The Latest Trumors, by Beverly Rosenbaum

Malware Outpaces Removal Tools

I’ve long believed that PC users cannot successfully fight adware and spyware with just a single removal tool, and instead I’ve recommended using several applications for that purpose.

Now a thorough test conducted recently confirms that no single program can do an adequate job of detecting and removing the malware found on your PC. Eric Howes, a graduate student at the University of Illinois at Urbana-Champaign and a researcher well known to PC security experts, tested 21 applications and found that the percentage of malware detected by most of these programs was unacceptable. The best of the lot, Giant Software’s AntiSpyware, was able to catch 63%, while the nearest competitor, Webroot Spy Sweeper, removed less than 50% of them. Shortly after the test was completed, Microsoft announced that it had purchased Giant AntiSpyware. However, the results of this comprehensive test do not include the newer Microsoft beta product now available.

The beta Microsoft product requires Internet Explorer 6 and Windows 2000 or XP. The 6 MB installation file can be downloaded from www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en. There are known issues with enterprise administration tools and an incompatibility with Windows Media Center Extender. When installed on a computer running Windows XP Media Center Edition 2005, Windows Media Center Extender will not be able to establish a remote connection. Users of the previous Giant Company product are advised to continue using that version until their subscription ends.

Eric Howes maintains several web sites with excellent information and links for PC users. At spywarewarrior.com/asw-test-guide.htm, he has posted the complete results of his testing, and at netfiles.uiuc.edu/ehowes/www/main-nf.htm are links to the very best applications related to privacy and security.

While Howes didn’t actually publish a specific conclusion with his extensive test data, the bottom line, so succinctly explained by Brian Livingston in his Windows Secrets Newsletter, is that adware is evolving faster that anti-adware. You can read that issue in its entirety at windowssecrets.com/050127/. Some products even reported false positives, benign Windows files that were incorrectly reported as adware. Livingston then compiled Howes's raw data into a new table showing the removal rate of the best application, Giant AntiSpyware, in conjunction with each of the other tested products. According to this analysis, combining Giant AntiSpyware with each of 15 other products yielded a higher percentage of detection. Adding Webroot Spy Sweeper increased the rate to 70%, the second highest with Ad-Aware SE Personal edition was 69%, and the combination with Spybot Search and Destroy found and fixed 67% of the problems. The combination previously recommended by me (Ad-Aware and Spybot) removed only 54%. These solutions are simply not good enough.

So what should you do?

I still believe multiple solutions are the best approach, and now recommend that you also block known bad sites using a utility like Javacool Software’s free SpywareBlaster (www.javacoolsoftware.com/spywareblaster.html). You can read more about ad blocking resources on another part of Howes’ web site at https://netfiles.uiuc.edu/ehowes/www/resource.htm. If you’re having trouble determining whether a product is reliable or not, see the list of rogue products at www.spywarewarrior.com/rogue_anti-spyware.htm#background.

You can easily reach links to good applications by visiting HAL-PC’s home page (www.hal-pc.org) image

 and clicking on the “Protect Your PC Page” link to reach www.hal-pc.org/support/safety.html, where you’ll find links provided by the HALNet support team for recommended anti-virus programs, anti-spyware and anti-adware programs, firewalls and other security programs.

These Facts Will Shock You

In another report published by the non-profit National Cyber Security Alliance (www.staysafeonline.info), the following information was collected from 329 users (194 dialup and 135 broadband users in 22 cities from a dozen states, including Houston) and revealed an incredible perception gap.

  • 77% of home computers are believed to be safe from on-line threats, but
  • 67% of them lack current anti-virus software, 15% had none at all, and 20% are actually infected with virus,
  • 80% of home computers are infected with Spyware/Adware, and 89% of those didn’t even know it, and
  • 67% of all the users had no firewall protection, and half of the broadband users lacked a firewall.
  • More than 50% of the users were confused about what protections they should have and how to use them.
  • 75% or more of the respondents used their home computers for banking transactions or to store sensitive health or financial records.
  • Less than 20% used parental control software for their children, only 4% with broadband connections.

A Vicious Circle

According to Howes, companies stealthily load spyware by using elaborate tricks to hide component files on computers. This causes anti-spyware tools to miss some critical files in the scanning process, including executable files (.EXE or .COM), dynamic link libraries (.DLL), BHO (Browser Helper Object)-related registry entries, toolbar-related registry entries and auto-start Registry entries. So programs that were supposedly deleted by the scanners can simply be reinstalled by the remaining undetected files. He even discovered that in some cases the removal process didn’t occur because one of the installed programs prevented the anti-spyware scanners from running on reboot, which is a common method used by those scanners to complete the removal process of stubborn spyware and adware that remain in memory on a PC.

Other reliable reference sites include Andrew Clover’s list of unwanted software at www.doxdesk.com/parasite/, CounterExploitation (cexx.org/adware.htm), Kephyr.com (www.kephyr.com/), PestPatrol (www.pestpatrol.com/), Spyware Guide (www.spywareguide.com/) and Benjamin Edelman’s www.benedelman.org/.

The Bottom Line

To prevent infection with adware/spyware, you should use two or more scanners in combination, because their coverage is overlapping -- each one will detect and remove some things that the others do not. And apparently the more expensive programs aren't necessarily better than the free versions.

Last month the Windows Secrets Newsletter introduced their security baseline, the 6 components that they believe are required for every PC to maintain protection against hacker attacks:

  1. A hardware firewall
  2. A software firewall
  3. Antivirus program
  4. Antispam program
  5. Anti-adware – combination of several programs
  6. Update management

In case you haven’t noticed, the struggle to prevent malware is a never-ending battle.

Beverly Rosenbaum, a HAL-PC member, is a 1999 and 2000 Houston Press Club “Excellence in Journalism” award winner. She can be reached at trumors@hal-pc.org.