a lot of folks do consider them to be suspect. So why is it reporting I have applications installed that aren’t there? Because I have a different P2P client installed: Shareaza. Shareaza is open source, doesn’t use third-party ad systems or spyware, and it supports several different protocols including Bittorrent. It does add a number of registry keys that tell your system to open it should you click on a link designed to launch eDonkey or Grokster and based solely on those registry keys the tool has decided I have these applications installed and is offering to remove them. Oops.
OK, better to be safe then sorry I suppose and there is the option to tell the tool to ignore anything you know isn’t spyware so it’s not a big problem.The tool can perform automatic full-system scans similarly to your favorite anti-virus program and will provide real-time protection against spyware. In addition to that the software comes with a number of other tools to help you in your fight against the bad guys. First is a utility that will restore your Internet Explorer settings should some application hijack them. Then there’s a collection of System Explorers that allow you to look at and disable or remove all manner of things such as Downloaded ActiveX plugins (it puts little icons next to each indicating whether they’re safe, unknown, or hostile), Running Processes (complete with descriptions of what each known process is), Startup Programs (ditto), IE Browser Helper Objects installed, IE Settings and Toolbars, Window’s Host File and Layered Service Providers, and Window’s Shell Execute Hooks. Amusingly this last one even reports the beta tool’s own shell hook as being “unknown.” The amount of info provided in the System Explorer utilities is impressive and should make it easy to identify suspicious objects from safe ones even for non-expert PC users. Just about everything you look at can be sent off to the folks at SpyNet for further analysis.
Lastly there’s a Tracks Eraser tool for the paranoid among you who don’t want to leave any traces of what pr0n sites you’ve been viewing on your system. This thing is extensive with a total of 32 different history lists and caches that it’ll clear out which includes not just the expected Windows items like IE’s cookies, history, intelligent forms, and temporary files, but more obscure things like the RegEdit Search History or Microsoft Direct Draw history as well as third-party applications like Adobe Acrobat Reader 6.0’s history and ICQ’s Chat History files. I didn’t even know there was a history list of applications that make use of Microsoft’s Direct Draw.
So far you can color me impressed, but then that’s only to be expected as this was a fully developed application being sold on the market prior to Microsoft gobbling up the company that produced it. It’ll take some playing with before I’ll have a good idea of how well it compares to applications I use regularly, but at least it appears to be a step in the right direction.
Kudos to Sophos at ITtoolbox Blogs for the reminder this had been released.