Unprotected items

[Niall]

To be lazy, I'll copy my post from the Wilders forum

Hello! I have a rather odd problem. Well, I assume it's a problem but I thought I'd best check.

SpywareBlaster constantly tells me I have 230 items unprotected under Firefox. I can enable all protection and it protects them all again. That is until I close the program, because on restarting it the same thing happens.

I've had a google about and found a couple of threads with the same thing, and one result is identical to my issue but with Internet Explorer. The strange thing is that that the post I found was 2 years old!

I have never had this problem before using XP or Vista, but it seems to have only started under Windows7. I'm using the same version of SpywareBlaster as I was under Vista (the latest) but now have this issue. I assumed it was something to do with conflicts in the UAC so I've turned that off, plus that caused some problems when installing security programs anyway, so I had to reinstall after turning that off. For some reason the updater for Spybot was being blocked by UAC even set as safe.

Additionally (I mention this as it could be related) Spybot seems to occasionally tell me that over 43000 items are not protected. I have no idea why, and I have no viruses/malware, etc on my system as it's been checked thoroughly. I can only assume that there is a conflict of some sort between either Spybot and SpywareBlaster or the protection inherent with Windows 7.

Does anyone have any suggestions? I've tried uninstalling programs, cleaning all files & registry entries then reinstalling, but the problem persists.

Thanks in advance!

[DorsetBoy]

Both of the programs mentioned are well over the hill, I would not run or trust either of them.

[Steve]

Any suggested replacements Dorset as I've no idea about this type of software anymore.

[Niall]

Both of the programs mentioned are well over the hill, I would not run or trust either of them.

Why? They both work, and block items. There are other programs out there, like superantispyware, but I use that too, so no harm no foul.

Anyway, someone just posted a fix on the Wilders forum anyway, so it's all good

[DorsetBoy]

Both of the programs mentioned are well over the hill, I would not run or trust either of them.

Depends on which Win OS I guess. If your machine supports  DEP use it for all apps and be sure to use SEHOP ( http://support.microsoft.com/kb/956607 )

Windows Defender has realtime defense and works quietly with your OS and is a good tool.

I have MalwareBytes as an on demand scanner main defense is Avast 5 free edition and Immunet.  I was using the Win7 firewall with the free advanced interface but found several serious flaws with the additional app, at present I am trialling the new free Private Firewall from Privacyware  >> http://www.privacyware.com/personal_firewall.html << the interface looks a bit naff but it certainly works well and has some excellent extra info on ports and connections.

[DorsetBoy]

Why? They both work, and block items. There are other programs out there, like superantispyware, but I use that too, so no harm no foul.

Anyway, someone just posted a fix on the Wilders forum anyway, so it's all good

Way too many problems with SpyBot in Win7 and it does not protect well anymore, indeed too much resident protection can allow malware in, I have seen an AV app and SpyBot try to stop malware at the same time,this resulted in neither app actually grabbing the whole infiltration thus allowing a trojan to execute on the machine . Having large stop/block lists causes lag on your connetion and areas of the registry locked down can be a big problem for other applications.To avoid the domains listed in the SpyBot hosts list just use common sense, they are all nefarious sites ,porn/illegal torrents etc.

Neither of the programs you listed stopped machimes I have cleaned out being infected in any way.

[Steve]

Thanks Dorset

[Niall]

Well I wouldn't just stop using a product that has worked well for years, that successfully blocks 10s of thousands of problems, for the sake of one item getting through. As I mentioned I also use Super antispyware, and also as you say, common sense is the major factor with this sort of thing. The only things I've had issues with recently are sites that have had their adverts or forums hacked to embed trojans, which NOD32 caught, and Avast 5 free edition also seems to catch.

I also monitor what appears in my Temp folders too to be on the safe side.

[DorsetBoy]

Well I wouldn't just stop using a product that has worked well for years, that successfully blocks 10s of thousands of problems, for the sake of one item getting through. As I mentioned I also use Super antispyware, and also as you say, common sense is the major factor with this sort of thing. The only things I've had issues with recently are sites that have had their adverts or forums hacked to embed trojans, which NOD32 caught, and Avast 5 free edition also seems to catch.

I also monitor what appears in my Temp folders too to be on the safe side.

Do as you wish Niall, but you did ask for input.

1) SpyBot S+D is not recommended for Win7, they say it will work with Admin rights but it doesn't work well., even Cnet have stopped rating it as a recommend as it has so many issues.

2) These 2 applications were developed for the old Windows architecture, Win7 is very different and these apps are neither good in Win7 or needed.

3) Windows Defender is written for and integrated into the OS and will do a better job than either SpyBot and Spyware Blaster, why use more apps that add more edits to your registry and run the risk of them causing your system problems?

4) If you make use of the Windows  SEHOP, DEP,UAC and surf with a limited user account there is no need for these other apps at all.

[pctech]

Please correct me if I'm wrong Dorset but I think you were making the point that they are no longer actively updated?

[Baz]

ive never had any problems with the same programs that Niall uses.its personal choice in the end isnt it

I have noticed one thing about Defender that is on my wifes laptop,it was set as default to check for updates every day.I know you will say its configurable but I dont like that it is set as so from the beginning.

[DorsetBoy]

Please correct me if I'm wrong Dorset but I think you were making the point that they are no longer actively updated?

No, just that they are not needed in Win7 and they were both applications that were developed for an old architecture, they do not belong with a new OS.

You can have too many applications trying to do the same thing. Win7 has inbuilt protection which works exceptionally well, if you utilise the available settings and have a decent AV (Niall has Avast 5 Free whichis excellent) you do not need or want other anti-malware apps running at trhe same time or to have long hosts block lists or registry changes.


As an example, a couple of years back I had SuperAntiSpware Pro and Eset Nod 32 running, arrived at a site where a drive by download had been hidden, this was a "bomb" where several trojan/virus/malware apps are combined, result? Both Eset and SAS pounced on it...... the problem comes when neither can then correctly clean/repair/quarantine as they have both caught parts of the download. Neither are then effective and you are left with some of the elements executed in your system.

Think of an application like say Adobe ..... if part of the uninstaller file is corrupt or missing and some files are gone, how do you cleanly uninstall?

So, why use a new OS which has security features and also add outmoded software that has known issues and will only serve to slow your system down?

Take a look at Pual Thurott's Super site  WHAT I USE  and scroll down to SECURITY, he also talks about MSE in 2 write ups on the main site.

[DorsetBoy]

ive never had any problems with the same programs that Niall uses.its personal choice in the end isnt it

I have noticed one thing about Defender that is on my wifes laptop,it was set as default to check for updates every day.I know you will say its configurable but I dont like that it is set as so from the beginning.

Why not update everyday Baz? What is the use of an application with out of date signatures? I bet your AV apps are set to auto update.


This really amuses me, we still see people on the net moaning about  UAC popups in Windows, YET the same people buy a security suite and moan if there is not enough information ( pop ups) .......  Microsoft can't win, they provide a system that is designed to stop risky behaviour and it's wrong? You get a free secuirty system that obviously requires updates and people complain about the settings, thing is many folk don't change any of the Defender settings Baz so if it was set to no update it would be useless.

Avast (like Eset Nod 32) updates a dozen times a day ................. I would not be using a security system that did not do this.

What is the first thing any new AV product does on install? UPDATE.

If you want real protection use a Linux distro for surfing the net , no malware to be found then.

[Simon]

As I've said before, I use the F-Secure Internet Security suite, and have nothing, other than Windows Defender, running in the background, and I'm not even sure I need that.  When I installed FSIS, it insisted on automatically removing all other real time security apps, to avoid conflicts.  At the time, I moaned at being told what to do, but as I haven't had any spyware, malware or viruses for 4 years ( ), I now believe it was the right thing to do. 

I also agree with Dorset's comments that a security app which isn't updated regularly, isn't worth having.  F-Secure updates two or three times a day, and I don't even notice it.  WD updates daily, and also, invisibly, so there's no reason not to allow them to do so, in my opinion.

[Niall]

I've had a look around and I can't find a single problem posted relating to Spybot and Windows 7. Other than the issues I had, people seem more than happy to use and recommend it, as has always been the case  However, I'm not using it just because I always have, I'm using it because as far as I am aware, along with other reviewers, it does what it's supposed to. The same is to be said for SpywareBlaster. I have read that SpywareBlaster isn't as effective as it used to be, but again that's just from one or two people posting on forums, with nothing to back up what they're saying.

I'm willing to believe these programs are not as good as they once were, as the best utility for security constantly changes, but if people just say that this is the case without evidence to back it up, it's just scaremongering.

Also, which program did malware bytes conflict with? I was going to install it before, but I've got a vague memory of someone mentioning on these forums that it clashes with one or two anti virus programs.

[Baz]

I just dont see the point in a daily update or a check as Ive noticed that some times,even when its not daily,I get the message that no updates are available.My system or the other laptops in my house are not on every day so next boot up time it has to catch up with all these daily updates,slowing every thing  down.So thats why I change it to how I want.

Why not update everyday Baz? What is the use of an application with out of date signatures? I bet your AV apps are set to auto update.

no use at all you're right.I didnt say I dont update and no my AV,NOD 32, is not set for auto update all the time,its set for once a week then I do a manual one a few days later,in case I miss the auto one or for some reason it failed to do, then I know its been done.Even then some times no definitions are available

Thing is many folk don't change any of the Defender settings Baz so if it was set to no update it would be useless.

correct again and for these people its perfect for them and I bet they dont even know its updating.

Avast (like Eset Nod 32) updates a dozen times a day ..

my NOD never updated that much per day,it would annoy me.

What is the first thing any new AV product does on install? UPDATE.

yes for very good reasons, software released beginning of year,bought by someone in July 7 months out of date so yes its going to need an update.

[Niall]

NOD and Avast don't update that many times. I've used both and they update once or twice a day, depending on how long you have your PC on. I think that as a rule, it may be twice a day. The reason I think this is that when I was off work earlier this year, and a couple of weeks ago, along with yesterday and today, Avast has updated twice a day more often than not.

Oh, and I'm still looking around for problems with the programs I mentioned earlier, and I still can't find a reason not to use them.

[pctech]

The problem is that if the engines and definitions aren't updated Niall they become obsolete.

A colleague recently reformatted their laptop with their manufacturers disk which had XP SP1 on it and then decided to connect it to the Internet.

Within seconds it was hit by Blaster so I reformatted it for them, downloaded SP2 and the other updates and applied them offline and then connected it.

AV or anti malware is only any good when it knows what its looking for and how to combat it,

[DorsetBoy]

NOD and Avast don't update that many times. I've used both and they update once or twice a day, depending on how long you have your PC on. I think that as a rule, it may be twice a day. The reason I think this is that when I was off work earlier this year, and a couple of weeks ago, along with yesterday and today, Avast has updated twice a day more often than not.

Oh, and I'm still looking around for problems with the programs I mentioned earlier, and I still can't find a reason not to use them.

I gave you CNet, there are others, I cannot be bothered with this anymore.

http://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html


Spybot - Search & Destroy has been in the antispyware game for a long time offering features we've come to expect in the best apps in the category, but bugs and false positives make it difficult to recommend.................

.............Unfortunately, the program has the tendency to lock up at times and even during the install process for this review, we encountered several errors. The ambitious feature list and functionality make Spybot a good choice for those in search of a second antispyware program, and recent updates have made it run faster. It still makes errors in flagging spyware that isn't, and overall there are others in the category that do a better job.

Avast ( and Eset ) have the ability to check for updates every hour, this afternoon alone Avast has updated 3 times while I have been using the system, there were also updates this AM.

[Steve]

Not a Windows user but as I understand the situation the Windows OS has evolved from XP through Vista to Windows 7 with changes in structure and inbuilt protection in the OS to provide additional security. What was appropriate and indeed worked well on XP and possibly Vista may not offer any benefits on Windows 7 and indeed may potentially cause harm. Whatever you use ,needs to be kept up to date and if your not up to date theoretically you are at risk . Being a few days out of date means the threat your missing in your AV/Malware database is potentially the one that's currently causing the problems.

[DorsetBoy]

The problem is that if the engines and definitions aren't updated Niall they become obsolete.

A colleague recently reformatted their laptop with their manufacturers disk which had XP SP1 on it and then decided to connect it to the Internet.

Within seconds it was hit by Blaster so I reformatted it for them, downloaded SP2 and the other updates and applied them offline and then connected it.

AV or anti malware is only any good when it knows what its looking for and how to combat it,

Exactly and updating once a week is crass stupidity, you may as well go without an AV altogether.

The latest combination malware that Niall is worried about ,hidden on sites, turns off the ability of your malware apps to update , many also prevent you from entering safe mode so essentially you yourself allowed the event by not having up to date protection and are left unable to clean your system. Downloading any other malware solution will also be blocked or fail to run.

Keeping them out is what counts.

[Niall]

The problem is that if the engines and definitions aren't updated Niall they become obsolete.

A colleague recently reformatted their laptop with their manufacturers disk which had XP SP1 on it and then decided to connect it to the Internet.

Within seconds it was hit by Blaster so I reformatted it for them, downloaded SP2 and the other updates and applied them offline and then connected it.

AV or anti malware is only any good when it knows what its looking for and how to combat it,

Yes I know, I agreed with that statement before as it's obvious this happens. I've used many programs in the last 10 years that have once been great, but as operating systems progress, the engine of the program itself couldn't keep up with what was needed. A lot of programs are redesigned with new engines and are re-released and do a decent job, but a lot fall by the wayside as new and better programs come along.

I gave you CNet, there are others, I cannot be bothered with this anymore.

You can't be bothered to answer one question? How is that helpful? I'm genuinely asking you what the problems are (with Spybot and Spyware Blaster) as I can't find anything and you seem to be making statements that they are not worth using It's not too much to ask for reasons why is it?

[pctech]

So why do you disagree with the statement about the software you are using being over the hill?

[Niall]

Eh? I don't. I said that I'm willing to accept it may be, and again in my last post, but would like proof of the programs I use not being effective.

As I'm sitting here watching football on TV, I'm just spending the afternoon looking for anything at all that backs up these claims that it is not worth using anymore, and so far have found nothing at all that is recent. The last issues I can find are back in 2008 when adaware came on the scene as a decent tool, which it now isn't, and I used to use that, so that underlines my point that I change programs when needed (even though, apparently saying it flat out in previous posts isn't clear enough!).

What I have found is that people are still using Spybot, SpywareBlaster, Malware bytes, MSE, Avast 5, NOD32 and a couple of others, depending on operating systems. In every instance I've found, people are doing what I do, which is use 3 programs to cover their bases.


Security is a serious issue for me, mainly because I've got another PC on my network that my mother uses, so I need to know what DEFINITELY works and what DOES NOT. I haven't had a single issue with the programs I run, and as I can't find any issues with them on their own forums or otherwise, I fail to see why I should stop using them.

Again, all I'm asking for is proof of this so I can change the program if needed.

[pctech]

Errr does the fact it was last mentioned in 2008 not ring alarm bells at all?

When a product becomes irrelevant it is no longer mentioned, a bit like someone mentioning a dial-up modem that was best in a test back in 1999.

[Technical Ben]

AFAIK Spybot HAD been discontinued. 

[Simon]

I thought one of the issues with Spyware Blaster was that it didn't update very frequently.  It may have changed, but when I used it a few years back, it used to go for weeks, sometimes months, without an update.  I believe it only worked with Internet Explorer then, too.  When was the last time your version updated, Niall?

[Steve]

According to the website the database was updated yesterday and it seems to support FF as well.

[Baz]

Spyware Blaster can be configured to auto update if you want


from their site:

All you have to do is remember to update SpywareBlaster once a week, and enable the latest protection. Or, get SpywareBlaster AutoUpdate.


so even they dont say every day

[DorsetBoy]

Spyware Blaster can be configured to auto update if you want


from their site:

All you have to do is remember to update SpywareBlaster once a week, and enable the latest protection. Or, get SpywareBlaster AutoUpdate.


so even they dont say every day

SpywareBlaster has evolved, it used to only update once or twice a year because there were no definitions , it was a blocking tool for known/likely behaviour.

It has had extra tools added but is nothing like a malware scanning application.

Any application that uses definitions MUST be updated at least daily, preferably several times a day otherwise it is useless. The malware writers are releasing new and updated attacks every single hour of the day, if your definitions are not up to scratch your defence won't work.

So you understand, the latest combined attacks turn off Windows update, prevent access to online scanners,prevent you updating your installed applications, turn off system restore and block access to Safe Mode.

You need to have an up to date AV system to block and prevent execution of malware, once on your system much that is out there will mean you need to reformat.

Take a look at the last week at Eset to see how many new threats have been found and this is just one company. :

http://ww.eset.co.uk/ThreatCenter/ThreatSenseUpdates

[Steve]

The proliferation on those lists looks pretty frightening, unfortunately my son got caught out with one of those nasties a couple of months ago . I got rid of it in the end but I think format c: may have been quicker.

[DorsetBoy]

Look at the monitor and history at Avast ( and this does not include this weekend which has seen an unusual amount of updates.)


http://www.avast.com/en-gb/virus-update-history

http://www.avast.com/en-gb/virus-monitor

[pctech]

The SANS Internet Storm Center is also useful to keep an eye on http://isc.sans.org

[Baz]

Im sure that if I dont turn on my system for a day,the next time I do and do a check for updates it will find what it needs.

I dont have the time or urge that I feel I MUST update my definitions  every day.

Thanks any way Dorset. I understand what you mean

[DorsetBoy]

Well, my day has been mainly taken up trying to fix 2 PC's for the guy in the local shop, he has too many to deal with and his asistant is off sick.

I have here a Dell and an Acer which are infested with malware.

The Acer is running Vista HP,has AVG free, Online Armor and SpyBot S+D  this is what we have so far ....... ( apart from the tracking cookies ).

Backdoor.Win32.Bredolab.eua

Worm.Win32.BlackControl.g

Trojan-Downloader.JS.Gumblar.x

Win32/TrojanDownloader.FakeAlert.BCY

The Dell  is XP Pro running Kaspersky9 , Webroot firewall, Webroot malware and again SpyBot is installed but Resident Protection appears to be off.

This one shuts down if you try to restore or use SafeMode, Linux Live CD will be the next tool but I would not trust any file left on either machine with this level of infection.

[zappaDPJ]

This one shuts down if you try to restore or use SafeMode, Linux Live CD will be the next tool but I would not trust any file left on either machine with this level of infection.

I had a couple of those to deal with recently but they were so riddled with Malware, it took something like 30 minutes for them to boot up before they were able to shut down 

I did manage to clear them out eventually, the biggest problem being that something had shut down a lot of Microsoft background services which proved almost impossible to start up again. I've seen this behaviour a lot recently. I got there eventually, it took days. In both cases the data contained on the hard drive was something both customers insisted was worth far more than the cost of buying a new PC so I charged them accordingly  That said, according to the repair shop I was doing this for, both customers were over the moon at get their data back with no loss and didn't hesitate to pay the bill.

The moral of this story is of course, always charge an hourly rate 

[Niall]

Look at the monitor and history at Avast ( and this does not include this weekend which has seen an unusual amount of updates.)


http://www.avast.com/en-gb/virus-update-history

http://www.avast.com/en-gb/virus-monitor

That's odd, I'm sure mine updated yesterday, and it did this morning too. Maybe the updates are done quicker than the recording of the updates
{edit} yep, it updated definitions at 10:15. Strange that list doesn't show anything. Maybe they update that on a working day

[Niall]

Errr does the fact it was last mentioned in 2008 not ring alarm bells at all?

When a product becomes irrelevant it is no longer mentioned, a bit like someone mentioning a dial-up modem that was best in a test back in 1999.

No. It was related to an out of date version of the program with out of date definitions. My point in mentioning that was purely because it was the only thing I found.

[Rik]

Hey, I own that modem!

[pctech]

I've still got a US Robotics 56K V92 serial modem round here somewhere for emergencies.

[Rik]

 

I probably have too. I can't bear to throw stuff away, 'just in case'.

[pctech]

I've had to use it a couple of times to do my banking when BT have been causing havoc and the ADSL has gone down.

[Rik]

Good old backup dial-up.

[pctech]

Yes but isn't it frustrating after using DSL

[Rik]

Better than nothing, but only just.