Antispyware Shootout 343
An anonymous reader writes "ZDNet has published a review of 8 antispyware products from Computer Associates, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Trend Micro and Webroot. Check out the Editor's Choice. Interesting winner ...." I've used quite a number of these scanners on and on & off basis, and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything.
The site might be experiencing tech. difficulties (Score:5, Funny)
Coral Cache... (Score:3, Interesting)
Karma whore, I know.....
I don't know why the changeover to CSS didn't include a little modification to the story submission script that automatically updates all story links to use Coral Cache. It really wouldn't be that hard, especially considering all of
Re:Coral Cache... (Score:3, Informative)
Requests for anything.nyud.net:8090/robots.txt returns:
User-Agent: * Disallow: /
I'm not sure what might be going on with Google.
Social Physics, really. (Score:5, Funny)
"Look Boss! It's about computer security! It's good that I'm reading this, right?"
(Funny joke, though)
Enough power (Score:5, Insightful)
Maybe some major fix in the operating system (as well as in the users' brain) could help a little bit.
Re:Enough power (Score:5, Funny)
Re:Enough power (Score:3, Funny)
Re:Enough power (Score:5, Funny)
Seven cores for the anti-spy programs, in their halls of ivory.
Nine cores for trojans, doomed to spam.
One core for the user, all alone.
One chip to run them all
One northbridge to bind them
One RAM to feed them all
And in the SMP array bind them.
In the land of Mobos where the shadows lie.
Re:Enough power (Score:3, Insightful)
I post this comment because I've been finding that, more and more, people complain to me of slower and slower systems. Well, the biggest problem is that people I've helped out are subscribing to up to five anti-virus programs at a time. You get great ti
Re:Enough power (Score:4, Informative)
Or VMWare. eMule runs nicely in VMWare. Create a master copy, clone it, and run eMule/BitTorrent/whatever on the clone. If the clone becomes fouled, delete it and reclone.
In my experience, serious P2P does not play well with other apps - it needs a dedicated box. It sucks up the network stack something foul (run eMule for a few days and then see how long netstat takes). However, if you have the RAM, you can run it in VMWare in the background quite nicely...I've had eMule charging away while playing F.E.A.R. with no noticeable performance hit to either (3Ghz HT, 2GB RAM).
Of course, if there was eMule for Linux...(no, don't tell me about amule...)
Spyware Warrior (Score:5, Informative)
Re:Spyware Warrior (Score:5, Informative)
Were they reviewing Spybot or not? (Score:4, Interesting)
Re:Were they reviewing Spybot or not? (Score:2)
No, for some ungodly reason they review SPybot, although it is mentioned.
Re:Were they reviewing Spybot or not? (Score:5, Informative)
Re:Were they reviewing Spybot or not? (Score:3, Insightful)
Enterprise vs. Personal Use (Score:5, Informative)
One Ring? (Score:4, Funny)
Apparently powerful, but deceptive and treacherous with a rootkit from the creator?
Re:One Ring? (Score:2)
Re:One Ring? (Score:2)
Free solutions (Score:5, Interesting)
Re:Free solutions (Score:5, Insightful)
Re:Free solutions (Score:5, Informative)
1. Kill all unfamiliar windows processes
2. Remove anything strange from the 'startup' folder
3. Go to "add/remove programs" and try to remove anything you don't need
4. Run Spybot S&D (my personal favorite too)
5. Run HijackThis (another excellent FREE tool for getting rid of browser helpers and other search redirection 'utilities', though it's not for the novice user)
6. Install Firefox, delete all shortcuts to IE.
I've done this to several computer-illiterate friends' and family computers, and they've been working spyware-free for quite some time. I ran into one really nasty search redirection on my brother's computer that the above steps didn't fix. It involved IE calling one specific DLL for a search, and it would reappear as another name if I tried to delete it. Somehow, it was running as a disguised Windows 2000 system process that I simply had to turn off which allowed me to manually delete all associated files.
Re:Free solutions (Score:3, Informative)
Worst-case Scenario:
1) Kill all unecessary processes manually (if able)
2) Run MSCONFIG and disable unecessary startup processes (if able)
3) Run Spybot S&D [safer-networking.org] (if able)
4) Run HijackThis [spywareinfo.com]
5) Install Avast! AV [avast.com] and updates, and schedule a boot-time scan (if able)
6) Uninstall/manually remov
Re:Free solutions (Score:2)
No matter how free spybot is, paying techs to install the app, keep it updated and scan PCs is a huge expense and a logistical nightmere.
You can't have users do it. Ideally, your users won't have admin rights, which makes it hard to remove spyware via any piece of software. Don't even get me started on the training issues.
Why is this necessary? (Score:3, Insightful)
It is NOT normal to have to do this.
Re:Why is this necessary? (Score:5, Interesting)
And then few OS'es out there will help if the user choose to install a spyware infested program and click "Yes" to install the whole thing. I mean, once a user run executable code with admin rights, what can the OS do?
One solution is of course to run in a more protected user mode where you're requested of admin rights when it has to do something to the system, and the upcoming version of Windows will do exactly this, and what *nix desktop managers have had for years.
However, when the user see "This application requires administrator rights", will he/she still just blindly fill in the requested info, click "yes", and get the spyware?
Re:Why is this necessary? (Score:3, Interesting)
Yah.. BUT even with existing Windows (Windows 2000 and XP), running as an underprivileged user does have many issues. There are still many applications on Windows that do not follow the security policy and attempt to write user data outside of their profile.
Re:Why is this necessary? (Score:4, Insightful)
Re:Why is this necessary? (Score:3, Informative)
Yep, I agree this is clearly a problem on Windows, and probably a big reason things look like they do today with spyware. However, one has to wonder whether it's Microsoft's fault or no
Re:Why is this necessary? (Score:3, Informative)
Nominate your favorite offenders! Tell your friends! If Threatcode.com catches on (she's a server guru, so maybe she can survive a slashdotting), maybe at least
Re:Why is this necessary? (Score:3, Interesting)
No. The average user will install software only if it involves clicking "Next" "Ok" or "Finish". Any weird questions about administrator rights will spark a call to son/brother/cousin/friend/12 year old who will know the right answers.
Re:Why is this necessary? (Score:2)
Well, I tried to do this -- and I am back to being an admin 100% of the time. The problem is stupid applications that REQUIRE admin access in order to work. Specifically, I had a problem with Winamp. It crashed unless ran as admin. This is very stupid,
Re:Why is this necessary? (Score:2)
Not that it's good that we have to do this, in any way.
Re:Why is this necessary? (Score:2, Insightful)
If you go to install some filesharing app, and you don't do some extremely thorough inspection of the installation procedure, you can get some spyware installed on your machine during the process no matter what the operating system is.
This isn't a Windows specific issue.
Re:Why is this necessary? (Score:2)
Until MS plugs the holes or other OS's become more widespread this will continue to be a Windows specific issue.
Re:Why is this necessary? (Score:2, Insightful)
If I were trying to write something insidious, I would target one of these platforms because no-one expects it
Re:Why is this necessary? (Score:2)
Why does it have to be magical? (Score:3, Insightful)
There is a certain myopia among technically-minded individuals that makes it seem that only a technical solution can solve a technical problem. This is not necessarily the case. Moving to a Unix-type system is the electronic equivalent of moving from a blighted inner-city ghetto to an upperclass suburban neighborhood. There's no technical reason why it should be any safer or cleaner--but it
Re:Why is this necessary? (Score:3, Insightful)
There's no magic - just good defaults.
Windows: most users run as administrator. Lots of software breaks if you don't.
OSX: root is disabled by default. Apps may request sudo rights of a user, to which a user has to enter his password and may review the (somewhat archanly named) right being asked for.
Linux: root is enabled by defauly. Installers insist you create a non-root user during installation and warn you to use it. All sofw
Re:Why is this necessary? (Score:2)
There would be more blackhats gunning for it, yes, but they'd have to make do with exploits:
As it is now, Windows is unusable unless your user is an administrator, so a virus only has to find a user ignorant enough to answer "Yes" to letting it run.
On *nix, even if the user runs the trojan, it can't infect the whole system unless it has privilege-
Re:Why is this necessary? (Score:3, Insightful)
Can you please explain how this is so? Linux has been around much longer than XP / 2k / 98, all of which are extremely vulnerable to Spyware / Malware / Viruses. Why has Linux, which has been available since 1991, along with all of the source code that makes it work, not had one spyware program written for it? I'm not trying to claim there has never been a virus or worm written for Linux, or *nixes in general.
Re:Even more interesting (Score:2)
Summary (Score:5, Informative)
Scenario 1: This larger (over 150 users) company is seeking dedicated anti-spyware. It needs a solution that can detect and clean up a range of malware on its machines.
Winner 1: Computer Associates eTrust Pest Patrol and Symantec Client Security. Once a network goes above 150 nodes the case for centralised management command and control capabilities becomes more important. CA wins here for its performance and ease of management, and Symantec for its accuracy.
Scenario 2: This smaller (less than 150 users) company is seeking dedicated anti-spyware. It is seeking a solution that can detect and clean up a range of malware on its machines.
Winner 2: PC Tools Spyware Doctor 3.0 for its ease of use, accuracy, and performance.
Editor's Choice: Symantec Client Security 3.0
It was neck and neck for the Editor's Choice Award between CA and Symantec. Had CA or even PC Tools detected more (they were both above average), they could have won, however, Symantec blitzed the field in detection which is really what you want. Note that this is at a trade-off to performance, and bear in mind that Symantec also includes antivirus, so your decision may come down to what virus scanning policy and system your business is already using.
Norton/Symantec (Score:2)
Sony (Score:5, Interesting)
$sys$ (Score:2)
How can you trust an infected machine? (Score:4, Insightful)
I would not trust any machine which is infected once, because there can be countless ways to hide an application once a hacker got in.
Re:How can you trust an infected machine? (Score:2)
How paranoid is paranoid enough?
Re:How can you trust an infected machine? (Score:2)
The second is by using the technique that sysinternals uses, which is to read the registry raw (not in the API) and parse it yourself, then find any references to files which mysteriously don't show up through the API. This doesn't remove the threat, but it does help identify it. The reason this works is that in order for a root kit to
Re:How can you trust an infected machine? (Score:2)
And the winner was... (Score:4, Funny)
this all getting to be too much (Score:2, Informative)
TFA is 15 pages (Score:3, Funny)
Re:TFA is 15 pages (Score:2)
I didn't read it either. My aging eyes just aren't up to reading black and blue text on a dark blue background! I gave up on the first page.
SpyAxe (Score:3, Funny)
Spoken like a true, like, 15 year old (Score:4, Funny)
Re:Spoken like a true, like, 15 year old (Score:2)
Re:Spoken like a true, like, 15 year old (Score:2)
They left out major players (Score:2, Interesting)
ZDNet's reviews are Fair and Balanced (Score:2)
The best anti-spyware measure is between your ears (Score:4, Funny)
What about performance? (Score:4, Interesting)
Only one way to be sure... (Score:2, Funny)
Actually, I only need one method to make sure that the machine is truly clean:
always in memory (Score:4, Interesting)
Even IF they offer the option to NOT load themselves at each startup, many still do load something anyway. Most dont even ask so that you have to disable 3 different services and 2 startup programs with cryptical names.
Otherwise you end up with all of these tools concurently trying to scan each file access / internet request, registry change etc.
You end up with all sort of interesting and unpredictable side effects, probably offering worse protection than each of them alone.
I've chosen Hitman Pro (Score:3, Informative)
Hitman Pro is a meta-tool, an aggregate of 10 antispyware tools that automagically downloads and runs these tools with as little fuss as possible. Unfortunately the whole page is in Dutch, but the Download button is quite visible, and the software itself may be run with an English interface (self-explanatory).
A (rather outdated) manual can be found at http://xthost.info/hitmanual/ [xthost.info]. Enjoy!
Re:I've chosen Hitman Pro (Score:2)
Hrm; isn't that how this problem started in the first place?
Re:I've chosen Hitman Pro (Score:2)
The world being as it is, I'd rather have a piece of software that runs a thorough, multi-tool search for most known threats and removes them without requiring user interaction. And as a short-term solution it beats
We've beaten viruses but not spyware? (Score:2, Insightful)
What is spyware ? (Score:5, Funny)
Re:What is spyware ? (Score:5, Insightful)
It doesn't matter if you are running as admin or as the user, because for spyware the only thing that matters is your user behavior. Therefore if you install it as the user, it will still be able to show ads, replace your mozilla start page, do popups, etc. The only difference is that it will be per-user rather than machine-wide. For most people that wouldn't matter as they are a single user on that machine and the difference between having it be user-process or admin-process really isn't large. As it has been previously pointed out - the only thing that matters on a personal workstation is the user's data and you don't have to be an admin to have access to that. The only good thing could be the fact that removing it could be just a tad simpler, assuming that the software doesn't try to exploit some type of local-root exploits.
The only reason Linux does not have that problem at this time is that there isn't a market for the spyware industry in the Linux world. The current Linux users are less likely to download those type of programs and more likely to ensure that the programs only do what they are supposed to. As soon as there is a noticeble increase in the average usage of Linux, the spyware will start to develop their expertise in that area as well.
Amazing (Score:2, Troll)
And the wider body of MSFT users find this situation normal and acceptable? Just amazes me. Don't surf the internet with Windows! Keep a Linux machine with firefox around for browsing, email and chat. Don't leave the windows box connected to the internet for anything but updates and that behind a firewall.
MSFT should offer a web safe version called Windows Unplugged.
Most telling part of the article... (Score:5, Interesting)
Clean machine accuracy and performance testing
* Accuracy: Only Lavasoft and Spybot Search & Destroy picked up anything when instructed to scan a newly installed and patched version of Microsoft's Windows 2000 Professional. Both reported Alexa (adware) related items. The other seven applications in this test correctly reported no items.
Sorry, but in my opinion, Alexa IS spyware (or can be if you use IE) and spyware detectors should find and at the very least warn you of its presence. From there it's up to the user to decide to keep it or junk it. Just because you have a fresh install from Microsoft doesn't mean it is clean. Microsoft is just as capable as anyone else of bundling crap with their software.
Re:Most telling part of the article... (Score:2, Interesting)
Personally... (Score:2, Informative)
Immunity of Linux/Mac NOT due to low marketshare. (Score:5, Insightful)
Hogwash. In Linux or Mac, you can accomplish all daily tasks as a user with limited privileges. This is often impossible in Windows. In Linux, you can easily choose to install software only from trusted sources (e.g. your distro's package repositories.) It comes with all needed apps. This is not true in Windows.
Need more proof? See this [theregister.co.uk] from the Register.
It's completely ignorant to say that Linux and Mac would be just as bad if they had more marketshare.
Re:Immunity of Linux/Mac NOT due to low marketshar (Score:3, Insightful)
Re:Immunity of Linux/Mac NOT due to low marketshar (Score:4, Insightful)
Based off of how bad our clueless grad students get their Linux systems owned, I remain totally unconvinced alternate platforms offer any more inherant security. When it comes to protecting a user from themselves, there's not much you can do other than take away their administrative rights completely.
Let's Put the Blame Where it Belongs (Score:3, Insightful)
I see that in a lot of the responses the knee jerk "blame Microsoft" response has come into play. If you buy a house without a lock on the front door and a thief comes in and steals something, he gets arrested. There may be a lot of eye-rolling at your stupidity for not installing a lock after you bought the house, but the fact remains that you didn't break the law, the thief did. In the case of spyware, it is the company that planted the spyware that should get the blame.
Re:Let's Put the Blame Where it Belongs (Score:2)
Pathetic review! (Score:4, Interesting)
I can understand that they are looking at a corporate environment, but in a corporate environment with 150+ windows 2000 machines you'd think they'd have preventative measures in place and more security. I wouldn't let any user install anything on their machines and require going through IT to do it. Why spend all that money on spyware cleaning tools when it'd be more effective to setup a domain server.
As for the home... in a home or small office environment the computers tend to get so infected that they call when they can't get online, their browser gets hijacked, or windows doesn't boot. Running each and every one of those scans isn't going to fix it or even detect the culprit. It will involve lots of manual work and ingenuity, but in that situation it's faster and and better just to backup and reformat.
It's really not that hard to prevent infections nowadays, just need to be told what not to do. An anti-spyware program that will warn you of changes to startup items or new registry entries will NOT save you though. It might help but if you're doing stuff that constantly pop-ups warnings, it's inevitable you're going to get infected anyway.
It annoys me to no end when they completely neglect prevention and instead go for treating the symptoms. It's irresponsible, it's ineffective, and it's just to sell products. And I'll stop myself from going on a further rant in my first Slashdot response.
Microsoft antispyware (Score:2)
Comment removed (Score:3, Insightful)
False-positives (Score:3)
But, we can't tell if it actually *is* our component or if they just have a file with the same name (not very likely) - because our anti-virus and anti-spyware apps freak out when we open the TrueActive installer to see what their version of the file actually is. Either way, SpySweeper says our component is an "activity monitor" and this is freaking out both our customers and our customers' customers.
We're talking with the people who write SpySweeper, to get this fixed, and they've been helpful so far. So hopefully, this will be resolved soon.
(yes, this was posted on the 180-Solution article, too. i think it belongs here, more. apologies)
Re:Prevention or cure? (Score:3, Interesting)
How about learning to operate a computer first? Most of these users with spyware problem stem from being computer illiterate. I don't get any spyware on my machine but I don't open anything that says "Click Here for Free Smiles", I use Firefox read the EULAs on anything I install and at least make smart decisions instead of installing anything I see without any problems. You wouldn't go driving a car without some proper maintance or you would
Re:Prevention or cure? (Score:3, Insightful)
How about learning to operate a computer first? Most of these users with spyware problem stem from being computer illiterate.
I disagree for the most part. Users should not have to be computer experts to use them. There should be no link in an e-mail message or web site that will install spyware without any more user intervention. Software should be properly restricted by default, from access to your files, the internet, and the core OS. When I'm listening to the radio and I hear an ad for a new station
Re:Hear, hear! (Score:2)
Re:Prevention or cure? (Score:4, Insightful)
Re:Prevention or cure? (Score:3, Insightful)
First, installing and maintaining a Linux box is much easier than Windows. Try Ubuntu, for example, complete install with latest patches in less than an hour versus the 6+ hour install last time I had to reinstall Windows due to spyware corruption (Windows install, SP installs, patch updates, application installation - MS Office plus patches... don't forget to install and configure firewall and anti-virus).
Second, Linux was designed from the ground up as a
Re:Prevention or cure? (Score:2)
Re:the referenced link is in australia (Score:2)
-Jesse
Re:the referenced link is in australia (Score:2)
Re:A failed approach (Score:2)
You are 100% correct, technically. The problem is human nature. People are unwilling to accept any additional effort in their everyday computing. They just use their computers until they become too slow or are otherwise malfunctioning, and then want them fixed.
You and I do not get infected anyway. Expecting the typical user to white-list programs, together with what they are allowed to do (often needing to pick up the phone and ask) is, unfortunately, unr
How else do you deal with infections? (Score:2)
The problem is, if someone wants to try a new program they got off the internet, once the spyware is installed and they realized what happened, they need a way to get the crap off their computer - but most of it provides
Re:How else do you deal with infections? (Score:2)
The problem is, if someone wants to try a new program they got off the internet, once the spyware is installed and they realized what happened, they need a way to get the crap off their computer - but most of it provides you no good way to remove it. This is where these spyware scanners are handy - they provide, essentially, an uninstaller for the spyware crap you want to get rid of.
Your solution, however, is flawed in the long-term. When spyware installs with the same privileges as spyware scanners, it
Re:What the hell?! (Score:2)
Re:Oh my god another LOTR joke (Score:2, Insightful)
Tolkien's ghost has passed beyond the Circles of the World. All that's in his grave are some bones.
Such is the fate of Mortal Men; their fea are not naturally bound to the Earth like those of the Eldar. Exceptions have been observed only in strange and extreme cases usually involving corrupt magic, such as the Nazgul, the Barrow-wights and the Army of the Dead.
typo (Score:5, Funny)
You misspelled "spyware."
Re:Wake up call for Microsoft (Score:2)
So it all comes down to plain disrespect for their clients, other software houses do their best to plug any security hole, MS buys a antispyware program instead. Why? because they see opertunity wrecking
Re:install an anti virus as well as anti spyware? (Score:3, Interesting)
Symantec Antivirus 10 [symantec.com] which is coming out soon integrates spyware/adware detection and removal with their standard AV client.