PDA

View Full Version : Somewhat Off Topic- Recommendation for Malware Detection



Lewis Angel
03-07-08, 10:52 AM
Does anyone have recommendations good malware detection and removal ?
Preferably free.


Thanks,

Lewis

Bud
03-07-08, 11:28 AM
Lewis Angel wrote:
> Does anyone have recommendations good malware detection and removal ?
> Preferably free.
>
>
> Thanks,
>
> Lewis
>
>


SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html

SpywareGuard
http://www.javacoolsoftware.com/spywareguard.html

SpywareTerminator
http://www.spywareterminator.com/

SuperAntispyware
http://www.superantispyware.com/

SpywareDoctor (Free version from Google Pack)
http://www.pctools.com/spyware-doctor/google_pack/

AVGAntispyware (Free Version)
http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0

Many of these have a 'Pay' version which offer more options- like real time
protection. Check them out and decide which you like best. HTH

Bud

Sebastian G.
03-07-08, 11:41 AM
Lewis Angel wrote:

> Does anyone have recommendations good malware detection


Comparison against baseline.

> and removal ?


Complete reinstall. What else?


> Preferably free.

Did you intend to pay for something such trivial?

Bud
03-07-08, 06:01 PM
Just listed some without comment and forgot an old favorite of many. I'll
say more that might help you in making a decision..or not. LOL!
Comodo's BOClean which is touted to be good re: trojans and gets many good
reviews. It does lack on-demand scanning and real time protection but is
said to just lay there and go into action to stop a Trojan from running if
one is downloaded.

http://www.comodo.com/boclean/boclean.html

FWIW I also have the old versions of AdAware, The Cleaner and Spybot. The
Cleaner stopped all support and updates for this version in December and
AdAware can be updated only by a bit of run-around. I have not been
impressed by what I've seen or heard about the new versions and to get the
options that were available in the old versions now costs money. I'll
probably uninstall them soon.
I'm using the pay version of AVGAnti-spyware. The renewal for 2 years was
less than $20 and it get's good reviews and coverage. Easy to use also. The
free version of SpywareDoctor has found things the others have missed and
I'm considering getting the pay-for version of it also.
In any case unless you're really hard up for disk space I'd get and install
Spywareblaster, SpywareGuard and BOClean. They lack some features but take
up little resource and just kinda lay there if needed. I've used both
SpywareTerminator and SuperAntispyware and can't really tell much
difference. They are both free so try/use them both.
That's my take on some of these proggys so hope that additional info helped.

Bud

goarilla
03-08-08, 03:56 AM
Lewis Angel wrote:
> Does anyone have recommendations good malware detection and removal ?
> Preferably free.
>
>
> Thanks,
>
> Lewis
>
>

yes,
user education !

explain to your clients that
the windows software world is filled with trialware, crapware, nagware
that will try to conquer your desktop by any means necessary, and
because of this

they should only use approved software and if they want new software
that does a specific task they should ask the administrators for suggestions
instead of installing a bunch of unknown tools, that surfaced after
their first hasty google query.

VanguardLH
03-08-08, 07:11 AM
"Bud" wrote in message
news:MN2dnWepzeX0SkzanZ2dnUVZ_qOknZ2d@comcast.com...
> Just listed some without comment and forgot an old favorite of many.
> I'll say more that might help you in making a decision..or not. LOL!
> Comodo's BOClean which is touted to be good re: trojans and gets
> many good reviews. It does lack on-demand scanning

True. It is only an on-access scanner.

> and real time protection

Um, on-access (real-time) protection is what it DOES provide.

> but is said to just lay there and go into action to stop a Trojan
> from running if one is downloaded.

There are few database updates to BOClean anymore. Even the author
admits that the heuristics are antiquated. Don't expect it to find
many trojans anymore when compared to even the freebie anti-virus
scanners available now. If you visit the Comodo forums (which
acquired BOClean), it hasn't been updated in years and is not
considered adequate or even feasible anti-trojan protection anymore.
Comodo does intend to include portions of BOClean's algorithms into
version 3 of their free anti-virus program. Alas, version 2 of
Comodo's anti-virus program has less than 45% coverage of known pests
(i.e., it is a very poor AV program) and has remained in beta status
throughouts its existence (so Comodo can divert any indepedent testing
of their AV program under the guise of "its still beta"). Version 2
will always remain beta until version 3 comes out (that will include
HIPS); however, if version 3 remains beta for more than a couple
months then figure it will suffer the same fate as version 2 and be
low in coverage and discarded as a viable free AV alternative.

> FWIW I also have the old versions of AdAware, The Cleaner and
> Spybot.

Never used Cleaner. Although I still have Ad-Aware (free) and Spybot
S&D installed, I don't consider these as top-notch detectors anymore.
I use them like you use caulk around a window: doesn't block the major
problem but might fill in the holes. They're free and I do NOT run
them as on-access scanner but only as on-demand scanners.

> I'm using the pay version of AVGAnti-spyware.

This product used to be called ewido. Then Grisoft (under their AVG
product family brand) grabbed it and renamed it. It's good. Although
you download the trial version, it becomes a free version after the
30-day trial. That is, it does not fully cripple itself after the
trial period but instead just disables the on-access scanner, so it is
still a viable on-demand scanner. Grisoft also has their AntiRootkit
(also free).

> In any case unless you're really hard up for disk space I'd get and
> install Spywareblaster, SpywareGuard and BOClean.

While I still use SpywareBlaster to add AX disable registry keys for
known malware along with their bad sites list that gets added to the
Restricted Sites zone which, unlike a hosts file, still lets you visit
the site but neuters it, I wouldn't bother with SpywareGuard anymore.
Its algorithms are very antiquated. Even Microsoft's Windows Defender
is better (but not for pest coverage and instead as a monitor to check
with system changes are made). There hasn't been a database update
for SpywareGuard since 1/22/2004. You expect a security product with
4 year-old signatures to find any pests that you encounter today?
Dump SpywareGuard as it won't protect you. Signatures are too old.
Heuristic algorithms are even more ancient.

VanguardLH
03-08-08, 08:13 AM
Oh, and when trialing an anti-spyware product, you might want to check
how much memory it eats up. PC Tools Spyware Doctor eats up about
36MB but can occasionally jump up to over 150MB (even with you doing
nothing in its GUI).

There are some system protections in Spyware Doctor that duplicate
what Windows Defender and other security suites will protect.
Duplication means duplicate prompts regarding the same detected
change. However, many of these protections (under OnGuard) are
disabled in the free version of Spyware Doctor. Browser Guard,
Network Guard, Process Guard, and Startup Guard are all disabled and
you cannot enable them in the free version. So to have those
system-level protections, you WILL need to get something in addition
to the free version of Spyware Doctor. Considering that all but one
(File Guard) is disabled in the free version, Spyware Doctor consumes
too much memory.

Spyware Doctor is useful but understand that it is lureware trying to
get you to "upgrade" (i.e., PAY) for the full version. Considering
that almost all the "guard" protections are disabled, I would normally
suggest to just leave their OnGuard function disabled and use Spyware
Doctor as an on-demand scanner; however, disabling OnGuard does little
to return the memory that Spyware Doctor consumes. 35MB is way too
memory to consume for a security program that is only ran as an
on-demand scanner (i.e., when you are not running the on-demand scan,
the product should not consume ANY memory!).

Unless you are buying the full (paid) version or you are willing to
have a bunch of disabled "guards" consume memory then I'd suggest not
bothering to use Spyware Doctor.

VanguardLH
03-08-08, 09:20 AM
"Bud" wrote in message
news:1ICdnSrOTa2y5kzanZ2dnUVZ_qygnZ2d@comcast.com...
>
> SpywareTerminator
> http://www.spywareterminator.com/


You might want to read the license agreement presented during
installation regarding their Crawler "services", and read their
privacy "policy" at http://www.crawler.com/privacy_policy.aspx.
Crawler is the author of Spyware Terminator, and who really want you
to use their search toolbar so they can collect the ad revenue through
the redirects and ads in their search results. Crawler "services"
collect personally identifiable information about you. I don't know
if uninstalling the Crawler Toolbar (they called it opting out) gets
rid of all Crawler processes or behavior.

The original author of this product is a self-professed spyware
author. That is, he used to write the spyware that now he writes a
product to detect, similar to a thief that becomes a security
consultant. So he gained his experience to write the anti-malware by
first infecting users hosts with malware. Do you trust a convert (who
could convert back again and do so rather easily considering the tool
that you allowing him to install on your host)? At one time, Spyware
Warrior listed this as rogueware
(http://www.spywarewarrior.com/rogue_anti-spyware.htm) but eventually
removed it when it was less offensive; see
http://www.spywarewarrior.com/rogue_anti-spyware.htm#spyterm_note
(there is another same-named product and which is still listed as
rogueware).

Seems like the stuff that you are trying to get rid of using this tool
is included with this tool. This type of bundling with crapware is
not rare, especially with "free" software, but they should be polite
in letting you choose NOT to include the bloatware *during* the
install. During the install, you can deselect to install the "Web
Security Guard Toolbar". This is their way of hiding that it is the
Crawler toolbar. Later you get to choose to NOT participate with
their Spyware Central to send information when new (unknown) spyware
shows up on your host, but if it is new and unknown then their program
won't know about it. Anti-spyware software is just as prone to
zero-day attack as are anti-virus software. After installing Spyware
Terminator, and even if you deselect using the Crawler toolbar and
sending info about unknown programs to them, you might want to visit
the Settings in the program to further restrict what info gets sent to
them.

Besides other Crawler bloatware, they also bundle in Clam AntiVirus.
Pest coverage is poor (ClamAV at only 48%), worse than Comodo's poor
AV product (53%), when compared to other freebie AV products (Avira,
Avast, AVG). Don't bother with installing Clam AV.

Personally, I stay away from Crawler's Spyware Terminator. It is
still too tarnished for my taste based on its past, the company that
proliferates it, and the bundled fluff included with it.

Bud
03-08-08, 01:04 PM
> Personally, I stay away from Crawler's Spyware Terminator. It is still
> too tarnished for my taste based on its past, the company that
> proliferates it, and the bundled fluff included with it.

I did not enable the Crawler toolbar and was somewhat disappointed in it's
appearance in a recent update. Mat rethink my use of it in th future. You
are quite right in holding it in suspicion.

Bud

VanguardLH
03-08-08, 01:44 PM
"Bud" wrote in message
news:vtOdndZSdb7Zfk_anZ2dnUVZ_vXinZ2d@comcast.com...
>
>> Personally, I stay away from Crawler's Spyware Terminator. It is
>> still too tarnished for my taste based on its past, the company
>> that proliferates it, and the bundled fluff included with it.
>
> I did not enable the Crawler toolbar and was somewhat disappointed
> in it's appearance in a recent update. Mat rethink my use of it in
> th future. You are quite right in holding it in suspicion.


Do I understand that during the install of Spyware Terminator that you
deselected installing their toolbar but that a later "update" from
them shoved it into your host? Yikes. This illustrates the power
that all these security programs can exercise over your host that you
trust with your host. This shows that Crawler is NOT trustworthy.
With this capability ready on your host, they can install anything
they want and have proven that they will do so.

goarilla
03-08-08, 03:07 PM
VanguardLH wrote:
> "Bud" wrote in message news:1ICdnSrOTa2y5kzanZ2dnUVZ_qygnZ2d@comcast.com...
>>
>> SpywareTerminator
>> http://www.spywareterminator.com/
>
>
> You might want to read the license agreement presented during
> installation regarding their Crawler "services", and read their privacy
> "policy" at http://www.crawler.com/privacy_policy.aspx. Crawler is the
> author of Spyware Terminator, and who really want you to use their
> search toolbar so they can collect the ad revenue through the redirects
> and ads in their search results. Crawler "services" collect personally
> identifiable information about you. I don't know if uninstalling the
> Crawler Toolbar (they called it opting out) gets rid of all Crawler
> processes or behavior.

isn't that the exact definition of spyware: eg software that spies on
its users and sends sensitive personal information about them back
to their creators.

Bud
03-08-08, 04:42 PM
VanguardLH wrote:
> "Bud" wrote in message news:vtOdndZSdb7Zfk_anZ2dnUVZ_vXinZ2d@comcast.com...
>>
>>> Personally, I stay away from Crawler's Spyware Terminator. It is
>>> still too tarnished for my taste based on its past, the company that
>>> proliferates it, and the bundled fluff included with it.
>>
>> I did not enable the Crawler toolbar and was somewhat disappointed in
>> it's appearance in a recent update. May rethink my use of it in the
>> future. You are quite right in holding it in suspicion.
>
>
> Do I understand that during the install of Spyware Terminator that you
> deselected installing their toolbar but that a later "update" from them
> shoved it into your host?

No, I'm sorry about the misunderstanding. When I first installed
SpywareTerminator the 'Security Guard database' with the Crawler toolbar was
not present but was included in an update to be installed if you clicked on
it. After reading the terms of it I decided to forgo the 'Security Guard'.
;-) It was a sneaky presentation however with suggestions of internet
protection.

Bud

VanguardLH
03-09-08, 05:24 AM
"Bud" <bud@romance.org> wrote in message
news:RrudnaTQadf1i07anZ2dnUVZ_gudnZ2d@comcast.com...
> VanguardLH wrote:
>> "Bud" wrote in message
>> news:vtOdndZSdb7Zfk_anZ2dnUVZ_vXinZ2d@comcast.com...
>>>
>>>> Personally, I stay away from Crawler's Spyware Terminator. It is
>>>> still too tarnished for my taste based on its past, the company
>>>> that proliferates it, and the bundled fluff included with it.
>>>
>>> I did not enable the Crawler toolbar and was somewhat disappointed
>>> in it's appearance in a recent update. May rethink my use of it in
>>> the future. You are quite right in holding it in suspicion.
>>
>>
>> Do I understand that during the install of Spyware Terminator that
>> you deselected installing their toolbar but that a later "update"
>> from them shoved it into your host?
>
> No, I'm sorry about the misunderstanding. When I first installed
> SpywareTerminator the 'Security Guard database' with the Crawler
> toolbar was not present but was included in an update to be
> installed if you clicked on it. After reading the terms of it I
> decided to forgo the 'Security Guard'. ;-) It was a sneaky
> presentation however with suggestions of internet protection.


Oh, I see. Much like those installs or updates that try to sneak in
the Google or Yahoo toolbars.

VanguardLH
03-09-08, 05:52 AM
"goarilla" wrote in message
news:47d30018$0$2955$ba620e4c@news.skynet.be...
>
> VanguardLH wrote:
>>
>> "Bud" wrote in message
>> news:1ICdnSrOTa2y5kzanZ2dnUVZ_qygnZ2d@comcast.com...
>>>
>>> SpywareTerminator
>>> http://www.spywareterminator.com/
>>
>> You might want to read the license agreement presented during
>> installation regarding their Crawler "services", and read their
>> privacy "policy" at http://www.crawler.com/privacy_policy.aspx.
>> Crawler is the author of Spyware Terminator, and who really want
>> you to use their search toolbar so they can collect the ad revenue
>> through the redirects and ads in their search results. Crawler
>> "services" collect personally identifiable information about you.
>> I don't know if uninstalling the Crawler Toolbar (they called it
>> opting out) gets rid of all Crawler processes or behavior.
>
> isn't that the exact definition of spyware: eg software that spies
> on
> its users and sends sensitive personal information about them back
> to their creators.


Tis part of their Crawler toolbar which has you do web searches
through THEIR search engine. That way, as with Google, they can
present ads on their search result pages and collect ad revenue. As
with Google, they can and will record your searches (which can be
subpoenaed and used in court). Whether they give a gnat's fart about
you personally is probably insigificant but as part of their mechanism
to tailor their advertising. Supposedly if you elect NOT to install
their toolbar (which they try to hide during the install by calling it
something like Web Guard knowing it will lure users into including it
in the install) then no info is collected on you.

They provided you with a free utility, where "free" is defined by
their marketing group. You have motive in not having to empty your
wallet to get the utility. They have motive in generating ad revenue
or to hook a lure in your mouth for their commercialware. It's not
necessarily a bad tradeoff as long as the cost is actually realized by
both parties, and that includes you as the user of their product, and
as long as the actual costs are not hidden. Those costs are not
revealed when you read their description of their product on their web
page. Not until you read the license agreement, something rare few
users do, especially for "free" stuff, do you realize there could be a
cost.

I wouldn't have as much concern regarding their product if they were
upfront in describing its intent (from their perspective). However,
they know there are lots of users, like me, that won't bother with
adware no matter whether the ads be in my face or hidden in the use of
their product. If you dig, you'll find the cost of their free stuff
but they're hoping the majority of their users never do the digging.
How many users actually read the license, privacy policies, terms of
use, and other conditions regarding a product? Well, how many have
actually read the warranty that is in the manual that came with their
laundry washing machine or television?

VanguardLH
03-09-08, 08:52 AM
"VanguardLH" <V@nguard.LH> wrote in message
news:fqu6uc$d5b$1@registered.motzarella.org...
> Oh, and when trialing an anti-spyware product, you might want to
> check how much memory it eats up. PC Tools Spyware Doctor eats up
> about 36MB but can occasionally jump up to over 150MB (even with you
> doing nothing in its GUI).
>
> There are some system protections in Spyware Doctor that duplicate
> what Windows Defender and other security suites will protect.
> Duplication means duplicate prompts regarding the same detected
> change. However, many of these protections (under OnGuard) are
> disabled in the free version of Spyware Doctor. Browser Guard,
> Network Guard, Process Guard, and Startup Guard are all disabled and
> you cannot enable them in the free version. So to have those
> system-level protections, you WILL need to get something in addition
> to the free version of Spyware Doctor. Considering that all but one
> (File Guard) is disabled in the free version, Spyware Doctor
> consumes too much memory.
>
> Spyware Doctor is useful but understand that it is lureware trying
> to get you to "upgrade" (i.e., PAY) for the full version.
> Considering that almost all the "guard" protections are disabled, I
> would normally suggest to just leave their OnGuard function disabled
> and use Spyware Doctor as an on-demand scanner; however, disabling
> OnGuard does little to return the memory that Spyware Doctor
> consumes. 35MB is way too memory to consume for a security program
> that is only ran as an on-demand scanner (i.e., when you are not
> running the on-demand scan, the product should not consume ANY
> memory!).
>
> Unless you are buying the full (paid) version or you are willing to
> have a bunch of disabled "guards" consume memory then I'd suggest
> not bothering to use Spyware Doctor.

Oh, forgot to mention, PC Tools Spyware Doctor will NOT fix any
problems that it detects. It won't even delete tracking cookies.
When you attempt to "Fix" the detected pests, a window pops open
telling you that you have to *BUY* their commercial version. That
means Spyware Doctor is lureware, and bad lureware since not only do
they have you upgrade to get missing features from the crippled
version but they also require you to upgrade to do anything about any
detections they claim as pests. This is lureware that degenerates
into trashware (the trashbin is where this crap belongs).

Sebastian G.
03-09-08, 09:10 AM
VanguardLH wrote:


> Oh, forgot to mention, PC Tools Spyware Doctor will NOT fix any
> problems that it detects.


Well, how should it?

> It won't even delete tracking cookies.


Tracking cookies don't exist.

VanguardLH
03-09-08, 11:57 AM
"Sebastian G." <seppi@seppig.de> wrote in message
news:63i9frF286fa9U1@mid.dfncis.de...
> VanguardLH wrote:
>
>
>> Oh, forgot to mention, PC Tools Spyware Doctor will NOT fix any
>> problems that it detects.
>
> Well, how should it?

So you run anti-virus, anti-spyware, anti-malware or other security
products for what purpose? Just to alert you to a pest but then you
choose to go manually trying to eradicate the pest yourself without
any knowledge of even how the security product decided you had the
pest? Well, enjoy doing all the work yourself.

>> It won't even delete tracking cookies.
>
> Tracking cookies don't exist.


You don't understand the concept of cookies? You don't understand
that they can be used for tracking? You don't understand that they
are just .txt files and aren't themselves spyware but almost all
anti-spyware programs like to pretend they are so they have
*something* to report to the user of those products to make them look
like they are doing *something*?

Sebastian G.
03-09-08, 12:09 PM
VanguardLH wrote:


>>> Oh, forgot to mention, PC Tools Spyware Doctor will NOT fix any
>>> problems that it detects.
>> Well, how should it?
>
> So you run anti-virus, anti-spyware, anti-malware or other security
> products for what purpose?


Junk filtering and intrusion detection.

> Just to alert you to a pest but then you

> choose to go manually trying to eradicate the pest yourself


Indeed.

> without any knowledge

Flattening and rebuilding doesn't require any special knowledge.

> of even how the security product decided you had the pest?

Of course the first step is to verify the alert.

> Well, enjoy doing all the work yourself.

You're talking as if there was any alternative.

>>> It won't even delete tracking cookies.
>> Tracking cookies don't exist.
>
>
> You don't understand the concept of cookies?


No, you don't.

> You don't understand that they can be used for tracking?

I do understand that they can't be used for tracking on any sane browser
configuration, and especially that the usage of the DOMAIN attribute doesn't
make it intended for tracking.

> You don't understand that they

> are just .txt files and aren't themselves spyware but almost all
> anti-spyware programs like to pretend they are so they have
> *something* to report to the user of those products to make them look
> like they are doing *something*?


Obviously I do understand this.

Bud
03-10-08, 01:06 PM
Lewis Angel wrote:
> Does anyone have recommendations..

Did you learn more thn you cared to know? ;-) This is my last post:

FWIW Spyware Doctor (free) does remove stuff for me. And note that Spyware
Terminator does have real time protection and with that I wish you good
fortune. Live long and prosper. ,\\ // LOL!

Bud

Sebastian G.
03-10-08, 01:36 PM
Bud wrote:

> Lewis Angel wrote:
>> Does anyone have recommendations..
>
> Did you learn more thn you cared to know? ;-) This is my last post:
>
> FWIW Spyware Doctor (free) does remove stuff for me.


Strange give sweets to little children for free. And sometimes you're really
lucky since they actualy had both good intends and clean sweeties. It's
still a stupid idea.

> And note that Spyware

> Terminator does have real time protection and with that I wish you good
> fortune.


Is this as in "I wish you all luck. You'll need it!"?

Volker Birk
03-10-08, 11:44 PM
Lewis Angel <aprilfool3@verizon.net> wrote:
> Does anyone have recommendations good malware detection and removal ?

Yes. Don't try to remove malware. It cannot work reliably.
And better don't depend on detecting malware. Use it as an additional
feature in your security concept only.

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X