Antispyware Shootout 343
An anonymous reader writes "ZDNet has published a review of 8 antispyware products from Computer Associates, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Trend Micro and Webroot. Check out the Editor's Choice. Interesting winner ...." I've used quite a number of these scanners on and on & off basis, and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything.
Spyware Warrior (Score:5, Informative)
Enterprise vs. Personal Use (Score:5, Informative)
Summary (Score:5, Informative)
Scenario 1: This larger (over 150 users) company is seeking dedicated anti-spyware. It needs a solution that can detect and clean up a range of malware on its machines.
Winner 1: Computer Associates eTrust Pest Patrol and Symantec Client Security. Once a network goes above 150 nodes the case for centralised management command and control capabilities becomes more important. CA wins here for its performance and ease of management, and Symantec for its accuracy.
Scenario 2: This smaller (less than 150 users) company is seeking dedicated anti-spyware. It is seeking a solution that can detect and clean up a range of malware on its machines.
Winner 2: PC Tools Spyware Doctor 3.0 for its ease of use, accuracy, and performance.
Editor's Choice: Symantec Client Security 3.0
It was neck and neck for the Editor's Choice Award between CA and Symantec. Had CA or even PC Tools detected more (they were both above average), they could have won, however, Symantec blitzed the field in detection which is really what you want. Note that this is at a trade-off to performance, and bear in mind that Symantec also includes antivirus, so your decision may come down to what virus scanning policy and system your business is already using.
this all getting to be too much (Score:2, Informative)
Re:Spyware Warrior (Score:5, Informative)
I've chosen Hitman Pro (Score:3, Informative)
Hitman Pro is a meta-tool, an aggregate of 10 antispyware tools that automagically downloads and runs these tools with as little fuss as possible. Unfortunately the whole page is in Dutch, but the Download button is quite visible, and the software itself may be run with an English interface (self-explanatory).
A (rather outdated) manual can be found at http://xthost.info/hitmanual/ [xthost.info]. Enjoy!
Personally... (Score:2, Informative)
Re:Free solutions (Score:5, Informative)
1. Kill all unfamiliar windows processes
2. Remove anything strange from the 'startup' folder
3. Go to "add/remove programs" and try to remove anything you don't need
4. Run Spybot S&D (my personal favorite too)
5. Run HijackThis (another excellent FREE tool for getting rid of browser helpers and other search redirection 'utilities', though it's not for the novice user)
6. Install Firefox, delete all shortcuts to IE.
I've done this to several computer-illiterate friends' and family computers, and they've been working spyware-free for quite some time. I ran into one really nasty search redirection on my brother's computer that the above steps didn't fix. It involved IE calling one specific DLL for a search, and it would reappear as another name if I tried to delete it. Somehow, it was running as a disguised Windows 2000 system process that I simply had to turn off which allowed me to manually delete all associated files.
Re:Enough power (Score:4, Informative)
Or VMWare. eMule runs nicely in VMWare. Create a master copy, clone it, and run eMule/BitTorrent/whatever on the clone. If the clone becomes fouled, delete it and reclone.
In my experience, serious P2P does not play well with other apps - it needs a dedicated box. It sucks up the network stack something foul (run eMule for a few days and then see how long netstat takes). However, if you have the RAM, you can run it in VMWare in the background quite nicely...I've had eMule charging away while playing F.E.A.R. with no noticeable performance hit to either (3Ghz HT, 2GB RAM).
Of course, if there was eMule for Linux...(no, don't tell me about amule...)
Re:Were they reviewing Spybot or not? (Score:5, Informative)
Re:Why is this necessary? (Score:3, Informative)
Yep, I agree this is clearly a problem on Windows, and probably a big reason things look like they do today with spyware. However, one has to wonder whether it's Microsoft's fault or not. There are the "current user" registry hive, there are the user profile (a la *nix "home directory") directory... It's maybe mostly because of Windows' poor heritage with lousy security mechanisms that have made developers sloppy. I.e. "we develop like for Windows 95 and it has worked for Admins for a decade, so lets ignore those 'other' accounts".
Re:Free solutions (Score:3, Informative)
Worst-case Scenario:
1) Kill all unecessary processes manually (if able)
2) Run MSCONFIG and disable unecessary startup processes (if able)
3) Run Spybot S&D [safer-networking.org] (if able)
4) Run HijackThis [spywareinfo.com]
5) Install Avast! AV [avast.com] and updates, and schedule a boot-time scan (if able)
6) Uninstall/manually remove unecessary applications
7) Reboot
8) Repeat all setps 1-6 which did not work the first time
9) Run Spybot S&D (again)
10) Install and configure Firefox [getfirefox.com] with Adblock extension.
11) Install and configure SpywareBlaster [javacoolsoftware.com]
12) Lock Down IE
13) Reboot
14) Manually clean up any remnants with the help of HijackThis
15) Install and configure Kerio PF [kerio.com]
It takes longer than is typically necessary of a simple cleanup, but so far I haven't run into anything that couldn't be fixed in such a manner. Most importantly however, it doesn't cost a dime. I keep both a USB flash drive and a CD on hand with all of the programs and updates I need as well as some other fallback programs (some pre-installed directly on the CD/flash drive), so if the infected machine is unable to connect for downloads/updates it won't slow me down. It also helps that IE is not needed when loading everything from the CD or flash drive.
Of all the machines I have used this on, only those of the incedibly stupid have had problems resurface, while most have run clean for a year or more. I use the same preventative measures on my own PC and have never picked up any spyware/malware.
Re:Coral Cache... (Score:3, Informative)
Requests for anything.nyud.net:8090/robots.txt returns:
User-Agent: * Disallow: /
I'm not sure what might be going on with Google.
Re:Free solutions (Score:2, Informative)
Re:What is spyware ? (Score:2, Informative)
The vector of attack for spyware/adware is through the uneducated/uninterested user downloading his latest fun program.
Unless it installs itself automatically through an ActiveX or a hole in IE, which many of them do. Certainly not all, and maybe not even a majority, but a significant number.
Therefore if you install it as the user, it will still be able to show ads, replace your mozilla start page, do popups, etc. The only difference is that it will be per-user rather than machine-wide. For most people that wouldn't matter as they are a single user on that machine and the difference between having it be user-process or admin-process really isn't large.
Except it becomes extremely easy to remove in comparison. "A tad simpler" doesn't begin to cover it:
As you mention, there is the potential for local root exploits (or local password-sniffing or -phishing), but it is easier for Joe User to keep his box updated with apt-get or the equivalent than to accurately judge whether each random game he downloads is legitimate or not.
I'm not pretending that Linux is immune, because as you say, users will download Weatherbug and enter their password without a second thought, if the pop-up box tells them they need to do that for the intallation. However, you can tell someone "don't enter your password except in apt [or equivalent]" and they will be pretty well protected on Linux, even if they have to give up a few badly-behaved 3rd party apps which won't install in user mode. There is no equivalent advice for Windows users.
Simpler solution for no spyware on Windows (Score:2, Informative)
-Process Explorer [sysinternals.com]
-Startup Control Panel [mlin.net]
-Startup Monitor [mlin.net]
And of course surf the web with Firefox or Opera.
Re:Why is this necessary? (Score:3, Informative)
Nominate your favorite offenders! Tell your friends! If Threatcode.com catches on (she's a server guru, so maybe she can survive a slashdotting), maybe at least a few companies will respond to the bad publicity.
I know, I've got a Pollyanna attitude, but I keep hoping...