On 16 December 2004 Microsoft announced its acquisition of Giant Company Software, Inc., a provider of anti-spyware and Internet security products. The company started working on incorporating Giant's technology into a new product, called Microsoft Windows Anti-Spyware. The first beta of this new product is available for download from today.
The beta software scans a user's PC to locate spyware and other software threats and enable customers to remove them. It is available for Windows 2000 and later, including Windows XP Home Edition and Windows XP Pro.
According to the Beta webpage, "the technology helps protect Windows users from spyware and other potentially unwanted software. Known spyware on your PC can be detected and removed. This helps reduce negative effects caused by spyware including slow PC performance, annoying pop-up ads, unwanted changes to Internet settings, and unauthorized use of your private information. Continuous protection improves Internet browsing safety by guarding over 50 ways spyware can enter your PC."
To install the Microsoft Anti-Spyware Beta the users must be logged in as an administrator (or part of the Administrator group). After installing the Beta it starts a Wizard that walks the user through a set of configuration dialogs, including setting up a real-time scanner (screenshot), Spynet (screenshot), and scan settings (screenshot).
According to the on-line help, the SpyNet (screenshot) community "plays a key role in determining which suspicious programs are classified as spyware. Microsoft researchers quickly develop methods to counteract these threats, which are automatically downloaded to your PC, so you stay up-to-date."
The real-time scanner can be turned on and off by right-clicking an icon in the system tray. It can be configured to catch three different types of threats:
Internet Agents (monitor dial-up connections, Wi-Fi, Internet safe sites, Winsock layered service providers, Windows Messenger Service, Spam Zombie, Internet Proxy Server, Name Server protection, TCPIP parameters) (screenshot).
System Agents (monitor Hosts file, Windows services, Context Menu Handler, Windows Shell Execute, Windows Shell Open and system.ini file) (screenshot).
Application Agents (monitor process execution, running process, startup files, startup registry files, ActiveX installation, browser helpers, Internet Explorer bars, Internet Explorer extensions, Internet Explorer toolbars, Internet Explorer URLs, script blocking, Internet Explorer security settings, Internet Explorer 3rd party cookies, Internet Explorer plugins, Internet Explorer security zones, Internet Explorer ShellBrowser, Internet Explorer trusted sites, Internet Explorer WebBrowser, URL searh hooks, Internet Explorer menu extensions, Disable regedit policy, Internet Explorer Web settings, Internet Explorer restrictions, Application restrictions and Installed components) (screenshot).
Even activities like filename change can be caught by this real-time scanner, when executed from within a batch file without user knowledge (screenshot).
The software offers some "Advanced Tools", like Browser Hijack Restorer (screenshot), Track Eraser (screenshot) and System Explorers (screenshot) which lists downloaded ActiveX components, running processes, startup programs and more.
There's an automatic update feature that can check for new updated signature files (screenshot) and install automatically or manually.
The software allows for manual and scheduled (screenshot) scans. The scan have the Quick and Full System options. After the scan a results page is presented, with a summary, an entry explaining the threat and a selection of actions, including Ignore, Quarantine, Remove, Always Ignore (screenshot). There's an option to set a Windows XP restore point, just in case things go a little wrong here.
I was expecting to see one or two entries in my results. Norton Antivirus and LavaSoftware AdAware always find Alexa Toolbar in my system (I have it), but never complained of BearShare. I have an old version and manually removed some of the installed software, including WhenU.SaveNow. While LavaSoftware AdAware never complained about this software, Microsoft Anti-Spyware found the entries and pointed them. Also, it found another program, called RadLight, which was installed by CNET Downloads when I've decided to download (the only time!) a program from download.com (which installed Kontiki, which is also listed).