Slashdot Mirror
Antispyware Shootout
An anonymous reader writes "ZDNet has published a review of 8 antispyware products from Computer Associates, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Trend Micro and Webroot. Check out the Editor's Choice. Interesting winner ...." I've used quite a number of these scanners on and on & off basis, and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything.
or the shootout ended up killing everyone, including the article.
He who knows best knows how little he knows. - Thomas Jefferson
I wonder whether there will remain enough CPU power to run the applications once I will install three to four ofthose scanners.
Maybe some major fix in the operating system (as well as in the users' brain) could help a little bit.
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
This might be a little out of date, but it's still my favorite review site. It talked me into paying for Giant right before MS bought it, which is too bad, because it was the best one I'd ever used.
Were they reviewing Spybot or not? I saw mention of it in the results, but I don't think it was on the results chart...
Note that the test was for enterprise versions of the products, meant for support of a 150 or so user network. Your mileage may vary if a test is done for single computer home use.
Each of them captures a certain area, but none are the One Ring or anything.
Apparently powerful, but deceptive and treacherous with a rootkit from the creator?
Live today, because you never know what tomorrow brings
It's nice that they acknowledge the existence of free solutions ("freeware" anti-spyware programs), such as (my personal fave) Spybot Search & Destroy. I would feel a whole lot better about this article if it would actually compare these expensive commercial programs to the whole playing field of contenders. Leaving out the least expensive solutions (free ones) leaves this article wanting.
It frightens me that Microsoft has suceeded so well with their shoddy products that we all think that having to run a spyware tool is normal.
It is NOT normal to have to do this.
I don't know the meaning of the word 'don't' - J
For those of you who are too lazy or otherwise unable to reach the article (which in a matter of minutes should be just about EVERYONE), here's the summary:
Scenario 1: This larger (over 150 users) company is seeking dedicated anti-spyware. It needs a solution that can detect and clean up a range of malware on its machines.
Winner 1: Computer Associates eTrust Pest Patrol and Symantec Client Security. Once a network goes above 150 nodes the case for centralised management command and control capabilities becomes more important. CA wins here for its performance and ease of management, and Symantec for its accuracy.
Scenario 2: This smaller (less than 150 users) company is seeking dedicated anti-spyware. It is seeking a solution that can detect and clean up a range of malware on its machines.
Winner 2: PC Tools Spyware Doctor 3.0 for its ease of use, accuracy, and performance.
Editor's Choice: Symantec Client Security 3.0
It was neck and neck for the Editor's Choice Award between CA and Symantec. Had CA or even PC Tools detected more (they were both above average), they could have won, however, Symantec blitzed the field in detection which is really what you want. Note that this is at a trade-off to performance, and bear in mind that Symantec also includes antivirus, so your decision may come down to what virus scanning policy and system your business is already using.
SIG: TAKE OFF EVERY 'CAPTAIN'!!
Did any of them find the Sony rootkit?
I don't understand this. How can you trust an infected machine without wiping everything out. Even MS accepted that it's not possible to clean some rootkit kind of spyware if you don't reinstall Windows. Even if it can, how can you trust, without checking every bit of the OS? This is not Windows issue, it's same with linux or any other OS. But it's also very hard unless you're very ignorant, to get a complete infection with linux than Windows.
I would not trust any machine which is infected once, because there can be countless ways to hide an application once a hacker got in.
...a Mac and a Linux user, who wondered what all the fuss was about.
How about not using a hopelessly broken OS in the first place?
How about learning to operate a computer first? Most of these users with spyware problem stem from being computer illiterate. I don't get any spyware on my machine but I don't open anything that says "Click Here for Free Smiles", I use Firefox read the EULAs on anything I install and at least make smart decisions instead of installing anything I see without any problems. You wouldn't go driving a car without some proper maintance or you would have problems, but people don't see it like that, they figure anyting they can do on their machine can be easily fixed by someone for a cheap price or even free if they knew a computer nerd that will fix there computer for them.
Take my brother for example he installs anything he wants on his computer and dosen't care because as soon as I come home to visit my mother guess who is going to format and reinstall the OS again and make everything beter again and this cycle goes on and on.
How many average PC users would be able to maintain a Linux box? It's hard enough for most of them to simply use Windows let alone manage a PC. Can you really see a vast majority of people switching OS? The worst thing would be that once the Linux population gets to a significant proportion it would become worthwhile to write viruses and spyware for it. The elite niche that Linux users enjoy is part of it protection, not just because it's more robust. I'm sure given sufficient motivation there are exploits to be found in Linux as well. For now any reasonably clued up Windows users can avoid most of the problems associated with viruses and spyware.
I recommend SpyAxe. It generates pop-ups and then, conveniently and promptly, lets me know that my machine has been infected with spyware.
"you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything."
No kidding!!! What do you say at this point?
For the client-side antiSpyware solutions, how is the client-side performance? I've seen some very comprehensive virus scanners that also drag performance down into the mud. For example, Symantec severely impacts Metrowerks' compiler and copy times to and from SMB shares. McAffee utterly punishes network performance. cygwin's rsync ran at less than 10% speed when McAffee was installed, and I had to uninstall McAffee to recover speed, I couldn't just turn off network scanning. I'm assuming the antiSpyware programs are similar to antiVirus programs in this regard, as they're basically the same software but with a different database of things to look for.
the problem with most of these modern anti-spyware software is all of them want to stay in memory ALL THE TIME. Even worse are Anitvirus tools. I tried once to install several of them to have mre than one on-demand scanner at my disposal, and it was a mess.
Even IF they offer the option to NOT load themselves at each startup, many still do load something anyway. Most dont even ask so that you have to disable 3 different services and 2 startup programs with cryptical names.
Otherwise you end up with all of these tools concurently trying to scan each file access / internet request, registry change etc.
You end up with all sort of interesting and unpredictable side effects, probably offering worse protection than each of them alone.
Could someone please explain to me what Spyware and viruses are ? I've been on Linux for 3 years and I forgot.
Notepad specialist & FAT administrator, group training available
From the test results page:
Clean machine accuracy and performance testing
* Accuracy: Only Lavasoft and Spybot Search & Destroy picked up anything when instructed to scan a newly installed and patched version of Microsoft's Windows 2000 Professional. Both reported Alexa (adware) related items. The other seven applications in this test correctly reported no items.
Sorry, but in my opinion, Alexa IS spyware (or can be if you use IE) and spyware detectors should find and at the very least warn you of its presence. From there it's up to the user to decide to keep it or junk it. Just because you have a fresh install from Microsoft doesn't mean it is clean. Microsoft is just as capable as anyone else of bundling crap with their software.
Hogwash. In Linux or Mac, you can accomplish all daily tasks as a user with limited privileges. This is often impossible in Windows. In Linux, you can easily choose to install software only from trusted sources (e.g. your distro's package repositories.) It comes with all needed apps. This is not true in Windows.
Need more proof? See this from the Register.
It's completely ignorant to say that Linux and Mac would be just as bad if they had more marketshare.
Penny - plain text accounting
http://www.zdnet.com.au.nyud.net:8090/reviews/soft ware/security/soa/To_catch_a_spy_Eight_anti_spywar e_tools_reviewed/0,39023452,39225147,00.htm
/. seems to be written in Perl.
Karma whore, I know.....
I don't know why the changeover to CSS didn't include a little modification to the story submission script that automatically updates all story links to use Coral Cache. It really wouldn't be that hard, especially considering all of
"City hall" in German is "Rathaus" Kinda explains a few things......
Nah. It's just that stories like this vindicate our reading of SlashDot on company time, so everyone opens it.
"Look Boss! It's about computer security! It's good that I'm reading this, right?"
(Funny joke, though)
"Live as if you'll die tomorrow." Ridiculous. You could die later today.
(Fair disclosure - I run Linux)
I see that in a lot of the responses the knee jerk "blame Microsoft" response has come into play. If you buy a house without a lock on the front door and a thief comes in and steals something, he gets arrested. There may be a lot of eye-rolling at your stupidity for not installing a lock after you bought the house, but the fact remains that you didn't break the law, the thief did. In the case of spyware, it is the company that planted the spyware that should get the blame.
You misspelled "spyware."
They don't mention what they infected the computers with or whether they ran a full scan with ad-aware, which would find more things likely. They also value detection over ability to remove the infection, which is understandable but only mildly forgiveable.
I can understand that they are looking at a corporate environment, but in a corporate environment with 150+ windows 2000 machines you'd think they'd have preventative measures in place and more security. I wouldn't let any user install anything on their machines and require going through IT to do it. Why spend all that money on spyware cleaning tools when it'd be more effective to setup a domain server.
As for the home... in a home or small office environment the computers tend to get so infected that they call when they can't get online, their browser gets hijacked, or windows doesn't boot. Running each and every one of those scans isn't going to fix it or even detect the culprit. It will involve lots of manual work and ingenuity, but in that situation it's faster and and better just to backup and reformat.
It's really not that hard to prevent infections nowadays, just need to be told what not to do. An anti-spyware program that will warn you of changes to startup items or new registry entries will NOT save you though. It might help but if you're doing stuff that constantly pop-ups warnings, it's inevitable you're going to get infected anyway.
It annoys me to no end when they completely neglect prevention and instead go for treating the symptoms. It's irresponsible, it's ineffective, and it's just to sell products. And I'll stop myself from going on a further rant in my first Slashdot response.
"Too lazy to fail." - Heinlein
But how's that prevent spyware? Most of it would work just fine as unprivliged code, just spyware the current user, espically since the current user is usually the only user. Or just ask for admin. Competent admins often check to see why, normal users never do. I've actually heard a Mac user say "Odd, that shouldn't need admin" as they were typing in the password. Ot's just another hoop to jump through, it doesn't provide any real protection.
Based off of how bad our clueless grad students get their Linux systems owned, I remain totally unconvinced alternate platforms offer any more inherant security. When it comes to protecting a user from themselves, there's not much you can do other than take away their administrative rights completely.
Why does there have to be some "magical" (or technically rigorous) reason for the lack of malware on Unix-type systems?
There is a certain myopia among technically-minded individuals that makes it seem that only a technical solution can solve a technical problem. This is not necessarily the case. Moving to a Unix-type system is the electronic equivalent of moving from a blighted inner-city ghetto to an upperclass suburban neighborhood. There's no technical reason why it should be any safer or cleaner--but it is. You might think that this is a "head in the sand" approach. But as far as I'm concerned, it's taking advantage of reality.
The US free market: two halves of a government-granted duopoly are free to set the market price.