|
We guarantee your privacy: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy 
|
|
INTRODUCTION — news about your newsletter Readers cover the globe In our Jan. 13 issue, we asked our readers to update their preferences page and let us know what country they're in. This month, more than 10,000 of our 145,000 subscribers entered their location for the first time. An unknown additional number updated an old location to a new one. More than 60% of our subscribers have now provided a country name on their preferences page. We're impressed with the responsiveness of our fellow Windows users. Even more exciting is the fact that our readers tell us they reside in 159 countries worldwide. (Compare that with 191 member states of the United Nations.) It helps us get through our day when we realize we're providing Windows Secrets to 45 subscribers in the United Arab Emirates, 106 in Vietnam, and so forth. We doubt that many readers are fibbing about their locations. We said we'd use the data to help us decide in which cities to give free seminars in 2005 or 2006. So there's no incentive for a reader to pretend to be in some exotic locale. The bulk of our readers — 93% — are in the world's four largest English-speaking countries: the United States, Canada, the United Kingdom, and Australia. That makes sense, since 89% of the world's native speakers of English who use the Internet reside in those four places, according to figures from Global Reach. This is illustrated by the following chart, comparing the makeup of our readers and all English-speaking Internet users:
[Note: The percentage of ESI users in Canada is actually 6.8% and in the U.K. 11.8%. This error was corrected in our Mar. 24, 2005, issue. — Ed.] Our readers in the U.S. are slightly more numerous than the worldwide ratios would suggest (about 13 percentage points more numerous). But we expect to add more subscribers across the globe as the word gets around. We're aware, of course, that 64.8% of the world's 800 million Internet users don't speak English as their primary language. (After English, says Global Reach, the largest native languages of Internet users are Chinese, Spanish, Japanese, and German.) We don't publish the Windows Secrets Newsletter in those other languages yet, but hey — who can predict? Winners of our travel radios We promised in our last issue to give away several sets of travel radios with rechargeable batteries and a universal/world recharger. The prizes were awarded to 25 Windows Secrets readers who were randomly selected from among those who specified a valid country name on the preferences page. At press time, the following are the names of the winners who've e-mailed us back so far to accept their prizes:
Our thanks to everyone who helped us get a better understanding of our readership. Stay tuned for more new stuff to come. —Brian Livingston, Editor ^ |
 Windows Secrets Newsletter Issue 46 — 2005.01.27 • Readers cover the globe • Top Story: Anti-adware misses most malware • Security Baseline • Index of Reviews • The secret life of Windows XP versions • A look at XP Home and Pro product versions • XP expands into new markets • Prevent yourself from becoming an Internet statistic • "Digital rights management" is turned against users • Drag and Drop vulnerability still affects "patched" IE • Dealing with the death of a computer • January patches included IE patches. Not! • Windows AntiSpyware beta hoses Media Center • Special Report: The best way to patch • Devices rechargeables aren't ideal for • Surf without a firewall using dial-up? • Backups: your last line of security defenses • Wacky Web Week • Useful Links NEWSLETTER CONTROL PANEL • Windows Secrets home page • How to subscribe • Change your delivery address • Change your preferences • Access past free issues • Access past paid issues • Submit a Windows tip • Get subscription help • How to unsubscribe CIRCULATION: over 145,000 |
|
TOP STORY — info you need to make Windows work Anti-adware misses most malware By Brian Livingston Now that 80% of home PCs in the U.S. are infected with adware and spyware, according to one study, it turns out that nearly every anti-adware application on the market catches less than half of the bad stuff. That's the conclusion of a remarkably comprehensive series of anti-adware tests conducted recently by Eric Howes, an instructor at the University of Illinois. Howes, a well-known researcher among PC security professionals, collected 20 different anti-adware applications. He then infected a fresh install of Windows 2000 SP4 and Office 2000 SP3 with several dozen adware programs in separate stages. Finally, he counted how many active adware components were removed by each anti-adware product. (Note: I use the single term "adware" in this article to refer to both "adware" and "spyware." Since it's not necessary for a spyware program to "call home" to be disruptive, the distinction between adware and spyware is meaningless. All such programs display ads or generate revenue for the adware maker in some other way. ) Howes's tests were conducted over a period of weeks in October 2004. His results were mentioned at the time in several places, including Slashdot and eWeek. Unbelievably, however, none of these commentators bothered to print a simple chart showing which anti-adware application did the best job at removing the unwanted components. Even Howes himself hasn't posted such a summary. In a telephone interview, Howes exhibited both modesty and perfectionism, implying that his work wasn't yet done to his satisfaction — despite the fact that his tests are some of the most extensive I've ever seen. Howes's test results sprawl over six long Web pages, with no overall totals or summary of the figures. It's a daunting body of data, but its bottom line is explosive. Adware seems to be evolving much faster than anti-adware, and the battle is so far being won by the adware side. For this issue of the Windows Secrets Newsletter, therefore, I've complied Howes's figures into a straightforward chart, shown below. I removed five products that didn't complete all of Howes's tests for a variety of reasons. What's left is a revealing rating, from the top to the bottom of the anti-adware heap. Each anti-adware application, according to Howe, removed a certain percentage of "critical" adware components. These are executable .exe and .com files, dynamic link library (.dll) files, and Windows Registry entries (autorun commands and the like). Almost all the anti-adware programs that were tested removed fewer than half of the hundreds of adware components Howes cataloged. The best at removing adware was Giant AntiSpyware, but even that program removed less than two-thirds of a PC's unwanted guests. Giant AntiSpyware catches 63%, tests say Howes's tests were conducted before the Microsoft Corp. announced in December that it was purchasing Giant Company Software outright. For that reason, the tests use the version of Giant AntiSpyware that was available in October and not the newer Microsoft beta version that's currently available. Even so, with Giant's application removing 63% of a PC's adware components, and its nearest competitor, Webroot Spy Sweeper, removing less than 50%, it's clear that Microsoft has a potential winner on its hands. In the following table, which was reviewed by Howes himself before its publication here, the Adware Fixed column represents the percentage of critical components successfully removed, not just detected, by each product (higher percentages are better). The False Positives column shows the number of benign Windows files that were incorrectly reported by a product as adware (lower numbers are better):
Howes didn't test the anti-adware programs in the above list against a program called CoolWebSearch (CWS). This little bugger mutates every few days, it seems. CWS actually requires a completely separate anti-adware program, CWShredder, which is constantly evolving along with the nuisance. This is explained in more detail later in this article. The fact that anti-adware products fail to remove all or even most adware components has been an open secret among security professionals for some time. For this reason, tech writers often say, "You should install two different programs and run both of them for maximum protection." To test this assertion, I compiled Howes's raw data into a new table showing the removal rate of the best app, Giant AntiSpyware, with every other tested product. According to this analysis, combining Webroot Spy Sweeper with Giant AntiSpyware did the most to remove unwanted components. But the combination of the two apps increased Giant's 63% success rate only 7 percentage points, to 70%:
Finally, the computer press often recommends that the two anti-adware products that should be used together are Ad-Aware SE Personal and Spybot Search & Destroy. That preference may have become the conventional wisdom because both of these products have low-end, freeware versions. PC World, PC Magazine, and other publications have recommended this combination as recently as June and August, respectively. Ad-aware and Spybot may have been a great combo back then. But adware apparently moves much faster than these two companies do. According to Howes's data, the two programs together barely removed half the adware components on an infected PC:
I found no combination of any two anti-adware programs that removed more adware components than Giant AntiSpyware and Webroot Spy Sweeper, based on Howes's data. Removing only 70% of adware, unfortunately, isn't good enough. A much better strategy is to prevent adware from getting into your systems in the first place. I'll cover that next. How to defend yourself against adware First, let me make my opinion clear: The installation of adware should be illegal and harshly punished. Adware has exploded because it offers big economic incentives for its sponsors. They'll never adequately inform PC users about their software before it's installed. This troubling aspect of adware will never be wished away. Only software that a PC user specifically consents to should legally be able to install — and "end-user license agreements" that stretch off the screen should never be counted as consent. (This isn't a knock on "ad-supported software," such as the Opera browser. Such legitimate software is clearly integrated with its advertising and makes it easy to shut off the ads by registering.) In reality, today's tech-illiterate legislatures will never ban adware — if they could even think of an effective legal approach to do so. We need to engage the battle on a technical level instead. To understand adware, you first need to know how PCs get it. The ways that Howes obtained the adware he used in his tests provide us with some perfect examples:
The underlying reason that adware has compromised the entire Internet is that there's big money to be made. The best analysis of this I've seen is by Benjamin Edelman, a Harvard Law School student. He's documented almost $140 million in recent investments by Silicon Valley venture capitalists in just four of the largest adware makers. See list of adware angels For those who are interested in deeper research on adware, links to Eric Howes's raw data on his comparative tests are posted on his anti-spyware testing page. To send us more information about adware, or to send us a tip on any other subject, visit WindowsSecrets.com/contact. You'll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print. ^ THE SECURITY BASELINE — the minimum you need for safe computing Introducing the Windows Secrets security baseline Every PC needs the following six components for protection against hacker attacks, both from the Internet and from within your company or home. In each issue, starting today, this new section will summarize the products top-rated by trusted reviewers. 1. Hardware firewall. For wired home and small-office networking, the 8-port Linksys BEFSR81 router ($80 USD) is rated "the best of our testing" by Extreme Tech. For wireless networking, the new Belkin Wireless Pre-N router ($150) is currently highest-rated at CNET. 2. Software firewall. Often called a "personal firewall," ZoneAlarm Pro ($40) is number one according to several testers, including TopTenReviews.com and PC World's Best of 2004. 3. Antivirus. Trend Micro's PC-cillin Internet Security 2005 antivirus suite ($50), which includes a personal firewall, recently won head-to-head comparisons in PC World and CNET. 4. Antispam. Cloudmark Safetybar ($40, formerly SpamNet) is rated a Best Buy by PC World and Editors' Choice by PC Magazine. 5. Anti-adware. Giant AntiSpyware or Microsoft AntiSpyware beta, Webroot Spy Sweeper, CWShredder (use all; free or optional registration). See article above. 6. Update management. Without naming a winner (because update software is highly related to your network's size), a wide-ranging buyer's guide to patch-management software was published in the Oct. 2004 Windows IT Pro magazine. ^ FORWARDING INSTRUCTIONS — news gains value when it's shared Please share this information with your friends You're encouraged to refer your friends and colleagues to this free newsletter. Because most e-mail programs don't correctly display a formatted message that's been forwarded, simply call people's attention to the permanent Web address of this issue: WindowsSecrets.com/050127. INDEX OF REVIEWS — our directory of product shootouts The Index of Reviews In this section, we link to respected expert reviews of the best Windows-compatible hardware products available today. (Reviews of software products will be added at a later time.) Only head-to-head ratings of competing products — not individual reviews of single products — are indexed here. The links below lead to information from U.S. sources. For information from sources in other countries, enter the name of a reviewed product into a search box at one of the following links: Canada / U.K. / Elsewhere
HERE'S A TIP — you'll get a better newsletter if you choose the paid version You're reading the free version of the Windows Secrets Newsletter Subscribers to the paid version receive additional information in each issue. Some of the extras this week are:
Make a contribution to support our research into Windows and you'll immediately be able to read and search through scores of valuable articles. In addition, paid subscribers are entitled to download valuable content that we license for them at least once every calendar quarter. To upgrade, simply make a contribution of any amount that you choose If you do this by February 9, 2005, you'll instantly be sent the full, paid version of today's newsletter. To upgrade to the paid version of Windows Secrets, please visit WindowsSecrets.com/upgrade. Thanks in advance. ^ |
|
ELECTRONIC BOOKSHELF — new e-books from the editors
WACKY WEB WEEK — playing for you the Internet's greatest bits
USEFUL LINKS — more stuff that's good to know Is there a future for PCs? Purveyors of personal computer equipment poured into the 2005 Consumer Electronics Show, which only a few years ago was a desultory TV and radio equipment fair. Here's a look at a few award-winning ideas. (By Brian Livingston, Datamation) More info CES report and photo gallery This year's show took the cake for teeming hordes and hot consumer tech. We have complete reporting and snaps of the best new stuff. (By Paul Thurrott, SuperSite for Windows) More info New CD/DVD technology is a slow burn There's a new way to print visible information on recordable CDs or DVDs, and it might be just the thing for you if your business stores music, videos, or data on disc. The full story, however, turns out to be an interesting and cautionary tale. (By Brian Livingston, Datamation) More info ^ ABOUT YOUR SUBSCRIPTION — we're here to serve you The Windows Secrets Newsletter (formerly Woody's Windows Watch and Brian's Buzz on Windows) is published twice a month, except for breaks in July and December. The newsletter is published on the first and third Thursdays after Patch Tuesday (the 2nd Tuesday of each month, when Microsoft generally releases new Windows patches). Publisher: The newsletter publisher is WindowsSecrets.com LLC, 300 Queen Anne Ave. N. #456, Seattle, WA 98109 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editor: Brian Livingston is the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books. Associate Editor: Paul Thurrott is the author of Windows XP Home Networking and Great Digital Media with Windows XP and the author or coauthor of several other books. Contributing Editors: Susan Bradley, Chris Mosby. Research Director: Vickie Stevens. Program Director: Ian Maddox. Trademarks: Windows is a registered trademark of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Index of Reviews, Briefing Session, Windows Patch Watch, and Wacky Web Week are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. How to subscribe: Anyone may subscribe to this newsletter by visiting WindowsSecrets.com/signup. Our Ironclad Privacy Guarantee: (1) We will never sell, rent, or give away your address to any outside party, ever; (2) We will never send you any unrequested e-mail, besides newsletter updates; and (3) All unsubscribe requests are always honored immediately, period. Privacy policy HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter, Copyright © 2005 by WindowsSecrets.com LLC. All rights reserved. ^ |
