Here's a test for you. There's been some discussion of providing the
equivalent of an EICAR test for Microsoft Antispyware, and I have hopes that
something like that will be provided for the beta2 product.
In the meantime--here's a harmless test which still works at this writing
and 5757 definition levels:
Go to a command prompt in the Windows or WINNT folder, depending on your
Windows version.
md winlogon.exe <enter>
i.e. create a subdirectory called "winlogon.exe" (this is a real-life
example--an antivirus product uses this technique to "innoculate" against a
particular bug.)
Watch what happens. You can choose allow or remove, neither has any useful
effect. Don't choose always ignore unless you want to go looking for the UI
to reverse that which is an an oddball location.
Simply RD winlogon.exe to get rid of the alert(s.)
This doesn't really answer your question, except to show you what a genuine
alert about a known threat looks like.
Microsoft Antispyware continues to score at or near the top of the list in
comparative reviews against comparable products. There's been a lot of
change in this market of late, and it'll be interesting to see a good
comparative review in say January of next year, maybe.
There are posts daily here which lament the fact that Microsoft Antispyware
hasn't found anything on a given system, while xyz antispyware finds
something new daily. Alan has given the answer which is most frequent when
xyz is a reputable program--say Ad-aware or Spybot Search & Destroy.
There's a problem with false positives in antispyware programs. Every
program has this problem, but some of them exploit it to make themselves
look better. Generally, these end up on Eric Howes list of rogue
antispyware apps, and we can discount their results. Since this is a hotly
competitive field, with no long-term industry information sharing (unlike
the antivirus field)--there are no accepted definitions for a given
threat--vendors differ, both in what they detect, and how a given threat is
defined.
Yes--it does detect things--they collect the results via Spynet for about
(half??) the installations? It'd be nice to have somebody quote some of
those results for this beta--I think we'd all be impressed at what's been
accomplished in terms of cleaning systems.
Like you, I almost never see anything "real"--but I'm pretty much a nose to
the grindstone sort of guy--don't venture out of the beaten path much, and
the offices I work with seem to be similar. Lots of folks in these groups
do see useful cleaning and write in about it daily, though.
--
