Slashdot Mirror

← Back to Stories (view on slashdot.org)

Antispyware Shootout

Posted by Hemos on from the battle-royale dept.

An anonymous reader writes "ZDNet has published a review of 8 antispyware products from Computer Associates, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Trend Micro and Webroot. Check out the Editor's Choice. Interesting winner ...." I've used quite a number of these scanners on and on & off basis, and I think the reality is that you if you are truly to clean a machine out, you're going to need to use like three - five of these. Each of them captures a certain area, but none are the One Ring or anything.

29 of 343 comments (clear)

  1. The site might be experiencing tech. difficulties by digitaldc · · Score: 5, Funny

    or the shootout ended up killing everyone, including the article.

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  2. Enough power by VincenzoRomano · · Score: 5, Insightful

    I wonder whether there will remain enough CPU power to run the applications once I will install three to four ofthose scanners.
    Maybe some major fix in the operating system (as well as in the users' brain) could help a little bit.

    --
    Maybe Computers will never be as intelligent as Humans.
    For sure they won't ever become so stupid. [VR-1988]
    1. Re:Enough power by c0l0 · · Score: 5, Funny

      Well, I guess we now know why Intel is heading for _FOUR_ cores on one DIE in 2007. One for your personal tasks, and the other 3 cores each for one anti-spyware-thingie exclusively ;)

      --
      :%s/Open Source/Free Software/g

      YTARY!
    2. Re:Enough power by plover · · Score: 5, Funny
      Three cores for the Aussie geeks, on their big island.
      Seven cores for the anti-spy programs, in their halls of ivory.
      Nine cores for trojans, doomed to spam.
      One core for the user, all alone.

      One chip to run them all
      One northbridge to bind them
      One RAM to feed them all
      And in the SMP array bind them.

      In the land of Mobos where the shadows lie.

      --
      John
  3. Spyware Warrior by popechunk · · Score: 5, Informative

    This might be a little out of date, but it's still my favorite review site. It talked me into paying for Giant right before MS bought it, which is too bad, because it was the best one I'd ever used.

    1. Re:Spyware Warrior by Mitchell+Mebane · · Score: 5, Informative

      Well, then you'll be happy to know Microsoft wasn't the only one who got Giant code. Sunbelt produces CounterSpy, also based off of Giant, and they seem to have a tougher stance on spyware than MS does.

      --

      The roots of education are bitter, but the fruit is sweet.
      --Aristotle
  4. Enterprise vs. Personal Use by mencik · · Score: 5, Informative

    Note that the test was for enterprise versions of the products, meant for support of a 150 or so user network. Your mileage may vary if a test is done for single computer home use.

  5. One Ring? by Kjella · · Score: 4, Funny

    Each of them captures a certain area, but none are the One Ring or anything.

    Apparently powerful, but deceptive and treacherous with a rootkit from the creator?

    --
    Live today, because you never know what tomorrow brings
  6. Free solutions by Anonymous Coward · · Score: 5, Interesting

    It's nice that they acknowledge the existence of free solutions ("freeware" anti-spyware programs), such as (my personal fave) Spybot Search & Destroy. I would feel a whole lot better about this article if it would actually compare these expensive commercial programs to the whole playing field of contenders. Leaving out the least expensive solutions (free ones) leaves this article wanting.

    1. Re:Free solutions by sevensharpnine · · Score: 4, Insightful

      I'm sure that this review was limited to either current or potential ZDNet advertisers. Tech journalism (web or print) has absolutely no credibility. The entire article is a thinly-veiled ad for the "contestants."

      --
      "God is a comedian playing to an audience too afraid to laugh." -Voltaire
    2. Re:Free solutions by lowrydr310 · · Score: 4, Informative
      I have a formula that works farily well to combat spyware/adware, successfully removing existing spyware and preventing the system from getting new spyware.

      1. Kill all unfamiliar windows processes
      2. Remove anything strange from the 'startup' folder
      3. Go to "add/remove programs" and try to remove anything you don't need
      4. Run Spybot S&D (my personal favorite too)
      5. Run HijackThis (another excellent FREE tool for getting rid of browser helpers and other search redirection 'utilities', though it's not for the novice user)
      6. Install Firefox, delete all shortcuts to IE.

      I've done this to several computer-illiterate friends' and family computers, and they've been working spyware-free for quite some time. I ran into one really nasty search redirection on my brother's computer that the above steps didn't fix. It involved IE calling one specific DLL for a search, and it would reappear as another name if I tried to delete it. Somehow, it was running as a disguised Windows 2000 system process that I simply had to turn off which allowed me to manually delete all associated files.

  7. Summary by Big+Nothing · · Score: 5, Informative

    For those of you who are too lazy or otherwise unable to reach the article (which in a matter of minutes should be just about EVERYONE), here's the summary:

    Scenario 1: This larger (over 150 users) company is seeking dedicated anti-spyware. It needs a solution that can detect and clean up a range of malware on its machines.
    Winner 1: Computer Associates eTrust Pest Patrol and Symantec Client Security. Once a network goes above 150 nodes the case for centralised management command and control capabilities becomes more important. CA wins here for its performance and ease of management, and Symantec for its accuracy.

    Scenario 2: This smaller (less than 150 users) company is seeking dedicated anti-spyware. It is seeking a solution that can detect and clean up a range of malware on its machines.
    Winner 2: PC Tools Spyware Doctor 3.0 for its ease of use, accuracy, and performance.

    Editor's Choice: Symantec Client Security 3.0
    It was neck and neck for the Editor's Choice Award between CA and Symantec. Had CA or even PC Tools detected more (they were both above average), they could have won, however, Symantec blitzed the field in detection which is really what you want. Note that this is at a trade-off to performance, and bear in mind that Symantec also includes antivirus, so your decision may come down to what virus scanning policy and system your business is already using.

    --
    SIG: TAKE OFF EVERY 'CAPTAIN'!!
  8. Sony by kidtwist · · Score: 5, Interesting

    Did any of them find the Sony rootkit?

  9. How can you trust an infected machine? by camcorder · · Score: 4, Insightful

    I don't understand this. How can you trust an infected machine without wiping everything out. Even MS accepted that it's not possible to clean some rootkit kind of spyware if you don't reinstall Windows. Even if it can, how can you trust, without checking every bit of the OS? This is not Windows issue, it's same with linux or any other OS. But it's also very hard unless you're very ignorant, to get a complete infection with linux than Windows.

    I would not trust any machine which is infected once, because there can be countless ways to hide an application once a hacker got in.

  10. And the winner was... by Anonymous Coward · · Score: 4, Funny

    ...a Mac and a Linux user, who wondered what all the fuss was about.

  11. Re:Why is this necessary? by Jugalator · · Score: 5, Interesting

    To answer your topic question, it's necessary because Windows users usually run with administrator rights and don't care much for what an installer may do. Think doing the same but in Linux as root.

    And then few OS'es out there will help if the user choose to install a spyware infested program and click "Yes" to install the whole thing. I mean, once a user run executable code with admin rights, what can the OS do?

    One solution is of course to run in a more protected user mode where you're requested of admin rights when it has to do something to the system, and the upcoming version of Windows will do exactly this, and what *nix desktop managers have had for years.

    However, when the user see "This application requires administrator rights", will he/she still just blindly fill in the requested info, click "yes", and get the spyware?

    --
    Beware: In C++, your friends can see your privates!
  12. Re:Prevention or cure? by stuckinarut · · Score: 4, Insightful

    How many average PC users would be able to maintain a Linux box? It's hard enough for most of them to simply use Windows let alone manage a PC. Can you really see a vast majority of people switching OS? The worst thing would be that once the Linux population gets to a significant proportion it would become worthwhile to write viruses and spyware for it. The elite niche that Linux users enjoy is part of it protection, not just because it's more robust. I'm sure given sufficient motivation there are exploits to be found in Linux as well. For now any reasonably clued up Windows users can avoid most of the problems associated with viruses and spyware.

  13. The best anti-spyware measure is between your ears by Sockatume · · Score: 4, Funny
    In the wise words of Luis Villazon:

    Imagine if there was a billion dollar industry dedicated to selling you hyenas to control the badgers in your garden. Imagine that, even though there are no badgers in your garden and never have been, these companies told you that you needed to have a snarling, vicious hyena patrolling your lawn in case one should ever appear. And not just one hyena either, imagine they told you to add another hyena every month to provide adequate protection. And imagine that the hyenas were bad-tempered, smelly, dug holes in the lawn and chewed on your leg whenever you stepped outside. Finally, imagine that your garden was surrounded by a high wall anyway and the only way for badgers to get in was for someone to post them to you in a conspicuous badger-shaped parcel that you could simply refuse to accept when the postman delivered it.
    --
    No kidding!!! What do you say at this point?
  14. What about performance? by mcgroarty · · Score: 4, Interesting

    For the client-side antiSpyware solutions, how is the client-side performance? I've seen some very comprehensive virus scanners that also drag performance down into the mud. For example, Symantec severely impacts Metrowerks' compiler and copy times to and from SMB shares. McAffee utterly punishes network performance. cygwin's rsync ran at less than 10% speed when McAffee was installed, and I had to uninstall McAffee to recover speed, I couldn't just turn off network scanning. I'm assuming the antiSpyware programs are similar to antiVirus programs in this regard, as they're basically the same software but with a different database of things to look for.

  15. always in memory by F�an�ro · · Score: 4, Interesting

    the problem with most of these modern anti-spyware software is all of them want to stay in memory ALL THE TIME. Even worse are Anitvirus tools. I tried once to install several of them to have mre than one on-demand scanner at my disposal, and it was a mess.

    Even IF they offer the option to NOT load themselves at each startup, many still do load something anyway. Most dont even ask so that you have to disable 3 different services and 2 startup programs with cryptical names.

    Otherwise you end up with all of these tools concurently trying to scan each file access / internet request, registry change etc.
    You end up with all sort of interesting and unpredictable side effects, probably offering worse protection than each of them alone.

  16. What is spyware ? by MagicFab · · Score: 4, Funny

    Could someone please explain to me what Spyware and viruses are ? I've been on Linux for 3 years and I forgot.

    --
    Notepad specialist & FAT administrator, group training available
    1. Re:What is spyware ? by Julian352 · · Score: 4, Insightful

      It's really annoying to me that all of the linux users keep on taking the holier-than-thou attitude to spyware. Spyware is not a virus and does not prolifirate on it's own. The vector of attack for spyware/adware is through the uneducated/uninterested user downloading his latest fun program. That means that as soon as those nice downloadable games will be available for Linux, the spyware will start coming out for Linux as well.
      It doesn't matter if you are running as admin or as the user, because for spyware the only thing that matters is your user behavior. Therefore if you install it as the user, it will still be able to show ads, replace your mozilla start page, do popups, etc. The only difference is that it will be per-user rather than machine-wide. For most people that wouldn't matter as they are a single user on that machine and the difference between having it be user-process or admin-process really isn't large. As it has been previously pointed out - the only thing that matters on a personal workstation is the user's data and you don't have to be an admin to have access to that. The only good thing could be the fact that removing it could be just a tad simpler, assuming that the software doesn't try to exploit some type of local-root exploits.

      The only reason Linux does not have that problem at this time is that there isn't a market for the spyware industry in the Linux world. The current Linux users are less likely to download those type of programs and more likely to ensure that the programs only do what they are supposed to. As soon as there is a noticeble increase in the average usage of Linux, the spyware will start to develop their expertise in that area as well.

  17. Most telling part of the article... by Anonymous Coward · · Score: 5, Interesting

    From the test results page:
    Clean machine accuracy and performance testing

            * Accuracy: Only Lavasoft and Spybot Search & Destroy picked up anything when instructed to scan a newly installed and patched version of Microsoft's Windows 2000 Professional. Both reported Alexa (adware) related items. The other seven applications in this test correctly reported no items.

    Sorry, but in my opinion, Alexa IS spyware (or can be if you use IE) and spyware detectors should find and at the very least warn you of its presence. From there it's up to the user to decide to keep it or junk it. Just because you have a fresh install from Microsoft doesn't mean it is clean. Microsoft is just as capable as anyone else of bundling crap with their software.

  18. Immunity of Linux/Mac NOT due to low marketshare. by massysett · · Score: 5, Insightful
    Every time a story like this comes out, someone says "just switch to Linux or Mac. They don't have spyware." Then someone writes back "oh, that's just because they don't have marketshare."

    Hogwash. In Linux or Mac, you can accomplish all daily tasks as a user with limited privileges. This is often impossible in Windows. In Linux, you can easily choose to install software only from trusted sources (e.g. your distro's package repositories.) It comes with all needed apps. This is not true in Windows.

    Need more proof? See this from the Register.

    It's completely ignorant to say that Linux and Mac would be just as bad if they had more marketshare.

    --
    Penny - plain text accounting
  19. Social Physics, really. by Valacosa · · Score: 4, Funny

    Nah. It's just that stories like this vindicate our reading of SlashDot on company time, so everyone opens it.

    "Look Boss! It's about computer security! It's good that I'm reading this, right?"
     
    (Funny joke, though)

    --
    "Live as if you'll die tomorrow." Ridiculous. You could die later today.
  20. typo by commodoresloat · · Score: 5, Funny
    Windows is a better operating system with more software than Mac OS X.

    You misspelled "spyware."

  21. Re:Why is this necessary? by tuxmaster · · Score: 4, Insightful

    The computer is not smarter then the monkey using it. If all the users run as administrator as most users do in windows then what good is it requiring administrator rights. They already have them. True a *nix OS is better at protecting from unwanted installation of programs for a few reasons. One reason is because with the windows browser is so closely tied to the Operating system itself. As any *nix operating system not so closely tied. Also in the *nix type operating systems the end user is by default mostly unprivileged. As with a windows user generally there is ether no user at all (that defaults to administrator level user) or there is a user with administrative rights. So that concludes that the main reason why Windows computers receive so much spy ware is because of the end user. If End users would take the appropriate percussions by first on day to day use run as a limited user. Running on a user with Administrative rights is like running a *nix system as root all the time it is just not smart. Second take the attitude that most web pages can not be trusted. Why ads ads ads marketing people like keeping a eye on you and how you use your money. Active X should not be used on a regular webpage. I am surprised how many times I browse the web with ActiveX prompting me to accept most of the time I click NO and the page works fine. Third do not download unusual programs. Forth do not click those banner ads. Last of all Do not let anyone do anything on your computer remotely or otherwise without giving them just enough permissions to do the job. If all those things are followed you will have one of 2 things or both. One a secure computer or two a annoyed user.

    --
    ~tuxmaster
  22. Pathetic review! by OrangeDoor · · Score: 4, Interesting

    They don't mention what they infected the computers with or whether they ran a full scan with ad-aware, which would find more things likely. They also value detection over ability to remove the infection, which is understandable but only mildly forgiveable.

    I can understand that they are looking at a corporate environment, but in a corporate environment with 150+ windows 2000 machines you'd think they'd have preventative measures in place and more security. I wouldn't let any user install anything on their machines and require going through IT to do it. Why spend all that money on spyware cleaning tools when it'd be more effective to setup a domain server.

    As for the home... in a home or small office environment the computers tend to get so infected that they call when they can't get online, their browser gets hijacked, or windows doesn't boot. Running each and every one of those scans isn't going to fix it or even detect the culprit. It will involve lots of manual work and ingenuity, but in that situation it's faster and and better just to backup and reformat.

    It's really not that hard to prevent infections nowadays, just need to be told what not to do. An anti-spyware program that will warn you of changes to startup items or new registry entries will NOT save you though. It might help but if you're doing stuff that constantly pop-ups warnings, it's inevitable you're going to get infected anyway.

    It annoys me to no end when they completely neglect prevention and instead go for treating the symptoms. It's irresponsible, it's ineffective, and it's just to sell products. And I'll stop myself from going on a further rant in my first Slashdot response.

    --
    "Too lazy to fail." - Heinlein
  23. Re:Were they reviewing Spybot or not? by killmenow · · Score: 5, Informative

    Click the "Print Article" button on the first page and it will present the entire article to you in one long HTML page.