recommended anti-spyware

[Dick Hazeleger]

the >> desktop by dragging and dropping them into a folder. I've
ended up >> removing it.

I have two machines with both running W98 Lite. I have no problems on
either until I install SB. Immediately I am unable to drag and drop
anywhere. Disabling the protection is insufficient. To get back
functionality I have to uninstall SB completely. It doesn't seem
logical to me but then they are computers. ;-)}}}

Hi David,

How "Lite" is your 98 Lite ;D? Also: Did you check for installed
spyware with Spyware Blaster and Ad-Aware (always use those two "in
tandem"!), updated to their latest definitions of course.

Also, check your system with the latest CWShredder. If the problem
persists, then get a copy of HiJackThis, run the scan, save the log
file and paste it to one of the many security related forums... No
matter how "Lite" your OS is, SpywareBlaster should run on it, without
screwing it up!!!

Regards
Dick

 

[Dick Hazeleger]

[email protected]:



Dick, I'm just raising the point as information for the user to
decide whether to install prevx or not. I'm neither for or against it.


That's pretty normal. Even for much beloved proggies like ZA free

Hi Aaron,

Well understood, and I just gave my own opinion about that, and what my
reaction was in that matter. My current firewall has an update feature
(technically a "phoning home"), but it can be turned off. And so do
many other freeware programs, for the sake of keeping the users working
with updated versions, but it should be always (if it wouldn't be
shouting I would write that in caps ;D) at the user's choice to decide
whether (s)he would allow it to check for updates.

Back to PrevX... unless they have changed their policy regarding this,
there was no setting to disable it... in fact it was the payment for
using their program! Now that is a bit different IMO. As far as I
recall the program would collect the data of the "attacks" intercepted
by the program and upload those to the PrevX database...

Residual remainders of program installations in the registry: I know...
But after several cleaning runs one would expect that it would get
lesser and lesser, right?

Regards
Dick

 

[Frank Bohan]

[email protected]:

I've been using Prevx for some time, but I'm not sure what (if any)
information it sends home. The update function always seems to ask for
permission before updating, but there are two exe files which require
internet permission, SAGUI.exe and PXAgent.exe. I do not know what each of
these does. Having said that, I find the program very reassuring, as it
seems to catch any attempt to install, read or write to executable files.

===

Frank Bohan
¶ Stock Exchange Knives were up sharply.

 

[David]

Hi David,

How "Lite" is your 98 Lite ;D? Also: Did you check for installed
spyware with Spyware Blaster and Ad-Aware (always use those two "in
tandem"!), updated to their latest definitions of course.

IE is removed as much as possible. OE is never installed. I use
Mozilla as browser and mail client. I use Adaware and Spybot
regularly. Apart from a trace of Alexa (immediately removed) on my
secondary machine no traces of spyware were detected. I do not run
Real Audio, Flash, chat programs or any other possible sources. DCOM
is disabled totally and ActiveX is excluded. If a site wishes to
download ActiveX I immediately refuse and leave the site. I have not
visited any porno sites for about five years and I have reformatted
and reinstalled the system often since that time. I browse very
selectively, usually to sites with which I am familiar.

I track every program installation with RemoveIt 95 by Vertisoft. This
program remains operation even after several reboots and seems to do
an excellent job. I would like to replace it but nothing I have found
comes within a bull's roar of being as comprehensive.

Also, check your system with the latest CWShredder. If the problem
persists, then get a copy of HiJackThis, run the scan, save the log
file and paste it to one of the many security related forums... No
matter how "Lite" your OS is, SpywareBlaster should run on it, without
screwing it up!!!

I'll try CWShredder. I just ran the system file checker and
reinstalled any that looked suspicious or were earlier versions so
that may help.

Thanks for the assistance.

 

[Dick Hazeleger]

"authorized >> install mode" (I don't know the exact name, since it
has been some time >> ago), which is available from the context menu
of the tray icon you >> don't have to interact THAT much.

I've been using Prevx for some time, but I'm not sure what (if any)
information it sends home. The update function always seems to ask
for permission before updating, but there are two exe files which
require internet permission, SAGUI.exe and PXAgent.exe. I do not
know what each of these does. Having said that, I find the program
very reassuring, as it seems to catch any attempt to install, read or
write to executable files.

===

Frank Bohan
6 Stock Exchange News: Knives were up sharply.

Aaron, Frank... hi to both of you

Aaron, I am not against it either... if the user is willing to have a
security related program "calling home", fine with me... after all (in
contrast to some popular belief at a certain producer of software's
company in Redmont) it still is THEIR computer!!! See next paragraph...

Frank, the data that is supposed to be send is anonymous (except for
the IP it was from...) data concerning attacks which PrevX intercepted;
but since it is encrypted, no one can tell for sure (although I tend to
take their word for it... it would ruin their name in one blow if
someone would find out!). As I wrote in the above: It has been some
time ago since I checked out PrevX, but if remember correctly PXAgent
should be resident all the time, it is your real time otection; SAGUI
should be the interface to it when you open the program through the
agent's context menu.

I think I may have quite a good protection without it by:

a) Turning off ActiveX (and blocking it on the firewall)
b) Running Diamond CS' regprot
c) Running WinPatrol
d) Regularly updating and scanning with A-Squared
e) Ditto with AVG (scan takes place every night)
f) Most important of all: Using common sense when surfing ;D and don't
accept any downloads offered by web sites!

Regards
Dick

 

[Dick Hazeleger]

from >> the >> desktop by dragging and dropping them into a folder.
I've >> ended up >> removing it.
programs >> > running which could SB prevent to run (some spyware is
known to >> > target anti-spyware software).
on >> either until I install SB. Immediately I am unable to drag and
drop >> anywhere. Disabling the protection is insufficient. To get
back >> functionality I have to uninstall SB completely. It doesn't
seem >> logical to me but then they are computers. ;-)}}}
IE is removed as much as possible. OE is never installed. I use
Mozilla as browser and mail client. I use Adaware and Spybot
regularly. Apart from a trace of Alexa (immediately removed) on my
secondary machine no traces of spyware were detected. I do not run
Real Audio, Flash, chat programs or any other possible sources. DCOM
is disabled totally and ActiveX is excluded. If a site wishes to
download ActiveX I immediately refuse and leave the site. I have not
visited any porno sites for about five years and I have reformatted
and reinstalled the system often since that time. I browse very
selectively, usually to sites with which I am familiar.

I track every program installation with RemoveIt 95 by Vertisoft. This
program remains operation even after several reboots and seems to do
an excellent job. I would like to replace it but nothing I have found
comes within a bull's roar of being as comprehensive.

I'll try CWShredder. I just ran the system file checker and
reinstalled any that looked suspicious or were earlier versions so
that may help.

Thanks for the assistance.

You're welcome! Spyware can be quite a chore to remove, IMNSO spyware
should be considered as a cyber crime of the highest severity, and
creators of that junk should be made liable for the damage their
junkware inflicts upon a system.

Hey, why replace a good working program like the installation tracker
you mentioned (Urm... did someone mention Quarterdeck recently ;D);
don't you agree to "If it ain't broken... don't fix it"?

Greetings
Dick

 

[Aaron]

Frank, the data that is supposed to be send is anonymous (except for
the IP it was from...) data concerning attacks which PrevX intercepted;
but since it is encrypted, no one can tell for sure (although I tend to
take their word for it... it would ruin their name in one blow if
someone would find out!).

Dick, Are you sure it's encrypted? Have you used a packet sniffer on it?
I've read on some forums that it's sent in plain text so you can see
exactly what's being sent. I might test this, but I don't have it
installed now.

I think I may have quite a good protection without it by:

a) Turning off ActiveX (and blocking it on the firewall)

There are other vectors of attack other than Activex.

b) Running Diamond CS' regprot

Redudant with c)

c) Running WinPatrol
d) Regularly updating and scanning with A-Squared
e) Ditto with AVG (scan takes place every night)
f) Most important of all: Using common sense when surfing ;D and don't
accept any downloads offered by web sites!

Say Goodbye to all the freeware posted here then

Aaron

 

[David]

David wrote: [...]

Thanks for the assistance.

You're welcome! Spyware can be quite a chore to remove, IMNSO spyware
should be considered as a cyber crime of the highest severity, and
creators of that junk should be made liable for the damage their
junkware inflicts upon a system.

Hey, why replace a good working program like the installation tracker
you mentioned (Urm... did someone mention Quarterdeck recently ;D);
don't you agree to "If it ain't broken... don't fix it"?

Greetings
Dick

True, but it is becoming a little finicky as time passes. It doesn't
like me to have accessed the network before running it for example.
This generally means multiple reboots.

 

[Dick Hazeleger]

Dick, Are you sure it's encrypted? Have you used a packet sniffer on
it? I've read on some forums that it's sent in plain text so you can
see exactly what's being sent. I might test this, but I don't have it
installed now.

I sniffed it back then, and it was garbage to read. But I do also
remember that there was a little stirr-up about that encrypted data
(most of it whether it wouldn't be hiding... perhaps they changed their
tranfer routine from encrypted to plain text? I definitely am not going
to install it to check!

There are other vectors of attack other than Activex.

I know... but I run more programs other than the ones I mentioned, and
I observe my system, and my connection to the Internet

Redudant with c)

Multi-layered meaning anything? BTW: Regprot acts quicker than WP
does...

Say Goodbye to all the freeware posted here then

Ahem... if you are the Aaron I have in mind you know perfectly well
what I mean... no need to explain :-D

Aaron

Have a good week, catch ya later!

Dick

 

[Aaron]

About Prevx

I sniffed it back then, and it was garbage to read. But I do also
remember that there was a little stirr-up about that encrypted data
(most of it whether it wouldn't be hiding... perhaps they changed their
tranfer routine from encrypted to plain text? I definitely am not going
to install it to check!

I'm seen a screenshot of the package. It's clear text.

Multi-layered meaning anything?

So I guess your run 2 AV and 2 firewalls on startup?

BTW: Regprot acts quicker than WP
does...

But it's still a poller, it just polls more frequently.
I personally use MJ registry watcher that is much more customisable than
either

Of course, real security would go beyond polling to hooking for changes.

Ahem... if you are the Aaron I have in mind you know perfectly well
what I mean... no need to explain :-D

Not really. I do believe we have to accept some degree of risk, if we go
around testing freeware.

 

[Dick Hazeleger]

About Prevx

on >> it? I've read on some forums that it's sent in plain text so
you can >> see exactly what's being sent. I might test this, but I
don't have it >> installed now.

I'm seen a screenshot of the package. It's clear text.

OK... I'll accept you word for it

So I guess your run 2 AV and 2 firewalls on startup?

One FW I don't have to start... it's always on: NAT-router :-D

But it's still a poller, it just polls more frequently.
I personally use MJ registry watcher that is much more customisable
than either

On my system (which isn't the fastest one), 0.5 second delay between an
entry attempt in the registry and the message, I hardly would call that
a problem... any links for MJ's program (to check it out, unless it is
OT in the group of course)??

Of course, real security would go beyond polling to hooking for
changes.

Yep... it goes into disconnecting from the Internet; using the Internet
brings risks, but they can be calculated risks!

Not really. I do believe we have to accept some degree of risk, if we
go around testing freeware.

I agree with the "some degree of risk", only about the amount we may
differ in opinion. My system is almost 24/7 on line, and surfing brings
me in places where a lot of garbage is fired at my system, however
(knock on wood ;D) I've never had a virus, trojan installed on it; the
last spyware that this system has seen is over a year-and-a-half ago
(testing stuff). I know the system is not 100% secure, but I do the
best in keeping it as secure as possible by using multiple layers of
defense.

Regards and have a nice week end!

Dick