Anti-Spyware Products Don't Live Up to Promises 400
John Wells writes "In the December, 2004 issue of PC World, the author of an article titled Poor Defenders concludes that most commercial anti-spyware software is ineffective. In tests using a fresh install of XP and 6 typical spyware infections the commercial software failed to stack up against freeware competitor Spybot Search and Destroy. Four out of seven commercial products failed to remove any of the infections. One product even installed 57 spyware files itself! Conclusion: Use freeware products like Spybot and Lavasoft's Ad-Aware SE Personal."
not too comprehensive (Score:5, Informative)
many of these utilities use aggressive marketing tactics in pop-up ads, spam, and keyword ads appearing alongside Google search results
Though I suppose this is how they sucker a lot of people and some people expect results if they pay for a utility, I would probably do at least a LITTLE research before paying for any app like that. The thing is, I would hardly consider this "most commercial anti-spyware software." So as far as this "test," he might as well do an article about Virtual Bouncer and how it removed his parasites for him.
Why didn't he test something like Spy Sweeper [webroot.com] or Giant AntiSpyware [giantcompany.com]? Those are paid ones that I would probably recommend if someone did want to pay for a program. At least that way, people would see that not ALL commerical products are crap - it does almost sound like that.
But really, Spybot isn't even cutting it anymore, IMO. AdAware is still doing well, but I've actually been more impressed with the other two I mentioned above - worth a look if you haven't checked them out - both have free trials that you would have no problems doing a removal with.
Re:not too comprehensive (Score:5, Insightful)
I find running both of these and using the yahoo spyware blocker is pretty effective. The yahoo thing doesn't catch all of them but I notice the # found by spybot and ad-aware went down quite a bit after installing it. FYI, if anyone hasn't upgraded to 1.05 of ad-aware I recommend doing so. I found about 30 more spyware programs on my Mom's computer after the upgrade after scanning with the most up to date definitions on 1.03.
Re:not too comprehensive (Score:4, Informative)
The other great, untapped tool is BartPE [nu2.nu]. This is a bootable windows xp cd. You can have ad-aware, clamwin, mcafee, and f-prot all load up from a bootable cd where they can download internet updates, and scan a hard drive. You don't know how many times I have "cleaned" people's computers with ad-aware & spybot while booted into their windows os, but some spyware has built in functions to hide itself, so spyware keeps reappearing. Using bartpe solves that problem, you boot off of it first, get the really nasty spyware, trojans, and viruses out of the way, then you boot into windows and run ad-aware and spybot again to get whatever was left behind (usually registry entries).
But sometimes things don't co-exist well (Score:3, Interesting)
At the same time, these programs don't always coexist well together. I had to laugh (wince) when my Panda anti-virus program decided that Spybot was a potential threat and quarantined it. (I was using Panda mostly for the firewall, because I don't trust the built in XP firewall capabilities). Sometimes these apps just are unknowing about one another, and seeing something out of place, they want
Re:not too comprehensive (Score:2)
Re:not too comprehensive (Score:2, Funny)
Re:not too comprehensive (Score:4, Interesting)
Re:not too comprehensive (Score:4, Interesting)
Re:not too comprehensive (Score:2)
Virus alert.
TROJ_ONECLICK.A is detected on DESK032963(MJones) in XXXXX domain.
Infected file: C:\Documents and Settings\mjones\Local Settings\Temporary Internet Files\Content.IE5\GLE
Re:not too comprehensive (Score:2)
Similar findings with McAfee VirusScan 8.0 as well.
Re:not too comprehensive (Score:3, Informative)
Re:not too comprehensive (Score:4, Informative)
And when I click on the link to his story, I get "Firefox prevented this site from opening a popup window. Click here for options..."
Coincidence? I think not...
Rogue Spyware Cleaners (Score:4, Interesting)
"Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.
Some of the products listed on this page simply do not provide proven, reliable anti-spyware protection. Others may use unfair, deceptive, high pressure sales tactics and false positives to scare up sales from gullible, confused users. A very few of these products are either associated with known distributors of spyware/adware or have been known to install spyware/adware themselves. Users are advised to rely on anti-spyware applications with deserved reputations for trustworthy performance.
useful link to bookmark
Re:not too comprehensive (Score:2)
Re:not too comprehensive (Score:2)
In reading his post, I got the impression it was in a commercial environment. I know places like Best Buy and the like charge upwards of $20 for a "spyware cleaning" and all they do is install Ad-Aware and/or Spybot, run it a couple of times, install the google toolbar, and hand it back to the customer.
My aologies to you, kind sir, for not explaining my presumtions prior to my previous post. Got alliteration?
It's up to the users to do the research. (Score:5, Informative)
They are absolutely correct here although there are only four programs you should ever install for combating spyware: Adaware, SpyBot S&D, SpywareBlaster, and a good software firewall package (preferably one that tells you when something is trying to connect out to the Internet like ZoneAlarm). You need to keep these programs updated on a regular basis and you need to make sure that they run regularly. Unfortunately only SpyBot S&D runs w/o user intervention if you set it up to do so.
SpyBot, while being a great program, isn't updated nearly as often as AdAware and doesn't find all those pesky cookies that AdAware does. SpywareBlaster is good for keeping those pesky cookies from getting onto your machine in the first place.
We were unable to reach NoAdware, but the Better Business Bureau of Upstate New York reported that it had received 22 complaints about the company, which is not a member of the BBB, by early October. Network Dynamics has a clean record as a member of Southern California's BBB. The BBB's complaint database contained no record of complaints for the remainder of the companies whose products we tested.
The BBB has fallen into worthlessness in recent years (I don't know about years passed). They have little to no pull and sometimes they even go so far as to ignore complaints against their companies. I would ignore any comments in regards to BBB related businesses.
Basically you need to research what you are installing on your machine. That means using google, word of mouth, and your own deep digging before you put any "cleaning" program on your machine. You also need to do some research into making sure that you are using what you can to combat Spyware.
Sadly, most people out there don't know, care, or care to know. That's why they end up w/it in the first place. If people DID care about what they were installing on their computer AND took the time to do a quick google search they would find out exactly what they need to know.
It has gotten to the point where I seriously believe that MSFT is doing this on purpose in order to show the public why they NEED to use "protected computing".
Re:It's up to the users to do the research. (Score:4, Insightful)
Re:It's up to the users to do the research. (Score:2)
I like the idea of SpyBot's "immunize" functionality, although I've yet to actually test it out since I almost never use IE.
Re:It's up to the users to do the research. (Score:2)
As far as immunize. I can attest that it does, in fact, work. I usually keep my machine immunized for every day use (even though I use Firefox). A few times, wanting to test some spyware-removal apps, I'll try to infect my machine.
Once or twice in doing that, I forgot to de-immunize and was totally unable to install some of the spyware apps I was trying to get. Then I did an "undo immunizatio
Re:It's up to the users to do the research. (Score:5, Interesting)
looking for free AV or firewall software I encounterd that MOST has spyware bundled with it. the ONLY apps I feel safe installing are Open Source where I can look to see if there is spyware included.
Freeware software has become the biggest carrier of spyware. many "media players" and other apps have a crapload of spyware in them and I am running into people with claria installed that dont even use the internet but recieved a nice CD with a copy of PC magazine that had some nice free apps on it.
personally, I am making a killing at $50.00 a pop to relatives and friends. i tell them to let others know that I'll do the same to their computer for $100.00 and I'll give them $20.00 for each person they send me.
I now clean about 20 computers a week, all set up in a row in the basement with a 2 day turnaround for them and they have to sign a waiver/disclaimer and pay in cash.
christmas is going to be a great one this year.
so in a way, I really have the spyware makers and microsoft's IE team to thank for the plentiful bounty I have this year.
Re:It's up to the users to do the research. (Score:4, Insightful)
Re:It's up to the users to do the research. (Score:3, Insightful)
Thanks for the tip. If I ever get spyware or adware on my Mac, Linux, or Slowaris boxen I'll install these and see if it helps.
Sadly, most people out there don't know, care, or care to know.
And why should t
Re:It's up to the users to do the research. (Score:2)
Considering that SpywareBlaster includes rules for Firefox as well as IE I think that it wasn't a typo.
I Prefer hijackThis (Score:4, Informative)
Re:I Prefer hijackThis (Score:4, Insightful)
Most people don't have a Clue and they don't want to. That's why they are infected with Spyware in the first place. I would NEVER recommend hijackThis to anyone except someone I was KNEW was very good with computers and what they should and should not see running.
While it is difficult to get Spyware when you can't start your computer correctly it is also annoying
Re:I Prefer hijackThis (Score:3, Insightful)
MOD PARENT UP! (Score:2)
I mention AdAware because Hijackthis lacks any sort of a file checksum/scanning utility. If it did, It would be the best catch-all solution.
Re:I Prefer hijackThis (Score:5, Informative)
Just because it's not running, I am sure you don't want some coolwebsearch files just sitting silently on your system.
Here's my recent techrx post regarding this same subject: http://www.tech-recipes.com/windows_spyware_tips7
or the easiest solution (Score:4, Informative)
???
profit
really if you are still using IE you are bringing it on yourself, i loved IE, but it has become garbage
Re:or the easiest solution (Score:3, Informative)
Sure, it will prevent further mistakes (or at least limit them) but it won't get rid of half of the crap that gets onto a machine.
Its the same thinking when people say "install service pack 2 to clean it up". Those machines are the ones which have the most problems, and for once, MS isn't really to blame for it.
They will only do well if starting from a clean slate, so before upgrading someone to Firefox, or any other secure upgrades,
Re:or the easiest solution (Score:2)
Re:or the easiest solution (Score:2)
Re:or the easiest solution (Score:2)
> ???
> profit
Well, no, actually. If you're in business for tech-support, firefox means a loss of profit. Uninstalling x-ware is usually pretty straight forward and it's all labor. At $75 / hour for on-site tech-support I will happily spend hours fighting off x-ware.
While I insist my family, wife, and anybody else within the free tech-support blanket have NAV, NPF, and firefox, I'll gladly let the trolls continue to pay.
Re:or the easiest solution (Score:3, Informative)
Where's the program (Score:4, Funny)
Re:Where's the program (Score:2)
Uhh..ok. Select Desktop Games on this page [gemtree.com]
Yahoo's spyware tool is the best (Score:3, Informative)
Re:Yahoo's spyware tool is the best (Score:2, Redundant)
Re:Yahoo's spyware tool is the best (Score:3, Insightful)
I'm sure yahoo!'s Removal tool works to remove eveyone elses spyware(or as much of it as yahoo! is aware of), but it by design allows yahoo to continue to track your web usage.
she got a refund? (Score:3, Informative)
They actually gave her money back. That's good right? Sure they took four months, but they did it. She should shut up and stop complaining. They could have just blamed her for it since she really couldn't have proven anything.
manda
Hmm... (Score:2, Informative)
Re:Hmm... (Score:2)
You can either:
1)bang a whore with three doctors supervisong you (three adware removal progs),
2)bang a whore and wear a rubber (Spy Sweeper), or
3)bag a nice girl and not need a rubber or three doctors.
I take option 3.
Re:Hmm... (Score:2)
Free anti-virus alternatives? (Score:5, Interesting)
Re:Free anti-virus alternatives? (Score:2, Informative)
Re:Free anti-virus alternatives? (Score:5, Informative)
Re:Free anti-virus alternatives? (Score:2)
But I still install it on peoples computers that have no protection at all when I work on them.
Re:Free anti-virus alternatives? (Score:5, Informative)
Re:Free anti-virus alternatives? (Score:2)
Just make sure to disable sounds when you install it.:)
Who should be making spyware removal software? (Score:2, Troll)
You'd think they'd have a pretty good reason to make sure that (at least the latest version) of Windows is performing well for people. Sheesh.
Obligatory Blazing Saddles quote (Score:2)
"Cut them off at the pass?! I detest that cliché!"
Re:Who should be making spyware removal software? (Score:2)
Re:Who should be making spyware removal software? (Score:2)
Really, asking for root password to install software wouldn't prevent shit like Bonzai buddy from being installed.
If MacOS became more popular I'm sure you'd see a Bonzai buddy port for it.
Don't install "anti spyware" advertised in popups! (Score:2, Funny)
Re:Don't install "anti spyware" advertised in popu (Score:3, Insightful)
Duh!
why? (Score:2, Insightful)
Really, this is an OS problem, and MS should provide a solution, you shouldn't have to reply on 3rd party providers to fix a shortcoming of the OS!
BCB
Re:why? (Score:3, Interesting)
Plus, Microsoft likes to sell ads on its sites. I doubt you'll ever see anything like the Firefox ad blocker or the AdBlocker extension for IE.
I was very surprised they blocked pop ups. Probably got to the point where pop ups from spyware infected computers were making people think twice about windows as an os.
Re:why? (Score:4, Insightful)
Haha. As if people actually knew was an OS was...
The real reason MS hasn't created a spyware blocker? Because peanut galleries like Slashdot would go up in arms about how MS is trying to "take over another market", cry about unfair competition, whine about too much bloat, etc. I mean, just look at how Slashdotters whined and cried like a bunch of 4 year olds this morning when Microsoft announced they were entering the blog publishing realm. When you're Microsoft, it's damned if you do, damned if you don't.
Re:why? (Score:4, Insightful)
No spyware is not an OS problem, I have Windows machines, I use IE, I do not have a spyware problem. My girlfriend runs Windows, she uses IE, she does not have a spyware problem, and while I may be catagorized as more cluefull then the average user, she is the average user excepting for one thing, she actually learned how to use her computer. Do you consider a person refusing to clean their duct work, or take their car in for a tune up a problem with the house or the car? No its the users fault, and its the same with spyware. How long have people been told, don't click on everything you see? Don't open that mail? Hell its even on the news now. This is a problem with people activly refusing to learn. Spyware writers do not target Windows, they target IDIOTS. There are spyware apps that target Mozilla that do things they shouldn't, so why are there not more? The target is idiots, thats why, you will see more and more targeting Mozilla as more and more of the target audience are convinced to use it.
Don't blast MS for Mom's self-inflicted wounds. (Score:4, Insightful)
There are some systemic problems with Windows, particularly the Windows/IE combination, that allow spyware to flourish -- the lack of a way for a common user to get a good idea what's running on their system besides MS-installed OS files, for example, or the multitude of places that auto-starting spyware can hide its startup away from the user's notice. But in the end the people who have spyware problems are almost universally the people who clicked on a link from an unknown source that promised them something cool (or more often than not, something astonishingly lame by more educated users' standards..) If your momand other users like her could be trained not to click on "Click here to install our FREE animated weather-forecasting dancing baby!" when she doesn't know anything about the source of the offer, 90% of the problem would go away overnight.
Re:why? (Score:3, Insightful)
This is NOT an OS problem at all. Spyware is (as far as the OS is concerned) a legitimately installed and running program.
There is nothing in Linux or OSX that will prevent spyware on those OSes either. It's an ignorant user that installs Gator and the syware it comes with (or any of dozens of other spyware carrying programs)
That being said, XP SP2 does help in this regard. There is an additional warning when you try to
Re:why? (Score:3, Interesting)
While true, it is hardly their fault when so many programs out there come bundled with spyware. I've run across many free utilities and applications that are filled to the rim with spyware and I'm very careful about what gets put on my Windows box. I can't see how the average "it's just a tool" users out there can keep on top of all this.
But there are also programs that auto-install themselves without the user's knowledge, just by la
Re:why? (Score:4, Interesting)
So why don't any Spyware removers exist?
Re:why? (Score:3, Interesting)
Alright, I'll bite. What short-comings would the Linux OS have without third party applications? You could almost argue that everything in your distro, besides the kernel, is a third party application.
Now, saying that the OS shouldn't rely on third party applications to patch holes - that I'd agree with.
Re:why? (Score:3, Insightful)
You have to remember that the spyware climate looked pretty different back when WinXP was first being designed/written. It's reasonable that the designers wouldn't have anticipated it becoming as much of an issue as it has and wouldn't have prioritized it very highly.
That said, I have a Windows machine at work and another at home, and outside of cookies that AdAware cleans up, neither has ever had spyware or a virus. You'll nev
Re:why? (Score:3, Interesting)
Re:why? (Score:3, Insightful)
I still can't fathom WHY Microsoft doesn't have something like this builtin to XP.
Really, this is an OS problem, and MS should provide a solution, you shouldn't have to reply on 3rd party providers to fix a shortcoming of the OS!
The ultimate solution would be to make Windows more secure by default. Yes, you can make it difficult for spyware to enter, but only if you make modifications (run as regular user, keep patched regularly, use Firefox, if using IE modify a crapload of settings to make it as sec
Same goes for anti-virus (Score:2)
The fact that its called ANTI-VIRUS makes gullible people think its a cure all, when its unlikely worth the time to install, let alone the money spent on it
A couple tips for removing spyware from windows. (Score:3, Informative)
Fun with related stories (Score:2)
Hmm... (Score:2, Insightful)
Doesn't look like I'm going to be able to scan my system without using IE with ActiveX enabled. I think I'll pass.
Fundamental Difference (Score:5, Insightful)
Commerical anti-spyware vendors on the other hand are in in for the $$$ and that means they are susseptable to temptation, i.e allow malwarez who give them money to get through, use malwarez tactics to get money and do things other than what it says on the tin while users aren't looking.(read, kazaa)
I suppose commerical vendors are just more idealogically close to the spammers, who are also in it for the money.
In any case, if you need an 'infrastructural' type software program, your nearly always better off going FOSS anyway. That's my 2c.
Re:Fundamental Difference (Score:3, Insightful)
Re:Fundamental Difference (Score:2)
Eh? I don't fully follow.
Obviously if your porn filter is allowing porn through intendtionally, then you should just dump it. I suppose the same goes for spyware.
However I will say that spyware is much more permanent and damaging than porn.
Porn is
A minor quibble (Score:2)
Lavasoft's Adaware is free for personal use. They also have a pay version, which may be used in a corporate or educational environment, or by those who have a burning desire to give Lavasoft money to support their efforts in the war against spyware.
Re:A minor quibble (Score:2, Informative)
The advantage of paying for AdAware is to get AdWatch, a live detection program which blocks registry modification, browser hijacks, etc. as they happen. It is very customisable and can react autonomously or can prompt for action. No burning desire, just a good product. (No affiliation)
As to this douche installing programs advertised by popups, what does he expect? If your advertising strategy is popups, you're selling crap. If your purchasing strategy is popups, you're buying it.
Spyware Stormer (Score:3, Insightful)
Why is your company using Windows Messenger Service to effectively spam/invade user's privacy with unwanted popups advertising your product?
Extra protection: ActiveX/Js/Java Whitelist (Score:2)
- Trusted Sites has Java, Scripting and ActiveX enabled
- Internet has Java, Scripting and ActiveX DISABLED
- Restricted Sites has EVERYTHING DISABLED
Any site you do not explicitly trust will be rendered in strict-HTML only. No java, no jscript, no flash, no embedded crap.Article Redundant (Score:4, Funny)
So, a fresh install of XP then
Open Source Solution Needed (Score:5, Interesting)
I'd love to see a project that uses community involvment to flag projects and websites as "phishing" or "spyware" related.
It could be integrated into open source projects such as Firefox and Thunderbird so you could be assured that after a few people in the community confirmed that a particular URL or even IP was "phishing" or "spyware" related, it would be disabled in the browser or email client without a blood sample and double confirmation.
I, for one, am sick of helping other people clean their computers of spyware. Many of them become so bogged down they are unusable.
Spybot: Destroy UI Designers (Score:3, Insightful)
How about a little bit of professionalism in software development! I know it's freeware and you're not making money, but how about at least taking enough pride in your work to make it usable and not hideously ugly? I hate to say it, but I can't talk management into using Spybot: Search and Destroy as a standard because it looks so unprofessional.
If Spyware programmers were smart. (Score:2)
I can't run Ad-Aware (Score:2)
Generally the hangs are in attempting a deep scan of the registry, or while scanning somewhere in my Windows directory.
I haven't been able to successfully run it since upgrading almost a year ago. I've upgraded since t
Re:I can't run Ad-Aware (Score:2, Informative)
Consumer ePorts (Score:2)
For the love of Pete, STOP USING IE!!!! (Score:2)
Re:For the love of Pete, STOP USING IE!!!! (Score:2)
Best bet is to configure security settings so only sites you trust are allowed to use ActiveX. Then use FireFox for everything but those few sites.
Pffft. (Score:2)
But that book, BTW - it rocks!
Soko
Re:Pffft. (Score:2)
What is a "spyware" file? (Score:2)
Obviously, the developers of that anti-spyware program had a different idea of what a "spyware file" was than the developers of the unnamed anti-spyware tool they used to detect that the first tool had installed 57 "spyware files."
So what is a "spyware file"? Is it any file flagged by whatever anti-spyware tool you happen to be running at the moment? That's a rather self-serving (for the anti-spyware vendor) definition, don't you think?
Open Source? (Score:3, Interesting)
I've often wondered if it'd be feasible to start an open source spyware zapper project - the scanner wouldn't be too tough to write I don't think, and you could get the community to keep submitting updated definitions for newly found spyware via some sort of wiki-esq mechanism.
Could this work? And if so, could we also make our own anti-virus program while we're at it?
Confusing terms? (Score:2)
But they seem to be talking about ad-ware mostly, which would be searching for a different type of maleware entirely.
Spyware Removal Tools (Score:2)
For this I always keep renamed copies of Regedit and Task Manager handy. Very often you'll need these to kill process and clean the registry BEFORE you can run anti-spyware and anti-virus.
Always good for a free beer from the neighbors and atta-boys from the boss...
donate to a good cause... (Score:2, Insightful)
Use a Mac! Seriously. (Score:2)
spyware tips (Score:3, Informative)
the other night my laptop got a spyware infestation and this was the most serious one i had come across..
adaware and spybot couldn't detect anything.. yet i kept getting IE popups.. I booted to safe mode but guess what.. an IE popup while adaware is running (network was not available) in safe mode!
so i back to windows normal mode, pull up sysinternal's processEx to see which process starts the IE process.. and i was surprised to find that the IE popups were from winlogon.exe! later i found out that the sypware had also modified my winsock files..
anyway.. to the tips.. sometimes you have two processes that monitor each other, so when you kill one, the other process respawns the proccess you just killed. unless you are lightining fast with taskmgr... you can kill both at the same with taskkill
if you find a
the "[" "]" don't mean optional parameters.. i couldn't use the less/greater signs
the sypware that i got installed was hosted at rackspace.. so i called up rackspace (@3am CST).. bitched about it and they contacted their spyware client.. you would expect then to stop hosting the spyware.. instead rackspace sent me a link for a utility to download (utility provided by the spyware client).. which removed whatever i had but installed more spyware!!
In the end, i renamed iexplore.exe and put a copy of cmd.exe as iexplore.exe
Contact info for spyware author... (Score:5, Funny)
The domain name is:
LOCALNRD.COM
The address is this:
Thinking Media LP
275 Madison Avenue
New York, NY 10016
Or please give a call to show your support for spyware and your desire to do business with them.
1(866)839-6164
Thanks for helping the cause!!!!
Consider the alternative. (Score:4, Funny)
Re:How many (Score:4, Funny)
For all others who have not clicked on the link, I recommend to not click it, unless of course you enjoy Banana Phone.
- Qua
Re:No shit (Score:3, Funny)