Somewhat Off Topic- Recommendation for Malware Detection

SpywareBlaster

SpywareGuard SpywareTerminator SuperAntispyware SpywareDoctor (Free version from Google Pack) AVGAntispyware (Free Version) Many of these have a 'Pay' version which offer more options- like real time protection. Check them out and decide which you like best. HTH

Bud

Comparison against baseline.

Complete reinstall. What else?

Did you intend to pay for something such trivial?

Just listed some without comment and forgot an old favorite of many. I'll say more that might help you in making a decision..or not. LOL! Comodo's BOClean which is touted to be good re: trojans and gets many good reviews. It does lack on-demand scanning and real time protection but is said to just lay there and go into action to stop a Trojan from running if one is downloaded.

FWIW I also have the old versions of AdAware, The Cleaner and Spybot. The Cleaner stopped all support and updates for this version in December and AdAware can be updated only by a bit of run-around. I have not been impressed by what I've seen or heard about the new versions and to get the options that were available in the old versions now costs money. I'll probably uninstall them soon. I'm using the pay version of AVGAnti-spyware. The renewal for 2 years was less than $20 and it get's good reviews and coverage. Easy to use also. The free version of SpywareDoctor has found things the others have missed and I'm considering getting the pay-for version of it also. In any case unless you're really hard up for disk space I'd get and install Spywareblaster, SpywareGuard and BOClean. They lack some features but take up little resource and just kinda lay there if needed. I've used both SpywareTerminator and SuperAntispyware and can't really tell much difference. They are both free so try/use them both. That's my take on some of these proggys so hope that additional info helped.

Bud

yes, user education !

explain to your clients that the windows software world is filled with trialware, crapware, nagware that will try to conquer your desktop by any means necessary, and because of this

they should only use approved software and if they want new software that does a specific task they should ask the administrators for suggestions instead of installing a bunch of unknown tools, that surfaced after their first hasty google query.

True. It is only an on-access scanner.

Um, on-access (real-time) protection is what it DOES provide.

There are few database updates to BOClean anymore. Even the author admits that the heuristics are antiquated. Don't expect it to find many trojans anymore when compared to even the freebie anti-virus scanners available now. If you visit the Comodo forums (which acquired BOClean), it hasn't been updated in years and is not considered adequate or even feasible anti-trojan protection anymore. Comodo does intend to include portions of BOClean's algorithms into version 3 of their free anti-virus program. Alas, version 2 of Comodo's anti-virus program has less than 45% coverage of known pests (i.e., it is a very poor AV program) and has remained in beta status throughouts its existence (so Comodo can divert any indepedent testing of their AV program under the guise of "its still beta"). Version 2 will always remain beta until version 3 comes out (that will include HIPS); however, if version 3 remains beta for more than a couple months then figure it will suffer the same fate as version 2 and be low in coverage and discarded as a viable free AV alternative.

Never used Cleaner. Although I still have Ad-Aware (free) and Spybot S&D installed, I don't consider these as top-notch detectors anymore. I use them like you use caulk around a window: doesn't block the major problem but might fill in the holes. They're free and I do NOT run them as on-access scanner but only as on-demand scanners.

This product used to be called ewido. Then Grisoft (under their AVG product family brand) grabbed it and renamed it. It's good. Although you download the trial version, it becomes a free version after the

30-day trial. That is, it does not fully cripple itself after the trial period but instead just disables the on-access scanner, so it is still a viable on-demand scanner. Grisoft also has their AntiRootkit (also free).

While I still use SpywareBlaster to add AX disable registry keys for known malware along with their bad sites list that gets added to the Restricted Sites zone which, unlike a hosts file, still lets you visit the site but neuters it, I wouldn't bother with SpywareGuard anymore. Its algorithms are very antiquated. Even Microsoft's Windows Defender is better (but not for pest coverage and instead as a monitor to check with system changes are made). There hasn't been a database update for SpywareGuard since 1/22/2004. You expect a security product with

4 year-old signatures to find any pests that you encounter today? Dump SpywareGuard as it won't protect you. Signatures are too old. Heuristic algorithms are even more ancient.

Oh, and when trialing an anti-spyware product, you might want to check how much memory it eats up. PC Tools Spyware Doctor eats up about

36MB but can occasionally jump up to over 150MB (even with you doing nothing in its GUI).

There are some system protections in Spyware Doctor that duplicate what Windows Defender and other security suites will protect. Duplication means duplicate prompts regarding the same detected change. However, many of these protections (under OnGuard) are disabled in the free version of Spyware Doctor. Browser Guard, Network Guard, Process Guard, and Startup Guard are all disabled and you cannot enable them in the free version. So to have those system-level protections, you WILL need to get something in addition to the free version of Spyware Doctor. Considering that all but one (File Guard) is disabled in the free version, Spyware Doctor consumes too much memory.

Spyware Doctor is useful but understand that it is lureware trying to get you to "upgrade" (i.e., PAY) for the full version. Considering that almost all the "guard" protections are disabled, I would normally suggest to just leave their OnGuard function disabled and use Spyware Doctor as an on-demand scanner; however, disabling OnGuard does little to return the memory that Spyware Doctor consumes. 35MB is way too memory to consume for a security program that is only ran as an on-demand scanner (i.e., when you are not running the on-demand scan, the product should not consume ANY memory!).

Unless you are buying the full (paid) version or you are willing to have a bunch of disabled "guards" consume memory then I'd suggest not bothering to use Spyware Doctor.

You might want to read the license agreement presented during installation regarding their Crawler "services", and read their privacy "policy" at

Crawler is the author of Spyware Terminator, and who really want you to use their search toolbar so they can collect the ad revenue through the redirects and ads in their search results. Crawler "services" collect personally identifiable information about you. I don't know if uninstalling the Crawler Toolbar (they called it opting out) gets rid of all Crawler processes or behavior.

The original author of this product is a self-professed spyware author. That is, he used to write the spyware that now he writes a product to detect, similar to a thief that becomes a security consultant. So he gained his experience to write the anti-malware by first infecting users hosts with malware. Do you trust a convert (who could convert back again and do so rather easily considering the tool that you allowing him to install on your host)? At one time, Spyware Warrior listed this as rogueware

but eventually removed it when it was less offensive; see (there is another same-named product and which is still listed as rogueware).

Seems like the stuff that you are trying to get rid of using this tool is included with this tool. This type of bundling with crapware is not rare, especially with "free" software, but they should be polite in letting you choose NOT to include the bloatware *during* the install. During the install, you can deselect to install the "Web Security Guard Toolbar". This is their way of hiding that it is the Crawler toolbar. Later you get to choose to NOT participate with their Spyware Central to send information when new (unknown) spyware shows up on your host, but if it is new and unknown then their program won't know about it. Anti-spyware software is just as prone to zero-day attack as are anti-virus software. After installing Spyware Terminator, and even if you deselect using the Crawler toolbar and sending info about unknown programs to them, you might want to visit the Settings in the program to further restrict what info gets sent to them.

Besides other Crawler bloatware, they also bundle in Clam AntiVirus. Pest coverage is poor (ClamAV at only 48%), worse than Comodo's poor AV product (53%), when compared to other freebie AV products (Avira, Avast, AVG). Don't bother with installing Clam AV.

Personally, I stay away from Crawler's Spyware Terminator. It is still too tarnished for my taste based on its past, the company that proliferates it, and the bundled fluff included with it.

I did not enable the Crawler toolbar and was somewhat disappointed in it's appearance in a recent update. Mat rethink my use of it in th future. You are quite right in holding it in suspicion.

Bud

Do I understand that during the install of Spyware Terminator that you deselected installing their toolbar but that a later "update" from them shoved it into your host? Yikes. This illustrates the power that all these security programs can exercise over your host that you trust with your host. This shows that Crawler is NOT trustworthy. With this capability ready on your host, they can install anything they want and have proven that they will do so.

isn't that the exact definition of spyware: eg software that spies on its users and sends sensitive personal information about them back to their creators.

No, I'm sorry about the misunderstanding. When I first installed SpywareTerminator the 'Security Guard database' with the Crawler toolbar was not present but was included in an update to be installed if you clicked on it. After reading the terms of it I decided to forgo the 'Security Guard'. ;-) It was a sneaky presentation however with suggestions of internet protection.

Bud

Oh, I see. Much like those installs or updates that try to sneak in the Google or Yahoo toolbars.

Tis part of their Crawler toolbar which has you do web searches through THEIR search engine. That way, as with Google, they can present ads on their search result pages and collect ad revenue. As with Google, they can and will record your searches (which can be subpoenaed and used in court). Whether they give a gnat's fart about you personally is probably insigificant but as part of their mechanism to tailor their advertising. Supposedly if you elect NOT to install their toolbar (which they try to hide during the install by calling it something like Web Guard knowing it will lure users into including it in the install) then no info is collected on you.

They provided you with a free utility, where "free" is defined by their marketing group. You have motive in not having to empty your wallet to get the utility. They have motive in generating ad revenue or to hook a lure in your mouth for their commercialware. It's not necessarily a bad tradeoff as long as the cost is actually realized by both parties, and that includes you as the user of their product, and as long as the actual costs are not hidden. Those costs are not revealed when you read their description of their product on their web page. Not until you read the license agreement, something rare few users do, especially for "free" stuff, do you realize there could be a cost.

I wouldn't have as much concern regarding their product if they were upfront in describing its intent (from their perspective). However, they know there are lots of users, like me, that won't bother with adware no matter whether the ads be in my face or hidden in the use of their product. If you dig, you'll find the cost of their free stuff but they're hoping the majority of their users never do the digging. How many users actually read the license, privacy policies, terms of use, and other conditions regarding a product? Well, how many have actually read the warranty that is in the manual that came with their laundry washing machine or television?

Oh, forgot to mention, PC Tools Spyware Doctor will NOT fix any problems that it detects. It won't even delete tracking cookies. When you attempt to "Fix" the detected pests, a window pops open telling you that you have to *BUY* their commercial version. That means Spyware Doctor is lureware, and bad lureware since not only do they have you upgrade to get missing features from the crippled version but they also require you to upgrade to do anything about any detections they claim as pests. This is lureware that degenerates into trashware (the trashbin is where this crap belongs).

Well, how should it?

Tracking cookies don't exist.

So you run anti-virus, anti-spyware, anti-malware or other security products for what purpose? Just to alert you to a pest but then you choose to go manually trying to eradicate the pest yourself without any knowledge of even how the security product decided you had the pest? Well, enjoy doing all the work yourself.

You don't understand the concept of cookies? You don't understand that they can be used for tracking? You don't understand that they are just .txt files and aren't themselves spyware but almost all anti-spyware programs like to pretend they are so they have

*something* to report to the user of those products to make them look like they are doing *something*?

Junk filtering and intrusion detection.

Indeed.

Flattening and rebuilding doesn't require any special knowledge.

Of course the first step is to verify the alert.

You're talking as if there was any alternative.

No, you don't.

I do understand that they can't be used for tracking on any sane browser configuration, and especially that the usage of the DOMAIN attribute doesn't make it intended for tracking.

Obviously I do understand this.

Did you learn more thn you cared to know? ;-) This is my last post:

FWIW Spyware Doctor (free) does remove stuff for me. And note that Spyware Terminator does have real time protection and with that I wish you good fortune. Live long and prosper. ,\\\\ // LOL!

Bud

Strange give sweets to little children for free. And sometimes you're really lucky since they actualy had both good intends and clean sweeties. It's still a stupid idea.

Is this as in "I wish you all luck. You'll need it!"?