(PeteCresswell) wrote:

> Per VanguardLH:
> 
>> The free version was designed for boobs who,
> 
> I guess I'm the target audience then.... -)
> 
> The rest of your post tells me that, given a predilection for keeping it
> simple and a willingness to live with a certain amount of risk, I
> should:
> 
> - Rely on the freebie Avast day-to-day
> 
> - Do the occasional scan using an bootable Avast disc
>   created right-then-and-there to get the latest 
>   DB
> 
> - Make really sure my "Good" image is really good.
> 
> - Maybe just restore from the "Good" image every couple months
>   just on GPs.
> 
> I do not use SpywareBlaster.

I haven't trialed BitDefender for awhile now.  I keep re-trialing them
hoping they changed their quarantine behavior of isolating a file
without prompting the user.  If they changed that then I'd use them.  If
that's a risk you are willing to endure then I'd go with BitDefender.
However, if they are still covertly quarantining files, you may want to
set a reminder to prompt you to go check their quarantine to see what
they hid from you without notice.

I use SpywareBlaster but did not pay for it.  I just use the free
version.  As I recall, the only extra you get with the paid version is
an automatic update check.  What it does is not by having it run
resident all the time, as with other anti-malware programs.  It adds
"kill bits" to the registry.  It adds class IDs for known malicious
programs that register themselves.  It then adds a data item with a
value that tells Windows not to load that program.  So, in effect,
SpywareBlaster is pre-loading all the CLSIDs for known badware into the
registry but setting the kill bit so Windows won't run that badware.  If
the badware ever shows up, it cannot run.  So SpywareBlaster doesn't
stick around running to do anything.  It updates the registry and exits.
However, anti-malware may see those kill bitted CLSIDs in the registry
and claim you have the badware installed which is not true.  They only
use the registry entry as a footprint, see the impression, and then
claim you are infected when there is just the footprint which was
deliberately put there so the baddy gets identified as soon as they fit
into the footprint.

SpywareBlaster can also add blocks on cookies created by bad sites (but
only for Internet Explorer and Firefox, not for Google Chrome).  This
prevents the bad site from leaving behind their cookie (in case you have
not configured your web browser to purge cookies on its exit) or abettor
sites from creating a cookie for the bad site.  

SpywareBlaster can also add bad sites to the Restricted Sites security
zone (available only to Internet Explorer).  This means if you happen to
visit any of those bad sites that they will render under the Restricted
Sites security zone.  Scripts won't run for those sites, meta-refresh is
disabled, and several other features are disabled to neuter the bad
site.

So SpywareBlaster is something you run, update, and then choose to add
the ActiveX killer bits in the registry, block bad sites from creating
cookies, and add bad sites to IE's Restricted Sites security zone, and
then you exit SpywareBlaster.  The program does not stay resident.  It
does its registry updates and is then completely gone.  That's why it's
compatible with all other anti-malware programs.  It isn't running to
cause any conflict in purpose or action.

I use MalwareBytes Anti-Malware (MBAM) but only the free version.  This
means there is no resident on-access (real-time) scanner to conflict
with other security software.  I load it, update it, and then scan with
it at regular intervals.  I have disabled it looking for PUPs because I
installed utilities, like Nirsoft, that they claim are unwanted.  Nope,
I installed them because I want to use them.  Besides, the argument
against PUPs is that malware can make use of them rather than the script
kiddie that authored the malware from having to figure out what the
usurped PUP can do.  Well, that means the badware has to call the PUP to
make misuse of it and it's the job of anti-malware to detect the caller
that is the badware.
--- NewsGate v1.0 gamma 2