The most notable additional feature is the use of
'real-time protection.' In a fashion similar to the way the Zonealarm firewall
and several other products monitor software attempting to perform restricted
operations on your computer, the Microsoft antispyware beta uses 'security
agents' to monitor areas of your system which are traditionally vulnerable
points for spyware and malware access. These three agents (Internet, system and
application) each cover a set of checkpoints comprising the vulnerable areas in
each of their zones of responsibility.
The Internet agent covers modem and WI-FI connections (including notifying you when
a new user connects to your wireless network), prevents changes to TCP/IP, DNS
and proxy settings, and stops processes from activating the windows messenger service,
among other protective aspects.
The system agent protects crucial system files from being changed, prevents
malicious files from being added to the boot procedure, and a variety of other
The application agent prevents alterations from being
made to Internet Explorer (one of the primary vectors for malware and
browser hijackers) and monitors system processes.
When an agent encounters a situation that requires user intervention, it pops
up a system tray notification similar to that seen with Zonealarm or the Windows
XP Service Pack 2 firewall, requesting that you block or allow the event in
question. We ran into this service almost instantly upon installing the
antispyware beta on our first test machine, an older Windows 2000 laptop known
to be infested with spyware. The Microsoft beta popped up a window
informing us that the messenger service was active, why this was a bad thing,
and prompting us to deactivate it, which we allowed it to do.
In total, 59 checkpoints are enabled by default. Each of these can be
activated or deactivated individually, and you can view all events that each
agent has blocked.