Grading Microsoft's AntiSpyware

Let's face it, my PC can catch a virus, become infected with worms, bugged by spyware, or simply overloaded by a deluge of spam. Admittedly our immune system and biological viruses have taken millions of years to evolve to their present state (and the PC and its viruses are relatively new) but as far as I know there is no sicko out there making designer viruses to bypass my immune system.

I admit my PC has antivirus software that does a pretty fair job, particularly when it is coupled with anti-spam software and anti-spyware. I'm happy with my anti-virus software and, well anti-spam is out of my hands, looked after by RMIT's ITS department.

My experience with anti-spyware, however, has not been great. I've had Ad-Aware from Lavasoft on my PC for quite a while, and on the whole it's been OK. It appears though, that I have been quite lucky when compared to some of my colleagues who were caught out when Ad-Aware did not detect some annoying spyware in a timely manner.

It did appear that the updates lagged behind the spyware a little more than I would have liked so when Microsoft announced their own anti-spyware, perhaps not surprisingly called AntiSpyware, I thought I would give it a go.

In a small office environment like the Test Lab, or at home on my own PC, I found the software to be surprisingly good. Installation and configuration are very simple. The interface is about as user-friendly as you could get with clear colourful icons and each function is clearly explained.

The software also has quite a rich feature set for a SOHO environment with real time protection as well as a manual scanner that can be scheduled.

Rather than just block or ignore suspicious activities such as a registry update or attempts to run a VBS file, a pop-up informs the user of the action with a short description of the application making the request. The user can then decide to allow or disallow the action. Of course known spyware is blocked but then again you can also set up a table of specific activities to ignore and, if you are unlucky enough to have your Internet Explorer browser hijacked, there is a Hijacked Browser Restore tool.

The user can also voluntarily connect to a "worldwide SpyNet community". If the software detects what it thinks might be a new threat, Microsoft is informed as well as the wider community.

Now you may have noticed that I've only been referring to features from a SOHO point of view, and that's because in the enterprise space the software is missing a few critical features.

Just one simple addition would make me happy--a tool that could monitor the activity of the anti-spyware on the systems across the network so I could monitor spyware activity and assess the threat and impact on my network.

While on the topic of PC nasties, several years ago in my Lab notes column I talked about the possibility of viruses targeting car management computers. The problem at the time was that the only access to the computer was through the diagnostic tools at your local mechanic, which at that time was cause of concern because it was a highly ineffective vector for the spread of viruses.

We now have a direct wireless link to many cars such as the Lexus and BMW in the form of the Bluetooth mobile phone connectivity offered on some cars. There are already mobile phone viruses that infect Symbian-based phones, so it's not much of a stretch to imagine a mobile phone delivering a virus payload to your car.

So if your Lexus or BMW Navigation system directs you to Frankston instead of Carlton drop me a line.

Steven Turvey is lab manager of the RMIT IT Test Labs. He can be reached at stevet@rmit.edu.au. This article was first published in Technology & Business magazine. Click here for subscription information.