Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Antispyware Shootout

Hemos posted more than 8 years ago | from the battle-royale dept.

Security 343

An anonymous reader writes "ZDNet has published a review of 8 antispyware products from Computer Associates, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Trend Micro and Webroot. Check out the Editor's Choice. Interesting winner ...." I've used quite a number of these scanners on and on & off basis, and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything.

cancel ×

343 comments

Sorry! There are no comments related to the filter you selected.

The site might be experiencing tech. difficulties (5, Funny)

digitaldc (879047) | more than 8 years ago | (#14185162)

or the shootout ended up killing everyone, including the article.

Coral Cache... (3, Interesting)

cbiltcliffe (186293) | more than 8 years ago | (#14185596)

http://www.zdnet.com.au.nyud.net:8090/reviews/soft ware/security/soa/To_catch_a_spy_Eight_anti_spywar e_tools_reviewed/0,39023452,39225147,00.htm [nyud.net]

Karma whore, I know.....

I don't know why the changeover to CSS didn't include a little modification to the story submission script that automatically updates all story links to use Coral Cache. It really wouldn't be that hard, especially considering all of /. seems to be written in Perl.

Social Physics, really. (4, Funny)

Valacosa (863657) | more than 8 years ago | (#14185623)

Nah. It's just that stories like this vindicate our reading of SlashDot on company time, so everyone opens it.

"Look Boss! It's about computer security! It's good that I'm reading this, right?"
 
(Funny joke, though)

Enough power (5, Insightful)

VincenzoRomano (881055) | more than 8 years ago | (#14185168)

I wonder whether there will remain enough CPU power to run the applications once I will install three to four ofthose scanners.
Maybe some major fix in the operating system (as well as in the users' brain) could help a little bit.

Re:Enough power (-1, Redundant)

xao gypsie (641755) | more than 8 years ago | (#14185190)

try using Linux.....

Re:Enough power (1)

bad jerkface (930612) | more than 8 years ago | (#14185560)

I tried using Linux, but I could'nt find any spyware.

$ emerge -s spyware
Searching...
[ Results for search key : spyware ]
[ Applications found : 0 ]

Re:Enough power (5, Funny)

c0l0 (826165) | more than 8 years ago | (#14185191)

Well, I guess we now know why Intel is heading for _FOUR_ cores on one DIE in 2007. One for your personal tasks, and the other 3 cores each for one anti-spyware-thingie exclusively ;)

Re:Enough power (1)

jlebrech (810586) | more than 8 years ago | (#14185375)

No 1 core for the next Sony Rootkit. 1 for the AV, 1 for antispyware, and 1 for Windows.
And the Rootkit and the spyware battling it out in the RAM.

Re:Enough power (5, Funny)

plover (150551) | more than 8 years ago | (#14185681)

Three cores for the Aussie geeks, on their big island.
Seven cores for the anti-spy programs, in their halls of ivory.
Nine cores for trojans, doomed to spam.
One core for the user, all alone.

One chip to run them all
One northbridge to bind them
One RAM to feed them all
And in the SMP array bind them.

In the land of Mobos where the shadows lie.

Re:Enough power (2, Funny)

scruffy (29773) | more than 8 years ago | (#14185425)

One for your real work, one for spyware, one for anti-spyware, and the last one for DRM.

Re:Enough power (1, Funny)

Oopsz (127422) | more than 8 years ago | (#14185259)

There's only one thing you need to clean a spyware ridden system, and it doesn't use much CPU time at all..

Delpart [russelltexas.com] .

Prevention or cure? (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14185183)

think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these.

How about not using a hopelessly broken OS in the first place? I don't have these problems on my Linux box. Maybe that's why we're seeing all these Microsoft ads here on Slashdot: the editors have chosen to join the dark side. Good luck fighting the viruses and spyware, Windoze lovers!

Re:Prevention or cure? (3, Interesting)

ZiakII (829432) | more than 8 years ago | (#14185285)

How about not using a hopelessly broken OS in the first place?

How about learning to operate a computer first? Most of these users with spyware problem stem from being computer illiterate. I don't get any spyware on my machine but I don't open anything that says "Click Here for Free Smiles", I use Firefox read the EULAs on anything I install and at least make smart decisions instead of installing anything I see without any problems. You wouldn't go driving a car without some proper maintance or you would have problems, but people don't see it like that, they figure anyting they can do on their machine can be easily fixed by someone for a cheap price or even free if they knew a computer nerd that will fix there computer for them.

Take my brother for example he installs anything he wants on his computer and dosen't care because as soon as I come home to visit my mother guess who is going to format and reinstall the OS again and make everything beter again and this cycle goes on and on.

Hear, hear! (1)

mmell (832646) | more than 8 years ago | (#14185362)

My experience is nearly identical (although I have made the occasional mistake, especially at 3:00am).

Even my wife (who doesn't want to become technically competent) has no problems. Now, if I could only get my two teenage kids on board . . .

It's amazing how many people here in meatspace know better than to trust a stranger, know that "if it seems too good to be true, it probably is"; yet when they get into cyberspace they automatically assume that all is sweetness and light and they're oh, so disappointed when Mr. Nagooli Unqualidu of Nigeria won't send them millions of free dollars, or the viewer software from their favorite pr0nsite suddenly pops up at the most inopportune moments to display banner ads.

Not that I know from firsthand experience, of course!

Re:Hear, hear! (1)

Giometrix (932993) | more than 8 years ago | (#14185454)

Visiting a porn site with IE, in admin mode is just begging for trouble. Are people so horned up that taking 1 minute to switch to a less-priveledged account is out of question?

Re:Prevention or cure? (4, Insightful)

stuckinarut (891702) | more than 8 years ago | (#14185304)

How many average PC users would be able to maintain a Linux box? It's hard enough for most of them to simply use Windows let alone manage a PC. Can you really see a vast majority of people switching OS? The worst thing would be that once the Linux population gets to a significant proportion it would become worthwhile to write viruses and spyware for it. The elite niche that Linux users enjoy is part of it protection, not just because it's more robust. I'm sure given sufficient motivation there are exploits to be found in Linux as well. For now any reasonably clued up Windows users can avoid most of the problems associated with viruses and spyware.

Re:Prevention or cure? (2, Insightful)

mspohr (589790) | more than 8 years ago | (#14185490)

You're repeating the standard MS FUD about Linux.

First, installing and maintaining a Linux box is much easier than Windows. Try Ubuntu, for example, complete install with latest patches in less than an hour versus the 6+ hour install last time I had to reinstall Windows due to spyware corruption (Windows install, SP installs, patch updates, application installation - MS Office plus patches... don't forget to install and configure firewall and anti-virus).

Second, Linux was designed from the ground up as a multi-user system which means that the security to prevent viruses and spyware is built into the architecture, not patched on top of an insecure architecture like Windows. The fact that Linux users aren't plagued by viruses and spyware is because they are secure by default.

Re:Prevention or cure? (0, Redundant)

Cyberax (705495) | more than 8 years ago | (#14185316)

Have you ever heard the word 'rootkit'?

Spyware Warrior (5, Informative)

popechunk (863629) | more than 8 years ago | (#14185192)

This [spywarewarrior.com] might be a little out of date, but it's still my favorite review site. It talked me into paying for Giant right before MS bought it, which is too bad, because it was the best one I'd ever used.

Re:Spyware Warrior (5, Informative)

Mitchell Mebane (594797) | more than 8 years ago | (#14185379)

Well, then you'll be happy to know Microsoft wasn't the only one who got Giant code. Sunbelt produces CounterSpy [sunbelt-software.com] , also based off of Giant, and they seem to have a tougher stance on spyware than MS does.

Were they reviewing Spybot or not? (3, Interesting)

xxxJonBoyxxx (565205) | more than 8 years ago | (#14185203)

Were they reviewing Spybot or not? I saw mention of it in the results, but I don't think it was on the results chart...

Re:Were they reviewing Spybot or not? (0)

Anonymous Coward | more than 8 years ago | (#14185650)

Were they reviewing Spybot or not? I saw mention of it in the results, but I don't think it was on the results chart...

Would it be rude to suggest that the answer could be easily found if you RTFA?

Enterprise vs. Personal Use (5, Informative)

mencik (516959) | more than 8 years ago | (#14185205)

Note that the test was for enterprise versions of the products, meant for support of a 150 or so user network. Your mileage may vary if a test is done for single computer home use.

One Ring? (4, Funny)

Kjella (173770) | more than 8 years ago | (#14185227)

Each of them captures a certain area, but none are the One Ring or anything.

Apparently powerful, but deceptive and treacherous with a rootkit from the creator?

Re:One Ring? (1)

Gleng (537516) | more than 8 years ago | (#14185315)

No, that's a Sony CD.

Re:One Ring? (0)

Anonymous Coward | more than 8 years ago | (#14185324)

Nope, there's no anti-spyware app comming from Sony.

the referenced link is in australia (0, Offtopic)

way2trivial (601132) | more than 8 years ago | (#14185228)

why do they list all the companies 800#'s? do they do any good in australia?

Re:the referenced link is in australia (1)

Enigma_Man (756516) | more than 8 years ago | (#14185294)

I don't know, do they do any good in Australia? They certainly do a lot of good in the US...

-Jesse

Re:the referenced link is in australia (1)

Mostly a lurker (634878) | more than 8 years ago | (#14185382)

Get Skype: 800 numbers in the US are free

Re:the referenced link is in australia (0)

Anonymous Coward | more than 8 years ago | (#14185536)

No, we have 1800#s here instead.

Oh my god another LOTR joke (2, Insightful)

Wisgary (799898) | more than 8 years ago | (#14185230)

Did tolkien's ghost roll over in his grave or something to make you people over-excited?

Re:Oh my god another LOTR joke (0)

Anonymous Coward | more than 8 years ago | (#14185521)

Tolkien's ghost is trapped on a grave?

Re:Oh my god another LOTR joke (2, Insightful)

meringuoid (568297) | more than 8 years ago | (#14185599)

Did tolkien's ghost roll over in his grave or something to make you people over-excited?

Tolkien's ghost has passed beyond the Circles of the World. All that's in his grave are some bones.

Such is the fate of Mortal Men; their fea are not naturally bound to the Earth like those of the Eldar. Exceptions have been observed only in strange and extreme cases usually involving corrupt magic, such as the Nazgul, the Barrow-wights and the Army of the Dead.

Free solutions (5, Interesting)

Anonymous Coward | more than 8 years ago | (#14185233)

It's nice that they acknowledge the existence of free solutions ("freeware" anti-spyware programs), such as (my personal fave) Spybot Search & Destroy [safer-networking.org] . I would feel a whole lot better about this article if it would actually compare these expensive commercial programs to the whole playing field of contenders. Leaving out the least expensive solutions (free ones) leaves this article wanting.

Re:Free solutions (4, Insightful)

sevensharpnine (231974) | more than 8 years ago | (#14185310)

I'm sure that this review was limited to either current or potential ZDNet advertisers. Tech journalism (web or print) has absolutely no credibility. The entire article is a thinly-veiled ad for the "contestants."

Re:Free solutions (0)

Anonymous Coward | more than 8 years ago | (#14185551)

SpyBot is only free for personal use, if you read their EULA carefully. It is not free for corporate/governmental use.

We found this out after the cease-and-desist letter from their lawyer asked us to either pay up or remove all copies of their software, even though their EULA at the time said nothing about paying for the software. After we removed all copies of their software, they then changed their EULA to specifically say that SpyBot is not free to corporate/government agencies.

Why is this necessary? (3, Insightful)

Progman3K (515744) | more than 8 years ago | (#14185235)

It frightens me that Microsoft has suceeded so well with their shoddy products that we all think that having to run a spyware tool is normal.
It is NOT normal to have to do this.

Re:Why is this necessary? (5, Interesting)

Jugalator (259273) | more than 8 years ago | (#14185291)

To answer your topic question, it's necessary because Windows users usually run with administrator rights and don't care much for what an installer may do. Think doing the same but in Linux as root.

And then few OS'es out there will help if the user choose to install a spyware infested program and click "Yes" to install the whole thing. I mean, once a user run executable code with admin rights, what can the OS do?

One solution is of course to run in a more protected user mode where you're requested of admin rights when it has to do something to the system, and the upcoming version of Windows will do exactly this, and what *nix desktop managers have had for years.

However, when the user see "This application requires administrator rights", will he/she still just blindly fill in the requested info, click "yes", and get the spyware?

Re:Why is this necessary? (2, Interesting)

naelurec (552384) | more than 8 years ago | (#14185357)

One solution is of course to run in a more protected user mode where you're requested of admin rights when it has to do something to the system, and the upcoming version of Windows will do exactly this, and what *nix desktop managers have had for years.

Yah.. BUT even with existing Windows (Windows 2000 and XP), running as an underprivileged user does have many issues. There are still many applications on Windows that do not follow the security policy and attempt to write user data outside of their profile. ie -- try installing an app sometime as a regular user on Windows...

However, when the user see "This application requires administrator rights", will he/she still just blindly fill in the requested info, click "yes", and get the spyware?

Pretty much. This is a HUGE change for a Windows user. I'm guessing most will find this annoying and learn how to switch back to Administrator and not much will be resolved.. especially when their favorite game REQUIRES administrator access to run. blech.

Re:Why is this necessary? (0)

Anonymous Coward | more than 8 years ago | (#14185566)

" ie -- try installing an app sometime as a regular user on Windows..."

Uhhhh, you seem to be missing the point.

Re:Why is this necessary? (2, Interesting)

keraneuology (760918) | more than 8 years ago | (#14185655)

However, when the user see "This application requires administrator rights", will he/she still just blindly fill in the requested info, click "yes", and get the spyware?

No. The average user will install software only if it involves clicking "Next" "Ok" or "Finish". Any weird questions about administrator rights will spark a call to son/brother/cousin/friend/12 year old who will know the right answers.

Re:Why is this necessary? (1, Interesting)

Maelstrum (788501) | more than 8 years ago | (#14185297)

It would be the same way for any other OS if it where the dominate. Linux, etc. would have had the same problem if it had made it to the top of the food chain.

Re:Why is this necessary? (1)

Progman3K (515744) | more than 8 years ago | (#14185689)

>It would be the same way for any other OS if it where the dominate. Linux, etc. would have had the same problem if it had made it to the top of the food chain.

There would be more blackhats gunning for it, yes, but they'd have to make do with exploits:

As it is now, Windows is unusable unless your user is an administrator, so a virus only has to find a user ignorant enough to answer "Yes" to letting it run.

On *nix, even if the user runs the trojan, it can't infect the whole system unless it has privilege-escalation mechanism built-in.

On Windows, all the user need do is click "Yes"

Even more interesting (0)

Anonymous Coward | more than 8 years ago | (#14185305)

It frightens me that Microsoft has suceeded so well with their shoddy products that we all think that having to run a spyware tool is normal.

What I find interesting is that people are ready to use an anti-spyware product from the same company whose OS is being infected by spyware.

If their OS is vulnerable, why would their "solution" be any better?

Re:Even more interesting (1)

26242 (830254) | more than 8 years ago | (#14185422)

That's what I've always wondered. Why don't they "embed" it into the background of the operating system .. DUH!

Microsoft is not evil, (2, Interesting)

chunews (924590) | more than 8 years ago | (#14185331)

.. just misunderstood.

But seriously, spyware has little to do with Microsoft and their shoddy products. MS is definitely to blame for inadequate security, poor mimicry GUI designs, and an attrocious "embrace and extend" attitude towards open standards.

That said, Spyware is more the result of the combination of the insane ROI for spywarers coupled with poor user education. One might argue that Windows allows users to have too many privileges yet this perception only minimally impairs the dedicated keystroke logger.

Fault anyone, fault doubleclick. And the wholly inadequate privacy and confidentiality laws of the US governement.

Re:Why is this necessary? (1)

LordMaxxon (898539) | more than 8 years ago | (#14185343)

It is NOT normal to have to do this.

yes, it is normal. that's the scary bit.

Re:Why is this necessary? (1)

Surt (22457) | more than 8 years ago | (#14185383)

Of course it is normal. Normal is about the average experience. The average computer user needs to do this, so it is normal.

Not that it's good that we have to do this, in any way.

Re:Why is this necessary? (2, Insightful)

jonnythan (79727) | more than 8 years ago | (#14185393)

Will someone explain to me how linux or OSX are magically immune to spyware?

If you go to install some filesharing app, and you don't do some extremely thorough inspection of the installation procedure, you can get some spyware installed on your machine during the process no matter what the operating system is.

This isn't a Windows specific issue.

Re:Why is this necessary? (1)

LainTouko (926420) | more than 8 years ago | (#14185613)

aptitude install

I don't run a monolithic operating system on which software from a variety of sources gets installed, I run a collection of packages from a trustworthy organisation which go together to produce an operating system with software.

Summary (5, Informative)

Big Nothing (229456) | more than 8 years ago | (#14185238)

For those of you who are too lazy or otherwise unable to reach the article (which in a matter of minutes should be just about EVERYONE), here's the summary:

Scenario 1: This larger (over 150 users) company is seeking dedicated anti-spyware. It needs a solution that can detect and clean up a range of malware on its machines.
Winner 1: Computer Associates eTrust Pest Patrol and Symantec Client Security. Once a network goes above 150 nodes the case for centralised management command and control capabilities becomes more important. CA wins here for its performance and ease of management, and Symantec for its accuracy.

Scenario 2: This smaller (less than 150 users) company is seeking dedicated anti-spyware. It is seeking a solution that can detect and clean up a range of malware on its machines.
Winner 2: PC Tools Spyware Doctor 3.0 for its ease of use, accuracy, and performance.

Editor's Choice: Symantec Client Security 3.0
It was neck and neck for the Editor's Choice Award between CA and Symantec. Had CA or even PC Tools detected more (they were both above average), they could have won, however, Symantec blitzed the field in detection which is really what you want. Note that this is at a trade-off to performance, and bear in mind that Symantec also includes antivirus, so your decision may come down to what virus scanning policy and system your business is already using.

Re:Summary (1)

ploss (860589) | more than 8 years ago | (#14185400)

The Coral Cache still works:

http://www.zdnet.com.au.nyud.net:8090/reviews/soft ware/security/soa/To_catch_a_spy_Eight_anti_spywar e_tools_reviewed/0,39023452,39225147,00.htm [nyud.net]

The article is 15 pages long, and seems to be comprehensive and informative, geared toward massive rollouts at an Enterprise level. That said, here's some more of a quick summary of each product since their servers are melting:

Applications they tested:

  • Computer Associates -- eTrust Pest Patrol Anti-Spyware Corporate Edition: 4 1/2 stars
  • Lavasoft -- Ad-Aware SE Enterprise 2005: 2 1/2 stars
  • McAfee VirusScan Enterprise + Anti-Spyware Module 8.0: 4 stars
  • Microsoft -- Windows Defender (AntiSpyware): 3 stars
  • PC Tools -- Spyware Doctor 3.2: 4 1/2 stars
  • Symantec -- Client Security 3.0: 4 1/2 stars
  • Trend Micro -- Anti-Spyware for SMB 3.0: 3 1/2 stars
  • Webroot -- Enterprise Server: 3 stars

As always, remember that choosing Linux may be the best antispyware decision you can make! :)

Norton/Symantec (1)

SatanicPuppy (611928) | more than 8 years ago | (#14185597)

Sure the products work, but the significant performance overhead and the annoying liscensing checks pretty much kill the deal for me.

Re:Summary (1)

solareagle (892616) | more than 8 years ago | (#14185696)

Of course the entire study is only valid for people who want to protect themselves from the 10 specific malware variants that were included in the test. Seeing as how there are tens of thousands of spyware programs in the real world, I don't think you can get an accurate representation of the solutions tested by using such a small sample size. Also note that even if the test results are representative of real world performance (I doubt it), you still would want to use more than one solution. 9 out of 10 doesn't sound so bad, until you realize that scales to 9,000 out of 10,000. Meaning you are still vulnerable to lots of bad stuff.

Sony (5, Interesting)

kidtwist (726601) | more than 8 years ago | (#14185243)

Did any of them find the Sony rootkit?

$sys$ (1)

digitaldc (879047) | more than 8 years ago | (#14185342)

And, is it possible to detect a $sys$ file with these?

How can you trust an infected machine? (4, Insightful)

camcorder (759720) | more than 8 years ago | (#14185255)

I don't understand this. How can you trust an infected machine without wiping everything out. Even MS accepted that it's not possible to clean some rootkit kind of spyware if you don't reinstall Windows. Even if it can, how can you trust, without checking every bit of the OS? This is not Windows issue, it's same with linux or any other OS. But it's also very hard unless you're very ignorant, to get a complete infection with linux than Windows.

I would not trust any machine which is infected once, because there can be countless ways to hide an application once a hacker got in.

Re:How can you trust an infected machine? (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14185440)

How can you trust an infected machine without wiping everything out. Even MS accepted that it's not possible to clean some rootkit kind of spyware if you don't reinstall Windows.

It's probably because people don't want to go through the whole "reinstall everything and then beg Micro$oft to reactivate them" crap. This whole spyware/virus debacle just shows how hostile M$ is toward its users. First, they refuse to fundamentally fix their OS to prevent the viruses and spyware in the first place. Then, after years of criticism, they finally hack together a bandaid in the form of the condescending MS Antivirus (TM) and MS Defender(TM). After the user has tried everything they can to fix their infected OS, they go to reinstall and what happens? They have to call Micro$oft to beg them to reactivate their piece-of-shit operating system. Goddamn I don't know why you Windows users continue to allow yourselves to get raped. Just use Linux already!

Re:How can you trust an infected machine? (1)

JesseL (107722) | more than 8 years ago | (#14185489)

You could argue that you can't completely trust any computer system unless you personally audited every portion of the system. You would have to check the processor core, microcode, firmware, OS, applications, etc. You would have to hand compile your own compiler and then use it to compile everything else. You could never connect it to any network. You could never leave anyone else alone with it. It would need to be faraday shielded at all times.

How paranoid is paranoid enough?

Re:How can you trust an infected machine? (1)

man_of_mr_e (217855) | more than 8 years ago | (#14185533)

There are two ways. The first, is running in safe mode to scan. Windows doesn't load non-system drivers in safe mode, so the rootkits won't load, and you can detect them.

The second is by using the technique that sysinternals uses, which is to read the registry raw (not in the API) and parse it yourself, then find any references to files which mysteriously don't show up through the API. This doesn't remove the threat, but it does help identify it. The reason this works is that in order for a root kit to run, it has to be in a place where the OS can find it, such as the registry. Otherwise Windows won't be able to load it as a driver.

Of course there are some false positives, since a few shareware licensing tools use methods similar to rootkits to hide their licensing information.

My guess is that the next level of rootkit will use virus techniques and attach itself to a legitimate system file to become loaded.

And the winner was... (4, Funny)

Anonymous Coward | more than 8 years ago | (#14185260)

...a Mac and a Linux user, who wondered what all the fuss was about.

Re:And the winner was... (0)

26242 (830254) | more than 8 years ago | (#14185360)

*rolling on the floor laughing* couldn't have said it better maself!!

What about spyware scanners for Mac OS X? (0, Troll)

toupsie (88295) | more than 8 years ago | (#14185264)

Why weren't spyware scanners for Mac OS X tested? Oh wait, that's a stupid question. Windows is a better operating system with more software than Mac OS X.

Re:What about spyware scanners for Mac OS X? (0)

Anonymous Coward | more than 8 years ago | (#14185406)

I think the phrase you're looking for is 'Windows is a better operating system for GAMING than Mac OS X' not software in general, you fucknut.

this all getting to be too much (2, Informative)

caffeinemessiah (918089) | more than 8 years ago | (#14185266)

Whats going to be left of your CPU if you're running a bunch of anti-spy/virus/blaaaah scanners, auto-updaters and registry watchers? Have we all forgotten whitelist-based approaches? IMO, the best way to go is to DeepFreeze your system drive, unfreezing it for updates and installing new software (uninfected software of course). Then have a couple of data partitions that are not frozen. Run Firefox in ultra-restricted mode for everything but the sites you know are safe. Why is this so hard? The other approach would be to get AV makers to include spyware features in their software so that you don't have to clutter up your process space with extra protection.

Re:this all getting to be too much (0)

Anonymous Coward | more than 8 years ago | (#14185335)

I suspect they could market these as an anti-gaming solution for businesses. After all how much CPU do you need to run MS word on a business PC.

Re:this all getting to be too much (1)

jupiter_ganymede (741242) | more than 8 years ago | (#14185336)

The problem is Windows does not easily support this model. IE is susceptible because it is too integrated with the OS. This is one area where Firefox has a big security advantage over IE. The other problem is that most users aren't knowledgeable enough to avoid risky behavior. I can't tell you how many times I have had to clean spyware from my relatives computers because they downloaded something without knowing it.

TFA is 15 pages (2, Funny)

hikerhat (678157) | more than 8 years ago | (#14185299)

That's way too long for me to waste my time on. I didn't read it, but I'll try and summarize it:
  1. Don't download/install it if you don't know what it is and you're on a windoz box.
  2. Install four or five spyware/virus scanners that execute every time you access a file if you're on a windoz box. Performance be damned. It doesn't matter what brand. Four or five different brands are enough.
  3. No matter what four or five brands you install, someone is someday going to get their hands on your windoz box, and download some spyware/virus that isn't detected by the four or five scanners you have installed. So really, don't install anything. Just don't do number one, and lock your windoz computer in a big safe.
  4. Amazon/Paypal/Ebay is not going to suspend your account if you don't click on that link in that email and fill in your name and password. Don't worry.

SpyAxe (3, Funny)

borawjm (747876) | more than 8 years ago | (#14185307)

I recommend SpyAxe. It generates pop-ups and then, conveniently and promptly, lets me know that my machine has been infected with spyware.

Please try again. (0)

Anonymous Coward | more than 8 years ago | (#14185327)

I've used quite a number of these scanners on and on & off basis, and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these.

Why don't you get a grammar checker instead?

A failed approach (0)

Anonymous Coward | more than 8 years ago | (#14185332)

Such a wonderful approach to solving a problem... let's keep track of all the thousands upon thousands of bad programs out there and try and stop them. As some of you may know... a better approach is to track the good programs. That way you have fewer things to track and you can just disallow running of everything else. I believe this has been discussed in slashdot before dealing with flawed approaches to security.

Re:A failed approach (1)

Mostly a lurker (634878) | more than 8 years ago | (#14185446)

a better approach is to track the good programs
You are 100% correct, technically. The problem is human nature. People are unwilling to accept any additional effort in their everyday computing. They just use their computers until they become too slow or are otherwise malfunctioning, and then want them fixed.

You and I do not get infected anyway. Expecting the typical user to white-list programs, together with what they are allowed to do (often needing to pick up the phone and ask) is, unfortunately, unrealistic.

How else do you deal with infections? (1)

JSBiff (87824) | more than 8 years ago | (#14185541)

Ok, I agree with this idea, generally - let's disallow stuff that's not known good. But, ultimately, you gotta give the user the opportunity to run stuff that is not known to be good (let's say I'm a programming student, and writing my own programs - if I can't run them, I can't test them).

The problem is, if someone wants to try a new program they got off the internet, once the spyware is installed and they realized what happened, they need a way to get the crap off their computer - but most of it provides you no good way to remove it. This is where these spyware scanners are handy - they provide, essentially, an uninstaller for the spyware crap you want to get rid of.

The truth of the matter is, there are many more legitimate programs than illegitimate ones. It sounds good to block 'unknown' programs, in theory, but would mostly cause users a lot of hassle, and introduces the 'Click This' phenomena - similar to software firewalls that popup a 'keep blocked/unblock' dialog - most users will just allow stuff they don't know to run anyhow, because they think they probably need it if it's on their computer.

And that brings you back to needing to remove stuff once it *does* get on the system. There's no way around it - while trying to take preventative measures is certainly good (for example, a public library system I was working at for awhile finally got around to upgrading all their computers to Win2k/WinXP and locking users' ability to install anything, which made support dramatically simpler), you STILL need a way to fix things when they break.

Spoken like a true, like, 15 year old (3, Funny)

crivens (112213) | more than 8 years ago | (#14185364)

"you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything."

Re:Spoken like a true, like, 15 year old (1)

simong_oz (321118) | more than 8 years ago | (#14185683)

It's all part of the recent move toward editorial professionalism ...

They left out major players (2, Interesting)

p3x935 (936288) | more than 8 years ago | (#14185374)

And where is Sunbelt Software's CounterSpy (both consumer and Enterprise editions) in this round up? They left out major Antispyware applications!

Re:They left out major players (0)

Anonymous Coward | more than 8 years ago | (#14185695)

thats because it uses the same engine as Microsoft Anti-Spyware

The best anti-spyware measure is between your ears (4, Funny)

Sockatume (732728) | more than 8 years ago | (#14185378)

In the wise words of Luis Villazon: [pcformat.co.uk]

Imagine if there was a billion dollar industry dedicated to selling you hyenas to control the badgers in your garden. Imagine that, even though there are no badgers in your garden and never have been, these companies told you that you needed to have a snarling, vicious hyena patrolling your lawn in case one should ever appear. And not just one hyena either, imagine they told you to add another hyena every month to provide adequate protection. And imagine that the hyenas were bad-tempered, smelly, dug holes in the lawn and chewed on your leg whenever you stepped outside. Finally, imagine that your garden was surrounded by a high wall anyway and the only way for badgers to get in was for someone to post them to you in a conspicuous badger-shaped parcel that you could simply refuse to accept when the postman delivered it.

What the hell is spyware? (0)

Anonymous Coward | more than 8 years ago | (#14185380)

That's the malware that ends up on WINDOWS computers when grandma buys one... right? Personally I'm tired of fixing peoples computers, they bought a Microsoft machine and it's Microsoft that should support it.

What about performance? (4, Interesting)

mcgroarty (633843) | more than 8 years ago | (#14185386)

For the client-side antiSpyware solutions, how is the client-side performance? I've seen some very comprehensive virus scanners that also drag performance down into the mud. For example, Symantec severely impacts Metrowerks' compiler and copy times to and from SMB shares. McAffee utterly punishes network performance. cygwin's rsync ran at less than 10% speed when McAffee was installed, and I had to uninstall McAffee to recover speed, I couldn't just turn off network scanning. I'm assuming the antiSpyware programs are similar to antiVirus programs in this regard, as they're basically the same software but with a different database of things to look for.

Wake up call for Microsoft (0, Flamebait)

bogaboga (793279) | more than 8 years ago | (#14185394)

> the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything.

To me, this suggests that Microsoft does not really know thier product though they would like us to believe otherwise. Remember the phrase " ...Microsoft products work best with Microsoft products..." , which was coined [by M$] in the early nineties during the word processor battles?

Just last week M$ representatives were at my place of work trying to sell some stuff to our IT department. The buzz I heard was "it's only M$ that understands M$ products...".

I guess it all about the money, sadly.

What the hell?! (-1, Redundant)

hungrygrue (872970) | more than 8 years ago | (#14185414)

This is pathetic! Just quit running Windows already! Why in the hell would you be buying multiple anti-virus programs and multiple anti-spyware programs instead of just getting rid of the damn problem?! Just quit for God's sake! Run Linux, if that scares you, then get a Mac, but why don't you quit whining about your damn problems with viruses and spyware, 'cause frankly it is your choice to deal with all of that crap. The rest of us choose NOT to put up with it, and we don't need to listen to you constantly talking about your self-inflicted pain!!!!

Re:What the hell?! (1)

jayhawk88 (160512) | more than 8 years ago | (#14185539)

Spoken like someone who has never worked in a corporate environment before.

Only one way to be sure... (2, Funny)

Innova (1669) | more than 8 years ago | (#14185415)

and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these.

Actually, I only need one method to make sure that the machine is truly clean:
format c:

Re:Only one way to be sure... (0)

Anonymous Coward | more than 8 years ago | (#14185547)

Actually, some virus even do it for you.

Re:Only one way to be sure... (0)

Anonymous Coward | more than 8 years ago | (#14185670)

Ooooh, wit-tee. Like, wow, you should be on T.V. for your insightful social commentary. A regular Will Rogers, you are. A Mark Twain, or a Swift. And original! Breaking new ground there, you are!

From the summary (1)

ifelse (916112) | more than 8 years ago | (#14185416)

> "Each of them captures a certain area, but none are the One Ring or anything."
Do you mean none of them turn you invisible and let you spy on others? That sounds like the ideal spyware tool not anti-spyware...

always in memory (4, Interesting)

Fanro (130986) | more than 8 years ago | (#14185418)

the problem with most of these modern anti-spyware software is all of them want to stay in memory ALL THE TIME. Even worse are Anitvirus tools. I tried once to install several of them to have mre than one on-demand scanner at my disposal, and it was a mess.

Even IF they offer the option to NOT load themselves at each startup, many still do load something anyway. Most dont even ask so that you have to disable 3 different services and 2 startup programs with cryptical names.

Otherwise you end up with all of these tools concurently trying to scan each file access / internet request, registry change etc.
You end up with all sort of interesting and unpredictable side effects, probably offering worse protection than each of them alone.

I've chosen Hitman Pro (2, Informative)

Laurentiu (830504) | more than 8 years ago | (#14185419)

... which can be found at http://www.hitmanpro.nl/ [hitmanpro.nl]

Hitman Pro is a meta-tool, an aggregate of 10 antispyware tools that automagically downloads and runs these tools with as little fuss as possible. Unfortunately the whole page is in Dutch, but the Download button is quite visible, and the software itself may be run with an English interface (self-explanatory).

A (rather outdated) manual can be found at http://xthost.info/hitmanual/ [xthost.info] . Enjoy!

i almost agree (1)

digitallysick (922589) | more than 8 years ago | (#14185430)

It seems that sometimes spybot doesnt pick up things that adaware might (or vise versa) or it wont remove them properly. Never hurts to have a few!

We've beaten viruses but not spyware? (2, Insightful)

AEther141 (585834) | more than 8 years ago | (#14185456)

Why do the majority of commercial virus scanners seem to work flawlessly when kept up-to-date yet we're still at the point where you may need half a dozen anti-spyware programs to clean up an ordinary windows box? What is it about spyware that makes it seemingly so difficult to shift? Oh, and why are people even recommending routinely using antispyware when it's so much easier, cheaper and cleaner to sort out the problems at the source and just get your security to a tolerable, spyware-proof level?

What is spyware ? (4, Funny)

MagicFab (7234) | more than 8 years ago | (#14185493)

Could someone please explain to me what Spyware and viruses are ? I've been on Linux for 3 years and I forgot.

Amazing (1, Troll)

HangingChad (677530) | more than 8 years ago | (#14185504)

if you are truly to clean a machine out, you're going to need to use like three - five of these...

And the wider body of MSFT users find this situation normal and acceptable? Just amazes me. Don't surf the internet with Windows! Keep a Linux machine with firefox around for browsing, email and chat. Don't leave the windows box connected to the internet for anything but updates and that behind a firewall.

MSFT should offer a web safe version called Windows Unplugged.

Most telling part of the article... (5, Interesting)

Anonymous Coward | more than 8 years ago | (#14185525)

From the test results page:
Clean machine accuracy and performance testing

        * Accuracy: Only Lavasoft and Spybot Search & Destroy picked up anything when instructed to scan a newly installed and patched version of Microsoft's Windows 2000 Professional. Both reported Alexa (adware) related items. The other seven applications in this test correctly reported no items.

Sorry, but in my opinion, Alexa IS spyware (or can be if you use IE) and spyware detectors should find and at the very least warn you of its presence. From there it's up to the user to decide to keep it or junk it. Just because you have a fresh install from Microsoft doesn't mean it is clean. Microsoft is just as capable as anyone else of bundling crap with their software.

Hitman Pro - Strength in numbers (0)

Anonymous Coward | more than 8 years ago | (#14185540)

All any-spyware programs have their strengths and weaknesses. Hitman Pro [hitmanpro.nl] capitalizes on this and uses a wide range of anti-spyware programs at once. It downloads, configures, and installs many of the leading free anti-spyware tools and runs them sequentially. It then follows up with a spyware scan of its own. At the end of it's multiple scans, it displays a complete html report of what was found and cleaned and saves the report in its log directory. It takes about an hour to run first time aroud, and even my non-technical friends found it fairly easy to use - although they were at first a little surprised that their computer was automatically installing and configuring programs by itself. Frequently one anti-spyware program will pick up code that another anti-spyware has missed but at the end of the cleanup, almost all Spyware instances will have been found and either cleaned or deleted. It's worth a look. I keep it on my usbdrive for any computer housecalls I make regarding spyware.

Personally... (2, Informative)

Capeman (589717) | more than 8 years ago | (#14185548)

...I use Lavasoft's Ad-Aware SE Professional [lavasoftusa.com] in combination with Spybot - Search & Destroy [safer-networking.org] , they keep my PC spyware free.

Re:Personally... (1)

sl0cb (934707) | more than 8 years ago | (#14185666)

I do pretty much the same thing, and never have problems ...

Immunity of Linux/Mac NOT due to low marketshare. (5, Insightful)

massysett (910130) | more than 8 years ago | (#14185553)

Every time a story like this comes out, someone says "just switch to Linux or Mac. They don't have spyware." Then someone writes back "oh, that's just because they don't have marketshare."

Hogwash. In Linux or Mac, you can accomplish all daily tasks as a user with limited privileges. This is often impossible in Windows. In Linux, you can easily choose to install software only from trusted sources (e.g. your distro's package repositories.) It comes with all needed apps. This is not true in Windows.

Need more proof? See this [theregister.co.uk] from the Register.

It's completely ignorant to say that Linux and Mac would be just as bad if they had more marketshare.

Let's Put the Blame Where it Belongs (3, Insightful)

phunster (701222) | more than 8 years ago | (#14185649)

(Fair disclosure - I run Linux)

I see that in a lot of the responses the knee jerk "blame Microsoft" response has come into play. If you buy a house without a lock on the front door and a thief comes in and steals something, he gets arrested. There may be a lot of eye-rolling at your stupidity for not installing a lock after you bought the house, but the fact remains that you didn't break the law, the thief did. In the case of spyware, it is the company that planted the spyware that should get the blame.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?