Microsoft Gets Anti-Spyware Right - Sort Of

by Preston Gralla

I've been using beta of Microsoft AntiSpyware since its release last week, and I'm impressed - very impressed, in fact. I've tried all the top spyware-killers, and at the moment I'd rate it right up there at the top. But there's a fly in the ointment, which I'll explain after I tell you about what's good with the beta.



Like the best spyware-killers, the beta offers real-time protection against spyware, home page hijackers, rabid ActiveX controls, Browser Helper Objects (BHOs) and other assorted pests. It offers much more in-depth control over spyware protection than its competitors, and gives you more system information as well. Its scanners have found everything that I've thrown at them. And it offers extras that others don't have, such as alerting you when someone hops onto your WiFi network. In short, it's a winner.



It's true that Microsoft didn't actually write it; instead, it bought Giant Company Software, tweaked that company's Giant AntiSpyware software, and released it as the Microsoft AntiSpyware beta. That's not the point, though. The point is that Microsoft was smart enough to buy the best one out there and then rush it out the door.



So what's the problem? Microsoft has things backwards. After all, the reason that Windows needs a great anti-spyware tool is that the operating system is so vulnerable to spyware. Internet Explorer's use of ActiveX controls and Browser Helper Objects means that it's easy for spyware and other pests to worm their way into your system. And because Internet Explorer is directly tied into the operating system, it means that a successful attack on IE is a successful attack on Windows. There are countless other Windows vulnerabilities that need to be plugged as well.



To give credit where it's due, Microsoft has released a great anti-spyware tool. Now, if the company would only devote itself to underlying Windows security, it wouldn't have to spend so much time and money on anti-spyware software, and we'd all be better off.


Have you tried any spyware killers, or Microsoft's new one? What do you think of how Microsoft handles security? Let me know.


7 Comments

jwenting
2005-01-10 23:12:07
false logic
If Microsoft Windows weren't the OS with the largest market share and IE the browser with the largest market share they wouldn't be targeted.


Most spyware has nothing to do with ActiveX controls on websites or BHOs, it's injected into systems when people load "freeware" from unscrupulous corporations like RealNetworks or install pirated software.
The worst spyware many people have (and often without knowing it) is Kazaa, one of the applications Microsoft would probably like most would not exist as it's used to pirate quite a lot of Microsoft products.


Were everyone to use MacOS or Linux those would be targeted by such applications instead.
Were more people to use Firefox (or whatever browser) spyware authors would find ways to infest systems from those as well (maybe through tricks played with Flash applets or by exploiting the myriad flaws (which typically go unfixed for far longer than it takes Microsoft to fix problems found in its products thus increasing the window of opportunity) in that.

DavidCorpstein
2005-01-11 08:04:00
Common Fallacy
jwenting is repeating the common fallacy that "If product X were as prevelant as product Y, its security flaws would be targeted more and an equal number and severity of exploits would be developed." This statement only holds true if and only if X and Y share equivalent numbers and severities of security flaws. It seems clear that this is NOT the case when comparing flaw-riddled products such as IE to a high quality browser such as Firefox.


Although I can not evaluate jwenting's statement that most spyware is propagated through pirated software or the unclearly defined freeware category, I firmly disagree that Microsoft competes well with other, better software developers when it comes to timely release of security updates. I learned this lesson the hard way by once running mission-critical applications on a Microsoft product with a built-in back door that went unpublished month after month, exposing my employer to catastrophic legal and financial risk.

tlaurenzo1
2005-01-11 09:20:33
Common Fallacy
By my observation jwenting repeats a lot of common fallacies where Microsoft is concerned.
jaw
2005-01-13 03:21:30
So boring...
It is so boring to read the same posts over and over again... Windows is bad OS, IE is bad browser, Microsoft programmers are bad developers, Bill Gates is bad man ("bad" could be changed to "evil"/"insecure"/"obsolete"...)


Maybe I'm really "bad" man, but all I wish is more people to start using tools that I use today: OpenOffice and Mozilla inside Linux (fedora core 2).


I really wish I never saw MS Office, IE and Windows -- my pain today would be less...

aristotle
2005-01-15 22:57:21
Common Fallacy
Not only is the statement fallacious, it's only half the truth. Even if Firefox were just as insecure as IE, there's an issue at play he fails to even mention: reaction time. The Firefox team has acknowledged, patched and reproduced security holes, tested the patch, and put patches and patched installation packaged only within 24 hours several times. I'll eat a broom if MSFT ever manage this feat. And the average reaction time for Firefox holes is a couple of days.


I promise that noone who matters would even care about how buggy MSFT software is if their reaction times were at all acceptable.


Sometimes critical take-over-the-computer exploits go unfixed for half a year. That's plain ludicruous.

jonathancrabtree
2005-01-24 08:11:48
Common Fallacy
Well I can firly disagree with where most spyware is propgated. Or at least how it gets onto peoples systems. The big problem of spyware can be significantly reduced by removing the Microsoft JVM, which MS no longer support, and if you search on thier website, they do actually recommend the Sun JVM.
But do they inform the millions of users about it? Does windows update remove the MS JVM?
Does Microsft address the big security issues?
No, No & No.
1987
2005-04-08 06:35:42
Microsoft bad or good?
Microsoft does have a lot of problems with its os but that does not mean that the company itself is bad. They have come out with a quick fix for this problem but they do seem to be trying to find a more permenate fix to the ever growing problem that ie has. Given a lot of money and a little more time they should have the problem fixed.
Microsoft has been around for a while and new companies will make them look obselete. Microsoft is stable enough that it always outlasts these companies. If they tried to integrate these companies in to theirs and tried to let other software providers programs work with windows this fix may come alot quicker.