T Nation

Your Favorite Anti-Spyware?


#1

I use spybot and ad-aware but both of them let me down because even if updated they couldn't get rid of an infection....

What do you use ?


#2

Eset NOD32 Antivirus
Zonealarm Pro Firewall
Ad-aware Pro for the occasional clean-up, in my experience it catches what others don't.

I never have any serious spyware problems.


#3

I too use Ad-aware as I have found it to be superior, but I use it in conjunction with Spyware Blaster and Spybot Search & Destroy. Between those three programs I have never had any problems.

I also occasionally use Housecall (which I will link below). With these four tools I have never paid for anti virus/malware and never had an infection. And I visit a lot of questionable sites. :slightly_smiling:

http://www.trendmicro-middleeast.com/housecall/v6.5/?=Check+my+PC+now


#4

A good online tool is also bitdefender, it's free.
I hate those that detect the infection but won't erase it unless you buy their product.


#5

Same here.

Pest patrol is good too, but the free version doesn't do removals (which are easy to do manually, with the info provided).

Programs to check for rootkits are necessary these days. Rootkit Revealer is good.

A very good site for AV and spyware info is
http://www.wilderssecurity.com/


#6

Ad-aware and SpybotS&D with a purchased AV(McAfee, I think) and personal firewall. Crank it all down, I do.


#7

My favorite is Microsoft's Safer API.

http://msdn2.microsoft.com/en-us/library/ms722422.aspx

Use it to create a small launching program that removes all administrator rights from an application. Then use that program to start any internet-facing application.

Let's you have the best of both worlds: You can log in and run as administrator, saving you the hassles of trying to install or even use some programs as a restricted user and let's you surf safely, preventing spyware from installing itself and/or modifying your registry.

Doesn't help you remove existing spyware. It prevents you from getting any.

The Safer API is only available on XP and up, so for Win2k and older, it won't work.

You can get an already compiled version (called "DropMyRights") here: http://www.pcworld.com/downloads/file/fid,64213-order,1-page,1/description.html although it comes in at a bloated 164kb, it does the job. (I use a console version that compiles at less than 2k).

To use it, you call it and pass it the path of the program you wish to run, like this:

c:>dropmyrights "c:\Program Files\Internet Explorer\iexplore.exe"

Or, for easier access, modify your shortcuts adding the "DropMyRight" utilities at the beginning of each line.

I suggest doing it for every program that connects to the internet. Browser, email, BitTorrent client, Newsgroup reader, IRC, you name it.

I've set up maybe 10 people like this in the past few years, and the only one who got spyware did so by downloading unsafe files (cracks and pirated games mostly) and manually running them.


#8

Pookie, that sounds good, but is kinda over my head :slightly_smiling: I'll have to look into it.

Not to hijack, but my computer seems to be infected with a virus or trojan, but all searches have not discovered it. I routinely run Spyware Doctor and it picks up a ton of stuff. I also have ZoneAlarm and McAfee Security Center.

It is running slower and slower, I can't open Outlook without restarting my machine (so I never close it anymore, just minimize it). Sometimes when I shut down I get messages to End Program for ctfmon.exe and/or ciceroulwndframe.

System Restore didn't help. Online searches suggest a trojan, but I'm not sure what to do. I'd love a magic wand to wave over my computer and make it fresh and clean again LOL


#9

Try Bitdefender online. It's pretty solid.
Also use RegCleaner, it cleans up the registry of your PC and removes all remains of old stuff you had. Very useful


#10

Certain infections are very difficult to get rid off from the running OS. They install themselves in the deep innards on Windows and get to decide what goes or not (these are often referred to as "rookits").

In the worst cases, you need to boot the computer from a CD and clean it from there (utilities like SysInternal's ERD can help here, but you'll still need someone who's knowledgeable enough about Windows to do the cleaning).

I haven't looked at recent anti-spyware/virus offerings, but if some of them offer "bootable from a CD" version of their software, that'd be your best bet. Maybe others more familiar with these products can chime in. Me, I tend to clean "by hand," but it's not practical to do over the 'net.

A quick google search gave me this:

http://www.pctools.com/aoss/

Which is apparently a new "bootable" anti-spyware product. Booting from the CD garantees that no infected code is running while you attempt to remove it.

I'm haven't tried it, nor have I read any review, so I don't know if it's any good. They have the right idea though. No trojan, virus or rootkit can defend itself from cleaning if it's not running.

They seem to indicate the the bootable part will clean the worst of the infections, allowing the regular anti-spyware (those that run in the infected system) to complete the clean-up with ease.

Might be worth a try.


#11

reformatware
windows re-installware
stayawyfrombanbros.latenightware


#12

LOL !!!! Funny....especially "stayawayfromPORNSITESware"
two thumbs up for Airtruth answer's!


#13

Just a quick update, I ran Housecall last night and it got a bunch of stuff and my computer seems to be running better. Not having that Outlook error problem anymore either! Thanks, beebuddy!

Pookie, thanks for the info :slight_smile:


#14

Another tip :
Always use a combination of two or more antispyware and two or more registry cleaners.
It's way more effective.


#15

A recent blog on this very topic:

http://www.codinghorror.com/blog/archives/000929.html


#16

Great thread guys. There seems to be a big virus spam campaign going on. Spam with a pdf file attached is being sent out by the billions. I get at least 200/day on my company general E mail account.


#17

There's a program called HiJackThis (HJT) that scans your system, gives a report, and there's experts who will look at the report to see what problem(s) may exist. There are several sites that provide this service for free. Wilder's Security Forum recommends (http://www.wilderssecurity.com/showthread.php?t=42148) several sites: CastleCops, SpywareInfo, Geeks to Go, Gladiator Security and TomCoyote.

Castle Cops is a good site. http://www.castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

They are pretty swamped with requests, so it can take some time. If you're interested, read the stickied posts to see their procedure.

They have a procedure for folks to use before they submit a HJT log http://wiki.castlecops.com/MRP

It has some steps and advice, that often solves the problem.

I didn't look at the other sites Wilder's recommends. Some may have a faster response time, or their own procedures for this stuff.

I saw that your computer is working better, but in case you need more help, you may wish to avail yourself of the above info.

Good luck!


#18

I got my laptop fixed at USC here at my university and had 3 spyware programs and they told me the programs will compete against one another and become ineffective at detecting and stoping threats, and that I should just have one spyware program. Can anyone verify this or prove it wrong?


#19

The problem is back, grrrrrr...

Nick, I will check that out, thanks!


#20

This is contrary to my understanding.

I've seen a few tests on the effectiveness of antispyware (sorry, I don't have links or remember where, but they were from reputable sources) that gave the most reliable programs (like adaware and spybot) in the range of 60-80% effectiveness (detection and removal). There are a number of different ways to measure effectiveness, so take those specific numbers with a grain of salt. The bottom line is that even the best antispyware programs aren't 100% effective.

Combining different programs increase effectiveness - one can catch what another misses.

Here's a link to a good thread "What is your security setup these days?" by generally knowledgable folks. Go to the last few pages for the most recent posts

http://www.wilderssecurity.com/showthread.php?t=111264

You'll see a lot of different opinions, but such is life... One common theme is that "defense in depth" is used (firewalls, several anti-spyware - both on demand and realtime, etc.).