Wednesday, November 3, 2010
Best Free Adware-Spyware-Scumware Remover
Introduction
It's been some time since my last round of testing, and the time has certainly come for a refresher. Adopting much the same approach as previously, I have been asked if there were any surprises, and the honest answer is yes, there have. The most significant surprise was how difficult I was finding it to infect my system in the first place. After three hours of browsing, deliberatley choosing websites and domains where infection was almost a prerequisite, I had nothing, and it was only after investigating various system settings that I found out why.
For those looking for the technical "how I did it", I once again started with a clean install of XP SP2 on a virtual machine, patched with the necessary microsoft updates. I deliberately did not upgrade to SP3. Having gotten my clean install, I backed it up, and then went off to infect it. Before doing so I downloaded installation packages for those on test, and once I had my machine infected, I backed up the infected machine. I restored the original infected machine to test each product, ensuring a level playing field for each test. Finally, I did incremental scans with each product on the same infected system.
Discussion
So, the question is why was it so hard for me to get my machine infected in the first place, and having identified the "problem", my top recommendation is not an anti-malware product, and doesn't even involve a download or a scan of any type. It doesn't offer any form of protection on your PC, but it will help enormously against infection in the first place.
What is this magic solution? For some time, I have been using OpenDNS as my DNS server, rather than my ISPs own offering. I hadn't realised how pro-active OpenDNS is in the fight against drive by malware protection. Quite simply, every time I tried to visit a site guaranteed to infect me, it was simply shown as not found. During normal browsing sessions you never see this, and so it took me a while to realise the cause. Only after switching back to my ISP hosted DNS was I able to find the infections that I craved. Requiring only a quick, free registration and simple confirguration change, you improve your protections considerably.
Having made that recommendation, it is still possible to infect your system, either running software that may spread infection, or visiting sites that may not be in OpenDNS blacklist, and whilst an excellent first line of defence, local protection is still a must.
Top of the list once again is SuperAntiSpyware, which successfully detected and cleaned 121 threats on my test system. A fairly lightweight download and simple installation (5.99 MB) mean that this is not a burdensome product. If anything, the general package, whilst aesthetically similar, is improved since last time, managing to detect and clean after a single scan rather than the two scans required last time. A reboot to complete cleaning was still required, though this is a minor inconvenience, and required by most packages. If I had to raise a critisicm, it's that the freeware version still installs a startup item which doesn't actually do anything at all. In the paid version, it loads the always on protection which is not available in the freeware version. This minor annoyance aside, it remains my top recommendation.
Promoted this time to joint second place is A-Squared free edition, and let me be very clear that it is ONLY the free edition that I am able to recommend. A-Squared was able to identify just 43 infections, though some of the more serious threats identified by SAS were included in these. If we disregard tracking cookies, then the margins narrow. However, detection rate is only half the battle, and unfortunately A-Squared was unable to automatically clean some of the more virulent infections found itself. Nevertheless, it helpfully provides a link to forums for manual removal instructions.
The downside of A2 is the download size, being a huge 54.2 MB, immediately followed by a further 20MB updates. Anyone on restricted bandwidth or dial up may be advised to look elsewhere, but for an average broadband connection this should not be a factor.
As mentioned, I can only recommend the freeware version. During testing I inadvertently downloaded the full version of A2, which runs in evaluation mode for 30 days. Strangely, the full version hung on the scan during each test (though the program itself didn't crash), which is a particular worry.
Sharing the second place spot is MalwareBytes AntiMalware. MBAM caused me considerable problems initially, being one of two programs that had been actively bocked from running by one of the nasties I had picked up. Only after renaming the main executable, and running it in safe mode was I able to proceed. This initial scan found 19 infections and managed to clean them sufficently that when I rebooted I was able to run the program in a normal environment. I updated the program and ran a full scan, which found a further 8 infections, bringing the total to 27. Where MBAM did better than other products on test was it's ability to remove hijacked DNS entries (which forced redirection of links from popular search engines to less productive sites).
Separating A2 and MBAM is almost impossible. I found them to be on a par with each other regarding their scans, but both require a technical proficiency that many may not posses; A2 requires manual removal of many threats, whilst MBAM forced me to jump through hoops to get it working.
PCTools SpywareDoctor SE also performed well in scanning, finding 24 threats (excluding cookies). Unfortunately, cleaning the system proved more problematic. Despite reporting successful cleansing, SD failed to terminate processes already running, and did not in fact clean some of the more annoying infections. It would also be useful if SD prompted a reboot after cleansing, though it did not do this, and only experience dictated that this would be a good idea.
SD does, however, include real time protection, which most other products don't, and this protection did block those infections that it had failed to clean. Nevertheless, a further scan and clean with SAS was needed to fully clean my test system. A fine effort, but sadly falling short of the mark. Do note that the free version is no longer available from the PCTools website. It can be obtained as part of the google pack, or from here.
Old timer Ad-Aware, coming in at 35.7MB performed reasonably, if not exceptionally, finding a further 24 infections even after cleaning with A-squared, 4 of which represented real threats, whilst the remaining 20 were cookies.
Doing less well in on demand tests were Spybot S&D, Spyware Terminator and The Cleaner 2010. Spybot was the other program that was actively blocked from running, and nothing I tried could overcome this. It does come with an on demand file scanner which can be run from the command line and set to scan your entire drive. However, after letting this run for over an hour and noting that progress had barely touched my relatively small installation system (2.1 Gb) I cancelled. It would take an age to complete the scan, and would only examine files. Registry entries and services would be left untouched. Spyware Terminator found just 3 threats, and The Cleaner 2010 found absolutely none.
Arovax Shield is still in development, and starting to mature, though there are still bugs to be ironed out. For example, once installed, and after the obligatory reboot to enable it to start it's services, it immediately complained that it could not find Firefox. This is no surprise since FF was not installed on the test system, though I fail to see why it should prevent it from doing it's job. Maybe as time progresses this will become more viable, but in my opinion it isn't quite there yet.
And so that leads us to my standard "other recommendations". Internet Explorer has now reached version 8, which I am sure will become the most prolific web browser before too long, and as such will be the most heavily targetted. I stand by previous recommendations that an alternative browser (of which there are many free ones these days, including Firefox, Opera, Google Chrome and Safari) will offer a safer browsing experience.
And in order to shut the door after the horse has bolted, there is still little more useful that HiJack This, which is still a tool requiring expert help, but can be invaluable in helping to clean an infected system. Fortunately, the expert help is still only a forum away.
An infected system. None of these windows is a desirable application.
And as always, let common sense guide you. Don't run a program from an untrusted source, and don't visit websites where infection is likely. You should also beware of popups from programs that you haven't installed, some of the fake anti-spyware I managed to pick up in my browsing sessions was surprisingly convincing. Remember, sometimes malware will scream into your face that it is there (see pic, not a genuine window amongst them). It will just not tell you what it really is.
source :
http://www.techsupportalert.com/