Microsoft AntiSpyware Beta vs. Spybot Search & Destroy 1.3

With Microsoft's release of a beta version of their future anti-spyware app came some curiosity as to how it performed compared to other available software. So when I saw it was offered for download I decided to give it a try. I have only once had a real pressing need to run other anti-spyware apps like Spybot S&D 1.3 and AdAware. That was after installing (but not using) Morpheus. I wanted to try out the Xandros Linux distro and decided to try that route to obtain it. In that situation I ended up with a lot of unwanted little programs and favorites in my browser etc. A combination of Spybot, AdAware and an online scan at Trend Micro got rid of the junk.

But back to the new MS program... The download is about 6.2MB (Spybot is approx. 4.5MB) which isn't really of any consequence unless your a dial-up user. Installation went fine. You should be aware that this beta version will expire 7/31/05 as stated in the license agreement.

The installer asks a few questions to configure the app like "do you want to enable auto updates?" > "enable real-time protection?" > "would you like to become part of SpyNet?" > and finally "are you ready to run a scan?". You should notice at the last option that it is set by default to scan every night at 2AM. You can change this by deselecting the check box. I opted "no" to the first three questions simply because I want it to do things when I tell it to. The SpyNet feature is interesting. It explains that it is a "spyware grapevine" of computers (using MS AntiSpyware). When one system encounters a threat all the systems are updated to protect you from that threat. I suppose only time and use can tell the effectiveness of that feature. I don't know how expansive the network is at the moment.

I first ran a Spybot scan and found 56 entries (12 different threats). Some were tracking cookies and some registry problems. I left them as they were and ran a scan with MS AntiSpyware. It found 12 threats in about 3.5 minutes (Spybot took about 2 minutes for the same 22,000 files). The neat thing about MS-AS is that it gives a little description of each discovered threat and a severity rating. It listed 5 as Severe, 5 as High, 1 as Elevated and the last as Moderate. The Severe ones were Trojan type malware like KCGame RAT and VX2.Transponder. You can choose whether to quaratine, remove or ignore any of the threats. The program provides recommendations.

My biggest disappointment comes next. After removing the offensive stuff it wanted me to reboot the system. I chose "no" for the moment but then rebooted anyway. I then ran Spybot again and found 16 entries (as opposed to 56 before removal with MS-AS). So it appears that although MS-AS found some high risk things Spybot missed (like KCGame RAT) it still left some stuff behind. My solution is to use both.

Where Microsoft AntiSpyware really shows some nice features is in areas like the scan reports and advanced tools which seem to be a bit more self explanatory than the Spybot advanced options. MS-AS has such "advanced features" as System Explorer, Browser Hijack Restore and Tracks Eraser. The Tracks Eraser lists various program such as Acrobat Reader, Windows Media Player, Real Player etc. whose usage history you can clear using MS-AS. I won't go into the advanced features of either program any farther at the moment. I haven't done much more with those aspects than browse through them so far.

MS-AS is a nicer program than I had initially expected. I hope they keep the final product light weight and stand alone. I don't really think I want to see it highly integrated into other MS apps. Once again my recommendation is to use both programs. One doesn't catch everything. If you'd like to download either just click one of the links in this post. And hey, protect your system by keeping a sharp eye out. These are just for things that slip by you!

Spybot S&D

Microsoft AntiSpyware Beta1