Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Failing Grades For Most Anti-Spyware Tools

timothy posted more than 9 years ago | from the or-choose-a-safer-operating-system dept.

Security 517

serbach writes "Steve Gibson posted this link to a superb test of about two dozen top Anti-Spyware programs: Eric L. Howes conducted the test over a two-week period in October. The results surprised me: only 3 ASW programs had a 'batting average' of better than .500 when it came to eradicating the broad range of spyware in the test. Freeware star Spybot Search & Destroy came in a distant 7th with an average of only .376. The top three? Giant Anti-Spyware, Spy Sweeper, and Ad-Aware. These test results are well worth your time."

cancel ×


Sorry! There are no comments related to the filter you selected.

Ars Report (5, Informative)

cow_licker (172474) | more than 9 years ago | (#10896544)

Ars-technica also just did a review. Check it out. va l.ars

Re:Ars Report (1, Informative)

Anonymous Coward | more than 9 years ago | (#10896573)

Clickety []

none here (-1, Offtopic)

usernotfound (831691) | more than 9 years ago | (#10896545)

I dont use any, and have no problems. Never. And i fix other people's computers without them. When are people going to learn to be careful? I put firefox on a friends PC, along with adaware, and he still was screwed withtin 2 weeks. what is wrong with the general public???

Re:none here (4, Funny)

Anonymous Coward | more than 9 years ago | (#10896557)

I gonna get firefox and ad-aware asap. I also want to get screwed! No more than 2 weeks right?

I wonder what it is like...

Re:none here (1)

WishieTools (799483) | more than 9 years ago | (#10896596)

too right, and well, *I* don't ever go to p@rn sites or anything like that, oh no, but I suspect that a fair percentage of the posters here do, and any number of sites that *all* have ways of trying to get spyware onto your system. To the poster, *other* people *use* the internet, the "none here" poster clearly only views sites from a list of regulated safe sites. I might randomly trawl 500 sites a day looking for *something* or *nothing*, but in doing that I might hit on some interesting information that may lead me somewhere else. I'm not a monk, using the internet isn't a case of "Radioactive Material, approach with Caution", don't give us that Holier-Than-Thou cr@p about "when will people learn" (which pretty much equals, "nya nya, I'm better/smarter than you dum shmucks"). Fact : spyware is around, maybe not on large reputable sites, but when you trawl the internet, searching or messing around or *enjoying* the internet, then you will come across it ... obviouly not if you are the poster of this thread, who is Perfect, and may in fact be the Second Coming I suspect, but for other lesser *normal* mortals, it's there, so simple safe precautions make sense ... put suntan lotion before you go for a walk in Death Valley huh ... and use anti-virus / anti-spyware before you go on the internet ... simple sensible precaution ??

Re:none here (1, Funny)

Anonymous Coward | more than 9 years ago | (#10896562)

what is wrong with the general public???

The general public relies on Adaware's auto-execution ability and launches FireFox by clicking on the 'e' in their toolbar.

Re:none here (2, Interesting)

Anonymous Coward | more than 9 years ago | (#10896569)

What's your secret? I have Ad-aware, Spybot, SpywareGuard, Spyware Blaster, Zone Alarm on my main PC. I use Firefox. I hardly ever (to be honest) visit pr0n sites. I hardly ever do any P2P stuff. And occassionaly, I DO still find the odd malware on my PC.
Never is a loooong time. Even Sean Connery learned Never to Say Never Again.

Re:none here (2, Funny)

Anonymous Coward | more than 9 years ago | (#10896609)

What's your secret?

He has no secrets. I am currently logging in to his machine, if you call Windws 98 a machine. he can either pay me for real spy removal tools or I email his files to his mother.


Mr. Hacker

Re:none here (1)

leuk_he (194174) | more than 9 years ago | (#10896658)

scanners do not prevent the problems. They do only detect them. Note that some of them also detect cookies. cookies do not affect your system stabilyty but they can be used to track your surfing behaviour.

So the question is then: what spyware do you have and how did you get it.

Note also the diclaimer in the linked article. Some spyware is not detected because of the policy. spyware can be dived in category's spyware that is visibly installed (you know what you get when you install kazaa). To the search related (alexa what's related installed in internet explorer) to the hidden installs of activex applications/dailers.

I am mainly interested in spyware that (can) disrupt system stabily (hidden proxy's, resource hogging, improperly uninstall when related free application is deinstalled)

Re:none here (3, Interesting)

rale, the (659351) | more than 9 years ago | (#10896781)

I can concur with the grandparent. I have a windows box running xp, and use firefox and thunderbird. It lives behind NAT from my linux box, and I never see any spyware/malware crap.

I just ran Ad-Aware for the first time in a while (it told me my definition file was 109 days old), and it prompted me to go download an upgrade. Ironicly, it launched IE for this (firefox is definately set as default). Once it finished updating and running a full scan, it found 4 whole 'bad' things, which in this case were IE tracking cookies (, etc). 2 of those 4 had a creation date of today, meaning they were picked up in the process of downloading that adaware update...

Re:none here (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10896785)

I have Ad-aware, Spybot, SpywareGuard, Spyware Blaster, Zone Alarm on my main PC

Why not just encase your computer in concrete and then drop it on your head from a height of no less than 200ft? This will solve your overly paranoid computing experience in a flash.

Re:none here (5, Informative)

afd8856 (700296) | more than 9 years ago | (#10896570)

I've seen spyware targeted at firefox and java applets that would want me to install something I was not curious enough to see. Fortunately, I was always asked if I want to install (security mechanism in Java and Firefox). I think grandpa' will click ok on those boxes, without reading them first.

Re:none here (2, Insightful)

Lord Kano (13027) | more than 9 years ago | (#10896590)

I dont use any, and have no problems.

That's kind of the point. If spyware broke your computer immediately, you'd know it's there and would be able to remove it.

If you've never checked for spyware, it might be on your system.

You can declare that you know you don't have a disease because you were never tested for it.


Re:none here (3, Informative)

gtkuhn (823989) | more than 9 years ago | (#10896615)

I don't have spyware cuz I check processes for new things that pop up (XP Pro). I've had malware before and I reformat ASAP. Now, one nifty line of defense I use is a freeware program called Startup Monitor. []

Re:none here (2, Insightful)

Lord Kano (13027) | more than 9 years ago | (#10896626)

I don't have spyware cuz I check processes for new things that pop up (XP Pro).

What about programs that appropriate the names of legitimate windows processes? Or ones that take advantage of the shortcomings in the font used in the task manager to look like a legitimate process?


Re:none here (2, Informative)

gtkuhn (823989) | more than 9 years ago | (#10896662)

Ah! Then try Security Taskmanager instead of that crappy windows taskmanager. Sorry, it's not free, but has a trial period. [] Also, StartupManager (the free one that I can't recommend highly enough, see grandparent) catches stuff that tries to run at startup which is at least a valuable tipoff that something is wrong.

Re:none here (1)

RealityMogul (663835) | more than 9 years ago | (#10896788)

Personally I find that only granting read permission on the Run & RunOnce registry keys prevents a lot of problems, as if doesn't seem that any malware I've come across is smart enough to reset the permissions.

Re:none here (2, Insightful)

26199 (577806) | more than 9 years ago | (#10896594)

What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone.

Unfortunately that's a long way from the truth. But I think you should blame the engineers and computer scientists, not the end users.

Re:none here (1)

jeef_zula (807174) | more than 9 years ago | (#10896627)

you're definately on to something. another damaging policy happens here, at my university. all students live behind a draconian firewall their first year that lets nothing through. then when they leave they're dumber about security than when they started. isps and schools need to put more emphasis on the user to handle their own security. we don't let broken/dangerous cars on our roads. isps and schools shouldn't allow them on their networks.

Re:none here (4, Insightful)

rudy_wayne (414635) | more than 9 years ago | (#10896706)

What's wrong with the general public is they don't give a damn about computer security. Nor should they have to -- a computer is supposed to be a generic consumer product, usable by anyone. Unfortunately that's a long way from the truth. But I think you should blame the engineers and computer scientists, not the end users.
It's that attitude that's the problem. The computer IS NOT supposed to be a 'generic consumer product'. That's marketing bullshit. For years, companies that sell computers have been pushing the idea of the computer as an appliance. You don't need to know anything ... you just push a button ... just like your toaster.

User stupidity is still the number one security problem.

Re:none here (1)

26199 (577806) | more than 9 years ago | (#10896718)

Er... you have that backwards. I said that it's not actually like that. But the marketing departments claim it is, and it would all work better if it was. So it should be.

It's impossible to make everyone in the world an expert on computers, so you might as well give up complaining about it. It's also impossible to prevent people who aren't experts from using computers.

It's not impossible to make computers secure. It's a very hard problem, I admit -- it's much easier if you can rely on the users to know what's going on. But it's solvable, and that's what the industry needs to be working towards.

Nonsense. (2, Insightful)

brunes69 (86786) | more than 9 years ago | (#10896722)

A car is a generic end-user product as well. But if the engine catches on fire because the owner hasn't changed the oil in 12 months, despite the car manual prescribing a change every 5,000, documentation from the dealer saying the same, and red blinking light in the dashboard, no one blames the engineers. The exact same thing is true of sypware and viruses - it is a well known problem, the user's companies and ISPs tell them not to open the attachments, Windows XP even issues a warning prompt, but they do it anyway.

You can engineer many problems, but you can never engineer away human idiocy. There will always be some idiot who will find a way to kill themselves with a pair of dull safety scissors.

Re:none here (1)

KombuchaGuy (752406) | more than 9 years ago | (#10896765)

Perhaps, but it's not Levi's fault if I go out with my trouser zipper undone. People need to be educated about computers requiring security, much in the same way I was educated last week on the functions of a zipper.

Re:none here (3, Insightful)

dapendragon (832274) | more than 9 years ago | (#10896772)

Until engineers and computer scientists can make computers idiot proof, I don't see why we should consider computers a 'generic consumer product'. You need a license to drive a car, since the car is by no stretch of the imagination idiot proof. If you try driving a car in traffic without any sort of training you'll most likely end up hurting yourself and others.

Similarily, using a computer with a broadband connection to the Internet without at least some idea of how to make the computer secure (i.e. antivirus software/firewall) will most likely result in a computer infected with trojans and spyware, causing problems for the owner. What's worse, his computer will probably infect other computers as well.

Sometimes the concept of an "Internet license" similar to the driver's license actually seems like a good idea. A driver's license doesn't stop car accidents from happening, but a least you're keeping some of the worst morons off the road.

Re:none here (1)

DrSkwid (118965) | more than 9 years ago | (#10896610)

did you set firefox to be his default browser ?

otherwise clicking on links in email opens IE

installing is not enough

There are also products that use the HTML Active X control (such as EditPlus and WinAmp I think) thus by-passing your hard work.

Re:none here (2, Insightful)

bloodredsun (826017) | more than 9 years ago | (#10896640)

A decent browser, good av software and a patched os will protect you from most things but the reality is that most people will click on the okay button of the "Can I please install malware on your computer" dialogue box! Users are exposed to so many dialogue boxes during the day for puerile reasons, they become conditioned to mindlessly clicking on things to get to their destination. So that when one pops up for a decent reason, they click on the damn thing anyway. Non-techies out there have no idea of cyber-hygiene, which in todays environment is the equivalent of not using a condom while you bang crack ho's while mainlining H from a shared needle (almost)!

Re:none here (1)

goatan (673464) | more than 9 years ago | (#10896694)

Run some you might me supprised, my company firewall regularley blocks known spyware in websites like hotmail. Just because a site isn't seedy doesn't meen it won't contain spyware, hell i even found some that got installed by ubisoft when i used to play IL2-Sturmovik. Last ubisoft game i ever bought. I wouldn't be complacent if i were you.

Re:none here (1)

DigiShaman (671371) | more than 9 years ago | (#10896764)

I dont use any, and have no problems. Never. And i fix other people's computers without them.

Same here, I call it the ol Format/Reinstall process.

Personal experience with anti spyware tools (2, Insightful)

Phidoux (705500) | more than 9 years ago | (#10896554)

I've been using a few different anti spyware tools in parallel because it seems as if there isn't a single tool that can reliable remove all spyware.

Re:Personal experience with anti spyware tools (3, Informative)

catwh0re (540371) | more than 9 years ago | (#10896709)

In terms of spyware that runs on your system as a program, it's a good idea to write a list of the notorious Run directory in the windows registry, that way you can check your list to see if new spyware(and sometimes viruses) have been added. What you need to really do though is ensure that you don't end up deleting legitimate additions to this list, such as those added after installing applications.

It's interesting (4, Interesting)

Anonymous Coward | more than 9 years ago | (#10896556)

The attitude to directed advertising programs or "spyware" on Slashdot. Especially when you step outside the parochial echochamber that is Slashdot discourse and speak to people who actually use these programs. On the whole, they are actually happy to get these novelties for "free", like the funny little desktop buddy, or the search bar, weather report or stopwatch.

I used to work for one of the companies that distributed a "spyware" program through, and we had continual PR problems with being lumped in with the worst offenders of the spyware world. We didn't do drive by installations, or hide our intentions: we just traded our customers data for use of our program. What, exactly is wrong with that? Why is Slashdot pretending all of us are as bad as each other, as if in this, as with all fields, there isn't a spectrum of behaviour?? Even some linux users are bad, just look at the DDOS at I'm sure noone here would condone that behaviour.

(Posted anonymously, not interested in karma bonus.)

Re:It's interesting (3, Interesting)

destinedforgreatness (753788) | more than 9 years ago | (#10896588)

it's interesting that you've decided to go AC to mention you used to work for a company that wrote software that didn't conform to the beautiful utopia of "clean" OSS. I do not entirely agree that people who have Bonzi Buddy et al would be "actually happy" if they knew the inner workings. would you be happy with a car air freshener that reported which gas station you prefer?

Re:It's interesting (4, Insightful)

Anonymous Coward | more than 9 years ago | (#10896643)

no they are not 'happy' with all that crap. that's why the developers go to such extreme lengths to get make the damn things next to impossible to remove without dedicated removal tools (which even then, as we see in the article, often fail).

if your program had a smooth uninstall that actually did something, was called WarningNastyEvilSpyware.exe, flashed up a new warning everytime it ran that evil crappy spyware it installed, and clearly documented everything it did, then I guess it was ok (though you'd have to pay me to use it).
otherwise you were working for evil.

(and what made you think you'd get karma for admitting to writing spyware?)

Re:It's interesting (5, Interesting)

cheezemonkhai (638797) | more than 9 years ago | (#10896646)

Regardless, I don't see a problem with giving users the option to remove these things which trade their personal details.

  • Who actually reads all the agreement to use the software?
  • How many of them know their personal details are being sold?
  • How many people know what is actually being collected.
  • How many people got these "tools" from a random e-mail saying look this is cool?
I can hear what your saying, but I think the user is allowed the right to remove the spyware.
If the company doesn't want them to use the tool without the spyware then make it break without it and inform the user they removed the spyware which collects their details and would they like to reinstall it or remove the free "tool".

Sure some spyware is worse than others, but the user deserves the choice.

Re:It's interesting (0)

Anonymous Coward | more than 9 years ago | (#10896707)

Please provide your proof that Linux users were involved in the DDOS of

Re:It's interesting (2, Insightful)

RedBear (207369) | more than 9 years ago | (#10896727)

Ahem... Why are you pretending all /.ers are as bad as each other?

On the one hand, some /.ers do find it reasonable for spyware like yours to exist in the world, as long as it notifies the user clearly that they are selling personal information in exchange for the "free" use of this software. On the other hand even those folks will usually still class your software in the same category of the junk that unknowingly violates your privacy and bogs down your computer.

It's difficult for most people to come to the conclusion that there is such a thing as "good spyware" a.k.a. "direct advertising software", just because there are idiots in the world ready to willingly give up their rights to information privacy for money or free junk software goodies. In the end, users like that and software like yours simply chip away at our ability to keep our personal information private. Therefore all spyware is considered somewhat of a menace whether they are "legitimate" or not.

On the gripping hand, of course, if your software were really totally honest and straightforward about what it does, it wouldn't really fit the definition of "spyware", now would it? I don't know of any such software, but I will concede that it could exist. Personally I would still disapprove of it, but people have to make their own decisions about giving up their personal information.

The general public would probably give up lots of other rights in exchange for free stuff. That usually doesn't make it OK for them to do so, nor does it make it OK for someone to try to get them to do so. Even if it happens to be legal.

Re:It's interesting (1)

gtkuhn (823989) | more than 9 years ago | (#10896729)

I don't mean to flame, but did you get paid to post that?

Re:It's interesting (1)

FluffyPanda (821763) | more than 9 years ago | (#10896743)

>> Even some linux users are bad, just look at the DDOS at
>> I'm sure noone here would condone that behaviour.

Are you new here?

Re:It's interesting (5, Insightful)

Erik Hensema (12898) | more than 9 years ago | (#10896754)

  • spyware almost always hides its true intentions deeply into some EULA nobody reads
  • spyware usually is very hard to uninstall

Especially the last point is important. If my browser is infected with spyware, I simply want to go to controlpanel->software, select the program and uninstall it. Nearly always this is completely impossible. Lots of spyware nowadays actively combats uninstalling. And when software does that, it always is written by the Bad Guys.

Unfortunately you don't say what product your company was/is making, but I guess that was to be expected.

Re:It's interesting (0)

Anonymous Coward | more than 9 years ago | (#10896759)

Oh, don't think you're original in calling Slashdot an "echo chamber"!. Give credit where it's due:

Near the bottom [] of the page where it says:

"Who runs this noisy echo chamber? is owned by VA Software (nasdaq: LNUX - news - people ), a Linux vendor"

Re:It's interesting (5, Insightful)

asadsalm (647013) | more than 9 years ago | (#10896762)

Of course!

They would be really happy to install these free utilities and games. They really wouldn't care why their computer takes 30 minutes to start, and keeps crashing every so often, randomly. They wouldnt care, because they dont "know".

Its absolutely wrong to create awareness, since ignorance is bliss isn't it? For them, all they need to do when their computer becomes a constantly-rebooting over-sized paperweight is to call me and spend a day to have it "formatted".

I mean, c'mon, the funny-little-desktop-buddy is OK. All it does is reduce my computer to a 0.5 frame per second 1956 batch-processor.

Its funny how, when your bread comes from a shady source, that source becomes morally right. Like, for example, in my religion, interest based financial transactions are not allowed. The only people who say its ok are bankers!

Spyware (3, Informative)

cheezemonkhai (638797) | more than 9 years ago | (#10896559)

Well Spybot may not do great, but it certainly does enough to clean up a persons PC so it works again without crashing every 5 minute.

My reccomendation is firefox or mozilla or even opera if you prefer it.

I do however note that if you take a clean system and then visit, then run spybot etc you will find that there are little evils that appear on your system.

It now appears that the best option is to wave goodbye to MS if you can. Pick a nice linux distro (eg Ubuntu or whatever suits you) or even MacOS X and feel that little bit safer.

Re:Spyware (2, Interesting)

MoonFog (586818) | more than 9 years ago | (#10896576)

A lot of the spyware you get is just cookies from or something that registers what sites you visit etc. You're not safer from them on Linux than you are on Windows.As long as you accept cookies, they'll be there.

I just use Firefox's cookie handling. I disable cookies and choose to allow only certain sites to set cookies (such as gmail, online banking etc).

Re:Spyware (1)

cheezemonkhai (638797) | more than 9 years ago | (#10896597)

I find the really destructive stuff seems to play with the registry which is why I suggested an alternative OS.

Of course not running as Admin or Root helps for these as does not using IE.

WIth FIrefox I tend to allow the cookies, then blast them when I close the window. Makes browsing easier as some sites are persistantly annoying in the fact that they won't work without cookies enabled.

Re:Spyware (1)

MoonFog (586818) | more than 9 years ago | (#10896620)

I know, but I was talking only about spyware cookies. You're not safer on any other OS than Windows. The cookies don't care what privileges you have, it just registers your traffic. Deleting every cookie still requires you to log in to a forum (such as Slashdot) every time. Thus I enable cookies for Slashdot. If a site requires me to use cookies, I will look at what cookies it actually tries to set and perhaps allow it for this session. It comes down to a matter of preference how you like to handle cookies though.

Re:Spyware (1)

Artega VH (739847) | more than 9 years ago | (#10896697)

i used to get it to prompt me... but i just go so tired answering questions for every single cookie... often i'd spend as much time clicking Allow, Deny or Allow for session as i would reading a site.. so now i just let them all go thru and prune out the ones i don't like (and use adblock to stop me connecting to the really bad advertising sites)...

Also note that since i've moved to OS X i'd had to spend heaps less time messing around with this stuff.. i spend much more time maintaining my debian server :p

Re:Spyware (0)

Anonymous Coward | more than 9 years ago | (#10896633)

Funny, every six months or so, I install the latest various spyware searching tools, virus scanners, what-have-you and do a rather thorough sweeping and every time, it comes up absolutely clean and this particular machine in my home runs Windows, though I also have a few other OSes in the home as well.

Here's the trick: Don't run IE, keep updated, have a good NAT solution (which you should have regardless of OS), be aware of what services you have running (another big one, regardless of OS, as some distros require tuning in this regard, too), don't open strange email attachments (You may skip running Outlook, but that's no longer an issue.. I use TheBat!, myself). The rest really is being picky what you choose to install, such as weather reporting services that come 'bugged', which I'm sure likely will become a problem for other platforms in time if they see a market in it.

But, this is going to kill most people... Stop fucking downloading all those pirated programs off of P2P and various public trackers. Those are cesspools for repacks of releases and can include various little 'extras' that wind up with trashed machines. Same with some crack sites out there. I've sadly seen this happen to friends. This is one of those little 'gotchas!' people don't ever seem to mention, probably because they think those people deserve it, which I'm not going to debate.

Anyway, posting Anon since I'm sure anyone who displays any sort of competence running Windows will be shot down in flames here, regardless of whatever else I run.

Interesting... (2, Interesting)

Anonymous Coward | more than 9 years ago | (#10896565)

...though I would have liked to see how the pre-emptive SpywareBlaster [] changed the results...

Ad-Aware and HijackThis (4, Insightful)

krumms (613921) | more than 9 years ago | (#10896566)

I've always found a combination of Ad-Aware and HijackThis do an excellent job of keeping all things spyware under control. Ad-Aware for more frequent scans, and the odd hit of HijackThis when things seem screwy. Admittedly, I don't know how much spyware I actually miss but it seems to keep XP happy for most part :)

An even better combination (0)

Anonymous Coward | more than 9 years ago | (#10896675)

is "think before install something" and "don't use insecure browsers". Never ever got a single pice of spyware with that. Nor did my parents or my girlfriend, who are not really what you would call "experienced users". And it don't even need performance hungry scanners.

if you don't log and analyze traffic (3, Insightful)

Sai Babu (827212) | more than 9 years ago | (#10896574)

you never know where your internet connected peecee might be sending it's bytes.

hmmm why is that activity LED blinkin?

Is Windows fit for the internet? (4, Interesting)

Viol8 (599362) | more than 9 years ago | (#10896577)

This isn't a standard issue MS bashing troll but you do have to question whether given the ease at which programs (which is what spyware is) can install themselves on someone elses computer with little or no user intervention , Windows is fit to be allowed on the internet. If all windows systems were taken offline then almost all viruses and the like would disappear almost immediately along with spambots and other unpleasent creations of the black hat fraternity. I'm not pretending this is feasible but you have to wonder what the net would be like if only relatively secure OS's were allowed to use it.

Re:Is Windows fit for the internet? (4, Insightful)

Skyfire (43587) | more than 9 years ago | (#10896604)

As much as we like to say bad things about Windows' security here on /. (and I won't argue with the poor security of Windows), I don't really think that most spyware is a security issue. Most of the spyware that gets installed is installed hidden in amongst other downloaded programs, and the only warning that the user has might be one or two lines in the EULA, which no one bothers to read. I think that the real culprit behind spyware is the companies that play these dirty tricks, and also to some extent the users that blindly click every little button. I've learned to carefully look through the installer instructions on random programs that I download, and I very rarely have problems with spyware.

Re:Is Windows fit for the internet? (1)

Viol8 (599362) | more than 9 years ago | (#10896637)

I'm sure most spyware is nothing more than some greedy company wanting to find out what you like to buy and then send off the data to their warehouse to help in decision making or something similar. HOwever , these programs could do anything which is the worrying part. 99% of them may just be Gary Grocer trying to make some extra money , but 1% may have more nefarious intentions and thats the worrying part. Once you can install a program on someone elses machine without their knowledge you can do anything with that machine that the user permissions allow.

Gary Grocer, Billy Butcher... (4, Funny)

Dogtanian (588974) | more than 9 years ago | (#10896761)

HOwever , these programs could do anything which is the worrying part. 99% of them may just be Gary Grocer trying to make some extra money

I think you're underplaying the seriousness of Gary Grocer's nefarious activities. After all, he's an internationally-wanted credit card fraudster who is also notorious for using zombified PCs to send spam.... that's how he makes his "extra money". (Note: There is a reward for the capture of him and his money-laundering associate, Freddy Firefighter).

"These people are scum, " says Florida's Head of Anti-Fraud Investigations, Calvin Criminal.

"Damn right, " adds his colleague, Alvin Arsonist.

Re:Is Windows fit for the internet? (1)

DrSkwid (118965) | more than 9 years ago | (#10896617)

If you change the ecosystem new species will evolve to fill the niches.

Re:Is Windows fit for the internet? (5, Insightful)

Anonymous Coward | more than 9 years ago | (#10896651)

I'm not pretending this is feasible but you have to wonder what the net would be like if only relatively secure OS's were allowed to use it.

Windows is a relatively secure OS if you know how to run it. Unfortunately, most people who run it are dumbasses who install all programs they find and click YES to every prompt they see. If you run it with a decent firewall (whether that be software or hardware), antivirus software, and diligence then Windows won't give you any problems.

BTW I recommend Ad-Aware and Spybot: S&D for clearing out just about any crap if the spyware does somehow "install themselves" onto a system.

Ad-Aware Rules (2, Informative)

dreegle (443860) | more than 9 years ago | (#10896578)

If you can limp yourself to download it, I've found Ad-Aware does an outstanding job in most cases. But you must have the new (free) version to do any good, The rate of evolution of these beasts are high, and they apparently came up with a new engine for Ad-Aware SE, that I've seen fund hundreds of objects that Ad-Aware 6, a moment before with current updates, had missed.

Makes most machines usable again, and quickly.

No they aren't (0)

Anonymous Coward | more than 9 years ago | (#10896579)

> These test results are well worth your time.

Quite presumptuous of you to decide what my time is worth!

Anyway, since I use Linux and the only time I install software not via the package management, it's installed as a new generated user whose homedirectory is then killed with "userdel -r" - No, I never had a problem with spyware and probably won't in a long time to come. Ergo these tests are completely irrelevant to me.

More then one (1)

Shadow_139 (707786) | more than 9 years ago | (#10896582)

I find the only way is to install FireFox with adblock.
Remove the IE shortcut, and rename the firefox link and check the icon it the stupid E.
And had Spy-Bot,Adware and SpywareBlaster running but you still get "users" installing crap,.. e.g. screensavers,and crap.
I been admin here only a few months but when I can the network was in shit. And 99% on the systems had at least 1 smileyface or such search bar installed and riddled with other crap.
Only do a update and full scan on a system when a user really complans about the speed of there PC for over a week or more.....
"NIPPLES!! I HAVE NO NIPPLES!!!" -Happy Noodle Boy

My time is preciouss. (4, Funny)

Maljin Jolt (746064) | more than 9 years ago | (#10896585)

These test results are well worth your time.

No they are not. I already burned all Windows CDs in the fire. You wan't believe how much time I gained by doing this!

Re:My time is preciouss. (2, Funny)

BinLadenMyHero (688544) | more than 9 years ago | (#10896628)

My time is preciouss.

And you're not only reading, but also posting in slashdot.
Riiiiiiiight.... :)

someone will flame me but... (1)

nilbog (732352) | more than 9 years ago | (#10896593)

top three anti spyware programs: 1. osX 2. Linux 3. commodore64

Re:someone will flame me but... (0)

Anonymous Coward | more than 9 years ago | (#10896719)

Yes they will.

The only reason there is no spyware for lunix + co is because the ad revenue generated by spyware for lunix is tiny as hardly any people use it compared to windoze. Not because its a better OS.

(Mod for truth)

Mac + Firefox = ok? (1)

chroot_james (833654) | more than 9 years ago | (#10896598)

I use a mac and firefox. As far as I know, I haven't had any problems. Does anyone bother to make spyware for mac's? Does Java's sandboxing make it hard to write platform-independent spyware?

Re:Mac + Firefox = ok? (2, Informative)

random_culchie (759439) | more than 9 years ago | (#10896735)

Yes it does. Since the applet only runs within the context of a given page makes it spyware unfriendly. Spyware generally sits in the backround gathering information on what you do. Since applets are limited to one page this eliminates spyware possiblities. An applet can only communicate with the server it originated from also. (Unless you click those grant permission things) This also makes it difficult send information to spyware hq. Generally applets have little if any information about the page they reside on.

Re:Mac + Firefox = ok? (1)

chroot_james (833654) | more than 9 years ago | (#10896756)

I wasn't referring to applets. I can't imagine anyone would write spyware as an applet...

Re:Mac + Firefox = ok? (1)

random_culchie (759439) | more than 9 years ago | (#10896769)

Ordinary Java apps arn't sandboxed. They run with full privilages. Sandboxing only makes sense with applets.

I never rated S&D (1)

PhilHibbs (4537) | more than 9 years ago | (#10896599)

I've been an Ad-Aware user ever since I discovered spyware. SS&D was always over-zealous and broke too many legit applications for my liking.

And if they fail... (5, Informative)

Tuxedo Jack (648130) | more than 9 years ago | (#10896603)

That's what SpywareInfo's for. []

It's arguable that they're the biggest antispyware site out there, and if nothing else, they can get the CoolWebSearch strains that even Ad-Aware and Spybot can't get (real-yellow-pages, linklist, et cetera).

(Disclaimer: I'm a Trusted Advisor there.)

Spybot S&D.. (1)

Henk Poley (308046) | more than 9 years ago | (#10896605)

Spybot Search & Destroy is more preventive, as far as I know Ad-Aware doesn't do preventive measures like blocking (kill bit) of known bad ActiveX controls.

I don't get it (1)

value_added (719364) | more than 9 years ago | (#10896606)

Really, I don't. Can some explain what exactly these "tools" do?

Perhaps I'm in a rare position and have been lucky to be immune from such troubles, but it seems to me that checking startup items, managing what's running on your system (exe's, services, etc.) is fairly routine stuff. And if there is a problem, deleting a file, making a simple regedit, etc. can't be that hard, right?

Re:I don't get it (1)

Tuxedo Jack (648130) | more than 9 years ago | (#10896623)

You ever root through the Windows registry? Literally millions of keys and subkeys are there, and it's a pain in the ass to root through them all to find and kill one.

Admittedly, there are certain hotspots (HKLM\Software\Microsoft\Windows\CurrentVersion\Ru n being the big one), but you don't want to regedit over there every time, do you?

No. You use tools to kill that.

You can't manage BHOs without BHODemon or XP SP2, so you use HijackThis to kill the bastards.

Services are a pain to check, but very few spyware bits (outside of a few very, _VERY_ rare CWS infections) install services anyways.

I'm in the rare position too, but it doesn't hurt that I've been cleaning machines of this crap for years and I know how to stop it from running (SpywareBlaster, Firefox, _LINUX_, et cetera).

Re:I don't get it (0)

Anonymous Coward | more than 9 years ago | (#10896629)

I think it's more to do with the convenience and ease of use. I'm like you; a quick scan of the run entries in the registry are usually enough to fix the most blatant of spyware problems. I do like to teach people to use spybot/adaware though, because it sure beats me having to play technician quite so often.

Re:I don't get it (5, Insightful)

isdfnmo (673446) | more than 9 years ago | (#10896728)

No, friend, you really don't.

The point is not that we technically proficient people can deal with SpyWare but rather that the 99% of computer users who are not technically adept can use their computers, the internet and their email without having to fight a constant battle with unwanted intrusion.

What other mass-produced, home appliance can you think of that requires a deep understanding of its inner workings? We, as the technicians, should be hanging our heads in shame that we have failed, in over 20 years of trying, to devise a machine and an interface and a secure environment that allows the end-user to enjoy the internet or office suite or any other application with such carefree abandon as they do their TV or Dishwasher or Microwave.

Sure people need to be careful, just as they do when driving or using a blender, but surely it is not beyond the wit of man to hide the complexity of the system. Surely a better use of our time and effort, rather than trying to play catch-up with 'the man' is to start finding common ground upon which we can progress best practices... Let the Corporations then compete on price and feature-sets from that good and solid foundation rather than firing off in their own directions with their own agendas and muddying the already dirty waters.

We have a lot of work to do, I'm afraid.

Passive isn't good enough. (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10896607)

This just goes to show that anti-spyware (and as a extention that anti-virus) is wholy inadiquate to keep you safe.

Passive systems like virus scanners and anti-spyware are only effective at removing software AFTER it has infected computers.

You can scan downloaded software and e-mail, but that isn't going to do anything for you for stuff like worms or new threats that anti-virus firms are not aware of.

What is needed for security is a pro-active approach.

Auditing code, Compiling programs with stack protection, diversified software base, peer review of code, firewalls, better seperation of user and system and various other technics.

For a great example look at OpenBSD. If the technology sector as a whole adopted technics such as their's then virus, spyware, and worm threats would be nearly non-existant.

So as consumers of software we need to be aware of these things and only use software that employ these technics to keep us safe.

For example it would be cheaper to make cars like tin cans and no secure seats, no seat belts, no crush zones, no nothing... And that's what people are paying for in their software currently.

We need to only use software that does employ things that are the equivilent of seatbelts, airbags, and big hunks of metal to protect us.

"Unsafe at any speed" meets "Unsafe on any computer".

So the simple solution to this is to stop using Windows and start using Openbsd and secure versions of Linux and FreeBSD/NetBSD, etc.

of course most people are not that smart, but if you can you should. Security is a warm fuzzy.

Thank God... (1)

rainer_d (115765) | more than 9 years ago | (#10896618)

...that I run FreeBSD, Linux and Solaris.

The least Microsoft could have done is create a non-admin user upon installation and force users to work as that, e.g. by changing word, excel etc. to refuse to open when used by an administrator and changing IE to refuse to work on anything but windowsupdate for administrators.
That would have been far more effective than SP2 and all the gazillion tools one seems to need today to be able to use XP reasonably.
It would also have cut down on a lot of Spam.

Yes, it would have been annoying, but safety-belts were annoying, too, when they first appeared.
Security is sometimes annoying, people should get over it, just like they got over Windows Product Activation.


Re:Thank God... (1)

a24061 (703202) | more than 9 years ago | (#10896663)

The least Microsoft could have done is create a non-admin user upon installation and force users to work as that...

Such a good idea! Home users with XP---which allows proper user segregation---just will not listen when I tell them to use it!

Re:Thank God... (1)

Xrikcus (207545) | more than 9 years ago | (#10896689)

I actually think that home user OSs should not be able to connect to the net while logged in as an Admin user, and not allow software installs as a normal user (except for basic user-space only software, clearly, but even that could still be optional).

hitman pro (3, Interesting)

Anonymous Coward | more than 9 years ago | (#10896634)

This is a very good solution :

It's dutch and it runs Ad-aware, Spysweeper , Spybot S&D, Stinger, Spywareblaster , ect...automaticly....

my spyware solution (1)

BinLadenMyHero (688544) | more than 9 years ago | (#10896636)

use only Free software

Re:my spyware solution (1)

it0 (567968) | more than 9 years ago | (#10896740)

Name 1 piece of software you paid for that came with spyware?

Whoa! (1)

galdur (829400) | more than 9 years ago | (#10896649)

"... twenty anti-spyware scanners were pitted against a collection of 15 adware and spyware programs that were installed with the latest version of Grokster ..." 15 pieces of trash with ONE program!

The best Anti-Spyware tool... (1, Funny)

Viceice (462967) | more than 9 years ago | (#10896650)

Me charging $60 an hour and HijackThis.

Seriously, I've yet to see spyware that booting into SafeMode and running HijackThis won't cure.

Spy Assassin (1)

Tomahawk (1343) | more than 9 years ago | (#10896653)

I use Spy Assissin. You download it from the ad-aware site, and have to pay for it. I think it's supposed to be better than adaware SE, which is the one tested (that's the free one).

Spy Assissin is cheap, and you get a 5 PC licence for it. Certainly sorted out a few nasty popup problems on my dads PC (though he probably didn't mind some of those lovely ladies popping up, but I'm sure my mother would have if it had gone on any longer).

Spy Assissin is updated regularly, and each time you run it it downloads it's updated (and reinstalled updated software, if required).

Pity it wasn't tested.


I dont understand ... (0)

lemonjus (717606) | more than 9 years ago | (#10896667)

Who won ??

Use a combination (1)

lbruno (114856) | more than 9 years ago | (#10896671)

I personally recommend Ad-Aware and S&D to my friends; it's been effective, methinks.

The most important thing is: if they must run Windows, a combination of those two kill the usual culprits.

Horses for Courses (5, Insightful)

One Childish N00b (780549) | more than 9 years ago | (#10896683)

The anti-spyware game is a real case of horses for courses - one tool will detect some spyware and miss others, while another will find all the bits the other missed, but miss off a couple it didn't. There really is no 'definitive' spyware removal tool and it's foolish to say there is. I advise people to run both Ad-Aware and Spybot with latest updates at least once a week to ensure almost all spyware is found and removed, as I've had too many instances of one of the two missing out five or six items on every sweep that the other one found straight away.

You could probably get even better performance by running more than those two, but I'm not going to harrass my clients to start running half a dozen programs just to remove spyware and it's a pretty rare thing to come across a piece of spyware, even a humble cookie, that both of those two miss. Anyway, my point is this; You can't just run Ad-Aware or Spybot and think you're protected. Until an anti-spyware tool has a 100% record against all known spyware, I won't consider them anything near a definitive tool, or a licence to behave recklessly on the net, something which too many naive people seem to do.

The problem with anti-spyware tools is three-fold;

a) They are made by private companies and individuals who's credentials and/or decency cannot be guaranteed. They could easily take kickbacks from spyware companies in exchange for 'excluding' their programs from the scan list. Sure, it might not be happening now, but what's to stop Lavasoft suddenly to start taking kickbacks to let the less insiduous spyware through? Unless you're on the inside of a company like that, you can never be sure. I'm sure Lavasoft aren't doing anything like that, as these results prove, I'm merely using them as an example - any anti-spyware app people trust is in an immensely powerful position on the user's computer, and any money-seeking company can theoretically be bought out.

c) When they remove a spyware .dll that a program the user makes use of hooks into, the program may stop working, and who would get blamed? the anti-spyware vendor. Hey presto, Spybot looks like pure evil because they just killed off Joe User's cool new P2P app because keylog32.dll got wiped. This happened a lot when Kazaa was big - naive users getting told by techy types to run Spybot every now and then to clear spyware ended up bitching because it nuked the spyware that Kazaa checked for before starting up. They didn't seem to care about privacy when protecting it stopped them getting their MP3s and porn.

c) People do, as I mentioned above, use them as an excuse to behave recklessly on the internet - they will install random .exes, they will visit dodgy sites and they will do all manner of things because they believe they are safe. They don't understand that spyware blockers only work against known types of spyware, not all spyware in total. Naive users seem to think it's an agreement between spyware vendors and anti-spyware companies when it is, to all intents and purposes, an arms race which the anti-spyware groups will always in second place.

Anyway, what was my point again? Oh yes, that these statistics are misleading for naive users. Ad-Aware and the others are now going to start shouting from the rooftops about how they're one of the top 3 anti-spyware apps on the market, and thousands of lusers will trust themselves to it implicitly solely because of that blurb, while the reality is Ad-Aware still misses stuff, and it is more than fallible. That 'lowly' Spybot has turned up half a dozen items Ad-Aware failed to find at least three times for me, but I wouldn't run that on it's own either - Everybodyb knows it's a good idea to get a second opinion, especially when it's free.

Also, does anybody else find it funny that /. are now serving ads to the Microsoft 'Get the Facts' campaign? Is this Slashdot putting one over on Microsoft by taking the money they throw at them when they know no-one here will believe it, or have they reached a new low, actually showing not just Microsoft ads, but ones that feature blatant FUD against FOSS?

Arguments to the contrary... (4, Insightful)

Spoing (152917) | more than 9 years ago | (#10896696)

Oh, not from me. While the failure rate is much higher than I'd expect, that they do fail on a regular basis is not a surprise.

The reasons seem to be simple;

  1. Spyware detectors find and remove known spyware.
  2. Spyware creators know about the spyware scanners. If they decide that being detected is a big enough problem, they work on ways to not be detected.
  3. As the new spyware revision comes out, they are discovered and the spyware detectors are updated.
  4. Rinse and repeat.

Yet, the test results show that the spyware detectors aren't in the arms race against spyware that I described above. Instead, many spyware revisions aren't detected at all. Either they don't know about the spyware revisions, the spyware is not being tested for, or the spyware is being ignored on purpose.

Right now, the bar that the spyware creators have to leap is very low. Both social engineering and direct injection onto systems make spreading these things fairly easy to do for the spyware maker. Tie that in with many spyware detectors not detecting completely, and not being used consistantly, and I don't see an end to this problem soon for most people.

What to do? I'll leave that to others for now. I have my own lists. It is a security issue so the systems should be considered to be on hostile networks and hostile users. I consider 2 hours to lock down a Windows XP system to be a reasonable minimum amount of time to spend on each system -- unless automation tools are used.

Re:Arguments to the contrary... (1)

Lumpy (12016) | more than 9 years ago | (#10896775)

final solution.

run trustnoexe and startupmonitor on your computer.

no virus,trojan,spyware or other asshat ware made can get past that combination.

does it make some things a pain? yes. but for Grandma's computer that she uses only for AOL, solitare and an occasional UT2004 deathmatch it is absolutely perfect.

Damn M$ (1)

absBrain (780507) | more than 9 years ago | (#10896701)

I finally managed to install SpyBot S&D on my Linux, and only now i found out that SpyBot is not so good after all. Oh, will I ever be safe from spyware ?!

Spyware tips I've picked up (4, Informative)

cybergibbons (554352) | more than 9 years ago | (#10896708)

I run a small IT consultancy, and nearly every internet connected PC we work on has a significant spyware infection on it. It's not only our job to remove it, but to prevent it coming back. The things that I've noticed after fixing a lot of problems:

  • People don't know they have spyware on their computers. They are crawling along, at a stage I would call barely usable, and it doesn't bother them in the slightest. Or, better still, they find those new toolbars really useful...
  • A combination of Spybot S&D and Adaware will clean up most problems. Hijackthis will then allow you to remove anything else. Some people say that Hijackthis is the only tool you need - but it can only remove very apparent problems, whereas the other tools will remove nearly all associated keys, files etc.
  • To prevent re-infection, you need to lock down the machine whilst it remains usable. People really do not want to change, or put any effort in. You can try putting Firefox and Thunderbird on the PC, but most people will choose IE, or complain if you hide IE, so they don't have the option.
  • Change the settings for the zones in IE to be more secure.
  • Add a big list of bad sites to the restricted zone in IE. This includes some sites that have content, but it's generally porn, and as our users are business users, they won't call us back to give them access to a porn site.
  • Add an even bigger list of ActiveX CLSIDs to not run.
  • Stop the default action on windows scripting host files, scr files etc. from "run" to "edit". A lot of problems start with some user interaction, and this has cut down on quite a few (mainly non spyware) problems.
  • A lot more small registry tweaks can be done... most of the above is done automatically by scripts we have writen. One of the problems we found was adding keys once to each HKCU hive - you don't want to overwrite them at each login, or the user changes will be forgotten, but none of the Run, RunOnce etc. keys do it per user.
  • Add some buttons to the IE toolbar to put sites in the trusted or restricted zones, for when people have problems.
  • Install Spyware Guard - this provides some active protection against spyware.

This won't stop everything by any means, but it slows down reinfection. End users need to change habits - reading EULA, not just clicking OK, using passwords - but this isn't something you can do with a couple of hours work, so people aren't willing to do it. I have no solution to that problem.

Re:Spyware tips I've picked up (4, Informative)

cybergibbons (554352) | more than 9 years ago | (#10896760)

I should ad (hoho) that one major advantage of Spybot S&D is that you can schedule it to run quietly in the background... this just isn't possible with any of the other free tools. The command that does it:

spybotsd /autoupdate /autocheck /autofix /autoclose /autoimmunize /taskbarhide

There are other tools that help massively with spyware. As a consultant, it's equally important to understand the ways and means spyware gets onto the system, so that you can prevent and cure effectively, and respond to new spyware before the automated tools do it or before it appears on the many forums.

  • Sysinternals Utils are free and great. Process Explorer replaces the crippled useless tasklist in XP, and is quicker and easier to use than the command line utils. Filemon, Regmon, and Diskmon allow you to monitor files, registry keys, and disk access - you can see how, when, and why spyware is getting in.
  • WhoLockMe - appears on the right click menu in explorer, and shows what is causing a file to be locked. Again, this can be done at the command line, but this makes life that little bit easier.
  • Knoppix - for when it all goes very very wrong.... recover files, partition tables, reset passwords, even edit the registry

An ounce of prevention worth a pound of cure (5, Informative)

gtkuhn (823989) | more than 9 years ago | (#10896711)

Seriously guys, none of these spyware removers are even remotely perfect and they all suck time and CPU cycles. I disavow any knowledge of this guy, Mike Lin, but his itty-bitty FREEWARE program kicks butt. [] It does one tiny little thing with almost zero overhead, it tells you what wants to insinuate itself into one of the several startup vectors of Windows. And gives you the option of not allowing it. Any spyware must have some part that runs at startup. This gives you a warning and a filename for googling to remove whatever you have contracted. Probably works for many worms, viruses, and trojans too.

poor presentation (1)

joe094287523459087 (564414) | more than 9 years ago | (#10896723)

the article seems well done and deep but the presentation of the results is lackluster. they performed all those rounds of tests and analysis and the "conclusions" are

Spyware and adware can prove quite difficult to remove
No single anti-spyware scanner removes everything

etc. no kidding! why did they need to compare them to find out what is conventional wisdom for most people already. there is no quantifiable list of best-to-worst that i can find on the site, which is really the most valuable result of a study like this.

a waste of their time and ours.

Review Format (2, Insightful)

Donny Smith (567043) | more than 9 years ago | (#10896792)

While we should be grateful for the work done by the reviewer, I cannot but notice that the results are hard to find out.

I, for one, would like to see some conclusion or recommendation or rating (Anti-Spyware A - goog; Anti-Spyware B - shit; Anti-Spyware C - excellent).
I know the article focuses on falling efficiency, but still, it's a bit overwhelming to go over those huge tables.

where can i get the rpm's for these? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10896793)

link me

Becareful not to shoot yourself in the foot (4, Informative)

DigiShaman (671371) | more than 9 years ago | (#10896802)

About half the time a user removes spyware from a PC that is running really sluggish, I've found that it the spyware removal utilities does NOT repair the winsock registry keys. Thus, you can't even get TCP/IP connectivity. You will know it's broken if you get an IP of or will fail instantly to repair the LAN connection in XP and just get a 169.x.x.x address.

If you do plan on removing a heavly invested PC, be sure you know how to fix repair winsock.

If the customer is running XP with SP2, then you can run the "netsh winsock reset catalog" command (without quotes) to repair the connection and reset the winsock settings back to defaults. However, if the PC does not have SP2 installed, you will have to check out this link; en-us;811259 []

For Win9x users, check out this link []

Use Linux (-1, Flamebait)

xiando (770382) | more than 9 years ago | (#10896804)

I use Linux and I never hard spyware installed on my computer. Obviously, I also never had to install a anti-spyware program. If you are using a OS that allows spyware, then you are taking a risk. It is you choice do to so. But do not cry about your data loss. You took the risk. You did not use Linux [] .

Try it. Once. You can download a Live CD and try it even without installing it. If the 5 minutes this takes was a waste of time, then too bad. But if not, then you may just learn how to use a secure, modern OS that does not allow viruses for the rest of your life.

P.S: It's my birthday today. Actually. (as if anyone cares).
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?