Review:   Microsoft Programs That Aim to Rid PCs
of Unwanted Pests Are Slick but No Cure-All

01-21-2005 7:27 AM
By MATTHEW FORDAHL, AP Technology Writer

 Microsoft  Corp. created the world's most popular operating
system  _  one  that's  also heartily embraced by hackers and
virus  writers.  And  it  begat  the world's top Web browser,
which  makes  it  all  too  easy  to  mistakenly download and
install spyware, adware and other garbage.

 You'd  think  the  world's  largest software company, which
presumably  knows its own Windows and Internet Explorer code,
would  have  long  ago  come  up with something to repair PCs
possessed by malicious programs.

Think again.

 Though  Microsoft  regularly  releases  bug fixes, security
patches  and  even  the occasional virus-removal tool, it has
only  recently made programs available to help people wrangle
back  control  of  their  computers after they've clicked the
wrong  pop-up  ad,  opened  a  rogue  attachment or installed
adware-packed freebies.

 The  company  now  has two free programs to help rid PCs of
unwanted  pests.  Though Microsoft Windows Malicious Software
Removal  Tool  and  Microsoft  AntiSpyware show some promise,
they aren't close to being magic bullets.

 I  tested  the programs on a Windows XP computer I borrowed
from  my  wife's cousin. The 3-year-old PC, a Gateway running
Windows XP Home Edition, was basically unusable.

 Annoying  pop-up  windows, a sign of adware, were the least
of  its  problems. The modem dialed phone numbers even though
the  PC was hooked up to a broadband connection. It took more
than  a  minute  to  load a single Web page and often crashed
minutes later.

 Error  messages  appeared  when  I  tried  to open the Task
Manager,  a  Windows  utility that shows running programs and
processes.  It  refused  to  load Windows Update, Microsoft's
site for downloading security patches and other fixes.

 Needless  to say, the machine had not received any security
updates from Microsoft in a while.

 To  load Microsoft's Malicious Software Removal Tool, I had
to  get  it using another machine, load it on a USB drive and
install  it manually. (It's usually available through Windows
Update.)

 Once  installed,  the tool scanned the machine and reported
no problems, even though there were big problems.

 The  tool  looks  for  a  limited  number of pests, such as
"Sasser"  and  "MSBlaster,"  so  it  didn't  find  the  worm,
"Netsky.P,"  that  had infected this PC. The program, though,
will  be  updated  each month and will presumably become more
effective.

 By  building  its tool into Windows Update, Microsoft shows
it's  aggressive  about  snuffing  out pests. But it's got to
stay  up  to  date with the threats _ and send out updates as
close  to  real time as possible. Who wants to wait until the
second Tuesday of each month to fix a sick PC?

 Existing  computer  security  firms  have  nothing to worry
about _ at least for now.

 Computer  Associates'  ezAntivirus took three hours to scan
the  entire system and found 19,000 infected files. After the
worm  was  knocked  out,  the  machine  became  slightly more
stable and I could tackle the spyware problem.

 Installation  of  the  prerelease  version  of  Microsoft's
antispyware  program,  which  can  be  downloaded  free  from
Microsoft's  Web  site,  was easy. The final version's price,
if any, has yet to be announced.

 The  interface was clear and simple. I ran a thorough scan,
which  discovered  77 spyware and adware programs. I followed
the software's advice and removed them all.

  But  bizarre  behaviors  _  including  multiple  pop  ups,
unwanted   toolbars   and   generally   sluggish  behavior  _
continued.

 So  I rebooted the PC in safe mode, which limits the number
of  programs that load at startup. The theory is that if it's
not  running,  spyware can be more easily deleted. This time,
the  program  found  about  two  dozen  spyware  programs.  I
deleted those, too.

 After  rebooting  again,  the PC continued to show signs of
infection,  though it did seem less bogged down. Having spent
two   days   disinfecting   the  system,  I  broke  down  and
reformatted  the  hard  drive.  I then reinstalled Windows XP
and all its patches.

It took just 90 minutes.

 The  clean  start  gave  me a chance to try Microsoft Anti-
Spyware  in  its other role _ as protector of a clean system.
Compared  with  competing products, it did a good job and was
easy  to  use.  (There  are  modes  for  novice  and advanced
users.)

 It  continuously  monitors  59 checkpoints and alerts users
whenever  a program attempts to make a change, though some of
the  messages could do a better job of explaining troubles in
plain English.

 I  tried  downloading  and  installing  a well-known adware
program,  PurityScan.  The  security  features  in Windows XP
Service  Pack  2  tried  to get me to stop, but I ignored it.
When  the  spyware  installer was running, two windows popped
up giving me the chance to block some files from installing.

 This  time,  I agreed, but the program still showed up in a
subsequent  scan.  With  a few clicks, I successfully deleted
it.

 In  theory,  Microsoft  AntiSpyware  should get better over
time.  It's  programmed  to send reports back to Microsoft to
improve and update spyware definitions.

 The  antispyware  program  also has useful tools for easily
accessing  Windows  and  Internet Explorer settings that were
previously  hidden  deep  within  the  operating  system  and
browser.  In fact, any hijacked settings can be restored with
one click.

  Overall,   I  was  more  impressed  with  the  antispyware
program's  protective measures and simple interface than with
its  ability to cleanse existing infections. Still, Microsoft
seems  to  be  on the right path to fixing the mess caused by
the   careless   users,   malicious   programmers,  unethical
companies and vulnerable software.

If only it hadn't taken so long.
___

On the Net:

Microsoft AntiSpyware:

http://www.microsoft.com/athome/security/spyware/software/def
ault.mspx

Malicious Software Removal Tool:

http://www.microsoft.com/security/malwareremove/default.mspx