MS Antispyware Feedback

Summary: ProductFeedback about Microsoft Antispyware

"Alt-Tab replacement" bug

1. Install the Alt-Tab replacement powertoy.
2. Start MS Antispyware, and minimize it to the systray.
3. Press and hold Alt + Tab , and you will see a funny window.

It sometimes appears, but not always, there is an image that shows it here : http://www.gurlinet.dk/images/antispyware-bug.png
Maybe it is a bug in the Alt-Tab replacement powertoy. -- GurliGebis
Since it shows the ScreenShot of a window I don't think its a bug in the Alt-Tab replacement powertoy, but you never know. -- CRPietschmann
Answer: Known bug (it's a window being drawn "off" the desktop), being worked on for the next release -- JonathanHardwick
Update: This should now have been fixed -- can anyone confirm? -- JonathanHardwick

Disabled by Trojan "Bankash-A"

From CNET News.com on February 9, 2005: Virus writers have created a malicious program that can disable Microsoft's new anti-spyware application, security experts warned on Wednesday. Antivirus experts, who are calling the Trojan "Bankash-A," say it is the first piece of malicious software to attack Windows AntiSpyware, which is still in beta. "This appears to be the first attempt yet by any piece of malware to disable Microsoft AntiSpyware," Graham Cluley, a senior technology consultant at Sophos, said in a statement. "As Microsoft's product creeps out of beta and is adopted more by the home user market, we can expect to see more attempts by Trojan horses, viruses and worms to undermine its effectiveness." -- UpRising

Distinguish user opening of JS files

Why does MS antispyware ask me whether to allow a javascript file to be opened in notepad? It should have some integration with SP2 like, distinguish internet downloaded files and then ask.

Perhaps the primary issue here is the integration with Group Policies and ability to distribute within Enterprise. This product is primarily aimed at home users. It is a decent product, and for a home user shines in notifications of system changes. Those same notifications are at the heart of Enterprise scripting and workstation configuration, so there is an issue there. Also have noticed that software installation is hindered, one needs an adminstrative overide. Also have noticed a timing issue on logins where sometimes login scripts will run, other times they will be flagged. (vbscript in GP's) So it is a great start, but needs work.

Ease of use

Integrate the update system with WindowsUpdate.

"Flying Toast" bug

1. Have your taskbar on the right hand side and double usual width
2. Now perform a task that would induce a 'Toast' popup to occur
3. Watch the toast popup and fly away like a little bird

It goes up and keeps going till it disapears off the screen and does it quite quickly too. Anyone else having this prob? -dnrfan
Answer: Known bug that happens for any taskbar location other than the default, being worked on for the next release -- JonathanHardwick
Note: My taskbar used to be double height on the top and it popped up from the bottom with no trouble -- NeoTOM
Update: This should now have been fixed -- can anyone confirm? -- JonathanHardwick

Free or commercial product?

I can't help being curious whether or not Microsoft is going to offer this for free after the official release, or if it will be a commercial product. I can understand other companies charging for anti-spyware software, but I'm not sure it would be well-received if Microsoft did the same. Charging for this would be like adding insult to injury. And yet it seems that the issue is still open.
Answer: Per Bill Gates' announcement at the RSA conference, there'll be two versions: a free consumer version, and a commercial enterprise product -- Jonathan Hardwick

GUI

"Hide system tray icon" doesn't seem to work correctly. The icon comes back whenever you start a manual scan.
Answer: Known bug, being worked on for the next release. -- JonathanHardwick

Resets startpage to msn.com

It should be possible to define which webpage you want as your startpage in MS Antispyware, so it doesn't always change it to msn.com if some spyware/adware has changed it.
You could argue that it behaves the same way as spy- and adware, since it captures it to msn.com instead of about.blank, yahoo.com, kernel.org .
So, let the user define it :)

Trusted / Restricted Sites

I just added a site to the Restricted Zone in IE, and received the following popup:

		  Microsoft [AntiSpyware] has detected an Internet Explorer Trusted Site trying to be added.
		  Trusted Site: site-to-be-added-to-RESTRICTED-zone.com
		  Trusted Sites are web sites that you trust not to damage your computer. These sites 
		  automatically allow Internet Explorer to use lower security and will be allowed to run 
		  scripts, potentially dangerous ones, on your computer.
		  Advise: If you do not recognize this web site you should block this change request.
	

It is prompting me that I am adding to Trusted zone when I am actually adding to the Restricted zone.

Will not run as non-Administrator

If you try and run this as non-Administrator, it doesn't seem to pop up any notifications, and it doesn't run the app when you double click on the tray icon - it just gives a reasonably cryptic error message (103) that suggests that the app is corrupt and needs reinstalling. Using the wonderful sysinternals.com tools, it appears to want to write to errors.log in the C:\Program Files\Microsoft Anti-spyware directory, and to also make copies of what looks like the signature files, too.
Answer: Known limitation, being worked on for the next release -- JonathanHardwick

Tell users not to login as an Administrator

In the end, at least 1 application has to tell it to the home users. -- ZippyV

Enterprise features?

So we've been testing out MSAS here at my company since the beta came out and we've found it invaluable to prevent our wonderful users from shooting themselves in the foot with spyware. I just identified a couple issues this morning, though, that I'm HOPING will be addressed in the Enterprise version.

1. Looks like a scheduled scan won't run unless a user is logged on. BUMMER since we teach our folks to reboot when they leave for the evening so our admin scripts, WUS pushes, Symantec AV scans, etc. can run on their machines. Is this going to be addressed?
2. We want to be able to pre-populate what scripts are on the allowed list. MSAS is catching our logon scripts associated via Active Directory logon actions and, users being users, the MSAS popups are being ignored - thus leaving those scripts on the blocked list. Another bummer.

Then there are the obvious enterprise features like central management of all clients, centrally managed app and definition deployment, etc. Is there a timetable out there for when we might expect these features, and the Enterprise version itself, to be released? Thanks! -- NateDawg
Answer: there's no timetable yet for the Enterprise version, but there's a VERY high level of interest so I'm sure they're working hard on finalizing their plans :) -- JonathanHardwick

Huge errors.log file?

I found a file "C:\Program Files\Microsoft AntiSpyware\errors.log" that is 260MB and growing daily. Google reveals others have this problem as well, some even reporting 2-4 GB errors.log files. What is being logged so vigorously to warrant a log file of this size? As of right now I'm still trying to find a file viewer that will play nice with it to view the contents, everything I've tried so far hangs indefinitely when trying to open it. -- rwessen

False Positive: INNO Setup Uninstall Files (unins000.exe)

The ~April 21, 2005 update identifies three INNO Setup uninstall files ("unins000.exe") for Peer Guardian 2, GrabIt, and even SpywareBlaster as "high threat".

		  Spyware Scan Details
		  Start Date: 4/22/2005 3:11:44 AM
		  ....
		  High threat - ....
	

		  Infected files detected
		  c:\program files\sys internet\peerguardian2\unins000.exe
		  c:\program files\sys multimedia\grabit binary reader\unins000.exe
		  c:\program files\sys_security\spywareblaster\unins000.exe
		  ....
	

Also note that MS AntiSpyware does not have a mechanism for end-users to report obvious false positives, just one for vendors. -- BillR

Dell MyWay Not Identified as Adware / Spyware

Why isn't the MyWay Search tool pre-installed by Dell identified as a low level threat and removed by MS AntiSpyware? It clearly tracks user behavior and is far from the easiest item to permanently remove. (I'm sure the cozy relationship between Dell -- which has only sold MS Windows for many years -- and Microsoft couldn't possibly have anything to do with this!) -- BillR

Tracking Cookies Not Detected

I would like to see MS AntiSpyware find and remove tracking cookies. These cookies track your internet usage statistics and sends them to 3rd party sites. I've used other anti-spyware programs that are able to find such cookies by checking the domain the cookie is from against a known source for tracking cookies, such as DoubleClick.com, adtmt.com, and Gator.com. This list could be updated along with the spyware definitions file or the user could specify what cookies should be removed. --The J

Claria Spyware now set to 'Ignore' as default action

It seems that in recent definitions, Claria's Spyware is detected, but the default action is set to 'ignore'. I realise that Microsoft are in talks to buy Claria - but 'downgrading' the default action will not gain Microsoft many Kudos points - quite the opposite! This decision is wrong, Claria's spyware is notorious in the computing world, and the default action should be set to Remove.
Obvious spyware should be set to 'Remove' by default - Claria's spyware is a prime example. People need to know that Microsoft's AntiSpyware can be trusted to identify whatever Spyware is on their system, and recommend the appropriate action. This action, should not be determined by what companies Microsoft acquires, does deals with, or is generally 'in bed with'. -- BG

Build in a basic 'policy' on default actions

How about bulding in some kind of basic 'policy' feature, so users can choose between:

Strict: Sets the default action to 'Remove' for ANY detected spyware, regardless of it's threat level.
Default: Sets the default action based on Microsoft's assesment.

This choice should be presented to the user during setup, allowing those more concerned about their privacy than others to select the stricter option.
-- Badgerguy