oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

A First Look at Microsoft's AntiSpyware

by Wei-Meng Lee

Microsoft recently released the beta preview of Microsoft AntiSpyware, based on software from Giant Software Company, which Microsoft acquired on December 17. The fact that Microsoft rushed out the beta version of the new security tool only three weeks after the acquisition shows that Microsoft recognizes it has to take the spyware plague seriously.

My initial testing shows that Microsoft AntiSpyware is a very useful tool that can go a long way toward keeping spyware off your system. It stands up well against competing antispyware products, including the free Ad-aware and Spybot Search & Destroy, and in fact offers far more features than the free versions of those programs, such as real-time antispyware protection.

To get a copy, go to the Microsoft Windows AntiSpyware beta site. For general background about spyware, check out this Microsoft tutorial.

In the rest of this article, I'll highlight the features of Microsoft AntiSpyware and offer advice on how to use it.

Automatic Updates

Once Microsoft AntiSpyware is installed, you have the option of using automatic updates to download the latest spyware definitions and updates from Microsoft AntiSpyware servers (see Figure 1). You can check for the updates as often as every time your system starts up, or check at a regular time period (daily, every other day, or weekly).

Figure 1
Figure 1. Configuring Microsoft AntiSpyware for automatic updates

Using automatic updates assures you of protection against the latest spyware threats, and it takes away the burden of checking and downloading for the latest spyware definitions yourself.

Real-Time Protection

Microsoft AntiSpyware has built-in security agents that offer real-time protection against spyware and block unauthorized scripts from executing (see Figure 2).

Figure 2
Figure 2. Enabling real-time protection

It comes with three built-in agents (see Figure 3):

  • Internet Agents monitor applications that make unauthorized connections to the Internet or change your computer's Internet settings such as dial-up or wireless connectivity.
  • System Agents monitor a number of checkpoints for potential threats making unauthorized or hazardous changes to your computer, such as altering your security permissions or system settings.
  • Applications Agents monitor a number of checkpoints for potential threats making changes to your installed applications, such as modifying Internet Explorer or downloading ActiveX applications from the Internet.

Figure 3
Figure 3. The three security agents

Each agent consists of a number of checkpoints. For example, the Internet Agent consists of nine checkpoints (see Figure 4), including your dial-up connection and Wi-Fi connection. In all, the three agents have 59 checkpoints.

Figure 4
Figure 4. The Internet Agent and its checkpoints

A particularly useful agent is the one that prevents home page hijacking, which some of the nastier pieces of spyware perform. When a program, or you yourself, change the Internet Explorer start page, Microsoft AntiSpyware will prompt you with an alert (see Figure 5). You can then decide whether to allow the start page to be changed or keep it as is.

Note that the Microsoft AntiSpyware protects only IE and not other browsers you may use. (The same goes for other antispyware software such as Webroot Spy Sweeper.)

Figure 5
Figure 5. Raising an alert when you try to change your start page in IE


You can scan your computer for lurking spyware in two ways:

  • Intelligent quick scan runs a complete scan on your computer in a few minutes and can generally detect more than 99 percent of known spyware threats.
  • Full system scan allows you to perform a more in-depth customized scan (see Figure 6).

Figure 6
Figure 6. Scanning your computer for spyware

At the end of the scanning, you get a report showing you what the program found (see Figure 7).

Figure 7
Figure 7. Viewing the report after the scan

You can then take specific actions against the identified threats, including removing the threat, quarantining it, or ignoring it. (see Figure 8).

Figure 8
Figure 8. Deciding what to do about the threats

Advanced Tools

Microsoft AntiSpyware comes with advanced tools to make your computer safer (see Figure 9). They are:

  • System Explorers
  • Browser Hijack Restore
  • Tracks Eraser

Figure 9
Figure 9. Advanced tools

System Explorers

System Explorers probe your system and uncover hidden applications and application settings that might be a sign of a spyware infection. With them, you'll be able to see whether you've been infected by dangerous Browser Helper Objects, for example. It also lets you see a list of ActiveX components downloaded on your system as well as find out what programs are set to run automatically when Windows starts (see Figure 10). Again, this will help you weed out spyware.

Figure 10
Figure 10. Viewing the list of applications to run when Windows starts up

In Figure 10, you can view a list of applications that launch automatically when Windows boots up. To help kill spyware, you can temporarily disable an application from the startup group or permanently remove it from the group.

Browser Hijack Restore

Another telltale sign of your computer being infected with spyware is the change of the start page of your web browser without your knowledge--no matter what you do, the browser always reverts to the new start page. Microsoft AntiSpyware includes the Browser Hijack Restore tool to restore the original settings of Internet Explorer (see Figure 11).

Figure 11
Figure 11. Restoring the original IE settings

Tracks Eraser

Another useful tool that comes with Microsoft AntiSpyware is the Tracks Eraser, to help prevent web sites and others from gathering information about you. Using the Tracks Eraser, you can perform tasks such as removing IE's URL history, deleting cookies, clearing the list of recently played files in Windows Media Player, and so on (see Figure 12).

Figure 12
Figure 12. Using the Tracks Eraser to delete your online activities trace

Wei-Meng Lee (Microsoft MVP) is a technologist and founder of Developer Learning Solutions, a technology company specializing in hands-on training on the latest Microsoft technologies.

Return to the Windows DevCenter.