How significant is spyware?

I am presently trialing an antivirus that is very weak as an antispyware. I always do an a-squared on-demand scan of anything I download to my computer. Therefore...

Q1- How important is it that I run an antispyware real-time monitor?

Q2- Put it another way: what are the main ways whereby one's computer is likely to become infected with spyware?

 

Sup brah?,

I run Firefox with NoScript on Vista 32bit and no real time antispyware (turned Windows Defender real time off) without any spyware infection going on two years.

I recently helped a friend whose notebook was jammed with trojans, popups, and tracking cookies. They used IE7 on XP Home without any real time antispyware even though they were running a McAfee suite (a couple of years old but with current signatures.)

I don't really know how they got so infected but if someone runs javascript and activex indiscriminately and go to suspicious sites, only bad things will happen.

Just my 32 cents (adjusted for inflation.)

SourMilk out

 

Avira PE Premium has pretty good antispyware built in. I also use AVG Antispyware, but have recently deactivated the resident guard because I think it is overlap with Avira, seeing that Avira was always first to alert.

Also I have recently installed Threatfire (bellgamin, you seem to like it ?),
which runs very light on my system. Perhaps I should not run Avira and TF,
but I was thinking that TF being a behavioural based HIPS, and Avira relying on heuristics and signatures, that it's OK ?

Opera browser with a javascript toggle button on the toolbar (for convenience) which I only switch on when needed to view certain sites, eg.
Apple movie trailers. Lastly Proxomitron is something I would not want to do
without.

PS. @bellgamin ... would you mind divulging which AV you are referring to ?

 

2 ways, mainly: from the internet and from installing software containing spyware. If you practice safe browsing or use a form of browser security (like noscript/adblock for Firefox or Proxomitron + Opera) it is hard to get spyware while browsing. The bigger problem is when you install a software you belive is legitimate, and it contains spyware. In this case without any form of protection against spyware, you are in danger of ending up infected.

 

And this is also a big weakness of relying on on-demand anti-spyware apps. You're essentially betting everything on the ability of the scanner to unpack the installation file and scan whatever's inside, and if it can't the scanner returns a clean bill of health and you merrily double-click on the file.

 

Firefox+Sandboxie+ThreatFire = No need for AS scanner, Adblock and NoScript
Firefox+Sandboxie+ThreatFire = Safe & Fast Surfing.

>If I am unsure about a program, I will open it inside a sandbox.
>ThreatFire has been a 'Silent Killer' that traced/eliminated most of Spyware.
>I use AS/AV scanners Only on-Demand; not on-Access.

 

SBIE as the main Trap,with anything to your liking behind it,should be enough to protect you well !

 

Hi,

Sorry but you mean that adding NoScript to Firefox slow browsing experience ?

MaB

 

Viruses/ trojans might come from the blue.

Spywares are installed by the user himself. It,s my understanding. We don,t need a real time AS i believe.

 

Just for the record, no such distinction exists.

 

Distinction is my own. U need not agree. Let me explain. In my very limited experience I have seen:

Viruses/ trojans sometimes come even with safe surfing. Some times even legitimate site have explits etc. Some people get it from infected USB memory sticks/ infected pirated CDs etc.

Every time I found a spyware on a person,s PC, it did not come like this. It came either as a part of porn surfing/ download, some free games etc that were intentionally installed by the user.

Ur experience may be different. Every time some of my friends borrows my USB memory stick, it comes back with some virus/ worm in it. On the other hand I have tried my best to get a drive by spyware installation but I failed so far.

Let me repeat, an AV is enough no matter how weak it is in spyware detection. I don,t need an antipsyware, neither on demand nor in real time.

 

Spyware to me isnt a great big deal and I haven't been infected with anything for over 5 years. Anytime I have had to clean and repair somones pc cause of spyware all I do is use SAS and Spybot. Then the system is clean. I then tell the person to either buy NOD32 or Avira. Install Firefox with No Script and Ad Blocker Plus. Never download or install anything cause it seems cool. I bit of education goes along way.

 

I think that people really have to re-evaluate the notion that "safe surfing" is a malware preventative.

A short time ago Finjan Security posted a paper (based on their forensic work) that over 10,000 sites in the USA alone were compromised by the “random js toolkit”; among the sites involved were a number of Fortune 500 Corporations.

A more recent paper disclosed that the FTP server credentials of over 8700 sites were in the hands of hackers and were actively being sold. Those involved went so far as giving Google Page Ranks for the websites to be manipulated (with pricing also based on page rank).

There is a reason why the "Designer" malware industry is booming. And the expensive stuff isn't being installed on some Porno or Warez site.

It's being installed at your Bank.

 

This is the exact situation you are faced with in every field of computer security. What if the file I just downloaded has a virus? Or a rootkit? Or installs spyware? You can scan it, and you will be 98% sure it has no virus. You scan it and find there is no spyware or rootkit... But then, when you want to open it, you wonder: what if my tools were not good enough? You cannot be certain of anything 100%.

I don't need it either, but I was trying to give balanced information about the risks you face when you are not using antispyware tools

 

My point was that some people choose to use free on-demand scanners and think that on-access scanning is an unnecessary luxury. In which case you could be potentially shooting yourself in the foot and getting hit by malware which your scanner does have detection signatures for, and could've caught if only you hadn't been using a crippled version.

The fact that we cannot be 100% certain is all the more reason to be careful, not an excuse to embrace a fatalistic outlook and throw caution to the winds.

 

This has always been the decisive argument for me using the on-access function of an AV. In many posts here at wilders (for those who are using an AV, AS etc), there are some members that describes the freeing feeling of not using the on-access function and solely relies on the on-demand function. The main argument for this is that it doesn´t waste any valuable resources and therefore doesn´t slows down your system. I can understand that argument if you have an old machine, but if you are using a fairly new one, I can´t understand it.

For example, I like gaming a lot and I play on daily basis. Wasting the resources while gaming is a no-no for me and many others, but I solve it by simply excluding the specific game folder and the virtual driver (Daemon Tools) from the resident scanner. I don´t notice any differences in performance by either excluding the folders as I´m doing now, or from not using the on-access function at all.

/C.

 

Thank you, Cerxes. Just for example, Avira fails at unpacking NSIS, ESET is screwed by CAB files, et cetera et cetera et cetera.

Of course, installer files aren't the only situation where this scenario can happen. Downloader trojans, droppers, and manually-modified archives (to defeat automatic extraction) can result in this as well. If you're going to use a blacklist scanner: always go for on-access scanning as well.

 

Q1 - Not at all important
Q2 - Installing programs which include an infection.

 

There's another point: a computer is to solve things as automatically as possible/desired. If you use an AV, why bother scanning manually, if the AV can do it automatically for you, at any stage you desire (download, on execution, memory etc.), and more reliably.
It's supposed to be the watchman, whenever a known criminal surfaces, it is there to get it.
You either use one or you don't imo. But i'm sure someone disagrees.

Performance issues do matter, but only if it visibly drags the computer, or conflicts with your accounting program.

Also, since AV's is probably a name in danger of extinction, it should be good with spyware and trojans. The complement is not another scanner, but another approach (BB, execution control, policies, and so on). I'm referring to real-time, not on demand. Have as many AS's on demand as you want.

Edit: on Q2, you should look for Rmus posts, some are real gems.

 

I always run the realtime scanners. My feeling is that it will hopefully catch anything before it has a chance to infect rather than doing an on demand scan and finding out that I have been infected. Most computers are powerfull enough today that you hardly notice any drag with most AV's or AS's.

 

Just out of curiosity, bellgamin, what would be that antivirus you're trialing now?

 

No. I mean that Sandboxie traps Internet ''clutter".
After the Internet Browsing session is over, the contents
of Sandboxie can be Automatically Emptied.

NoScript and AdBlock/Plus offer limited security against spyware.

>To add to the previous points:
Many people use more on-Demand and less on-Access AV/AS scanners because:
1) They trust HIPS (Classic, Behavior Blockers, Sandboxes, Virtualization etc.) more than the AV/AS scanners.
2) With about 3,000-5,000 new Malware coming out almost every day, NO Single AV/AS can offer sole protection.

Being tired of the Lengthy Updating & Scanning sessions and the False Positives, many users stopped using AV/AS scanners. They have built their security -entirely- on HIPS, Virtualization, and Instant System Recovery.

 

Going back starting with Windows 98/Me spyware is been a big partner with advertisers, especially the so-called rotating ads who mostly used IE exploits to if nothing else, completely annoy a surfer to sabotaging their machines. I know, i used to surf FREE sites like wav file websites, free icons & cursors all the way to the occasional free screensavers. Sometimes it was easy to get hit by simply clicking on a link or worse case, the page would trap you there while it mustered other malware to drop in your machine.

AV's alone were no match and the best AS's at the time were helpless to fully remove all the crud once affected.

That was then, and this is now.

With the introduction of HIPS, Sandboxes, Virtual Systems, and the like we can safely surf these same (and new) IE exploits and the chances of penetration onto your file system is dropped flat to the floor.
You can safely "trap" malware throws now with the likes of SandboxIE or you can be alerted and terminate them altogether with a solid HIPS or Behavioral Blocker like ThreatFire "BEFORE" they can join their payload to your machine at all. With virtual systems you can even let them ride although i would never recommend it unless you have a backup strategy at your disposal to turn to because file infector viruses although not as prominent as once was, still can corrupt enough executables including your security programs if self-protection for them is not stronger.

 

I totaly agree.

 

@ All
Thanks to everyone for some providing VERY well-thought-out comments and advice. Based on what I have read, I request your answers to the following additional questions...

Q3- Assuming that I DO get infected with spyware, how would I detect that fact? What would be the symptoms of a spyware infection?

Q4- (Corollary to Q3) Wouldn't spyware want to connect out? In which case, wouldn't my HIPS (Prosecurity) alert me to that fact?

Q5- How much *SERIOUS damage* can a spyware infection actually do? It won't format my HD, will it? It won't grab my passwords etc (they're all encrypted), will it? In other words, is a spyware infection analogous to (1) a "cold in the nose" or (2) "bronchial pneumonia"?

@Ocky

I like it a lot. However, I am running ProSecurity at the moment, awaiting the time when Threatfire adds a "Deny" option to its Advanced Rules.

IMO, Avira & TF make a splendid security team.

@Ocky & solcroft In answer to your questions re which AV I am running --- I got curious about AVG-free so I am trialing it. As you know, it lacks built-in antispyware scanning.