INQ Guide to Free Anti-Spyware

3 Nov 2007 | 16:12 GMT

By Liam Proven

SPYWARE IS NASTY. As insidious as a virus, it sneaks onto your PC, slows it to a crawl then sits in the background watching what you do and ensuring that you get even more spam - as well as other dubious pleasures such as pop-up adverts.

Most gets unknowingly installed in the guise of something useful. For instance, you get a free program which includes adware. Often, they do tell you, but it's buried deep in the licence agreement that nobody reads anyway, for instance. Before installing a freebie, look it up on Google. See if anyone's reported problems. Sites like download.com or Tucows often have user reviews - badly written and unreliable, but they'll give you a hint. Another common vector is browser toolbars for Internet Explorer. These are usually more trouble than they're worth; avoid them. In fact, avoid Internet Explorer, but that's another story. Some "freeware" apps are ad-sponsored. It's seldom worth it - look around and you'll usually find something just as good that's genuinely free.

In the same category but more directly evil are Trojans, which pretend to be legitimate programs with the aim of stealing passwords or other confidential information.

A thoroughly infested PC will slow to a crawl and there's little you can do. Some adware does have an uninstaller, if you can find it - often they're additional add-ons. Chances are it won't work anyway. Most of the really nasty stuff simply conceals itself out of sight. About the best option is, as ever, to backup, nuke, reinstall and reload. But prevention is better than cure.

The official way
Allegedly, it's even affected His Billness himself, which is possibly why he bought antispyware company Giant at the end of 2004. Giant Antispyware is now " Windows Defender and forms part of Vista, but if you're on XP, it should be your first port of call.

It may not be the most powerful, but it's non-intrusive and it spots many of the nasties. Most of the third-party offerings warn you about non-threatening junk like browser cookies and MRU (Most Recently Used) lists, for instance, chiefly because showing lots of suspects makes them look like they're keen and really doing their job. You can safely ignore this stuff - just worry about actual programs that they find. For once, the Microsoft offering has a lead here - it doesn't sweat the small stuff because that would make the mighty Vole look bad, so it only shouts when it's important.

Tip: when you download Defender, use IE. You'll have to pass the wretched "Genuine Authentication" test, and though there's a Firefox plugin for this, why bother? (But, for once, kudos to Microsoft for giving you the option.)

Defender on Windows 2000 - it does work
There's a snag if you're still on Win2K, though. When the good ol' Vole released the final version of Defender, it nobbled the program so that it won't install on 2K. There's no real reason for this - it actually works just fine, the installer just won't run. Even if you're on W2K, Defender is still a good bet - it's small, fast, simple and doesn't nag you. (You can tell Micros~1 bought it in, can't you?) All you need to do is make a one-character change to the installer.

First, you need to install GDI+. Download the archive, unpack it and put the single DLL in your \WINNT\SYSTEM32 directory. Next, download the installer for Defender. You'll also need a tool for opening and modifying MSI (Microsoft Installer) packages. Orca is simple and freely available.

Using Orca, open up the Defender MSI and look for the line that says "Launch Condition". It's checking for a Windows version of greater than 5, which means XP (version 5.1) or later. All you need to do is stick in an equals sign (version >= 5) so that Windows 2000 (version 5.0) passes the test too:

VersionNT >= 500

Save and exit. Now install your modified Defender, let it update itself and you're done. Honestly, it won't hurt a bit.

And the best of the rest
Spyware programs tend to be paranoid. Not only do they report every last " recent document" and cookie as a threat to your privacy, but the resident scanners will all too often pop up little warning boxes asking you if it's all right for programs to make Registry changes or to install themselves to run automatically. If you're a privacy freak or are really worried about this stuff, fine, but most of us probably don't want to be molested with prompts all the time. (In this sounds like you, you'd better avoid Vista.)

Incidentally, if you're annoyed by unnecessary programs which automatically run when you boot or log on, Mike Lin's Startup Control Panel is an easy way to disable them. It's not much help against stealthed spyware, but it's an easy way to turn off redundant Quicktime icons and other little resident helpers you don't actually want. It just adds an extra icon to the Control Panel, allowing you to see - and optionally disable - all the half a dozen or so different categories of auto-running programs.

There are two well-known names in free antispyware. One's a one-man effort, given away pro bono publicum, and the other's a freebie taster of a commercial product, complete with nagging.

Tip: Unlike firewalls and anti-virus, it's generally safe to run multiple anti-spyware programs at once. You just get more warnings. You probably ought to be running Defender anyway, but you might want to add another for extra protection.

Spybot Search & Destroy is the work of lone coder Patrick Kolla and he offers it for free - although he does, perfectly reasonably, request a donation if you find it useful. It's pretty good at rooting out many lurking horrors and has a handy "immunise" function that can, at least theoretically, act as a prophylactic. It comes with two optional resident bits, one to watch for suspicious registry changes and one that keeps an eye on Internet Explorer. If you have Defender installed and want a quiet life, you can skip these and save yourself a lot of scary warnings.

AdAware 2007 Free comes from German vendor Lavasoft and is the free version of a commercial product, AdAware Pro. Like Spybot it offers a very thorough scan, though if you run both scans at once, apart from being dog-slow, they can erroneously flag one another as being suspicious. Beware.

If you read our earlier articles in this series (Intro, Firewalls, Antivirus, you should remember the name PC Tools. This Australian company has various free tools and generously you can run them in business environments as well as privately. Its free product in this category is Spyware Doctor, and if you're running the companion firewall and antivirus, they'll nag you if it's not installed alongside. It's a decent enough scanner, but there is a catch - the free version will warn you about infections, but it won't remove them. You need the paid-for version for that. If you're lucky, you might never discover this restriction, but we suggest having Spybot or Adaware on hand as well.

Want a bit more manual control?
If it's too late and you're already infected, HijackThis could help. It's recently changed hands from its original developer, Marijn Bellokom, over to security vendor Trend Micro, but it's still around, still useful and version 2 is in beta. It lets you lift the lid on Windows and both see and manipulate what's going on underneath: all the various Browser Helper Objects and so forth. The snag is that it's an intimidating list and you need to be a Windows guru to spot anything that's out of line, but take a look anyway. It's certainly informative.

Once again, sadly, although there are lots of freebies, few are open source. Spyware just doesn't happen on Unix, mostly because of strict authentication and user accounts that can't install software - and on Linux, an absence of closed-source commercial "freeware". There is an interesting offering from France, though - WinPooch. This can run as a background monitor, alerting you to suspicious activity. It also integrates with ClamWin, giving that FOSS antivirus program the ability to act as a background monitor as well as an on-de mand scanner. Worth a look if you favour open source and don't mind doing a little manual configuration, but there are reports of BSODs due to it, so exercise caution. µ

L'Inqs
Windows Defender
Installing Defender on Windows 2000
Startup Control Panel by Mike Lin.
Spybot S &D
AdAware 2007 Free from Lavasoft.
HijackThis from Trend Micro.
WinPooch.

© 2007 Incisive Media Investments Ltd. 2007