Get our latest top picks
Subscribe to our Top Picks RSS Feed or enter your email address below to get the feed delivered to you by email:
|
Follow Gizmo |
 |
 |
 |
Register/Login
Gizmo's Freeware is Recruiting
We are looking for people with skills or interest in the following:
- Mobile Platform Reviews
- Rootkit Scanner and Remover
- Streaming Media Recorder
- Email Client
- Archive Manager Interested? Click here
Best Free Adware-Spyware-Scumware Remover
|
Other Language?
|
 Read this article in Spanish |
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
The internet is a dangerous place to be in the 21st century, with many people using increasingly ingenious ways to part you with your hard earned cash, whether it be by exploitation, surreptitiously harvesting your credit card and bank details for their own nefarious purposes, or tempting you to spend money on products and services that you neither need nor want. During the latter years of the 20th century, and the early years of the 21st, Spybot S&D and AdAware were kings, protecting you from all manner of malware that tried to infect your computer with the sole intention of parting you from your wallet. But as technology improves, so do the malware writers, and the kings of yesterday in terms of protection may no longer be up to the job. With every new generation of malware, there will be a new generation of software to combat it, and in my own tests, these are the best free products I recommend. |
|
Discussion
|
|
Top of the list is Malwarebytes Anti-Malware Free (MBAM). MBAM is a top notch and reputable product. A fairly lightweight download (just over 10 MB) and simple installation means this is not a burdensome product. In my testing, even when the PC was severely infected with many nasties running, it started without any problem and scanned and removed those nasties effectively. The interface is very simple, the scans are very fast and detection is first class. A reboot to complete cleaning was still required for some malware, though this is a minor inconvenience, and required by most programs of this type. The only downside is it has no portable version, and if there is no working network connection in the infected PC you won't be able to download the latest virus definition updates. Second is SUPERAntiSpyware (SAS). Once upon a time this was a good product but recent releases have not been up to the mark. The interface is simple, updates are speedy but it still installs a start-up item which doesn't actually do anything at all. The scan speed is twice to thrice that of MBAM and the detection is less than half of it. The removal also left a lot to be desired. It left a few nasties running even when it showed them as removed. SAS also requires a reboot to complete the removal process. The upside is, it has a portable version which will help with the removal of infections from computers without a working network connection. I hope version 5 brings improvements. ~~~~~ Below is the old review which is still going to be updated ~~~~~
Top of the list once again is SuperAntiSpyware, which successfully detected and cleaned 121 threats on my test system. A fairly lightweight download and simple installation (5.99 MB) mean that this is not a burdensome product. If anything the general package whilst aesthetically similar, has improved, managing to detect and clean after a single scan rather than the two scans required previously. A reboot to complete cleaning was still required, though this is a minor inconvenience, and required by most packages. If I had to raise a criticism, it's that the freeware version still installs a start-up item which doesn't actually do anything at all. In the paid version, it loads the always on protection which is not available in the freeware version. This minor annoyance aside, it remains my top recommendation.
Promoted this time to joint second place is Emsisoft Anti Malware free edition, and let me be very clear that it is ONLY the free edition that I am able to recommend. Emsisoft Anti Malware was able to identify just 43 infections; though some of the more serious threats identified by SAS were included in these. If we disregard tracking cookies, then the margins narrow. However, detection rate is only half the battle, and unfortunately EAM was unable to automatically clean some of the more virulent infections found by itself. Nevertheless, it helpfully provides a link to forums for manual removal instructions.
The downside of EAM is the download size, being a huge 91.69 MB, immediately followed by further updates. Anyone on restricted bandwidth or dial up may be advised to look elsewhere, but for an average broadband connection this should not be a factor.
Separating A2 and MBAM is almost impossible. I found them to be on a par with each other regarding their scans, but both require a technical proficiency that many may not possess; A2 requires manual removal of many threats, whilst MBAM forced me to jump through hoops to get it working.
PCTools SpywareDoctor SE also performed well in scanning, finding 24 threats (excluding cookies). Unfortunately, cleaning the system proved more problematic. Despite reporting successful cleansing, SD failed to terminate processes already running, and did not in fact clean some of the more annoying infections. It would also be useful if SD prompted a reboot after cleansing, though it did not do this, and only experience dictated that this would be a good idea.
SD does, however, include real time protection, which most other products don't, and this protection did block those infections that it had failed to clean. Nevertheless, a further scan and clean with SAS was needed to fully clean my test system. A fine effort, but sadly falling short of the mark. Do note that the free version is no longer available from the PCTools website. It can be obtained as part of the Google pack, or from *here. *Warning: This is a Cnet download link. Downloads from Cnet (Download.com) now require the use of a proprietary installer.
Old timer Ad-Aware, coming in at 35.7MB performed reasonably, if not exceptionally, finding a further 24 infections even after cleaning with A-squared, 4 of which represented real threats, whilst the remaining 20 were cookies.
Doing less well in on demand tests were Spybot S&D, and The Cleaner 2010. Spybot was the other program that was actively blocked from running, and nothing I tried could overcome this. It does come with an on demand file scanner which can be run from the command line and set to scan your entire drive. However, after letting this run for over an hour and noting that progress had barely touched my relatively small installation system (2.1 GB) I cancelled. It would take an age to complete the scan, and would only examine files. Registry entries and services would be left untouched. The Cleaner 2010 found absolutely none.
Arovax Shield is still in development, and starting to mature, though there are still bugs to be ironed out. For example, once installed, and after the obligatory reboot to enable it to start it's services, it immediately complained that it could not find Firefox. This is no surprise since FF was not installed on the test system, though I fail to see why it should prevent it from doing its job. Maybe as time progresses this will become more viable, but in my opinion it isn't quite there yet.
And so that leads us to my standard "other recommendations". Internet Explorer has now reached version 8, which I am sure will become the most prolific web browser before too long, and as such will be the most heavily targeted. I stand by previous recommendations that an alternative browser (of which there are many free ones these days, including Firefox, Opera, Google Chrome and Safari) will offer a safer browsing experience.
And in order to shut the door after the horse has bolted, there are few more useful than HiJack This, which is still a tool requiring expert help, but can be invaluable in helping to clean an infected system. Fortunately, the expert help is still only a forum away.
And as always, let common sense guide you. Don't run a program from an untrusted source, and don't visit websites where infection is likely. You should also beware of popups from programs that you haven't installed, some of the fake anti-spyware I managed to pick up in my browsing sessions was surprisingly convincing. Remember, sometimes malware will scream into your face that it is there (see pic, not a genuine window amongst them). It will just not tell you what it really is.
|
|
Related Products and Links
|
Some issues have been reported on 64 bit systems
|
Editor
|
|
This software category is in need of an editor. If you would like to give something back to the freeware community by taking it over, check out this page for more details. You can then contact us from that page or by clicking here |
The comments section below is so lengthy that it has become difficult for our visitors to read. Future posts will now be edited for length and repetition, and personal attacks deleted. You are all welcome to join our Security Forum which is much better-suited for intensive debate.
- Article type:
- Login or register to post comments
Printer-friendly version
Comments
before i was removing spyware manually but its not fun doing it everyday. super antispyware freeware is the best i ever try, it can remove the most advanced spyware and malware. and used antivir freeware antivirus well make your system run smoothly. just run super antispyware after using internet.
ps
and this stuff is really free. FREEWARE long live.
www.ak0n.tk
-Mitchelle V. de la Cruz
thanks for suggesting me BO clean for realtime protection..... now I m using BOclean with super antispyware..
You can also use passive protection to complement real time protection (as mentioned in a previous post). Examples (which can all be used together, and in addition to real time protection):
IE-Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) - using a program called ZonedOut, the IE-Spyad list (a list of malicious websites) is added to the "restricted sites" of Internet explorer. If Internet explorer is directed to one of these sites, it will open the web page, but it will use the restricted sites security settings (which are usually set to highest security) for the web page.
Hosts File - if a website is defined properly in your hosts file, Internet explorer will not load the web page at all (or any of the nasties it may be harboring). One of the best host file managers is HostsMan (http://www.abelhadigital.com/2007/12/hostsman-3155-released.html).
Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html) - similar to IE-Spyad, except it can help block malicious items in internet explorer (active-x, cookies, malicious websites), firefox (cookies), and browsers that use the firefox engine such as seamonkey (cookies).
*** Spyware Removal ***
(1) SUPERAntiSpyware: [ http://superantispyware.com/superantispywarefreevspro.html ]
(2) Malwarebytes' Anti-Malware: [ http://www.malwarebytes.org/mbam.php ]
The FREE versions of these AntiSpyware products present superior On-Demand Scanning and Cleaning
capabilities. No On-Access Scanning (= Real-Time Protection) is offered.
The FREE Editions of Ad-ware and Spyware Doctor together with Spybot Search & Destroy are no longer what they used to be! Don't waste your time with them! The Spyware Doctor of the Google Pack has ONLY about 1/3 of the definitions/signatures found in the Full version.
Just a note folks, and particularly those comments regarding the list being out of date. I have just (literally) taken over as category editor here, and I will be reviewing the list over the next two or three weeks, with a view to bringing the whole article up to date. I will review all posts here first before I change anything significant up at the top.
Steve
COMODO.
Threatfire is a behaviour blocker. What do you mean by the "active scanner"? If you are referring to the on-demand part, it isn't exactly the best scanner out there. If you're referring to the real time behaviour, it is probably THE most effective behaviour blocker currently (and the only free one). From personal experience and from many other user's comments, it does not have a lot of false positives.
Spyware Doctor and Spy Sweeper is just totally bloated, and probably does not provide the best protection against real world threats. And you should really add SD free only has 1/3 of the shareware SD's signatures.
And if you use an anti-virus product with good, active protection, such as the free version of AntiVir, and add Threatfire and Sandboxie (for example), you do not need a real time anti spyware. Something like SAS free or MBAM free will be sufficient.
A squared free and Comodo BoClean are primarily anti trojans but are also anti malware, so they can detect spyware as well.
"ClamAV is not the most effective AV scanner on the market, but it's certainly competent and the additional protection can only be a plus."
This is a totally false statement. In tests by av test, clam av always has one of the worst detection rates. The additional protection is not "only a plus" because you would simply be wasting resources running two real time av s (assuming you are also running another one such as Antivir, AVG, or Avast). Also, Clam av has one of the highest false positive rates and can unnecessarily alarm users. So I would recommend not using Clam AV with Spyware Terminator.
I agree with you 100%.
Anyway, real time anti spyware is not really needed if you have something like Sandboxie, Antivir and Threatfire free.
A-squared and Boclean were originally developed as anti-trojans, but they now detect all types of malware now, including: Trojans, Backdoors, Keyloggers, Rootkits, Worms, Bots, Dialers, Spyware, rogue anti-spyware programs, etc. Therefore, they are better classified as Anti-malware programs.
This comment assumes that everybody who uses your computer will use a sandbox (such as Sandboxie) when on the internet. If you have multiple people who use one computer, and they are not security aware enough to use the sandbox, then Realtime anti-malware may be helpful. When novices use the computer, they do not always know the correct thing to do when a security dialogue box pups up (e.g. Theatfire). Boclean can be set to automatically detect and remove malware without the need for a novice to figure out a cryptic warning.
I'm not sure if it's just me but on my home computer with about 20 or 30gb the full scan takes less than 10 minutes.
Hi
That's a very good point. I'd forgotten about that. But anyway, if there are other people who are beginners, you should probably set up a Limited User Account for them, which will stop a lot of malware from functioning properly.
Sorry Steve, the MRT does not detect/remove spyware.
http://www.microsoft.com/protect/products/computer/compare/antivirusanda...
http://support.microsoft.com/?kbid=890830
But great tip though.
Here's a tutorial with images:
http://www.mydigitallife.info/2007/08/29/how-to-use-windows-malicious-so...
This was my point exactly. I guess it would have been more clear if I said "Although it is not a good idea to run two or more active (real-time) security programs that do the same task (e.g. two real time antivirus monitors), IT IS A VERY GOOD IDEA to run multiple security programs that complement each other." Having several different on-demand scanners and scanning periodically is definitely a good idea, even if you have active protection.
I also should have clarified that the following comment refers to using on-demand scanning: "The truly best approach is to use multiple scanners, because each may detect and clean different nasties. I use a combination of Superantipyware, A-squared, Spybot Search and Destroy, Malwarebytes Antimalware, Rogue Remover, and Windows Defender. Then, I scan with at least two antivirus applications. I also scan with Hijackthis and a rootkit scanner (for more advanced users)."
Well. I did say that MRT doesn't come close to dedicated anti-malware utilities, but it's still handy to know about.
Thanks for the link - I'll add it to the review on the next update.
Steve
The use of the term "Active Scanner" was probably, in retrospect, not the best expression to use and I will re-word in the next update. I was simply trying to convey that, unlike On Demand scanners, Threatfire will block at installation, rather then remove at scan. I'm not so sure that Threatfire's over enthusiastic blocking can be considered "false positives" as such, since as you say, it relies on behaviour rather than a database, and as such, will block threats period, rather than known threats. Having said that, for the end user, the result looks and feels much the same.
I will review my wording at the next update to attempt to clarify.
Steve
You're welcome. I can also confirm this works on Vista.
Cheers.
I think it makes sense to organize the category as follows:
1) Free real-time monitors (signature based) - e.g. Comodo Boclean, spywareguard
2) Free real-time monitors (behavior based) - e.g. Threatfire and other free programs with HIPS (e.g. Comodo firewall)
3) Free passive protection - e.g. spywareblaster, IE-spyad, host file utilities, sandboxes
4) Free on-demand scanners - e.g. A-squared, Superantispyware, Malwarebytes antimalware, threatfire (which has an on-demand scanner), Spybot S&D, Windows defender, Windows malicious software removal tool, Ad-aware, rogue remover, etc.
Define each of the above types of protection, including the strengths and weaknesses. Then pick the best programs in each category. It may be worth mentioning the commonly used programs that are available, even if they did not make it into the top picks.
If one of these topics is already covered in detail elsewhere on this site, then simply link to that page.
Also, put in rules of thumb regarding:
a) Do not use multiple real-time monitors that do the same thing.
b) For prevention: Layered protection (e.g. some combination of 1-3 above)
c) For removal: Scan sequentially with several on demand scanners (4 above) and if needed check with one of the many forums that help users remove malware.
Good idea!
Additions to your list above:
* Windows defender does have real-time protection also, but I am not sure if it is signature based, behavior based, or both.
* For passive protection, you may also want to mention that some browsers (e.g. Firefox) may be more secure that Internet Explorer.
* I would perhaps also specify that for the prevention rule of thumb, it should say "Layered protection with real-time antivirus, firewall, and some combination from 1-3 above."
* It may be nice to tell people to stay way from the many rogue antispyware applications at http://www.spywarewarrior.com/rogue_anti-spyware.htm.
As it happens - I'd already decided that the next re-write will include such tips as using FF instead of IE.
Layered protection, in the hands of someone who knows what they are doing, is a good thing. In the hands of a novice, it can be disastrous, simply because you have to know how to distinguish between the different types of protection available. For example, you don;t want two separate active AV products running, since each can interfere with the other to the extent that neither will be effective.
Your final point is an interesting take on things, and something I'll seriously consider.
Steve
I'm planning on a re-write of the article, and much of what you have suggested will already be in there. The difficulty is getting the balance right. Whilst tech savvy people are more likely to visit here, it is equally likely that Google etc. will point the less experienced here if they take the time to troubleshoot problems.
With that in mind, I hope to find the right balance of helpful guidance for the inexperienced, and informed opinion for the more experienced.
You can be rest assured that before I make any significant changes, I will be:
i) Test driving software myself
ii) Reading posts here.
In the meantime, I will update the review to address issued raised in posts where appropriate.
Steve
Hi
I think that is a very good idea, but telling people to use multiple products from 1 to 4 is totally overkill.
For example, if someone has Sandboxie, Threatfire, and AntiVir free, all they need is a few web scanners (like SiteAdvisor, Linkscanner, WOT, HauteSecure, Netcraft, Finjin, Sitehound) and one real time and one on-demand anti-malware. And common sense.
Hi
I agree. Firefox or Opera is MUCH more secure than IE. I think with Opera 9.5, it uses Netcraft and HauteSecure databases to warn users of malware sites.
Hi
I personally think outbound firewall is totally overrated. For many people it is a psychological effect because they do not actually understand how their security software works so they pile on more hoping they will be safer.
Hi
And if you add Firefox, you should also add there are many excellent security addons, such as SiteAdvisor, Netcraft, WOT, etc and Adblock Plus and Noscript.
Hi
Also, many people do not like Host files because it uses very outdated methods and can give users a false sense of security.