is a limited
real-time protection tool that monitors certain events and then acts to notify you that these events are taking place rather than prevent specific threats. SpywareGuard will notify you of any event attempt to change the browser Home Page - it makes no judgment on whether the change is good or bad but leaves the decision up to you to allow or deny it. SpywareGuard scans .exe and .cab files (the two most popular file types for distributing spyware) using Signature-based scanning for known spyware and Heuristic/generic detection capabilities to catch new or mutated spyware. A malicious file is blocked before being opened or run and the full path to its executable is provided on the alert screen. Once a spyware file is detected and blocked from running, the options are provided to either continue or to delete the file.
SpywareGuard's strongest protection is its Browser Hijacking Protection
which does not
require constant definition updates (Why is the most recent database update for SpywareGuard dated 2004?
). This is because its detection abilities use a heuristic
(rule-based) engine engine. Normally, for an Anti-Virus product to detect a virus, the virus must have been seen before, analyzed and detection added to the signature update files. Heuristics are used since there are some families of viruses that continually change their appearance and it is not possible to detect every variant. Heuristics allows setting up a defined set of rules so if it looks like a virus, and acts like a virus it can be detected, even if the virus has never been seen before.
SpywareGuard uses this same approach for detecting spyware so even through its an older program, with out-of-date signatures, the heuristics still work at detecting attempted changes to Internet Explorer's Home Page. As such, it is still useful if you don't have another security tool which provides similar protection. If you are using another security program (i.e. Browser Sentinel
, Spy Sweeper, Norton Home Page Protection, SUPERAntispyware, etc) that monitors attempted changes to your browser settings, then SpywareGuard may not be of much use.SpywareBlaster
is a program that restricts the actions of potentially dangerous sites
by adding a list of sites and domains associated with known spyware, advertisers and marketers to the browser's "Restricted Sites Zone". SpywareBlaster also prevents the installation of ActiveX
-based malware, browser hijackers, dialers, and other potentially unwanted software amd blocks tracking cookies
in Internet Explorer and any browsers that use the Internet Explorer engine such as AOL web browser, Avant Browser, Slim Browser and Maxthon (formerly MyIE2) and provides protection for Mozilla Firefox, Netscape, Seamonkey, and Flock.How does SpywareBlaster work
? It adds sites to the restricted zones by adding the domain as a subkey under the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains. A dword is then added to that domain named * and given a hex value of 4 to specify that it is part of the Restricted Sites Zone. More specifically, Spywareblaster sets the "killbit" on the CLSID (Class ID)
of known spyware. Every program has a CLSID that is unique to the type of program. Once Spywareblaster enables (writes) those killbits they are "locked in" and any identified spyware cannot be opened. Spywareblaster writes these killbits in and then stays off until you need to re-write them again with an update. Why is all this important
? Some types of malware are known to alter Trusted Zones, Ranges and ProtocolDefaults set for a browser.
SpywareBlaster also includes the ability to keep encrypted backup copies of the Hosts file
so if its altered by malware infection, you can easily restore a good backup copy. Unlike many other security tools, SpywareBlaster does not run in the background
. Instead it only requires installation and then enabling of all protection. After that you only have to check periodically for database updates using the built-in "Check for Updates
" feature and then enable all protection again.If you have upgraded your browser to Internet Explorer 8 as Microsoft recommends
, the SmartScreen Filter
provides similar but more comprehensive protection by identifying and blocking sites on the web that are distributing malicious software.Javacool's Knowledgebase
provides a variety of articles relating to SpywareBlaster, information about AutoUpdate, Troubleshoot and Tools (which explains the HOSTS file). For any issues or information not addressed, users can also check at the Official Javacool Software Forum
. Information about updates and news can be found at the Javacool Blog
which also provides links to the the online forum and Knowledgebase.
If you are not sure how to use SpywareBlaster, please refer to the How to use SpywareBlaster to protect your computer
tutorial. In addition to explaining how to use the tool, the tutorial covers other built-in tools and features to include:
SpywareBlaster has the ability to take a snapshot, or backup, of certain settings in your browser and your registry. These settings will be saved in a database that is stored in your SpywareBlaster directory. If in the future you make a mistake, or things start acting strange, you can restore your configuration from this backup.
The first step is to click on the System Snapshot button on the left. If this is your first time using it, you will want to create a snapshot of your system. You should select the radio button that is labeled Create new System Snapshot and press the Go button. Give the snap shot a name that you will remember and make sure the Append date + time to the end of the snapshot name checkbox is checked. When this is done, press the Create Snapshot button to continue. SpywareBlaster will then save the settings on your computer into a database. When it is done you can press the Finish button.
In the future, if you want to restore this backup you can choose the System Snapshot section and then select the radio button for Restore System to Saved Snapshot Point and press the Go button. You should click once on a snapshot to select it and then press the Next button. If there were any changes from your current settings compared to the ones saved in the snapshot, it will notify you and give you the option to restore them. Otherwise it will tell you there was no difference in your current settings to the ones in the snapshot.
Note: If you use Spybot, SpywareBlaster, IE-SPYAD for ZonedOut or other security tools with similar features together, there is some overlap of protection. Each one offers a different list but they are not completely identical. Thus, if you undo or disable the protection in one product, it may remove some of the protection installed by the other. You should re-immunize or re-enable the protection in each tool as appropriate.
The tools sections contains 5 different tools that you can use on your computer. For most people the only tool I recommend is the Hosts Safe tool. The other tools can cause other Spyware removal tools to view it as a modification made by a Hijacker and should be only used by advanced users.
IE Browser Pages: This tool allows you to change various Browser Pages such as your default Blank Page, or the default search page. Unless you know what you are doing it is recommended that you leave this alone.
Misc IE Settings: This allows you to disable the Internet Tools control panel in your Windows Control Panel. I would leave this unchecked unless you have a good reason. The other option lets you change the text next to the web pages title in your browser windows and is just for cosmetics.
Hosts Safe: This tool is one that I recommend that most users use at least once. This will back up your HOSTS file, which is commonly used by Hijackers, to an encrypted file that can be restored from at a later date. Please use this tool at least once so that you have an available backup.
Flash Killer: This will disable Flash files from being run within your browser. Unless you will never need to use Flash, I would suggest you not use this option as many legitimate sites use flash.
Custom Blocking: This allows you to add custom ActiveX CLSID's that you want to block from running on your computer. This tool should only be used by an advanced user.
Edited by quietman7, 12 April 2011 - 06:48 AM.