About spy sweeper

Discussion in 'other anti-trojan software' started by LIW, Jan 8, 2006.

Thread Status:
Not open for further replies.
  1. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52
    Hi all,

    I came to notice that most ppl here recommends BOClean, Trojan Hunter, Ewido, A2... etc etc

    I have a registered version of Spy Sweeper.I was wandering how does Spy Sweeper compares to them? I don't seem to see much post about Spy Sweeper. Any problem with it? My Spy Sweeper does't seem to pick up anything. Currently running KAV Pro 5 with redunctant database, PeerGuardian (dun know what it does much, just make my surfing real slow), looknstop. I am using free ewido as backup scanner. Thanks.

    Pardon my english.

    Regards,
    Liw
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Hi Liw,

    As with all detection based scanners, they are based on signatures for the most part except where they may utilize heuristics for pattern scanning rather than on specific signatures.

    For the most part, Spy Sweeper has been excellent at scanning for spyware even though at times they pick up false positive - they are very willing to work with the registered customers. I have run their Dr. Diag tool a couple of times to troubleshoot a problem.

    The other softwares you mentioned are all in the class of Anti-Trojan tools and for the most part are signature based - but, some may use heuristics.

    I only use Spy Sweeper, and Ewido. Spy Sweeper lately has indicated in its news that it can detect and remove certain applications that can disguise files, including rootkits. I have not seen any information on which rootkits from Spy Sweeper, so I don't know if they actually have the capability or not.

    Spy Sweeper lately has been detecting certain websites and prohibiting them.
    This is probably related to spyware, adware, etc.

    -- Tom
     
  3. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52
    Hi,

    So I guess I will stick with my Spy Sweeper at the mean time... and are you saying I dont have any anti-trojan? Would ewido free (without resident scanner - i think thats what its called) be sufficient? I do file sharing (is it legal to mention it here?). Thanks

    Liw
     
  4. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Hi Liw,

    Spy Sweeper has resident shield protection (as you know), so its really a complement to any Anti-Trojan you might choose.

    Ewido only goes free after the two week trial period is over, then its capability gets cut back, but I get updates every day which can be on-demand scanned.

    I don't quite know what you mean by file sharing, i.e. as in Windows shared file folders? P2P would probably not be supported to talk about on this website, and the thread would probably be closed or the account closed. Although there are probably some legal P2P websites, most of them carry out illegal copyrighted downloads for songs, movies, etc..

    -- Tom
     
  5. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    On the contrary. P2P has been discussed many times on this site. Just an example,

    https://www.wilderssecurity.com/showthread.php?t=94284

    It is like anything else here. As long as it conforms to the TOS, it shall be(99% of the time). ;) :D


    snowbound
     
  6. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    My current scanners:

    realtime:
    ewido plus (licensed)
    MS AntiSpyware (free)

    on demand:
    SpySweeper (licensed)

    So far SpySweeper didn't find anything (not to blame SS for that, it could be because I am using some other toys as well and I am a safe surfer)

    This setup runs well on my machine, but it is more an intuitive setup for me. Not based on facts (yet) :)

    Just my 2 cents,
    Gerard
     
  7. Yannis

    Yannis Registered Member

    Joined:
    Jan 28, 2006
    Posts:
    56
    Location:
    Athens, GREECE
    Hi to all of you
    My contribution to the thread is this:
    I have installed several programmes like:
    Spy Sweeper, Spyware Doctor, Ewido with real-time protection, MSantispyware, SpyDefense beta, Arovax.
    For real-time AV protection I use Avast 4.6 home which is free :thumb: , additionally I scan (on demand) with AVG and AntiVir, both freeware.
    To come in the end I also have Zone Alarm freeware for firewall.
    My system is a Pentium 4, 512 RAM, 3GHz, Win XP home SP2, IE 6.
    They ALL work fine.
    No reason to worry that SS has found nothing, actually is a good reason to be happy :D !!!
    I hope it helps
    Yannis
     
  8. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52
    Hi,

    Thanks for all ur replies. One more question. I am running Prevx1 (trial, if it is good i would consider buying), Spyware Doctor, NOD32, Ewido, LnS, and Spysweeper. All in real time protection. So my question would be, am I OK with those programs? Or am I running one too many programs at once which overlap each other? Thanks.
    Pardon my poor English. Hope its understandable.

    Liw
     
  9. Yannis

    Yannis Registered Member

    Joined:
    Jan 28, 2006
    Posts:
    56
    Location:
    Athens, GREECE
    Dear Liw
    Overlaping is something that will occur when you even have just 2 pieces of software for the same threat (e.g troyans, dialers, virus).There is no reason to be worried about.The real danger comes from the "holes" that your protection system has.I mean that in some extend might be some malware that can't be detected by any of your installed software. The only "cure" is to add as many application your PC can get, and your pocket can afford!!!
    I am not an IT expert but I think most people of the forum agree . :doubt:
    I hope it helps
    Yannis
     
  10. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi All

    Geradwill - For the longest time, I ran MSAS with all its "real time" protection on. When I relegated MSAS to "on demand" & enabled SpySweeper's "real time" protection, my computer is/was like "Red Bull" it gives you wings, or much quicker. Try it & post back! I don't believe you will compromise anything.

    Take care
    rico
     
  11. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Hi rico,

    I run both Spy Sweeper and MSAS Beta 1 with all shields and real-time agents respectively (except my Host file is too large for SS - they only allow 5000 records according to their tech support). No conflicts detected, and no slow down either. My rig is a P4 Prescott 540J (3.2GHz) with an Intel D825XECV2 Mobo running WinXP Pro SP2 up-to-date with MS patches as of Jan 2006.

    Been using PrevX Home for awhile now. Currently trying out PrevX1R. Encountered install error that did not have Modes for Expert or Pro. New release today has them, however, even prior there seems to be a bug in the pxconsole generating a MS error report - actually its in the module used by pxconsole named qt-mt334.dll. Have sent partial info manually collected from the MS error report to PrevX Support.

    -- Tom
     
  12. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi Tom,

    I would definitely say you have overlapping issues with both SS & MSAS running in real time. Why have two security apps. trying to protect an item? This does not make sense to me. Perhaps you could explain why two things protecting one thing is better. Yes I am aware of SS isssues with large hosts file. Not sure which firewall you use, I use ZA pro, to lock down the HOSTS file. Also see:

    http://www.dozleng.com/updates/index.php?pg=redundant

    In addition to explaining the features, of the apps., the article will help to avoid, reundant/overlapping protection. An interesting experiment you might try is:

    download (free) Everest home ed. http://www.lavalys.com/

    Next go to "benchmark" run the following tests

    memory reads
    memory writes
    memory latency

    see if, you see any improvements, sans MSAS (would require, turning off Real Time protection + reboot) then re-run the tests. Anyway you should have fun playing with Everest, lots of neat goodies.

    Take care
    rico
     
  13. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Hi Rico,

    Thanks for your reply.

    While I do not appear to suffer any performance problems, I will at my convenience conduct the benchmark tests you suggest which I do anyway periodically. I have used Everest for over a year now, and yes it is a good tool, but I have others also for benchmarking, and will use several.

    As for the issue of redudancy, its unfortunate that the weblink you gave did not compare SS to MSAS. Here is what I found when I looked at the issue:

    1) My primary browser is Firefox 1.5, so the issue with Intenet Explorer regarding SS redundancy with MSAS is both somewhat unclear and not a high priority. I need to discover and elaborate more on exactly how the IE Shields compare with MSAS protection for IE before taking any action that would reduce the redundancy.

    2) The Windows System Shields for SS seem to indicate spy installation protection while saying nothing about what kind of protection, and says nothing of real-time spyware detection of system changes which MSAS provides in addition to spyware installation and execution protection.
    Note: SS must recognize the program as spyware, i.e. signature based before throwing up a Shield warning. The notion of redundancy is unclear because it is unknown whether MSAS and SS would trigger on the same item. Redundancy exists if both trigger.

    3) The Windows System Shields for SS seem to indicate some protection for startup in the way of monitoring the startup list items.

    4) SS does not appear to provide Script-Blocking which MSAS does and allows for prompting.

    A short summary is that while there may be some redundancy, and clearly I can deactivate some unnecessarily active items in the Real-time Security Agents of MSAS, and at this point in time my performance is really very good - how good needs to be tested.

    I'll need to investigate further, but this quick look has at least turned up the items that are unnecessary and some slight overlap that is not critical.

    To answer your question:
    Why have two security apps. trying to protect an item? This does not make sense to me. Perhaps you could explain why two things protecting one thing is better.

    The notion of redundancy in providing security is a way to provide the components of a multi-layered security strategy. For example, in the context of MSAS vs SS regarding such a strategy, if my system is attacked and one of the two (MSAS or SS) is deactivated by the attacker, the other is still alive to present an obstacle which would also need to be discovered by the attacker.

    In short, by presenting as many obstacles to the attacker (trying to get control of your system), you increase the probability that the attacker will look elsewhere.

    Traditionally, redundancy in systems has been more of an inherent reliability issue, but in the context of security redundant software is more of a survivability issue (data surviving the attack and not being compromised) - prime example is Space Shuttle Operational programs where the lives of the crew are more important and where reliability in terms of backup/redundant systems contribute to survivable missions. Granted, in this context perhaps, the backup system may be in a standby mode, but ready to act is the key!

    -- Tom
     
  14. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi Tom,

    Okay! Any real time protection will consume system resources, therefore using say SpyBot & ZA pro to protect say the HOST file seems not logical. Just use one to protect the HOST file. Using your line of thinking (If the first one gets knocked out, the redundant program may save us) why not use to AV's or two firewalls? Too many conflicts would result, resulting in system instability. Perhaps we could do away with redundant protection, use just one item to protect, then use PG & RD, or something like that to protect from termination of the protecting app.

    Note my system seemed, much quicker when MSAS went to "on demand", & seemed to not slow down when SS became real time.

    It would be real nice had dozleng included SS in its comparison. At one point I had WinPatrol & MSAS "real time." I then found the dozleng comparison, & started turning off Scotties "real time" protection, which MSAS was already doing. Finally I just uninstalled Scottie & went with MSAS. Anyway I'm happy with SS & snappier feel using it. I still like MSAS.

    Take care
    rico
     
  15. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Hi Rico,

    Having worked on a real-time system previously, I suppose conflict "to my way of thinking" would be something more along the lines of a contention issue or collision frequency with regard to getting a lock on a shared resource.

    With regard to the real-time nature of either SS or MSAS, it just means that when each gets its slice of the CPU, the protection is active, but only one - not both, because they cannot share the processor at the same time except in a virtual sense. Now, if we were to inject a hidden process into the mix - when neither is active, then a vulnerability could be said to exist. I suppose the only way to protect the processes on one processor is to monitor them in real-time on another, i.e. in a multiprocessor shared memory context - its also a rather neat way to debug! For example, the real security issue may not be one of redundant protection for the hosts file, but one of - who is protecting the protector! If none, then redundant protection seems a must.

    With regard to using two AVs or two firewalls, well, in fact, I run both ZA free and PC-Cillin (my primary AV) comes with its own in-board firewall (rather lightweight compared to the feature fat major ones on the market), however, if disabled, it also is tightly coupled to the network detection algorithms for worms, etc. which I cannot do without from a security point-of-view.

    The issue of redundancy and instability occurs only when either the two AVs or two firewalls are not complementary, but actually impede and get in the way of each other's progress. Such is not the case between either ZA free and PC-Cillin firewalls, or between SS and MSAS. Each is complementary to the other, even though there may be some slight overlap - not nearly enough or sufficient to be considered a problem on my rig even from a performance point-of-view (needs testing to actually verify, but there has been no noticeable slowdown), although this may not be the case on other machines.

    Cheers,

    -- Tom
     
  16. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi Tom,

    Uncle! (as in I give), or Rico learns something new - Thanks!

    I still say my system seems like it got hold of some "Red Bull" as it flies, now that MSAS is on demand & SS is resident. I really don't think it is/was the placebo affect.

    I use PC-Cillin also, I was thinking of replaceing it does not get much respect here, plus a few minor annoyances.

    I'm going to "other av's" here & post about PC-Cillin. Perhaps you could help.

    Thanks again
    rico
     
Thread Status:
Not open for further replies.