A look at Giant Antispyware
If you set it up correctly, you'll never see the AntiSpyware application after your first manual spyware scan, because it will sit resident in your system and automatically deal with most spyware attacks, prompting you only with pop-up windows occasionally as needed. However, Giant AntiSpyware, unlike some other spyware solutions, presents a pleasant, easily-navigated user interface that is similar, in some ways, to a Microsoft taskpad or activity center.
Spyware Scanning
There are three main screens. From the Spyware Scan screen, you can initiate a manual spyware scan, set scan options, and view information about prior scans (Figure). If you choose to run a scan now, Giant AntiSpyware can perform a number of scan types, including a deep scan, which scans all files and folders, and a more typical intelligent scan, which will just test common entry points for spyware. When a scan is complete, you can view the scan results (Figure) and then optionally decide what to do with any found spyware (Figure); spyware can be ignored, quarantined, removed (the default), or always ignored.
Real-time Protection
In the Real-time Protection screen (Figure), you can configure whether the real-time protection feature is active and view the status of Giant AntiSpyware's three agent types (Internet, System, and Application). The Internet Agents prevent applications from modifying or monitoring your Internet connection and settings. The System Agents prevent against threats making unauthorized or hazardous changes to your system, including alerting security permissions. The Application Agents prevent threats from installing, deleting, or modifying Internet Explorer or downloading ActiveX controls, which can contain malicious code.
Currently, these three agent types protect 58 so-called system checkpoints, entry-points in your system where malicious code can be inserted. For example, one typical checkpoint is called process execution. This checkpoint prevents spyware from executing processes (applications or services) on your PC. If an unknown process attempts to execute on your computer, the process will be blocked and you will receive an alert, which lets you remove the process. This is, possibly, the most critical function of this software: It blocks errant software from executing on your system, before it happens.
From the Real-time Protection screen, you can also access information about blocked events, which are changes to your system that you have chosen to block.
Advanced Tools
The third screen, Advanced Tools (Figure), provides you with links to numerous other functions, including System Explorers, which are system settings that are often hard or impossible to otherwise configure. For example, you may be familiar with the new Manage Add-ons functionality that is included with the Windows XP SP2 version of Internet Explorer; this feature lets you enable or disable Browser Helper Objects and other IE plug-ins. However, the Internet Explorer System Explorer in Giant AntiSpyware also lets you permanently remove such add-ons, which, frankly, is exactly what you need (Figure). There are all kinds of System Explorers in Giant AntiSpyware, and if you're interested in security, you should spend some time here. You can configure such things as which applications run when Windows starts, which ActiveX controls are installed, and which processes are currently running. It's a wonderful set of functionality that Microsoft should bubble up more obviously from within Windows itself.
Other Advanced Tools include System Inoculation, which examines your PC for possible security holes (Figure); Browser Hijack Restore, which helps restore features of IE that have been hijacked by malware (Figure), Tracks Eraser, which can be used to remove the history of your activities in a surprisingly wide range of applications and system services, such as Adobe Acrobat Reader, Microsoft's Windows Common Dialog, the Google Toolbar (Figure); and Secure File Shredder, a wonderful utility that can be used to completely eliminate files from your PC using US Department of Justice (DOJ) recommendations for secure file destruction (Figure). How this product doesn't have the word "suite" in its title is beyond me.
AntiSpyware pop-ups
Like a firewall or anti-virus application, Giant AntiSpyware more typically makes itself known by popping up the occasional pop-up window in the lower right corner of your desktop. These pop-ups arrive when the product detects a potential spyware attack, or, by default, when it's completed a spyware scan (you can turn that latter feature off, which I recommend).
Some of the pop-ups are innocuous. For example, you may upgrade a product to a newer version. In such a case, Giant AntiSpyware will typically note that an acceptable application change has occurred and let you get on with your life without having to approve the change (Figure).
Some of the pop-ups, however, warn of more dangerous problems. Perhaps you've navigated to a malicious Web site that is attempting to install some spyware. Or maybe you or an application is attempting a system configuration change with which Giant Spyware is not familiar. In such a case, you're provided with information about the change and prompted to Allow or Block it.
Microsoft Windows AntiSpyware Beta: Changes from the Giant product
So now that Microsoft has purchased Giant and its anti-spyware solution, attention logically turns toward what the company will do with it. Previously, Microsoft had revealed that it would release an anti-spyware solution in 2005, a year ahead of the mid-2006 release of Longhorn (where its anti-spyware solution was originally set to appear). The company has internal anti-spyware and malware projects, codenamed Strider and GhostBuster, respectively, which would have fulfilled those goals, and sources I've spoken with suggest that Microsoft understands, perhaps better than anyone, how today's malicious spyware is now hooking into Windows systems and intends to rectify that situation. In late 2004, Microsoft started beta testing an internal version of Giant AntiSpyware, codenamed "Atlanta," that was only a minor revision over the version Giant last released (Figure).
Since posting my initial version of this preview, Microsoft has shipped two public beta releases of what it's now calling Windows AntiSpyware (Figure). The first, which arrived in January 2005, less than a month after the Giant acquisition, was visually identical to the Giant release, but lacked a few interesting features from the original. Specifically, Windows AntiSpyware does not include the File Shredder and System Inoculation features, both of which were excellent. The result is a less full-featured Advanced Tools area in the Windows AntiSpyware UI (Figure).
"We removed the Secure File Shredder and System Inoculation tools because they were not essential, and overlap in functionality with the Microsoft Baseline Security Advisor tool," Paul Brian, the Director of Product Management for the Security Business and Technology Unit, AntiSpyware at Microsoft told me recently. "We've also removed the cookie tracking functionality because we're formulating how we want to tackle that one."
Other than that, the Windows AntiSpyware beta is very similar, visually, to the Giant product. That will change, Brian told me. "We've kept the same UI for the beta release in order to get it out quickly," he said. "We will change it. We're getting feedback from customers about what kinds of things they want to see improved, and we definitely have a lot of work to do: Localization, making it more accessible, that kind of thing. Giant wasn’t big enough to do that. But spyware is a serious enough issue that we did want to get the product out as quickly as possible. We'll improve it over time."
In February 2005, Microsoft shipped a second public beta version of Windows AntiSpyware that features "enhanced real-time protection agents, new threat categories, and improved stability and performance." It does not appear to be much different from the previous beta version.
And what about the good folks from Giant? Brian told me that cofounders Ron Franczyk and Andrew Newman and the rest of Giant are now working for Microsoft, and the entire Giant organization will eventually be working in Redmond. Franczyk and Newman are in the engineering group within the Security Business and Technology Unit, working on Windows AntiSpyware, similar to their work before the acquisition.
Licensing and pricing
In February 2005, Microsoft announced that it would provide Windows AntiSpyware to consumers for free when the final version is release. However, unlike Giant AntiSpyware, Windows AntiSpyware will only be made available to Windows XP SP2 users as one of the benefits of using that platform. A managed corporate version, first revealed in this preview, will be made available later, but will not be free. Instead, the corporate version of Windows AntiSpyware will be licensed on a subscription basis. Microsoft has not revealed the timing for the final release.
Conclusions
Like Giant AntiSpyware before it, Windows AntiSpyware is an excellent product and is inarguably the finest anti-spyware product made available thus far. Given its price (free) and its excellent functionality, Windows XP SP2 users would be crazy not to install this product, even in beta form, and leaving it monitoring their systems. However, as many spyware experts have noted, no one anti-spyware product catches all malware and spyware. For this reason, I also recommend that you download and manually run another anti-spyware product regularly. The best non-Microsoft solution is Webroot Spy Sweeper, which I use and recommend, but if you'd rather not pay for protection, the free version of Lavasoft Ad-aware is decent but not excellent. Between Windows AntiSpyware beta and one of these products, you should see a marked decrease in spyware on your systems. The best way to avoid spyware, of course, is to use a safer Web browser. On that note, I strongly recommend Mozilla Firefox over Internet Explorer.
No comments:
Post a Comment