MSAS experience

  • Thread starter Thread starter Robert Armstrong Jr.
  • Start date Start date
R

Robert Armstrong Jr.

Have used this software off and on since it was offered. Seems to work
fine, but I can't help but feel it is missing something as it is a beta.
Every time I check my system out, it is clean, so it must be doing a good
job or I am incredibly safe when I surf the web.

To play it safe, I have decided to add SpySweeper 4 to my system for a
just-in-case issue. They play well together and I hope what one misses the
other catches. Does anyone else use a combination like mine or suggest
another program? Thanks for your input.
 
Good morning Robert;


From: "Bill Sanderson" this is a very interesting post:

Here's a test for you. There's been some discussion of providing the
equivalent of an EICAR test for Microsoft Antispyware, and I have hopes that
something like that will be provided for the beta2 product.

In the meantime--here's a harmless test which still works at this writing
and 5757 definition levels:

Go to a command prompt in the Windows or WINNT folder, depending on your
Windows version.

md winlogon.exe <enter>

i.e. create a subdirectory called "winlogon.exe" (this is a real-life
example--an antivirus product uses this technique to "innoculate" against a
particular bug.)

Watch what happens. You can choose allow or remove, neither has any useful
effect. Don't choose always ignore unless you want to go looking for the UI
to reverse that which is an an oddball location.

Simply RD winlogon.exe to get rid of the alert(s.)

This doesn't really answer your question, except to show you what a genuine
alert about a known threat looks like.

Microsoft Antispyware continues to score at or near the top of the list in
comparative reviews against comparable products. There's been a lot of
change in this market of late, and it'll be interesting to see a good
comparative review in say January of next year, maybe.

There are posts daily here which lament the fact that Microsoft Antispyware
hasn't found anything on a given system, while xyz antispyware finds
something new daily.
There's a problem with false positives in antispyware programs. Every
program has this problem, but some of them exploit it to make themselves look
better. Generally, these end up on Eric Howes list of rogue antispyware
apps, and we can discount their results. Since this is a hotly competitive
field, with no long-term industry information sharing (unlike the antivirus
field)--there are no accepted definitions for a given threat--vendors differ,
both in what they detect, and how a given threat is defined.

Yes--it does detect things--they collect the results via Spynet for about
(half??) the installations? It'd be nice to have somebody quote some of
those results for this beta--I think we'd all be impressed at what's been
accomplished in terms of cleaning systems.

Like you, I almost never see anything "real"--but I'm pretty much a nose to
the grindstone sort of guy--don't venture out of the beaten path much, and
the offices I work with seem to be similar. Lots of folks in these groups do
see useful cleaning and write in about it daily, though.

Engel
 
Hi Robert

I for one use antispyware progs in addition to MSAS - noteably SpyBot S&D
and Adaware SE. This is not so much out of a distrust of MSAS as for
comparison purposes. Like yourself they don`t ever find anything nasty simply
because my surfing habits are confined to those sites I know I can trust.
However, I feel its nice to have the reassurance at this stage until MSAS
comes out of Beta. I have great faith in the programme which, for me, has
installed and run well for a Beta product - guess I must be one of the
luckier ones.

Stu
 
I have been using Trend Micro PcCillin 2006 Beta and I have found it to be
in excellent shape for a beta. As to what a second program should be There
are many good ones around and I would not want to pick 1. Most of them can
be tried and/or used for free, so I would sugggest you try them and pick the
one you like best.
Ira



: Have used this software off and on since it was offered. Seems to work
: fine, but I can't help but feel it is missing something as it is a beta.
: Every time I check my system out, it is clean, so it must be doing a good
: job or I am incredibly safe when I surf the web.
:
: To play it safe, I have decided to add SpySweeper 4 to my system for a
: just-in-case issue. They play well together and I hope what one misses
the
: other catches. Does anyone else use a combination like mine or suggest
: another program? Thanks for your input.
:
:
 
Hi Robert;
Yes, I'm using exactly that combination of Anti-Spyware products, and I've got
to say it works pretty well for me. Basically my choice of SpySweeper was made
due to nothing other than I got the retail version for free at the San Francisco
RSA conference back in January and spywarewarrior recommends the product. The
only conflict I've seen is that SpySweeper 4.0 updates the Hosts file with a
small subset of malicious sites re-directed to localhost (127.0.0.1).
Apparently these additions get distributed with the signature updates, and of
course realtime protection in MSAS picks up the Hosts file change.
Unfortunatly, and I think because I have a multiuser environment and MSAS
doesn't support multiuser yet, I get notified many times over about the latest
Hosts addition which is the same as the previous additon. Hope to have that
change in MSAS Beta 2. The Beta of SpySweeper 4.5 will allow a larger number of
Hosts file entries... though some on this forum would recommend against any
Hosts file additions beyond the MS default of localhost. I personally, don't
have a problem with it, as long as I'm aware of where they're coming from.
 
Thanks to all who replied and I appreciated your input. I believe I will
stay with MSAS along with SpySweeper and WOC beta. I have beta tested for
the past 4-5 years and so far these beta's have seemed to be the most stable
and useful. Thanks again and I hope you all have a great weekend.
 
I use SpySweeper along with MSAS. The only small problem seems to be that
MSAS picks up a "Hotbar" adware each night during the two AM scan, but can't
seem to remove it. SpySweeper ignores it.
 
Back
Top