Anti-Spyware Products Don't Live Up to Promises

John Wells writes "In the December, 2004 issue of PC World, the author of an article titled Poor Defenders concludes that most commercial anti-spyware software is ineffective. In tests using a fresh install of XP and 6 typical spyware infections the commercial software failed to stack up against freeware competitor Spybot Search and Destroy. Four out of seven commercial products failed to remove any of the infections. One product even installed 57 spyware files itself! Conclusion: Use freeware products like Spybot and Lavasoft's Ad-Aware SE Personal."

How many

Spyware stories do we need?

Did everyone decide to review Spyware solutions at once? Is it like in Hollywood when you'll have one movie on a subject followed by a couple copycats?

Re:not too comprehensive

[Cat_Byte]

But really, Spybot isn't even cutting it anymore, IMO. AdAware is still doing well

I find running both of these and using the yahoo spyware blocker is pretty effective. The yahoo thing doesn't catch all of them but I notice the # found by spybot and ad-aware went down quite a bit after installing it. FYI, if anyone hasn't upgraded to 1.05 of ad-aware I recommend doing so. I found about 30 more spyware programs on my Mom's computer after the upgrade after scanning with the most up to date definitions on 1.03.

why?

[Chuck+Bucket]

I still can't fathom WHY Microsoft doesn't have something like this builtin to XP. My mom bought a Dell and a neighbor has had to clean the thing 3 times in the past 6 months! I'm embarassed now that I didn't push her towards a Apple now, but I only run Mac and Linux at home, and had no idea how bad the spyware issue is for Windows.

Really, this is an OS problem, and MS should provide a solution, you shouldn't have to reply on 3rd party providers to fix a shortcoming of the OS!

BCB

Re:why?

[0racle]

I think that it might have something to do with the phrase 'anti-competitive lawsuit.'

No spyware is not an OS problem, I have Windows machines, I use IE, I do not have a spyware problem. My girlfriend runs Windows, she uses IE, she does not have a spyware problem, and while I may be catagorized as more cluefull then the average user, she is the average user excepting for one thing, she actually learned how to use her computer. Do you consider a person refusing to clean their duct work, or take their car in for a tune up a problem with the house or the car? No its the users fault, and its the same with spyware. How long have people been told, don't click on everything you see? Don't open that mail? Hell its even on the news now. This is a problem with people activly refusing to learn. Spyware writers do not target Windows, they target IDIOTS. There are spyware apps that target Mozilla that do things they shouldn't, so why are there not more? The target is idiots, thats why, you will see more and more targeting Mozilla as more and more of the target audience are convinced to use it.

Re:why?

[TheAwfulTruth]

Then it'll be Microsoft that determines what software is "Spyware" and what is not?!?

This is NOT an OS problem at all. Spyware is (as far as the OS is concerned) a legitimately installed and running program.

There is nothing in Linux or OSX that will prevent spyware on those OSes either. It's an ignorant user that installs Gator and the syware it comes with (or any of dozens of other spyware carrying programs)

That being said, XP SP2 does help in this regard. There is an additional warning when you try to install or run programs that you have downloaded from the web, and the firewall will block outgoing connections from unknown programs (Till you tell it to do otherwise). So that helps some, but of course the ignorant user that bypasses all that will still have a "problem" that they cannot understand.

The only way to truly prevent the problem of spyware is to prevent users from installing software at all, on ANY OS. (Er, but then my Toshiba laptop came preinstalled with spyware, so not even then...)

Re:why?

[Swamii]

Probably got to the point where pop ups from spyware infected computers were making people think twice about windows as an os

Haha. As if people actually knew was an OS was...

The real reason MS hasn't created a spyware blocker? Because peanut galleries like Slashdot would go up in arms about how MS is trying to "take over another market", cry about unfair competition, whine about too much bloat, etc. I mean, just look at how Slashdotters whined and cried like a bunch of 4 year olds this morning when Microsoft announced they were entering the blog publishing realm. When you're Microsoft, it's damned if you do, damned if you don't.

Re:why?

[Mongoose+Disciple]

On top of things already mentioned in some good replies to this post...

You have to remember that the spyware climate looked pretty different back when WinXP was first being designed/written. It's reasonable that the designers wouldn't have anticipated it becoming as much of an issue as it has and wouldn't have prioritized it very highly.

That said, I have a Windows machine at work and another at home, and outside of cookies that AdAware cleans up, neither has ever had spyware or a virus. You'll never be able to write software that makes it impossible for malicious people to exploit uneducated or naive computer users. That doesn't mean that the effort shouldn't be made, but realize it's a losing battle. There will always be some way to trick novice users to allow something bad to happen to their machine.

Re:why?

[omicronish]

I still can't fathom WHY Microsoft doesn't have something like this builtin to XP.

Really, this is an OS problem, and MS should provide a solution, you shouldn't have to reply on 3rd party providers to fix a shortcoming of the OS!

The ultimate solution would be to make Windows more secure by default. Yes, you can make it difficult for spyware to enter, but only if you make modifications (run as regular user, keep patched regularly, use Firefox, if using IE modify a crapload of settings to make it as secure as it can be, etc.). Regular users don't know how to do these things, and it'd be really nice if a couple of those things were done automatically. Actually, it'd be more than nice; it's imperative that they be done for the sake of security.

The solution isn't to bundle a spyware remover with Windows. The solution is to eliminate the security flaws that allow spyware to enter in the first place. And I'm not talking about buffer overflows and such, but fundamental security blunders such as the introduction of ActiveX. The former are a nuisance that are difficult to avoid (just look at all the flaws in IE, Firefox, etc.), but the latter is simply inexcusable since they're purposely designed. Microsoft didn't accidentally create ActiveX; they planned and implemented it without realizing the security implications.

If anyone's ever looked at IE's security model, even if it's theoretically safe it's confusing as hell for people even like me. The concepts of zones and many different unclear settings that affect security turns securing IE into a trial-and-error process. When people suggest rewriting IE there's usually an implication of rewriting stuff to fix buffer overflows and other annoying bugs. I suggest rewriting IE to eliminate the confusing security model and ActiveX, which in turn would likely eliminate many potential bugs that arise from confusion.

Re:I Prefer hijackThis

[garcia]

Yeah, it's free, and it's great for people that have a "Clue". It's not so good for people that don't have any idea of what they are doing with a computer.

Most people don't have a Clue and they don't want to. That's why they are infected with Spyware in the first place. I would NEVER recommend hijackThis to anyone except someone I was KNEW was very good with computers and what they should and should not see running.

While it is difficult to get Spyware when you can't start your computer correctly it is also annoying ;)

Re:It's up to the users to do the research.

[which+way+is+up]

This is a dangerous trend. Given the majority of these ad/spyware companies don't care what their products do to the "users" computer, they can leave security holes unnoticed and allow exploits without the user even knowing there is a flaw in their computer. Windows updates can only do so much, and with companies releasing software that intends to help the user, but instead can hurt them. All the while the user is unaware. This makes me sick. Let's support the companies that work off of donations and have open source programs. This is the only way to prevent this from spreading to all of the favorite anit-ad/spyware programs.

Hmm...

[conebrid]

You must be using Internet Explorer with your security settings set to allow ActiveX controls to use the Pest Scan

Doesn't look like I'm going to be able to scan my system without using IE with ActiveX enabled. I think I'll pass.

Re:I Prefer hijackThis

[UWC]

My main problem with HijackThis is that it finds all potential instances of browser hijacking, benign or not. I've run it before, and a majority of what it found were things that did not need to be removed. It's good that it's so thorough, but it's definitely not friendly for those that need it most. However, I've seen forums in which you can post your results and other members will advise you on which entries are harmful and should be removed.

Fundamental Difference

[ObsessiveMathsFreak]

The fundamental difference between freeware and proprietry anti-malware software is that the freeware are doing it for the love of the game, or in this case their hatred for spyware in all its daemonic forms.

Commerical anti-spyware vendors on the other hand are in in for the $$$ and that means they are susseptable to temptation, i.e allow malwarez who give them money to get through, use malwarez tactics to get money and do things other than what it says on the tin while users aren't looking.(read, kazaa)

I suppose commerical vendors are just more idealogically close to the spammers, who are also in it for the money.
In any case, if you need an 'infrastructural' type software program, your nearly always better off going FOSS anyway. That's my 2c.

Re:Fundamental Difference

[sjonke]

That can be true, but what is to say that a freeware spyware removal tool developer wouldn't take payments from spyware producers? Indeed it would seem even greater incentive to do so seeing how all their development efforts add up to nada in terms of income otherwise.

Re:Don't install "anti spyware" advertised in popu

[sonicattack]

Don't buy any services or products advertised in popups, or other "annoying" media.

Duh!

Spyware Stormer

[LittleLebowskiUrbanA]

is not a company you want to do business with regardless. I note that they responded to the article. So how about this question, Spyware Stormer? I challenge you to answer me here in this public forum and will once again email this to every address I can find for your company.

Why is your company using Windows Messenger Service to effectively spam/invade user's privacy with unwanted popups advertising your product?

Spybot: Destroy UI Designers

[Blakey+Rat]

Too bad Spybot: Search and Destroy has one of the worst UIs I've seen in a Windows program in a LONG time. It frequently will do tasks without giving you any status report. It will often get dialog boxes stuck behind the main window where you can't see them to even know a dialog box is open. The custom controls are about the ugliest thing I've seen in software, and the entire program gives a "made by a junior high student in Visual Basic" vibe.

How about a little bit of professionalism in software development! I know it's freeware and you're not making money, but how about at least taking enough pride in your work to make it usable and not hideously ugly? I hate to say it, but I can't talk management into using Spybot: Search and Destroy as a standard because it looks so unprofessional.

Why use IE at all?

If you don't want people getting shot in your house, do you put the gun and the bullets in different rooms, or do you just not have the gun in your house?

Don't blast MS for Mom's self-inflicted wounds.

[McNally]

I still can't fathom WHY Microsoft doesn't have something like this builtin to XP. My mom bought a Dell and a neighbor has had to clean the thing 3 times in the past 6 months! I'm embarassed now that I didn't push her towards a Apple now, but I only run Mac and Linux at home, and had no idea how bad the spyware issue is for Windows.

Really, this is an OS problem, and MS should provide a solution, you shouldn't have to rely on 3rd party providers to fix a shortcoming of the OS!

No disrespect intended towards your mother, but it's at least as much a user education issue as it is an operating system issue (and actually I feel I'm understating the user responsibility considerably with that statement.)

There are some systemic problems with Windows, particularly the Windows/IE combination, that allow spyware to flourish -- the lack of a way for a common user to get a good idea what's running on their system besides MS-installed OS files, for example, or the multitude of places that auto-starting spyware can hide its startup away from the user's notice. But in the end the people who have spyware problems are almost universally the people who clicked on a link from an unknown source that promised them something cool (or more often than not, something astonishingly lame by more educated users' standards..) If your momand other users like her could be trained not to click on "Click here to install our FREE animated weather-forecasting dancing baby!" when she doesn't know anything about the source of the offer, 90% of the problem would go away overnight.

donate to a good cause...

[martin_b1sh0p]

I also recommend SpyBot...but I would like to point out that if you use and really like the product you should donate in order to keep the product free. Even if it's $1 or $5. Yes it's true that at that point the product is no longer free, but just think of the great product you got for only $1 or $5.

Re:Yahoo's spyware tool is the best

[kesuki]

Parent is not troll... Cookies ARE spyware and yahoo!'s toolbar uses cookies to tack and collect Personally identifiable information on users et-al. Yahoo!s Spyware tool does allow yahoo!'s tracking cookies to remain intact... while removing other companies... making yahoo!'s tracking cookies more valuable...
I'm sure yahoo!'s Removal tool works to remove eveyone elses spyware(or as much of it as yahoo! is aware of), but it by design allows yahoo to continue to track your web usage.

Re:or the easiest solution

[michrech]

Actually, MS *IS* to blame for it? How do you think the browser security failures got into the system in the first place?

Yes, software mistkes will happen (Perfect example: Microsoft). But the least they can do is repair the holes and release updates.

Sure, many won't install the updates on a regular basis, but every customer of mine will. Same will go for many other techs. With the security holes closed/closing, there would be less spyware (as we know it today).

I'm not taking blame from users. As long as they continue to not understand that there is *never* such thing as a free lunch, this crap will happen to them...

Re:It's up to the users to do the research.

[hackstraw]

They are absolutely correct here although there are only four programs you should ever install for combating spyware: Adaware, SpyBot S&D, SpywareBlaster, and a good software firewall package (preferably one that tells you when something is trying to connect out to the Internet like ZoneAlarm).

Thanks for the tip. If I ever get spyware or adware on my Mac, Linux, or Slowaris boxen I'll install these and see if it helps.

Sadly, most people out there don't know, care, or care to know.

And why should they?

Although I'm more technically and mechanically inclined than most people, do you know what I know or care to know about my car?

I put gas in it when the trip odometer gets around 300 miles (gas gauge is broken).

I get someone to put new oil and stuff in it when its been about 3,000 miles or about 3 or 4 months. When I'm there I may get some other fluids or belts or hoses changed if I can't remember when the last time I've done it or it looks bad enough to change.

My car is 14 years old. Its broken down twice in the past 5 years that I have owned it. It broke down due to a broken water pump and a broken universal joint on the drive shaft (neither were diagnosable by physical inspection). I'm guessing these anecdotal data points are much less than what is expected of an average person to surf the web and read some email.

I know and spend much less time with things like my telephone, my television, my stereos, my dishwasher, my garbage disposal, my microwave, well every other electro-mechanical gizmo that "makes my life easier and better".

I'm sorry, but statements by us technogeekdweebies like Sadly, most people out there don't know, care, or care to know. only applies to computers. Actually, a large subset of the computer population that run something besides a Mac, Linux, or Solaris on their computer.

I hate to be l33t or whatever, but a statement like Sadly, most people out there don't know, care, or care to know. falls into that category, and that is following advice that there are 3 specific 3rd party programs required to keep your computer running (after careful research) and a 3rd party firewall product that is much beyond anyone's wants or needs for surfing the web and reading email. Oh, and I hear that people "need" or "should" also have a virus program on their computer also (after careful research, and constant updates).

I get reminded daily about how fundamentally stupid people are when they talk about their "computer problems". If I had those problems, I would throw the computer in the trash. End of problem.

Sometimes I think about creating a startup company that rebrands and sets up Windows correctly and sell it at a premium to people. Something akin to what Saleen does to Ford Mustangs. I would bet that people would pay well beyond Mac prices for a "PC" that runs almost as good as a Mac.

Re:she got a refund?

[SydShamino]

>> They actually gave her money back. That's good right? Sure they took four months, but they did it. She should shut up and stop complaining.

So you think its ok for a company to sell a broken, potentially harmfull product? If customers are hurt by the product, you think it is ok for customers to have to waste their own time over the course of several months to seek the minor recourse of a refund? Then, if they do finally get back their money, you think they should shut up and not warn any other victims that this company is engaging in fraud?

Stupid stupid stupid stupid

Re:It's up to the users to do the research.

[pbranes]

At the support center that I work at, we do pretty much the exact same thing - 90% of our calls are related to spyware. One thing you didn't mention above that you may want to consider is Bart PE. It is a bootable windows xp cd that can run ad-aware, clamwin, mcafee, and f-prot. It can also connect to the internet and download updates for each of these apps. You can then tell these apps to scan & disinfect the person's hard drive. We have found that if we run bartpe right away on any computer we get in, we can save ourselves tons of time because it knocks out all the nasty spyware, trojans, and viruses right from the start.

Re:or the easiest solution

[pauloslash]

Stop surfing w/ admin rights. Using firefox doesn't hurt either.

By doing both, SpyBot nor AdAware will ever find anything to remove. Only thing i go out of my way to remove occasionally are cookies.