Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

2/17/06 How does antispyware work?

by Lee.Koo Feb 16, 2006 6:43AM PST
Question:

Hey, CNET members! I am completely new to antispyware programs, and I would like to install one. However, I have no idea how these programs work. Do they work like my antivirus app? How do they know which files are good and which ones are bad? Do the programs need updating? I'd also like to know how to install these programs, if possible. Thank you very much.

Submitted by: Silvana L.

*******************************************************

Answer:

Silvana,

Antispyware programs are a lot like antivirus applications:

? Both essentially consist of a scanning engine that relies on signatures files (also known as definitions or fingerprints) to detect spyware and adware.
? Once a scan detects potentially harmful files, the antivirus or antispyware software will either ask you how it should handle the detections or remove or quarantine them automatically.
? More comprehensive antispyware applications offer real-time protection akin to what antivirus programs offer. Real-time protection monitors critical checkpoints in Windows. Antispyware software is designed to prevent the installation of both spyware and adware, in a manner similar to how antivirus protection blocks viruses, worms, and Trojans from installing.
? Your antivirus and antispyware software - and by extension, the protection they offer - is only as good as their latest definitions. These types of programs need constant updating. The frequency of new signature (and software) updates varies with the manufacturer, but it can be as often as every few days for antispyware signatures.
? Like antivirus software, some of the more comprehensive antispyware scanning engines use heuristic (rules-based) technology to detect new and unknown threats for which signatures are yet to be released.
? Free versions of well-regarded programs are available. However, these usually have less features and/or limited capabilities than their for-sale counterparts.
? Antivirus and antispyware applications are now commonly bundled with firewalls and other privacy tools as part of security suites.
? Both antispyware and antivirus software are relatively simple to use.

There is one HUGE difference between antivirus and antispyware software (at least for the purpose of this discussion):

? Antispyware software, as a group, does not come close to matching the performance and track record of antivirus applications. For instance, venerable products like Norton Antivirus and McAfee Viruscan block and/or remove nearly every virus they are expected to protect against. (And their heuristic technology help protect against unknown quantities!). By contrast, the best antispyware programs have a success rate of approximately 75%. That means they still allow an awful lot of nasties to get through!

The mediocre performance is a testament to the creativity and persistence of the folks creating spyware. But it also betrays the absence of reference standards that can be applied across the board, facilitating the comparison of products from different manufacturers and the creation of an unified front in the war against spyware.

Because even the best antispyware program only protects against roughly three-quarters of known threats, many security experts recommend installing two or three antispyware applications, with one of them providing real-time protection. The thinking behind this strategy is that spyware "getting by" one application might be detected by the other.

Fortunately, this is another area where antivirus and antispyware software differ: While running more than one antivirus (or firewall) program at a time is a recipe for trouble, the same is not true for antispyware applications. In my experience, you can run multiple programs with real-time protection without conflict, or even a noticeable degradation in your computer's performance.

So which antispyware programs should you consider? I strongly recommend the following three:


1. Spybot Search & Destroy (http://www.safer-networking.org/en/index.html)

Well-respected, user-friendly program. Spybot S&D features a built-in tutorial that is a godsend for anyone new to the antispyware game. You can also configure it to check for updates automatically. Real-time protection is available through its Immunize function. New signatures usually released every Friday. Free download.


2. Ad-Aware SE Personal (http://www.lavasoftusa.com/software/adaware/)

Another free download. Excellent in detecting and removing tracking cookies. A post-scan summary provides descriptions of threats found, their location in your computer, and their relative risk rating. Like Spybot S&D, Ad-Aware SE boasts an excellent help file that gets you up to speed in no time. On the down side, real-time protection and automatic updates require upgrading to Ad-Aware Plus, which costs $27. (But you can always configure the free version of Ad-Aware to remind you to check for updates manually!) Lavasoft releases new signatures frequently, often every few days.


3. Windows Defender (Beta 2) (http://www.microsoft.com/athome/security/spyware/software/default.mspx)

The folks in Redmond decided to show Windows users some love by releasing this new and updated version of Windows AntiSpyware Beta 2 on Valentine's Day. (Easier than sending boxes of chocolates via Automatic Updates, I suppose.)

Like Spybot S&D, Windows Defender offers real-time protection and automatic updates. In its present incarnation, this program does not scan for tracking cookies, though the capability will be added later on. (Beta programs are "works in progress," and as such might have some bugs and odd features. Overall, Windows Defender is stable enough to be recommended even in its beta stage.)

Windows Defender excels in recognizing and blocking program attempts to change settings, edit the Windows registry, or add items to startup. As such, it complements Spybot S&D and Ad-Aware SE quite well.


You undoubtedly realized that all three of my suggestions are free programs. There are other worthy antispyware utilities available, and most of them cost about $30 a year. The latest issue of PC Magazine reviews nine of them. If you are interested, you can read their findings on their website:

http://www.pcmag.com/article2/0,1895,1916810,00.asp

But before you part with your money, consider the following:

1. Given the lackluster performance of antispyware programs as a group, there is little reason to pay for something that will offer little or no extra protection relative to the free utilities. The $30 might buy you speedier scans and improved aesthetics, but hardly any more security. Even PC Magazine recommends that you back up your premium antispyware utility with a freebie, often Spybot S&D;
2. In my experience, the pricier software tends to yield more false positives (items that are not truly spyware) - and even some questionable detections. For example, files identified as "key loggers" might actually be legitimate components that allow you to open a program by clicking on its desktop or taskbar icon. This aggressive scanning might be built in by design, probably to give the impression of better protection. Because the files in question often have obscure names, it can be challenging to find out their identity, and even quarantining them can lead to problems;
3. As previously mentioned, Spybot S&D, Ad-Aware Plus, and Windows Defender complement each other quite nicely, and without slowing things down or software conflicts.
4. Once you become comfortable with antispyware software, you can always explore other titles to see what suits your needs best.

I should also mention that antispyware software available as part of security suites, personal firewalls (e.g., ZoneAlarm Pro 6) or antivirus software tend to be significantly weaker than their stand-alone counterparts - even the free versions.

Now that you know which programs to consider, you are ready to install them. Fortunately, installing antispyware programs is a breeze.

The first thing to do is to go to the websites listed above (or to that of any software that interests you) and download the installers (also known as setup programs). Alternatively, you can visit Download.com (http://www.download.com/), enter the appropriate program name in the Search Box, and you will be taken to a page from which you can download its installer. The download pages invariably include downloading and installation instructions, tips, and troubleshooting sections or links. The same information can often be found in the Help and Support or FAQ's sections of the manufacturers' websites.

Once the download is complete, close all Windows applications (e.g., Internet Explorer and/or Firefox windows, instant messengers, etc, but NOT your firewall or your antivirus), and run the installer. A wizard will guide you through the installation and configuration process, and your antispyware program will be up and running in no time. (If you can point and click, you can install virtually any software!) Install one program at a time, and restart your computer before installing the next one.

(You can always download and save several installers to your desktop, then run them one by one at your convenience. You need not install all three programs right away. Installing one program at a time facilitates troubleshooting in case problems arise from a bad installation or corrupted files. If something doesn't seem right, uninstall the program using the Windows Add or Remove Programs utility found within your Control Panel, download a fresh copy of the installer, and repeat the installation.)

It is imperative that you check for the latest updates immediately after installing an antispyware program. In all likelihood, the installation wizard will ask you to do so, and will also ask you to perform an initial scan of your computer. At this point in time, a "deep" scan is preferable to a "quick" one, though you can always run the more comprehensive scan at your convenience. Realize, however, that a deep scan might take considerable time - often an hour or longer. (Windows Defender's "quick scan" is anything but!)

While the scan is running, read the section in the help files (or tutorial) that discusses your first scan and the interpretation of its results. Make sure you understand what the results of a scan mean before deleting anything.

Understand, the information provided by scan summaries sometimes makes it very hard to make informed decisions about removal of cryptically named files. When in doubt, quarantine rather than delete, even if the recommended or default action is to remove the file. This will allow you to restore any files that might have been incorrectly identified as spyware. You can always use Google to find out more about mysterious detections, or check the antispyware program's website for more detailed information. With time, you will recognize the type of detections that truly require immediate attention.

Once the initial scan is completed, go over the program's settings (if you didn't do so during setup) to set preferences, schedule automated scans and update checks, if applicable. You're done!

It is a good idea to scan your computer for spyware a few times a week. My personal preference is to let Spybot S&D and Windows Defender handle real-time protection silently, and run Ad-Aware Plus manually a few times a week to remove tracking cookies. And whenever new signature files are installed for a program, I run a quick scan.

It won't hurt to perform a more thorough scan from time to time, or if you suspect your computer to have been at a higher risk for spyware exposure (e.g., P2P downloads, downloading free screen savers, someone navigating to casino websites or "adult" areas of the web.)

Lastly, if you notice that a program's signatures have not been updated for a relatively long time, check the program's website for a new version of the software. One thing I have noticed with antispyware programs is that their automatic updates feature often fail to detect program upgrades. It will keep telling you that your definitions are up to date or that there are no new ones available. In the case of Ad-Aware, the Checking for Updates dialog box will alert you of a new program version in the "News" section, but the alert is easy to miss.

Hope this helps!

Miguel K.


P.S.: Another free antispyware program worth checking out is Tenebril's SpyCatcher Express (http://www.tenebril.com/) SpyCatcher looks very promising, but in its default configuration it tends to quarantine a few files that might cause your computer to freeze during startup. The description of the nature and location of detections is somewhat incomplete, making restoring the right file a challenge. For these reasons, SpyCatcher is not a good choice for someone unfamiliar with antispyware programs. For more experienced users, it is worth a try.

Submitted by: Miguel K. of Columbus, OH

Discussion is locked

1 - 30 of 50 Posts
- Collapse + Expand Details
- Collapse -
Honorable mentions
by Lee.Koo Feb 16, 2006 6:43AM PST
Answer:

Silvana,

Spyware is an ugly, ugly thing. There are a number of decent tools that will catch and kill most spyware. These apps kind of, sort of work like antivirus apps, however there are a few key things to note:

1.) Unlike the Antivirus industry, there isn't a clear consensus as to what exactly IS spyware/adware. With viruses, it's pretty much a no brainer. There are clear definitions as to what a virus is. Spyware/Adware hasn't been quite as clearly defined.

2.) There's a LOT of politics as far as which bits of spy/ad ware are acceptable and which are tainted by the dark side. Last year, there was a consortium put together by some of the anti-spyware makers (I forget the name). The consortium fell apart when one known spyware maker was allowed, like a wolf amongst the flock, into the fold.

3.) In SOME cases, certain antispyware companies (as a result of #2) have made deals with spy/adware makers to NOT detect or remove their wares.

So what exactly IS spyware/adware? In a nutshell, spyware can be defined as anything that reports back to the maker various bits of information such as your web surfing habits, queries you've submitted to Google, Yahoo and other search engines. All this would NOT be that terrible if that's all they did. The more complex spy/adware apps also do nasty things - such as hijacking your browser, taking you to strange search engines, and influencing your search results.

And then there's the dreaded pop-up/pop-under... When you cross the fine line from spyware into the realm of adware, you get a slightly more sophisticated bit of software that not only reports, but gets marching orders as to what ads to pop-up/under your main browser, in the (hopefully) vague hope that you will click on the ad and earn them some money.

An example of how really BAD things can get: About a year ago, I had the displeasure of having to try cleaning out a computer that was so badly infested with adware - any time I went to scan the computer with an online antivirus app, the adware went NUTS popping up window after window after window advertising some unknown antivirus software app until the computer ran out of resources and ground to a screeching halt. Like I'm ever going to give these ******** a DIME of my business, let alone recommend their crappy tools. I finally got the machine cleaned up by going to a different online AV site that the adware didn't recognize and cleaned up the infestation.

Now, all this is NOT to be confused (entirely) with ad supported software. There are a number of apps that serve up advertising as a means to keep the application free or dirt cheap. How "evil" this is depends quite a bit on the application and how the ads present themselves. For instance, popular IM tool, ICQ, serves up small, relatively tasteful ads. No problem. However, there are a number of apps and applets that come bundled with spy/adware that, as we've seen above, do nasty things to your computer. Avoid these at all costs, whenever possible.

The big question - which anti-spy/adware products should you get? I recommend two or three - depending on what operating system your running.

1.) If you've got Windows XP SP2 (or later) Microsoft's Antispyware Beta seems to be a good tool. Unfortunately, you must be using SP2 or later to be able to download it and make it work.

2.) Lavasoft's Ad-Aware SE Personal is an excellent choice. And best of all, it's free.

3.) Spybot Search and Destroy is likewise excellent.

Why so many? As I mentioned above, there's no 100% clear and concise definition to what constitutes spy/adware. One app might catch and remove something the others miss entirely.

A quick side note: As a bonus feature, many antivirus providers have been delving into the realm of dealing with spy/adware. Most of the main players in the Antivirus game have been adding those features to their program suites to add additional value. Panda, Norton, McAfee and Trend Micro all have antispyware algorithms built in to even their most basic AV suites. As no program is perfect, it never really hurts to have any of the above mentioned antispyware apps on hand.

How they work:

Antispyware apps rely on lists of known files and scan for their existence on your hard drive. If file X exists, quarantine or delete it. If there's a registry entry that loads a known bit of spy/adware, kill it. If there's a cookie in your browser's cache, nuke it. etc...

As there are newer and uglier bits of spy/adware coming out all the time, there are newer, updated lists of things to find released periodically for these programs. Most will ask to be updated or update automatically.

Installation is straightforward. Simply download the installer, save it to disk, run the setup program and follow the prompts. You can find AdAware SE Personal 1.06 and Spybot Search and Destroy 1.4 at http://www.download.com (a CNET sister site) and the Microsoft Antispyware beta can be gotten from http://www.microsoft.com . It's usually a top download so it should be listed front and center.

Submitted by: Pete Z.

***********************************************************************

Answer:

Antispyware programs do work like antivirus programs where the main purpose is to rid of unwanted and potentially dangerous applications. In fact, many popular antivirus programs also protect your computer from spyware and adware like Avast Antivirus.

There are two types of antispyware protection: real-time and passive. Real-time antispyware programs run in the background like active Antivirus programs like Norton Antivirus. The main advantage of this is that it attempts to stop spyware as they are entering your system. And since most spyware enter computer system during web browsing, real-time protection does show its value here. The disadvantage is that real-time protection eats up memory (but usually not a lot) and CPU cycles. Passive antispyware programs, like the free version of Lavasoft?s Ad-Aware, do not run in the background. Instead, you have to manually run them and they will scan your whole hard drive for spyware and adware. The main advantage of passive protection is that it doesn?t eat up memory because they are not running constantly in the background. The disadvantage, of course, is that passive protection does not protect your computer from spyware in real time and running the program best work when you are not multitasking. In another word, if you are running a passive scanning session, you shouldn?t be doing anything else on the computer. Another disadvantage is that passive protection is more prone to be compromised if a certain spyware or virus has the ability to cripple any antispyware/antivirus programs.

Cost is another issue. Many real-time antispyware programs are commercial or shareware, which means you have to pay money for them. Some real-time antispyware can be downloaded for free like Microsoft Antispyware Beta, but only for a limited time. Passive antispyware protections can be found at little or no cost like the free version of Lavasoft?s Ad-Aware. Some real time antispyware require yearly subscriptions like antivirus programs. Freeware passive protection usually requires no subscription fees.

Like Antivirus programs, real-time antispyware programs need to be updated periodically to make sure the latest spyware definitions are used by the program. Spyware ?definitions? (or ?signatures? as some would call it), like virus definitions, is a database of all current spyware that the program can identify and remove/clean. Since spyware and viruses are discovered constantly, it is imperative to update your definitions frequently. Real-time programs usually have the ability to automatically update their definitions as well as any new versions of the software. Passive protection usually requires the end user to manually update the definitions (usually by clicking on a simple button) before running the scan.

All in all, spyware usually isn?t harmful like viruses but having enough of them will degrade the performance of your computer over time. Unfortunately, there are some spyware that can be downright nasty like SpySherriff where it take control of your whole computer (also known as ?hijackers?). With this in mind, it is better to invest in a commercial based real-time spyware protection that also has passive protection option as well as automatic update feature. This way you will be protecting your system from spyware and also have to option to manually scan and remove those that may have seeped through ? all while keeping tabs on newly discovered spyware. Memory usage is usually insignificant assuming you have enough system RAM and the little investment on real-time protection is worth more than the headache of removing that one or two spyware that renders your computer helpless.

Submitted by: James L. of Tustin, CA

***********************************************************************

Answer:

Dear Silvana,

To protect your system from spyware, an antispyware program takes several approaches, in order to give you full protection.

The best way, of course, is to prevent them from getting into your system in the first place. Many antispyware programs are now integrated into antivirus programs and download managers in order to detect them before they get into your system. That's your first layer of defense. However, you should also only download from trusted public sources, such as download.com, where you can be sure that no spyware may be tacked onto your install without your knowledge.

Your second layer of defense is a background program that monitors the system for suspicious activities, like a browser hijack jumping you to a certain URL, or a hidden program install that you didn't know about, or unauthorized modification of the windows HOSTS file in order to redirect you from a competitor's website. These are signs of a spyware trying to install itself, or trying to do its nefarious deeds, and with such background programs installed, you will be warned instead of being left in the dark. Microsoft AntiSpyware's security agent, and Spybot S&D's TeaTimer are parts of their respective packages that performs this background task.

Finally, there's the signature scan. Much like viruses, spyware have distinctive signatures that can be detected through file by file scanning. A database of these signatures can be compiled, and computers scanned for signs of their presence. These database must be updated frequently, and you must download them frequently so you are always up to date in your protection. Fortunately, most of these programs have an auto-update function.

To install an anti-spyware program is just like installing an antivirus. Just install, let it scan your system after the install, and enable the background (sometimes called "real-time") protection, and that's it!

The three big names in this field are AdAdware (scan only, no real-time component), Spybot S&D, and a recent dark horse... Microsoft AntiSpyware. All of them are free (AdAware has a professional version that's NOT free, and a personal version that's free), and there are no conflicts in running all three on your system. I have all three on my system and I run a scan with all three every few weeks.

So download them and try them, maybe keep all of them, and be safe when computing.

Submitted by: Kasey C. of San Francisco

***********************************************************************

Answer:

Hi,

First of all, let us take a look at the difference between computer viruses and spyware. A computer virus is a piece of code designed to replicate itself as many times as possible, spreading from one computer to all computers connected to it. Most recent viruses spread to other computers as an email attachment - the virus sends itself to everyone in the address book of the infected computer. The payload of a virus is designed to damage your personal files or maybe even your operating system.

Spyware, on the other hand, refers to malicious software designed to intercept or take partial control of a computer's operation without the consent of the user of that computer. They generally do not damage any files on your system. Instead they perform tasks like monitoring your browsing habits to deliver targeted advertisements, theft of personal information (like saved passwords, credit card numbers etc.) or redirecting you to advertising sites.

Now, antivirus vs. antispyware:

The difference here is the type of files they go after. Antivirus applications target files/programs which are likely to damage existing files on your system, either your personal files or system files.

Antispyware applications worry more about unwanted software installed on your system which would track your browsing habits, present you with unwanted advertisements and stuff like that. They simply ignore destructive viruses, leaving them at the mercy of the antivirus applications, and go after the spyware on your computer.

Both antivirus and antispyware applications look for their respective targets in a similar manner, they inspect the contents of the Windows registry, the operating system files, and installed programs, and remove files and entries which match a list of known virus/spyware components, or files having a particular design. Once detected, they treat their targets in a similar fashion, either quarantining them or deleting them altogether. Thus the main difference is the way in which they go after the unwanted.

Yes, you need to have both an antivirus as well as an antispyware program installed on your computer. Ad-aware and Spybot-Search and Destroy are two pretty useful antispyware applications. Microsoft has its own antispyware application which is a free download for Windows 2000, XP and 2003 users. Like antivirus applications, antispyware applications too require constant updates which can be downloaded from the vendor?s site.

Major security firms such as ZoneAlarm, Symantec, McAfee and Sophos have added anti-spyware features to their existing anti-virus products. I would recommend one of these for ease of maintenance since you have everything in once place as opposed to two separate applications.

As for installing them, it?s just like any other application, download the installation files from the vendor?s site (alternatively you could get it from your local computer reseller), run the setup file and follow the instructions.

Regards,

Submitted by: Noel R.

***********************************************************************

Answer:

Silvana,

If you have a PC, an antispyware program is as important as an antivirus program. In order to understand how antispyware programs work, you need to know how spyware works. Spyware can put tracking cookies on your computer. Cookies usually are helpful, like when they remember user names and passwords and shopping cart information, but can get malicious when they track your web browsing history across unrelated websites, resulting in an increased amount of spam in your inbox.

Another type of spyware is a browser highjacker. You'll know if you've encountered one of these if your home page and/or bookmarks have changed and you are getting excessive amounts of popup ads even when you're not surfing the internet.

Antispyware software does work like your antivirus software in that it searches your computer for tracking cookies and other spyware and allows you the option to ignore, quarantine, or delete the files. You also get these spyware removal programs on your computer in the same way that you get other programs: simply download them from the internet and install them. Unfortunately, there are some malicious antispyware programs out there. Do not download one from an unsolicited popup ad, it is probably spyware disguised as antispyware.

Norton antivirus is another program most computer people in the know tend to avoid. I recommend uninstalling it from your computer, as it slows your computer down and is largely ineffective.

I recommend Ad-Aware by Lavasoft, www.lavasoft.com. It is free, easy to download and install, allows you to perform a full system scan and a smart scan (which scans only parts of your hard drive that spyware is likely to be stored), and once spyware is detected, it allows you to ignore, quarantine, or delete the files. The only downside is that you have to manually check for updates (yes, just like viruses, new spyware is always being written, so antispyware definitions change in response to new spyware software) and manually perform the scans. For a nominal fee you can upgrade to the professional edition which allows you to schedule automated updates and scans.

One last simple way to avoid spyware, especially the more common and malicious types, is to change your web browser. Most spyware is written for Internet Explorer, and other browsers like Firefox or even Netscape are less prone to spyware. Of course, certain applications, like Windows Update, only work with Explorer, so it is helpful to keep that browser around. I use all three for various uses.

Happy Browsing!

Submitted by: Jeremy S.

***********************************************************************

Answer:

In a short answer, most of anti-spywares requires update, yes.

They work just like any antivirus app, they search for a specific signature or behavior.
Some anti-spyware programs keep monitoring those hidden registry lines in your system and compare it to what they should look like. If they are changed, the program will require your attention to find out if those changes are legitimate or not. Even if the new types of spyware are not detected, this attitude will fend them off nevertheless.

Anyway, spyware works exactly like a virus: they trick you into running their code (by assuming someone else's identity in your e-mail, for instance), it is hard to find out if they are really running, cause your system to misbehave (Pop-ups galore, anyone?), and the most dangerous kind will search for your valuables (passwords, credit cards and the like) and broadcast them over the Web. Not nice, as you already found out.

The original idea of spywares was to replace those long surveys to find out what is your consumer behavior, such as what kind of software or hardware are you prone to buying in the next six months, or what kind of sites do you visit the most. CNET itself uses this method, but they are more polite, presenting it as a poll, where you are willing to participate, with questions such as: "Will you buy Windows Vista when it shows up" and such. They will have the information, just as easily, but without prying into anyone personal lives without their notice, and driving you mad.

Installation of these programs is a breeze. If you can install your Office software without hassle, so does your anti-spyware program. They work and install by the book: they ask you to be installed in a folder inside your Program Files folder, they create a desktop and Start Menu Icons, and the most elaborate will boot along with your system so you are protected from the start, along with your antivirus, no secrets. Well, some modern programs now come in a virtuous triumvirate: they are firewalls, antivirus, and anti-spyware, all into one. All three names point out to the same problem: some evil is after your personal data, and you are willing to protect it at a cost. If you got the other two, the anti-spyware part is already late.

At last, spywares are not even complete programs (er, very few are), they are pieces of code embedded in other pieces of software, like viruses. They must wait until you run the twisted version of the other software, so they can run. In the worst-case scenario, they are embedded in sites code, as javascript and such, and just by entering those sites you can get infected by those plagues. I don?t see any difference between viruses and spywares, only their course of action is slightly different, so regular antivirus solutions can?t figure out how to trap them.

If you find anti-spyware programs that cover all of these points, you will be fine. Nothing prevents you from choosing the best in each area, and nothing prevents you from choosing a complete, single-company solution either. Recommendations go for 4 major players: Zone Alarm Suite, Norton Internet Security, (all-in-one) or AD-Aware combined with AVG Antivirus and Zone Alarm "lite" (neat, independent, all free-cost solution). Good luck.

Submitted by: Luiz A.

***********************************************************************

Answer:

Many use more than one anti-spyware program to be safer. Yes, they work like an antivirus program but they do not detect viruses, they protect against spyware. They search the computer for spyware with their own spyware data files and compare your computer with their spyware data. They detect the spyware on your computer; show you the names and information about them and delete them, destroy them. They need updating once a week just like your antivirus program, some auto-update.

Here are links to fabulous free anti-spyware you can download on line.
CNET recommends these and so do I. Many techs use these.

1. Spybot - Search & Destroy 1.4 http://www.safer-networking.org/en/download/ (Auto-updates)
2. Microsoft Anti-Spyware http://www.microsoft.com/athome/security/spyware/software/default.mspx (Auto-updates)
3. Spywareblaster 3.5.1 http://www.javacoolsoftware.com/spywareblaster.html (this one you remember to update once a week.)

DOWNLOADING AND INSTALLING
Go to one link at a time; install one thing at a time. Never install two things at once.
Downloading and installing is clicking on the word
1." Download " and clicking on a
2. File name and the word
3." Install."
1, 2, 3, the file installs itself by you clicking on it and following the cues. It is that easy. Once you download and install one, the rest is a piece of cake.

The best way for me, is to install to the "Program Files" folder. I do this to all the apps or program files I install. This way I know where they are and I am organized. There are a lot of program files (lowercase) in the "Program Files? folder" already. Do not worry about those. Don't let them scare you. When you are in this ?Program Files? folder do not delete anything. This will keep all your programs safe and trouble free. There are many yellow program file folders in your ?Program Files? folder.? They are all ?program files? (lowercase) all stored in one place, the ?Program Files? folder; (Uppercase)

Go to links one at a time highlighted in blue above. Click the download button. A message will come up and ask you where to download. (Where to put this application on your computer for you to install)

1. Click on ?C? (my computer)
2. Click on "Program Files."
3. Click ?yes?

Once it is downloaded to your computer do step 1 and 2 again but a little different.
On your desktop, right click on ?my computer? then on ?explore.? A list on the left appears. Click the plus button on ?C.? (Your computer stuff) Then look for a yellow folder called ?Program Files.? (Uppercase) Click on the Folder Called ?Program Files.? (Uppercase) (Every program is there) See all the yellow folders? They are all program files (lowercase) with individual names.

Look for the name of the file not in a Yellow Folder called ?spybotsd14.? It is not in a folder yet. On install it will make one for you. When you click on this it will automatically install. Follow the cues it gives you for installation. If it asks you if you want a shortcut on your desktop, click ?yes?. When it asks you ?Where to install?? click in ?Program Files? (UPPERCASE) You are putting this program into your ?Program Files? folder. (At the top) (Not into any of the other individual yellow folders.)
Once it is done installing you will see a program in your ?Program Files? folder called ?Spybot ? Search&Destroy? and an Icon on your desktop called, "Spybot - Search&Destroy." For me, to keep things very tidy and organized, I will drag my Spybot application (the one you clicked on to install) into my Spybot ? Search&Destroy folder in my ?Program File? folder. The application is not in a folder. (It is not necessary to drag the app into the Search&Destroy folder but I like things neat. I also forget things. This way everything is together.

Your program is installed and now and you can use it. The shortcut is on your desktop. Go to your desktop and click on it, it opens your Spybot Search&Destroy program.
1. Click on ?Search for updates.? (Do this first)
2. After updating, click on ?Download the updates.?
3. Go to ?Help? take the tutorial and get to know your program before you use it. Do not try to do the advanced things until you understand them and what they do. In advanced mode, spybot is very powerful and can damage your computer
4. Click on ?check for problems.? (It will give you information about the problems)
5. Do not change to advanced mode till you are experienced.
6. Remember to always do backups in the spybot before you allow changes.

It automatically asks you if you want to do a backup before it lets you delete or fix things.
You just click, "Yes" to let it do backups. It will do it for you and put the backup in the backup-folder in spybot. It is easy to find. It says "backup folder? in spybot."

Submitted by: Heidi B.

***********************************************************************

Answer:

Hey, CNET members! I am completely new to antispyware programs, and I would like to install one. However, I have no idea how these programs work.

Q. Do they work like my antivirus app?

A. Yes, they do have similarities. Some of them have 'resident' capabilities that watch your computer continuously, some don't...just like some AV apps do.

Q. How do they know which files are good and which ones are bad?

A. Basically, in similar ways AV apps do.

Q. Do the programs need updating?

A. Yes they DEFINITELY and most importantly DO! Some, if not all, have settings that you can configure to update similar to the update features in AV or you can do it manually, just like AV apps.

Q. I'd also like to know how to install these programs, if possible.

A. The same way you would install any other app on your computer, either from a zip file or CD-ROM disk. First you turn off all your existing running applications, then install according to directions. (I prefer to do this with my computer totally disconnected from the net since my other 'armor' apps won't be running.)

I, personally, like Spybot Search & Destroy and Ad-Aware. I run these two simultaneously. As a back-up to those two EXCELLENT programs I also use Yahoo's Anti-Spy. What one may not look for the other might and take care of. They play well together and are easy to use. I've used this combination on both Windows 98 and XP Pro with great results. And as an added BONUS you can download them for FREE right here in C/Net's Downloads section.

If you would like to learn more about these particular programs before you download them you can go to their respective websites to do so. The programs are available for download there as well.

Spybot Search & Destroy at: http://www.safer-networking.org/

The Ad-Aware at: http://www.lavasoftusa.com/software/adaware/

The Yahoo! Anti-Spy is contained within the Yahoo! Toolbar at: http://toolbar.yahoo.com/?.cpdl=iy

I hope this helps you in your all too important quest to protect your computer from spyware/adware, etc.

Submitted by: Julie A. of Kansas City, MO
- Collapse -
Overwhelming Adware Attack
by rickmccamy Feb 16, 2006 9:31PM PST

About eight months ago my new computer was brutally attacked by adware. I may have left my pop up blocker off over night ( I had been to a download site that required it), I may have visited the wrong site, er, well you know.
The next morning I noticed three new icons on the desktop, the little twerps had installed themselves.
Interestingly enough, the icons took to me to Anti-spyware sites. I was enraged and angrily emailed one of the companies involved.
I got an immediate and apologetic response, from their corporate offices. They denied that they would authorize anything like this, but admitted that there had been other reports of this kind of Adware, and they were looking at one of their ''affiliates''.
We exchanged several emails, and they showed real concern. Asking for any information as to where this attack had effected my computer, and the other companies whose icons had shown up, they were able to isolate the affiliate involved. It was a marketer they had hired, and this was how he got the firms name out to the public. I almost felt sorry for them but...You get what you pay for.
To me, it is akin to hiring teenagers to hand out flyers, and put them under windshield wipers in parking lots. But the kid turns out to be lazy, and he just throws them off an overpass into busy freeway traffic.
This infection was insidious. If I went to a forum I frequent, there were way to many highlighted links on the page. And they were highlighted in a different color than usual.
The word ''light'' might be highlighted, or ''golf'', or anything, up to twenty on a page, and they all took me to different web pages advertising something that related to the word that had been linked and didn't relate at all to the page I had been reading.
Over a period of 48 to 72 hours it got drastically worse. I was being redirected to the point that the computer became unusable. Pop up upon pop up were filling the screen, and the computer b e g a n t o s l o w d o w n.
My brother told me about Microsoft Beta, I downloaded it, ran it, found a bunch of crap, and deleted it. I immediately regained control of my computer. I was so relieved.
It became apparent, that I was still not completely clean. Ocassional redirections and improper links, so I downloaded Spybot. Spybot together with Microsoft Anti-Spyware Beta, gave me my computer back and are on duty still. They are joined by Lavasoft's Ad-Aware.
My only problem now is figuring out what it is these programs are calling spyware and if I want to get rid of it, or keep it.

- Collapse -
Spybot can help
by little eagle Feb 17, 2006 8:11AM PST

Spybot S&D lets you kill the 04's, the startups. Start Spybot click mode at the top left,
make sure that advanced mode is checked. Then click on tools on the lower left.
Then system startup, to the right is a double arrow bar click it to expand.
Now clicking on a value you will get a description of the command line. Removing the green
check mark will stop the startup, should you decide that you need or want it back just
replace the check mark. Restarting your PC will complete the change.
Remove the check marks from the ones listed below.

or check
http://castlecops.com/StartupList.html

- Collapse -
Additional advice from our members
by Lee.Koo Feb 16, 2006 6:44AM PST
Answer:

There are a variety of anti-spyware programs out there. Some are good and some are bad. Like Anti-virus programs they don't all pick up all spyware programs, some are very easy to use and pick up the majority of Spyware applications and attempt to fix them. Others pick up nearly all spyware and as long as your technically minded they will fix them.

The easiest one I've found to use is LavaSoft's Ad-Aware program. This has a constantly updated database with all recent spyware programs. It is very easy to use and notices most spyware. The only problem this program does have is some spyware programs alter internet settings by changing your proxy servers to go through their proxy. Usually Ad-Aware doesn't fix or doesn't notice this problem. If this happens and Ad-Aware attempts to remove the Spyware it can result in you not being able to use the internet at all, unless you know how to change the proxy back. If you buy Ad-Aware it does come with another scanner that will sit in the background and check any files as they are downloaded to ensure they're not spyware. One thing to watch with Ad-Aware though is that it does detect quite a few cookies as "spyware", usually these cookies are shown up in green as they are not that big a threat - most of the cookies are used by banner advertising on various websites just to remember which advert genre you clicked on so next time they can show you the most appropriate advert.

Another really good anti-spyware program is HiJack This. This is a very powerful spyware utility as it uses fuzzy logic to determine whether or not you have spyware on your computer. This program is great also because it doesn't install anything. It comes in a zip file which can be put anywhere on your computer, no hiding DLL's in the System folder or installing shortcuts all over the place. You keep it in one folder and when you decide you don't need that program anymore you can just delete the folder and it's all gone. The only problem with HiJack This is it's guilty until proven innocent approach to spyware. It doesn't have a list of spyware programs, all it goes on is checking whether or not things have been changed from the default Windows setting. This means that if you've allowed Google to be the default search engine, or you or your ISP have changed your homepage to some other site for example Yahoo.co.uk it will show these as possible spyware and it's up to you to remember what you've altered and what you'ld like to return to the default setting. However the really good thing about HiJack This is that it does check things like proxy servers and other hidden attributes in a computer that are hidden and will change them back for you if you don't think they should be changed.

I find it best to start with Ad-Aware first and see if that will clear out all the spyware on the computer. If after about 4 runs through it's still finding spyware other than cookies it's time to call in HiJack This (along with someone who knows alot about computers!)

One more thing to be wary of is fake anti-spyware programs. There are quite a few of these about where they claim to be antispyware programs or pop-up blockers and toolbars but in fact they contain spyware themselves, examples are programs like WhenU toolbar - great pop-up blocker, but it does pop-up adverts from WhenU when you try and search!

Submitted by: Darren F.

***********************************************************************

Answer:

Hi

I have found using along with a good anti virus program running two additional programs on a weekly basis, keeps my PC clean.

The first is Steven Goulds CleanUp! (http://www.stevengould.org/software/cleanup/), this removes all cookies, Temp Internet Files and more. Bearing in mind most simple spyware programs 'hide' in the temp internet folder this program removes them. That way they cannot be run by any command in the start up list. This is a shareware program and worth the
- Collapse -
HiJack This Logs Destroying Web Search Usefulness
by pmchefalo Feb 18, 2006 12:01AM PST

IMHO, I would hope no one ever uses HiJack This again. It seems to be a Uber-Geek trick to clog the Internet with data that makes it well-nigh impossible to get useful information on spyware (that's a little over the top, but I get that way when I'm annoyed.)

The recommendations in the winning post are much better.

- Collapse -
lol
by little eagle Feb 18, 2006 6:43AM PST

Hijackthis is used to find the new hijacks that come out.

Most of the new startups http://castlecops.com/StartupList.html

Were found with this program. Then passed on to anti-spyware and anti-virus venders to locate the new entries made to the registry. So that people would not have to crawl through the registry.

When I started in this two years ago there were only 3,000 startups.

- Collapse -
About Antispyware,
by JosePablo58 Feb 16, 2006 6:22PM PST

Hi Miguel,
I consider myself as a rather experienced computer user and I use indeed the same 3 programs you mention here.
Still I have never seen a better explanation about this subject and that is why I like to say THANK YOU!
Joseph.

- Collapse -
Clean Boot
by edge_bit Feb 16, 2006 10:03PM PST

The down-and-dirty way to rid yourself of files you know don't belong on your PC is to do a clean boot, but DOS boot disks don't tend to have NTFS access.

I've found a great utility that only requires you have a Windows XP install CD on hand, and it creates a bootable Windows XP CD for you!

The program I'm speaking of is Bart PE. It can be found at http://www.nu2.nu/pebuilder/ and has become a part of my PC rebuilder toolkit.

Cheers

- Collapse -
Clean Boot
by edge_bit Feb 16, 2006 10:04PM PST

The down-and-dirty way to rid yourself of files you know don't belong on your PC is to do a clean boot, but DOS boot disks don't tend to have NTFS access.

I've found a great utility that only requires you have a Windows XP install CD on hand, and it creates a bootable Windows XP CD for you!

The program I'm speaking of is Bart PE. It can be found at http://www.nu2.nu/pebuilder/ and has become a part of my PC rebuilder toolkit.

Cheers

- Collapse -
Black Helocopters
by pissed-off Feb 16, 2006 6:36PM PST

Although youse guyse have done an excelet job of discussing the software, the viruses themselves are often not discussed.

In the early days, the viruses were games played by malicous people.

but today, many of us believe that people like MS and McAfee are involved in writing them to some different ends.

One use for a bot is to scan all the files and programs on your machine and report on them back to some corporation.

Another theory is that the companies that sell protection have a dark underside. they promote infection. Ever notice how the number and severity of viruses has declined since there have been so many and such good freeware packages ?

To help feed our conspiracy theorys, people like John Dvorak discuss how more recent strains are so much more of a tweek than new. tweeks to get past the point of being considdered offensive to harmless. but, harmless anything that can get past that firewall is very suspicouls to us in the black helocopter crowd.

I stay with free-ware. one reason is that it is so good, and the other reason is to keep the big companies from profiting by virus scares as that reduces their possible involvement in writing them.

My heart-felt wish is that no one reading this ever has a problem with a virus.

The other side of that is that if you do not back-up you have no one to blame but yourself. I assume you would not drive a car without brakes right ????

Dave

- Collapse -
Black Helocopters and those guys in their dark sunglasses
by Martin Delaney Feb 17, 2006 4:40AM PST

Yeow! Something new to think about, another conspiricy theory, but I do think you are right on target. Thanks

- Collapse -
When your anti-Spayware program doesn't remove them
by little eagle Feb 16, 2006 7:38PM PST

Written by Merijn Bellekom HijackThis (HJT) examines some key areas of the Registry and Hard Drive. We recommend you do not fix anything with out help from some one that has been trained in the usage of HJT. Although it is a tool for removing spyware and other undesired programs, it list legitimate programs, viruses, hijackers.

CNET doesn't let you post HJT logs here but a list of sites that can help you remove hackers can be found here http://asap.maddoktor2.com/

- Collapse -
DSO Exploit
by Sundance98rw Feb 17, 2006 12:46AM PST

*Bug Doctor or you name them...can't fix this Registry
Tracking device. No one seems to even be able to
find DSO Exploit....only Spybot....Is this only
because we are running a Raid Controller and dual
3.4 Ghz processors?

- Collapse -
DSO Exploit
by little eagle Feb 17, 2006 7:50AM PST
- Collapse -
Spybot 1.4 has a 'bug' of it's own. So you can...
by btljooz Feb 17, 2006 8:37AM PST

...do what I did and set 1.3 to ignore the DSO Exploit, but nothing else.

Spybot Search & Destroy 1.4 has a 'bug' of it's own that is even more troublesome than the DSO thing in 1.3. This bug causes the TeaTimer 'Allow'-'Disallow' popup graphic to morph into itself.

If you do decide to 'upgrade' to 1.4, the workaround for that bug is to press the 'A' key to Allow a change to the registry or the 'D' key to Disallow the change to the registry. The checkbox that sets the program to Remember your decision still works fine.

When I, only recently, got peeved enough with this problem to e-mail the makers of Sb S & D about it, they said they already knew about the problem and have been working on fixing it for over a year now. When they have it fixed they'll release a new version. They gave no indication as to when they expect to be able to release the New version, though. They gave me the info about the 'workaround'(given above) for the 1.4 version's TeaTimer graphic problem.

- Collapse -
Running anti-spyware
by jeanne--2008 Feb 16, 2006 7:58PM PST

Miguel, I wonder if you recommend running the spyware in Safe Mode, as was recommended to me?

jeanne Monast

- Collapse -
What about Ewido?
by wiseloki Feb 16, 2006 9:00PM PST

I have a PC running XP Pro SP2 and use NAV 2004 and ZAP. Every week I update and scan with Ad-Aware and Spybot and I have SpywareGuard and Spywareblaster installed.

I also use the free version of Ewido, which scans in places the others don't seem to and appears to be pretty impressive as it found some tracking cookies in a backed-up profile from Firefox that I'd saved elsewhere on the HDD. Its full PC scan takes an age, though.

I've just downloaded Windows Defender as a result of this piece and have scheduled a quck scan daily and will use a full scan weekly.

It all takes some time, but that's the price of a clean machine.

- Collapse -
Important: Many anti spyware gives false alarms
by prachan Feb 17, 2006 2:11AM PST

No offence meant at all!Most anti spyware programs like ad aware and ewido are good! I have had a couple of attacks and they did help me a lot! My friend who is a great fan of games brought in a crack file for a popular game(i will not name it!) and installed it in his computer! The moment he opened it ewido warned that a worm attack was tracked down. He was totally disappointed but then he allowed access to the file to see what happened. Nothing happened and the crack file worked(oops???).The moral of the story: no antispyware program is perrrfect!!
Paying a lot of money is simply not worth it since their so called advanced features suck! u can simply download spybot and ad aware free edition and use xp's system restore if something goes terribly wrong!

- Collapse -
hijackers folks no one talks about hijackers
by hothta Feb 16, 2006 9:03PM PST

these nasty things that take over your explorer and or your ''start up'' [ just happens to be the *1 reason i have seen pc's stopped or slowed to a snail] windows has a way in place to remove these nasties but it is not user friendly bring me to one of my favorite anti programs the often overlooked and seldom mentioned
"winpatrol" it is the 1st i install when i'm setting up security it easly removes the startup hijackers and
ie {helpers lol ] without the risk of the window app.
i use all freeware winpatrol, avg for virus,s&d, ad-aware, as manual scans and spywareblaster as back ground

- Collapse -
Spybot Search & Destroy includes Hijackers...
by btljooz Feb 17, 2006 8:39AM PST
Wink
- Collapse -
hijackthis!
by Zippy Feb 17, 2006 8:57AM PST

hijackthis! is the most reliable way to get rid of hijacks.. but you have to know what you are looking for- not for novices in other words Wink

- Collapse -
HiJack This Not For Experts Either
by pmchefalo Feb 18, 2006 12:05AM PST

HJT seems to be a cult. The members repeat the mantras over and over again, and encourage people to clog up bulletin boards with tons of text of the scan logs that Web search spiders reduce to a mish-mash of positive hits, causing the cultists to have high Google ratings. I've never been able to actually understand that anyone succeeds with the damn thing, since the posts go on-and-on repetitively ...

- Collapse -
re:antispyware
by daisy202 Feb 16, 2006 9:32PM PST

An excellent explanation antispyware as well as antivirus protection. Great job!!!

- Collapse -
Clean Boot
by edge_bit Feb 16, 2006 10:22PM PST

The down-and-dirty way to rid your computer of files that you know don't belong there is to do a clean boot, but how are we supposed to do this anymore when MS has all but disabled the ability to make boot diskettes?

The boot diskettes boot into a useless DOS environment with no NTFS support!

Well I've found an answer in a useful utility called Bart PE. It takes the install files from your Windows XP CD (the *.CAB files) and creates an incredibly useful live-boot CD of Windows XP for you with some utilities pre-installed such as network support, a file browser, etc.

It can be found at: http://www.nu2.nu/pebuilder/

- Collapse -
Excellent Tutorial
by hawkeye15 Feb 16, 2006 10:59PM PST

Miguel,

Thanks for the comprehensive, well written tutorial. I am familiar w/ anti-spyware, but your thorough explanation gave me additional useful information. Well done!

- Collapse -
A Sledge Hammer Approach to Spyware
by dnnlgallion Feb 16, 2006 11:16PM PST

I also recommend the freeware ccleaner at www.ccleaner.com to combat spyware. It eliminates much spyware by cleaning out all cookies, internet temporary files, log files, and many other types of temporary files. It has many settings to narrow down the types of files in case you don't want certain types erased.

Donald G. -- Willard, Ohio

- Collapse -
RE: A Sledge Hammer Approach to Spyware
by roylambert Feb 28, 2006 4:26AM PST

Another great FREE program for effectively deleting cookies and temp. Internet files (it does a much better job than Internet Explorer's tool for deleting temp. Internet files) is CleanUp, which can be downloaded at: http://www.stevengould.org/software/cleanup/

For the record, I highly recommend and have each of these on my machine:

Zone Alarm free firewall
Micrososft's new Defender anti-spyware program
Lavasoft's AdAware
Spybot Search & Destroy
Spyware Blaster

Websurfer44

- Collapse -
Routers
by Pajack Feb 16, 2006 11:19PM PST

What, if any, protection against spyware, viruses, etc. does a wireless router provide?

Pajack

- Collapse -
Hey C/Net! Pay this guy!
by johnvaughn Feb 16, 2006 11:52PM PST

No, really.

That had to be the best answer to this subject that anyone could have written.

I've been saying the same, almost verbatim, to my friends or anyone that asked for a couple years.

Yours, Truly,

John
Spring, Texas

- Collapse -
Anti-Spyware
by d.arbib Feb 17, 2006 12:57AM PST

I have used "xoftspy" for a couple of years and it is updated, on avarage, twice a week

Daniel Arbib
London

Back to Computer Help forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info