Spyware Warrior

eburger68 · Posted: Fri Sep 17, 2004 12:55 am Post subject:

GuardBar:

I've run two rounds of tests now with the latest versions of GuardBar and SpyBouncer.

Let me be perfectly frank: GuardBar is worthless. In two rounds of tests with different spyware installers and different circumstances, GuardBar merrily allowed a total of 31 different spyware applications to be installed on my test PC, including some of the worst out there. It blocked the installation of precisely ZERO. None. Zip. Zilch. Nada.

After testing GuardBar's blocking capabilities and finding them to be non-existent, I tested SpyBouncer 1.24. While SpyBouncer did detect some of the spyware on my PC, it missed a number of critical spyware executables and DLLs, leaving my test PC almost completely overrun with spyware as well as a hijacked web browser.

Let me summarize the GuardBar results first, since those are much easier to summarize. (The write-up of SpyBouncer's performance will have to wait until the weekend when I have more time.)

** Test #1 **

1. Installed GuardBar; no updates available.

2. Installed SpyBouncer 1.24; no updates available.

3. Downloaded and executed grokstersetup.exe from:

http://www.download.com/3000-2166-10237041.html

Note: downloaded through Internet Explorer 6.0 w/ SP1 with GuardBar active.

4. grokstersetup.exe is a stub downloader/installer -- it downloaded and executed a number of other installers.

Note: kept Internet Explorer open with GuardBar active. A number of the stub downloaders used the IE engine to download and install their components.

5. GuardBar stopped aboslutely nothing, allowing every single spyware application to be installed.

6. Installed were:

* 411Ferret
* AdRoar
* Altnet/BDE
* BookedSpace
* BroadCastPC (BTV)
* Claria/Gator/GAIN
* Cydoor
* Drsnsrch.com (browser hijack)
* FlashEnhancer
* ImIServer IEPlugin
* MySearch/MyWay
* Roings
* SearchLocate
* Topfivesearch.com (browser hijack)
* Topsearch (note: not completely installed)
* TV Media
* VX2/ClientMan
* WebRebates/TopMoxie
* WebSearch

** Test # 2 **

After removing the installed spyware with a combination of anti-spyware applications, I decided to try another test. Thinking that perhaps GuardBar was limited to blocking only spyware installed directly through the browser (i.e., ActiveX installations), I decided to test GuardBar against a web site that I know to be an auto-installing spyware nightmare.

1. Navigated to:

http://iowrestling.com/

Note: used Internet Explorer 6.0 w/ SP1 with GuardBar active.

2. After declining a home page change, encountered four different ActiveX warning boxes, requesting acceptance of installation of:

* AAA1Screensavers.com
* FunWeb/SmileyCentral
* GAIN Dashbar/Precision Time
* AT-Games (Addictive Technologies)

Clicked "Yes" to all of them.

3. The initial installers actually installed more applications than the names above might indicate, launching new installers for other applications not listed above.

4. GuardBar stopped neither the initial ActiveX-driven installations or the subsequently launched installers, of which there were many.

5. Installed were:

* AdDestroyer
* BroadCastPC
* Claria/Gator
* Dashbar
* Favoriteman
* FunWeb/SmileyCentral/MyWebSearch
* NetPal
* PrecisionTime
* ShopAtHomeSelect (SahAgent)
* WebRebates/TopMoxie
* TVMedia
* VirtualBouncer

** Summary **

GuardBar's performance was abysmal: of 31 different spyware/adware applications installed in two different tests, GuardBar stopped the installation of none of them, allowing my test PC to be completely overrun with spyware and my browser to be hijacked.

Although my write-up of the SpyBouncer scan results will have to wait until I have more time over the weekend, I can tell you that SpyBouncer's performance was not much better. Although it did detect some spyware related files and Registry keys, it completely failed to detect the browser hijacks and missed numerous spyware executables and DLL modules on my test PC -- spyware which was left to other anti-spyware applications to detect and remove.

All in all GuardBar and SpyBouncer turned in a dismal performance. GuardBar simply cannot be regarded as anti-spyware protection whatsoever. SpyBouncer does detect some forms of spyware, however, its performance was so poor in my two tests with some of the most common and virulent spyware on the Net that users would be much better off using other, more trustworthy anti-spyware applications such as the ones listed here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy

Regards,

Eric L. Howes

TeMerc · Posted: Fri Sep 17, 2004 6:28 am Post subject:

suzi · Posted: Fri Sep 17, 2004 7:45 am Post subject:

It seems that Download.com's review essentially agrees with Eric's conclusions about Guardbar's ability to detect spyware:

http://www.download.com/Guard-Bar/3000-8022-10312618.html?tag=lst-0-18#cnetReview

guardbar · Posted: Fri Sep 17, 2004 7:50 am Post subject:

Hello,
I'm not saying we are flawless, I don't think there are many programs that are 100% flawless. I can tell you we have an excellent team working on Spybouncer to improve the functions and reliablity.
Joe

eburger68 · Posted: Fri Sep 17, 2004 8:29 am Post subject:

Joe/GuardBar:

That's not even the beginning of an adequate response. The question on the table isn't whether GuardBar is "flawless" -- that's a strawman argument. The question on the table is whether it's a worthwhile anti-spyware program, and any program that fails to block 31 of 31 of the most common, prevalent spyware apps on the Net is well nigh worthless.

As for SpyBouncer, the relevant question is: why should anyone pay for your anti-spyware scanner when they can get a more effective anti-spyware scanner for free (Ad-aware Personal, Spybot S&D) or for a roughly comparable price (Ad-aware Plus/Pro, Spy Sweeper, Pest Patrol) that will do a more thorough job of removing spyware?

Eric L. Howes

mikey · Posted: Fri Sep 17, 2004 8:40 am Post subject:

Hey Eric, very impressive review. Top notch.

Most don't have a clue to the amount of work involved. Well, I do and I say; ATTABOY Smile

"That's not even the beginning of an adequate response."

Not sure you left him any room for more than that. Smile

_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-

guardbar · Posted: Fri Sep 17, 2004 9:22 am Post subject:

our customers are reporting that we find 40% more spyware than other companies..do the test.

guardbar · Posted: Fri Sep 17, 2004 9:27 am Post subject:

why use something for free if it doesn't clean your system...bottom line is all of the companies that have free versions are making money selling something, donations, monitor charge, whatever the case may be money is being made up front or on the backend of a product.

TeMerc · Posted: Fri Sep 17, 2004 9:37 am Post subject:

GuardBar said:

wjhonson · Posted: Tue Oct 12, 2004 9:56 pm Post subject: Why SpyBouncer finds more malware

I might be able to answer the point that SpyBouncer finds more malware. I also, like some of you, have a number of anti-Spyware programs running, including SpyBouncer.

After running them and cleaning all the things they found, I run SpyBouncer.... which comes up with 132 new things to clean, mostly in my Registry.

I am running the apparent latest version 1.24

I believe this might be the same problem as the "setting of the kill bit" that was discussed. I didn't pay for SpyBouncer, I'm just not completely unfamiliar with RegEdit so I merrily went along deleting entries. SpyBouncer shows you the complete path of the entry, so if you can use RegEdit you can clean the item yourself.

At any rate, I'm not clear on how to tell if the "kill bit" has been set or not set. If someone could explain that part to me, I could check to see if this is still the case with this version of SpyBouncer.

Thanks
Will

IndianaSpam1 · Posted: Mon Nov 01, 2004 12:58 am Post subject:

guardbar · Posted: Wed Nov 03, 2004 7:15 am Post subject: PostalManager

PostalManager does not buy email list or rent them. We built the software and sell the bandwidth. We have had shopping sites use our service, Government sites and many other companies that use our service as a means of communicating to their customers through email. Their users will Opt-In to receive more information or just to keep informed on new information regarding the company.

PostalManager only offers service to customers practicing permission based email marketing with 100% opt-in list. We do not allow our system to be used for unsolicited commercial email.

You can look up any company that is similar to PostalManager and you will see that they also get spam complaints, it doesn't mean they are spammers. I get spam from Yahoo, AOL, MSN and many other hosting companies but it doesn't mean they are spammers and I can't sue AOL just because someone spammed me using an email address that has AOL in it.

They have an abuse stystem set up so they can terminate accounts that are spamming. You can go to any major ISP and you will a complete section on their spam policy and how they try to keep it at a minimum. We also have an abuse system set up so when a complaint comes in we know what username is assocciated with the mailing and we terminate that account.

All of our users must have an IP Stamp, time stamp assocciated with every email address they have hosted with us.

When a list owner uploads a list we look for addresses that have possibly been harvested from the net or generated using software. When our system detects this, it will automatically shut down their account.

JeanInMontana · Posted: Sat Jan 22, 2005 3:13 pm Post subject:

What has happened to this issue? We have a user on XP Central that has been duped by this program. Is Joe in jail now?
_________________

Hoax~Slayer * hpHosts * T.I.C. * Malwarebytes

suzi · Posted: Sat Jan 22, 2005 11:28 pm Post subject:

JeanInMontana · Posted: Sun Jan 23, 2005 7:59 am Post subject:

I will post a link to this entire thread and point out this last post of yours Suzi. I had warned them previously about rogue programs and this was the second one he installed! Rolling Eyes

We have a section of free, trusted removal programs listed on site.

I am now trying to convince him that he can't pick one and be protected. I gave him a list of 5 for bare bones protection/prevention. If he does anything I find out about I will let you know.
_________________

Hoax~Slayer * hpHosts * T.I.C. * Malwarebytes

Exodus · Posted: Wed Feb 02, 2005 6:26 pm Post subject:

Well I think "guardbar/Joe" here hit the old dusty trail... Chances are he's long gone. After a bit of searching, I've noticed actual, trusted companies classify Guardbar as Malware. Everything about it is suspicious and in any event I never trust toolbars. I find them an annoyance. I'd also like to congratulate Eric on his flawless tests. I think Guardbar is just another worthless scam.
_________________
http://www.ytmnd.com/

quietman7 · Posted: Thu Feb 03, 2005 5:31 am Post subject:

I am skeptical of toolbars myself but there are two that have been in use for a few months which protects you from online fraud scams (phishing) and allow you to see where different websites are located geographically.

1. SpoofStick1.02 for Internet Explorer 8/18/04
http://www.corestreet.com/spoofstick/internet_explorer.html

2. FraudEliminator
http://www.fraudeliminator.com/download.htm

Both have been discussed in other forums such as:
http://computercops.biz/forum122.html