Make your own free website on Tripod.com
  

 

    d

Comparison Antispywares - Top Anti-Spywares - Antispyware Programmes - Top Spywares



Introduction


Today’s spyware parasites are among the most prevalent and dangerous threats on the Internet. Modern spyware, adware, browser hijackers, downloaders and information thieves became more harmful than "traditional" viruses and worms. If a few years ago users thought that the most terrible thing that can happen to their computers is the MyDoom or Sasser infection, then now they fear only spyware and malware, a new kind of sophisticated malicious software that combines functionality of adware, trojans, backdoors, keyloggers and many other parasites.

Back in 2003, people using up-to-date antivirus software had the feeling of being protected from 90% of all viruses, trojans and similar threats. Even if an antivirus couldn't eliminate the infection, installing one or two competitive products always did the trick. However, a rapid spread of spyware and complex malware forced users to stop blindly relying on regular antivirus software. Antivirus companies did not pay enough attention to spyware problem and this resulted in a tremendous growth of infections that available security software couldn't remove. That's why special anti-spyware programs appeared.

First spyware removers have been designed to identify and remove only non-viral parasites. They were nothing more than additions to typical antivirus programs. However, spyware was evolving. Neither regular antiviruses nor first generation spyware removers could completely remove emerging pests. That’s why both antivirus and anti-spyware developers began combining strong antivirus protection with advanced anti-spyware detection techniques and vice versa.

Since then, modern spyware removers are no more "anti-spyware only". Most of them successfully identify and remove trojans, worms, backdoors, keyloggers, dialers and even rootkits, i.e. all those parasites, which common name is "malware".

If you take closer look at the most popular and effective anti-spyware products, you notice that all of them actually are anti-malware tools. They still cannot replace regular antiviruses, but often are much more effective and useful than old-fashioned security suites. Sometimes a spyware remover sweeps all malware infections (including viral ones) by itself, so the user does not even need to run any virus scans.

Present comparison provides a summary of ten most advanced and powerful anti-spyware / anti-malware products.


Products chosen and why


There are hundreds of different anti-spyware programs on the market today. However, only about 70 of them are capable of providing at least minimal level of spyware protection. Other so-called spyware removers are practically useless and even harmful. More than 200 different corrupt programs have been released in last few years. But even having 70 legitimate products doesn't make your choice wide, as the larger part of these products is not ready for daily use. Only 20 applications are effective enough to protect a regular system from almost all well-known, relatively old threats, and only 10 programs are capable of identifying and removing new, emerging parasites. Those 10 products made up this anti-spyware comparison.

Choosing top 10 spyware removers is not easy. You have to comprehensively test each product available in order to say which of them deserves to be called the best. Before starting this comparison, we had to compare 69 different products. That wasn't easy task of small duration. Testing, reviewing and rating 69 spyware removers took one year and a half. The result is the 2-Spyware.com software database. After it was complete, we compared all the programs in it and chose ten with the highest ranks. We also retested 20 programs that scored below top 10. That was done to make sure that all decent products that have been improved since last test time could make into the top 10.

The final list of best products:
1. PC Tools Spyware Doctor
2. Webroot Spy Sweeper
3. SUPERAntiSpyware Professional Edition
4. Sunbelt Software CounterSpy
5. ewido anti-spyware
6. Crawler Spyware Terminator
7. Spybot – Search & Destroy
8. Computer Associates eTrust PestPatrol
9. Emsi Software a-squared anti-malware
10. Microsoft Windows Defender (Beta 2)


How we tested


Thousands of different spyware and malware parasites as well as their numerous variants are on the loose today. Some of them are prevalent, widely spread, while others can be found only in a few computers around the world. Needless to say that it is virtually impossible to collect all known threats altogether and use them for testing anti-spyware, antivirus or any other security program. Furthermore, it would also be wrong to create new parasites just for the testing. Not only this would complicate today's already desperate strait, but also would reveal absolutely incorrect results, as fake, not researched parasites cannot be called real threats.

We have chosen another way. We have collected ones of the most prevalent and rapidly spreading parasites with the highest probability of infecting any regular system. In simple phrase, we took one typical PC and gave it to a typical, not computer savvy user for one week. We asked the user to work on his daily tasks, surf the Internet, read e-mail, watch online videos, download music, movies, software and computer games. We also told him to do anything he wants with his computer. He could install applications, reconfigure some system settings, visit any web site. However, we gave one necessary requirement – not to use any firewalls, antiviruses, anti-spyware, anti-malware or any other security-related software and online services except for the native Windows Firewall. Such requirement would assimilate our test system with millions of regular computers around the world.

Why we didn't install any security applications? The answer is simple. A lot of people still do not realize the necessity of having effective antivirus and anti-spyware software installed and running on their systems. Practically all inexperienced users have started without any protection at all. They began using security-related software only when their systems have been hit with certain parasites and only for finding and removing those parasites. In other words, people begin to feel concern about computer security only when their PCs get infected. Most people never think about countermeasures until it's too late.

After one week has passed, we took the test system. As we expected, it was infected with different parasites including spyware, adware, trojans, browser hijackers, corrupt security software, etc. As soon as we get our test system back, we have disconnected it from the Internet and installed Symantec’s Norton Ghost 10.0 to clone the main system drive. Then we installed the first anti-spyware program, updated it spyware definitions database, and run a thorough test. After that test was over, we wrote down the results and restored the initial system state by recovering system disk image with the help of Norton Ghost 10.0. Then we installed another anti-spyware program, run a test, etc.

Such method guarantees the same testing environment for all anti-spyware products. In simple phrase, each tested program works in the same system as any other. There is no any difference at all.

In our tests we directed our efforts and attention on anti-spyware software's on-demand scan and removal capabilities. We didn't test real-time protection too much. We understand that this can be considered as a major drawback, but, as it was said above, we gave the user an unprotected system, and most users do not care about protection until their systems don’t get infected. It should be noted that we did run thorough real-time protection tests. However, we admit that some of them might not be too accurate, as we installed anti-spyware software to the already infected machine, and most real-time monitors are much more effective in detecting malware installation attempts, not running parasites and viral threats using advanced cloaking techniques.


Detailed steps


Now we need to explain how we performed our tests. Here is the test algorithm in details:

1. Install an anti-spyware program.
2. Connect the infected computer to the Internet.
3. Use native program functions to update its components and parasite definitions database.
4. Set the program to maximum protection level (reconfigure real-time and scan options).
5. Turn on real-time monitoring (if available) and work on the computer for some time (up to an hour or two). Log all real-time monitor’s activity. Allow an anti-spyware program to remove threats identified.
6. Perform the most thorough full system scan. Use a spyware remover to eliminate all parasites found. Log all missed threats.
7. Repeat full system scan. Use a spyware remover to eliminate all discovered pests. Log all missed threats.
8. Restart the test system in Safe Mode. Repeat full system scan. Log all missed threats.
9. Restart the system in normal mode. Run full system scan once again.
10. Make a list of parasites that an anti-spyware program missed or did not remove.


Test environment


Computer details

CPU- AMD Duron, 1800 MHz
motherboard – DFI AD70-SC
motherboard chipset -
RAM – 2 x 256 MB PC3200 DDR SDRAM (PQI and Apacer)
hard drives – ExcelStor Technology J880 (80 GB) and Samsung SP1654N (180 GB)
video adapter – NVIDIA GeForce2 MX 400 (64 MB)
audio adapter – Creative Audigy LS
network adapter – Realtek RTL8139 Family PCI Fast Ethernet NIC
optical drive – Aopen CD-RW CRW5224
power supply unit – Q-TEC PSU ATX 350WS (350 W)

System details

operating system – Microsoft Windows XP Professional
operating system version – 5.1.2600 Service Pack 2 Build 2600
language – English (United States)

web browser – Microsoft Internet Explorer
web browser version – 6.0.2900.2180
web browser build – 62900.2180

system disk – C: (capacity 10.7 GB; used space – approximately 6 GB)
Windows directory – C:\WINDOWS
system diectory - C:\WINDOWS\System32
disk D: (capacity 38.0 GB; used space – 1.59 GB)
disk E: (capacity 33.1 GB; used space – 14.1 GB)
disk F: (capacity 32.7 GB; used space – 6.74 GB)
disk G: (capacity 40.0 GB; used space – 9.16 GB)
disk H: (capacity 70.9 GB; used space – 33.9 GB)
total used space – 71.49 GB

Visibe running processes (simplified Sysinternals Process Explorer v10.2 output)
csrss.exe
winlogon.exe
services.exe
svchost.exe
svchost.exe
svchost.exe
wscntfy.exe
svchost.exe
svchost.exe
spoolsv.exe
alg.exe
lsass.exe
rundll32.exe
explorer.exe
procexp.exe
IEXPLORE.exe
nwnmdd_6.exe
rundll32.exe
dfndrdd_6.exe
kybrddd_6.exe


Complete list of parasites


The complete list of parasites and their essential files is provided below. We did not include any registry keys, configuration, database, text or any other files except for executable (EXE), library (DLL, DLL_) and specific (SYS, OCX) ones, as they are useless and harmless without main parasite components (provided).

It should also be noted that some parasite names might be unknown to you or incorrect. This is because all antivirus and anti-spyware companies have their own malware naming policies, which often are incompatible with each other. Furthermore, some files shown to be associated with a particular parasite may actually belong to different threats. This is because modern parasites are able to connect to the Internet and download other pests or update itself without notifying the user. As a result, a lot of different risks share the same files, directories, registry entries, etc.

AproposMedia, adware
C:\WINDOWS\System32\atmtd.dll
C:\WINDOWS\System32\atmtd.dll_

Brave Sentry, malware
C:\WINDOWS\xpupdate.exe
C:\WINDOWS\System32\kernels8.exe

cmdService, adware
C:\MTE3NDI6ODoxNg.exe
C:\WINDOWS\MTE3NDI6ODoxNg.exe

Defender, trojan/adware
C:\defender25.exe
C:\defender26.exe
C:\dfndrdd_6.exe

Fivesec, a trojan
C:\WINDOWS\comdlj32.dll
C:\WINDOWS\System32\spoolsvv.exe

Internet Optimizier, a browser hijacker
C:\WINDOWS\optimize.exe
C:\WINDOWS\nem220.dll
C:\Program Files\Internet Optimizer
C:\Program Files\Internet Optimizer\optimize.exe

Jupillites, a trojan
C:\WINDOWS\System32\TheMatrixHasYou.exe

Look2Me, spyware/adware
C:\warebundle.exe
C:\warebundle2.exe
C:\warebundlenewer.exe
C:\WINDOWS\warebundle.exe
C:\WINDOWS\System32\ardd.exe
C:\WINDOWS\System32\de8vb.dll
C:\WINDOWS\System32\dfnwsock.dll
C:\WINDOWS\System32\dnl6013se.dll
C:\WINDOWS\System32\dvutil.dll
C:\WINDOWS\System32\dxvacm.dll
C:\WINDOWS\System32\en2ql1f51.dll
C:\WINDOWS\System32\e2020cdoef0c0.dll
C:\WINDOWS\System32\hKl.dll
C:\WINDOWS\System32\maoa.dll
C:\WINDOWS\System32\mv0sl9d71.dll
C:\WINDOWS\System32\soarddlg.dll

LowZones, a trojan
C:\WINDOWS\thiselt.exe

Maxd, a dialer
C:\WINDOWS\System32\maxd641.exe

Maxifiles, a browser hijacker
C:\Program Files\Toolbar888
C:\Program Files\Toolbar888\mytoolbar.dll
C:\Program Files\Windows
C:\Program Files\Windows\winupdate.exe

MediaMotor, adware
C:\WINDOWS\em.ocx
C:\WINDOWS\pop06ap2.exe

Network Monitor, a trojan
C:\Program Files\Network Monitor
C:\Program Files\Network Monitor\netmon.exe

Nibu (Dumaru), a backdoor
C:\WINDOWS\dvdpd.dll

Qoologic, a trojan
C:\WINDOWS\System32\jwwpm.exe
C:\WINDOWS\System32\tseswkh.exe
C:\WINDOWS\System32\dmonwv.dll
C:\WINDOWS\System32\yufldnr.dll

Sality, a worm
C:\WINDOWS\System32\wdmfmc32.dll

SaveNow, adware
C:\Program Files\Save
C:\Program Files\Save\acm.dll
C:\Program Files\Save\save.dll

Spy Falcon, corrupt anti-spyware
C:\Program Files\SpyFalcon
C:\Program Files\SpyFalcon\spyfalcon.exe

Spyware Soft Stop, corrupt anti-spyware
C:\keydsp.exe
C:\WINDOWS\wbc32.exe
C:\WINDOWS\System32\gadf32.exe

Surf SideKick, adware
C:\WINDOWS\System32\repairs303169563.dll
C:\Program Files\SurfSideKick 3
C:\Program Files\SurfSideKick 3\ssk.exe
C:\Program Files\SurfSideKick 3\sskbho.dll
C:\Program Files\SurfSideKick 3\sskcore.dll
C:\Documents and Settings\[Current User]\Application Data\sskknwrd.dll
C:\Documents and Settings\[Current User]\Application Data\sskuknwrd.dll

Various backdoors
C:\WINDOWS\System32\gdhkbepc.exe
C:\WINDOWS\System32\klogini.dll
C:\WINDOWS\System32\mmepiidf.dll
C:\WINDOWS\System32\qz.dll
C:\WINDOWS\System32\winm32.dll
C:\WINDOWS\System32\qy.sys
C:\WINDOWS\System32\winm32.sys
C:\WINDOWS\System32\winm64.sys

Various downloaders, trojans
C:\defender23a.exe
C:\drsmartload.exe
C:\drsmartload1.exe
C:\drsmartload45a.exe
C:\drsmartload45a7.exe
C:\drsmartload46a.exe
C:\drsmartload46a7.exe
C:\drsmartload849a.exe
C:\drsmartload849a7.exe
C:\keyboard25.exe
C:\kybrddd_6.exe
C:\newname25.exe
C:\nwnmdd_6.exe
C:\WINDOWS\comdlg66.dll
C:\WINDOWS\System32\clcbt.exe
C:\WINDOWS\System32\ipod.raw.exe
C:\WINDOWS\System32\qvxgamet2.exe
C:\WINDOWS\System32\vxgame1.exe
C:\WINDOWS\System32\idhvhri.dll
C:\WINDOWS\System32\senssrv.dll

Other infections detected and successfully removed by all tested anti-spyware programs:
Spyware Sheriff, corrupt anti-spyware
Titan Shield, corrupt anti-spyware
WinAntiVirus, corrupt antivirus program


Encyclopedia of parasites:
Family Cyber Alert  30/09/07
WinAntiVirus Pro 2006  30/09/07
AntiVirGear  29/09/07
Aureate.Radiate.A  28/09/07
Floopy  28/09/07
SmartFixer  28/09/07
Delf Worm  27/09/07
Ultimate Cleaner  27/09/07
Awola  25/09/07
SystemDefender  24/09/07

Library of files: