Put your Anti-Spyware Apps to the Test!

I think someone posted similar results here for WD...in this same thread I think.

 

Spyware Doctor 4.0:

HKLM_RunOnceEx : Spycar change blocked

Allowed all others.

I don't know whether to question the validity of the test or my AS program.

 

So I guess I'm not hallucinating then. Just sent the following e-mail to tech service at SD:

My license expires in under 20 days and I just thought I'd look around to kick the tires of other apps like Spyware Doctor. In doing so, I ran into a security test called Spycar and tried it on SD. To my dismay, SD did not block a single thing. Unless some clear explanation of this can be brought forth, I'm thinking I won't be renewing, especially since free software that I installed afterwards managed to block everything thrown at it.

Thoughts?

Thanks!

 

Hmm! I'm gonna switch to ArovaxShield right now. Here are my results with Cyberhawk when the resident shields in AVG AntiVirus and AntiSpyware were disabled. Damn!

Best regards,
Firefighter!

 

Firefighter, did you try it with AVG Spyware Shield enabled? I was going to, but if decide you want to try it I would appreciate it. I didn't even download the Spycar Test yet and won't be able to try it until tomorrow. It would be nice to see your results with AVG AS enabled. I have AVG ISS, but have added Arovax Shield today. Take care.

 

AVG AntiSpyware 7.5 failed in all tests.

ArowaxShield, although the notifier jumped up in every test and I made a Block rule against all of them, scored only a bit better than Cyberhawk.

Best regards,
Firefighter!

 

My BOClean 4.22.002 was almost as good as yours. The only failed one was deleted after the second try. I'm still confused. Because BOClean deleted all my test files except the report/clean one, was that only because it has signatures to them?

But if BOClean really is capable to protect all these kind of attacks, should I throw AVG Anti-Spyware away and all my HIPS too, so that my only security applications should be COMODO Free Firewall, SpywareBlaster, BOClean and AVG Antivirus 7.5?

Best regards,
Firefighter!

 

Lets say it this way for my case.
What SSM does not catch, catches BoClean and reverse, as a lot of registry entries are observed with SSM.

In your case i think it is not nececarry to run two background watcher like BoClean and AVG simultaniasly. I would use AVG for on demmand scan as this feature lacks in BoClean.

 

Hi everybody,

Firefighter, i think you unchecked " Guard Windows Policies " or there is something wrong with your install

MaB

 

There may be something wrong in my just full patched/reinstalled WinXP Home. I can't make a full C:\ scan with DrWeb, F-Prot and some other av:s for instance. Sometimes they'll shut down this laptop when the scan reaches HP PSC 1510 system files and sometimes in Windows/System32 folder files. I only have 448 MB RAM and everything possible installed in this d...ed laptop.

No, the only what was unchecked was the Opera Browser, because I haven't that one. Look at the setup.

Best regards,
Firefighter!

 

What freeware did you install that blocked all?

 

QUESTION: Howa re you all copying and pasting your results here? What key sequence do you use?

I was not able to highlight the results inside TOW TRUCK and copy them.

 

Just want to say thanks to you Firefighter for the results. Also, how do like Arovax Shield so far?

 

My Results:

Arovax Shield

HKCU_Run : Spycar change blocked
HKCU_RunOnce : Spycar change blocked
HKCU_RunOnceEx : Spycar change blocked
HKLM_Run : Spycar change blocked
HKLM_RunOnce : Spycar change blocked
HKLM_RunOnceEx : Spycar change blocked
IE-HomePageLock : Spycar change blocked
IE-KillAdvancedTab : Spycar change blocked
IE-KillConnectionsTab : Spycar change blocked
IE-KillContentTab : Spycar change blocked
IE-KillGeneralTab : Spycar change blocked
IE-KillPrivacyTab : Spycar change blocked
IE-KillProgramsTab : Spycar change blocked
IE-KillSecurityTab : Spycar change blocked
IE-SetHomePage : Spycar change blocked
IE-SetSearchPage : Spycar change blocked
AlterHostsFile : Spycar change blocked

CyberHawk (blocked by signatures)

HKCU_Run : Spycar test not performed
HKCU_RunOnce : Spycar test not performed
HKCU_RunOnceEx : Spycar test not performed
HKLM_Run : Spycar test not performed
HKLM_RunOnce : Spycar test not performed
HKLM_RunOnceEx : Spycar test not performed
IE-HomePageLock : Spycar test not performed
IE-KillAdvancedTab : Spycar test not performed
IE-KillConnectionsTab : Spycar test not performed
IE-KillContentTab : Spycar test not performed
IE-KillGeneralTab : Spycar test not performed
IE-KillPrivacyTab : Spycar test not performed
IE-KillProgramsTab : Spycar test not performed
IE-KillSecurityTab : Spycar test not performed
IE-SetHomePage : Spycar test not performed
IE-SetSearchPage : Spycar test not performed
AlterHostsFile : Spycar test not performed

Spyware Terminator
HKCU_Run : Spycar change blocked
HKCU_RunOnce : Spycar change blocked
HKCU_RunOnceEx : Spycar change blocked
HKLM_Run : Spycar change blocked
HKLM_RunOnce : Spycar change blocked
HKLM_RunOnceEx : Spycar change blocked
IE-HomePageLock : Spycar change allowed
IE-KillAdvancedTab : Spycar change allowed
IE-KillConnectionsTab : Spycar change allowed
IE-KillContentTab : Spycar change allowed
IE-KillGeneralTab : Spycar change allowed
IE-KillPrivacyTab : Spycar change allowed
IE-KillProgramsTab : Spycar change allowed
IE-KillSecurityTab : Spycar change allowed
IE-SetHomePage : Spycar change blocked
IE-SetSearchPage : Spycar change blocked
AlterHostsFile : Spycar test not performed

WinPatrol Free

HKCU_Run : Spycar change blocked
HKCU_RunOnce : Spycar change blocked
HKCU_RunOnceEx : Spycar change blocked
HKLM_Run : Spycar change blocked
HKLM_RunOnce : Spycar change blocked
HKLM_RunOnceEx : Spycar change blocked
IE-HomePageLock : Spycar change allowed
IE-KillAdvancedTab : Spycar change allowed
IE-KillConnectionsTab : Spycar change allowed
IE-KillContentTab : Spycar change allowed
IE-KillGeneralTab : Spycar change allowed
IE-KillPrivacyTab : Spycar change allowed
IE-KillProgramsTab : Spycar change allowed
IE-KillSecurityTab : Spycar change allowed
IE-SetHomePage : Spycar change blocked
IE-SetSearchPage : Spycar change blocked
AlterHostsFile : Spycar change blocked

 

KIS passes them all.

 

Just capture 3 images from TowTruck by Gadwin PrintScreen 3.5 and link them together to one picture in M$ Powerpoint.

Best regards,
Firefighter!

 

Have you turned IE7 on during the test, I didn't?

BOClean too. Is this kind of blocking a valid result in this kind of test? Even my AVG Antivirus 7.5 alerted when I tried to execute the TowTruck.exe file during my first scans.

Best regards,
Firefighter!

 

I have this problem too when I used Cyberhawk. First of all I made a new system restore point in my WiXP Home system before this test. Then I disabled resident shields in AVG Antivirus and Antispyware. After that I activated Trojan-Downloader.Win32.Zlob.asf as you can see in my VirusTotal scan, but Cyberhawk was silent.

Best regards,
FF again

 

Based on countless reviews I have seen on my antispyware tool, I know that I have chosen an effective product. But it fails almost all of the Spycar tests.

This makes me think that there may be something inherently wrong with the test. I am not certain that I trust the results.

 

I installed Spyware Terminator and RegDefend (I know it is technically shareware). Still waiting for the answer from SD tech service. They sent me a first response saying that SD is compatible with Windows XP. So I asked them to try again.

 

What do you use? Spyware Doctor kept getting great reviews and that's what I've had for a year now. Just want to know what their tech folks have to say about failing tests. I read in one place one guy saying that it's still the best at removing malware but isn't it better to prevent it in the first place?

 

And never trust reviews!.

 

Folks, you are misunderstanding these tests. Most (if not all) antispyware are mainly signature-based scanners. Spycar should be tested against behaviour blockers, HIPS and antispyware with HIPS functions.

 

That's fine but I just want to see if SD will fess up to the fact that their software doesn't cover that.

 

Nice to see that!

Arovax has so far behaved smoothly, even lower CPU impact than Cyberhawk had, at least the feeling in surfing. Yet I want to resolve one problem and it was the test issue. Has anyone else got the same results?

Best regards,
Firefighter!