Antispyware letting spyware go ?

Discussion in 'other anti-malware software' started by tekkaman, Jan 13, 2013.

Thread Status:
Not open for further replies.
  1. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164
    I often receive computers to clean from spyware and it seems antispywares are detecting less and less. Last week I was dealing with a laptop that had Babylon, Sweet IM among others. I scanned it with Superantispyware and Malwarebytes and got ZERO spyware found, only a few cookies. And guess what ? I tried the old Spybot 1.6 and it found everything. I remember a time when I could use either Superantispyware or Malwarebytes and each could deal with most known spyware but now very often they aren't detecting even things that they used to detect. So what are we talking about here. Is there money involved ? Pay me and I get you off the black list ? I rarely see an AV detect spyware either. You thoughts please.
     
  2. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Those are usually to detect more severe malware, and not PUP's
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Don't jump to most simplistic conclusion. Did you report the findings (software found) to them and see what they thought of it? Find out what is their take on the situation.
     
  4. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    221
    I just ran Spybot after years of hiatus because I was curious. It popped up a bunch of changes and history in things like explorer. While a bunch of silly things for me, I saw that it had some wealth--the ability to see changes I hadn't made or logs I wasn't aware of almost akin to Scotty.

    Compared to MBAM, it's a different beast. MBAM loves executable code and looks via signature. So your entire Firefox prefs for example are combed as code looking for raw sig matches. To do both scans would take a long while. & for what it is worth, when MBAM started listing generic things like "hidden desktop icons" as a PUC during a system scan, it annoyed me and most other users.

    Meanwhile, Spybot looks specifically for hijacks in known places. So it will crack open your Fox config panel and actively look for things like Babylon search or url string changes to KNOWN hijacks or just simply aware you that your homepage is not default.

    So Spybot is very good at finding PUC or unwanted changes to common software in common places; MBAM looks for signature matches as raw files granted malware is generally dynamic/crypted etc. PUC/PUPs are more well known, less dynamic, and their designers have presence (you can call Babylon and tell them how much you hate them), but getting into contact with malware designers is a bit harder off the IRCs and so is finding the fruits of their labour via scanning.
     
  5. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    Basically what you are categorizing as malware or spyware is really called a PUP (potentially unwanted application). In some cases these pups are at least as malicious as real malware, so I agree they should be taken more seriously.

    Interestingly, I have found only 1 single program that seems to be really good at detecting and preventing PUPS, and it is ESET-IS. I use Bullguard 2014, and it basically ignores PUPS, which I think is a mistake. A good test is to install stuff like Butterscotch Toolbar, and Bearshare, these load up your system with tons of PUPs and traces of pups, and adware. MOST AV's won't do a darn thing about it, but ESET actually stops them all.

    I agree SAS should detect PUPS, but SAS in my opinion is very nearly useless, and has taken some serious hits in detections in recent times. I used to recommend it, now I recommend people steer clear of it. I have yet to find a good secondary program focused exclusively on PUPS. If you find one, please let me know!
     
  6. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    475
    For PUP's i use Malwarebytes,Hitman pro and AdwCleaner. I find AdwCleaner real useful to detect and remove Adware, Toolbars and PUP's.
     
  7. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Nothing seriious to detect about babylon a Pup or adware or toolbar thats easy to avoid and nothing more then it's uninstaller is needed to remove it. I find it all the time after my kids install things for games among avg search or ask toolbar. They dont hide them self and are easily removed with out a Antimalware scanner.
     
    Last edited: Jan 13, 2013
  8. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    Same here. :thumb:
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    My two sense.

    Spyware is a revenue stream for many outfits including many security software manufacturers. I don't think it is by accident non-malicious spyware is overlooked by the big boys.
     
  10. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,250
    I will have a look a AdwCleaner - I had never heard of it till just now.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Ever since I added Fanboy's two add-ons, adware and tracking protection, to IE9, my AdwCleaner scans have been clean. I consider those two add-ons a must.
     
  12. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164
    The thing is, they used to be detected and now they aren't. Noticed that Superantispyware changed their goal ? It used to be like this: Detects "ALL" Spyware not just the easy ones. They removed the word "ALL". Meaning they detect what they want. Also antispywares should detect spyware in ALL it's forms. A lie is a lie. There are no white lies. There's no white spyware. Spy is spy regardless of the method used to track the user. And all should be detected.
     
    Last edited: Jan 22, 2013
  13. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    I think the same about ESET, another that come close is Avira.
     
  14. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    Later testing revealed ESET hits about 70% PUPS. Not all that amazing. But bullguard almost ignores them.

    I ROUTINELY find my kids computers infected with PUPS, and that is with Bullguard+MBAM+Admuncher running. I have given up trying to defeat PUPS and utilize RollbackRX to roll back any machine I find PUPS on.

    If anyone has a dedicated, realtime PUP protection program that has a high detection rate, I would love to hear about it. Thus far, I haven't found one, and all of the AV's (minus ESET) are poor at it. I won't use ESET because they ceased development of Thunderbird plugins, and it's detections keep falling.
     
  15. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    I rolled a new Snapshot, installed Spybot, and hit it with a dozen PUPS, it missed 100% of them. I quickly rolled back, and do not see Spybot as a viable solution to the pup issue. I will continue to maintain for PUPS, its best to have a rollback/snapshot solution in place.

    That is until one of the vendors decides they should deal with them properly, and I am unsure why none of them seem to take them seriously.
     
  16. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,250
    What's wrong with just using their own installers? I do realise that it would be handy to have a program which will do that itself, though.

    I've never found a harmful PUP.
     
  17. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    Some PUPS are downright vicious. Some versions of Conduit are almsot impossible to remove.

    Also I found some that offload trojans in the background. The Pup itself is harmless, but it shoots down trojans onto a system over time. Those payloads are usually hit by your AV or MBAM,but not always. So I consider PUPs to be pretty dangerous, despite the uninstallers. I wish AV companies took them seriously.
     
  18. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    When the AVs started installing toolbars it was the beginning of the end for PUP detection. This set a dangerous president where anything with a valid EULA and uninstaller became completely legit.

    PUPing most software will get you sued and since there is plenty of unity in the AV community a lone vendor does not have a legal leg to stand on.
     
  19. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    Yeah and since Conduit is a giant company, with unlimited money (virtually) they can basically sue anyone.

    I think someone needs to take a stand, and legally protect themselves by detecting them as PUPS and offering a disclaimer to keep or remove it. How can they sue if there is a disclaimer and the product intention is to allow the user to choose? Checkboxes in AV's for pups are precisely there for legal reasons. However most AV's seem to not take pups seriously, which is a shame. MBAM should become pup-master, with a dedicated removal engine for them, then a checkbox added for legalities.

    How about a BHO/Toolbar blocker product? Where did they all go? I used to use DesktopArmor, it blocked EVERY pup/toolbar I ever threw at it, but they ceased development when Vista was released. There used to be pretty good products for blocking pups and toolbars out there, now I hardly see any.
     
  20. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    We have received MANY legal letters already, trust me, when it comes to what we can do without spending all of our time in court we are already doing all that we can.

    You can thank the industry as a whole for this. They had the option to stand up or to join in the $ grab, now its too late.

    In my book...

    User: I want X
    Vendor: OK, have X Y and Z

    ....Y and Z are potentially unwanted because the user had no intention of installing them.

    If any product (at least here in America) were to base their PUP criteria on this thinking alone they would quickly end up out of business due to court costs.

    If you want this to change EVERYONE needs to go to EVERY vendor and demand that PUP be based on what the user potentially does not want added onto their desired software, not which addon vendors will take take you to court.
     
  21. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    Legal letters mean nothing. Anyone can type one up, and any attorney will sent one for $50.00. They are intimidation tools, nothing more, and they rely on the target being scared.

    Anyone smart enough, and rich enough to sue, won't sue. Because if they are, then they would know the court system is a mess, unprofitable, and potentially devastating to reputations. Only attorneys gain, nobody else, and nobody wants to keep giving attorneys money. (at least not sane people) It's just not worth it. This is why I giggle anytime anyone says they will sue me. You know what? Go ahead and try! They learn real fast it's futile, and they also learn to stop trying to scare people with scary sounding letters from dimestore attorneys. My old employer(game dev company) had attorneys on retainer, and virtually the only thing they did was respond to letters, or send letters of their own. I do not recall in several years EVEN ONCE having seen them go to court. My employer wasn't dumb enough to actually try and sue, and nobody else was dumb enough to try and sue them.

    So if it was my choice, I'd deal with the pups and tell the letter jockeys to go take a hike.

    PS: AVG are sleazeballs, why do I have that AVG toolbar attempt to install on 50-60% of anything I download? Sleaze... Sellouts for sure because they are doing exactly what they are supposed to be protecting from - PUPS. Any AV vendor that 'remotely' engages in any similar practice, even slightly, or tries to offload ANYTHING during installation I drop them like a bad habit.
     
  22. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Until one of them calls the bluff and then it becomes Judge's choice. Even a threat of legal battle can be costly. Legal advice does not come cheap.
     
  23. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Perhaps 'big guns' like Intel/McAfee or Symantec could achieve something but I don't expect a relatively small company like MBAM to take charge.
    I'd sooner think of organizations like EFF, who can organize awareness and a more critical mindset among consumers. The anniversary donation was spot on imho.
     
  24. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    It never gets to a judge in 99% of the cases, letters are letters. Clerks in attorney offices send out hundreds a week, it's good business. But any attorney will admit generally none of them lead to litigation, it's a bluff move. Much of legal, law enforcement, and code enforcement is a matter of bluff. I wouldn't expect any of these idiot toolbar companies to ever litigate, it's purely a fear-based response they want from people. It's an intimidation tool like big muscles or carrying a gun, nothing more in the vast majority of cases.

    Interestingly, PUPS are generally stopped cold by Linux, so maybe someday we can put this windows mess behind us, and move to an OS where abuse isn't commonplace. I think in YEARS of running linux I saw a Pup once (that failed to install) because I was getting something outside of a repository. It just doesn't happen for the most part.
     
  25. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,250
    Yes, I am aware of such cases, and agree they should be detected. But I wasn't considering them to be PUPs as such just the harmless (but still often annoying) ones.
     
Loading...
Thread Status:
Not open for further replies.