Posted by Team Flexbeta on 29 February 2004 (
Internet Explorer?s homepage was changed to some weak search engine site; ads are popping up every five seconds; my computer takes three times as long to load, a server is tracking every website I visit, and this was all done intentionally to show which of the two top spyware/adware removal applications is more effective at scanning and detecting malicious objects. I tested both Ad-aware and Spybot S&D (short for Search and Destroy) under Windows 2000 Professional running on a virtual pc courtesy of VMWare Workstation. Twenty eight applications known to contain spyware and adware were installed. The components that were installed are listed below with links to information about their involvement with spyware/adware.
? Dashbar ? A toolbar for internet explorer which redirects searches to paid advertisers, owned by Gator (GAIN).
? Kazaa - Kazaa Media Desktop contains banner advertising and the option to install other third party applications in order to remain free to the user.
? Morpheus - StreamCast Networks counts the number of times its file swappers visit high-profile shopping sites.
? Panicware Pop-up Stopper ? A pop-up blocker bundled with adware.
? Aceclub Casino ? Contains software to run ads.
? AceNotes ? Personal information manager bundled with adware.
? Slotch bar ? Hijacks your browser by changing settings.
? XXXtoolbar ? Tracks your online activities through cookies.
? BingoFun - Game which contains adware.
? BonziBuddy - The infamous BonziBuddy tracks your online activities, collects personal information, and is extremely annoying.
? Silver Surfer - Will simulate mouse movement and keystrokes, attaching to MSIE and surfing.
? CashToolbar - CashToolbar consists of an IE toolbar containing links and search features that also spawns advertisements, and a process started with Windows to download updates.
? ClipGenie ? Contains adware.
? Download Accelerator Plus - Changes browser settings other than homepage, without user permission. Displays popup/popunder ads that cannot be closed by clicking a 'close' (X) button in the upper right of the frame.
? EBay Toolbar ? Contains adware.
? ezSearchBar ? Makes changes to browser without users permission.
? Findit Quick BrowserAid ? Displays popup ads.
? Hotbar - It monitors all URLs you visit to add link buttons to its toolbar depending on the site you are visiting.
? OnWebMedia ? Delivers ads to the computer.
? DailyWinner Prize Bar ? Changes homepage and monitors internet activity.
? Xtractor Plus - Displays ads. Causes browser popups. Tracks web usage. Collects personal info.
? SaveNow ? Monitors your online activities.
? Grokster - Installs numerous other products, including Active Delivery, CasinoOnNet, ClipGenie, CommonName, Cydoor, DelFin Media Viewer, DownloadWare, eAcceleration, eUniverse, FavoriteMan, FlashTrack, Gator, IGetNet, IGetNet/ClearSearch, IncrediFind, IPInsight, Look2Me, Lycos.SideSearch, NetworkEssentials, NetworkEssentials/SCBar, PeopleOnPage, RVP, SAHAgent, Search-EXE, SearchEnhancement, TOPicks, VX2/e, VX2/f, and Webhancer.
? FlashGet ? Tracks online activities.
? WebDownloader - Silently downloads designated file from WWW to victim's machine.
? LinkGrabber 99 ? Contains adware.
? ProfitZone - Poorly functioning attempt to hijack your browser will likely just wreak havoc with your desktop.
? ToonComics ? Contains adware.
Many other ActiveX components were installed from malicious sites. In addition, many sites planted cookies which track online activities.
As explained earlier, I installed Windows 2000 on VMWare Workstation, installed the 28 applications and other plug-in, then I created a snapshot of the current virtual pc state (similar to creating a system restore point found in Windows). I then installed Ad Aware, ran an update to have the latest fixes, and scanned the infected virtual computer as many times possible until Ad Aware stated that all infected files were fixed. Afterwards, I ran Spybot S&D to see how many files Ad Aware had failed to detect. After recording all the information, I reverted the virtual drive back to the original state (before I installed Ad Aware) and did the same except this time I installed and scanned with Spybot S&D first and ran Ad Aware second to determine which files Spybot S&D failed to identify.
Ad-AwareA small rundown of what Ad-aware is??Ad Aware is a privacy tool, that scans your memory, registry, hard, removable and optical drives for known data-mining, aggressive advertising, and tracking components.? Ad-aware is the most downloaded privacy application according to Cnet.com with over thirty million downloads.
For the first scan, Ad-aware detected 12 processes, 311 registry keys, 55 registry values, 344 files and 21 folders for a total of 743 malicious objects. Ad-aware was not able to quarantine all of the objects reported because many of them were currently in use. A second scan was necessary; after restarting the computer Ad-Aware detected and quarantined 13 objects. To verify that Ad Aware had finished detecting all objects, I ran a scan a third time, and Ad-aware confirmed zero objects infected. I proceeded in deleting all files that were quarantined so that Spybot S&D would not detect these later on. Checking to see if I noticed any difference on my computer, Ad-aware had restored my IE homepage, and removed many of the toolbars that once crowded Internet Explorer.
To determine if Ad-aware had failed to determine any malicious objects, I scanned the computer with Spybot S&D. After the scan completed, Spybot S&D found 126 problems or malicious objects still present on the computer. The objects consisted of registry keys and values, processes, files and folders. I saved the log file and uploaded here. Now it was time to test Spybot S&D; I used the revert feature in VMWare Workstation to return the virtual computer to its original state, which was before installing or running either Ad-aware or Spybot.
Spybot?Spybot - Search & Destroy can detect and remove a multitude of adware files and modules from your computer?. According to CNet.com, Spybot S&D is the second most downloaded adware removal tool with over twelve million downloads. Spybot?s annotation is a bit different than Ad-aware?s, Spybot S&D refers to infected objects as problems.
Spybot?s first scan detected 410 problems which included registry keys and values, files, folders and processes. Though Spybot S&D doesn?t display the exact details of how many of each components were found (you could look through the log file and find out), right clicking on a file brings up plenty of useful information about the problem/object. Because many running processes were deterring Spybot S&D from deleting them, a restart was necessary in which Spybot S&D started to scan right after Windows loaded and before any other application loaded. The second scan detected 17 problems, which were immediately quarantined. To verify that Spybot S&D had determined that there were no more problems, I ran a third scan in which Spybot S&D confirmed zero problems found. Before beginning the inspection scan with Ad-aware to determine if there were any objects left behind, I browsed around the computer to see if I noticed any changes. Opening Internet Explorer, Spybot S&D failed to restore my homepage, however, many of the ad pop-ups had ceased and the toolbars on Internet Explorer had disappeared. Kazaa also failed to start, meaning that the spyware included in Kazaa had been successfully removed.
The quarantined items had to be deleted in order to ensure that Ad-aware wasn?t going to confuse them with infected objects. Erasing these objects proved to be rather difficult compared to Ad-aware?s method of emptying the quarantined objects. In order to permanently delete the objects that are quarantined, you have to select each file individually; there is no option to select all of the files. Deleting all 410 quarantined problems proved to be extremely frustrating and time consuming.
Ad-aware detected 293 objects still present after the Spybot S&D scan. These objects consisted of 78 registry keys, 13 registry values, 195 files and 7 folders. Examining the log file we are able to determine that many of the files found were cookies. Also, many registry keys and values from the infamous BonziBuddy were still present; many Hotbar objects were found too.
The objects or problems that Spybot S&D failed to detect were more than twice as many as Ad-aware?s. Ad-aware not only proved to be able to find more infected objects, but has superior usability. Ad-aware also has a very active support forum with over 41,000 members and more than 144,000 posts. Spybot S&D also has a support forum, though I wasn?t able to determine how active it was since several attempts to connect to the website failed. However, you are able to contact Spybot S&D support by sending an email. However, sending an email to a specific person for support (even if it?s a team) is not as effective as a forum where thousands of members can leave documented suggestions. Though Ad-aware proved to be a more effective tool for detecting spyware and adware, I believe no tool is more efficient than having the general knowledge to be able to determine which programs are going to infect your computer with malicious files.
http://tinyurl.com/2uw2x
Topic: Spy vs Spy: Ad-aware vs Spybot S&D (Read 1266 times)