Spyware Detection / Prevention

Just a quick question, now that I’m back in the forums… I’ve been using AOL Anti-Spyware for some time now and it’s a major drag on my resources but I though it was fairly good. Unfortunatley, when I did a scan with ad-aware there were several Data Miner’s in my registry. I’ve had a couple of tries of the latest beta but have a question. Does CAVS Detect / Protect my computer from Registry Spyware? Any idea how it gets there in the first place and how to protect it with either CAVS or another free program?

Thanks for your help and advice.

ERic

Eric,

Here’s a product that very specifically guards your registry:

http://www.diamondcs.com.au/index.php?page=regprot Diamond CS has a number of free useful products besides RegProt.

I personally use Spybot Search & Destroy, Spyware Blaster for resident scanning/removal (but I rarely find anything). Firefox w/CookieSafe, NoScript, and all Data cleared on close seem to filter out most junk. (that, and being careful/paranoid about where I go and what I download…) :smiley:

I’ve never been very clear on exactly what AdAware is calling a “Data Miner” as it obviously applies that name to cookies… ???

I know that CAVS has always been focused on “malware” versus standard “virus” or “spyware” names/definitions; with the new HIPS feature, the protection is thus greatly increased.

That may not directly answer your question, but I hope it helps…

LM

That pretty much answers my question. I’m just trying to keep my home laptop as secure a possible but without using all my resources. Does CAVS catch most malware with the latest Beta? AOL ASP is such a drain on the system, I’m just finding the right solution. CPF is absolutely the best Firewall but it’s the malware stuff I’m now worried about. I suppose CAVS latest beta does have HIPS and I know it’s a lot about prevention rather than detection. I just think my mind would be further at ease if it could be confirmed that CAVS catches 100% viruses in the wild like so many other Antivirus have certifications for.

Eric

Eric,

I personally don’t know what CAVS’ percentages are. My understanding is that it’s not at full strength yet, still being a Beta, although with HIPS that may be different. I will tell you, anything new triggers HIPS, as best I can tell.

And yes, I think it’s probably more about Prevention than Detection/Removal. If you stop it from getting on your machine in the first place, then you don’t need to try to get rid of it…

However, I don’t think that anything is 100% in that respect - not prevention, not detection. Just my opinion. I think the companies that claim that are either overconfident, or intentionally deceptive. There are too many variables to be able to say 100%.

If it wasn’t problematic to run multiple AV programs, or multiple HIPS programs, I would do so. I think a reasonable solution is to run a respected resident AV program that does email/on-access/on-demand/scheduled scans (but I’d personally skip Norton or McAfee), combined with a respected AS program or two, and a HIPS (like Prevx1, SSM, etc) if the AV doesn’t encompass that. Follow up with nonresident (Trend Micro’s Housecall, VirusTotal, etc) and rootkit (Rootkit Revealer, GMER, etc) scanning on a regular basis.

If your browser and email client won’t run scripts/active x/etc, and clears all data cached when closing, this should stop a lot of the junk from the start (in other words, use something besides MS’s browser/email…). HIPS-type programs should stop undesired changes from occurring. On-Access & Email scanning by your AV, combined with daily/weekly scheduled scans by AV & AS should find anything that’s been missed. Back that up with the nonresident, and rootkit scanning, you should catch pretty much all of it. A firewall that’s effective (ie, CPF) will stop anything from getting out (and it’s soon to have a HIPS, too, in addition to the ABA it already has).

100%? I still don’t think it’s possible, but you should be pretty darn close. Many years ago I got a header-embedded email virus using Outlook Express, and could not get rid of it. I didn’t have AV installed, and when I did, the virus ate the AV before I could get it updated so it could catch and stop the virus. I ended up wiping my HD and starting over. With paranoia! I’ve learned a lot since then, and have a level of confidence in my protection. The enemy changes daily, and the protection tries to keep up; we have to be able to function, so a balance is what I look for.

LM

Mac is right, eric - the only things that are 100% right are our wives! :wink:

ewen :slight_smile: