Best free antispyware
Find out if your PC is part of a botnet
It is estimated than more than 50 million PCs around the world are now silently controlled by spammers and criminal gangs. These "zombie" PCs as they are called, are just normal PCs owned by Moms and Pops that have been taken over by malware secretly downloaded onto the PCs using web exploits, infected emails and more.
These zombies are organized in vast networks called botnets with each botnet owned and controlled remotely by different criminal groups. The most common use of botnets is sending spam.
Most zombie owners don't even know their PC is under the control of someone else. That's where this program from Trend Micro is useful:
"RUBotted is a free program that monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer."
http://www.trendsecure.com/portal/en-US/tools/security_tools/rubottedSpyware Doctor Starter Edition has smaller signature database
PC Tool's Spyware Doctor is an outstanding commercial anti-spyware product that, along with CounterSpy and SpySweeper, is among the leaders in this software class. For some time a cut-down "Starter Edition" has been available for free. It's well documented that the free version has fewer active monitors than the paid edition, but it now appears that it's missing something else as well. According to reports in the PC Tools forum [1] the Starter Edition signature database is on installation, smaller than the paid version and fewer new signatures are downloaded during signature updates as well. This is most worrying, particularly the fewer signatures in the updates. What's missing? The very latest infections, the most toxic infections? There is no way of knowing. Until this is fixed I suggest that users should use the Starter Edition as a secondary line of defense only. Thanks to Rick Farrow for letting me know about this.
http://www.pctools.com/forum/showthread.php?t=49470&highlight=starter+pack+evaluation+signatures
Great site for removing spyware infection
If you suspect you have a spyware infection you should download the free HiJackThis! utility from here [1], then run it and paste the generated log to a security forum where experienced users can help you interpret the results. I normally recommend the Tom Coyote forums [2] for this purpose, but subscriber "John" suggests a smaller site run by Tom Mercado because: "if a user posts their HiJackThis! log in this forum [3] they get help within minutes or hours compared to the bigger sites that can take days." I tried it out anonymously and John is totally correct. Better bookmark this site, you might need it.
[1] http://www.spywareinfo.com/~merijn/programs.php
[2] http://www.tomcoyote.org/hjt/
[3] http://temerc.com/phpBB2
A new way to check out downloads for potential malware
In item 1.2 I mentioned that it's always a good idea to check downloaded programs for malware by using one of the free online services that will run the file through multiple scanners.
That approach, while highly useful, won't catch new malware that's not yet in the signature database of the scanners. Here's another way you can test programs for malware, one that doesn't rely on signatures.
Mandiant Red Curtain is a free program that looks at a program and assigns it an "interest" score based on certain characteristics of the file. The higher the score, the more suspicious.
According to the website, Red Curtain looks at "... multiple aspects of an executable ... such as the entropy (in other words, randomness), indications of packing, compiler and packing signatures, the presence of digital signatures, and other characteristics."
I tried it on a set of 10 files known to be safe and 10 known to contain malware. Seven of the safe files rated below 0.7 while eight of the infected files rated above 0.7.
Now that's not perfect detection by any means, but for a non-signature based program it is reasonably impressive. Certainly good enough to suggest that in experienced hands this is a useful new tool that can be used to complement the signature scanning of suspicious files.
I say "experienced hands" because the results need interpretation and the high rate of false positives may cause unnecessary concern among novice users.
http://www.mandiant.com/mrc
Review: Comodo BOClean v4.23
When I read that Comodo had acquired the commercial security product BoClean and were making it available for free [1] I was excited. BOClean is a malware memory monitor with a good reputation and a strong following. The possibility of combining this with a good freeware scanner like AVG Anti-spyware sounded like an attractive possibility. The name BOClean derives from the fact that BOClean originated as a specialist cleaner for the original Back Orifice trojan. Over time its capabilities were extended to other trojans and then to malware more generally. This history is not irrelevant. BOClean is by design an anti-trojan monitor with some other capabilities added on. Despite my high expectations BOClean performed poorly on testing. Naturally I couldn't run any of my normal scanning tests as BOClean is only a memory monitor and has no file scanner but on the other tests it performed terribly; arguably the worst performance of any product I have tested. You can read my lab notes here [1] but it suffices to say that BOClean missed too much and protected too little. Perhaps the worst aspect of its performance is its total lack of self protection. It can even be terminated by Windows Task Manger. If that's not bad enough BOClean is on the hit list of many of the security software termination programs that form an integral part of modern malware. Its lack of protection and slow response make it a sitting duck. More accurately, a dead duck. I hate to disillusion BOClean's many ardent fans but BOClean, like SpyBot Search and Destroy was a once great product whose time has passed. I simply can't recommend it for general use against modern malware. Hopefully the new owners of BOClean will develop and enhance the product; it really needs it. Freeware, all Windows versions, 1.34MB.
[1] http://www.comodo.com/boclean/boclean.html
[2] http://techsupportalert.com/Security%20Tests/Security%20Tests%20-%20%20Comodo%20BoClean%204.23.htm
Microsoft antispyware beta 2 tests
Last month I mentioned the release of the latest beta version of Microsoft's free anti-spyware program, Windows Defender [1], and said I'd have some test results for you this month. Well, testing this thing has proved a pain as it only runs under Windows XP SP2 while all my VMWare test machines are unpatched Windows XP. This means I've had to build a new VMWare test environment and re-run tests on all anti-spyware products in that environment. I'm only about a third of the way through this huge job but early results suggest Windows Defender may provide the best protection against spyware of any of the free anti- spyware programs but falls behind the top commercial products such as WebRoot SpySweeper. These results are preliminary and I may have to eat my words when I complete the tests. Free beta software, Windows 2000 SP4, Windows XP SP2, 4.3 MB
[1] http://www.microsoft.com/athome/security/spyware/software/default.mspx
Site lists P2P clients loaded with spyware
Some P2P programs will infect your PC with adware and spyware when you install them on your PC while others are as clean as a whistle. Find out which from this informative article.
http://www.spywareinfo.com/articles/p2p/
SpyBot's Teatimer explained
SpyBot's resident monitor is scantily documented. If you've ever wondered exactly what it does then you'll find some of the answers here.
http://www.voiceofthepublic.com/SSD/SI/teatimer.swf.html
Microsoft Antispyware beta 2 now available
A new beta version of MS Antispyware has just been released under the new name Windows Defender [1]. I haven't had a look at it yet but according to MS the new version has enhanced performance through a new scanning engine, a simpler interface, a warning system that rates the severity of threats plus improvements in Spyware detection and removal. Sounds promising but I'll know more next month after I've had a chance to test it. PC Magazine has done its own tests on a pre-release version and their reviewers were not impressed [2]. Free beta software, Windows 2000 SP4, Windows XP SP2 , 64 MB - 14.3 MB
[1] http://www.microsoft.com/athome/security/spyware/software/default.mspx
[2] http://www.pcmag.com/article2/0,1759,1926596,00.asp