Serious flaws in Microsoft AntiSpyware review
Thursday January 13, 2005
Walter S. Mossberg, a columnist for the Wall Street Journal, recently penned an article titled "Free Microsoft Program To Battle Spyware Has Some Serious Flaws".
Mossberg, who was quick to jump on the 'dump IE' bandwagon as a preventative for spyware infection, now contends it's a serious flaw that Microsoft AntiSpyware doesn't protect the Firefox browser from spyware threats - claiming that it "smacks of favoritism toward Microsoft products".
He raises similar objections to the sites Microsoft uses to reset the user's Internet start and search pages in the event of a homepage hijacker. By default, Microsoft AntiSpyware uses the same sites designated in the Windows operating system. (But an option in Advanced Tools | Browser Hijack Restore will allow users to change these defaults to their preferred sites). Conversely, Mossberg's preferred program - Spy Sweeper - resets the user's home and start page to whatever settings were in place when the Spy Sweeper program is installed. Users who were already infected with a hijacker when Spy Sweeper was installed risk having their restore defaults point to the hijackers' webpages.
Cookies are another source of indigestion for Mossberg, who complains that "the Microsoft program deliberately doesn't look for these." But the detection of so-called tracking cookies is murky at best. After Spy Sweeper scanned my system and warned me that a handful of cookies (identified by Spy Sweeper as 'Spyware Found') were 'capable of tracking Web site visitors and their personal preferences", I made copies of the alleged miscreants and let Spy Sweeper remove the originals. I then emptied the cookie files of all data and placed the empty files back in my cookies folder. A subsequent scan with Spy Sweeper once again revealed 'Spyware Found' and my now completely barren cookies were still described as risks 'capable of tracking...'
Mossberg also gripes that "Microsoft tries to get you to verify that your copy of Windows isn't pirated". To do this, Microsoft has an optional 'validate Windows' procedure as part of the download process. On this point we agree - even if you choose to opt out of the validation, the extra step is annoying. But it is a clearly defined 'Yes' or 'No' option.
Spy Sweeper, on the other hand, asks the user for the product serial number at the beginning of the install, but then forcibly directs them to the Webroot website after install. The site instructs the user to enter their name, company name, address, telephone number and email address as part of the Spy Sweeper registration process - but never informs them that this step is optional.
Mossberg's column is available online to Wall Street Journal subscribers only and requires a user name and password to access. The WSJ privacy policy, which describes how personal information is collected and how it is used, can be read here.
Mossberg, who was quick to jump on the 'dump IE' bandwagon as a preventative for spyware infection, now contends it's a serious flaw that Microsoft AntiSpyware doesn't protect the Firefox browser from spyware threats - claiming that it "smacks of favoritism toward Microsoft products".
He raises similar objections to the sites Microsoft uses to reset the user's Internet start and search pages in the event of a homepage hijacker. By default, Microsoft AntiSpyware uses the same sites designated in the Windows operating system. (But an option in Advanced Tools | Browser Hijack Restore will allow users to change these defaults to their preferred sites). Conversely, Mossberg's preferred program - Spy Sweeper - resets the user's home and start page to whatever settings were in place when the Spy Sweeper program is installed. Users who were already infected with a hijacker when Spy Sweeper was installed risk having their restore defaults point to the hijackers' webpages.
Cookies are another source of indigestion for Mossberg, who complains that "the Microsoft program deliberately doesn't look for these." But the detection of so-called tracking cookies is murky at best. After Spy Sweeper scanned my system and warned me that a handful of cookies (identified by Spy Sweeper as 'Spyware Found') were 'capable of tracking Web site visitors and their personal preferences", I made copies of the alleged miscreants and let Spy Sweeper remove the originals. I then emptied the cookie files of all data and placed the empty files back in my cookies folder. A subsequent scan with Spy Sweeper once again revealed 'Spyware Found' and my now completely barren cookies were still described as risks 'capable of tracking...'
Mossberg also gripes that "Microsoft tries to get you to verify that your copy of Windows isn't pirated". To do this, Microsoft has an optional 'validate Windows' procedure as part of the download process. On this point we agree - even if you choose to opt out of the validation, the extra step is annoying. But it is a clearly defined 'Yes' or 'No' option.
Spy Sweeper, on the other hand, asks the user for the product serial number at the beginning of the install, but then forcibly directs them to the Webroot website after install. The site instructs the user to enter their name, company name, address, telephone number and email address as part of the Spy Sweeper registration process - but never informs them that this step is optional.
Mossberg's column is available online to Wall Street Journal subscribers only and requires a user name and password to access. The WSJ privacy policy, which describes how personal information is collected and how it is used, can be read here.
No comments yet. Leave a Comment