Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spyware blaster or super anti spyware


  • Please log in to reply
4 replies to this topic

#1 ashmash132

ashmash132

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 19 November 2009 - 11:22 AM

Hello to all of you.

I request to provide some light on the following.

I have AVAST Home Addition installed on my PC. I regularly update and use Malware Bytes and cclener.

Recently while reading "how did I get infected" on Geeks-to-go I came across a number of spyware programes namely "SPYWARE BLASTER" "SUPER ANTI SPYWARE" "SPYWARE GUARD".

I downloaded and installed spyware blaster.

I wish to know which one of the above mentioned anti-spywares have good detection and protection mechanism. Should I installed all the three or only one? If possible can the best one be prescribed?

Further which firewall should be installed? Is it really required?

Also installing so much of above security programmes, will they adversly affect the performance of the system? ( I have winxp professional service pack 2, 40 GB HDD, 750 MB RAM)

Thanks for taking pains in providing the valuable information.

Manoj

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:34 PM

Posted 20 November 2009 - 10:03 AM

SpywareBlaster is a program that blocks spyware tracking cookies in Internet Explorer and any browsers that use the Internet Explorer engine, including: AOL web browser, Avant Browser, Slim Browser and Maxthon (formerly MyIE2). It also provides protection for Mozilla Firefox, Netscape, Seamonkey, and Flock. SpywareBlaster restricts the actions of potentially dangerous sites by adding a list of sites and domains associated with known spyware, advertisers and marketers to the browser's "Restricted Sites Zone" and prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Some types of malware are known to mess with Trusted Zones, Ranges and ProtocolDefaults set for a browser.

How does SpywareBlaster work? It adds sites to the restricted zones by adding the domain as a subkey under the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains. A dword is then added to that domain named * and given a hex value of 4 to specify that it is part of the Restricted Sites Zone. More specifically, Spywareblaster sets the "killbit" on the CLSID (Class ID) of known spyware. Every program has a CLSID that is unique to the type of program. Once Spywareblaster enables (writes) those killbits they are "locked in" and any identified spyware cannot be opened. Spywareblaster writes these killbits in and then stays off until you need to re-write them again with an update.

Unlike many other security tools, SpywareBlaster does not run in the background. Instead it only requires installation and then enabling of all protection. After that you only have to check periodically for database updates using the built-in "Check for Updates" feature and then enable all protection again.

Note: If you use Spybot, SpywareBlaster and IE-SPYAD for ZonedOut together, there is some overlap of protection. Each one offers a different list but they are not completely identical. Thus, if you undo or disable the protection in one product, it may remove some of the protection installed by the other. You should re-immunize or re-enable the protection in the other products as appropriate.

SpywareGuard is a limited real-time protection tool that monitors certain events and then acts to notify you that these events are taking place rather than prevent specific threats. SpywareGuard will notify you of any event attempt to change the browser home page - it makes no judgment on whether the change is good or bad but leaves the decision up to you to allow or deny it.

SpywareGuard scans exe and cab files (the two most popular file types for distributing spyware) using Signature-based scanning for known spyware and Heuristic/generic detection capabilities to catch new/mutated spyware. A malicious file is blocked before being opened or run and the full path to its executable is provided on the alert screen. Once a spyware file is detected and blocked from running, the options are provided to either continue or to delete the file.

SpywareGuard does not require constant definition updates because its detection abilities use a heuristic (rule-based) engine engine. Normally, for an Anti-Virus product to detect a virus, the virus must have been seen before, analyzed and detection added to the signature update files. Heuristics are used since there are some families of viruses that continually change their appearance and it is not possible to detect every variant. Heuristics allows setting up a defined set of rules so if it looks like a virus, and acts like a virus it can be detected, even if the virus has never been seen before. SpywareGuard uses this same approach for detecting spyware. Further, SpywareGuard's strongest protection is its Browser Hijacking Protection, which does not require any sort of definition updates. The last update was 1/22/04.

SUPERAntiSpyware Free does not provide real-time protection or scheduled scanning so there is no need for it to run at startup. I recommend to disable startup and use it as a separate stand-alone on-demand scanner. A purchased upgrade to the "Professional" version is required before those options can be activated. SUPERAntiSpyware Professional offers a 15-day fully functional free trial where you can try all features unrestricted. See SUPERAntiSpyware Free vs Pro Comparison Features. IMO MBAM is more effective for real-time protection.

I recommend taking advantage of the Malwarebytes Anti-Malware Protection Module which uses advanced heuristic scanning technology to monitor your system and provide real-time protection to prevent the installation of most new malware. This technology monitors every process and stops malicious processes before they can infect your computer. Enabling the Protection Module feature requires reqistration and purchase of a license key that includes free lifetime upgrades and support. After activation, Malwarebytes can be set to update itself and schedule scans automatically on a daily basis. The Protection Module is not intrusive as it utilizes few system resources and should not conflict with other scanners or anti-virus programs.

Choosing a security toolkit with anti-virus, firewall and anti-malware programs is a matter of personal preference, your technical ability and experience, features offered, the amount of resources utilized, how it may affect system performance and what will work best for your system. A particular combination that works well for one person may not work as well for another. There is no universal "one size fits all" solution that works for everyone. You may need to experiment and find what is most suitable for your needs. Another factor to consider is whether you want to use paid for products or free alternatives.

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

As a general rule, using more than one anti-spyware program like Malwarebytes' Anti-Malware, SuperAntispyware, Spybot S&D, Ad-Aware, etc will not conflict with each other or your anti-virus if using them as stand-alone scanners. In fact, doing so increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system that can occur when using more than one anti-virus. The overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware. However, if using any of their real-time resident shields (TeaTimer, Ad-Watch, MBAM Protection Module, Spyware Terminator Shields, etc) together at the same time, there can be conflicts when each application tries to compete for resources and exclusive rights to perform an action. Additionally, competing tools may even provide redundant alerts which can be annoying and/or confusing. Keep in mind that you can overkill a system with resource heavy security programs that will slow down performance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 ashmash132

ashmash132
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 21 November 2009 - 12:21 AM

Hello.

A very very good information putting light on most and essential aspects of security.

Thanks a lot Mr. quiteman7.

Manoj.

#4 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 PM

Posted 21 November 2009 - 01:47 AM

My personal belief on firewalls is that they are necessary and a third party one is best as they provide outbound protection, that you can control, which I believe is a must. Not only can they stop an infected computer from sending out information, they also give you control over what windows programs and other programs are allowed out. I do not like Windows or any program "calling home" or just updating whenever they feel like it, so I do not let them bypass the lock on my firewall.

I have used ZoneAlarm firewall, as well as their antivirus program, for many years and love it. The paid version of the firewall come with an operating system firewall which I find to be a great plus.

Btw, one of the reasons I believe a firewall is so important comes from looking at the logs of my firewall. I am connected to the internet 24/7 and in just a 24 hour period I usually have around 70 attempts into my computer, from unknown computers, that are blocked by my firewall. I would never connect to the internet without a firewall

Edited by Stang777, 21 November 2009 - 02:02 AM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:34 PM

Posted 21 November 2009 - 09:03 AM

The goal of the firewall is to prevent remote computers from accessing yours and provide notification of any unrequested traffic that was blocked along with the IP address. keep in mind however, that a firewall is not a panacea to solve all of your security problems. If you will open ports through your firewall to allow access to an infected machine, then the firewall is no longer relevant.

If your firewall provides an alert that indicates it has blocked access to a port but does not necessarily mean your system has been compromised. Firewall alert messages are a response to unrequested traffic from remote computers. The alert means that your firewall has blocked an attempt from an external host to access a port on your computer that is commonly used by a trojan. Even if the port is open, the alert message indicates that your firewall has blocked the attempt to access it. These alerts are often classified by the network port they arrive on and allow you to see the activity of what is happening on your firewall. The alerts allow the firewall to notify you in various ways about possible penetration and intrusion attempts on your computer.

It is not unusual for a firewall to provide numerous alerts regarding such attempted access. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Your firewall is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts. However, not all unrequested traffic is malevolent. Even your ISP will send out regular checks to see if your computer is still there, so you may need to investigate an attempted intrusion.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users