Anti-Spyware Software Sucks

from the so-much-for-that-plan dept

As spyware becomes a bigger and bigger issue for users, it's becoming clear that the current crop of anti-spyware tools is, in no way, keeping up with the spyware writers. A test of a variety of different anti-spyware tools shows that none of them work particularly well, and most do an awful job protecting your computer. In fact, it appears that some of the fee-based anti-spyware tools do even worse than the free ones. Still, even the best tool missed quite a bit. Considering the amount of spyware out there, and the overwhelming nuisance it causes, it's about time someone tried to take a much more holistic approach to stopping spyware, rather than simply trying to solve each case on a one-by-one basis.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Nov 24th, 2004 @ 10:54am

    Shoot the messenger

    Thats right.
    Lets bitch & piss & moan about the anti-spyware guys that are TRYING to fix something that they never fucked up to begin with.
    Thats so fashionable nowdays. Don't bitch & piss & moan about the spyware companies ... nope, complain that the free tools don't work well enough.

    Whaaa ...

    In fact, I think we should have a class action lawsuit started against all these evil anti-spyware companies.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Thomas Hawk (profile), Nov 24th, 2004 @ 11:10am

    spyware

    Uhhhh can anyone say Firefox?

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Mike (profile), Nov 24th, 2004 @ 11:29am

    Re: Shoot the messenger

    Uh... it wasn't shooting the messenger. It wasn't blaming the companies. The point was just to show that the tools aren't that effective which *is* important for people who think they're protecting themsevles, when they may not be.

    If you read this site, you know that we constantly write about the companies distributing spyware, but that doesn't mean weak tools should get a free pass.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Nov 24th, 2004 @ 11:45am

    No Subject Given

    none of them works (plural) very well. None = not + one; singular

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    SkyeFox, Nov 24th, 2004 @ 12:15pm

    Re: spyware

    You gotta love Firefox. I purposly went to a site that I knew from past experience would install a trojan (iwantsearch toolbar) on my computer. With Firefox it had no chance!

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Bryan, Nov 25th, 2004 @ 4:09pm

    Re: Shoot the messenger

    WTF are you talking about? That was not a stab at the tools, you ignorant turd, it was simply a (correct) statement that the current selection of tools and their abilities is inadequate. Everyone knows the spyware writers/companies are to blame. Got any other painfully obvious views to share?

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Nov 26th, 2004 @ 8:24am

    No Subject Given

    true. i found the best tool to be a registry guard. it keeps an eye on the registry keys used to run applications on system startup. this freeware tool name is winpatrol found at www.winpatrol.com

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    jeremiah, Nov 28th, 2004 @ 2:47pm

    How-TO

    As an aside, I received a smart tip from a tech-saavy friend regarding the removal of mal/spyware.

    He uses two products: Spybot S&D and AdAware. The "trick" is to disable System Restore (on XP systems), and run the spyware removal stuff in Safe Mode (with network support for updates). Four passes and two reboots later, clean as a whistle.

    Oh, and tell your friends: DON'T INSTALL KAZAA.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Steve Mueller, Nov 28th, 2004 @ 5:54pm

    Holistic?

    Considering the amount of spyware out there, and the overwhelming nuisance it causes, it's about time someone tried to take a much more holistic approach to stopping spyware, rather than simply trying to solve each case on a one-by-one basis.
    That's easy to say, but how do you actually do it? At least some people are trying to do something, even if they don't work perfectly. Some protection is better than none, as long as users realize that it's not perfect.

    Any holistic approach probably has to start with Microsoft, and SP2 may be a good start (preventing Browser Helper Objects from being installed, for example).

    Fortunately, I use Mozilla and don't have to worry as much about this.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Master Debater, Nov 28th, 2004 @ 5:57pm

    Re: Shoot the messenger

    That was not a stab at the tools, you ignorant turd....

    Sounds like somebody forgot their Prozac....

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    True Orient, Dec 8th, 2004 @ 4:16pm

    Disgusting Anti-spyware Methods!

    Disgusting Spyware Methods! Disgusting Anti-spyware Methods!

    DiamondCS is a reputable software firm that developed one of the best Anti-tojan applications I have seen, TDS-3. Unfortunately, DCS employs a hardcode technique that redirects the user to its site with numeric IP 64.91.255.87 upon pressing the F5 function key. Of course there is nothing wrong with this process. This fact could have remained unnoticed had it not been for a spate of really nasty IGN/CWS infections that showed the DCS redirects along with the nasties in hijacked Host files and shown below:
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch

    A quick google search of "O1 - Hosts: 64.91.255.87 www.dcsresearch.com" will provide at least 1,500 links (Yup! that many!). It should be noted that an HJT 01 entry will only appear if a Hostfile hijack is involved. Redirecting to the local host to will not appear in the HJT log. When asked about this, representatives of DCS at Wilders Security Forum replied that this is perfectly normal since it simply redirects from an alleged "bad site" to the legitimate DCS IP.

    If such were the intention, a simple redirect to the local host would have sufficed as this blocking technique is acceptable. However, redirecting to a preferred website is in any laguage, a hijack. This type of redirect is the method used by hijackers with the same objectives: redirecting to the chosen website. DCS cannot claim that since they are reputable, a redirect to their site is acceptable. No one has nor can given them that status. A hijack is a hijack is a hijack.... The method is absolutely wrong!

    Now comes an interesting scenario.

    Quote:
    "Itís becoming such a sizeable problem in the US that the Government voted unanimously in Spring 2004 to approve the first-ever anti-spyware bill. The Securely Protect Yourself Against Cyber Trespass (Spy Act), approved by the US House of Representatives, would levy fines up to $3 million for those who illegally collect personal information, change a browser's default home page or bookmarks, log keystrokes, or steal identities "

    Quoted from http://www.net-security.org/article.php?id=746

    Do you realize that if I invested in TDS3, bookmarked www.dcsresearch.com or set my homepage to www.dcsresearch.com, the chances are I will be redirected to DiamondCS? This can be documented and I can then sue DCS for illegally redirecting my browser, right? And all because DiamondCS has chosen to adopt a Trojan method instead of a Hostfile block or Help update? Think about it.

    Too, what are the chances of a crazy picking up this post and doing exactly the above? This is a possibility they brought upon themselves for insisting that what they were doing was simply protecting their interests. They chose the expedient/easier route now they are susceptible to para-legal issues.... Sooner or later, this will happen....

    Your thoughts?

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This