Slashdot Mirror
Antispyware Shootout
An anonymous reader writes "ZDNet has published a review of 8 antispyware products from Computer Associates, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Trend Micro and Webroot. Check out the Editor's Choice. Interesting winner ...." I've used quite a number of these scanners on and on & off basis, and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything.
or the shootout ended up killing everyone, including the article.
He who knows best knows how little he knows. - Thomas Jefferson
I wonder whether there will remain enough CPU power to run the applications once I will install three to four ofthose scanners.
Maybe some major fix in the operating system (as well as in the users' brain) could help a little bit.
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
This might be a little out of date, but it's still my favorite review site. It talked me into paying for Giant right before MS bought it, which is too bad, because it was the best one I'd ever used.
Were they reviewing Spybot or not? I saw mention of it in the results, but I don't think it was on the results chart...
Note that the test was for enterprise versions of the products, meant for support of a 150 or so user network. Your mileage may vary if a test is done for single computer home use.
Each of them captures a certain area, but none are the One Ring or anything.
Apparently powerful, but deceptive and treacherous with a rootkit from the creator?
Live today, because you never know what tomorrow brings
It's nice that they acknowledge the existence of free solutions ("freeware" anti-spyware programs), such as (my personal fave) Spybot Search & Destroy. I would feel a whole lot better about this article if it would actually compare these expensive commercial programs to the whole playing field of contenders. Leaving out the least expensive solutions (free ones) leaves this article wanting.
It frightens me that Microsoft has suceeded so well with their shoddy products that we all think that having to run a spyware tool is normal.
It is NOT normal to have to do this.
I don't know the meaning of the word 'don't' - J
For those of you who are too lazy or otherwise unable to reach the article (which in a matter of minutes should be just about EVERYONE), here's the summary:
Scenario 1: This larger (over 150 users) company is seeking dedicated anti-spyware. It needs a solution that can detect and clean up a range of malware on its machines.
Winner 1: Computer Associates eTrust Pest Patrol and Symantec Client Security. Once a network goes above 150 nodes the case for centralised management command and control capabilities becomes more important. CA wins here for its performance and ease of management, and Symantec for its accuracy.
Scenario 2: This smaller (less than 150 users) company is seeking dedicated anti-spyware. It is seeking a solution that can detect and clean up a range of malware on its machines.
Winner 2: PC Tools Spyware Doctor 3.0 for its ease of use, accuracy, and performance.
Editor's Choice: Symantec Client Security 3.0
It was neck and neck for the Editor's Choice Award between CA and Symantec. Had CA or even PC Tools detected more (they were both above average), they could have won, however, Symantec blitzed the field in detection which is really what you want. Note that this is at a trade-off to performance, and bear in mind that Symantec also includes antivirus, so your decision may come down to what virus scanning policy and system your business is already using.
SIG: TAKE OFF EVERY 'CAPTAIN'!!
Did any of them find the Sony rootkit?
I don't understand this. How can you trust an infected machine without wiping everything out. Even MS accepted that it's not possible to clean some rootkit kind of spyware if you don't reinstall Windows. Even if it can, how can you trust, without checking every bit of the OS? This is not Windows issue, it's same with linux or any other OS. But it's also very hard unless you're very ignorant, to get a complete infection with linux than Windows.
I would not trust any machine which is infected once, because there can be countless ways to hide an application once a hacker got in.
...a Mac and a Linux user, who wondered what all the fuss was about.
Whats going to be left of your CPU if you're running a bunch of anti-spy/virus/blaaaah scanners, auto-updaters and registry watchers? Have we all forgotten whitelist-based approaches? IMO, the best way to go is to DeepFreeze your system drive, unfreezing it for updates and installing new software (uninfected software of course). Then have a couple of data partitions that are not frozen. Run Firefox in ultra-restricted mode for everything but the sites you know are safe. Why is this so hard? The other approach would be to get AV makers to include spyware features in their software so that you don't have to clutter up your process space with extra protection.
An old-timer with old-timey ideas.
How about not using a hopelessly broken OS in the first place?
How about learning to operate a computer first? Most of these users with spyware problem stem from being computer illiterate. I don't get any spyware on my machine but I don't open anything that says "Click Here for Free Smiles", I use Firefox read the EULAs on anything I install and at least make smart decisions instead of installing anything I see without any problems. You wouldn't go driving a car without some proper maintance or you would have problems, but people don't see it like that, they figure anyting they can do on their machine can be easily fixed by someone for a cheap price or even free if they knew a computer nerd that will fix there computer for them.
Take my brother for example he installs anything he wants on his computer and dosen't care because as soon as I come home to visit my mother guess who is going to format and reinstall the OS again and make everything beter again and this cycle goes on and on.
How many average PC users would be able to maintain a Linux box? It's hard enough for most of them to simply use Windows let alone manage a PC. Can you really see a vast majority of people switching OS? The worst thing would be that once the Linux population gets to a significant proportion it would become worthwhile to write viruses and spyware for it. The elite niche that Linux users enjoy is part of it protection, not just because it's more robust. I'm sure given sufficient motivation there are exploits to be found in Linux as well. For now any reasonably clued up Windows users can avoid most of the problems associated with viruses and spyware.
I recommend SpyAxe. It generates pop-ups and then, conveniently and promptly, lets me know that my machine has been infected with spyware.
"you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything."
And where is Sunbelt Software's CounterSpy (both consumer and Enterprise editions) in this round up? They left out major Antispyware applications!
No kidding!!! What do you say at this point?
For the client-side antiSpyware solutions, how is the client-side performance? I've seen some very comprehensive virus scanners that also drag performance down into the mud. For example, Symantec severely impacts Metrowerks' compiler and copy times to and from SMB shares. McAffee utterly punishes network performance. cygwin's rsync ran at less than 10% speed when McAffee was installed, and I had to uninstall McAffee to recover speed, I couldn't just turn off network scanning. I'm assuming the antiSpyware programs are similar to antiVirus programs in this regard, as they're basically the same software but with a different database of things to look for.
Actually, I only need one method to make sure that the machine is truly clean:
See my Home Theater
the problem with most of these modern anti-spyware software is all of them want to stay in memory ALL THE TIME. Even worse are Anitvirus tools. I tried once to install several of them to have mre than one on-demand scanner at my disposal, and it was a mess.
Even IF they offer the option to NOT load themselves at each startup, many still do load something anyway. Most dont even ask so that you have to disable 3 different services and 2 startup programs with cryptical names.
Otherwise you end up with all of these tools concurently trying to scan each file access / internet request, registry change etc.
You end up with all sort of interesting and unpredictable side effects, probably offering worse protection than each of them alone.
... which can be found at http://www.hitmanpro.nl/
Hitman Pro is a meta-tool, an aggregate of 10 antispyware tools that automagically downloads and runs these tools with as little fuss as possible. Unfortunately the whole page is in Dutch, but the Download button is quite visible, and the software itself may be run with an English interface (self-explanatory).
A (rather outdated) manual can be found at http://xthost.info/hitmanual/. Enjoy!
Just
Why do the majority of commercial virus scanners seem to work flawlessly when kept up-to-date yet we're still at the point where you may need half a dozen anti-spyware programs to clean up an ordinary windows box? What is it about spyware that makes it seemingly so difficult to shift? Oh, and why are people even recommending routinely using antispyware when it's so much easier, cheaper and cleaner to sort out the problems at the source and just get your security to a tolerable, spyware-proof level?
First, installing and maintaining a Linux box is much easier than Windows. Try Ubuntu, for example, complete install with latest patches in less than an hour versus the 6+ hour install last time I had to reinstall Windows due to spyware corruption (Windows install, SP installs, patch updates, application installation - MS Office plus patches... don't forget to install and configure firewall and anti-virus).
Second, Linux was designed from the ground up as a multi-user system which means that the security to prevent viruses and spyware is built into the architecture, not patched on top of an insecure architecture like Windows. The fact that Linux users aren't plagued by viruses and spyware is because they are secure by default.
I don't read your sig. Why are you reading mine?
Could someone please explain to me what Spyware and viruses are ? I've been on Linux for 3 years and I forgot.
Notepad specialist & FAT administrator, group training available
From the test results page:
Clean machine accuracy and performance testing
* Accuracy: Only Lavasoft and Spybot Search & Destroy picked up anything when instructed to scan a newly installed and patched version of Microsoft's Windows 2000 Professional. Both reported Alexa (adware) related items. The other seven applications in this test correctly reported no items.
Sorry, but in my opinion, Alexa IS spyware (or can be if you use IE) and spyware detectors should find and at the very least warn you of its presence. From there it's up to the user to decide to keep it or junk it. Just because you have a fresh install from Microsoft doesn't mean it is clean. Microsoft is just as capable as anyone else of bundling crap with their software.
...I use Lavasoft's Ad-Aware SE Professional in combination with Spybot - Search & Destroy, they keep my PC spyware free.
Hogwash. In Linux or Mac, you can accomplish all daily tasks as a user with limited privileges. This is often impossible in Windows. In Linux, you can easily choose to install software only from trusted sources (e.g. your distro's package repositories.) It comes with all needed apps. This is not true in Windows.
Need more proof? See this from the Register.
It's completely ignorant to say that Linux and Mac would be just as bad if they had more marketshare.
Penny - plain text accounting
http://www.zdnet.com.au.nyud.net:8090/reviews/soft ware/security/soa/To_catch_a_spy_Eight_anti_spywar e_tools_reviewed/0,39023452,39225147,00.htm
/. seems to be written in Perl.
Karma whore, I know.....
I don't know why the changeover to CSS didn't include a little modification to the story submission script that automatically updates all story links to use Coral Cache. It really wouldn't be that hard, especially considering all of
"City hall" in German is "Rathaus" Kinda explains a few things......
Tolkien's ghost has passed beyond the Circles of the World. All that's in his grave are some bones.
Such is the fate of Mortal Men; their fea are not naturally bound to the Earth like those of the Eldar. Exceptions have been observed only in strange and extreme cases usually involving corrupt magic, such as the Nazgul, the Barrow-wights and the Army of the Dead.
Real Daleks don't climb stairs - they level the building.
Nah. It's just that stories like this vindicate our reading of SlashDot on company time, so everyone opens it.
"Look Boss! It's about computer security! It's good that I'm reading this, right?"
(Funny joke, though)
"Live as if you'll die tomorrow." Ridiculous. You could die later today.
(Fair disclosure - I run Linux)
I see that in a lot of the responses the knee jerk "blame Microsoft" response has come into play. If you buy a house without a lock on the front door and a thief comes in and steals something, he gets arrested. There may be a lot of eye-rolling at your stupidity for not installing a lock after you bought the house, but the fact remains that you didn't break the law, the thief did. In the case of spyware, it is the company that planted the spyware that should get the blame.
You misspelled "spyware."
They don't mention what they infected the computers with or whether they ran a full scan with ad-aware, which would find more things likely. They also value detection over ability to remove the infection, which is understandable but only mildly forgiveable.
I can understand that they are looking at a corporate environment, but in a corporate environment with 150+ windows 2000 machines you'd think they'd have preventative measures in place and more security. I wouldn't let any user install anything on their machines and require going through IT to do it. Why spend all that money on spyware cleaning tools when it'd be more effective to setup a domain server.
As for the home... in a home or small office environment the computers tend to get so infected that they call when they can't get online, their browser gets hijacked, or windows doesn't boot. Running each and every one of those scans isn't going to fix it or even detect the culprit. It will involve lots of manual work and ingenuity, but in that situation it's faster and and better just to backup and reformat.
It's really not that hard to prevent infections nowadays, just need to be told what not to do. An anti-spyware program that will warn you of changes to startup items or new registry entries will NOT save you though. It might help but if you're doing stuff that constantly pop-ups warnings, it's inevitable you're going to get infected anyway.
It annoys me to no end when they completely neglect prevention and instead go for treating the symptoms. It's irresponsible, it's ineffective, and it's just to sell products. And I'll stop myself from going on a further rant in my first Slashdot response.
"Too lazy to fail." - Heinlein
Certainly Linux and MacOS users would be more protected from remote exploits and other fun IE flaws. Yet trojans and phishers will still manage to infect Linux and MacOS peeps once the marketshare goes up. People will give their admin passwords to install the latest and greatest "screensavers" of Britney Spears. Hell, remember that they would give them up for a chocolate candy bar. So once the marketshares go up, you will see exploits go up sufficiently to require antispyware programs. Not as much as Windows, but enough to cause trouble.
A NYC lawyer blogs. http://www.chuangblog.com/
But how's that prevent spyware? Most of it would work just fine as unprivliged code, just spyware the current user, espically since the current user is usually the only user. Or just ask for admin. Competent admins often check to see why, normal users never do. I've actually heard a Mac user say "Odd, that shouldn't need admin" as they were typing in the password. Ot's just another hoop to jump through, it doesn't provide any real protection.
Based off of how bad our clueless grad students get their Linux systems owned, I remain totally unconvinced alternate platforms offer any more inherant security. When it comes to protecting a user from themselves, there's not much you can do other than take away their administrative rights completely.
Time and time again I see people claiming that Windows REQUIRES admin permissions to be useful. I say baloney.
At our bank we have over 200 users running many different types of software. Not one needs to be "administrator" - heck, no one even needs anything above "power user".
Sure, some people will claim that in order to install software, and maintain the machine, you'll need admin permissions......but that is true on any system! Last time I checked, I needed to be root to install patches on my Linux machines.
The bottom line is that most users (non-computer savy) want to be able to install anything they like...and they don't want to log out, and log back in as admin to do it. This is true of ANY platform - not just windows. It is a human behavioral thing - not a systems design thing.
Some people will claim that "OS X prompts you for a root password when performing an install, you don't need to log out and log in". Sure, that's useful - but most of the OS X users i've seen blindly type in the root/admin password whenever the dialog box pops up. They never even read the box to see what is going on! Often times they ask if there is any way to get rid of that box.
So, in summary, as long as users can install anything they want on their boxes, there will be a spyware problem. Windows, Linux, OS X, solaris - it does not matter.
-ted
How about learning to operate a computer first? Most of these users with spyware problem stem from being computer illiterate.
I disagree for the most part. Users should not have to be computer experts to use them. There should be no link in an e-mail message or web site that will install spyware without any more user intervention. Software should be properly restricted by default, from access to your files, the internet, and the core OS. When I'm listening to the radio and I hear an ad for a new station on 143.6 AM, I don't have any fear of navigating the dial to that station, because just listening to a given station is unlikely to cause my radio to start reporting my listening habits and adding extra ads from that point on. Computers should be the same.
Take my brother for example he installs anything he wants on his computer and dosen't care because as soon as I come home to visit my mother guess who is going to format and reinstall the OS again and make everything beter again and this cycle goes on and on.
While what he is doing is ill informed (or he is just uncaring) he should be able to install anything he wants without worrying about it doing malicious things, unless he specifically allows it. Other OS's have sandboxes and good application level ACLs, although none are really up to snuff. Of course other OS's don't have a malware problem, so there is little need as yet. Your blithe acceptance of the problem, is part of the problem. If there were two major OS's competing in the space, based upon the quality of the solutions, the malware problem would 99% mitigated in a matter of months. The problem is not solved because MS does not care to solve it.
Symantec Antivirus 10 which is coming out soon integrates spyware/adware detection and removal with their standard AV client.
Why does there have to be some "magical" (or technically rigorous) reason for the lack of malware on Unix-type systems?
There is a certain myopia among technically-minded individuals that makes it seem that only a technical solution can solve a technical problem. This is not necessarily the case. Moving to a Unix-type system is the electronic equivalent of moving from a blighted inner-city ghetto to an upperclass suburban neighborhood. There's no technical reason why it should be any safer or cleaner--but it is. You might think that this is a "head in the sand" approach. But as far as I'm concerned, it's taking advantage of reality.
The US free market: two halves of a government-granted duopoly are free to set the market price.
We just discovered (last Friday, at 4:00pm of course) that "SpySweeper" is labelling one of our components (a general-purpose image processing library) as spyware. After a little digging, it turns out that a program called TrueActive Activity Monitor installs a file with the same name as our component.
But, we can't tell if it actually *is* our component or if they just have a file with the same name (not very likely) - because our anti-virus and anti-spyware apps freak out when we open the TrueActive installer to see what their version of the file actually is. Either way, SpySweeper says our component is an "activity monitor" and this is freaking out both our customers and our customers' customers.
We're talking with the people who write SpySweeper, to get this fixed, and they've been helpful so far. So hopefully, this will be resolved soon.
(yes, this was posted on the 180-Solution article, too. i think it belongs here, more. apologies)
I have discovered a truly remarkable proof which this margin is too small to contain.
-Process Explorer
-Startup Control Panel
-Startup Monitor
And of course surf the web with Firefox or Opera.