Anti-parasite software can detect and remove many kinds of parasite automatically, scanning the hard disc and system settings for known threats.
Anti-virus programs, however, do not usually target parasites, which technically aren’t viruses. Some of them, particularly those that have a category for ‘expanded threats’ or ‘potentially unwanted programs’ will detect some offenders—especially those installed by security hole exploits—but this isn’t their primary aim and they may be less successful at removal than dedicated tools.
This doesn’t necessarily help, unfortunately. A firewall can prevent incoming attacks and block outgoing connections from unknown applications, but if the parasite is delivered as a bundle with another program, or downloaded by the web browser, there is nothing a firewall can do to stop it getting in. And if it uses the web browser to piggyback its own connections, or even simply disables the firewall software, a firewall would not be able to stop it talking to its controlling servers.
Occasionally. There are a few programs that bundle parasites and refuse to run if they are removed—Radlight might not run without SaveNow, and the various Gator.com applications might not run without Gator. However in the vast majority of cases the culprit software just installs parasites and never looks for them again.
In any case, do you want to carry on running a program that has betrayed you by installing parasites behind your back? There are always alternatives that are really free.
Not necessarily. Anti-parasite software—like anti-virus software—will do its best, but it is often faced with new threats it can’t fully deal with. And once a computer has been compromised by a virus, parasite or other trojan there is no going back: other code, such as a custom ‘rootkit’ may have been installed that may be unknown or undetectable to the security software.
The likelihood of this for the average home user is slim, so virus and parasite removal is usually acceptable and the easiest course of action. But a computer that deals with a business’s critical sensitive data should generally be reinstalled from scratch—preferably through hard disc imaging for convenience—should it be compromised.
Caution: there are now many web pages listing and comparing anti-parasite or ‘spyware remover’ software, but many have proven highly untrustworthy, recommending only the software they are affiliates of (that is, they receive a payment when someone clicks and purchases the software). Often their ‘recommended’ software belongs to the worst of the disreputable software packages.
Affiliate links are not necessarily bad in themselves, but be wary of sites that are not up-front about using them. (For the record: DOXdesk currently does not use affiliate links or any other kind of advertising.) Other warning signs to look out for include:
There is no magic bullet, no one program that is capable of removing all parasites. But the programs listed here have a good record and should, if kept up-to-date, greatly help in cleaning up systems.
Site: www.lavasoft.de/software/adaware
Author: Lavasoft
Licence: free for home use [PDF]
Begun in 2000, Ad-Aware was the first program to target adware and spyware components. Several major versions later it is still one of the most popular and well-known anti-parasite applications.
Site: www.spybot.info
Author: Patrick M Kolla and Team Spybot
Licence: free to use
Spybot was first released in 2002, during a lull in Ad-Aware updates, with wider targeting criteria including diallers (at the time a newly-widespread threat) and program usage trace removal. Spybot remains one of the most popular and well-known anti-parasite applications.
Site: cwshredder.net
Author: Intermute and Merijn Bellekom
Licence: free to use
CWShredder is a specialised removal tool for the CoolWebSearch family of parasites only, created because of the inability of many of the popular anti-parasite tools to deal with some of the many variants around.
Site: www.intermute.com/spysubtract
Vendor: Intermute
Cost*: $30; 1 year; free trial available
SpySubtract performs both quick scans (for parasite files installed in the expected places) and full scans (of all files; slower). Also has a ‘Venus Spy Trap’ option to check all executable files for known parasites before allowed them to be run. (Takes a bit of a speed hit though.)
Site: www.webroot.com/products/spysweeper
Vendor: Webroot
Cost*: $30; 1 year; free trial available
Doesn’t offer a ‘full’ scan over all files, but detection of all installed files/registry entries seems very thorough for its targeted parasites. Includes options to protect browser settings from changes.
Site: www.pestpatrol.com/Products/PestPatrolHE
Vendor: eTrust (CA)
Cost*: $40; 1 year; free trial available
Has a very large database of threats including non-commercial trojans, but (perhaps because of this) can produce false positives a little more often than some of the others. Effective when used with care.
Site: www.microsoft.com/athome/security/spyware/software
Vendor: Microsoft (previously GIANT Company Software)
Cost: to be announced
GIANT AntiSpyware was a relative newcomer, but gained a reputation for being able to deal with some of the newer, trickier to remove parasites. Microsoft have bought GIANT and are currently developing the software for release as an official MS product. Currently a beta-test verion (with some significant bugs) is available.
Site: www.acronis.com/products/privacyexpert
Vendor: Acronis
Cost*: $40; 1 year; free trial available
A larger suite of components including pop-up blocking, file shredding and usage traces removal as well as the anti-parasite features. There is limited control over the anti-parasite part, which removes all suspicious traces found without any user prompting.
Site: www.itcompany.com/remover.htm
Vendor: Infoworks Technology Company
Cost*: €25/$30; free trial available
A commercial release based around the core of Spybot S&D. Networked version available.
Site: www.kephyr.com/spywarescanner
Author: Roger Karlsson
Licence: free to use
Bazooka is a parasite detector: a scanner-only package that links back to an online guide when something is detected; it does not attempt to remove what it finds.
Site: www.merijn.org/downloads.html
Vendor: Merijn Bellekom
Licence: free to use
A general-purpose tool to detect browser hijackers and other programs set to run on startup. Removing entries that look suspicious can be a good way to remove simple parasites that aren’t recognised by dedicated anti-parasite software, if you know what you’re doing. Alternatively it can save a log file which can help security experts diagnose what’s wrong.
Site: www.winpatrol.com
Vendor: BillP Studios
Cost*: $20; one-off; or functional free version
WinPatrol is a system monitor. As well as listing certain kinds of startup entries, it monitors these, along with browser settings, and generates a warning/confirmation window when changes are detected, linking back to an online filename-based information list.
Site: www.javacoolsoftware.com/spywareblaster.html
Vendor: Javacool software
Licence: free for home use
SpywareBlaster disables certain ActiveX control class IDs associated with parasites. This has the effect of hobbling some parasites if they are installed, and preventing many others from loading by ActiveX drive-by-download in Internet Explorer.
Many parasites spread using security issues in Internet Explorer, and primarily affect usage of IE. Other browsers can reduce this risk. Examples: Firefox, Opera, Mozilla Suite, and of course any browser on Mac OS or Linux.
Filtering proxies can stop block web-based attacks by filtering web content for malicious scripting and various other potentially unwanted content. Examples: Proxomitron, Privoxy.
Another simple way to block access to some known-bad sites is by putting them in the Hosts file with a bogus address, so the real server is never contacted. Suppliers of filtering Hosts files (aimed at adverts in general): Mike Burgess, hpguru, Dan Pollock.
IE users can also use a less complete kind of hostname-based filtering by putting suspicious hosts in the Restricted Sites Zone: content can still be downloaded from blocked sites but web pages from them will be run without scripting or ActiveX. Eric Howes’s IE-SPYAD automates the process.
Another breed of malicious software is targeted by anti-trojan software. Much less widespread than parasites, but potentially at least as damaging, remote access trojans give direct control of the computer to a single attacker. Anti-trojan software targets these threats somewhat more comprehensively than plain anti-virus software. Examples: TDS-3, The Cleaner, TrojanHunter, Tauscan.
BrowserSpy shows what information your web browser can leak during browsing. AuditMyPC offers an online port scanner.
