Best Anti-Spyware Scanner

[G1111]

Which has better detection rates SUPERAntispyware, SpyBot S&D or Ad-Aware?

[EliteKiller]

SAS by a long shot. Spybot & AAW have lackluster detection rates, and AAW is the inferior of the two.

[G1111]

Quote:

Originally Posted by EliteKiller

SAS by a long shot. Spybot & AAW have lackluster detection rates, and AAW is the inferior of the two.

Thanks for the response. I dropped Ad-Aware as I didn't want to go with the new version that adds a service that is always running. Also dropped Spybot but was reconsidering. I do have free version of SAS along with KAV. I read somewhere else that SpyBot and Ad-Aware have not really kept up with the times, but wanted some more opinions.

[the Tester]

I agree,Spybot and AdAware have fallen behind the last few years.
SAS free is highy regarded.

[fcukdat]

SAS by a long way.

If we leave aside taget databases and frequency of updates for the moment and concentrate on underhood scanning engine differences.

When AA and SSD stuggle to remove identified pests(as seen in their help forums/security forums)it is because they can flag the active code whilst it is loaded into memory.The reinfection is caused by their inability to unpack the packed malware files that are sat on the HD to affect a positive detection and subsequently affect a definite *kill* to them.

I believe SAS absolutely smokes them for unpacking capabilities or a least scope(number) of packers it can unravel.

Next up SAS has for sometime used DKOM scanning technology which has given it the edge on all its rivals with reguards rootkit malware detection and removal,neither AA or SSD could even get close to this level of *deep* scanning into ring0 and this is why SAS roasted them on kernel mode trojan detction & removal.

Mind you SAS free is about to ramp it up another notch on all the fellow ASW/AT's
shortly

As far as i'm aware shortly to be released is the first free or payfor botkiller utilizing DDA

Quote:

Direct Disk Access (DDA) technology bypasses all of the Windows API/Kernel

IMHO SAS free is putting more distance between itself and its rivals in the technology stakes(under the hood)

[RCGuy]

Quote:

Originally Posted by G1111

Thanks for the response. I dropped Ad-Aware as I didn't want to go with the new version that adds a service that is always running....I read somewhere else that SpyBot and Ad-Aware have not really kept up with the times, but wanted some more opinions.

I'm not sure about Spybot(even though I use it because it was recommended by another computer help forum), however, I heard that older versions of Ad-Aware were better and I also had the hassles with the newer version of Ad-Aware and uninstalled it and found a site where I was able to install older version 1.06 which I like much better.

BTW, I think that the best anti-malware scanner is a-squared. However, there's an anti-tracking cookie program that I think is even better, but I'm going to start another thread about it because I have a few questions about it.

[Stijnson]

Quote:

I'm not sure about Spybot(even though I use it because it was recommended by another computer help forum), however, I heard that older versions of Ad-Aware was better and I had the hassles with the newer version of Ad-Aware and uninstalled it and found a site where I was able to install version 1.06 which I like much better.

Please keep in mind that you will only be able to keep using this version of Ad-Aware until December 31st 2007. Than all support and updates for this version will end.

[RCGuy]

Quote:

Originally Posted by Stijnson

Please keep in mind that you will only be able to keep using this version of Ad-Aware until December 31st 2007. Than all support and updates for this version will end.

I didn't know that. Thanks.

[lucas1985]

Quote:

Originally Posted by fcukdat

As far as i'm aware shortly to be released is the first free or payfor botkiller utilizing DDA

Normal disk scanning = talk to filesystem driver. Classic AV technology.
Raw disk scanning = talk to disk driver. SAS, some AVs, RkU, etc.
Direct disk access =
Wow, I'm impressed

[fcukdat]

Quote:

Originally Posted by lucas1985

Normal disk scanning = talk to filesystem driver. Classic AV technology.
Raw disk scanning = talk to disk driver. SAS, some AVs, RkU, etc.
Direct disk access =
Wow, I'm impressed

Both current SAS and discontinued RKU are using DKOM which is a different beastie to raw disk reading.

DDA=raw disk reading

Quote:

Raw disk scanning actually doesn't use, nor rely, on a filesystem driver - it involves reading the FAT or MFT and parsing it manually and directly accessing the disk at the sector level

IRC only 2 AV's(Symantec10/Kaspersky) have achieved raw disk read technology in their software todate.No antitrojan or botkiller as of yet....

Attached is sceenshot of SAS 4.0 scanning options

[lucas1985]

Sweet
SAS is da bomb. Actually, I'm cleaning most infections with just 4 tools: SAS + CureIT + Autoruns + ESET online scanner. If something looks really bad, I load RkU but I try to avoid it because I don't understand it fully.
Today, SAS has cleaned 4 PCs infected via MSN Messenger (some worm which drops an IRC bot and Vundo-related crap)

[G1111]

Thanks for the responses everyone. I added Dr. Web CureIt in addition to my main scanners KAV 7, SAS free, A2 Free and Ewido Micro. I dumped ad-aware and Spybot. I also have upfront protection (KAV 7, hardware and software firewalls, HIPS and MVPS Hosts file).

[SystemJunkie]

Quote:

SAS is da bomb. Actually, I'm cleaning most infections with just 4 tools: SAS + CureIT + Autoruns + ESET online scanner. If something looks really bad, I load RkU but I try to avoid it because I don't understand it fully.

What do you not understand related to Rku? Is self explaining, isn´t it for you?
I never found any use for SAS, too slow.

[Tarq57]

Quote:

Originally Posted by G1111

Thanks for the responses everyone. I added Dr. Web CureIt in addition to my main scanners KAV 7, SAS free, A2 Free and Ewido Micro. I dumped ad-aware and Spybot. I also have upfront protection (KAV 7, hardware and software firewalls, HIPS and MVPS Hosts file).

That looks like pretty solid protection to me.
Only posting to say just be aware that Cureit doesn't update its definitions as do other free scanners. If you want new defs, you have to re-download the application. Only 5Mb, so no biggie, IMO.

[lucas1985]

Quote:

Originally Posted by SystemJunkie

What do you not understand related to Rku? Is self explaining, isn´t it for you?

I don't have (yet) the self-confidence needed to use RkU as a malware removal tool. I don't have any problems using it as a system benchmarking tool (i.e. I save logs before and after installing software, so I know which software installs which hooks)
I guess that I'm "ready" to use it as a main weapon against malware. On the other hand, the infections I see everyday aren't that stealth to require a powerful ARK to remove/unhide them.

[Cerxes]

Personally I´m avoiding RKU after this warning from Dmitry Sokolov (Greatis Software).

/C.

[lucas1985]

I'll quote myself

Quote:

There's a little friction between Unhackme developers and the RkU folks. Think about this, if RkU has a single bit of malicious code, it should be in all AV's databases by now

Quote:

I don't know of any piece of code that couldn't be debugged, disassembled and/or reverse engineered.

[Cerxes]

Maybe you´re right lucas, I don´t know the politics behind that conflict. But I´m avoiding it anyway following the principle "better safe than sorry..."

/C.

[Wordward]

Why not give Spyware Doctor Starter Edition a try? You can disable the Real Time Guard and use it as On Demand only.

[lucas1985]

There's nothing wrong with that appraoch. However, using a simple packet sniffer on a separate machine will reveal if RkU tries to "phone home". I haven't found anything suspicious on it, but I'm not a reverse engineer or network guru.

[LoneWolf]

Quote:

Originally Posted by fcukdat

Both current SAS and discontinued RKU are using DKOM which is a different beastie to raw disk reading.

DDA=raw disk reading



IRC only 2 AV's(Symantec10/Kaspersky) have achieved raw disk read technology in their software todate.No antitrojan or botkiller as of yet....

Attached is sceenshot of SAS 4.0 scanning options

Any idea when 4.0 will be released?
I use SAS for on demand only.
I can wait till it's ready, just curious.

[G1111]

Quote:

Originally Posted by Tarq57

That looks like pretty solid protection to me.
Only posting to say just be aware that Cureit doesn't update its definitions as do other free scanners. If you want new defs, you have to re-download the application. Only 5Mb, so no biggie, IMO.

Yes I am aware you need to download the latest version each time to get the latest definitions. It is 7.7 Mb now. Easy with broadband connection. I've run it a couple of times now.

[G1111]

Quote:

Originally Posted by Wordward

Why not give Spyware Doctor Starter Edition a try? You can disable the Real Time Guard and use it as On Demand only.

Maybe I'll give it a spin sometime. Thanks.

[fcukdat]

Quote:

Originally Posted by LoneWolf

Any idea when 4.0 will be released?
I use SAS for on demand only.
I can wait till it's ready, just curious.

It currently in Beta/Pre release phase(has been for a while) and I'm unsure of when Nick is going to release this edition to the mass's.


I'm sure he dose'nt want to repeat what certain other competitors have done in the past by prematurely launching software as finalized only to have to update it sevaral times for major/minor bug fix's in the following months

Quote:

Originally Posted by SystemJunkie

I never found any use for SAS, too slow.

Of course your opinion and knowing already one of the tools in your bag of tricks makes me chuckle.....NoAdware 10x times quicker scan but probaly 100x less effective at detection and removal of realife malware infections.

Just a 'lil comparison of detection capabilities going on and maybe speed should'nt be such an issue afterall....well at least when pitching against real life malware infections and not software experimenting

NoAdware =*find file* chokes when it meets malware that is using names of system files as it dose'nt want to delete a system file by accident....

SAS smart rules will track a known bad GUID's back to the source file so even if the checksum of the source malware file is not known to the SAS target database the malware file will still be detected and removed.

One software is lightning fast and severly lacking in capabilities,the other is more pedestrian but parsing a lot more data from alot more locations on the HD

One is free to use to remove malwares and smokes,the other one is pay for and blows

As i have said all along,the best way to access SAS free is to let it lose on an infected machines as opposed to running on a clean machine

Have a great day dude

[david banner]

I tried SAS. It seems very slow and hung halfway through scan. When I tried to close it said it was still running?