Fighting Spyware: Microsoft To The Rescue?

Independent players that have made Windows more secure could suffer

Spyware -- software installed on your computer without your knowledge or consent -- has overtaken viruses as the biggest security threat facing Windows computer users. With diligence you can avoid virus infection. But just a visit to the wrong Web site can load your PC with software that changes your browser home page, spews ads, or even steals passwords.

Microsoft's (MSFT ) decision to jump into the fast-growing market for anti-spyware utilities is ironic. Spyware took off mostly because a multitude of flaws in Windows and the Internet Explorer browser let the bad guys sneak nasty software onto PCs. Windows XP Service Pack 2, last summer's overhaul of Windows, helped, but it didn't cure the problem.

The new Microsoft AntiSpyware is available in a test, or beta, version, for free download. It's a hastily repackaged version of a program acquired in Microsoft's December purchase of Giant Company Software. It looks like a solid program, though security software is hard to assess without detailed technical analysis. It's more user-friendly than the leading free anti-spyware products, Lavasoft Ad-Aware and Spybot Search and Destroy, and it does a good job of telling you what it's doing and why. For example, if you install the Google (GOOG ) Toolbar, it notifies you that a new program changed browser settings but was allowed to because it is known to be safe.

THE MICROSOFT PROGRAM DIFFERS from most others by not raising alarms over "tracking cookies," small files that can let Web sites monitor your browsing activity. The handling of these cookies is controversial because they can steer you to information you want -- or pass personal data to third parties without permission. But you don't need AntiSpyware to manage them; you can just set preferences on your browser.

For the most part, Microsoft has resisted a temptation it often succumbs to -- making its products promote other company offerings. But if spyware hijacks your IE home page, AntiSpyware will reset it to The program only protects IE, not other browsers. And it tries to make sure that the copy of Windows on the PC is properly licensed, an action that adds awkward steps to the installation and does more to protect Microsoft than consumers. Product manager Paul Bryan says these features may change in the course of testing.

Even if the program improves, I have serious qualms about Microsoft's entry into the security market. The company says it has not yet decided whether it will give AntiSpyware away or charge for it. Making it free would help Microsoft promote its goal of helping consumers protect their machines.

On the other hand, giving it away may not be good for overall security. Windows would be a lot less secure if it weren't for the independent software makers that have made a business out of cleaning up Microsoft's messes. Big diversified players such as Symantec (SYMC ) and Computer Associates Inter-national (CA ) and spyware specialists such as Webroot Software and Sunbelt Software all could suffer if Anti-Spyware is free. Just by entering the market, Microsoft "could freeze any kind of spending of risk capital on Windows security," warns Gregor Freund, CEO of firewall publisher ZoneLabs (CHKP ), a unit of Checkpoint Software Technologies. (CHKP ) And once Microsoft achieves dominance, it often stops innovating, as it has with IE.

For now, however, the important issue for consumers and businesses remains protecting their PCs. First, make sure Microsoft's Windows Update is turned on. (Mac OS X users should make sure automatic software updates are enabled.) You should run both anti-virus and anti-spyware software and check that the programs are kept up to date. In an ideal world, software would be inherently safe against spyware and other threats. But that's not the world we live in, and it's not one we are likely to see anytime soon.

For a collection of past columns and online-only reviews of technology products, click here

By Stephen H. Wildstrom

    Before it's here, it's on the Bloomberg Terminal.