Microsoft “AntiSpyware” First Look

Microsoft released a beta of AntiSpyware this morning. I’ve been pretty anal about spyware for quite some time, so I of course decided to give it a look. I personally use a few products on a regular basis. Spybot S&D, LavaSoft Ad-Aware, and Spyware Blaster are my regular arsenal. I use them all and trust them all. Each has their own advantage. The combo of the 3 is my secret recipe for a clean computer (of course mixed with a firewall or 2, and a good virus scanner). And of course Firefox.

Here are a few observations I had:

  • Seems to be a rebranded “Giant Anti-Spyware”. If you used GIANT before, you’ll pretty much be seeing it rebranded. No revolutionary changes are apparent.
  • Advanced tools remind me of Spybot S&D a bit. The ability to explore advanced settings etc. It claims it can restore IE after it’s hijacked. I’ve yet to try this (don’t really plan on it, as I use Firefox).
  • Has “realtime protection”, so it sits in the system tray… not exactly original, but good that it’s active, and doesn’t require a user to initiate the response to spyware. Since users don’t appear to really care so much.
  • Requires Microsoft Windows 2000, Windows XP, or Windows Server™ 2003 according to the website


Oh, I’ve got a few gripes.

Price – No official pricing has been mentioned, but the website makes very clear they are talking about the beta when it says it’s a free download. There’s no mention of the product itself. Part of the problem with spyware/adware/mailers is that they are harming the Internet as a whole, not just the user infected. I’m curious why there’s no mention of the release being free?

2000, XP, 2003 only supported – This bugs me quite a bit as well. There are many 95, 98, ME users out there with this problem. Their computers are clogged with this garbage, and clogging our inboxes with spam becuase they are loaded with mailware. But unless they pay for an upgrade to XP, we have to live with that.

Definition of Spyware? – The product fails to clearly differentiate between the different types of problems one may have. For example as many on slashdot noted, VNC is considered Spyware. While it can indeed be used to monitor usage, it’s quite often installed by the user (or the network administrator). Why is VNC considered Spyware, but Windows XP Pro’s “Remote Desktop” DLL’s not considered Spyware? Remote Desktop provides very similar functionality. Both are installed on my computer. Both aren’t running during the scan, but VNC is still detected. “Remote Desktop” is not. Are Microsoft products white listed? What about partners? Who decides? What ichecklist do they use? Is the author of the product a factor?


This isn’t to say you shouldn’t run Microsoft Windows AntiSpyware. It will provide some benefit. But I would still recommend running at least 1 other product at least once a week to keep your computer clean. Not to mention a virus scanner, and a firewall.

I’m personally disappointed at Microsoft’s policy of “security costs extra”. Please correct me if I’m wrong, but there’s no mention of plans to deploy this to all windows users using “windows update”. There’s nothing stating the final version will be free, only the beta. There’s no mention of the criteria for spyware that the definition authors use when creating definition updates for the product. And of course, quite a few users with Windows 95, 98, ME are left out in the cold, simply because they can’t pay hundreds for an upgrade (assuming their hardware can handle it).

I personally feel Security should be included at no extra effort or charge to the end user. It’s not a “bonus feature”, “extra”, “pro tool”, “option”, “reloaded”, or any other silly term for add-on. It’s something that a paying user deserves.


Did Microsoft try to kill iTunes?

No clue, but it sure does sound strange. I’m curious what exactly the update was? There’s no mention of what specific update, only that it was something that applies to SP2.


Microsoft Supports Firefox

Microsoft provided Firefox ScreenshotThe Associated Press just plain rocks. The image from Yahoo (link will brake over time as usual) has this great text under it:

This photo provided by Microsoft shows Their search tool and the preference rankings that can be defined by the user. (AP Photo/HO/Microsoft)

[Source: Yahoo! @ 11/192004 5:20PM EST]

Just wonderful to see that Firefox has spread as far as Microsoft. Even Microsoft uses Firefox a bit.


Microsoft Changes their Mind: Continues patches for non-XP IE

Contradicting a few days ago, according to The Channel Insider, Microsoft will be releasing some IE patches for non-XP systems.

…But company officials privately told a select group of developers earlier this year of plans to port some of the IE-specific fixes to the version of IE 6 for Windows 2000 (Service Pack 5 update).

It also told some partners that it was “considering strongly” the idea of making the IE-specific SP2 fixes available for Windows NT, Windows 98, Windows 98 Second Edition and Windows Millennium Edition.

[Source: The Channel Insider | Emphasis mine]

We need to start running

We need to take this, and get working. ASAP. Lets take a quick look at this:

Most companies are still using Windows 2000. The cost of upgrading hundreds, or thousands of workstations is astronomical. Not to mention testing (and potentially upgrading) other internal software to be compatible with it, and possible hardware swaps. Windows 2000 proved pretty stable for companies (that never used a Mac), so they stayed. Why pay for XP, and go through the effort, when there’s no advantage?

Most XP features are already done through third party software, such as Timbuktu. There’s no advantages in XP for them.

So now that there’s no new security updates for Windows 2000, what should a company do?

I think now is the time to make it clear to companies. We need to make this a big priority. IMHO the following would be a good idea:

  • Section on dedicated to corporate use.
  • Create a .msi of 1.0 for easy deployment (even if it’s manually created for now until such a feature can be automated).
  • Literature. We need PDF’s, and lots of stuff to persuade. Something an IT professional can print out and send around the office with ease. Something a CIO can read on the train while going home from work. Professional white-papers.
  • Case Studies

This effort can double for the education market.

Remember: Many credit Netscape’s success to it being adopted in the office. Then when the office switched to IE, people decided to do the same at home (“the IT guys know what’s best about computers”).

If we want the market, we need to meet the market’s needs. We have a kickass product now. The next step is to show them why our product kicks ass, and how it meets all needs.

Tech (General)

It’s time for an international standard on Instant Messaging

Well, actually it’s well past time. Instant Messaging has all the earmarks to be the communications of the future, and it royally stinks.

Problems today:

  • Networks don’t communicate together, hence locking users in (MSN, AIM, Yahoo!)
  • Phones don’t Text Message (same as IM essentially) across networks. Barely from net to phone.
  • Each has proprietary ‘extras’ (file transfer method, voice chat, web cam, pictures, etc). Far from standardized.

I think it’s time for the IETF to write up an official recommendation for Instant Messaging.

Here’s my wish list:

  • UTF8 encoding for all messages
  • XML messages. Adds capabilities to easily integrate with other systems (since XML is the way of the future). Stylesheets define how it appears.
  • MathML support – for those wanting to get geeky.
  • SVG Graphics – why not? Slim, clean, XML. This could be used for multiple things: Emoticons πŸ™‚ for example could be sent via SVG. Things like whiteboard (which allow you to draw and have the other party see what you draw) could be done in SVG.
  • Of course, an open standard, like Email. Cross platform, many clients, no licensing restrictions. So everyone can enjoy it.

With this, there’s a lot of flexibility. Using XML as a message format, rather than HTML, allows for a stylesheet to render it pretty. A person with a vision impairment could have a product read the XML directly. You could honor a stylesheet provided by the person you are talking too, download them online, or create your own. Big text? Small text? Color contrast? All in your control. And with SVG emoticons, they can resize appropriately without losing quality. Phones can resize as necessary thanks to custom stylesheets.

It’s a real shame it hasn’t happened yet. There’s no great IM clients. The protocols all have their limitations (AOL stinks behind firewalls, Yahoo’s got minimal users, MSN is spam ridden). All the current systems stink. Their clients are even worse. AOL’s adware, MSN’s buggy client (and terrible Mac client), Yahoo’s terribly slow development.

Look at all the IRC clients available. So many, each with their own features, toys, ehancements. All working together.

Yes, I do hate IM’s as of today. But imagine what could be done? It could be as universal as email. Secure, fast, flexible framework. But instead, we’ve got garbage to date.

The time for standards in IM is now. It’s only going to get more proprietary from here on out. And lock users into their networks.

Oh… spam prevention built into the protocol would be nice. Lets avoid another Email like spam attack.

Just my $0.02


Microsoft Software Update CD (FREE!)

This is actually a legitimate offer. Microsoft is offering a free CD. Granted it’s slightly out of date (October 2003), I’d still recommend getting a copy. That way next time you restore your computer, you don’t need to wait for the download of all those updates (especially if another virus attacks windowsupdate or

Also good to loan to someone who isn’t very good with keeping their computer up to date. I know I’m sure I’ll end up passing it along. Remember. Helping others cure their exploits means one less computer being used for evil on the network.

A good way for Microsoft to convince people their OS is secure may be to keep offering such Free CD’s. And encourage people to burn copies for friends. It’s not like someone will abuse it. They make them freely available for download (or mail them at no cost). It’s still their copyrighted works. They still own the patents and all rights to it. They don’t lose a penny. Just lowers their distribution costs in such a campaign.

Would be a good idea for them to do.

Thankfully Apple at least makes software updates easy. It lets me know when they are available. I update, reboot, that’s it. And the server is always fast. Doesn’t overwhelm me with info I don’t care about (well I care, but I know most won’t). Doesn’t tell me what can be installed when, or what goes first/last. Just does it. Pure beauty.

But this campaign could help Microsoft a bit.

Thanks to Marc Rust for the info.


Microsoft Soure Code Leaked

Various sources are claiming that Microsofts Windows 2000 and Windows NT source code has been leaked.

Should be interesting to see how much code they ripped off of Linux. Perhaps even SCO!

Would also be interesting to see how many security issues are found in their already-proven-vulnerable code. Hackers find hundreds without the source. With the source, I’d expect 10X the security risks.

On another note, someone seems to have posted the source code to Apple’s Darwin πŸ˜‰

Tech (General)

Microsoft and Standards

Microsoft recently redesigned their website (at least their homepage). As you may know, they aren’t a big backer of standards.

Look how well their page validates.

This concludes this episode of Microsoft-doesn’t-care-about-technology.

Validating as XHTML is even more fun.

Apple isn’t perfect, but isn’t to bad either.

This website is fine though πŸ™‚

Go standards!


Mozilla Vulnerable

Mozilla is partly vulnerable to the latest web browser security hole, as reported by Mozillazine.

Patch already exists. Should hopefully be in soon. I have a good feeling Mozilla will beat Microsoft to the fix. IIRC Microsoft is taking the month off from patches, while it figures out the whole update system.