Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Spyware Guard Is it bad or good?

  • Please log in to reply
3 replies to this topic

#1 rlight


  • Members
  • 257 posts
  • Gender:Male
  • Location:Washington State
  • Local time:08:09 AM

Posted 11 April 2011 - 08:27 PM

I have read various discussions regarding Spyware Guard. Several people have stated that it is a fake. Is this true?


BC AdBot (Login to Remove)


#2 Animal


    Bleepin' Animinion

  • Members
  • 35,905 posts
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:09 AM

Posted 11 April 2011 - 09:24 PM

It is by Javacool Software, the same group who makes SpywareBlaster. However it is an older application and it was never tested on anything beyond XP.

SpywareGuard works on Windows 98, ME, NT, 2000, XP. Not tested on Vista.

There are much more up to date products out there to use.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)

A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)

"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 rlight

  • Topic Starter

  • Members
  • 257 posts
  • Gender:Male
  • Location:Washington State
  • Local time:08:09 AM

Posted 11 April 2011 - 11:03 PM

I appreciate your response. I have been running Spyware Blaster on two of my computers as part of my spyware security. We primarily use Mozilla on Windows 7. I understand that Spyware Blaster is one of the best spyware blockers. Would you agree?


Edited by rlight, 11 April 2011 - 11:04 PM.

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,090 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:09 AM

Posted 12 April 2011 - 06:41 AM

SpywareGuard is a limited real-time protection tool that monitors certain events and then acts to notify you that these events are taking place rather than prevent specific threats. SpywareGuard will notify you of any event attempt to change the browser Home Page - it makes no judgment on whether the change is good or bad but leaves the decision up to you to allow or deny it. SpywareGuard scans .exe and .cab files (the two most popular file types for distributing spyware) using Signature-based scanning for known spyware and Heuristic/generic detection capabilities to catch new or mutated spyware. A malicious file is blocked before being opened or run and the full path to its executable is provided on the alert screen. Once a spyware file is detected and blocked from running, the options are provided to either continue or to delete the file.

SpywareGuard's strongest protection is its Browser Hijacking Protection which does not require constant definition updates (Why is the most recent database update for SpywareGuard dated 2004?). This is because its detection abilities use a heuristic (rule-based) engine engine. Normally, for an Anti-Virus product to detect a virus, the virus must have been seen before, analyzed and detection added to the signature update files. Heuristics are used since there are some families of viruses that continually change their appearance and it is not possible to detect every variant. Heuristics allows setting up a defined set of rules so if it looks like a virus, and acts like a virus it can be detected, even if the virus has never been seen before.

SpywareGuard uses this same approach for detecting spyware so even through its an older program, with out-of-date signatures, the heuristics still work at detecting attempted changes to Internet Explorer's Home Page. As such, it is still useful if you don't have another security tool which provides similar protection. If you are using another security program (i.e. Browser Sentinel, Spy Sweeper, Norton Home Page Protection, SUPERAntispyware, etc) that monitors attempted changes to your browser settings, then SpywareGuard may not be of much use.

SpywareBlaster is a program that restricts the actions of potentially dangerous sites by adding a list of sites and domains associated with known spyware, advertisers and marketers to the browser's "Restricted Sites Zone". SpywareBlaster also prevents the installation of ActiveX-based malware, browser hijackers, dialers, and other potentially unwanted software amd blocks tracking cookies in Internet Explorer and any browsers that use the Internet Explorer engine such as AOL web browser, Avant Browser, Slim Browser and Maxthon (formerly MyIE2) and provides protection for Mozilla Firefox, Netscape, Seamonkey, and Flock.

How does SpywareBlaster work? It adds sites to the restricted zones by adding the domain as a subkey under the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains. A dword is then added to that domain named * and given a hex value of 4 to specify that it is part of the Restricted Sites Zone. More specifically, Spywareblaster sets the "killbit" on the CLSID (Class ID) of known spyware. Every program has a CLSID that is unique to the type of program. Once Spywareblaster enables (writes) those killbits they are "locked in" and any identified spyware cannot be opened. Spywareblaster writes these killbits in and then stays off until you need to re-write them again with an update. Why is all this important? Some types of malware are known to alter Trusted Zones, Ranges and ProtocolDefaults set for a browser.

SpywareBlaster also includes the ability to keep encrypted backup copies of the Hosts file so if its altered by malware infection, you can easily restore a good backup copy. Unlike many other security tools, SpywareBlaster does not run in the background. Instead it only requires installation and then enabling of all protection. After that you only have to check periodically for database updates using the built-in "Check for Updates" feature and then enable all protection again.

If you have upgraded your browser to Internet Explorer 8 as Microsoft recommends, the SmartScreen Filter provides similar but more comprehensive protection by identifying and blocking sites on the web that are distributing malicious software.

Javacool's Knowledgebase provides a variety of articles relating to SpywareBlaster, information about AutoUpdate, Troubleshoot and Tools (which explains the HOSTS file). For any issues or information not addressed, users can also check at the Official Javacool Software Forum. Information about updates and news can be found at the Javacool Blog which also provides links to the the online forum and Knowledgebase.

If you are not sure how to use SpywareBlaster, please refer to the How to use SpywareBlaster to protect your computer tutorial. In addition to explaining how to use the tool, the tutorial covers other built-in tools and features to include:

System Snapshot
SpywareBlaster has the ability to take a snapshot, or backup, of certain settings in your browser and your registry. These settings will be saved in a database that is stored in your SpywareBlaster directory. If in the future you make a mistake, or things start acting strange, you can restore your configuration from this backup.

The first step is to click on the System Snapshot button on the left. If this is your first time using it, you will want to create a snapshot of your system. You should select the radio button that is labeled Create new System Snapshot and press the Go button. Give the snap shot a name that you will remember and make sure the Append date + time to the end of the snapshot name checkbox is checked. When this is done, press the Create Snapshot button to continue. SpywareBlaster will then save the settings on your computer into a database. When it is done you can press the Finish button.

In the future, if you want to restore this backup you can choose the System Snapshot section and then select the radio button for Restore System to Saved Snapshot Point and press the Go button. You should click once on a snapshot to select it and then press the Next button. If there were any changes from your current settings compared to the ones saved in the snapshot, it will notify you and give you the option to restore them. Otherwise it will tell you there was no difference in your current settings to the ones in the snapshot.

Tools Section
The tools sections contains 5 different tools that you can use on your computer. For most people the only tool I recommend is the Hosts Safe tool. The other tools can cause other Spyware removal tools to view it as a modification made by a Hijacker and should be only used by advanced users.

IE Browser Pages: This tool allows you to change various Browser Pages such as your default Blank Page, or the default search page. Unless you know what you are doing it is recommended that you leave this alone.

Misc IE Settings: This allows you to disable the Internet Tools control panel in your Windows Control Panel. I would leave this unchecked unless you have a good reason. The other option lets you change the text next to the web pages title in your browser windows and is just for cosmetics.

Hosts Safe: This tool is one that I recommend that most users use at least once. This will back up your HOSTS file, which is commonly used by Hijackers, to an encrypted file that can be restored from at a later date. Please use this tool at least once so that you have an available backup.

Flash Killer: This will disable Flash files from being run within your browser. Unless you will never need to use Flash, I would suggest you not use this option as many legitimate sites use flash.

Custom Blocking: This allows you to add custom ActiveX CLSID's that you want to block from running on your computer. This tool should only be used by an advanced user.

Note: If you use Spybot, SpywareBlaster, IE-SPYAD for ZonedOut or other security tools with similar features together, there is some overlap of protection. Each one offers a different list but they are not completely identical. Thus, if you undo or disable the protection in one product, it may remove some of the protection installed by the other. You should re-immunize or re-enable the protection in each tool as appropriate.

Edited by quietman7, 12 April 2011 - 06:48 AM.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users