Connect with us

OT: anti-malware progs ineffective

Discussion in 'Electronic Basics' started by Terry Pinnell, Jan 28, 2005.

Scroll to continue with content
  1. I was surprised to learn today that all anti-adware and anti-spyware
    programs perform so badly. Here's an extract of the ranking, from
    'Anti-adware misses most malware' By Brian Livingston, in
    http://windowssecrets.com/050127/

    Product Adware Fixed
    ---------------- ------------
    Giant AntiSpyware 63%
    Webroot Spy Sweeper 48%
    Ad-Aware SE Personal 47%
    Pest Patrol 41%
    SpywareStormer 35%
    Intermute SpySubtract Pro 34%
    PC Tools Spyware Doctor 33%
    Spybot Search & Destroy 33%
    McAfee AntiSpyware 33%
    Xblock X-Cleaner Deluxe 31%
    XoftSpy 27%
    NoAdware 24%
    Aluria Spyware Eliminator 23%
    OmniQuad AntiSpy 16%
    Spyware COP 15%
    SpyHunter 15%
    SpyKiller 2005 15%

    So, given that there must be great overlap, I reckon my
    frequently-used combination of Ad-Aware SE Personal and Spybot Search
    & Destroy is catching little more than half the malware reaching me.
    Unsettling.
     
  2. Jim Thompson

    Jim Thompson Guest

    The reviewer missed the one that seems to work quite well for me,
    "Scan Spyware", but it's *paid*.

    And, actually, NAV seems to be working pretty well at *identifying*
    problems, but poor at removal... most adware screws with the registry
    and adds DLLs, requiring booting up in SafeMode to manually clear
    everything out.

    ...Jim Thompson
     
  3. Ken Smith

    Ken Smith Guest

    It is an indication of how hard it is to remove the malware programs
    without removing applications or Windows its self. There are several
    things working against the writers of such software:

    (1) You can't simply remove any software that appears to send data over
    the network without removing portions of Windows.

    (2) You can't simply remove any "strange" software since different users
    have different applications installed and there is a wide variation in
    what portions of Windows are installed.

    (3) There is no direct way to tell the difference between a newer DLL
    that has some bugs removed and one that has malware added.


    I think what may be the best way to solve the problem is to place Windows
    on a disk as the C drive, install all the applications from the shrink
    wrapped boxes and then disconnect the write wire of the C drive. From
    that point on, all the data goes on the D drive or it goes nowhere at all.
     
  4. john jardine

    john jardine Guest

    I've got some trash called "Cool web search" on my PC at the moment.
    *Nothing* can remove the core component.
    "Spybot" will crash the PC on finding it. Others just acknowledge that this
    POS is present.
    Even the purpose written "CW Shredder" crashes on attempting to remove it.
    Where are all those oh-so-clever-hot-shot-windows-programmers, when they're
    needed to do some real, socially useful work?.
    By default I'm learning that windows is built on gibberish. It leaks like a
    sieve. No amount of updating can ever improve it.
    regard.
    john
     
  5. Ken Smith

    Ken Smith Guest

    "fdisk" will remove it.

    I think Windows users should do as follows:

    Make sure you have a CD burner.
    When you burn CDs label them with the date, and what is on them.

    As soon as you have a working Windows machine, make a backup of everything
    onto a CD.

    If you are going to download and install something, download it and save
    the download file onto a CD.

    Every time you create something you don't want to lose, write it onto a
    CD.

    Plan on doing a re-install of Windows every 3 Months to a year.
     
  6. John,

    There is an extra program to remove the spyware that crashes CWShredder. You can
    download it here:
    http://www.spywareinfo.com/~merijn/downloads.html

    Run this program, then run CWShredder and HijackThis.

    Hope it helps,
    Alex Parkinson
     
  7. Good idea, though I think you're going to need a DVD these days.
    I download/save everything to a directory under an "installed"
    directory on my "D" drive/partition and install from there.
    Periodically that directory tree gets written to CD.
    ....along with all the malware already installed.
    Why plan on it. It's going to happen anyway. Actually, I'm on year
    five on this laptop and refused a new one because a re-installation
    would be a disaster. :-(
     
  8. I read in sci.electronics.design that Ken Smith
    You can't then install the weekly crop of updates and bug fixes for
    Windows itself, not to mention all the apps.
     
  9. Nico Coesel

    Nico Coesel Guest

    Using windows as a user and not administrator does effectively the
    same.
     
  10. john jardine

    john jardine Guest

    Thanks Alex.
    I ran the prog and it reported No CoolWWW present. Anyway, then ran
    Shredder. It found 2 CoolWWWs and removed them without crashing. Whoopee!
    must be on a winner here.

    Then ran Hijack-this, removed some host redirections and a couple of lost
    links.
    Then ran Spybot. It told me I still had 7 varieties of CoolWWW still
    present. Tried to fix them but Spybot crashed out (though this time without
    taking the PC with it). According to Spybot 5 CoolWWW varieties are still
    active.
    I'll know for sure in about 10 minutes, as the browser redirections and
    other programmes and pack-mates of CoolWWW start knocking on the door.

    To me it looks like CoolWWW had regenerated itself inbetween running the
    progs. The guy who wrote Shredder pretty much admits it's impossible to
    remove.

    regards
    john
     
  11. Make sure all your spyware removal programs have the latest updates
    applied then unplug your network cable. You have to run the scans and
    removals while not connected, otherwise stuff is being downloaded and
    installed faster than you can clean it up. You may want to boot into
    safe mode as well before running the removal tools.

    I also suggest you try using the Microsoft Spyware Removal Tool free for
    download from MS's download area. It's just a relabeled version of
    Giant's product. It finds things that neither Spybot S&D nor AdAware
    find. As the guy said, it's pretty much an exercise in futility trying
    to totally rid your machine of all traces of this crap. You may also
    need to disable windows system restore stuff so that windos doesn't help
    you out by restoring the spyware infected files.

    I remove allot of this junk all the time for people and the problem is
    only getting worse day by day. These things engrain themselves so
    deeply into windos that it's virtually impossible to get them out. I
    also see allot of WTools and WebRebates on machines, this is a real bad
    thing. They generally run as 2 parallel processes so terminating them
    is next to impossible as the sibling will simply respawn the one you
    kill. Since windos tells the process that you are trying to end task on
    it to give it a chance to terminate normally, most spyware naturally
    takes advantage of this as well.
     
  12. Ken Smith wrote:

    [snip]
    If windows was designed this way...


    Rene
     
  13. SioL

    SioL Guest

    Maybe publicly identifying people who write this crap (with a picture, name
    and address) would take care of this problem. I'm sure many pissed off users
    would love to "personally congratulate" the authors.

    And than perhaps an amnesty for any "crime" involved in congratulating.

    Burn 'em on the stake!

    S
     
  14. Jim Thompson

    Jim Thompson Guest

    ISTR a case where a spammer's place of business was torched.

    ...Jim Thompson
     
  15. Guest

    If you want to get rid of nearly all spy/adware, and even virus issues,
    quit using Outlook and Internet Explorer.

    Mozilla is a very well done browser, that can be configured to block
    popup ads, and restricts access to the system. Internet Explorer almost
    seems to "go out and get" spyware, as it is so vulnerable, and has such
    little security. Besides, if you don't know what 'tabbed browsing' is,
    consider checking out Mozilla. It is the best feature ever created for a
    browser.

    Outlook and its offspring Express are wide open front doors for all kinds
    of havoc on you computer, both for allowing access, and for propogating
    things.

    Use Eudora, or any one of a half dozen other very good programs, and you
    will find that (Make up random number here) 95% of your problems will go
    away.

    My son uses IE and Outlook, and the cheesy spyware stuff still finds
    literally hundreds of problems on a weekly basis. I use Mozilla, and MR/2
    ICE for windows, and running the same spyware stuff as he does, find maybe
    one a month.

    Complaining feels good, doing something about it is a better idea. Lose IE
    and Outlook, and see most of the problem go away.

    John
     
  16. Jim Thompson

    Jim Thompson Guest

    Any comments/information/user-reviews for "Secure IE"?

    http://www.secureie.com/index.aspx

    ...Jim Thompson
     
  17. Ken Smith

    Ken Smith Guest

    If C can't be written, most of the bug fixes aren't needed since they are
    fixes to ways that C can be corrupted.
     
  18. Ken Smith

    Ken Smith Guest

    Not even close to the same. Windows constantly writes stuff all over C
    even when running as just "user mode". Bugs can allow important stuff to
    be overwritten. ith my solution, most of the bugs don't matter.
     
  19. Ken Smith

    Ken Smith Guest

    That is sort of what I suggested, but I don't think you can trust the
    downloaded version of a program for very long. The next time your
    computer gets hit, the virus may modify the downloaded files too.

    The "it" I mean is specifically what you created ei: the file you
    produced. If it gets infected before you save it to CD you lose it but
    assuming that you detect the virus, all the stuff before that point is
    safe.

    My wifes computer is less than 4 months from its last re-install and
    already stuff doesn't work. Re-installing is a majop pain because it uis
    an upgrade version so it wants to keep all the malware or refuses to
    install. When it is installed, it is complete virus bait and has to be
    patched, patched and patched again before the network is used.
     
  20. Guest

    Guest Guest

    Sometimes CWShredder needs to be run from both Windows and Windows in
    safe mode. Certain processes get stopped and it can do it's job.
     
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Electronics Point Logo
Continue to site
Quote of the day

-