This article is taken from
http://www.winsupersite.com/reviews/ms_antispyware_preview.asp. Microsoft Anti-Spyware Preview On December 17, 2004, Microsoft announced the acquisition of an anti-spyware company, surprising many in the industry. The acquisition is notable for two reasons. First, Microsoft had already revealed its intention to get into the anti-spyware market. Second, the company it purchased, Giant Software Company, was largely an unknown in the industry. But in a rare moment of luck, I'd actually been a fan, customer, and advocate of Giant AntiSpyware, as their anti-spyware solution is logically named, for several months. In fact, I've found it to be far more effective than the industry darlings, Ad-aware and Spybot Search & Destroy. And I've been recommending it to friends and family ever since. But wait, the luck doesn't end there. While my experience using Giant Antispyware gives me a unique perspective of this product, I was also lucky enough to interview Giant co-founder Andrew Newman just days before his company was purchased by Microsoft. Newman discussed with me Giant's plans for future versions of the product, including a centrally-managed enterprise version that, I suspect, played a large part in Microsoft's interest. Newman explained to me why Giant's approach to tackling spyware is superior to that of the competition, and provided some valuable insight into how spyware can be confronted and defeated. First, a bit about Giant Giant Software Company was founded by Ron Franczyk and Andrew Newman in Chicago in November 2000. The pair were both working in corporations and were frustrated by spam and the horrible anti-spam solutions that were available at the time. Rallying around the message "Online Peace of Mind," the two started Giant Software Company with the goal of creating a better anti-spam mousetrap. The resulting product, Giant Spam Inspector, now protects over 2 million email inboxes from spam. Despite their name, Giant Software Company was never a giant company. It grew from the two cofounders to 11 employees who are today based in Chicago, Atlanta, and New York, and it also sells a pop-up ad blocker and the anti-spyware solution that we're now most interested in. But Giant has been profitable and self-sustaining since its inception, Newman told me, and its products are currently used by almost 1 million customers. That success, he said, has been driven by Giant's community-based approach. "We decided to leverage the power of community and create an anti-spam community," he said. "Many products are like that now, including Cloudmark and others. But there wasn't anything like that four years ago. We allow the Internet community to help us solve a huge problem, and we build into that system an intelligent approach to anti-spam that combines [traditional anti-spam] rules with heuristics." About a year ago, Giant began looking into anti-spyware for both consumers and enterprises. Here, the company knew it could use some of its existing anti-spam technology. But it also solidified its community-based approach into a community Web site called Spynet, which helps ensure that Giant customers know about spyware threats before anyone else. Spynet was an immediate success, with over 200,000 contributors in its first month alone. Why Giant AntiSpyware is better Because many of the companies that are getting into the anti-spyware market come from an anti-spam background, they tend to bring with them the habits and methods that worked there. That makes some sense, Newman told me, because spyware is essentially an extension of spam, or the technological successor to spam. However, Newman told me that battling spam and spyware are not identical. That's because spyware is typically more pathological and invasive than is spam. "Windows was developed as a platform, and is extremely extensible, so we can integrate into the system," Newman said. "The problem is, anyone can do that, including malware writers." To effectively fight spyware, he said, you need software that can do more than just look at a file, poll a list of known bad files, and identify it as good or malicious. Spyware often imitates legitimate files, or finds ways of hiding itself on your system. For this reason, Giant AntiSpyware uses logic that is based partially on feedback from Spynet to examine the "genetic fingerprints" of files and determine whether those files are valid. "We can detect variations of files," Newman said. "The way anti-virus works is it looks at strings and patterns in file. This looks at the file as a whole. They're completely different approaches." Indeed, the signature-based methods used to combat spam are ineffective against spyware, because the methods spyware use to attack your system change so often. Newman said Giant AntiSpyware provides a three-pronged attack on spyware. First, the product can perform spyware scanning and cleaning, as you'd expect. Second, the aforementioned Spynet provides Giant with valuable community contributions. And third, Giant AntiSpyware runs constantly in your system, providing real-time protection from spyware, preventing it from getting a foothold in your system. It's better to prevent an attack from happening than to try and remove malware after it's already infested your system. "Real-time protection is the key," Newman told me. "Spyware has to integrate into your computer somehow, using a Browser Helper Object or whatever. The real-time protection monitors virtually every single auto start point on your system, detecting changes and notifying you, via a pop-up window, when anything changes." If you're installing an application, for example, you will know to dismiss the pop-up, because you've instituted the changes it's detecting. But if you're browsing the Web (with IE, no doubt), and you receive such a notification, it's time to start paying attention. In my own admittedly unscientific testing, Giant AntiSpyware has proven notably superior to perennial favorites like Ad-aware and Spybot Search & Destroy. Indeed, I find it interesting that so many reviewers recommend that users install both Ad-aware and Spybot in order to fully protect themselves from spyware. That's because neither seems to be able to remove all of the spyware on any PC I've tested. I've had much better success with Giant AntiSpyware. And I'm not alone: In a Spywarewarrior.com product tests, Giant AntiSpyware came out on top, detecting 111 of 138 possible spyware installs, compared to just 79 for Ad-aware (second place) and 69 for Spybot (fourth place). None of those programs reported any false positives, though another popular product, Pest Patrol, suffered a whopping 10 false positives and found just 55 real spyware installs. Effectiveness is obviously the most important aspect of any spyware solution, but I'm also a big fan of Giant's user interface, which is far nicer than that of Ad-aware or Spybot, and more Windows-like. Let's take a look. A look at Giant Antispyware If you set it up correctly, you'll never see the AntiSpyware application after your first manual spyware scan, because it will sit resident in your system and automatically deal with most spyware attacks, prompting you only with pop-up windows occasionally as needed. However, Giant AntiSpyware, unlike some other spyware solutions, presents a pleasant, easily-navigated user interface that is similar, in some ways, to a Microsoft taskpad or activity center. Spyware Scanning There are three main screens. From the Spyware Scan screen, you can initiate a manual spyware scan, set scan options, and view information about prior scans. If you choose to run a scan now, Giant AntiSpyware can perform a number of scan types, including a deep scan, which scans all files and folders, and a more typical intelligent scan, which will just test common entry points for spyware. When a scan is complete, you can view the scan results and then optionally decide what to do with any found spyware; spyware can be ignored, quarantined, removed (the default), or always ignored. Real-time Protection In the Real-time Protection screen, you can configure whether the real-time protection feature is active and view the status of Giant AntiSpyware's three agent types (Internet, System, and Application). The Internet Agents prevent applications from modifying or monitoring your Internet connection and settings. The System Agents prevent against threats making unauthorized or hazardous changes to your system, including alerting security permissions. The Application Agents prevent threats from installing, deleting, or modifying Internet Explorer or downloading ActiveX controls, which can contain malicious code. Currently, these three agent types protect 58 so-called system checkpoints, entry-points in your system where malicious code can be inserted. For example, one typical checkpoint is called process execution. This checkpoint prevents spyware from executing processes (applications or services) on your PC. If an unknown process attempts to execute on your computer, the process will be blocked and you will receive an alert, which lets you remove the process. This is, possibly, the most critical function of this software: It blocks errant software from executing on your system, before it happens. From the Real-time Protection screen, you can also access information about blocked events, which are changes to your system that you have chosen to block. Advanced Tools The third screen, Advanced Tools provides you with links to numerous other functions, including System Explorers, which are system settings that are often hard or impossible to otherwise configure. For example, you may be familiar with the new Manage Add-ons functionality that is included with the Windows XP SP2 version of Internet Explorer; this feature lets you enable or disable Browser Helper Objects and other IE plug-ins. However, the Internet Explorer System Explorer in Giant AntiSpyware also lets you permanently remove such add-ons, which, frankly, is exactly what you need. There are all kinds of System Explorers in Giant AntiSpyware, and if you're interested in security, you should spend some time here. You can configure such things as which applications run when Windows starts, which ActiveX controls are installed, and which processes are currently running. It's a wonderful set of functionality that Microsoft should bubble up more obviously from within Windows itself. Other Advanced Tools include System Inoculation, which examines your PC for possible security holes; Browser Hijack Restore, which helps restore features of IE that have been hijacked by malware, Tracks Eraser, which can be used to remove the history of your activities in a surprisingly wide range of applications and system services, such as Adobe Acrobat Reader, Microsoft's Windows Common Dialog, the Google Toolbar; and Secure File Shredder, a wonderful utility that can be used to completely eliminate files from your PC using US Department of Justice (DOJ) recommendations for secure file destruction. How this product doesn't have the word "suite" in its title is beyond me. AntiSpyware pop-ups Like a firewall or anti-virus application, Giant AntiSpyware more typically makes itself known by popping up the occasional pop-up window in the lower right corner of your desktop. These pop-ups arrive when the product detects a potential spyware attack, or, by default, when it's completed a spyware scan (you can turn that latter feature off, which I recommend). Some of the pop-ups are innocuous. For example, you may upgrade a product to a newer version. In such a case, Giant AntiSpyware will typically note that an acceptable application change has occurred and let you get on with your life without having to approve the change. Some of the pop-ups, however, warn of more dangerous problems. Perhaps you've navigated to a malicious Web site that is attempting to install some spyware. Or maybe you or an application is attempting a system configuration change with which Giant Spyware is not familiar. In such a case, you're provided with information about the change and prompted to Allow or Block it. Enter Microsoft So now that Microsoft has purchased Giant and its anti-spyware solution, attention logically turns toward what the company will do with it. Previously, Microsoft had revealed that it would release an anti-spyware solution in 2005, a year ahead of the mid-2006 release of Longhorn (where its anti-spyware solution was originally set to appear). The company has internal anti-spyware and malware projects, codenamed Strider and GhostBuster, respectively, which would have fulfilled those goals, and sources I've spoken with suggest that Microsoft understands, perhaps better than anyone, how today's malicious spyware is now hooking into Windows systems and intends to rectify that situation. To date, Giant AntiSpyware has been made available as a yearly subscription fee, and my expectation is that Microsoft will continue using that model. However, that isn't, in my opinion, what the company should do. Instead, I'd like to see Microsoft offer Giant AntiSpyware free to all Windows users, as a benefit of using their OS. Frankly, it is the architectural problems in Windows that lets spyware and other malicious malware infect users' systems, and Microsoft should fix that problem for free. For now, the software giant says it hasn't yet decided on licensing and pricing. Time will tell, of course. I'll be talking to Microsoft soon about its anti-spyware plans, and the company will ship a public beta of its Giant AntiSpyware-derived anti-spyware solution before the end of January 2005, so I'll be looking at that to see whether it's any different from the product I'm already using. When those events transpire, I'll update this preview as needed. In the meantime, I'm ecstatic that Microsoft purchased Giant. They made the right decision about the anti-spyware solution acquisition. Let's hope the good decision making continues. --Paul Thurrott December 20, 2004 Updated December 22, 2004 Roger R. Cusson Computer Access Specialist Seeing Hands Enterprises - Lisbon, Maine (207) 353-5007 Skype Contact: rcusson A quote to live by: "Any program that works perfectly just hasn't been tested properly!" _______________________________________________ PC-Audio List Help, Guidelines, Archives and more... http://www.pc-audio.org To unsubscribe from this list, send a blank email to: [EMAIL PROTECTED]
