Jump to content


Photo

Spysubtract Pro from Intermute


  • Please log in to reply
18 replies to this topic

#1 JRosenfeld

JRosenfeld

    Advanced Member

  • Full Member
  • PipPipPip
  • 143 posts

Posted 19 October 2004 - 12:49 PM

I note that Merijn's CWShredder has now been taken up by Intermute.
They also offer Spysubtract Pro that includes CWShredder. Is this an acceptable anti spyware program?

http://www.intermute...ract/index.html

I could not find it mentioned on the list at

http://www.spywarewa...nti-spyware.htm

#2 pomp

pomp

    Forum Deity

  • Helper
  • PipPipPipPipPip
  • 1,163 posts

Posted 19 October 2004 - 03:11 PM

I don't personally use it, but yes, it is acceptable.




PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD

#3 soulguyman

soulguyman

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 20 November 2004 - 05:01 PM

Not only is Spysubtract by Intermute 'acceptable' - it ROCKS !

Why isn't it listed on SpwareInfo's mainpage? (My guess is because SpySweeper by Webroot is a major sponsor, and is paying SpywareInfo NOT to advertise SpySubtract.)EDIT: My Apologies to SWI. I now know that Webroot is not a sponsor, but is a 'Featured' product, and that these Featured products rotate and change. Sorry for the confusion. Still, SpySubtract isn't listed in the Software section. END EDIT

Spysubtracts 30 day free trial download includes as many definition updates as are available during that 30 days. (compared to Spy Sweeper's 1 update only)

I find it AS powerful as SpySweeper, AND it uses about half the resources of Spy Sweeper when loaded into Start-up. Try it, folks!

sgm

Edited by soulguyman, 24 November 2004 - 05:40 PM.


#4 lonewolf

lonewolf

    Advanced Member

  • Full Member
  • PipPipPip
  • 233 posts

Posted 20 November 2004 - 10:39 PM

Well, SpySubtract didn't do too bad in these recent anti-spyware tests done by Eric L. Howes. http://spywarewarrio...-test-guide.htm (make sure you check test results 1, 3, & 5) some others did quite a bit worse, but I still wouldn't use it in place of Ad-Aware or SpySweeper. And Giant anti-spyware just plain smoked it. ;)

#5 soulguyman

soulguyman

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 21 November 2004 - 01:45 AM

Interesting results, lonewolf - thanks! I definitley want to check out Giant and see what it offers.

I question some of the results of Eric's tests as simply being dated. Also Spysubtracts definitions seemed to be the oldest in the group.

I work in HP tech support and walking customers through scans all day long, and I know that Spysubtract is finding and removing much of the stuff that's listed as not detected or removed. (My Web Search plug ins for example.) I'm not saying Spysubtract is the best in the world, but its the one authorized and recommended for HP computers. (new HP's ship with a trial version) We _do_ use other utilities, but the first scan is always Spysubtract.

At home, I have SpySubtract, Spy Sweeper, AdAware and SpyBot. (for removal)
And SpywareBlaster. (for prevention)

In my own crude test, I disabled SpywareBlaster (didn't have Spy Sweeper installed at the time) and went to Kazaa and signed up for some free spyware. :p
Then I ran Adaware and Spybot and removed EVERYTHING that they found. Then I ran SpySubtract, and it picked up 75 more nasties in the registry, and about a dozen in Files/Directories.
Then I went back to Kazaa and reloaded, and reversed the test. Ran Spysubtract first, and THEN ran Adawre and Spybot. Adaware only picked up 1 registry key and a couple files. SpyBot found another 4 registry keys.

Anyway, I'm suitably impressed with SpySubtract, but that doesn't mean I think its the end-all-be-all. I do think its the 'one to watch' though, especially with its acquisition of CWShredder.

Now Spy Sweeper, I have no argument is a very powerful program. My observations pit the 'detection and removal' qualities of Spy Sweeper and SpySubtract as about 'neck and neck.' Where Spy Sweeper takes the lead is in system monitoring, but it does that at a pretty hefty resource price while sitting in the tray.

But, you got me intrigued by Giant. To be honest, I haven't heard much about it, so I shall scope it out.

Thanks! (Oh, and Eric, if you read this thread, I'm not saying your tests are faulty or skewed or anything. I'm sure the results were as they were. I'm just saying they may be dated. Things change fast out there. ((pssst. I think HP is trying to acquire Intermute. Sssshhhhh!))

sgm

#6 meandor

meandor

    meandor

  • Full Member
  • Pip
  • 60 posts

Posted 21 November 2004 - 10:32 AM

I note that Merijn's CWShredder has now been taken up by Intermute.
They also offer Spysubtract Pro that includes CWShredder. Is this an acceptable anti spyware program?

http://www.intermute...ract/index.html

I could not find it mentioned on the list at

http://www.spywarewa...nti-spyware.htm

View Post


I tried SpySubtract on trial and found it interferred with Spy Bot S&D 1.3 and as well CWShredder 2.0 caused problems with my HOSTS file from WinHelp2002.
I have had an outstanding Trouble Ticket with Intermute since Oct 22/04 about CWShredder2.0 it's still not resolved. I've dropped SpySubtract as I prefer Spy Bot S&D. I'm not a fan of Intermute as they're too slow fixing their problems
meandor

#7 NonSuch

NonSuch

    Spyware Eradicator!

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,369 posts

Posted 21 November 2004 - 11:39 PM

Not only is Spysubtract by Intermute 'acceptable' - it ROCKS !

Why isn't it listed on SpwareInfo's mainpage? (My guess is because SpySweeper by Webroot is a major sponsor, and is paying SpywareInfo NOT to advertise SpySubtract.)

Spysubtracts 30 day free trial download includes as many definition updates as are available during that 30 days. (compared to Spy Sweeper's 1 update only)

I find it AS powerful as SpySweeper, AND it uses about half the resources of Spy Sweeper when loaded into Start-up. Try it, folks!

sgm

View Post


To suggest that SpywareInfo is being paid by Webroot to "not advertise" SpySubtract is a highly insulting statement. This site does not operate in that manner.

I would also add that meandor is far from the only person who is less than enchanted with the lack of response from Intermute regarding hosts file problems with CWShredder 2.0. There are also problems with false positives, and I've yet to see any evidence to support their claims of CWShredder 2.0 removing the two particularly difficult strains of CWS that it purports to remove.

#8 cissp

cissp

    Member

  • Full Member
  • Pip
  • 88 posts

Posted 22 November 2004 - 11:53 AM

Well, SpySubtract didn't do too bad in these recent anti-spyware tests done by Eric L. Howes. http://spywarewarrio...-test-guide.htm (make sure you check test results 1, 3, & 5) some others did quite a bit worse, but I still wouldn't use it in place of Ad-Aware or SpySweeper. And Giant anti-spyware just plain smoked it. ;)

View Post


I have been using the trial program of Spysubtract Pro for a couple of weeks now, and have been nothing short of impressed. I'm behind a NAT FW router with ZAP on my main host, and regularly update and use all the major players (SS&D, AA SE, TH, SpySweeper, SpywareBlaster, X-Cleaner, SpyCop, KAV, RegProtect, Win Patrol, Quik Fix...and am nearing the end of my trial use of Giant. Spysubtract Pro is the only application lately that has been finding ANYTHING.

This makes me wonder if, one, I have a very clean system and Spysubtract Pro is finding false positives, or two, Spysubtract Pro is finding ad/spy/malware that the above mentioned apps aren't. I don't believe it has detected infected files, but rather, registry entries (which makes me wonder as well about the effectiveness of RegProtect, in that how are those entries being written to the registry without that app's detection?).

I don't think at this point I'm going to continue using Giant. It seems like a solid program, but...it never found anything on my box. Not saying Spysubtract is better, but I'm going with personal results, notwithstanding Giant's excellent showing in Eric Howes' anti-spyware test. At the same time, I would like to hear more objective opinions regarding Spysubtract Pro, as I still have two weeks left on my trial. That aside, it's good to use a combination of applications and not rely on a subjective "best" one. Defense-in-depth and a layered approach is the way to go.

Edited by cissp, 22 November 2004 - 11:55 AM.


#9 soulguyman

soulguyman

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 23 November 2004 - 05:46 PM

Hi cissp,

Much as I like to say Spysubtract is doing a better job, given the description of your system, its probably just picking up false positives. Try to take a look at what they are and where they are coming from.

Are they in the registry under this location:
HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings|Zonemap\Domains ?
Are they listed by SpySub as being from CoolWebSearch?
My scan always shows 7 of them, being:
blazefind.com,mt-download.com,searchbarcash.com,searchmiracle.com,skoobidoo.com,slotch.com and xxxtoolbar.com.
If I remove them, and then open SpywareBlaster it says I have 7 unprotected entries. Yep - the 7 that Spysubtract removed. Pretty simple to re-enable them though.
---------------------------------
This is a glitch that only began about a month and a half ago. I do wish Intermute would get on the ball and fix this little bug, but its not enough to make me want to stop using SpySubtract. HP only recently (within the last 2 months) started using Spysubtract as first choice in all their tech support calls related to spyware. Like I say, we will use other products and other scans, but only after trying SpySubtract first. The reason is simply to keep a consistent approach among tech agents, so it can be analysed better. Also because the special version of SpySub we use does not remove Backweb or Wild Tangent, which HP uses for their games and driver updates. Also, SpySubtract is now being bundled and shipped with all new HP computers.
What this all means, is that Intermute is probably now being flooded with calls for tech support, and probably haven't quite 'geared up' enough to handle it all. I'm not trying to make excuses for it, I'm just saying that with all the new business, and with rumours of HP acquiring Intermute, it looks like there's quite a bit of research and development going on. So I believe we should keep an eye on it and not just dismiss it. Things are definitely 'happening' over at Intermute.
--------------------------------------------------
Now, as for Giant, I've just tried it and I like it quite a bit. When I first ran a scan it found a handful of programs and registry keys on my 'clean' system. Cool. It's not without its own problems, though. When I did my crude 'real world' test of downloading Kazaa's spyware suite, Giant would not run. Every other program in my arsenal ran, but not Giant. So I removed the scum with every other program, and then tried running Giant and it still would not load. Obviously it was either targeted by certain spyware, or spyware removed/changed a system file that Giant needs to run. I finally re-installed Giant, and it ran and found a handful of spies. So, while dissappointing, I'm still keeping it around as a powerful program that may need re-installing after an infection, before being useful. Oh well. But that's pretty fair and objective of me, isn't it?
-----------------------------------------------
Now, as for AdAware and SpyBot, I've been a 'loyalist' to these 2 freewares for years. It was with reluctance that I had to admit to myself that SpySubtract was doing a better job at detection/removal. But that is the truth of my experience. If I run AdAware/SpyBot on an infected system and then run SpySubtract after, SpySubtract always finds way more stuff (real stuff, not the false positives), than when I run Spysubtract first, and then let AdAware/SpyBot pick up the leftovers.
But I still use 'em all !

Now as for meandor's claim that SpySubtract interfere's with SpyBot S&D, I'm a bit puzzled. I haven't experienced any interference, myself, even with 'Venus SpyTrap' (Spysubtract's monitoring system) enabled. Even so, it's pretty easy to disable Venus SpyTrap. So I wonder what kind of interference you mean, meandor. Maybe I'm missing something, and I'm willing to listen.
------------------------------------
Sorry, NonSuch, if I insulted anyone by 'stirring up the controversy.' It's just that I came to SpywareInfo to find out what kinds of removal tools were 'out there.' The main page contains a handful of 'the usual' removers and a big sponsored ad by Webroot. It does mention CWShredder, but not SpySubtract. Now it wouldn't exactly be a 'felony' if Webroot said, 'we'll sponsor you - just keep the competition off the mainpage.' (Sort of like, in certain stores Coke will be displayed at eye level, and Pepsi has to be in the background) But maybe THAT isn't even the case - so I apologize if I stepped on toes.

But it is my opinion that SpySubtract is being more or less dismissed. I just think that's a mistake. Keep after 'em to improve their product and their response time, for sure. Just don't dismiss or ignore them.

Themz me thoughts -

sgm

Edited by soulguyman, 23 November 2004 - 07:13 PM.


#10 cissp

cissp

    Member

  • Full Member
  • Pip
  • 88 posts

Posted 23 November 2004 - 06:34 PM

Soul Guy Man,

Very insightful post that you added. I also appreciate your observation about the 7 false positives. I will check next time I do a scan with Spysubtract and see if these same 7 show up. Interesting note, and probably just a coincidence--about once a week when I check SpywareBlaster, there are 7 restricted sites that are enabled. Yet everytime I run SpywareBlaster and update it, I always Enable All Protection. Yet why do these same 7 sites keep coming back disabled?

I'm like you, I don't think there's one program that's the end all to be all. As an IT security engineer, I have learned the value and necessity of a layered approach and defense in depth when it comes to securing your enterprise or home system.

I, too, am surprised that Spywareinfo hasn't given Spysubtract more "props", but I won't speculate on that. I have been a long time "Anti-Spyware Warrior", and have used many programs in defense, detection, and removal. SpySweeper, X-Cleaner, SS&D, Ad-Aware, TrojanHunter, KAV, ZAP, SpywareBlaster, and HijackThis are proven, reliable apps and should be part of one's arsenal (and SpyCop, too, to catch the commercial stuff). But let's give Spysubtract a chance and please, give them a bit more coverage SWI.

Chuck

#11 soulguyman

soulguyman

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 23 November 2004 - 07:07 PM

Thanks, cissp.

And those 7 you find disabled in SpyWareBlaster are no co-incidence. Those are the false positives being removed by SpySubtract. SpySubtract rips them out, SpywareBlaster puts them back in. So until SpySubtract fixes the glitch, either uncheck them fron being removed from SpySubtract, or enable them in SpyWareBlaster right after.

sgm

#12 cissp

cissp

    Member

  • Full Member
  • Pip
  • 88 posts

Posted 24 November 2004 - 07:25 AM

SGM,

True to form, those same 7 showed up last night when I scanned with Spysubtract. Also, prior to that, there were those 7 restricted sites in SpywareBlaster that had been protection disabled. Thanks for isolating this down and making a correlation between the two. I think I'll follow your advice to leave them disabled in SpywareBlaster, at least until Intermute fixes this glitch. Oh, and Spysubtract did find one other registry entry, but was not listed under the 7 you referenced (which show up under a CWS key). I don't have the name off the top of my head, but it was something to the effect of "Media".

Thanks again.

#13 soulguyman

soulguyman

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 24 November 2004 - 12:05 PM

Chuck,

Just to clarify (and I think you meant to say this), you need to leave those 7 protections _enabled_ in SpywareBlaster. In other words, re-enable them in SpywareBlaster if you deleted them in your SpySubtract scan. Those are from your restricted sites list and need to have 'protection enabled.'

Now if the new one (Media) is listed in the exact same registry directory (you can tell by looking in the list in SpySubtract) then it too is probably a false positive. (disconcerting, if Spysubtract is reporting NEW false positives) But if its located in a DIFFERENT registry directory path than the other 7, then its probably a 'legitimate spyware hit' and should be deleted.

I've read your other posts on XClean/SpySweeper and XML. Sorry I don't have any answers there, but it sure sounds weird. It sounds to me as if Spy Sweeper has been uninstalled and re-installed, and that the XClean settings had been changed to scan floppy disks. Is it possible someone has been using your computer while you're away? I mean, I might suspect a virus, but you're sitting behind a firewall and router and antivirus, and it sounds as if you strive to keep your system pretty clean. BTW, what is a Biometric login?

sgm

#14 cissp

cissp

    Member

  • Full Member
  • Pip
  • 88 posts

Posted 24 November 2004 - 12:56 PM

SGM,

You are right, I did mean to say that I was going to re-enable protection from those 7 entries in Restricted Sites. I knew what I was trying to say, but it just didn't come out right! :) As for the "Media" entry, it was listed separately from those other 7. The seven entries were listed under a CWS tree that you had to drill down to see individually. The "Media" one was in its own separate tree, and drilling down in it revealed the registry key. I will check my Spysubtract logs to see if the same one keeps showing up.

As for the anomolies with SpySweeper (not requiring password) and X-Cleaner (indicating that there was no floppy in the drive, retry, cancel, abort), I don't know what to make of it, but something I'm monitoring, especially if I start seeing other unexplained behaviors. Is it possible that someone has been using my PC while I'm away? Well, yes, it's possible, but I would say unlikely. My wife's the only one home most of the day when I'm gone, and she has her own PC. Even if she intended to logon, she would have to circumvent XP Pro's authentication, as well as the biometric device I use (fingerprint scanner). At the same time, I haven't seen any log entries indicating system use while I'm away. I'd imagine a pretty sophisticated program that could physically circumvent XP's authentication mechanism, the biometric device, AND not leaving log entries of system startup and shutdown at the least. And as you noted, I do employ a HW and SW firewall (for the external threat), as well as a group of AV, anti-malware, and IDS apps for everything else.

At this point those anomolies are only at the level of, "Huh?", but not enough to warrant restoring from a backup or reformatting. I may post my HT log in the appropriate area of the forum, just for a peer review and sanity check. It's always helpful having multiple sets of eyes, you know?

Thanks,
Chuck

#15 soulguyman

soulguyman

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 24 November 2004 - 12:58 PM

Oh, and Spysubtract did find one other registry entry, but was not listed under the 7 you referenced (which show up under a CWS key). I don't have the name off the top of my head, but it was something to the effect of "Media".

View Post


Mystery solved, sorta, but I don't like it much. I ran a scan today and found the same listing, and it _is_ from the same registry directory path. (restricted sites)The listing is "New Media Properties, LLC" and the domain is 'searchsquire.com' I deleted the entry to see if it would show up in SpywareBlaster as unprotected. It wasn't listed, so then I checked in SpyBot S&D (they had a recent update on immunization definitions), and sure enough when I checked immunization, there was 1 item unprotected. I re-enabled the protection in SpyBot, then ran a scan in SpySubtract, and sure enough, New Media Properties was listed as a 'hit' again.

------------------------------------
What 'tweeks' me about this, is it makes me wonder why SpySubtract is reporting these false positives. It sounds as though part of their scanning algorythm is a simple 'string search' for certain domains. While I'm not against the use of a string search to find references to check, one would hope that they'd exclude the 'restricted sites' area from the search.

The 'give them the benefit of the doubt' side of me thinks they are simply doing this to help them 'find more stuff.' The more 'cynical' side of me thinks they might want to report false positives (especially CoolWeb) on purpose, in order to alarm users into buying their product. But THAT would put them into the category of 'rogue' software.

I still think the overall quality of SpySubtract is too good, for them to be doing this on purpose - but maybe if enough folks complained to them, and said that it really _appeared_ to be a rogue tactic, they might get it fixed a little quicker. Anyway, thats what I aim to do.

#16 tantricobstacles

tantricobstacles

    Member

  • Full Member
  • Pip
  • 19 posts

Posted 24 November 2004 - 04:17 PM

Soulguyman,
I'm sorry that you are making a false assumption that Webroot is somehow paying Mike Healan to not advertise SpySubtract. Once you visit these pages for a while you will notice that the ad banners do change, and they are not always the same. Different products are featured in the Spywareinfo newsletter as well.

I also feel that I must note here that I just tested the "new" version of CWShredder against one of the res:// CWS variants (Detected by Webroot as CWS_NS3) CWShredder found absolutely nothing.
The fact that a dedicated CWS remover didn't even detect the well-known registry entries for this variant should give an indication of how much "improvement" Intermute has made to CWShredder.

#17 soulguyman

soulguyman

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 24 November 2004 - 05:34 PM

Thanks, TO,

I'll edit my original post so folks won't get upset about it. Sorry SWI.

But what are we to do with SpySubtract? They own the Shredder now. Can we afford to ignore them, or do we need to stay on top of them? Now, as far as I know (and I could be wrong) CWShredder was never designed to remove all the CWS variants, just the ones that needed 'special' tactics to remove. Am I wrong? As far as I can remember, if I had a bad infection of CW, I'd have to run CWShredder and THEN also run scans with SpyBot and AdAware, to pick up the pieces.

#18 meandor

meandor

    meandor

  • Full Member
  • Pip
  • 60 posts

Posted 25 November 2004 - 08:41 AM

RE: Soulguyman Nov 23/04

My reference to SpySubtract interferring with Spybot perhaps is a bit of a stretch but you also unearthed New Media Properties, searchsquire.com. It took a couple of scans to determine what was happening but when SpySubtract detected searchsquire.com and I removed it, Spy Bot was then missing one item of protection, so as far as I was concerned SpySubtract was interferring (F/P)
with SpyBot.
As well CWShredder2.0 included with SpySubtract or on it's own plays games with my HOSTS files. I use HOSTS from WinHelp2002, or I could use SpyBot HOSTS. Unfortunately CWShredder insists on finding what I call False/Positives of CWS.Jksearch and CWS.HiddenDll everytime. I aprised Intermut Technical Support about this October 22/04 and have followed up a few times since. However Intermute either aren't interested or have other issues, as they have yet to correct their problem by issuing an update for CWShredder. Now they won't respond when I request a status report on my tracking ticket.
Until Intermute offers or improves their Customer Support, I'll pass on them.

meandor,
Vancouver, Canada

#19 soulguyman

soulguyman

    Member

  • Full Member
  • Pip
  • 64 posts

Posted 13 December 2004 - 08:26 PM

I can appreciate your frustration on this, meandor. Just wondering if you (and anyone else) cares to take another 'kick at the can.' I finally got spysubtract support to respond to my requests to look into the false positives. They want me to run 'AdDoctor' (a download through Intermute) and send back a log file. I can't seem to get AdDoctor to run on my system, but since they (Intermute) seem to be responding to the problem now, it might be useful if we could get as many folks as possible to report the false positives to them.

Thanks for all the healthy debate. :)
sgm




Member of UNITE
Support SpywareInfo Forum - click the button