Ad-Aware SE Personal seems better than Spy Sweeper

I purchased Spy Sweeper shortly after I bought my first computer about 6 months ago, based upon a coworker's recommendation, to supplement Norton NIS. It has seemed to work OK, but you never really know. I have all the shields up and check for updates to the definitions and program almost daily, but I haven't attempted to customize the settings. I usually run a scan at the end of the day, particularly if I think something "strange" has happened. The scans seldom reveal much.

A couple of weeks ago I downloaded a copy of the free Ad-Aware SE Personal. To my surprise it found about a dozen examples of malware, mostly tracking cookies, that Spy Sweeper had apparently missed. I believe they are not all false positives either, because I could identify some of the names on the list as sites I had visited. Also, if I run another scan after having quarantined any malware from the first pass, those items do not show up again on the second pass; if they were false positives, I would expect them to reappear, ad infinitum.

Now I run a nightly scan with Spy Sweeper, followed directly by Ad-Aware. Several times now Ad-Aware has discovered malware that Spy Sweeper had missed. Most of them were tracking cookies, but some were labeled as data miners, which sounds a lot more malicious, whether they are or not. Running sweeps the other way around (Ad-Aware then Spy Sweeper) has shown that to date Spy Sweeper has not caught anything Ad-Aware has missed.

I'll admit it; these data miners probably came from what I will call for lack of a better term relatively innocuous soft-core adult sites, not the hard-core porn sites, which I avoid. I have found that it's all too easy to click on a link from one "safe" site and suddenly find yourself on something that appears a little dubious in terms of security risks.

At any rate, based on my unscientific experience, the bare-bones freeware Ad-Aware SE Personal seems to do a better job than Spy Sweeper, which I think cost me 29 bucks. I am planning to upgrade to one of the more advanced pay versions of Ad-Aware soon. The difference between the free and pay versions seems to be active blocking rather than removal after the fact by a scan. Worth the price in my opinion, despite my fairly conservative web surfing habits.

Can anyone either corroborate or refute my experience? That's how we all learn. Thanks for your contributions.

One postscript: I also have SpywareBlaster and Spybot Search and Destroy. I have done regular sweeps with both, but I don't recall that either one has caught anything to date. That of course does NOT mean they don't work. The Spy Sweeper shields are most likely blocking items they would catch, among other explanations

 

Data miners in Adaware are usally tracking cookies also..by default Adaware is set to do the cookies and MRU (Most Recently Used) list,,threat asseement on those are O but nice to clean them out also..You can also set Adaware up to do a Custom scan

see here
http://www.lavasoftsupport.com/index.php?showtopic=40554&st=0&#entry292182

..various sites including their own forum will give you ideas how to set that up.

I am posting to tell you that it is important to clean out the backups (no matter what they calls them for all these various antivirus and Antispware programs) on a regular basis so that you do not end up trying to clean "ghosts" as you run scans with all of them on a regualr basis.

Here is some background and it also applies to the new Adaware SE.

******************************

http://www.lavasoftsupport.com/index.php?showtopic=23723


Antivirus Warning During A Scan With Ad-aware 6,


Note: Norton AntiVirus has been used as an example in this topic, but the same thing applies to any AntiVirus program that displays a warning duuring the scan with Ad-aware 6.

Hello.....
I hope to explain your misconceptions of the Ad-aware 6 program if there are any resulting from this kind of warning..
The Trojan or Virus warning you received means that the reported file was infected before and is residing in your system, it has nothing to do with the Ad-aware 6 program.
During the scanning process, Ad-aware 6 makes a local copy of the files it is about to scan (not executing them, of course) in a temporary folder that it creates within the Ad-aware 6 folder called cache, while Ad-aware 6 has the infected file open to scan, NAV sees it and reports it as infected. When the scan is finished the file is closed, there is no possible way for the file to execute during this process. When Ad-aware 6 has completed the system scan, the cache folder is deleted, that is why you cannot find it.
To be honest, the powerful scanning process that Ad-aware 6 uses has made it possible for your NAV to "see" this infection, something that it did not see on it own. Now that you know that it is there, you can take the proper steps in getting rid of this infection.
Most of the time NAV will give you the option to Quarantine\Remove\Ignore the file, it is highly suggested to have NAV quarantine the file if you have the oppertunity.
Then....
Since you have these files in quarantine, you may want to follow the NAV submission instructions and have them look at them.
After submitting them, I would also suggest rescanning your computer(s) with NAV. Make sure that you have the latest virus definitions for NAV using the Intelligent Updater: http://securityresponse.symantec.com/avcen...ges/US-N95.html
....or use the LiveUpdate feature.
Then run Ad-aware 6, if anything new is detected by NAV, have it quarantine them and repeat the process. The instructions that NAV has sent to the others that have submitted like files that I have read so far are to delete the files and replace them if necessary. You can use your own judgement there. If you do submit them to Symantic, you should receive instructions on how to proceed.
OK........
If you do not get the option to quarantine the files....
The solution is the following:
When NAV reports this file it will list the path to it.
This file may be in an archive....
The last entry in that path will be the Archive Filename.
Search for a file named XXXX, where the X's are the name of the Archive file in the path.
This file includes the infected file, and has nothing to do with Ad-aware.
You should unzip, and remove the infected file, or delete the entire archive.
It is advisable to copy the file to a 3.5 floppy for backup just in case, however if it is in an archive, it is in all probability not needed.
After you have removed the file, re-run Ad-aware 6 and the warning should not re-appear, if it does, repeat the process on the new one found.
Also, when you find the file, you may wish to submit it to Symantic for evaluation like I mentioned above.

These instructions are basically the same for all AntiVirus software out there that "discover" a virus during an Ad-aware 6 scan.

Once again. I stress the fact that Ad-aware 6 does not contain any virus\trojan files of any kind. If you have any more questions, please PM me....
HTH
Have fun..........

http://www.lavasoftsupport.com/index.php?showtopic=14501

 

Primrose,

Thanks for the response, which brings up the issue of MRU lists Ad-Aware presents as a part of its scan results. I don't know what they are or where they reside, so to speak. Who generates them, Windows, or my browser, or other software like Google, or what? So far I have followed the prudent advice that says, if you don't know what it is, leave it alone. Nevertheless, it would seem to make sense to clean these out every once in a while if they serve no particular purpose.

I am of course aware that clicks on hits on a Google search are highlighted, as are links or other items clicked on from within a web site. This history has to be compiled in files somewhere; is this part of the MRU function?

One thing I find annoying is that when I type something into Google's search field, I may get this long drop-down list of similar items I have typed in recently, based on a string match of characters typed into the field. I don't know what it's called but you know what I mean. It's there of course to permit me to highlight a choice rather than retype the string in all over again. Sometimes I would like to clear them out and start fresh, but don't know how. Is this also a MRU list?

There seem to be some software packages on the market that will allow you to clear out your usage history or tracks, but I am guessing they are just a collection of functions that are a basic part of Windows anyway, if only you knew where to find them and how to use them. Sounds like a bit of a ripoff unless I am mistaken, which would not be the first time. Or the last either.

 

For me it is all crap..

CCleaner (Crap Cleaner) is a freeware system optimisation tool. That removes unused and temporary files from your system - allowing it to run faster, more efficiently and giving you more hard disk space. The best part is that it's fast! (normally taking less that a second to run) and Free.

Cleans the following:

- Internet Explorer Cache, History, Cookies, Index.dat.
- Recycle Bin, Temporary files and Log files.
- Recently opened URLs and files.
- Third-party application temp files and recent file lists (MRUs).
Including: Media Player, eMule, Kazaa, Google Toolbar, Netscape, Office XP, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip and more...
- Advanced Registry scanner and cleaner to remove unused and old entries.
Including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more...
- Backup for registry clean.
- This software is completely Freeware and contains no Spyware or Adware.


http://www.majorgeeks.com/download4191.html

********************


Also you can set you IE not to do that auto complete of web addresses that you had previously visited..



Data Miners

organization uses to analyze its own data to look for significant patterns, and spyware programs that are uploaded to a user’s computer to monitor the user’s activity and send the data back to the organization, typically so that the organization can send the user targeted advertising.


Data Miners third party cookies given with popups

Mmmm -- Christmas cookies.

If you dropped an e-bundle at Amazon.com over the weekend, your browser ate two. CDNow slipped you another. A visit to Wired News' sister site, HotWired, put two more on your plate.

Most online shoppers have heard about Net cookies -- those little exchanges of code that webmasters use to track your movements, mine user data for advertisers, and allow site personalization. Cookies transmitted by third-party ad banner servers like DoubleClick are another concern for the CDT. While the GeoCities case made netsurfers more aware of the importance of keeping an eye on sites' use of personal information, many users don't realize that ad servers are tracking their movements with cookies,

http://www.wired.com/news/politics/0,1283,16972,00.html

 

I realize it is alot of info to take in all at once..but you are correct in thinking that if you know where all this stuff was on your PC you could clean it all yourself or not worry about it in some cases..if you knew what it really was.


The same hold true for even preventing the junk to get on your PC in the first place..you can use some good third party programs with the nice GUI for you to see and handle easy..I think they are all great..since not many have time to Understand the OS or the Browser...not much fun in any case.

And you could also take control of your browsing by locking down your IE..


There are a couple simple things that you can do if you are using IE, they make browsing a little more of a challenge, but they make it more secure and still provide full ability on sites you trust:

1) Open IE, select TOOLS, Internet Options
2) Select Security TAB
3) Select "Internet" globe
4) Click DEFAULT LEVEL, then SELECT HIGH
5) Select "Custom Level"
6) Select "Scripting - Active Scripting - Prompt"
7) Click OK
Select "Trusted Sites Check Mark Circle"
9) Select "SITES", uncheck "Require Server Verification" - you will be adding the normal and secure sites in here that you trust, if you don't uncheck this you can't enter non-secure sites in this list.
10) Type "http://v4.windowsupdate.microsoft.com" in the ADD box and click ADD
11) Type "http://Windowsupdate.microsoft.com" in the ADD box and click ADD, click OK to close window
12) Click "Default Level" then change to "Medium".
13) Select "Privacy" tab, set to MEDIUM HIGH
14) Select "General" tab, select "Temporary Internet Files - Settings"
15) Select "Every visit to the page"
16) Select 20MB for the temp internet files size, click OK
17) Select "Advanced" Tab
1 Uncheck both "Enable Install On Demand" items
19) Uncheck "Enable third-party browser extensions"
20) Uncheck "Play Animations, sounds, videos in web pages"
21) Select/Check "Empty Temporary Internet file folder..."
22) Click OK to close the settings window

Now, when you browse to a trusted site, it's not going to work, you are going to have to ADD the site to the TRUSTED SITES in the OPTIONS / SECURITY tab. This can be a real pain, but it can save your butt when it comes to sites that can compromise your system.

You will find that after the first week that you are not adding sites to the list any more and that you're experience is a lot nicer, less pop- ups, and less chance for something to hack your browser.

Don't forget, you should only ADD TRUSTED SITES to the list. Even if you make a mistake, we set the TRUSTED SITES to MEDIUM in stead of it's default LOW, but you really want to limit the ones you add to verifiable commercial quality sites.

 

Since some day you could get infected..permit me to make some suggestions. that might help you understand some things to do...some you do on a regualr bsis now anyway..but you can see how it can all tie in together.


It is recommended that you do a couple of things after a serious infection.

Just to be sure.

Clear out your Temporary internet files and other temp files. Go to Start > Settings > Control Panel >
Internet Options. Under the General tab click the Delete temporary internet files,
choose to delete all Offline content. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all ->
File > delete.

Empty the contents of the C:\Windows\temp folder and C:\temp folder, if you have one.

This one too if Win2K or XP.
C:\Documents and Settings\username\Local Settings\Temp\

Empty the Recycle Bin.



Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.

Explained here:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

Also if you have sunjava installed it's cache should be cleared too.
> control panel java-plugin > cache tab > hit clear!
And make sure you have the latest version if you have sunjava.

Adjust your security settings for ActiveX:
a. Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set/click the options as follows:
Download signed ActiveX controls > prompt
Download unsigned ActiveX controls > disable
Initialize and Script ActiveX controls not marked as safe > disable
b. In your Restricted Sites Zone set everything that can be to "disable". Set anything that cannot be disabled to "prompt".
c. Never add any site to your Trusted Sites Zone.

I would also recommend, In your own self defense and to reduce the potential for spyware infection in the future, installing both SpywareBlaster and SpywareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.

More info and download is available at:
SpywareBlaster: http://www.majorgeeks.com/download.php?det=2859
SpywareGuard: http://www.majorgeeks.com/download.php?det=3045

Maybe consider this as well:
IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit
innocent-looking sites that aren't really innocent at all.
http://www.spywarewarrior.com/uiuc/resource.htm
Also some info on that page to tighten your IE security.

Be sure to also keep up with Windows and IE updates.

Windows security and critical updates.
http://v4.windowsupdate.microsoft.com/en/default.asp

Internet Explorer security and critical updates.
http://www.microsoft.com/windows/ie/default.asp

Keep all of these programs updated, its free.

 

Phew! The above information overload will probably keep you busy for the next few weeks, so I will not add to it, I'll merely comment on some of the questions you actually asked.

Webroot's Spy Sweeper is one of the leading AS programs, along with AdAware, Spybot S&D and Giant AS (and one or two others). Unfortunately NONE of these applications is capable of finding and fixing all the many spyware related problems plagueing us today. All of them will find things that the others will fail to find; to have the best coverage you would need to use them all! Most people are happy to use a couple of them, I use Giant AS, Spybot and AdAware. AdAware always seems to find more tracking cookies and 'problematic' URLs (that is 'dodgy' sites in your Favourites list) than the others - but of course these are usually minor matters, easily dealt with.

When it comes to the more serious matters, Spy Sweeper has a generally good record and tests have proven it capable of fixing many problems that AdAware cannot fix. So you should not feel you have wasted your money! I personally feel it is a good idea to have real-time protection, which is why I use Giant, and for that you must pay. I'm not able to say whether AdAware's Ad-Watch offers better protection than SS, though I doubt that there is significant difference.

You are wrong, incidently, to assume that false positives would be expected to come back ad infinitum; if the item is fixed (i.e. deleted) it will be gone, unless you pick it up again. The items you refer to are not FP's though, they are simply things that SS does not consider it important enough to trouble with.

If trackers/data miners are a particular problem for you, may I recommend you install WinPatrol which has a good cookie control feature, clearing out trackers while you surf - and you can specify which ones to clean by adding them to the exclusion list.

You say you have visited 'adult' sites and, by clicking, suddenly found yourself in much more 'dodgy' sites. This is absolutely correct, indeed you can find yourself at entirely illegal sites without actively intending it. In this sort of environment you must keep your protection up. The least you should do is have your I.E. Internet Security Zone set to Maximum - if that means the site does not display correctly, go to another site! There are also some important things you should do within the Advanced tab, but I won't burden you with the details, in the light of other answers in this thread. The object is to continue to get clean scans with your AS because clearing up the mess after infection is a lot harder than keeping it out in the first place.

CrapCleaner is a very good way of keeping the rubbish in your system to a minimum, if MRU's are of concern I would recommend using Javacool's MRUBlaster (see elsewhere on this Forum). Personally I have configured AdAware not to look for, or report on, MRUs - they are simply not important enough to bother with (though I do use MRUBlaster occasionally). MRUs are just lists of things you have been doing on your machine and they exist in large numbers all over the place - potentially they could inform others what you have been doing, but this is a low grade threat.

You mention the Google list of entries, I have configured my machine not to allow such a list to accumulate in the first place; you do this within the Advanced tab of Internet Options (by unchecking 'use inline Autocomplete', if I remember correctly - or is it by unchecking the Autocomplete section of the Content tab within Internet Options? Try doing both!).

As a footnote to the preceeding post, I have disabled 'Enable Third party browser extensions', within the Advanced tab, and have not found that it adversely effects pre-installed BHOs (eg Acrobat or Spybot) but you would need to re-enable the function BEFORE installing an application that needs to create a BHO during the installation process.

 

But i think the goal..once you understand what any scan on any product is finding and cleaning..is to then figure out how to stop it all in the first place.

Security to me is not reactive..it is proactive in real time..stop it at the door..if you take those measure..and not even accept the data..over time you will find what is left to be dealt with in surfing by the average home user will not require all those programs..

Nor would one be concerned about the comparison capabilities of each.

 

Thanks to all for their input, especially Primrose for the abundance of information, also to TopperID and Spanner_intheWorks, both from our friends in the UK. Over here we have a saying 'throw a monkeywrench in the works', and of course spanner is your synonym for wrench. I guess it means the same thing.

Let me clarify my situation a bit, as I was being honest but not very clear. I have been looking for pictures of actresses from the sixties. One fun and G-rated site is http://www.swinginchicks.com. - very nostalgic for me, and completely safe. Another good site is hxxp://www.celebrity-gallery.com. This is a very large gallery site and safe as well to the best of my knowledge, but it does have links listed that are definitely adult, yet also fairly clearly marked as such (if you consider words like 'porn' or 'nude' clear anyway). The problems have arisen when I have visited sites similar to the latter, and then clicked on links that seemed as if they were OK from the information provided, but were not. They were, for want of a better term, porn sites. I don't have a problem with that per se, but they were not what I was looking for. Only twice that I know of did I get a virus anywhere, both Bloodhound6 and from porn sites, which Norton caught and alerted me to. Once Norton alerted me to a medium level intrusion attempt, also from another of these sites (anyone see a pattern?). That has been the extent of my known serious security problems, other than these tracking cookies, which I consider more an annoyance and an intrusion on my privacy than anything else. I have run a number of free virus scans, and they have all turned up nothing. I don't open emails from those I don't recognize. I stay away from porn sites. I have been reasonably prudent I think.

TopperID is right in that there is a lot here to digest. I'm not stupid, just uninformed at the moment, woefully so. Several decades ago I did traditional programming in Fortran, Basic, Cobol, Pascal, some C, a little Prolog and Lisp (both AI languages), and some others including Algol, an early block-structured recursive language. But that was in mainframe days, and I was never a hardware person. In college we were allocated only so many seconds of CPU time, which the department had to pay for in real dollars. I was changing a program at a dumb terminal once when I accidentally created an infinite loop (as if anyone does so intentionally) and instantly used up my semester's worth of CPU time. I had to make a request for more CPU time, whcih was embarrassing. And back then you had to back up your work every 10-15 minutes, because crashes were an everyday occurrence. Times have changed. But I digress.

My first order of business is that &@#* Norton. Now for no reason the AV Auto Protect is off when I boot up, consistently. This happened between Live Updates, so I don't know what caused it. I tried to get some info on the Symantec site, but when I click on some topics, they are being blocked like a pop-up somehow, accompanied by that funny 'bump' sound. The verizon/msn system has an excellent pop-up blocker, which I disabled (I think), but no luck. I suppose it could be any of my security software - NIS, SpywareBlaster, Spybot, Ad-Aware SE, Spy Sweeper, or maybe Windows SP2 stuff, or something with verizon/msn, or IE, or who knows what. For the moment I am just manually enabling Auto Protect, a minor annoyance. By the way, the problem appeared between any updates from the abovementioned software, out of the blue. Norton does suggest trying uninstalling and reinstalling NIS, but I am delaying that fun for now. As long as I can enable it manually, that's OK. I am a bit surprised that a link actually clicked on is being mistaken for a pop-up though; I would think whatever is doing the blocking could tell the difference.

Primrose's suggestion of adding SpywareGuard is one I have wanted to implement, but with the Norton difficulty at the moment, I am delaying that one. I also read something on a forum, perhaps here, that there was some compatibility issue with adding that with other AS in place. I don't need any more hassles right now.

I should add that I do a Disk Cleanup nightly, a nice utility (part of Windows XP, I guess) that cleans up the temporary files; I just use the default settings. Sometimes there has been as much as 30 megs of files there, depending on my surfing that day.

Thanks to all who have contributed. There has been a lot of both useful specific information and general wisdom offered. I am going to print this thread out - 12 pages without my own verbiage.

 

Oh dcdc, the shear nostalgia of it - we are obviously of the same generation! I can well remember preparing my Algol 60 progs on a punch card machine, for them to be sent off to an IBM 360 series main frame, because at college we did not have our own machine; it would take a week before I got the print-out back!

Mentiong the word 'Norton' on this site is a little bit like waving a red flag at a bull, a lot of us have tales to tell; see here:- https://www.wilderssecurity.com/showthread.php?t=50924&highlight=norton sucks

So you see your problems with Norton are likely to be Norton related and not due to an external cause. Norton is fine when it is working but is too prone to failure.

I used to get Bloodhound.Exploit6 when I used Norton, it is an exploit which attempts to put malware into vulnerable machines. If you are up to date with patches and are on SP2 you would not be exposed to the risk. Keeping Windows up to date is every bit as important as AVs and the like.

SpywareGuard should not conflict with your AS (it is not like running two AVs, which would conflict), however I must admit I have recently taken it off my machine because I feel I have too much duplication of function with my AS (which is not quite the same as conflict).

I'm not familiar with the sites you mention but, being of that generation, I do know a couple of UK equivalents! The problem is some sites make money by attempting to plonk advertising, and worse, trojans on your system. They do this by acting as 'honey-pots' to attract in the unwary - often they will be offering free access to porn, music downloads, games,gambling, money lending and even innocuous sounding fan sites for famous personalities - anything that will draw the punters in. You only have to click onto the site to risk being landed with a 'drive-by' download. That is why you need to keep your defences up.

Reconfiguring the Advanced tab in I.E. can make a real difference, I would be happy to share my own settings with you but I think you may have had enough advise for one thread!

Incidently, I choose not to run a 'Trusted' Zone system; in order to avoid the risk of 'cross domain exploitation' (bad sites putting themselves in your trusted zone to gain extra privaledges) I prefer to have my Trusted Zone set to maximum safety. This actually saves a lot of bother in configuring your system. On another thread 'Spanner' has referred to a method for tightening the 'My Computer' Zone for the same reason - if you can stomach anymore see how to get to this zone here:- http://vlaurie.com/computers2/Articles/ieseczone3.htm