This exercise demonstrates some of the differences between an anti-spyware product, which focuses on blocking behaviors, and an anti-virus product, which focuses on blocking specific patterns in files. It still would have been better to block it at the download stage. When I ran a new static scan, it found files and registry entries for PurityScan and let me delete them.
PC Magazines review of MS AntiSpyware details more troublesome problems. It fell a clear second place to their current favorite, Webroot SpySweeper, and left behind serious threats that SpySweeper then cleared off.
Microsoft actually publishes their criteria for designating a program as a threat in MS AntiSpyware. Many of these criteria correspond to specific "agents" in the program, which are behaviors that MS AntiSpyware is watching for. You can manage and deactivate these specific behaviors. Giant was probably able to get away with problems that will attract scrutiny in a Microsoft program, so I wouldnt expect this program to keep its reputation under Giant. Its hard to judge anti-spyware products, partly because there are no standard test suites and certifications as there are with anti-virus. But one of the things we needed was for Microsoft to take the problem seriously, so were on the right track now. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog. More from Larry Seltzer
I had one other problem, a false-positive result. I have one IE Favorites folder containing sports links to sites such as ESPN and MLB.com. MS AntiSpyware tagged all these links (the actual .url files) as "Adultlinks.QBar." Theres no explanation of this, and I dont believe it, but the description of Adultlinks.QBar is a dire one: "High threatHigh risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us[sic] a security flaw in the operating system to gain access to your computer."