In December 2004, Microsoft purchased GIANT Company Software, a small Chicago-based development house whose excellent antispyware package, GIANT AntiSpyware, had flown under the radar of most people in the industry. However, GIANT AntiSpyware is demonstrably more effective at finding and stopping spyware infestations on client computers than better-known products, such as Lavasoft Ad-Aware and Spybot Search & Destroy. Now that Microsoft is offering GIANT's product, renamed Microsoft Windows AntiSpyware (Beta), along with related tools to combat malicious software (malware), Windows users soon will be much better protected against electronic attacks than ever before. Even more important, perhaps, is the news that Microsoft also will ship a more enterprise-oriented version of the software sometime this year. Here's what you need to know about Windows AntiSpyware.
The Technology
Before entering the antispyware business, GIANT developed an enormously successful antispam product called Spam Inspector. When the spyware threat became obvious in 2003, the company turned its attention toward the problem and discovered that, although spyware does indeed share some characteristics with spam, an effective antispyware solution needs to be more proactive and can't rely on a database of definitions, as spam products often do. Spyware, a type of malware that can hijack your browser or your entire PC, bombard you with advertisements for online scams, surreptitiously change system settings, and even steal your personal data, is quickly becoming one of the most annoying and problematic electronic attack types, thanks in part to the insecure nature of Microsoft Internet Explorer (IE).
GIANT created an antispyware product that battles spyware on multiple levels. First, like other antispyware products, it includes a manual spyware scanner that finds and removes spyware lodged on your system. Second, it uses a real-time scanner that prevents new spyware from installing on your system: When the tool detects a change in a registry or boot-time setting or some other configuration change that might signal a spyware attack, the tool warns the user and gives him or her a chance to allow or block the change. Third, and perhaps most crucial, GIANT's—and now, Microsoft's—antispyware solution relies on the user community to help determine what is and isn't spyware. As users allow or deny access to certain applications, the tool updates a massive database at Spynet.com, a network of computer users who have agreed to forward information about spyware. The tool uses that information to more effectively identify future spyware attacks.
Now, with Microsoft backing the product, Windows AntiSpyware will likely yield even more impressive results because the hundreds of millions of people who use Windows products will be giving feedback to Spynet. And because GIANT was working on a more deployable and easier-to-manage enterprise version of its antispyware product—a version that integrates with Active Directory (AD) that it planned to ship in early 2005—Microsoft's enterprise version likely will be ready by late 2005.
Using Windows AntiSpyware
As I write this, Windows AntiSpyware is available as a public beta, which you can download at http://www.microsoft.com/spyware. Windows AntiSpyware is nearly identical to GIANT's most recent version, which shipped in late 2004. The product provides spyware scanning and removal and includes several scan types, such as deep scanning (which scans all files and folders) and the more commonly used intelligent scan (which checks only common entry points for spyware). It also continually monitors your system, looking for configuration changes that might signal a spyware attack.
Windows AntiSpyware includes several advanced tools, although the beta version I'm using has only a subset of the advanced toolset that GIANT offered. Microsoft's beta release supports only the System Explorers feature, which lets you view and customize system settings that are often hard or impossible to otherwise configure; the Browser Hijack Restore feature, which can reset browser settings if you've fallen victim to a browser hijacking; and Tracks Eraser, a privacy-protection feature that removes the history of your activities in a wide range of applications and system services, such as Adobe Acrobat Reader, Microsoft Windows Common Dialog, and the Google Toolbar.
GIANT's version of AntiSpyware also included System Inoculation, which examines your PC for possible security holes, and Secure File Shredder, a wonderful utility that can completely eliminate files from your PC in a way that meets US Department of Justice (DOJ) recommendations for secure file destruction. Microsoft likely will return the latter two features to the product by beta's end. For more information about Windows AntiSpyware, read the sidebar "Microsoft's GIANT Potential," page 34.
Licensing, Pricing, and Timing
Windows AntiSpyware runs on Windows Server 2003, Windows XP, and Windows 2000. At the time of this writing, Microsoft hasn't announced licensing or pricing information for the product's final release, which will probably ship about the time you read this. The company will likely provide subscription-style pricing for Windows AntiSpyware, as GIANT did for its version.
Recommendations
Because of a rash of spyware-related attacks, I began evaluating spyware products in mid-2004 and concluded that GIANT AntiSpyware was the best solution available. I'm pleased that Microsoft purchased GIANT and hope that the new beta version continues to improve. The currently shipping version of Windows AntiSpyware is designed for unmanaged environments. We'll likely see an enterprise version by late 2005. If it's as good as the client version, Windows-oriented shops will soon have an excellent new security solution that they should quickly implement.
