3 recommendations |
New Anti-Spyware TestsHi All: Over the past 2 days I've performed yet another round of tests with 20 anti-spyware scanners, this time using a new collection of spyware and adware picked up from my favorite "test" site, "Innovators of Wrestling" (iowrestling.com). As before, I identified a core set of "critical" detections and monitored how throughly each anti-spyware scanner removed the "critical" detections. You can find a list of those detections on the Guide page here: » spywarewarrior.com/asw-t ··· ections2The results of this new round of tests can be found on these two pages: » spywarewarrior.com/asw-t ··· ts-3.htm» spywarewarrior.com/asw-t ··· ts-4.htmAs I requested before, please have a look at the Guide page before proceeding to the results pages. The Guide page has been revised to account for these new tests. As always, the "Disclaimers" section on the Guide page is "must read": » spywarewarrior.com/asw-t ··· claimersOne aspect of these latest tests worth noting: the collection of spyware and adware used for this round of tests included some especially nasty software that proved difficult, if not next to impossible to remove for the anti-spyware scanners. In particular, the key processes for the following adware/spyware was not killable at all: IBIS Toolbar/Websearch IBIS Toolbar/WinTools The executables were simply too well protected in memory. Even the DiamondCS process tools APM and APT could not remove those processes and modules from memory. The standard procedure that anti-spyware scanners use in this situation is to remove the files on reboot by configuring the scanners to run through the HKLM\...\RunOnce key. Not a single anti-spyware scanner succeeded in doing that, however, because one of the above processes -- or perhaps it was the VX2 3dsdpi.dll module that was attached to the Winlogon process, a core Windows system process -- blocked changes to the RunOnce key. Still worse, the files mentioned above could not even be removed in Safe Mode. This all is a potentially huge problem. The only way I succeeded in removing those files was to boot to a command line using SysInternals' ERD Commander 2000. A bootable CD could be used to achieve the same result. Finally, before anyone asks, let me indicate right now that I am not going to put together a table summarizing the combined results of both rounds of tests. Were I to do so, that table would immediately be taken as a definitive ranking of the products tested, and that kind of ranking is simply not warranted solely on the basis of these two rounds of tests. Moreover, I know that once that table appeared, people would link only to the table, and the rest of the critical information and context regarding these tests would get lost in the rush to judgment. In any case, questions, comments, and suggestions are always welcome. Best, Eric L. Howes |
|
hayc59Your a Daisy Premium Member join:2001-02-26 |
hayc59
Premium Member
2004-Oct-9 5:45 pm
Thank You Eric!!:) |
|
dp MVM join:2000-12-08 Greensburg, PA
1 recommendation |
to eburger68
Thanks for keeping us all informed Eric. Unfortunately, nasty spyware just keeps getting worse. |
|
OwlbetIgnite the Ice Premium Member join:2002-09-24 Palmer, AK |
to eburger68
Eric: Well done! Thanks to your hard work we've become more informed and educated to the dangers that lurk in the dark recesses of the internet. Owl |
|
mers2 Premium Member join:2004-03-20 USA |
to eburger68
Once again you've gone above and beyond the call. Thank you for the very informative test results. Computer users now have some valid information to make choices on. |
|
|
Looks Like the only way to prevent some of the nasty spyware is to stop it from installing, this is where applications like SSM and process guard really come in handy |
|
Indy SabreSabre Rider From Indianapolis join:2003-10-02 |
Would these nasties be prevented from installing if you were on a limted user account?
If they were active on a limted user account would deleting that specific account get rid of them? |
|
|
keith2468 Premium Member join:2001-02-03 Winnipeg, MB |
to eburger68
Excellent work Eric.
So of the free and donationware products, so far Ad-aware SE is doing the best?
And overall GiantAS is doing the best, and is available a full-function 15 day trial, and USD30 per year after that. |
|
|
to eburger68
no Indy, at least not for most.
I believe the newest spybot has good ad/spyware prevention in it, maybe we should do some comparisons on that and see who comes out on top. |
|
oldhand Premium Member join:2003-05-16 Saugus, MA |
to eburger68
What happened to Norton?As many consumers appear to believe that the Symantec/Norton tools are "the best", would you please consider testing their current offering? It might open some eyes... |
|
|
to eburger68
Re: New Anti-Spyware TestsWell, I am willing to make a claim and not beat around the bush.
Run and use Spybot Search & Destroy and Ad-Aware SE and you you have pretty dang solid game plan against *'ware!
Also, I use SpySweeper... this one is not free ($30), but, it has features the others do not. So, I run all three. Finally, use Mozilla Firefox (Amono's build rocks!) and you will be in a right nice position.
There, forget the reviews.. because we all don't have weeks and weeks to listen to puffed up BS and analysis etc. etc.
Glad to be of help! |
|
|
to eburger68
I took eburger68's data and put it in a spreadsheet for further analysis using an OR function. I don't guarantee that I have the best combinations because it would take forever to test every possible one, but these seem to give a lead on what one should try. I'd be happy to post the spreadsheet here for others to look at, but I do not know if it is allowed:
Num. Combination ------------------- 217 Pest Patrol, Giant AS 241 Ad-aware SE, Pest Patrol, Giant AS 257 Ad-aware SE, Spy Sweeper, Pest Patrol, Giant AS 267 Ad-aware SE, Spy Sweeper, Pest Patrol, Giant AS, SW Doctor 270 Ad-aware SE, Spy Sweeper, Pest Patrol, Giant AS, SW Doctor, SW Cop ------------------- 285 Total
Num. shows the number of different spyware covered by the various combinations of programs out of a total of 285. |
|
1 edit |
huntandpeck:
Those are some interesting numbers that you put together. The most telling one is the combination of 6 programs that you came up with to remove 270 of the 285 detections.
One way to look at that number is to recognize that to get most of it, you'd need 6 programs. Think about that. 6 programs. And even then you'd have junk left over.
Another way to look at it is to recognize that any one of those six programs would catch something that the others had not. That in itself is interesting, given the number of posts that we see from folks who claim that XYZ anti-spyware program is "better" than ABC anti-spyware program because XYZ anti-spyware program found things that ABC did not.
As I've said several times now in other threads, you can run any combination of anti-spyware in any order and the last in the chain will almost always find something the others did not. That's true even when you're running SIX anti-spyware programs back to back.
Something to remember the next time you see someone touting a particular anti-spyware program simply because it found something that Ad-aware, Spy Sweeper, Pest Patrol, or Spybot S&D did not.
Eric L. Howes |
|
|
As it is, there seems to be 15 that aren't detected by anything:
WCPR-01 WCPR-02 WCPR-03 WCPR-04 MISC-02 IBWS-03 IBWT-02 MIDL-02 MIDL-03 NLIT-01 NLIT-02 TVM-03 VX2L-01 VX2L-02 MISC-03
This means that my combination of the six programs dectects all that currently can be detected (285-270=15). I haven't been plagued with spyware because I tend to stick to mainstream web sites, but I was curious whether any combinations from your lists would cover everything in case I needed it.
Cliff Otto |
|
2kmaroThink
join:2000-07-11 Oklahoma City, OK |
to eburger68
Excellent points. Oh, and if anyone is wondering what Giant AntiSpyware looks like in action on a system - check out that pic above. That was an innocent capture - some ActiveX over at the iPods site. But since I really didn't want to sign up for iTunes, I blocked it anyhow. Cool. Glad some of you already did the footwork on determining what an effective combination of tools would be, I was thinking of doing the same thing. Now, since I already have PestPatrol, Giant AS, Spybot S&D, AdAware, and a few more, at least I won't have to buy all 6 to have a full tool box. But it seems most (even Giant AS) make claims they cannot back up, or at least eburger68 s tests don't back up: that they remove everything in the way of malicious spyware. |
|
|
to huntandpeck
Cliff:
Unfortunately, I don't think you're going to find a nifty combo of anti-spyware programs that will remove everything, and that in itself is a depressing realization. Whenever I clean up a spyware infested box, I know in advance that I'll be doing a good amount of the removal myself. The anti-spyware scanners are useful for automating much of the removal and for identifying just what's on the box. Nothing can subsitute for a good persual of the hard drive and Registry yourself, though.
One thing I ought to note: many of the programs detected some of the items you list -- they just couldn't remove them. That's esp. true of the IBIS/Wintools and IBIS/Websearch items.
Best,
Eric L. Howes |
|
|
One thing I ought to note: many of the programs detected some of the items you list -- they just couldn't remove them. That's esp. true of the IBIS/Wintools and IBIS/Websearch items.
Eric, thanks for clearing up that misunderstanding on my part. One frequently finds responses to people who are being plagued by spyware that suggest they run program A, then program B, but I think what I found, based on your work, is that the programs I've heard touted aren't the best starting point. One could go broke, though, buying all these programs. I guess the next step would be to try to find the least expensive combibations(s). Cliff Otto |
|
goddan join:2001-01-15 Quaker Hill, CT |
to eburger68
Great stuff! Thank you, Eric!
I took huntandpeck's analysis a little further, and used Excel to generate a table of all possible combinations of 2 programs. I got 22 that did better than Giant AS alone (which was 197 hits). The "classic" Ad-aware/Spybot combo only scored 168. But I would like to reinforce Eric's disclaimers. He did a good job on the limits of this kind of test--read it! Also, this only covers detect-and-remove, not the programs' ability to stop infection in the first place (clearly important for IBIS!). That said, here's what I got from his data (sorry for not aligning columns--I'm better with Excel than HTML):
Program 1 + Program2 = Hits Giant AS + Ad-aware SE = 229 Giant AS + Spy Sweeper = 226 Giant AS + SW Doctor = 222 Spy Sweeper + SW Doctor = 222 Giant AS + Pest Patrol = 217 Giant AS + SpyBouncer = 214 Giant AS + Spybot S&D = 212 Giant AS + ZeroSW = 211 Giant AS + SWStormer = 211 Giant AS + SW COP = 210 Giant AS + XoftSpy = 208 Ad-aware SE + SW Doctor = 207 Giant AS + NoAdware = 206 Giant AS + Aluria SE = 206 Giant AS + SpySubtract = 205 Giant AS + AntiSpy = 204 Giant AS + X-Cleaner = 202 Giant AS + SK 2005 = 202 Giant AS + McAfee AS = 201 Giant AS + SpyHunter = 201 Giant AS + BPS SWR = 201
I did get 287 possible hits, not 285, but that should be close enough! |
|
cp70 join:2004-10-08 Watertown, NY |
to eburger68
Im pretty new to internet security so dont flame me for being ignorant . I take it from the posts above that people are using more than 1 anti-spyware program .
How many scanners can a system safely handle without causing errors and crashing each other ? Can you also use more than 1 antivirus program ?
Seems like you would need a ton of memory just to have that many diffrent scanners & processes running at once in the background. I know you can have more than 1 firewall cause im behind 4 .
Damn i thought McAfee firewall + & Antivirus with Webroot Spysweeper was expensive enough . Now what a major memory upgrade & 20 more software programs .
Kinda depressing . |
|
muf9Captain of the axe Premium Member join:2003-01-04 uk |
to eburger68
said by eburger68: One thing I ought to note: many of the programs detected some of the items you list -- they just couldn't remove them. That's esp. true of the IBIS/Wintools and IBIS/Websearch items.
Eric, You are probably aware that TrojanHunter is expanding into the adaware field. If i could point you to this thread. » Let's talk...It explains that TrojanHunter can deal with the IBIS/Wintools and IBIS/Websearch items. I know TrjanHunter has a lot of catching up to do and i suspect if tested with the malware in your recent tests may not fair as well overall as say a dedicated Anti-spyware application, but it is comforting to know there is an application out there that can handle these particularly nasty items. muf |
|
|
to cp70
said by cp70: How many scanners can a system safely handle without causing errors and crashing each other?
Most of them aren't real-time resident, they are on-demand scanners. said by cp70: Can you also use more than 1 antivirus program ?
Sure, although I personally recommend only having one being enabled for real-time resident scanning. said by cp70: Seems like you would need a ton of memory just to have that many diffrent scanners & processes running at once in the background. I know you can have more than 1 firewall cause im behind 4 .
You are running four software firewalls, on the same machine, at once??? That's quite remarkable. I'm curious which ones they are, and how they fare. It is highly unlikely that a selection of four gives any greater security than one, if properly configured. You may actually be reducing your network security in some cases. said by cp70: Damn i thought McAfee firewall + & Antivirus with Webroot Spysweeper was expensive enough . Now what a major memory upgrade & 20 more software programs .
Many, if not most, of the generally well-recognized and effective on-demand anti-spyware scanners, are free for limited personal use. |
|
Khaine join:2003-03-03 Australia |
to eburger68
Thanks eric |
|
John2gQui Tacet Consentit Premium Member join:2001-08-10 England |
to eburger68
said by eburger68:
One thing I ought to note: many of the programs detected some of the items you list -- they just couldn't remove them. That's esp. true of the IBIS/Wintools and IBIS/Websearch items.
Those are 2 reasons that I use BOCLean. It removes them both completely. |
|
muf9Captain of the axe Premium Member join:2003-01-04 uk |
muf9
Premium Member
2004-Oct-12 9:01 am
said by John2g: Those are 2 reasons that I use BOCLean. It removes them both completely.
Thanks John. I suspected as much. So both BOClean and TrojanHunter remove them. I have both application's. Lucky me. And i suspect there are more application's out there that can, but most likely AV and AT apps. muf |
|
cp70 join:2004-10-08 Watertown, NY |
to VirtualLarry
I am running a Wireless connection firewall , XP SP2 firewall , McAfee firewall + , Router firewall . All ports appear stealth according to BBR port tests . Havent had a single problem with any of them . |
|