Forgot your password?
typodupeerror
Security IT

Antispyware Shootout 343

Posted by Hemos
from the battle-royale dept.
An anonymous reader writes "ZDNet has published a review of 8 antispyware products from Computer Associates, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Trend Micro and Webroot. Check out the Editor's Choice. Interesting winner ...." I've used quite a number of these scanners on and on & off basis, and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything.
This discussion has been archived. No new comments can be posted.

Antispyware Shootout

Comments Filter:
  • by digitaldc (879047) * on Monday December 05, 2005 @10:47AM (#14185162)
    or the shootout ended up killing everyone, including the article.
  • Enough power (Score:5, Insightful)

    by VincenzoRomano (881055) on Monday December 05, 2005 @10:48AM (#14185168) Homepage Journal
    I wonder whether there will remain enough CPU power to run the applications once I will install three to four ofthose scanners.
    Maybe some major fix in the operating system (as well as in the users' brain) could help a little bit.
    • by c0l0 (826165) on Monday December 05, 2005 @10:51AM (#14185191) Homepage
      Well, I guess we now know why Intel is heading for _FOUR_ cores on one DIE in 2007. One for your personal tasks, and the other 3 cores each for one anti-spyware-thingie exclusively ;)
      • by scruffy (29773)
        One for your real work, one for spyware, one for anti-spyware, and the last one for DRM.
    • Re:Enough power (Score:3, Insightful)

      by steveo777 (183629)
      For the last few years, I've been contracting to clean both spyware and malware off of Windows PCs. I've been using SpyBot and Hijack this and eventualy found a few more programs that I really like to replace Norton and McAffee's products for those users.

      I post this comment because I've been finding that, more and more, people complain to me of slower and slower systems. Well, the biggest problem is that people I've helped out are subscribing to up to five anti-virus programs at a time. You get great ti

      • Re:Enough power (Score:4, Informative)

        by afabbro (33948) on Monday December 05, 2005 @12:14PM (#14185944) Homepage
        Next, if you really are that desperate for free programs, movies, porn, then get a seperate box for the P2P software

        Or VMWare. eMule runs nicely in VMWare. Create a master copy, clone it, and run eMule/BitTorrent/whatever on the clone. If the clone becomes fouled, delete it and reclone.

        In my experience, serious P2P does not play well with other apps - it needs a dedicated box. It sucks up the network stack something foul (run eMule for a few days and then see how long netstat takes). However, if you have the RAM, you can run it in VMWare in the background quite nicely...I've had eMule charging away while playing F.E.A.R. with no noticeable performance hit to either (3Ghz HT, 2GB RAM).

        Of course, if there was eMule for Linux...(no, don't tell me about amule...)

  • Spyware Warrior (Score:5, Informative)

    by popechunk (863629) on Monday December 05, 2005 @10:51AM (#14185192) Journal
    This [spywarewarrior.com] might be a little out of date, but it's still my favorite review site. It talked me into paying for Giant right before MS bought it, which is too bad, because it was the best one I'd ever used.
  • by xxxJonBoyxxx (565205) on Monday December 05, 2005 @10:52AM (#14185203)
    Were they reviewing Spybot or not? I saw mention of it in the results, but I don't think it was on the results chart...
  • by mencik (516959) <steve@mencik.com> on Monday December 05, 2005 @10:53AM (#14185205) Homepage
    Note that the test was for enterprise versions of the products, meant for support of a 150 or so user network. Your mileage may vary if a test is done for single computer home use.
  • One Ring? (Score:4, Funny)

    by Kjella (173770) on Monday December 05, 2005 @10:55AM (#14185227) Homepage
    Each of them captures a certain area, but none are the One Ring or anything.

    Apparently powerful, but deceptive and treacherous with a rootkit from the creator?
  • Free solutions (Score:5, Interesting)

    by Anonymous Coward on Monday December 05, 2005 @10:56AM (#14185233)
    It's nice that they acknowledge the existence of free solutions ("freeware" anti-spyware programs), such as (my personal fave) Spybot Search & Destroy [safer-networking.org]. I would feel a whole lot better about this article if it would actually compare these expensive commercial programs to the whole playing field of contenders. Leaving out the least expensive solutions (free ones) leaves this article wanting.
    • Re:Free solutions (Score:5, Insightful)

      by sevensharpnine (231974) on Monday December 05, 2005 @11:08AM (#14185310)
      I'm sure that this review was limited to either current or potential ZDNet advertisers. Tech journalism (web or print) has absolutely no credibility. The entire article is a thinly-veiled ad for the "contestants."
    • Re:Free solutions (Score:5, Informative)

      by lowrydr310 (830514) on Monday December 05, 2005 @11:52AM (#14185712)
      I have a formula that works farily well to combat spyware/adware, successfully removing existing spyware and preventing the system from getting new spyware.

      1. Kill all unfamiliar windows processes
      2. Remove anything strange from the 'startup' folder
      3. Go to "add/remove programs" and try to remove anything you don't need
      4. Run Spybot S&D (my personal favorite too)
      5. Run HijackThis (another excellent FREE tool for getting rid of browser helpers and other search redirection 'utilities', though it's not for the novice user)
      6. Install Firefox, delete all shortcuts to IE.

      I've done this to several computer-illiterate friends' and family computers, and they've been working spyware-free for quite some time. I ran into one really nasty search redirection on my brother's computer that the above steps didn't fix. It involved IE calling one specific DLL for a search, and it would reappear as another name if I tried to delete it. Somehow, it was running as a disguised Windows 2000 system process that I simply had to turn off which allowed me to manually delete all associated files.

      • Re:Free solutions (Score:3, Informative)

        by Cunjo (865201)
        I worked at a computer repair shop at one point, and my SOP is very similar, although I typically run HijackThis earlier in the process (Before removing programs), and I include - if necessary - some passes with other programs.

        Worst-case Scenario:
        1) Kill all unecessary processes manually (if able)
        2) Run MSCONFIG and disable unecessary startup processes (if able)
        3) Run Spybot S&D [safer-networking.org] (if able)
        4) Run HijackThis [spywareinfo.com]
        5) Install Avast! AV [avast.com] and updates, and schedule a boot-time scan (if able)
        6) Uninstall/manually remov
    • Perhaps, but corporate programs are intended to be installed and controlled centrally.

      No matter how free spybot is, paying techs to install the app, keep it updated and scan PCs is a huge expense and a logistical nightmere.

      You can't have users do it. Ideally, your users won't have admin rights, which makes it hard to remove spyware via any piece of software. Don't even get me started on the training issues.
  • by Progman3K (515744) on Monday December 05, 2005 @10:56AM (#14185235)
    It frightens me that Microsoft has suceeded so well with their shoddy products that we all think that having to run a spyware tool is normal.
    It is NOT normal to have to do this.
    • by Jugalator (259273) on Monday December 05, 2005 @11:05AM (#14185291) Journal
      To answer your topic question, it's necessary because Windows users usually run with administrator rights and don't care much for what an installer may do. Think doing the same but in Linux as root.

      And then few OS'es out there will help if the user choose to install a spyware infested program and click "Yes" to install the whole thing. I mean, once a user run executable code with admin rights, what can the OS do?

      One solution is of course to run in a more protected user mode where you're requested of admin rights when it has to do something to the system, and the upcoming version of Windows will do exactly this, and what *nix desktop managers have had for years.

      However, when the user see "This application requires administrator rights", will he/she still just blindly fill in the requested info, click "yes", and get the spyware?
      • One solution is of course to run in a more protected user mode where you're requested of admin rights when it has to do something to the system, and the upcoming version of Windows will do exactly this, and what *nix desktop managers have had for years.

        Yah.. BUT even with existing Windows (Windows 2000 and XP), running as an underprivileged user does have many issues. There are still many applications on Windows that do not follow the security policy and attempt to write user data outside of their profile.
        • by tuxmaster (851910) on Monday December 05, 2005 @12:06PM (#14185870) Homepage
          The computer is not smarter then the monkey using it. If all the users run as administrator as most users do in windows then what good is it requiring administrator rights. They already have them. True a *nix OS is better at protecting from unwanted installation of programs for a few reasons. One reason is because with the windows browser is so closely tied to the Operating system itself. As any *nix operating system not so closely tied. Also in the *nix type operating systems the end user is by default mostly unprivileged. As with a windows user generally there is ether no user at all (that defaults to administrator level user) or there is a user with administrative rights. So that concludes that the main reason why Windows computers receive so much spy ware is because of the end user. If End users would take the appropriate percussions by first on day to day use run as a limited user. Running on a user with Administrative rights is like running a *nix system as root all the time it is just not smart. Second take the attitude that most web pages can not be trusted. Why ads ads ads marketing people like keeping a eye on you and how you use your money. Active X should not be used on a regular webpage. I am surprised how many times I browse the web with ActiveX prompting me to accept most of the time I click NO and the page works fine. Third do not download unusual programs. Forth do not click those banner ads. Last of all Do not let anyone do anything on your computer remotely or otherwise without giving them just enough permissions to do the job. If all those things are followed you will have one of 2 things or both. One a secure computer or two a annoyed user.
        • Yah.. BUT even with existing Windows (Windows 2000 and XP), running as an underprivileged user does have many issues. There are still many applications on Windows that do not follow the security policy and attempt to write user data outside of their profile. ie -- try installing an app sometime as a regular user on Windows...

          Yep, I agree this is clearly a problem on Windows, and probably a big reason things look like they do today with spyware. However, one has to wonder whether it's Microsoft's fault or no
        • Susan Bradley, a Microsoft MVP, has created a "Hall of Shame" [threatcode.com] for Windows-based software that requires Admin/Power User privilege to run, or that has other serious security flaws. The list is still short (and sort of disorganized), but she's trying. A good many big-name vendors are on her list (and she's not afraid to add Microsoft products).

          Nominate your favorite offenders! Tell your friends! If Threatcode.com catches on (she's a server guru, so maybe she can survive a slashdotting), maybe at least
      • However, when the user see "This application requires administrator rights", will he/she still just blindly fill in the requested info, click "yes", and get the spyware?

        No. The average user will install software only if it involves clicking "Next" "Ok" or "Finish". Any weird questions about administrator rights will spark a call to son/brother/cousin/friend/12 year old who will know the right answers.

      • One solution is of course to run in a more protected user mode where you're requested of admin rights when it has to do something to the system, and the upcoming version of Windows will do exactly this, and what *nix desktop managers have had for years.

        Well, I tried to do this -- and I am back to being an admin 100% of the time. The problem is stupid applications that REQUIRE admin access in order to work. Specifically, I had a problem with Winamp. It crashed unless ran as admin. This is very stupid,

    • Of course it is normal. Normal is about the average experience. The average computer user needs to do this, so it is normal.

      Not that it's good that we have to do this, in any way.
    • Will someone explain to me how linux or OSX are magically immune to spyware?

      If you go to install some filesharing app, and you don't do some extremely thorough inspection of the installation procedure, you can get some spyware installed on your machine during the process no matter what the operating system is.

      This isn't a Windows specific issue.
      • There is no technical reason that spyware is a Windows specific problem but right now spyware does not target Linux or MacOS. Spyware targets Windows because it is the most common OS, is relatively homogeneous and has a number of known security holes.

        Until MS plugs the holes or other OS's become more widespread this will continue to be a Windows specific issue.
      • I would say spyware (and malware in general) is arguably a worse threat on OSX/Linux - precisely because nobody expects it. I was disturbed reading an OSX newsgroup the other day in which a good dozen people agreed that OSX was "immune" from viruses. What they mean is, fewer viruses have been written for OSX because there's a lower number of users, and therefore lower "return" from a mass infection.

        If I were trying to write something insidious, I would target one of these platforms because no-one expects it
      • In OS X, the first time you run any program it says "This is the first time you've run Program X. Do you want to continue?" Which means that, unless you are SO dense that you click yes when it asks if you want to run Program I Didn't Mean To Download, the spyware might be on your machine but will never get to run.
      • Why does there have to be some "magical" (or technically rigorous) reason for the lack of malware on Unix-type systems?

        There is a certain myopia among technically-minded individuals that makes it seem that only a technical solution can solve a technical problem. This is not necessarily the case. Moving to a Unix-type system is the electronic equivalent of moving from a blighted inner-city ghetto to an upperclass suburban neighborhood. There's no technical reason why it should be any safer or cleaner--but it
      • Will someone explain to me how linux or OSX are magically immune to spyware?

        There's no magic - just good defaults.

        Windows: most users run as administrator. Lots of software breaks if you don't.
        OSX: root is disabled by default. Apps may request sudo rights of a user, to which a user has to enter his password and may review the (somewhat archanly named) right being asked for.
        Linux: root is enabled by defauly. Installers insist you create a non-root user during installation and warn you to use it. All sofw
  • Summary (Score:5, Informative)

    by Big Nothing (229456) <big.nothing@bigger.com> on Monday December 05, 2005 @10:57AM (#14185238)
    For those of you who are too lazy or otherwise unable to reach the article (which in a matter of minutes should be just about EVERYONE), here's the summary:

    Scenario 1: This larger (over 150 users) company is seeking dedicated anti-spyware. It needs a solution that can detect and clean up a range of malware on its machines.
    Winner 1: Computer Associates eTrust Pest Patrol and Symantec Client Security. Once a network goes above 150 nodes the case for centralised management command and control capabilities becomes more important. CA wins here for its performance and ease of management, and Symantec for its accuracy.

    Scenario 2: This smaller (less than 150 users) company is seeking dedicated anti-spyware. It is seeking a solution that can detect and clean up a range of malware on its machines.
    Winner 2: PC Tools Spyware Doctor 3.0 for its ease of use, accuracy, and performance.

    Editor's Choice: Symantec Client Security 3.0
    It was neck and neck for the Editor's Choice Award between CA and Symantec. Had CA or even PC Tools detected more (they were both above average), they could have won, however, Symantec blitzed the field in detection which is really what you want. Note that this is at a trade-off to performance, and bear in mind that Symantec also includes antivirus, so your decision may come down to what virus scanning policy and system your business is already using.

  • Sony (Score:5, Interesting)

    by kidtwist (726601) on Monday December 05, 2005 @10:57AM (#14185243)
    Did any of them find the Sony rootkit?
  • by camcorder (759720) on Monday December 05, 2005 @10:59AM (#14185255)
    I don't understand this. How can you trust an infected machine without wiping everything out. Even MS accepted that it's not possible to clean some rootkit kind of spyware if you don't reinstall Windows. Even if it can, how can you trust, without checking every bit of the OS? This is not Windows issue, it's same with linux or any other OS. But it's also very hard unless you're very ignorant, to get a complete infection with linux than Windows.

    I would not trust any machine which is infected once, because there can be countless ways to hide an application once a hacker got in.
    • You could argue that you can't completely trust any computer system unless you personally audited every portion of the system. You would have to check the processor core, microcode, firmware, OS, applications, etc. You would have to hand compile your own compiler and then use it to compile everything else. You could never connect it to any network. You could never leave anyone else alone with it. It would need to be faraday shielded at all times.

      How paranoid is paranoid enough?
    • There are two ways. The first, is running in safe mode to scan. Windows doesn't load non-system drivers in safe mode, so the rootkits won't load, and you can detect them.

      The second is by using the technique that sysinternals uses, which is to read the registry raw (not in the API) and parse it yourself, then find any references to files which mysteriously don't show up through the API. This doesn't remove the threat, but it does help identify it. The reason this works is that in order for a root kit to
  • by Anonymous Coward on Monday December 05, 2005 @10:59AM (#14185260)
    ...a Mac and a Linux user, who wondered what all the fuss was about.
  • Whats going to be left of your CPU if you're running a bunch of anti-spy/virus/blaaaah scanners, auto-updaters and registry watchers? Have we all forgotten whitelist-based approaches? IMO, the best way to go is to DeepFreeze your system drive, unfreezing it for updates and installing new software (uninfected software of course). Then have a couple of data partitions that are not frozen. Run Firefox in ultra-restricted mode for everything but the sites you know are safe. Why is this so hard? The other approa
  • by hikerhat (678157) on Monday December 05, 2005 @11:07AM (#14185299)
    That's way too long for me to waste my time on. I didn't read it, but I'll try and summarize it:
    1. Don't download/install it if you don't know what it is and you're on a windoz box.
    2. Install four or five spyware/virus scanners that execute every time you access a file if you're on a windoz box. Performance be damned. It doesn't matter what brand. Four or five different brands are enough.
    3. No matter what four or five brands you install, someone is someday going to get their hands on your windoz box, and download some spyware/virus that isn't detected by the four or five scanners you have installed. So really, don't install anything. Just don't do number one, and lock your windoz computer in a big safe.
    4. Amazon/Paypal/Ebay is not going to suspend your account if you don't click on that link in that email and fill in your name and password. Don't worry.
  • SpyAxe (Score:3, Funny)

    by borawjm (747876) on Monday December 05, 2005 @11:07AM (#14185307)
    I recommend SpyAxe. It generates pop-ups and then, conveniently and promptly, lets me know that my machine has been infected with spyware.

  • by crivens (112213) on Monday December 05, 2005 @11:14AM (#14185364)
    "you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything."
  • And where is Sunbelt Software's CounterSpy (both consumer and Enterprise editions) in this round up? They left out major Antispyware applications!
  • by Sockatume (732728) on Monday December 05, 2005 @11:16AM (#14185378)
    In the wise words of Luis Villazon: [pcformat.co.uk]

    Imagine if there was a billion dollar industry dedicated to selling you hyenas to control the badgers in your garden. Imagine that, even though there are no badgers in your garden and never have been, these companies told you that you needed to have a snarling, vicious hyena patrolling your lawn in case one should ever appear. And not just one hyena either, imagine they told you to add another hyena every month to provide adequate protection. And imagine that the hyenas were bad-tempered, smelly, dug holes in the lawn and chewed on your leg whenever you stepped outside. Finally, imagine that your garden was surrounded by a high wall anyway and the only way for badgers to get in was for someone to post them to you in a conspicuous badger-shaped parcel that you could simply refuse to accept when the postman delivered it.
  • by mcgroarty (633843) <brian,mcgroarty&gmail,com> on Monday December 05, 2005 @11:17AM (#14185386) Homepage
    For the client-side antiSpyware solutions, how is the client-side performance? I've seen some very comprehensive virus scanners that also drag performance down into the mud. For example, Symantec severely impacts Metrowerks' compiler and copy times to and from SMB shares. McAffee utterly punishes network performance. cygwin's rsync ran at less than 10% speed when McAffee was installed, and I had to uninstall McAffee to recover speed, I couldn't just turn off network scanning. I'm assuming the antiSpyware programs are similar to antiVirus programs in this regard, as they're basically the same software but with a different database of things to look for.
  • and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these.

    Actually, I only need one method to make sure that the machine is truly clean:
    format c:
  • always in memory (Score:4, Interesting)

    by Fëanáro (130986) on Monday December 05, 2005 @11:21AM (#14185418)
    the problem with most of these modern anti-spyware software is all of them want to stay in memory ALL THE TIME. Even worse are Anitvirus tools. I tried once to install several of them to have mre than one on-demand scanner at my disposal, and it was a mess.

    Even IF they offer the option to NOT load themselves at each startup, many still do load something anyway. Most dont even ask so that you have to disable 3 different services and 2 startup programs with cryptical names.

    Otherwise you end up with all of these tools concurently trying to scan each file access / internet request, registry change etc.
    You end up with all sort of interesting and unpredictable side effects, probably offering worse protection than each of them alone.

  • by Laurentiu (830504) on Monday December 05, 2005 @11:21AM (#14185419)
    ... which can be found at http://www.hitmanpro.nl/ [hitmanpro.nl]

    Hitman Pro is a meta-tool, an aggregate of 10 antispyware tools that automagically downloads and runs these tools with as little fuss as possible. Unfortunately the whole page is in Dutch, but the Download button is quite visible, and the software itself may be run with an English interface (self-explanatory).

    A (rather outdated) manual can be found at http://xthost.info/hitmanual/ [xthost.info]. Enjoy!
    • an aggregate of 10 antispyware tools that automagically downloads and runs these tools with as little fuss as possible

      Hrm; isn't that how this problem started in the first place?

      • In an ideal world we would have no spyware, every software vendor would first make sure that his software is totally devoid of errors, and russian spyware makers would make matrioshkas for a living. And I would fly to work in my brand new, error-free, ecological, flying-pig-powered Toyota Pigus.

        The world being as it is, I'd rather have a piece of software that runs a thorough, multi-tool search for most known threats and removes them without requiring user interaction. And as a short-term solution it beats
  • Why do the majority of commercial virus scanners seem to work flawlessly when kept up-to-date yet we're still at the point where you may need half a dozen anti-spyware programs to clean up an ordinary windows box? What is it about spyware that makes it seemingly so difficult to shift? Oh, and why are people even recommending routinely using antispyware when it's so much easier, cheaper and cleaner to sort out the problems at the source and just get your security to a tolerable, spyware-proof level?
  • by MagicFab (7234) on Monday December 05, 2005 @11:29AM (#14185493) Homepage
    Could someone please explain to me what Spyware and viruses are ? I've been on Linux for 3 years and I forgot.
    • by Julian352 (108216) on Monday December 05, 2005 @12:36PM (#14186144)
      It's really annoying to me that all of the linux users keep on taking the holier-than-thou attitude to spyware. Spyware is not a virus and does not prolifirate on it's own. The vector of attack for spyware/adware is through the uneducated/uninterested user downloading his latest fun program. That means that as soon as those nice downloadable games will be available for Linux, the spyware will start coming out for Linux as well.
      It doesn't matter if you are running as admin or as the user, because for spyware the only thing that matters is your user behavior. Therefore if you install it as the user, it will still be able to show ads, replace your mozilla start page, do popups, etc. The only difference is that it will be per-user rather than machine-wide. For most people that wouldn't matter as they are a single user on that machine and the difference between having it be user-process or admin-process really isn't large. As it has been previously pointed out - the only thing that matters on a personal workstation is the user's data and you don't have to be an admin to have access to that. The only good thing could be the fact that removing it could be just a tad simpler, assuming that the software doesn't try to exploit some type of local-root exploits.

      The only reason Linux does not have that problem at this time is that there isn't a market for the spyware industry in the Linux world. The current Linux users are less likely to download those type of programs and more likely to ensure that the programs only do what they are supposed to. As soon as there is a noticeble increase in the average usage of Linux, the spyware will start to develop their expertise in that area as well.
  • Amazing (Score:2, Troll)

    by HangingChad (677530)
    if you are truly to clean a machine out, you're going to need to use like three - five of these...

    And the wider body of MSFT users find this situation normal and acceptable? Just amazes me. Don't surf the internet with Windows! Keep a Linux machine with firefox around for browsing, email and chat. Don't leave the windows box connected to the internet for anything but updates and that behind a firewall.

    MSFT should offer a web safe version called Windows Unplugged.

  • by Anonymous Coward on Monday December 05, 2005 @11:32AM (#14185525)
    From the test results page:
    Clean machine accuracy and performance testing

            * Accuracy: Only Lavasoft and Spybot Search & Destroy picked up anything when instructed to scan a newly installed and patched version of Microsoft's Windows 2000 Professional. Both reported Alexa (adware) related items. The other seven applications in this test correctly reported no items.

    Sorry, but in my opinion, Alexa IS spyware (or can be if you use IE) and spyware detectors should find and at the very least warn you of its presence. From there it's up to the user to decide to keep it or junk it. Just because you have a fresh install from Microsoft doesn't mean it is clean. Microsoft is just as capable as anyone else of bundling crap with their software.
    • It would be pretty funny if the Alexa crap didn't come with Windows and actually infected the machine before they could run the tests. I don't recall Alexa being installed with Windows when I used Windows 2000.
  • Personally... (Score:2, Informative)

    by Capeman (589717)
    ...I use Lavasoft's Ad-Aware SE Professional [lavasoftusa.com] in combination with Spybot - Search & Destroy [safer-networking.org], they keep my PC spyware free.
  • by massysett (910130) on Monday December 05, 2005 @11:34AM (#14185553) Homepage
    Every time a story like this comes out, someone says "just switch to Linux or Mac. They don't have spyware." Then someone writes back "oh, that's just because they don't have marketshare."

    Hogwash. In Linux or Mac, you can accomplish all daily tasks as a user with limited privileges. This is often impossible in Windows. In Linux, you can easily choose to install software only from trusted sources (e.g. your distro's package repositories.) It comes with all needed apps. This is not true in Windows.

    Need more proof? See this [theregister.co.uk] from the Register.

    It's completely ignorant to say that Linux and Mac would be just as bad if they had more marketshare.

    • Certainly Linux and MacOS users would be more protected from remote exploits and other fun IE flaws. Yet trojans and phishers will still manage to infect Linux and MacOS peeps once the marketshare goes up. People will give their admin passwords to install the latest and greatest "screensavers" of Britney Spears. Hell, remember that they would give them up for a chocolate candy bar. So once the marketshares go up, you will see exploits go up sufficiently to require antispyware programs. Not as much as Window
    • by Sycraft-fu (314770) on Monday December 05, 2005 @12:38PM (#14186159)
      But how's that prevent spyware? Most of it would work just fine as unprivliged code, just spyware the current user, espically since the current user is usually the only user. Or just ask for admin. Competent admins often check to see why, normal users never do. I've actually heard a Mac user say "Odd, that shouldn't need admin" as they were typing in the password. Ot's just another hoop to jump through, it doesn't provide any real protection.

      Based off of how bad our clueless grad students get their Linux systems owned, I remain totally unconvinced alternate platforms offer any more inherant security. When it comes to protecting a user from themselves, there's not much you can do other than take away their administrative rights completely.
  • by phunster (701222) on Monday December 05, 2005 @11:46AM (#14185649)
    (Fair disclosure - I run Linux)

    I see that in a lot of the responses the knee jerk "blame Microsoft" response has come into play. If you buy a house without a lock on the front door and a thief comes in and steals something, he gets arrested. There may be a lot of eye-rolling at your stupidity for not installing a lock after you bought the house, but the fact remains that you didn't break the law, the thief did. In the case of spyware, it is the company that planted the spyware that should get the blame.
  • Pathetic review! (Score:4, Interesting)

    by OrangeDoor (936298) on Monday December 05, 2005 @12:07PM (#14185888) Journal
    They don't mention what they infected the computers with or whether they ran a full scan with ad-aware, which would find more things likely. They also value detection over ability to remove the infection, which is understandable but only mildly forgiveable.

    I can understand that they are looking at a corporate environment, but in a corporate environment with 150+ windows 2000 machines you'd think they'd have preventative measures in place and more security. I wouldn't let any user install anything on their machines and require going through IT to do it. Why spend all that money on spyware cleaning tools when it'd be more effective to setup a domain server.

    As for the home... in a home or small office environment the computers tend to get so infected that they call when they can't get online, their browser gets hijacked, or windows doesn't boot. Running each and every one of those scans isn't going to fix it or even detect the culprit. It will involve lots of manual work and ingenuity, but in that situation it's faster and and better just to backup and reformat.

    It's really not that hard to prevent infections nowadays, just need to be told what not to do. An anti-spyware program that will warn you of changes to startup items or new registry entries will NOT save you though. It might help but if you're doing stuff that constantly pop-ups warnings, it's inevitable you're going to get infected anyway.

    It annoys me to no end when they completely neglect prevention and instead go for treating the symptoms. It's irresponsible, it's ineffective, and it's just to sell products. And I'll stop myself from going on a further rant in my first Slashdot response.
  • It's free (as beer) and does a decent job (has plenty of manual ways to remove all sorts of IE nastiness) and pretty much annihilates anything when coupled with spybot. However saying that MSASW is good is like saying the fire extinguisher that was given for free with your brand new Ford pinto is good.
  • by zerofoo (262795) on Monday December 05, 2005 @12:50PM (#14186284)
    Time and time again I see people claiming that Windows REQUIRES admin permissions to be useful. I say baloney.

    At our bank we have over 200 users running many different types of software. Not one needs to be "administrator" - heck, no one even needs anything above "power user".

    Sure, some people will claim that in order to install software, and maintain the machine, you'll need admin permissions......but that is true on any system! Last time I checked, I needed to be root to install patches on my Linux machines.

    The bottom line is that most users (non-computer savy) want to be able to install anything they like...and they don't want to log out, and log back in as admin to do it. This is true of ANY platform - not just windows. It is a human behavioral thing - not a systems design thing.

    Some people will claim that "OS X prompts you for a root password when performing an install, you don't need to log out and log in". Sure, that's useful - but most of the OS X users i've seen blindly type in the root/admin password whenever the dialog box pops up. They never even read the box to see what is going on! Often times they ask if there is any way to get rid of that box.

    So, in summary, as long as users can install anything they want on their boxes, there will be a spyware problem. Windows, Linux, OS X, solaris - it does not matter.

    -ted
  • by Smallest (26153) on Monday December 05, 2005 @03:26PM (#14187718)
    We just discovered (last Friday, at 4:00pm of course) that "SpySweeper" is labelling one of our components (a general-purpose image processing library) as spyware. After a little digging, it turns out that a program called TrueActive Activity Monitor installs a file with the same name as our component.

    But, we can't tell if it actually *is* our component or if they just have a file with the same name (not very likely) - because our anti-virus and anti-spyware apps freak out when we open the TrueActive installer to see what their version of the file actually is. Either way, SpySweeper says our component is an "activity monitor" and this is freaking out both our customers and our customers' customers.

    We're talking with the people who write SpySweeper, to get this fixed, and they've been helpful so far. So hopefully, this will be resolved soon.

    (yes, this was posted on the 180-Solution article, too. i think it belongs here, more. apologies)

3500 Calories = 1 Food Pound

Working...