Failing Grades For Most Anti-Spyware Tools 517
serbach writes "Steve Gibson posted this link to a superb test of about two dozen top Anti-Spyware programs: Eric L. Howes conducted the test over a two-week period in October. The results surprised me: only 3 ASW programs had a 'batting average' of better than .500 when it came to eradicating the broad range of spyware in the test. Freeware star Spybot Search & Destroy came in a distant 7th with an average of only .376. The top three? Giant Anti-Spyware, Spy Sweeper, and Ad-Aware. These test results are well worth your time."
Ars Report (Score:5, Informative)
http://arstechnica.com/reviews/apps/spyware-rem
Spyware (Score:3, Informative)
My reccomendation is firefox or mozilla or even opera if you prefer it.
I do however note that if you take a clean system and then visit msn.com, then run spybot etc you will find that there are little evils that appear on your system.
It now appears that the best option is to wave goodbye to MS if you can. Pick a nice linux distro (eg Ubuntu or whatever suits you) or even MacOS X and feel that little bit safer.
Re:none here (Score:5, Informative)
Re:Ars Report (Score:1, Informative)
Ad-Aware Rules (Score:2, Informative)
Makes most machines usable again, and quickly.
And if they fail... (Score:5, Informative)
http://www.spywareinfo.com [spywareinfo.com]
It's arguable that they're the biggest antispyware site out there, and if nothing else, they can get the CoolWebSearch strains that even Ad-Aware and Spybot can't get (real-yellow-pages, linklist, et cetera).
(Disclaimer: I'm a Trusted Advisor there.)
Re:none here (Score:3, Informative)
Re:none here (Score:2, Informative)
Spyware tips I've picked up (Score:5, Informative)
I run a small IT consultancy, and nearly every internet connected PC we work on has a significant spyware infection on it. It's not only our job to remove it, but to prevent it coming back. The things that I've noticed after fixing a lot of problems:
This won't stop everything by any means, but it slows down reinfection. End users need to change habits - reading EULA, not just clicking OK, using passwords - but this isn't something you can do with a couple of hours work, so people aren't willing to do it. I have no solution to that problem.
Re:Personal experience with anti spyware tools (Score:4, Informative)
An ounce of prevention worth a pound of cure (Score:5, Informative)
Re:Mac + Firefox = ok? (Score:2, Informative)
Talking of Java.... (Score:3, Informative)
Re:Spyware tips I've picked up (Score:5, Informative)
I should ad (hoho) that one major advantage of Spybot S&D is that you can schedule it to run quietly in the background... this just isn't possible with any of the other free tools. The command that does it:
spybotsd /autoupdate /autocheck /autofix /autoclose /autoimmunize /taskbarhide
There are other tools that help massively with spyware. As a consultant, it's equally important to understand the ways and means spyware gets onto the system, so that you can prevent and cure effectively, and respond to new spyware before the automated tools do it or before it appears on the many forums.
Comment removed (Score:5, Informative)
I am intrigued by you ideas and wish to subscribe. (Score:1, Informative)
No mention of CnsMin? (Score:3, Informative)
Even starting in so-called 'safe mode' won't stop it. You have to boot with a CD and erase it manually.
The people who wrote it are 3721. something, and a link to it even appears on the default Chinese search page. In theory it just allows for Chinese name searches, but in reality does much more.
You have been warned - please don't visit the site.
Re:none here (Score:2, Informative)
Re:It's interesting (Score:2, Informative)
>in a loan shark and any sort of investment
Sorry about going off-topic, but - Not really.
INTEREST
--------
When you loan an amount on INTEREST, you always make a profit. The more money you have the more profit you can make. The rich get richer - faster.
Invest
------
When you invest that same amount in a business, you can loose that money. You cannot sit on your ass all day and hope to make money. You are doing actual work. Or you might be motivating people to work. If you dont, you loose your money.
So, in an INTEREST based economy, there is no production and people get fatter. In an investment based economy, people are working hard, and hence healthier. The INTEREST would certainly make that economy have more $$$money$$$ on fiscal records, but amount of money isn't everything, when health is being sacrificed.
Moral - You just gotta work hard for your money. If you don't its only bad for you.
Re:Mac + Firefox = ok? (Score:2, Informative)
Most Mac users aren't plagued by viruses, trojans or spyware simply because there isn't much of that stuff around for the Mac platform. This is for several reasons. One is that Macs still only represent about 5% of the computing world. Another is that Mac OS X has a better security structure and default security settings than the dominant OS. Another reason is that many Mac users are the type of people who simply don't put up with installing crap on their computer, and see no reason to install useless free junk. Mac users typically want to actually use the computer to get something done. It already looks pretty, why mess with that?
If your physics professors are the only people using their computers, they must not be staying on legitimate physics and news websites. Something must be out of the ordinary for them to be contracting spyware. To get spyware you have to download some software, either manually or through a bug in the browser. Your typical website catering to educators isn't going to allow that sort of automatically installing code on their website. These professors of yours must be straying off the reservation at some point, or getting it through email attachments, or quite possibly a worm.
Firefox could possibly help them if you start with a clean system, but if they are actually going out and downloading FREE ANIMATED MOUSE CURSORS!!! they will need some re-education on how to keep their computer safe. Mac + Firefox would be a vast improvement, but unless they were restricted from installing any software (yes, this can be done) they will eventually get themselves in trouble. For general web browsing it is definitely a much more secure environment, but only if you know not to do something stupid. Java is certainly more secure when using Firefox on either platform, since you aren't using the buggy MSJava implementation.
Don't stop at replacing IE with Firefox. Outlook/Outlook Express is just as bad. Apple Mail is very nice on the Mac, but Thunderbird also works, and of course is cross-platform. And none of this is going to be very effective on Windows if you don't have a solid firewall to go along with it, and anti-virus software. On the Mac, turn on the built-in firewall to increase the already decent security.
Re:It's interesting (Score:3, Informative)
Last Friday I went over to my cousin's house and cleaned her computer. (Can't quite get her to switch to Linux... yet.) Took all evening, and I finally had to boot into DOS and remove some files that way. One of them called "Wintools" had even set the 'hidden' and 'read-only' attributes, if I hadn't remembered 'attrib' I'd have had to wipe the thing and reinstall.
One of them had screwed up shutdown; it would freeze and she'd have to power-cycle, invoking a scandisk the next time. I don't know if it was intentional (to encourage the user keep the system running) or just crap programming, but either way the damn things could *not* be uninstalled without major surgery.
Here's what I do (Score:3, Informative)
I use Bart's PE Builder [nu2.nu]. In a nutshell, it's a bootable cd with a Win32 network, disk (with native NTFS support) and GUI API load. The best thing is that it's built using actual Windows dll's and the like. Of course, you have to have a copy of XP or Server 2003 to built it, and it may not be strictly within Microsoft's licensing agreement to use their IP in this fashion, but that doesn't bother nor stop me.
Anyway, there's a native Ad-Aware plugin for BartPE, and I've hacked together a Spybot S&D plugin, as well. My usual proceedure is to boot the system with my cd, run AAW & S&D to clean up files on the hard drive. Then, I boot from the hard drive into safe mode with networking support, install the latest versions of AAW & S&D, and run them again. This cleans the registry as well (which unfortunately I haven't figured out how to do under BartPE... yet). This method has worked well in situations where the system is so infested I can't start from safe mode.
Part of the problem is that even with the proliferation of anti-spyware programs, often to completely eradicate these nasties, manually crawling for files and registry entries may be necessary. At least for the forseeable future I don't see this becoming a fully automated task.
Online encounters (Score:2, Informative)
When it transfers itself to an EU citizen's PC and runs in the background collecting information it is acting within the EU. The EU could conceivably extradite the people responsible for this and try them as crimes have been comitted in the EU as surely as a cracker gaining illegal entry to an EU government computer from a terminal in the US has comitted a crime.
A couple of utilities I've found usefull (Score:3, Informative)
1. LSP Fix [cexx.org]. This program will let you see what dll's are embedded in your TCP/IP stack. Most of the time it will even detect stuff that's not supposed to be there, but you do have the option to override its judgement. Spybot S&D also has the ability to look into the stack, but you can't use it to remove offending modules, nor see their actual dll filenames.
2. Winsock XP Fix [spychecker.com]. This nifty little utility will basically reset all registry settings for the stack back to what they're supposed to be. This is usefull if some nasty has totally trashed the stack on its way out the door. It would also appear it works on earlier versions of Windows (certianly Win2k) but I've never tried it on anything but XP.
I used to joke that as long as people break their computers I'd have a job, but there are times when the spyware thing really drives me up a wall...
Just my two cents... (Score:1, Informative)
Some trojans/virus/spyware programs like to run two copies in memory. When you try to axe one, the other respawns the process.
Pstools will handle this. Pskill run from the command line with an ampersand (&) seperating the command lines will run a kill on two processes fast enough in most cases to kill them both before a respawn.
If it doesn't, start a pretty big file copy process to slow the system and rerun the pskill commands. This is usually enough to kill anything I have run across in memory.
Re:An ounce of prevention worth a pound of cure (Score:2, Informative)
Browse through some of the other tools too. Some of them are pretty slick.
SINGLE BEST SOLUTION (Score:5, Informative)
You need another ounce... (Score:2, Informative)
Re:It's interesting (Score:5, Informative)
Its in just couple of Limewire 3.7.2 beta and 3.7.3 releases for mac. When they figured mac forums getting reports, they immediately pulled it from installation.
I am one (c) freak guy using all original dvds, cds, programs etc. Its really funny I got infected with spyware because of Limewire I mean...
I left a friend alone with my Mac G5, knowing my root pwd and I really didn't think he could be THAT GOOD on macs or forgot how easy macs are used
Guy installed limewire to get a rare mp3 he likes and boom, I had java asking permission to connect at morning (netbarrier running here)
What drove me nuts is, I am one of the FIRST guys figured TopMoxie on Win32 and alerted press (Wired etc) about it.
They figured mac users are aware of what that thing does and pulled it.
here is a forum posting for you, on a real popular mac website.
http://forums.macnn.com/showthread.php?s=&threadi
About Top Moxie? Oh man, that thing was more evil than satan... Can't imagine how much money went to wrong hands instead of non spyware legit referrers of Amazon.com etc.
http://www.symantec.de/avcenter/venc/data/adware.
Looks like Symantec analysed a recent version. That thing is written by very advanced java authors itself, read: Limesoft. It was first bundled with Limewire/Windows and OS integrated firewalls like Symantec firewall AUTOMATICALLY granted ALL rights to it since it was using SIGNED Microsoft JView to run. So, Jview, signed app, you get alert from firewall which RECOMMENDS to enable access since its signed microsoft system part.
Understand the trick? Since its SAME trick used on Limeshop/OS X
Oh it did one "cool" thing on windows...:) You know there are poor coders, freelance authors etc making money to run their sites via referring books,cds from amazon etc? It rendered such URLs (childs toy to get current url from IE) and REPLACED it with some limewire referrer.
Looks like they changed that attitude since Amazon and major, LEGIT referrers threatened a lawsuit against them.
We _must_ keep an eye on that Limeshop and TopMoxie, especially Java fans and developers. This is one cool(!) and evil way to unleash Java "run anywhere" potential. As its written in java, imagine 1 year later we speak about J2ME (java micro edition) spyware which is installed to Cell Phones, PDA's and Nokia, Ericcson give option to their customers to DISABLE Java via firmware.
Or lets say, you see people bragging about Linux,BSD is free of Spyware? It can easily change with that java sneaky thing.
Re:Terrible Review (Score:2, Informative)
It is the one piece of software i've found that gets rid of everything i throw at it. On my client's machines, I used to run adaware and spybot, and then spysweeper if there were still popups. Now i just run spysweeper from safe mode once and it's all taken care of.
Re:It's interesting (Score:2, Informative)
If you look at that macnn forum topic I referenced, you will see another "Adam" promising it was pulled from installation. Notice he and all guys speak about 3.7.x versions.
Now, its 4.x level and some of builds got Limeshop installed.
It can give a clue about their tactics. I am expecting a Limewire corp post in reply to my post REAL SOON btw.
Seems they dig web and sites like slashdot for words "limewire" and "spyware" and reply with non honest comments as stated above.
sorry replying to my own post, I had to inform any OS X users out there...
Re:It's interesting (Score:4, Informative)
This line of reasoning is absolutely misleading. With any loan there is a significant possibility of default. Profit is not guaranteed, and the interest provides economic motivation for people with surplus cash (the "rich") to loan money to people who need it.
Furthermore, this completely ignores the benefits that the borrower obtains from loaned capital. The ability to leverage money not your own is incredibly powerful, though not without significant risk. You can borrow funds to invest in a business or real estate, and done properly you have a good chance of making yourself quite a bit more wealthy. In many cases your return will far outstrip that of your lender.
By any measure, buying stock in a company is investing in its future growth potential. The average shareholder can do very little to guarantee this return except sit around all day. Further complicating this worldview is the notion of "investing" in the bond market, which essentially involves purchasing shares in interest-bearing loans.
Delve deep enough, and you get to the core concepts of capital, investment, and return on investment. What you are essentially suggesting is that one kind of ROI is "bad" (interest) while others are "good" (dividends earned through hard work). While this is an intriguing premise, there is no logical method of obtaining this conclusion.
It should be noted that much of the utility of wealth lies in its ability to let you choose to work hard only for the things you want to. There is no great benefit in suggesting that hard work itself is moral; people can and do work very hard for extremely selfish or malicious purposes.
Re:Spyware tips I've picked up (Score:4, Informative)
http://www.jankratochvil.net/project/captive/
Knoppix can find the needed DLL's and mount the drive as RW. It isn't 100% guaranteed safe, but when the system is already damaged it is definately worth a shot.
I've used it once to move data to a second drive for a customer and it worked flawlessly.
Out-of-control (Score:3, Informative)
Very nearly 100% of the computers I touch are infested with slimeware. Running several commercial apps will clear most of the crap that is found but one or two apps seem to come back within a day or two (even if the user claims that they have not been on the internet). It has gotten to the point where I actually believe some of them!
I've found that what seems to be happening is that the slimeware distributors are playing a little versioning game. As soon as the major spyware removal tools are able to kill a specific version of slimeware, the slimeware authors make a new version that they then distribute.
It takes time between the release and the time that the spyware removers catch up and in the meantime, it is up to people like me to figure out how to clean up the mess. I am pretty hard-nosed and will spend a couple of hours searching the registry, booting from CD and deleting files and that kind of stuff to kill off the slimeware. Others who do similar jobs just re-image the machines. Soves the problem faster but I don't think the users are quite as happy. They have to reconfigure the machine to how they like it and there is always the risk of lost data.
I'd love to see these purveyors of filth in prison. Many of them serve up porn and put it on kids machines! They are guilty of a crime every time this happens. Why can't we do something?
Anyway, I don't blame the spyware removal people for these setbacks. They work hard to keep up but just can't.
Im my dreams, I dream of a single tool that sits on the desktop and checks for viruses, slimeware, spam, and other threats and inconveniences. I'd like the tool to be able to be programmed to block access to various applications and websites too. I'd like the same tool to have some sort of "safe recovery" feature that allows me to move back in time to a stable configuration that would not delete data.
These are just dreams but will someone somewhere please make my dream come true? Corporate IS departments everywhere would thank you with money from their budget!