Helping people with computers... one answer at a time.

There are a few possible reasons why someone would become infected even if they run Anti-Spyware software.

Someone commented on my prior article about:blank hijacked my homepage - how do I fix it?:

After spending about $29.00 a shot for 5 or 6 different spyware removers ... I have decided to wack my hard drive and start over ... it's easier. None of the commercial things work ... and what's more frustrating is ... how did I get this? ... with firewalls, Norton, Spysweeper and other things running ... how do you prevent this from coming back?

It is frustrating. But there are several possible reasons you'd get reinfected.

It's not necessarily a losing battle, but it is a constant one.

Tip #1: Don't spend any money on anti-spyware. It's currently not worth it.

For what it's worth, I've never spent a dime on spyware removers/checkers and actually don't recommend that anyone do so. The free packages seem to be the best right now anyway even if none of them get you 100% coverage.

Tip #2: Run the right tools for the job.

Now, to the list of tools you mention that you're running, you should be aware that firewalls and most anti-virus programs give you no protection against spyware. None. So the fact that you're running with a firewall and are running Norton (Anti-Virus, I assume) is great, but for other reasons.

The only tool you've mentioned that would apply is Spysweeper by Webroot. The good news there is that it has a fairly good reputation.

Tip #3: Keep your tools up to date.

Even the right tool will not work properly if it doesn't have the latest and greatest definition of what spyware is. Spyware, like viruses, is a race. New spyware is being generated every day, and that means all the spyware scanners need to be updated regularly. Usually that's as simple as telling the scanner to update itself. Microsoft's even automates that process.

Tip #4: Use the tool's advanced features.

Spybot Search and Destroy and Microsoft's Anti-Spyware both have a feature called "inoculation" or "immunization". Other tools may have something similar. These features cause the tools to monitor for spyware-like behavior and either prevent it, or at least ask you about it, before it takes place. For example with either, you can prevent your Internet Explorer homepage from being changed by anyone. Hence, homepage hijacking is a thing of the past. Both keep an eye on registry changes as well. Look for these features in whatever anti-spyware program you choose, and turn these features on.

Tip #5: Don't be part of the problem.

All the protection in the world won't help if you engage in risky behavior. Download and install software only from places you trust. One of the largest sources of spyware anywhere are the peer-to-peer file sharing programs like Kazaa. They come loaded with spyware. Check out the reputation of a package before you install it. Don't open email attachments unless you know it's safe and legitimate.

Article C2289 - February 22, 2005 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

10 Comments
Brian
February 22, 2005 11:04 AM

Leo- It seems that if this guy is really getting sick of the Spyware he should consider a Mac. Right? (I understand that you were just answering his question. You do a great job in helping people.)

TronBonne
February 24, 2005 7:52 AM

Leo,

Your advice is very good, but I didn't see any mention of going to http://windowsupdate.microsoft.com and downloading all of the latest security updates for Internet Explorer. To the best of my knowledge, most if not all of these browser hijackers exploit known vulnerabilities in IE that can easily be patched.

I especially like your "risky behavior" tip, but I think you should have mentioned that a primary source of these nasties is "questionable" sites, such as porn, warez (pirated software for those who don't know), hacking, etc. I've visited my fair share of these sites in IE and I didn't catch anything because I had IE updated.

Finally, I think it's fair to mention that the easiest way to avoid catching malware from malicious websites is to use a different, often more secure browser, such as Mozilla Firefox:

http://www.mozilla.org/products/firefox/

I've been using Firefox instead of IE since last summer, and in my experience very few sites don't work properly with it.

Lofty
March 12, 2005 2:54 AM

Statistically today an unprotected PC with a fast (ADSL/T1/cable connection to the Internet will be hit with Malware within 40 seconds, an unorotected PC on Dial-up will be hit within 5 minutes of being on the Internet.
I believe that today you DO need good Security Software, and some are much better than others.
Good Free Security software I recommend:
1. Microsoft Antispyware Beta (ex Giant)24/7 + daily scan
2. Spyware Blaster (Javacool) 24/7
3. Spyware Guard (Javacool) 24/7
4. Spybot S & D (Kolla) weekly scan
5. Spybot S & D TeaTimer = part 4.above(Kolla)24/7 = weekly scan
6. Adaware SE Personal (Lavasoft) weekly scan
7. AVG Free v7 +++Antivirus (Grisoft) 24/7 + daily scan
8. System Security Suite (www.igorshpak.net> weekly scan
9. ZoneAlarm Free Firewall(ZoneAlarm)24/7
10. Internet Sweeper (Emory) 24/7 autosweep
11. Pegasus Email as Email Client(Pegasus.com) (don't use Outlook or Outlook Express)
I have tested most Free security applications and these appear to be a very good combination.
PAID (Registered versions):
If you can afford it, the following are all really good, when used in combination:
1. Norton Antivirus (Symantec) 24/7 + daily scan
2. Trojan Hunter (Mischel) 24/7 + weekly scan
3. a-squared guard/scanner (Emsisoft) 24/7 + weekly scan
4. ZoneAlarmPro - replaces free ZA (Zonelabs) 24/7
5. Spyblocker (Kurland) 24/7
6. Digital Patrol (Protoantivirus) weekly scan
7. Spyware Doctor (PC Tools) 24/7 + daily scan
8. MailwasherPro + First Alert (FireTrust) 24/7
9. Evidence Eliminator (Robin Hood) weekly
10. Anon2004 (Anonymizer) on Internet

Update daily all above (takes around 15 minutes)
You might think that there is a lot running simultaneously, but at leat the PC is as secure as possible.

I have a special interest in Computer Security

Leo
March 12, 2005 8:45 AM

Wow. That seems WAY overkill. IMO: a hardware firewall (router) + a good spyware and a good av program, run *and updated* regularly, + windows update either auromatically or regularly, + some common sense (don't open attachments you aren't 100% certain of) is the best combination.

Randy
April 12, 2005 5:16 PM

In response to Lofty's post: I am an Internet security researcher, and in my opinion Lofty's list is only slight overkill, and Leo's list is slight underkill.

#1) Leo, the short answer is that I would add a two-way, application level software firewall like Zone Alarm to your list. Lofty is right about this: An adequate firewall of some sort is an absolute necessity for any computer connected to the Internet and is the first level of protection. I don't consider a basic NAT router to be an adequate firewall.

As to why, well, that gets a little involved, so I posted it to my blog at: http://internet-insecurity.com/blog/2005/04/12/is-a-router-an-adequate-firewall/

2) Leo, I also think it is wise to have a backup anti-spyware application or two, because none find and clean all of the huge amount of malware that is out there. I will put in a specific recommendation for MS Antispyware or it's cousin, Sunbelt Antispyware as the primary means of protection from spyware. These applications are very good, especially if Real-Time protection is enabled. I would add the immunization features of Spybot and Spyware Blaster, and occasional scans with Spybot. Ad-Aware is also a good antispyware application for use as a backup scanner, but it lacks real-time protection and immunization features.

Lofty is offering a pretty comprehensive solution. He doesn't explain all the reasons why feels all that protection is important, but I thinks he probably has some good reasons.

I would add the following to Lofty's list for certain users: A good, workable encryption system for any documents and information the user would prefer to keep private, like tax and other financial records and confidential letters and such.

Sue
August 24, 2005 3:29 PM

I am using Spyware Nuker. What do you think of that program. I seem to have to run hijack this every day still.

Leo
August 26, 2005 8:10 PM

I don;t know anything about Spyware Nuker. I recommend Microsoft's Anti Spyware: http://ask-leo.com/recommendation_microsoft_antispyware.html

Dustin
December 22, 2005 11:47 AM

I would recommend using Mozilla Firefox as your browser rather than frequently updating IE for browser exploit patches. I admit Firefox isn't bulletproof, but at least the majority of internet attacks that specifically exploit a vulnerability in IE won't affect you. Adjusting your preferences ("trusted sites", disabling cookies, etc.) in Firefox has kept my system clean.

Coupled with Adaware and Spybot weekly updates and scans, the only other precaution you need to follow is Tip #5 - use your head!

David Jefferson
February 6, 2006 11:47 PM

I totally agree with what you're saying. I wish more people felt this way and took the time to express themselves.
Keep up the great work.

David Jefferson
http.www.spywaresoftwarehouse.com

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.