Slashdot Mirror
Antispyware Shootout
An anonymous reader writes "ZDNet has published a review of 8 antispyware products from Computer Associates, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Trend Micro and Webroot. Check out the Editor's Choice. Interesting winner ...." I've used quite a number of these scanners on and on & off basis, and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything.
or the shootout ended up killing everyone, including the article.
He who knows best knows how little he knows. - Thomas Jefferson
I wonder whether there will remain enough CPU power to run the applications once I will install three to four ofthose scanners.
Maybe some major fix in the operating system (as well as in the users' brain) could help a little bit.
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
This might be a little out of date, but it's still my favorite review site. It talked me into paying for Giant right before MS bought it, which is too bad, because it was the best one I'd ever used.
Were they reviewing Spybot or not? I saw mention of it in the results, but I don't think it was on the results chart...
Note that the test was for enterprise versions of the products, meant for support of a 150 or so user network. Your mileage may vary if a test is done for single computer home use.
Each of them captures a certain area, but none are the One Ring or anything.
Apparently powerful, but deceptive and treacherous with a rootkit from the creator?
Live today, because you never know what tomorrow brings
why do they list all the companies 800#'s? do they do any good in australia?
every day http://en.wikipedia.org/wiki/Special:Random
Did tolkien's ghost roll over in his grave or something to make you people over-excited?
It's nice that they acknowledge the existence of free solutions ("freeware" anti-spyware programs), such as (my personal fave) Spybot Search & Destroy. I would feel a whole lot better about this article if it would actually compare these expensive commercial programs to the whole playing field of contenders. Leaving out the least expensive solutions (free ones) leaves this article wanting.
It frightens me that Microsoft has suceeded so well with their shoddy products that we all think that having to run a spyware tool is normal.
It is NOT normal to have to do this.
I don't know the meaning of the word 'don't' - J
For those of you who are too lazy or otherwise unable to reach the article (which in a matter of minutes should be just about EVERYONE), here's the summary:
Scenario 1: This larger (over 150 users) company is seeking dedicated anti-spyware. It needs a solution that can detect and clean up a range of malware on its machines.
Winner 1: Computer Associates eTrust Pest Patrol and Symantec Client Security. Once a network goes above 150 nodes the case for centralised management command and control capabilities becomes more important. CA wins here for its performance and ease of management, and Symantec for its accuracy.
Scenario 2: This smaller (less than 150 users) company is seeking dedicated anti-spyware. It is seeking a solution that can detect and clean up a range of malware on its machines.
Winner 2: PC Tools Spyware Doctor 3.0 for its ease of use, accuracy, and performance.
Editor's Choice: Symantec Client Security 3.0
It was neck and neck for the Editor's Choice Award between CA and Symantec. Had CA or even PC Tools detected more (they were both above average), they could have won, however, Symantec blitzed the field in detection which is really what you want. Note that this is at a trade-off to performance, and bear in mind that Symantec also includes antivirus, so your decision may come down to what virus scanning policy and system your business is already using.
SIG: TAKE OFF EVERY 'CAPTAIN'!!
Did any of them find the Sony rootkit?
I don't understand this. How can you trust an infected machine without wiping everything out. Even MS accepted that it's not possible to clean some rootkit kind of spyware if you don't reinstall Windows. Even if it can, how can you trust, without checking every bit of the OS? This is not Windows issue, it's same with linux or any other OS. But it's also very hard unless you're very ignorant, to get a complete infection with linux than Windows.
I would not trust any machine which is infected once, because there can be countless ways to hide an application once a hacker got in.
...a Mac and a Linux user, who wondered what all the fuss was about.
Why weren't spyware scanners for Mac OS X tested? Oh wait, that's a stupid question. Windows is a better operating system with more software than Mac OS X.
Strange women lying in ponds distributing swords is no basis for a system of government.
Whats going to be left of your CPU if you're running a bunch of anti-spy/virus/blaaaah scanners, auto-updaters and registry watchers? Have we all forgotten whitelist-based approaches? IMO, the best way to go is to DeepFreeze your system drive, unfreezing it for updates and installing new software (uninfected software of course). Then have a couple of data partitions that are not frozen. Run Firefox in ultra-restricted mode for everything but the sites you know are safe. Why is this so hard? The other approach would be to get AV makers to include spyware features in their software so that you don't have to clutter up your process space with extra protection.
An old-timer with old-timey ideas.
How about not using a hopelessly broken OS in the first place?
How about learning to operate a computer first? Most of these users with spyware problem stem from being computer illiterate. I don't get any spyware on my machine but I don't open anything that says "Click Here for Free Smiles", I use Firefox read the EULAs on anything I install and at least make smart decisions instead of installing anything I see without any problems. You wouldn't go driving a car without some proper maintance or you would have problems, but people don't see it like that, they figure anyting they can do on their machine can be easily fixed by someone for a cheap price or even free if they knew a computer nerd that will fix there computer for them.
Take my brother for example he installs anything he wants on his computer and dosen't care because as soon as I come home to visit my mother guess who is going to format and reinstall the OS again and make everything beter again and this cycle goes on and on.
How many average PC users would be able to maintain a Linux box? It's hard enough for most of them to simply use Windows let alone manage a PC. Can you really see a vast majority of people switching OS? The worst thing would be that once the Linux population gets to a significant proportion it would become worthwhile to write viruses and spyware for it. The elite niche that Linux users enjoy is part of it protection, not just because it's more robust. I'm sure given sufficient motivation there are exploits to be found in Linux as well. For now any reasonably clued up Windows users can avoid most of the problems associated with viruses and spyware.
It frightens me that Microsoft has suceeded so well with their shoddy products that we all think that having to run a spyware tool is normal.
What I find interesting is that people are ready to use an anti-spyware product from the same company whose OS is being infected by spyware.
If their OS is vulnerable, why would their "solution" be any better?
I recommend SpyAxe. It generates pop-ups and then, conveniently and promptly, lets me know that my machine has been infected with spyware.
Have you ever heard the word 'rootkit'?
I've used quite a number of these scanners on and on & off basis, and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these.
Why don't you get a grammar checker instead?
But seriously, spyware has little to do with Microsoft and their shoddy products. MS is definitely to blame for inadequate security, poor mimicry GUI designs, and an attrocious "embrace and extend" attitude towards open standards.
That said, Spyware is more the result of the combination of the insane ROI for spywarers coupled with poor user education. One might argue that Windows allows users to have too many privileges yet this perception only minimally impairs the dedicated keystroke logger.
Fault anyone, fault doubleclick. And the wholly inadequate privacy and confidentiality laws of the US governement.
Such a wonderful approach to solving a problem... let's keep track of all the thousands upon thousands of bad programs out there and try and stop them. As some of you may know... a better approach is to track the good programs. That way you have fewer things to track and you can just disallow running of everything else. I believe this has been discussed in slashdot before dealing with flawed approaches to security.
And, is it possible to detect a $sys$ file with these?
He who knows best knows how little he knows. - Thomas Jefferson
Even my wife (who doesn't want to become technically competent) has no problems. Now, if I could only get my two teenage kids on board . . .
It's amazing how many people here in meatspace know better than to trust a stranger, know that "if it seems too good to be true, it probably is"; yet when they get into cyberspace they automatically assume that all is sweetness and light and they're oh, so disappointed when Mr. Nagooli Unqualidu of Nigeria won't send them millions of free dollars, or the viewer software from their favorite pr0nsite suddenly pops up at the most inopportune moments to display banner ads.
Not that I know from firsthand experience, of course!
"you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything."
And where is Sunbelt Software's CounterSpy (both consumer and Enterprise editions) in this round up? They left out major Antispyware applications!
No kidding!!! What do you say at this point?
That's the malware that ends up on WINDOWS computers when grandma buys one... right? Personally I'm tired of fixing peoples computers, they bought a Microsoft machine and it's Microsoft that should support it.
For the client-side antiSpyware solutions, how is the client-side performance? I've seen some very comprehensive virus scanners that also drag performance down into the mud. For example, Symantec severely impacts Metrowerks' compiler and copy times to and from SMB shares. McAffee utterly punishes network performance. cygwin's rsync ran at less than 10% speed when McAffee was installed, and I had to uninstall McAffee to recover speed, I couldn't just turn off network scanning. I'm assuming the antiSpyware programs are similar to antiVirus programs in this regard, as they're basically the same software but with a different database of things to look for.
To me, this suggests that Microsoft does not really know thier product though they would like us to believe otherwise. Remember the phrase " ...Microsoft products work best with Microsoft products..." , which was coined [by M$] in the early nineties during the word processor battles?
Just last week M$ representatives were at my place of work trying to sell some stuff to our IT department. The buzz I heard was "it's only M$ that understands M$ products...".
I guess it all about the money, sadly.
Actually, I only need one method to make sure that the machine is truly clean:
See my Home Theater
> "Each of them captures a certain area, but none are the One Ring or anything."
Do you mean none of them turn you invisible and let you spy on others? That sounds like the ideal spyware tool not anti-spyware...
the problem with most of these modern anti-spyware software is all of them want to stay in memory ALL THE TIME. Even worse are Anitvirus tools. I tried once to install several of them to have mre than one on-demand scanner at my disposal, and it was a mess.
Even IF they offer the option to NOT load themselves at each startup, many still do load something anyway. Most dont even ask so that you have to disable 3 different services and 2 startup programs with cryptical names.
Otherwise you end up with all of these tools concurently trying to scan each file access / internet request, registry change etc.
You end up with all sort of interesting and unpredictable side effects, probably offering worse protection than each of them alone.
... which can be found at http://www.hitmanpro.nl/
Hitman Pro is a meta-tool, an aggregate of 10 antispyware tools that automagically downloads and runs these tools with as little fuss as possible. Unfortunately the whole page is in Dutch, but the Download button is quite visible, and the software itself may be run with an English interface (self-explanatory).
A (rather outdated) manual can be found at http://xthost.info/hitmanual/. Enjoy!
Just
It seems that sometimes spybot doesnt pick up things that adaware might (or vise versa) or it wont remove them properly. Never hurts to have a few!
Why do the majority of commercial virus scanners seem to work flawlessly when kept up-to-date yet we're still at the point where you may need half a dozen anti-spyware programs to clean up an ordinary windows box? What is it about spyware that makes it seemingly so difficult to shift? Oh, and why are people even recommending routinely using antispyware when it's so much easier, cheaper and cleaner to sort out the problems at the source and just get your security to a tolerable, spyware-proof level?
First, installing and maintaining a Linux box is much easier than Windows. Try Ubuntu, for example, complete install with latest patches in less than an hour versus the 6+ hour install last time I had to reinstall Windows due to spyware corruption (Windows install, SP installs, patch updates, application installation - MS Office plus patches... don't forget to install and configure firewall and anti-virus).
Second, Linux was designed from the ground up as a multi-user system which means that the security to prevent viruses and spyware is built into the architecture, not patched on top of an insecure architecture like Windows. The fact that Linux users aren't plagued by viruses and spyware is because they are secure by default.
I don't read your sig. Why are you reading mine?
Could someone please explain to me what Spyware and viruses are ? I've been on Linux for 3 years and I forgot.
Notepad specialist & FAT administrator, group training available
And the wider body of MSFT users find this situation normal and acceptable? Just amazes me. Don't surf the internet with Windows! Keep a Linux machine with firefox around for browsing, email and chat. Don't leave the windows box connected to the internet for anything but updates and that behind a firewall.
MSFT should offer a web safe version called Windows Unplugged.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
From the test results page:
Clean machine accuracy and performance testing
* Accuracy: Only Lavasoft and Spybot Search & Destroy picked up anything when instructed to scan a newly installed and patched version of Microsoft's Windows 2000 Professional. Both reported Alexa (adware) related items. The other seven applications in this test correctly reported no items.
Sorry, but in my opinion, Alexa IS spyware (or can be if you use IE) and spyware detectors should find and at the very least warn you of its presence. From there it's up to the user to decide to keep it or junk it. Just because you have a fresh install from Microsoft doesn't mean it is clean. Microsoft is just as capable as anyone else of bundling crap with their software.
Spoken like someone who has never worked in a corporate environment before.
All any-spyware programs have their strengths and weaknesses. Hitman Pro capitalizes on this and uses a wide range of anti-spyware programs at once. It downloads, configures, and installs many of the leading free anti-spyware tools and runs them sequentially. It then follows up with a spyware scan of its own. At the end of it's multiple scans, it displays a complete html report of what was found and cleaned and saves the report in its log directory. It takes about an hour to run first time aroud, and even my non-technical friends found it fairly easy to use - although they were at first a little surprised that their computer was automatically installing and configuring programs by itself. Frequently one anti-spyware program will pick up code that another anti-spyware has missed but at the end of the cleanup, almost all Spyware instances will have been found and either cleaned or deleted. It's worth a look. I keep it on my usbdrive for any computer housecalls I make regarding spyware.
Ok, I agree with this idea, generally - let's disallow stuff that's not known good. But, ultimately, you gotta give the user the opportunity to run stuff that is not known to be good (let's say I'm a programming student, and writing my own programs - if I can't run them, I can't test them).
The problem is, if someone wants to try a new program they got off the internet, once the spyware is installed and they realized what happened, they need a way to get the crap off their computer - but most of it provides you no good way to remove it. This is where these spyware scanners are handy - they provide, essentially, an uninstaller for the spyware crap you want to get rid of.
The truth of the matter is, there are many more legitimate programs than illegitimate ones. It sounds good to block 'unknown' programs, in theory, but would mostly cause users a lot of hassle, and introduces the 'Click This' phenomena - similar to software firewalls that popup a 'keep blocked/unblock' dialog - most users will just allow stuff they don't know to run anyhow, because they think they probably need it if it's on their computer.
And that brings you back to needing to remove stuff once it *does* get on the system. There's no way around it - while trying to take preventative measures is certainly good (for example, a public library system I was working at for awhile finally got around to upgrading all their computers to Win2k/WinXP and locking users' ability to install anything, which made support dramatically simpler), you STILL need a way to fix things when they break.
...I use Lavasoft's Ad-Aware SE Professional in combination with Spybot - Search & Destroy, they keep my PC spyware free.
Hogwash. In Linux or Mac, you can accomplish all daily tasks as a user with limited privileges. This is often impossible in Windows. In Linux, you can easily choose to install software only from trusted sources (e.g. your distro's package repositories.) It comes with all needed apps. This is not true in Windows.
Need more proof? See this from the Register.
It's completely ignorant to say that Linux and Mac would be just as bad if they had more marketshare.
Penny - plain text accounting
http://www.zdnet.com.au.nyud.net:8090/reviews/soft ware/security/soa/To_catch_a_spy_Eight_anti_spywar e_tools_reviewed/0,39023452,39225147,00.htm
/. seems to be written in Perl.
Karma whore, I know.....
I don't know why the changeover to CSS didn't include a little modification to the story submission script that automatically updates all story links to use Coral Cache. It really wouldn't be that hard, especially considering all of
"City hall" in German is "Rathaus" Kinda explains a few things......
Sure the products work, but the significant performance overhead and the annoying liscensing checks pretty much kill the deal for me.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Nah. It's just that stories like this vindicate our reading of SlashDot on company time, so everyone opens it.
"Look Boss! It's about computer security! It's good that I'm reading this, right?"
(Funny joke, though)
"Live as if you'll die tomorrow." Ridiculous. You could die later today.
(Fair disclosure - I run Linux)
I see that in a lot of the responses the knee jerk "blame Microsoft" response has come into play. If you buy a house without a lock on the front door and a thief comes in and steals something, he gets arrested. There may be a lot of eye-rolling at your stupidity for not installing a lock after you bought the house, but the fact remains that you didn't break the law, the thief did. In the case of spyware, it is the company that planted the spyware that should get the blame.
Have one of my kids change the admin password - then ask them for the password: "I don't remember."
:)
Admin rights for no-one, installation rights for no-one.
Or, better yet:
Turn off Windows machine, turn on OSX and Linux machines, repeat as necessary until problem goes away.
A Passionate Independent Musician
There is an interesting application called HitmanPro that uses most of the anti-spyware software available in the internet and uses them all to automatically find all the shit hidden. The website is in Dutch but the software is in German and English as well.
Please, mirror the site asap and make available extra copies of the program.
You misspelled "spyware."
Prove it. Oh... you can't, can you?
The only way you can know for certain is if OSX or Linux become as big of a target as Windows is and the only way that that can happen is if the user base becomes as big as Windows.
Just because you *can* do all the things you need as a limited access user, doesn't mean people *do*. It's easy to do a decent job securing a Windows box yet most people have gobs of spyware. It's easy to secure an OSX or Linux box too, but that doesn't mean that people *do*.
Making the argument that one is certainly more secure than the other can't be proven at all until/unless OSX or Linux were the single most dominant operating system and had 90%+ of the desktop as Windows does. Until then, it's not much different than just making stuff up.
sig.
Come on, how do you really feel about it?
Linux has been around much longer than XP / 2k / 98, all of which are extremely vulnerable to Spyware / Malware / Viruses. Why has Linux, which has been available since 1991, along with all of the source code that makes it work, not had one spyware program written for it? I'm not trying to claim there has never been a virus or worm written for Linux, or *nixes in general. The difference is that developers of any POSIX-compliant OS or distro will have things patched much quicker than MS, with updates going out to multiple software repositories across the internet, updating any compatible distro of Linux (whether by deb, RPM, or ports/portage) quickly. Linux users tend to keep their OS up to date with the latest packages and security fixes. Windows has "Windows Update" which is a lame attempt to replicate the success of OSS package management systems. Many MS users tend to turn this feature off, but the sad thing is even if they leave it on, MS is still typically much slower to release a fix for problems with their OS. Spyware has been around for how many years now? They still haven't fixed it? Funny, I've been running Linux since 2000, never had one peice of Spyware infect my computer. Or a virus for that matter. All this using software that has the source code available for public viewing. Shouldn't this make it more insecure? Hmm, guess not.
Don't hit me... but I think you are wearing blinders here. Try a product called "hitmanpro" you will find more spyware or worse. Please don't be fooled that because you have good performance, you are clean. I work at least once a week on a pc either infected with a trojan or 1000's of instances of adware/spyware/malware. I see Ad-Aware on the desktop, and ask, "Do you use this?" Usually I hear, "Well, I used to run it, but not so much anymore."
I read lots about Mac and LInux kudos, and there is some basis in this fanfare. I personally use windows to stay current with my job, and not really for much more. I have a few Powerbooks about the house. They never give me trouble with any of the above problems. It just makes sense.
Sig Hansen?
But the scope of the article is for more than an single computer install. Sure, Spybot and Lavasoft's AdAware are good for a single computer, but when you get more computers, you want something you can administer from your desk. That's what was being reviewed. Personally, if I have to visit a machine, I use Spybot, SysInternal's ProcessExplorer, HijackThis, and information found in my head or Google... and sometimes SysInternal's RootkitRevealer.
They don't mention what they infected the computers with or whether they ran a full scan with ad-aware, which would find more things likely. They also value detection over ability to remove the infection, which is understandable but only mildly forgiveable.
I can understand that they are looking at a corporate environment, but in a corporate environment with 150+ windows 2000 machines you'd think they'd have preventative measures in place and more security. I wouldn't let any user install anything on their machines and require going through IT to do it. Why spend all that money on spyware cleaning tools when it'd be more effective to setup a domain server.
As for the home... in a home or small office environment the computers tend to get so infected that they call when they can't get online, their browser gets hijacked, or windows doesn't boot. Running each and every one of those scans isn't going to fix it or even detect the culprit. It will involve lots of manual work and ingenuity, but in that situation it's faster and and better just to backup and reformat.
It's really not that hard to prevent infections nowadays, just need to be told what not to do. An anti-spyware program that will warn you of changes to startup items or new registry entries will NOT save you though. It might help but if you're doing stuff that constantly pop-ups warnings, it's inevitable you're going to get infected anyway.
It annoys me to no end when they completely neglect prevention and instead go for treating the symptoms. It's irresponsible, it's ineffective, and it's just to sell products. And I'll stop myself from going on a further rant in my first Slashdot response.
"Too lazy to fail." - Heinlein
Certainly Linux and MacOS users would be more protected from remote exploits and other fun IE flaws. Yet trojans and phishers will still manage to infect Linux and MacOS peeps once the marketshare goes up. People will give their admin passwords to install the latest and greatest "screensavers" of Britney Spears. Hell, remember that they would give them up for a chocolate candy bar. So once the marketshares go up, you will see exploits go up sufficiently to require antispyware programs. Not as much as Windows, but enough to cause trouble.
A NYC lawyer blogs. http://www.chuangblog.com/
This is a bit OT but I think you're mistaken. Wind-ohs is easy to *learn* (and thus sell) but clearly the skill required to properly administer even one home windbox is beyond the average non-geek. So far I've converted 4 total non-geeks to Ubuntu (including my 66 y.o. mom), they find Gnome as easy as wind-ohs and don't have to remember their AV scans and updates , which they never understood how to do properly anyway. I get a call once or twice a month with a question, which frankly amazes me. Not one of them has broken an OS since conversion, two of them were chronic computer klutzes who needed me twice a week for wind-ohs.
I've wondered about that too. I think it's Linspire that has the "click n run" deal, sounds scarey. I hope the future of OEM linux isn't hurt by some dumbed-down distro that throws security to the wind.
Ya know like, stuff an things.
Wut!?!!oNE!@@!
f u kaytie!
wtfev3r. u hore. phck. dinner.. bbl fu2 kyndullz.
It's free (as beer) and does a decent job (has plenty of manual ways to remove all sorts of IE nastiness) and pretty much annihilates anything when coupled with spybot. However saying that MSASW is good is like saying the fire extinguisher that was given for free with your brand new Ford pinto is good.
In all my years of using Windows XP, I have never had a single virus or spyware infection. But it all starts with principles of basic security - Don't be stupid!
Also, using an alternative browser for the most vulnerable aspect of my computer usage(surfing online) goes a long way toward keeping crap off my system.
They also left out Spybot and AdAware. ZDNet's reviews are just like Fox News; Fair and Balanced.
If you want to keep spyware down, use an older version of Windows (if possible). I use Windows 98se and 2000 at home with little trouble. I run Spybot Search & Destroy about once a month on both of those machines to keep spyware out. On the other hand, I have a Windows XP machine that is more hassle than it is worth. I only use XP if I need to run programs that require this OS (which is rare actually).
I don't use any spyware applications, or a antivirus software, or a firewall. I use web based email so it basically stops anything comming through from email, watch what I download, and be careful what web pages I browse to. It's not M$ fault, yea their stuff is buggy, it's the end user's responsibility, and what you pay for is what you get, and Spyware is what they get. Let everyone keep being cheap, and irresponsible, it keeps me employed.
why doesn't the anti virus software deal with spyware? running two applications scanning files is plain stupid. beside the security companies need for higher revenues selling two products i don't see the reason to separate the two applications.
But how's that prevent spyware? Most of it would work just fine as unprivliged code, just spyware the current user, espically since the current user is usually the only user. Or just ask for admin. Competent admins often check to see why, normal users never do. I've actually heard a Mac user say "Odd, that shouldn't need admin" as they were typing in the password. Ot's just another hoop to jump through, it doesn't provide any real protection.
Based off of how bad our clueless grad students get their Linux systems owned, I remain totally unconvinced alternate platforms offer any more inherant security. When it comes to protecting a user from themselves, there's not much you can do other than take away their administrative rights completely.
Badgers? We don't need no stinking badgers!
CAUTION: Product may be hot after heating
How many average PC users are able to maintain a Windows box? The question should not be about an average PC user, but about the average OS admin.
Never underestimate the dark side of the Source
Have you ever run Linux? Or OSX? While running these operating systems, have you ever received any spyware? If so, please list the name of the said spyware program, along with a link to an information resource about said spyware. If you can't find one, I'd be glad to list information resources that contain such information for Windows:
Spyware Guide
Spyware Encyclopedia
Spyware Database
Each of these contains thousands of listed spyware programs for Windows. Considering Linux and OSX are the next most popular OSes after Windows, why wouldn't hackers be motivated to write spyware or viruses? The source code is open source, after all.
Time and time again I see people claiming that Windows REQUIRES admin permissions to be useful. I say baloney.
At our bank we have over 200 users running many different types of software. Not one needs to be "administrator" - heck, no one even needs anything above "power user".
Sure, some people will claim that in order to install software, and maintain the machine, you'll need admin permissions......but that is true on any system! Last time I checked, I needed to be root to install patches on my Linux machines.
The bottom line is that most users (non-computer savy) want to be able to install anything they like...and they don't want to log out, and log back in as admin to do it. This is true of ANY platform - not just windows. It is a human behavioral thing - not a systems design thing.
Some people will claim that "OS X prompts you for a root password when performing an install, you don't need to log out and log in". Sure, that's useful - but most of the OS X users i've seen blindly type in the root/admin password whenever the dialog box pops up. They never even read the box to see what is going on! Often times they ask if there is any way to get rid of that box.
So, in summary, as long as users can install anything they want on their boxes, there will be a spyware problem. Windows, Linux, OS X, solaris - it does not matter.
-ted
Clueless people like the grad students you mentioned are going to get owned no matter what they use, unless it's an unplugged doorstop. I think Linux does offer greater inherent security than Windows though: if I'm using Windows, after a couple of months I am bound to have at least a little bit of crapware installed, while on Linux, that's not going to happen. I'm pretty sure most of the /. crowd won't just give the root password to any dialog that requests it, so at least for this group of people (obviously not representative of people in general), I think that Linux/Mac OS offers greater security.
(The fact that there's no ActiveX for Mac is a huge advantage.)
sulli
RTFJ.
We have ten workstations in our training lab. Performance degraded to the unacceptable level after installing the latest Symantec AV. So I picked up various sizes of RAM sticks and did some testing w ith a script that measured the span of time it took the workstations to perform certain tasks. After tripling the RAM from 128MB per workstation to 392MB per workstation, we were able to almost get back to the speed at which our workstations ran prior to installing the AV product.
At least in the case of Symantec, their anti-spyware system uses the same engine as their AV product. Performance of other vendors may vary.
How about learning to operate a computer first? Most of these users with spyware problem stem from being computer illiterate.
I disagree for the most part. Users should not have to be computer experts to use them. There should be no link in an e-mail message or web site that will install spyware without any more user intervention. Software should be properly restricted by default, from access to your files, the internet, and the core OS. When I'm listening to the radio and I hear an ad for a new station on 143.6 AM, I don't have any fear of navigating the dial to that station, because just listening to a given station is unlikely to cause my radio to start reporting my listening habits and adding extra ads from that point on. Computers should be the same.
Take my brother for example he installs anything he wants on his computer and dosen't care because as soon as I come home to visit my mother guess who is going to format and reinstall the OS again and make everything beter again and this cycle goes on and on.
While what he is doing is ill informed (or he is just uncaring) he should be able to install anything he wants without worrying about it doing malicious things, unless he specifically allows it. Other OS's have sandboxes and good application level ACLs, although none are really up to snuff. Of course other OS's don't have a malware problem, so there is little need as yet. Your blithe acceptance of the problem, is part of the problem. If there were two major OS's competing in the space, based upon the quality of the solutions, the malware problem would 99% mitigated in a matter of months. The problem is not solved because MS does not care to solve it.
the reviewer didn't test spybot S&D. that's a major player in the anti-spyware game.
They're using their grammar skills there.
Most Linux distributions are now pretty secure out of the box. Also, most Linux distros at least warn the user that they are running as root and tell them to run as a user. The one exception that I know of is Lindows (or whatever it's name is).
If dominant market share is a reason for increased security problems, Apache with about 70% of market share has had far fewer security problems than IIS.
...stopped reading when it was saying Symantec, McAfee and Microsoft were better than Lavasoft.
m l, was not even mentioned on /.
Every machine I have serviced which had either Symantec, McAfee or Microsoft products, had an infection.
Worse the machines would crawl even with a fresh install of said products.
The review is giving those products big stars?
What a joke!
Any product that causes your machine to crawl after installation IS a Virus imho.
Here is the recipe:
Install one product to act as sentinel in resident memory, either Webroot Spysweeper or Lavasoft's Adaware.
Install both Spybot Search and Destroy and Spyware Blaster.
Interesting that Spyware Blaster, http://www.javacoolsoftware.com/spywareblaster.ht
It is a worthy product because it inoculates to prevent those users who insist on installing crap like Gator, err...Claria or Comet Cursor.
The single most important role of spyware should be to do its job with minimal footprint on your resources.
The review clearly ignores this.
Could the /. article title be a veiled reference to Mafia like tactics? "Antispyware Shootout" sounds like it could be possible, and probably most fitting.
.EXEs made for Win which still leave shit all over the drive after their uninstall), and they can remove whatever they want when they want just as easily as they installed the program.
I can see how someone could make a lot of money by supporting people's Win-boxes with all these scanning tools but otherwise IMO it's a big waste of time. Rather than load my friends and family's Win-boxes with all these scanning tools I just install Ubuntu or SUSE Linux (both free) on their system and have them dual boot and instruct them to use Linux on-line only and use Windows offline for whatever.
The result? They don't have to worry about updating/installing new versions of a closed source software firewall which may or may not need tweaking with each new version, they don't have to install more "lipstick on a pig" closed source tools to help "secure" a closed source system. Sure, some of the closed source free security tools may sound great, they may work well for some purposes, but what is really inside the code? What other code may take advantage of the scanning program itself? There are just too many unknowns, IMO, to place any trust in all these closed source so-called solutions.
I've set many computer newbies up with Linux dual boot setups and they are all very surprised at how much easier Linux is to use on-line with Synaptic or YaST and all the open source programs they have available at the click of the mouse. The program descriptions are there, Synaptic shows where the programs are installed (unlike a lot of
But for many it doesn't matter, they grow angry when you mention Linux, and call you a zealot for suggesting it. They are happy with their broken systems and will continue to throw lipstick on a pig and feel safe in their illusion while they will never know what really squeals beneath in the closed source.
Do the world a favor, get those fucked up Win boxes OFFLINE, I'm tired of seeing infected machines bouncing around in my firewall logs.
http://reviews-zdnet.com.com/ZDNet_Security_Buying _Guide/4520-3667-5080138.html?tag=fs
Quite a difference I imagine. But a lot can happen in a year and an half.
I have not wanted mod ponints for a long time, but if I had them, I would mod it up myself.
I disagree for the most part. Users should not have to be computer experts to use them.
And you can tell me with a strait face that Linux is the answer? If not Linux then what OS? I'm willing to bet if Linux had the market share that Windows had we would be having spyware on it, but anyone who uses Linux is going to have most likely common sense and is not going to be a complete moron and go around downloading crap. Next is Mac OS X, sure the OS might be nice by you pay though the ass to get a Mac, and spyware still exists on the Mac, I've seen it.
I have read a number of these types of reviews over the last several months, and I personally don't see a need for them. I manage a network of about 60 computers on a windows 2003 domain. All users have limited user privileges on the network, and can't install anything without me doing it. With that kind of security, why on earth would you need to spend $1000's on antispyware deployment? Unless you have a network full of windows 98 machines, what's the use? If its a severe problem set up Squid and Dansguardian. That costs nothing.
That's why I always carry around a copy of SuSE Linux 10.0.
:)
. . . . No, really! I do!
Regards;
Eh, I'd just toss some mushrooms and snakes just outside the wall. Everybody knows badgers are attracted to those and would leave the inside of the wall alone.
*ducks*
I don't see this program getting much mention in the press but F-Secure's BlackLight Beta scans for rootkits on Windows systems and I tested it on a friend's system which had the Sony rootkit on it and it listed all the files found re: Sony rootkit. It's still in beta, but it works.
zdnet reviews are garbage :-(
"How many average PC users would be able to maintain a Linux box?"
"Maintain?" Maintain what? We're not talking about a reinstall-every-four-months Windows box here. I gave my 75-year-old dad Linux on a PC and he's happy as can be. I gave my wife Linux on a laptop and she's happy as can be. What's this maintenance you speak of?
And, speaking of Windows, shouldn't the question be "How many average PC users are able to maintain a Windows box?"
Blasted few, in my experience.
:P
Regards;
Mod this guy up! :) Automatic coral-caching of links (with an alternate collection of direct ones) would help prevent such issues.
And you can tell me with a strait face that Linux is the answer? If not Linux then what OS?
Any OS that competes effectively on the desktop is the answer, but that will not happen unless MS stranglehold on the distribution, pre-installed, via OEMs is broken and that won't happen unless the legal system does its job. Linux, MacOS X, and even customized Windows distributions already do a much better job dealing with malware than the default Windows install. If MS starts losing users over the issue, to any OS, they will probably find it more profitable to fix the issue than make money of of it as an upgrade incentive.
I'm willing to bet if Linux had the market share that Windows had we would be having spyware on it, but anyone who uses Linux is going to have most likely common sense and is not going to be a complete moron and go around downloading crap.
If Linux had the same market share, it would, indeed get spyware. Then one month later the problem would be largely mitigated as the systems were updated. Windows has active X, IE, and Outlook all of which do not provide appropriate safeguards to stop arbitrary code from being run. They mingle the Web browser code with the file browsing code, making even more problems. They don't have usable non-admin accounts and have no fixed there local privilege escalations. They are not timely with their remote exploit fixes. The architecture is such that it requires extensive testing before the deployment of fixes. Local services are exposed to the network. Unneeded services are on by default. Insufficient warning is given when running a new executable. All of these are problems that could be fixed in Windows and have been fixed on Linux, because on Linux the developers are responsive to the needs of the users.
Next is Mac OS X, sure the OS might be nice by you pay though the ass to get a Mac, and spyware still exists on the Mac, I've seen it.
Really, do you have an example?
Right now Linux, the BSDs, MacOS X, etc. are better than Windows in dealing with malware. Furthermore, they don't have much of a malware problem. If they did have a malware problem, it would be fixed... then MS could copy it, poorly, and we'd all be better off.
Does anyone know why one of these companies doesn't just build a massive tool that will tackle spyware, adware, viruses, and everything else under the sun? It seems like that's where they are going, but why hasn't anyone done it yet? Even if it took 2 hours to scan, it would be worth it. Just run it in the middle of the night.
Health Insurance Quotes
If you set up your Windows machine for limited users, it works fine too. No, you can't do everything, but then again neither can Mac OS X. Mac OS X asks for your admin password quite a bit. Too much, frankly.
I have no idea how to even understand your trusted distro comments. On Windows, you get much of that software on the Windows CD. Surely that's trusted, if some random internet site is trusted. Many other thinks (fixes, mostly) come from MS' own site. Is that not trusted? Other software (those missing apps you speak of) you buy on a CD (perhaps at Target). Is that not trusted?
Yes, you can install bogus software on a PC. Or a Mac. Or linux. And that compromises security. The answer is the same on all 3 platforms. Don't do it.
The Register is entertaining. It's also a rag, and they carry numerous stories that just plain aren't true. Citing them means nothing.
I'll say this clearly and plainly. If Linux or Mac inherited the huge base of completely clueless users that Windows currently shoulders, either would have a serious issue with perception of lack of inherent security. Any one of them could at any moment click "accept" to install Gator, insert a Sony DRM CD, or be convinced to install a "web accelerator" that makes their machine insecure or even puposely a home for bad code.
http://lkml.org/lkml/2005/8/20/95
It is too much work killing spyware...instead I use another (extremely effective) non-violent method...LINUX.
Simply because there is no ubiquitous definition of what actually is spyware.
After playing around with a few of these products, particularily with MS Antispyware, it found a number of files that are NOT spyware on my computer. Our company writes software that uses an open source version of a VNC application to allow our tech support team to be able to see what a customer is doing on their desktop. It has proven to be a very effective support tool allowing us to quickly resolve customer calls. This IS NOT spyware, but MS decided that a competitive and free alternative to Remote Desktop may impose a security risk on other people's computers.
Likewise, our software uses an open-source version of a compression library to allow us to use compressed zip files in our software. Again, this library was reported as spyware by several products, mostly because it is believed that this library could be used to deliver trojan content by expanding a file after delivery. Again, this ISN'T spyware, its a valid tool.
Most people think ANY cookie used on their computer is spyware. They don't want any website storing information on their computer, even when this info is in no way harmful. Many people think that cookies on their computer store vital financial data and other private information, this is unfounded.
So, as a spyware removal tool, how do you treat these variations and grades of supposed spyware? Either you are too restrictive and annoying by announcing EVERYTHING is spyware, or your too liberal and don't catch ANYTHING.
Anti-spyware tools are a lot like politicians, you can be too left or too right, or even right down the middle, but the bottom line is that it takes a lot of them to inefficiently run a country.
I haven't thought of anything clever to put here, but then again most of you haven't either.
I'll see your bank and raise you a state-wide auto dealership whose main application *requires* users to run as Administrator, else the program *will not run*.
It is a sad fact of life but many many business applications demand the user run as admin.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Take my brother for example he installs anything he wants on his computer and dosen't care because as soon as I come home to visit my mother guess who is going to format and reinstall the OS again and make everything beter again and this cycle goes on and on.
... well, maybe let him wait until the NEXT time you come over, or the next. For him to continually expect you to fix his mestakes is disrespectful, and wastes both your time and his.
;)
Why do you take this abuse?
If he breaks it once, yeah it's cool to fix it. Tell him how to keep it from getting messed up. Give him a chance, but then if he messes it up
You can also tell him that, "Oh, you can call a repair person if you want -- it's only X/hr" -- but that might seem mercenary. However, you might consider getting him to trade "services". Fix his computer, make a Ghost image of it (or something), and then every time you fix his machine, he gets to do yard work, or paint your patio, etc.
Why does there have to be some "magical" (or technically rigorous) reason for the lack of malware on Unix-type systems?
There is a certain myopia among technically-minded individuals that makes it seem that only a technical solution can solve a technical problem. This is not necessarily the case. Moving to a Unix-type system is the electronic equivalent of moving from a blighted inner-city ghetto to an upperclass suburban neighborhood. There's no technical reason why it should be any safer or cleaner--but it is. You might think that this is a "head in the sand" approach. But as far as I'm concerned, it's taking advantage of reality.
The US free market: two halves of a government-granted duopoly are free to set the market price.
My opinion: Notice that the story is a special kind of public relations. It's an ad.
The ONLY Anti-Spyware that makes sense is ZoneAlarm Security Suite, which includes anti-spyware and anti-virus in one program with the best firewall. But they didn't review that one.
There are more and more "reviews" like that one, in which the real purpose is to try to keep customers away from the best product.
For information about computer industry abuses, read Ed Foster's Gripelog. In this case:
Case Against Zone Labs is 180 Degrees Off
Why ZoneAlarm is the best firewall: LeakTest shows other firewalls allow phoning home.
The point you're making is so important that it needs to be emphasized. People don't by machines to be secure, they buy them to be usable. The most secure machine is one that doesn't power on. It's very hard to make security transparent to the user. I really liked OSX's approach with the root dialog, but that is nowhere near bulletproof.
Some people will claim that "OS X prompts you for a root password when performing an install, you don't need to log out and log in". Sure, that's useful - but most of the OS X users i've seen blindly type in the root/admin password whenever the dialog box pops up. They never even read the box to see what is going on! Often times they ask if there is any way to get rid of that box.
Exactly - users just don't care. People can cheer their "su" while running under locked down accounts all day long, but that's not what users want to deal with.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
You don't even need to logout to do anything admin in a limited user. It takes some learning. But yeah, alot of people will abuse Run As just to install what they want.
Blame the user, not the software.
Yes, it usually is. If you have two brain cells to rub together. The average user will just get used to entering the password every time they get a request and this method will do no good whatsoever.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
We just discovered (last Friday, at 4:00pm of course) that "SpySweeper" is labelling one of our components (a general-purpose image processing library) as spyware. After a little digging, it turns out that a program called TrueActive Activity Monitor installs a file with the same name as our component.
But, we can't tell if it actually *is* our component or if they just have a file with the same name (not very likely) - because our anti-virus and anti-spyware apps freak out when we open the TrueActive installer to see what their version of the file actually is. Either way, SpySweeper says our component is an "activity monitor" and this is freaking out both our customers and our customers' customers.
We're talking with the people who write SpySweeper, to get this fixed, and they've been helpful so far. So hopefully, this will be resolved soon.
(yes, this was posted on the 180-Solution article, too. i think it belongs here, more. apologies)
I have discovered a truly remarkable proof which this margin is too small to contain.
the only way for badgers to get in
How about badgers dressed up as hyenas..
Last 1 year I use FF + Kaspersky...
I believe Removing IE resolves the problem.
[My english is better than most other people's Turkish, so please point out mistakes politely. Thank you.]
www.trueprotection.com http://www.trueprotection.com/Features%20and%20Ben efits.aspx
we don't need definitions..
in practice, we're killing viruses before they even have a chance to spread, when all the other vendors are struggling to put out an updated definitions file.. and spyware DISAPPEARS. you'll never have to worry about it again.
None of these are any more trustworthy than the ones you get with your PC, or that you buy from Target.
You've left the realm of info and fact and gone to opinion. You don't like IE. You don't like Notepad. Fine.
But that doesn't mean you don't get a lot of software with Windows that is as trustworthy as Linux apps, it just means YOU don't trust them. And hell, most of these Linux apps aren't trustworthy either. That's why you don't run them as root.
So the answer is again in all 3 places. Don't run as root, on Windows, Mac or Linux.
As to someone putting holes into Linux. Actually, yes, they have. I forget what it was, but there were major holes put into the kernel of a distro, and on purpose. They did it by checking in code into the distro site, then they hacked into machines running the distro. It was on slashdot about two years ago, maybe 3.
As to IE having security holes, even as limited user, well, that's true. It has some. It has a lot fewer than the reports you see around, because some of these holes aren't real holes, or aren't fixable, or are trumped up (see "hyperthreading security hole"). But there are some legitimate ones. There's only one big one right now that is known of, and Firefox also suffers from it! Note that on my machine, which has data execution prevention, even that isn't an issue on IE, it catches it. Probably catches the Firefox one too.
But hey, is using IE holes to crap on Windows even fair? Do you crap on Linux for Firefox holes? If you crap on Windows for IIS holes, do you crap on Linux for Apache (or tinyhttpd) holes?
Anyway, Windows and Linux both have patched a lot of security holes in the last 3 years, and there's still more to go, on both sides. But I still think the battle is moving to the user front now. Social engineering will always exist, and whichever platform inherits the most novice users will have the biggest problem. It doesn't matter who makes the platform or whether it is open source or not.
http://lkml.org/lkml/2005/8/20/95
Updates for versions prior to Spybot 1.4 are not available anymore. Uninstall and download the very latest version. Updates are very frequent now with 1.4.
-Process Explorer
-Startup Control Panel
-Startup Monitor
And of course surf the web with Firefox or Opera.
"Just because you *can* do all the things you need as a limited access user, doesn't mean people *do*." I am sure that any UNIX (and compatible) user will tell you this: Yes we do !!!
"How many average PC users would be able to maintain a Linux box?" This is another f***ing myth I would love to blast in pieces... MSFT-lovers are however some freaking zombies so anything less than a thermonuclear device is not working against their brainwashed minds...
--
Have cash, want thermonuclear device... dropped on Redmond, WA.
This is the same kind of sick joke as the "Bomb Hanoi" t-shirt...
Every time a story like this comes out, someone says "just switch to Linux or Mac. They don't have spyware." Then someone writes back "oh, that's just because they don't have marketshare."
Which is of course entirely correct.
Hogwash. In Linux or Mac, you can accomplish all daily tasks as a user with limited privileges. This is often impossible in Windows. In Linux, you can easily choose to install software only from trusted sources (e.g. your distro's package repositories.) It comes with all needed apps. This is not true in Windows.
To this, let me ask a big resounding so the fuck what? Spyware is only interested in getting through to the user, and for this user privileges are obviously enough. There is no protection against spyware if you install it, root or not, Linux or Windows. A couple of seconds should really suffice to make even someone like you understand this.
Go away, troll. We have enough of your kind.
Just give a computer to my mom for a few months, it should be chock full of spyware to test with!
Most spyware downloads itself into your OS through the internet and installs itself without you even knowing it. Dude, if you think you have to click an "OK" to get spyware then your comp must be loaded with the crap.
People should learn something about Windows if they're going to use it - you'd be shocked at how changes can be made to the operating system without the user's consent or knowledge. Every version since 3.1 has been designed like that on purpose. Yes, on purpose.
Anybody using Widnows is fair game on the net and the people who code this shit know that there are many, many people like you who think they're safe as long as they don't click things or go to certtain sites. The people who make this stuff love you guys, btw. It doesn't work that way, buddy - when you're connected to the net you're connected to millions of other machines, and anybody whose sending out packets of data can send them to thousands or millions of other computers without directly connecting to them or sending them a pop-up message that reads "click here to speed up your computer!". And, yes, Windows just lets them install this on your computer by default; it doesn't matter what site you're on or what, if they're sending, you're receiving it. A decent firewall prevents a lot of that, but doesn't prevent spyware. Why not? Firewalls are only designed to block certain types port connections and type sof data packets, which dont' involve psyware. And firewall-makers will tell you that it's the user's responsibility to prevent spyware by using a decent anti-spyware program.
A good way to prevent spyware? Run peerguardian and make sure you've got the spyware list checked, even if you don't want or need to block anti-p2p or goverment ip ranges. I was very careful for over three years, but I still got an spyware. I now have ad-aware and spybot and use them weekly, but I rarely every find anything since I've been running peerguardian everyday, whereas before I found two or three pieces of spyare every time I scanned, no matter how careful I was.
Ignorance about this stuf fisn't bliss; it's part of the problem.
I dream of a better world... one in which chickens can cross roads without their motives being questioned.
Have you ever actually used Linux? Do you know how easy it is to "maintain"? Thats right - you don't have to run a "defrag" every night. There isn't any need to have 6 applications running in the "system tray" to help limit the the impact of viruses, memory leaks, spyware, trojans, rootkits and other such windows-only malware. In fact, for those people who find using Microsoft Windows difficult, a switch to Linux is probably what they need! Finally they will have a stable system that they can "just use" without fear and without having to constantly "tweak" things to get it working. Blam. Out-of-the-box - it just work. And it keeps working.
And any "clued-up" Windows user wouldn't be using Windows, as they'd realise what they are using just doesn't match up to the competition! Its only their ignorance that keeps them using Windows.
This is true in an environment where you run Microsoft Office exclusively. If you want to use specialty software or get stuff from your video camera or scanner, there is often no choice but to run as an administrator, only because the program expects to be able to write to "c:\Program Files", because they follow the model of storing EVERYTHING relating to the program along with the program, including the data.
This is a hangover from Windows 98, which had no restrictions at all.
Unix has long had file permissions, and so the software written for it is written with per user settings and data in mind.
If my call is important, why am I talking to a recording?
ever try to get norton anti virus uninstalled from your pc? not sure how it it now, but the older version was permanently engraved on the hard drive, no formatting would get rid of it. ever since that i have avoided them like the plague.
also symantec is cozy with claria, aka gator, one of the most notorious spyware companies ever. just because gator changed their name, and paid off all the journalists that were picking on them after they changed their name, does not mean theya re somehow better now. they are still SPYWARE, and getting off spyware lists with other major firms does not change the fact. are you going to belive M$ definitions on what spyware is?
bottom line, anything that tracks a users activity, and reports it back is spywary, it spies on the user, it is not adware, that would only serve up ads, without the spying. claria can piss and moan all they want about their eula, and being part of anti spyware caolitions, but this is just graft in the industry. hiding your activity in a eula that nobody reads is just as bad as hiding them in other ways.
symantec is not fooling anyone either. they are in cahoots witha few spyware partners, and all their product does is remove competitors spyware. why does it do this? 1 to prevent competition from successfully mining data, 2 if a pc has too much spyware on it, then it slows down even crashes, causeing the user to take action.
http://shield.prevx.com/
I'm still using the PrevX Home free version, which no longer appears to be available (typically). However, as inexpensive as the PrevX1 product (still in beta) appears to be for a single-use license, it still appears to be a good value.
After using PrevX Home for nearly a year, my perception is that it's a very aggressive system-internals monitoring tool. While that aggressiveness can get annoying at times, notably when installing or removing software, that aggressiveness can be liberally customized (with some effort) and in any case the benefit - having a trojan-, rootkit-, and spyware-free system - far outweighs the annoyance.
There is a small cost in CPU cycles and disk performance for this monitoring, of course, but my Athlon XP 2500+ system has handled it well enough without severe penalty; I might not recommend it for owners of more obsolete CPUs or hard disk technologies.
There's another option for you to consider, one that was oddly not included in ZDNet's review.
Mark
In my experience, once you get over a few dozen systems, managed solutions are required to avoid spending your day hoping from machine to machine. Am I wrong? Also, for the managed winner, Symantec Client Security, is it not exactly the same as Symantec Antivirus but with the addition of a client firewall? I haven't worked much with Symantec Antivirus in environments with spyware problems, but I do see a lot of computers with Norton Antivirus (which uses the same detection definitions file) and it has proven to be the absolute least effective in detecting and removing spyware.
out of curiosity, how many of those apps are NOT approved by IT, and are downloaded by the user? and how many of ther apps are not written for the bank specifically? because if the bank pays, the bank dictates the rules (including running as a non-admin rule).
My experience with these tools is limited. When Spybot reported Alexa, it was detecting that the IE home page had been set to "about:blank".
This will be buried in this old article, but for your own sake if you clean machines regularly...
There are a ton of ways malware can get loaded in safe mode. Some add an argument to the windows shell registry entry and get started the first time you launch anything. Others hook into the winlogin process as a dll (it was designed to be extensible- they're just using published interfaces), ensuring they are not only started in safe mode, but are effectively unkillable (since winlogin is the root process for the user session). The only way to deal with some of this stuff is to use a boot disk (like BartPE) and/or attach the drive to another machine and make the necessary registry and file modifications manually.
Note that these techniques are not the same as the file- and registry-hiding techiques that rootkitrevealer detects. Hijackthis and autoruns will both find them, but you have to know what to look for.
-R
I call bullshit. You may read the part that says "hit page down" or "press f7 to accept" but nobody reads EULAs from start to finish. Also, using Firefox alone is not enough to really save you from the dangers of the internet; you still must be smart enough not to go to the shady sites that attempt to force malware upon you.
I'll be your candy shop of infinite deliciousity if you'll be my discotheque of endless rump-shaking.