Anti-spyware software
From HelpDeskWiki
| Table of contents |
General warning
Please do not install any except the antispyware programs mentioned below. There is a good chance that any others are made by criminals. Such rogue programs may install spyware instead of removing it, or they can in addition or instead produce dishonest warnings and false scan results about non-existent spyware on your computer (false positives). To be sure that no one has added a rogue program to this page that others have not noticed yet, check this (http://www.spywarewarrior.com/rogue_anti-spyware.htm) reputable page at Spyware Warrior. Some good programs are however not listed in that fairly old list, so please don't remove any programs from this page unless they're discredited on a reputable site like Bleeping Computer (http://www.bleepingcomputer.com/).
Many purported antispyware programs ARE spyware. Leave the beaten path at your own risk! More computers have probably been infected by rogue ANTIspyware programs than by spyware programs.
General instructions
Most antispyware programs and other antimalware programs are only effective when run in Windows's safe mode (tap F8 once a second while computer starts) and in all user accounts.
It's rarely necessary to scan with more than one antivirus program (and one should never have more than one running in the background!), but it's usually necessary to scan with more than one antispyware program (but only one should be running in the background, and it should be disabled during a scan by another one). Even the best antispyware programs don't find all spyware. So, install and run at least the first 3 listed below, but only one should be active in the background ("guard" or "realtime protection" function).
That should provide enough protection if you follow the Basics of safe computing, but it'd be a good idea to sometimes scan with the free versions of either AVG Anti-Spyware or SuperAntiSpyware. After a few weeks or months, you can stop scanning with more than one antispyware program if they never find anything except tracking cookies.
Viewing this page (http://www.bleepingcomputer.com/forums/topic93.html) and perhaps other Bleeping Computer pages in Internet Explorer will also alert you if one of many spyware infections is found.
Recommended antispyware programs
Listed in order of excellence, free ones (F) with real-time protection (FRT) first:
Comodo BOClean (http://www.comodo.com/boclean/CBO_download.html) FRT (for Windows 95, 98, ME, NT4, 2000, XP, Vista) This is not a scanner, so it should keep your computer clean, but you'll also need to use a different program if your computer is already infested.
Spyware Terminator (http://www.spywareterminator.com/dnl/landing.aspx) FRT (RT for Windows 2000, XP, and Vista, but it can also be used to scan Windows 98 and ME[1] (http://www.spywareterminator.com/legal/systemreqs.aspx)) (See this discussion (http://www.wilderssecurity.com/showthread.php?t=163113) and this review (http://www.pcworld.com/downloads/userreviews/fid,64132/userreviews.html) for opinions on this program.)
Windows Defender (http://www.microsoft.com/athome/security/spyware/software/default.mspx) FRT (for Windows XP and Vista)
SUPERAntiSpyware (http://www.superantispyware.com/superantispyware.html) F (for Windows 98, 98SE, ME, 2000, XP, and Windows 2003)
AVG Anti-Spyware Free Edition (http://free.grisoft.com/doc/20/lng/us/tpl/v5) F
Spybot Search & Destroy (http://spybot.safer-networking.de/) F (primitive FRT called TeaTimer)
Ad-Aware (http://www.lavasoft.de/) F
CounterSpy (http://www.sunbelt-software.com/CounterSpy.cfm) (15-day free evaluation)
Except for BOClean, the above programs are all scanners, so they can get rid of infections, but only some of them can prevent infections by providing real-time protection (often called guard, autoprotect etc.). Even if you have one with real-time protection, it's a good idea to also install the following two free protection programs:
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareGuard (http://www.javacoolsoftware.com/spywareguard.html)
Other antispyware programs
This (http://www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy) famous page at Spyware Warrior is the probably most reputable source of information on antispyware, with the so far only scientifically carried out test (http://spywarewarrior.com/asw-test-guide.htm) of antispyware programs. This famous page also lists some other reputable antispyware programs, but they're not as good, and/or they are more expensive than the above:
Spy Sweeper (http://www.webroot.com/wb/products/spysweeper/index.php) Causes very slow start on some computers. No easy way to disable real-time protection. The "free scan" version does not remove spyware, contrary to the trial versions of most other manufacturers.
Spyware Doctor (http://www.pctools.com/spyware-doctor/) Dubious business practices that are apparently a scam because the company does not bother to reply to criticism about false alarms. The "trial" version does not remove spyware, contrary to the trial versions of most other manufacturers. Spyware Doctor is a very good product, but it produces false alarms about harmless registry and other remnants of removed spyware, apparently as an intentional scam to scare people into buying the product even when they have succeeded in cleaning their computer with other products. Spyware Doctor labels these inactive and completely harmless spyware remnants as dangerous and active.
SpyCatcher Express (http://www.tenebril.com/consumer/spyware/spycatcher-express.php) Causes very high CPU usage on some computers and causes them to freeze up.
Pest Patrol (http://www.ca.com/products/pestpatrol/) (Although it's often praised in reviews, it sometimes gets bad ratings in comparisons, and its trial version used to be a joke/insult, but it looks like they're promising a functional trial version now.)
Additional help
In cases where none of the above antispyware programs can yet detect a new nasty, it may be necessary to use more specialised technician tools such as HijackThis and AutoRuns (see Windows cleanup), but please first read this:
A word of caution concerning such geeky tools. Keep in mind that the directions in all antimalware forums say to first clean computers with general-purpose cleaners (for temp files etc.) and antimalware programs before using tools such as AutoRuns and HijackThis. This is because these and other technician tools only stop the spyware or other malware from running. They do not remove the malware and its files and folders.
Such technician tools should therefore only be used as a last resort when the normal antimalware programs don't (yet) work against new malware. They also require subsequent manual deletion of the malware's folders. In addition, they require careful use and expertise to prevent crippling the computer.
Antispyware testing
Thoughts on Anti-Spyware Testing (http://www.spywarewarrior.com/viewtopic.php?t=22210&highlight=prevx)
2004 test by Eric Howes (http://spywarewarrior.com/asw-test-guide.htm)
