Spyware Overkill?

[Binnit]

Having recently undertaken a clean install inc SP2 and all the bits, I am now running on my Home machine the following security utilities:-

GIANT Anti spyware
SpyDoctor
SpyBot
Adaware
EZ AntiVirus
EZ Firewall (although SP2 PFW takes over)

Is this overkill? am I at risk of wearing out my HDD with all the extra scanning these utilities do? Do I need more?(god forbid)

The trouble is, there does not seem to be any consistency between the Spyware programs regarding which ones pick up the various malware, for example, I ran each one last night and the results were

GIANT found 0
Spybot found 2
SpyDoctor found 1 (not the same as Spybot)

I know that these are freeware and I am grateful for it, but ultimately they all want you to purchase their advanced products, with mixed results like this, it looks like you have to buy all of them which seems to defeat the object.

At least with AV software your own provider appears to provide protection consistent with competitive providers, or is this a naive assumption?.

What is the answer going forward? multiple freeware or a never ending search for a single comprehensive package (if it exists)

I seem to spend most of my time getting paranoid and scanning my disks nowadays!

If IT ain’t working Binnit and Reboot

 

[Nelviticus]

It depends how paranoid you are. The more layers of armour you add the better protected you are but the harder it becomes to move.

Many of the items which Spybot, Ad-aware et al pick up are just cookies. If this is all you're getting then you don't need to worry too much, it's only if you're regularly getting nasty programs installed that you need to fret.

I use the free version of ZoneAlarm with its firewall turned off so it just alerts me whenever a new application requests network (i.e. internet) access. Combined with Windows' SP2 firewall this means that I can sleep fairly peacefully at night, knowing that if something unpleasant does get installed I'm probably going to find out about it when it wants to access the internet.

One extra program that I would highly recommend is Mike Lin's Startup Monitor. This runs in the background and pops up a message whenever something tries to add itself to the programs that run when Windows starts. You get the option to allow it to be added or not. It's very useful for preventing some annoyances, such as things like RealPlayer and Quicktime which insist on running some sort of system tray program at startup. It's also good at stopping parts of malware programs from changing your system.

I occasionally run Ad-aware and Spybot but the best defence against malware is to a) avoid the kind of sites that are likely to infect you, b) never let anything install itself unless you've asked for it and c) never run anything - email attachments or downloads - unless you're sure they're safe. In my many years of computing I have never yet had a virus or spyware program; at least, none that I've found.

Every anti-malware application - whether it's a firewall, a virus scanner or a spyware finder, no matter how expensive, cheap or free - is written by human beings who have to constantly update their software to take account of the latest threats. Unless malware writers start informing anti-malware developers about their latest versions there will always be some that slip through. The only way to be 100% sure of avoiding these is to disconnect your computer from all networks and never run any software. Obviously that's going too far so you must draw the line where you feel comfortable - I'd suggest a firewall, virus scanner and two anti-spyware apps, and stop worrying!

Regards

Nelviticus

 

[tazuk]

Binnit --

It's worthwhile adding SpywareBlaster to your list of utilities. It prevents spyware installation, but is not memory resident so doesn't add to your system load.

HTH

TazUk

Blue-screening PCs since 1998

 

[pmonett]

So you're using all those security utilities, and you're still using IE ?
Try Mozilla. I have been using this for more than a year now. I started when I got sick of being infected by Yet Another Home Page Hijack, and I haven't been subject to even a single unauthorized download yet. Popup and cookie management is a default, and advertising can be managed with a simple add-on.
Yes, I know you can find these tools in IE now, but IE is still not secure enough for my taste.
Keep your security tools, I run Ad-Aware and Spybot too from time to time. But the best security is to forego IE unless it is absolutely unavoidable (like online banking, or some commercial sites).

Pascal.

 

[Turkbear]

Hi,
Of course, you ned to keep Mozilla(Firefox) updated as well - there was a large security hole discovered just a few weeks ago.
See:

http://www.windowsitpro.com/Article/ArticleID/44139/44139.html

 

[bcastner]

1. Antivirus is different from malware detection, prevention and removal. There is a product specialty or focus, and you need both AV and antispyware tools.

2. Do not worry about wearing out your hard disk drive. It is your patience that is more likely to suffer.

3. Have one active AV scanner, and one active malware scanner. You have EZ and Giant. Fine.

4. Once a month or so, or whenever you do a backup or manually create a system restore point, run the suite of tools you already have. Then do the backup or system restore. There is absolutely no reason unless you experience a special problem to do this more frequently. But, make sure the definition files are current.

5. Do not run two firewalls. Choose the native SP2 firewall (which is perfectly fine) or EZ or the many alternatives, most with freeware versions. But one. But make sure there is one.

The real killer for us all is the new thing: the worm, trojan, or whatever piece of malware that was written specificily to bypass existing virus and malware definition files. While this has become more difficult over time, all here remember Blaster and Sasser.

Keep current with Windows Update for all recommended security hotfixes.

And stay current with Forums such as this that are early warning signs of a possible issue, and how to resolve the problem.

 

[Binnit]

Thanks to all contributions above and apologies for not responding sooner (Been too busy running my spyware progs!)

Nelveticus: I will look at your suggested "Mike Lin" monitor, you made some valuable comments for which I am grateful and even more so to learn that I am on the right tracks.

Bill, I recently ran in to the Bagle AU worm which disabled my firewall and seems to have found a weak spot, since my original posting I have disabled and switched over from SP2 PFW to the EZ version.

I will stick with IE6 as its what I am familier with (although thats probably not a good reason, its just me)

Thanks again
Binnit


If IT ain’t working Binnit and Reboot

 

[linney]

The freeware programs are good and I use many of the ones mentioned. Sometimes you have to take the next step and fork out a bit of cash.

To get an idea of what is available visit these sites.

http://www.wilderssecurity.com

http://www.diamondcs.com.au/index.php?page=products

Adware & Spyware Removal
thread779-950383

 

[Lanfo]

Nelviticus

Thank you for sharing that program, "Mike Lin's Startup Monitor." It is a great time saver, especially when doing a fresh install of an OS!!

For the spyware, I like to use the following freeware;

Spybot S&D
Ad-Aware (Free version)
Hijack This (Reg Scan)

It's by far what I see recommeded the most, especially Spybot and Hijack This.

I have not found any spyware/viruses that I have had to actually buy software in order to remove it. And I have worked on some PC's with insane amounts of spyware.

What's your favorite Spyware?
Think mine has to be the Coolwebsearch version that edits your hosts file, thats some funny stuff editing the hosts file so norton can't update lol. (It's funny now anyway.)

 

[linney]

Lanfo,

I just feel that it is sometimes wise to invest a bit of cash in order to prevent the problem from occurring in the first place and to avoid the damage caused and the time consumed fixing any problem.

I also see your point about using freeware and happily use a large amount myself. I just feel that in the presence of "real" Trojans, Worms or Virus, the freeware (antispyware) programs are found wanting.

I'll pass as to "favorite spyware", it is not something that I would have a favorite in. It is good that you enjoy the challenge and wage the battle.

 

[Lanfo]

I guess it's not really true that I haven't spent any money on antivirus, because I forgot all about norton and that's something I have to pay for annually. And it has caught a quite a few viruses for me, that I'm sure could of been major headaches.

Also should of said the number one, best anti viurs/spyware solution is this forum and ones like it.

Tek-Tips was a life saver when blaster was infecting tons of people thanks to the ms rpc port vulnerability. They had a thread here (I think in windows 2000 sectiong) that must of been 20 pages long.

 

[linney]

In fairness to Microsoft they did release Security Updates before that whole mess hit, but the sad fact was that many ignored them and suffered the consequences. I hope SP2 has gone someway in preventing similar issues occurring again, as well as improving overall security.

The fact that Microsoft has acquired Giant AntiSpyware and intends incorporating within Windows XP (details not known) will be a good prevention measure too.

 

[Lanfo]

Your right about that, I have noone but myself to blame for getting it. Before my system got infected with it, I had been hearing about it for a few weeks, in the news, at work and from family and friends.

With spyware as bad as it is, it would be a good move for them to introduce built in Anti spyware solution for their OS's,

Do you know if anything was said about doing something similar with Win2K?

 

[linney]

I believe Windows 2000 and XP are included but 98 and ME miss out.

http://www.microsoft.com/presspass/press/2004/dec04/12-16GIANTPR.asp

 

[Lanfo]

Sweet Thanks Linney.