Antispyware Shootout

An anonymous reader writes "ZDNet has published a review of 8 antispyware products from Computer Associates, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Trend Micro and Webroot. Check out the Editor's Choice. Interesting winner ...." I've used quite a number of these scanners on and on & off basis, and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything.

Enough power

[VincenzoRomano]

I wonder whether there will remain enough CPU power to run the applications once I will install three to four ofthose scanners.
Maybe some major fix in the operating system (as well as in the users' brain) could help a little bit.

Re:Enough power

[steveo777]

For the last few years, I've been contracting to clean both spyware and malware off of Windows PCs. I've been using SpyBot and Hijack this and eventualy found a few more programs that I really like to replace Norton and McAffee's products for those users.

I post this comment because I've been finding that, more and more, people complain to me of slower and slower systems. Well, the biggest problem is that people I've helped out are subscribing to up to five anti-virus programs at a time. You get great tips when you can take a PC's boot time from over five minutes down below a minute thirty. People are so afraid of getting spyware and virusus that they don't mind running their computers as if they were 286 boxes.

I kid you not, some of these PCs have taken over eight minutes just from power on to system idle process. Opening MSConfig takes over two minutes in some cases. All those anti-virus programs and these guys' PCs are still so full of spy/malware and other crap that it takes twenty minutes just to boot, kill off some processes, edit the boot file, and turn it off.

My honest opinion? Install one anti-virus, a different firewall, and a spyware watcher like SpyBot (as long as they play nice). Next, if you really are that desperate for free programs, movies, porn, then get a seperate box for the P2P software and browsing free movie sites or whatever (unless that's the only reason you own one, you sorry soul, you). That's your firewall. Any internet stuff outside of casual browsing, or updates/patching is done on the POS PC and if you need something on your good computer (work or gaming PC), then burn it to disk for the transfer. Don't even share your files. It's a lot easier to catch malware that way.

Oh my god another LOTR joke

[Wisgary]

Did tolkien's ghost roll over in his grave or something to make you people over-excited?

Re:Oh my god another LOTR joke

[meringuoid]

Did tolkien's ghost roll over in his grave or something to make you people over-excited?

Tolkien's ghost has passed beyond the Circles of the World. All that's in his grave are some bones.

Such is the fate of Mortal Men; their fea are not naturally bound to the Earth like those of the Eldar. Exceptions have been observed only in strange and extreme cases usually involving corrupt magic, such as the Nazgul, the Barrow-wights and the Army of the Dead.

Why is this necessary?

[Progman3K]

It frightens me that Microsoft has suceeded so well with their shoddy products that we all think that having to run a spyware tool is normal.
It is NOT normal to have to do this.

Re:Why is this necessary?

[jonnythan]

Will someone explain to me how linux or OSX are magically immune to spyware?

If you go to install some filesharing app, and you don't do some extremely thorough inspection of the installation procedure, you can get some spyware installed on your machine during the process no matter what the operating system is.

This isn't a Windows specific issue.

Re:Why is this necessary?

[garrett714]

Linux, etc. would have had the same problem if it had made it to the top of the food chain.

Can you please explain how this is so? Linux has been around much longer than XP / 2k / 98, all of which are extremely vulnerable to Spyware / Malware / Viruses. Why has Linux, which has been available since 1991, along with all of the source code that makes it work, not had one spyware program written for it? I'm not trying to claim there has never been a virus or worm written for Linux, or *nixes in general. The difference is that developers of any POSIX-compliant OS or distro will have things patched much quicker than MS, with updates going out to multiple software repositories across the internet, updating any compatible distro of Linux (whether by deb, RPM, or ports/portage) quickly. Linux users tend to keep their OS up to date with the latest packages and security fixes. Windows has "Windows Update" which is a lame attempt to replicate the success of OSS package management systems. Many MS users tend to turn this feature off, but the sad thing is even if they leave it on, MS is still typically much slower to release a fix for problems with their OS. Spyware has been around for how many years now? They still haven't fixed it? Funny, I've been running Linux since 2000, never had one peice of Spyware infect my computer. Or a virus for that matter. All this using software that has the source code available for public viewing. Shouldn't this make it more insecure? Hmm, guess not.

Re:Why is this necessary?

[tuxmaster]

The computer is not smarter then the monkey using it. If all the users run as administrator as most users do in windows then what good is it requiring administrator rights. They already have them. True a *nix OS is better at protecting from unwanted installation of programs for a few reasons. One reason is because with the windows browser is so closely tied to the Operating system itself. As any *nix operating system not so closely tied. Also in the *nix type operating systems the end user is by default mostly unprivileged. As with a windows user generally there is ether no user at all (that defaults to administrator level user) or there is a user with administrative rights. So that concludes that the main reason why Windows computers receive so much spy ware is because of the end user. If End users would take the appropriate percussions by first on day to day use run as a limited user. Running on a user with Administrative rights is like running a *nix system as root all the time it is just not smart. Second take the attitude that most web pages can not be trusted. Why ads ads ads marketing people like keeping a eye on you and how you use your money. Active X should not be used on a regular webpage. I am surprised how many times I browse the web with ActiveX prompting me to accept most of the time I click NO and the page works fine. Third do not download unusual programs. Forth do not click those banner ads. Last of all Do not let anyone do anything on your computer remotely or otherwise without giving them just enough permissions to do the job. If all those things are followed you will have one of 2 things or both. One a secure computer or two a annoyed user.

Re:Why is this necessary?

[castoridae]

I would say spyware (and malware in general) is arguably a worse threat on OSX/Linux - precisely because nobody expects it. I was disturbed reading an OSX newsgroup the other day in which a good dozen people agreed that OSX was "immune" from viruses. What they mean is, fewer viruses have been written for OSX because there's a lower number of users, and therefore lower "return" from a mass infection.

If I were trying to write something insidious, I would target one of these platforms because no-one expects it, and the detection and removal tools are not as advanced because they are a lower-profile target.

Re:Why is this necessary?

[bill_mcgonigle]

Will someone explain to me how linux or OSX are magically immune to spyware?

There's no magic - just good defaults.

Windows: most users run as administrator. Lots of software breaks if you don't.
OSX: root is disabled by default. Apps may request sudo rights of a user, to which a user has to enter his password and may review the (somewhat archanly named) right being asked for.
Linux: root is enabled by defauly. Installers insist you create a non-root user during installation and warn you to use it. All sofware expects to be built/run/compiled as non-root and root only used for installation. Gnome and KDE provide secure password GUI's.

Windows: Several 'net ports open by default
OSX: none
Linux: varies

Windows: Software does not need to be marked executable to run.
OSX: Software must be marked executable to run.
Linux: Software must be marked executable to run.

Windows: software updates can be turned on to be checked automatically. SP2 defaults this.
OSX: automatic updates are the default (forever)
Linux: user needs to turn on yum (et.al)

Windows: Poor GUI design teaches users to keep clicking OK when confused.
OSX: GUI design guidelines teach users how to use security consistently, if followed.
Linux: Commands provide no feedback on success.

Windows will eventually get these right.

How can you trust an infected machine?

[camcorder]

I don't understand this. How can you trust an infected machine without wiping everything out. Even MS accepted that it's not possible to clean some rootkit kind of spyware if you don't reinstall Windows. Even if it can, how can you trust, without checking every bit of the OS? This is not Windows issue, it's same with linux or any other OS. But it's also very hard unless you're very ignorant, to get a complete infection with linux than Windows.

I would not trust any machine which is infected once, because there can be countless ways to hide an application once a hacker got in.

Re:How can you trust an infected machine?

How can you trust an infected machine without wiping everything out. Even MS accepted that it's not possible to clean some rootkit kind of spyware if you don't reinstall Windows.

It's probably because people don't want to go through the whole "reinstall everything and then beg Micro$oft to reactivate them" crap. This whole spyware/virus debacle just shows how hostile M$ is toward its users. First, they refuse to fundamentally fix their OS to prevent the viruses and spyware in the first place. Then, after years of criticism, they finally hack together a bandaid in the form of the condescending MS Antivirus (TM) and MS Defender(TM). After the user has tried everything they can to fix their infected OS, they go to reinstall and what happens? They have to call Micro$oft to beg them to reactivate their piece-of-shit operating system. Goddamn I don't know why you Windows users continue to allow yourselves to get raped. Just use Linux already!

Re:Prevention or cure?

[stuckinarut]

How many average PC users would be able to maintain a Linux box? It's hard enough for most of them to simply use Windows let alone manage a PC. Can you really see a vast majority of people switching OS? The worst thing would be that once the Linux population gets to a significant proportion it would become worthwhile to write viruses and spyware for it. The elite niche that Linux users enjoy is part of it protection, not just because it's more robust. I'm sure given sufficient motivation there are exploits to be found in Linux as well. For now any reasonably clued up Windows users can avoid most of the problems associated with viruses and spyware.

Re:Free solutions

[sevensharpnine]

I'm sure that this review was limited to either current or potential ZDNet advertisers. Tech journalism (web or print) has absolutely no credibility. The entire article is a thinly-veiled ad for the "contestants."

We've beaten viruses but not spyware?

[AEther141]

Why do the majority of commercial virus scanners seem to work flawlessly when kept up-to-date yet we're still at the point where you may need half a dozen anti-spyware programs to clean up an ordinary windows box? What is it about spyware that makes it seemingly so difficult to shift? Oh, and why are people even recommending routinely using antispyware when it's so much easier, cheaper and cleaner to sort out the problems at the source and just get your security to a tolerable, spyware-proof level?

Re:Prevention or cure?

[mspohr]

You're repeating the standard MS FUD about Linux.

First, installing and maintaining a Linux box is much easier than Windows. Try Ubuntu, for example, complete install with latest patches in less than an hour versus the 6+ hour install last time I had to reinstall Windows due to spyware corruption (Windows install, SP installs, patch updates, application installation - MS Office plus patches... don't forget to install and configure firewall and anti-virus).

Second, Linux was designed from the ground up as a multi-user system which means that the security to prevent viruses and spyware is built into the architecture, not patched on top of an insecure architecture like Windows. The fact that Linux users aren't plagued by viruses and spyware is because they are secure by default.

Immunity of Linux/Mac NOT due to low marketshare.

[massysett]

Every time a story like this comes out, someone says "just switch to Linux or Mac. They don't have spyware." Then someone writes back "oh, that's just because they don't have marketshare."

Hogwash. In Linux or Mac, you can accomplish all daily tasks as a user with limited privileges. This is often impossible in Windows. In Linux, you can easily choose to install software only from trusted sources (e.g. your distro's package repositories.) It comes with all needed apps. This is not true in Windows.

Need more proof? See this from the Register.

It's completely ignorant to say that Linux and Mac would be just as bad if they had more marketshare.

Let's Put the Blame Where it Belongs

[phunster]

(Fair disclosure - I run Linux)

I see that in a lot of the responses the knee jerk "blame Microsoft" response has come into play. If you buy a house without a lock on the front door and a thief comes in and steals something, he gets arrested. There may be a lot of eye-rolling at your stupidity for not installing a lock after you bought the house, but the fact remains that you didn't break the law, the thief did. In the case of spyware, it is the company that planted the spyware that should get the blame.

Re:Immunity of Linux/Mac NOT due to low marketshar

[darkmeridian]

Certainly Linux and MacOS users would be more protected from remote exploits and other fun IE flaws. Yet trojans and phishers will still manage to infect Linux and MacOS peeps once the marketshare goes up. People will give their admin passwords to install the latest and greatest "screensavers" of Britney Spears. Hell, remember that they would give them up for a chocolate candy bar. So once the marketshares go up, you will see exploits go up sufficiently to require antispyware programs. Not as much as Windows, but enough to cause trouble.

Re:What is spyware ?

[Julian352]

It's really annoying to me that all of the linux users keep on taking the holier-than-thou attitude to spyware. Spyware is not a virus and does not prolifirate on it's own. The vector of attack for spyware/adware is through the uneducated/uninterested user downloading his latest fun program. That means that as soon as those nice downloadable games will be available for Linux, the spyware will start coming out for Linux as well.
It doesn't matter if you are running as admin or as the user, because for spyware the only thing that matters is your user behavior. Therefore if you install it as the user, it will still be able to show ads, replace your mozilla start page, do popups, etc. The only difference is that it will be per-user rather than machine-wide. For most people that wouldn't matter as they are a single user on that machine and the difference between having it be user-process or admin-process really isn't large. As it has been previously pointed out - the only thing that matters on a personal workstation is the user's data and you don't have to be an admin to have access to that. The only good thing could be the fact that removing it could be just a tad simpler, assuming that the software doesn't try to exploit some type of local-root exploits.

The only reason Linux does not have that problem at this time is that there isn't a market for the spyware industry in the Linux world. The current Linux users are less likely to download those type of programs and more likely to ensure that the programs only do what they are supposed to. As soon as there is a noticeble increase in the average usage of Linux, the spyware will start to develop their expertise in that area as well.

Re:Immunity of Linux/Mac NOT due to low marketshar

[Sycraft-fu]

But how's that prevent spyware? Most of it would work just fine as unprivliged code, just spyware the current user, espically since the current user is usually the only user. Or just ask for admin. Competent admins often check to see why, normal users never do. I've actually heard a Mac user say "Odd, that shouldn't need admin" as they were typing in the password. Ot's just another hoop to jump through, it doesn't provide any real protection.

Based off of how bad our clueless grad students get their Linux systems owned, I remain totally unconvinced alternate platforms offer any more inherant security. When it comes to protecting a user from themselves, there's not much you can do other than take away their administrative rights completely.

Admin permissions required in windows? Hogwash...

[zerofoo]

Time and time again I see people claiming that Windows REQUIRES admin permissions to be useful. I say baloney.

At our bank we have over 200 users running many different types of software. Not one needs to be "administrator" - heck, no one even needs anything above "power user".

Sure, some people will claim that in order to install software, and maintain the machine, you'll need admin permissions......but that is true on any system! Last time I checked, I needed to be root to install patches on my Linux machines.

The bottom line is that most users (non-computer savy) want to be able to install anything they like...and they don't want to log out, and log back in as admin to do it. This is true of ANY platform - not just windows. It is a human behavioral thing - not a systems design thing.

Some people will claim that "OS X prompts you for a root password when performing an install, you don't need to log out and log in". Sure, that's useful - but most of the OS X users i've seen blindly type in the root/admin password whenever the dialog box pops up. They never even read the box to see what is going on! Often times they ask if there is any way to get rid of that box.

So, in summary, as long as users can install anything they want on their boxes, there will be a spyware problem. Windows, Linux, OS X, solaris - it does not matter.

-ted

Re:Prevention or cure?

[99BottlesOfBeerInMyF]

How about learning to operate a computer first? Most of these users with spyware problem stem from being computer illiterate.

I disagree for the most part. Users should not have to be computer experts to use them. There should be no link in an e-mail message or web site that will install spyware without any more user intervention. Software should be properly restricted by default, from access to your files, the internet, and the core OS. When I'm listening to the radio and I hear an ad for a new station on 143.6 AM, I don't have any fear of navigating the dial to that station, because just listening to a given station is unlikely to cause my radio to start reporting my listening habits and adding extra ads from that point on. Computers should be the same.

Take my brother for example he installs anything he wants on his computer and dosen't care because as soon as I come home to visit my mother guess who is going to format and reinstall the OS again and make everything beter again and this cycle goes on and on.

While what he is doing is ill informed (or he is just uncaring) he should be able to install anything he wants without worrying about it doing malicious things, unless he specifically allows it. Other OS's have sandboxes and good application level ACLs, although none are really up to snuff. Of course other OS's don't have a malware problem, so there is little need as yet. Your blithe acceptance of the problem, is part of the problem. If there were two major OS's competing in the space, based upon the quality of the solutions, the malware problem would 99% mitigated in a matter of months. The problem is not solved because MS does not care to solve it.

Re:Were they reviewing Spybot or not?

[xxxJonBoyxxx]

Yes, because it misses the point. Unlike many (students? singles? who knows...) hanging around this site, I don't have unlimited amounts of free time. So, I scan long articles. First I scanned the product names...no Spybot. Then I skipped to the conclusions. In the first paragraph was "Spybot". So, I could have read the rest of the article, but it was easier to ask the question...

Why does it have to be magical?

[Foerstner]

Why does there have to be some "magical" (or technically rigorous) reason for the lack of malware on Unix-type systems?

There is a certain myopia among technically-minded individuals that makes it seem that only a technical solution can solve a technical problem. This is not necessarily the case. Moving to a Unix-type system is the electronic equivalent of moving from a blighted inner-city ghetto to an upperclass suburban neighborhood. There's no technical reason why it should be any safer or cleaner--but it is. You might think that this is a "head in the sand" approach. But as far as I'm concerned, it's taking advantage of reality.

Re:Most telling part of the article...

[Hymer]

"You are missing the point. The machine was _clean_. There wasn't Alexa on the machines at all. " No he is not... There has been an Alexa reg key on all versions of Windows since 95.
Check for yourself... and it is impossible to get rid of, IE recreates it everytime it is started...br...and I've checked this on a fresh installed W2K, before connecting to the Internet and with Ad-Aware installed from CD (and nothing else installed).