It's easy to install and manage. It offers strong real-time protection. But it'll need tweaking before enterprises...
can make practical use of it. That's how some IT professionals assessed Windows AntiSpyware after playing around with it for a couple days.
"The real benefit is that it's exceptionally easy to use. From a user perspective, it's easy to install and get going and is automated," said David Gnall, technical architect for Windham, N.H.-based Internosis, which specializes in Microsoft-based IT services. "But this is really more geared toward home users than enterprise users."
What would it take to make AntiSpyware useful to enterprises? The ability to monitor suspicious activity on the entire network from one location would be a major improvement, Gnall said. "You need something that will allow you to monitor the entire network without having to walk from one desktop to the next," he said. "I want to be able to get a full network-wide report on which machines are getting hit and what the impact is on the whole network."
Microsoft released the beta version of AntiSpyware Thursday. Based on technology acquired from Giant Company Software Inc. last month, the program will "help reduce negative effects caused by spyware, including slow PC performance, annoying pop-up ads, unwanted changes to Internet settings and unauthorized use of private information," the company said. It is available for Windows 2000 and later versions.
The software giant will wade deeper into the antiviris/antispyware business this week with the rollout of a malware-removal tool that consolidates other programs released last year. It will be updated each month on Patch Tuesday.
While some believe improvements are necessary before AntiSpyware can become a practical tool for enterprise users, those who have tried it are impressed so far.
"My first impression is good… there are more features than I expected," said Bradley Dinerman, technical operations manager for Newton, Mass.-based IT management firm MIS Alliance Corp. "I like that it has real-time protection; that it's not a manual scanner. There's also a tool called 'Browser Hijack Restore.' If you get spyware, this will help you restore things to the way they were."
Dinerman also likes that AntiSpyware allows users to become part of the worldwide SpyNet community. Microsoft describes SpyNet as a voluntary network of users "that helps uncover new threats quickly to ensure everyone is better protected." Any user can choose to join SpyNet and report potential spyware to the software giant.
"If the software encounters what it thinks is a new form of spyware on your computer, the program alerts Microsoft," Dinerman said. "And it's not forced on you. It's an option. It's a community that connects networks together to identify and report new threats in real time. It's like a neighborhood watch program."
Microsoft said the combination of AntiSyware and SpyNet is critical to determine which programs are truly unwanted -- a challenge given the ferocious spread of new spyware and other unwanted software.
That challenge is evident in the numerous "false positive" reports the Bethesda, Md.-based SANS Internet Storm Center (ISC) has received in recent days. The center said AntiSpyware has tagged wanted programs like WinPCAP, RealVNC and others as spyware. There are also reports it is labeling anything non-Microsoft hooked into Internet Explorer as a threat, such as the Google toolbar.
ISC Director Marcus Sachs said he installed AntiSpyware without difficulty. He said in an e-mail that AntiSpyware's daily notification of updates is "nice," the update feature is "excellent" and the explanation of threats found is "great."
"I am absolutely thrilled that [Microsoft] will identify the company that created the spyware/adware that it finds, but I wonder how their lawyers prepared for the inevitable defamation charges that will be sent their direction," Sachs said.
He said the program has other useful features that should be more clearly pointed out. "There are some really nifty host-based intrusion detection capabilities that are not mentioned when you install it," he said. "It's good to have, and they should be pointed out at install time."
He also noted that the tool does not detect browser helper objects (BHOs), "which would be a nice improvement."