Page 2

By Larry Seltzer  |  Posted 2005-01-11 Print this article Print

This exercise demonstrates some of the differences between an anti-spyware product, which focuses on blocking behaviors, and an anti-virus product, which focuses on blocking specific patterns in files. It still would have been better to block it at the download stage. When I ran a new static scan, it found files and registry entries for PurityScan and let me delete them.

PC Magazines review of MS AntiSpyware details more troublesome problems. It fell a clear second place to their current favorite, Webroot SpySweeper, and left behind serious threats that SpySweeper then cleared off.

I had one other problem, a false-positive result. I have one IE Favorites folder containing sports links to sites such as ESPN and MS AntiSpyware tagged all these links (the actual .url files) as "Adultlinks.QBar." Theres no explanation of this, and I dont believe it, but the description of Adultlinks.QBar is a dire one: "High threat—High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us[sic] a security flaw in the operating system to gain access to your computer."

Microsoft actually publishes their criteria for designating a program as a threat in MS AntiSpyware. Many of these criteria correspond to specific "agents" in the program, which are behaviors that MS AntiSpyware is watching for. You can manage and deactivate these specific behaviors.

Giant was probably able to get away with problems that will attract scrutiny in a Microsoft program, so I wouldnt expect this program to keep its reputation under Giant. Its hard to judge anti-spyware products, partly because there are no standard test suites and certifications as there are with anti-virus. But one of the things we needed was for Microsoft to take the problem seriously, so were on the right track now.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog. More from Larry Seltzer

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel