3

I was reading an article based on these products and came up one question I need clarification on. According the author most antivirus software would not be able to detect the presence of a spyware or keylogger program unless it was a known type. Also, spyware removal programs like Spybot/Ad-aware will also not detect these programs.

So having read this, I am a little confused as to what defense one has against these programs especially that even in cases where you might trust your friends/family, someone will still be malicious without your knowledge.

My current methods are using the Zonealarm free firewall and Avast free antivirus program. I set the firewall so that in most cases I know which program accesses the internet but to validate which are valid windows/system files are difficult.

Are there any products out there that monitor real time against these products? I fell victim once and found the program when using netstat and fiddler.

slhck
  • 228,104
vbNewbie
  • 143

2 Answers2

4

There are a few, such as the Professional version of AdAware, and SpyBot Search and Destroy, but like viruses, they will only be detected if the spyware definitions are up to date, and the distributer has the spyware in their database.

In my opinion, best practice is, if its a shared computer, throw Linux on it, then your pretty much safe from the viruses/spyware thats out there (this is my opinion, don't downvote it you dont agree).

Geoffrey
  • 157
  • I agree entirely...how exactly is Linux a better choice? Is it because more spyware/viruses are directed to windows software or does Linux have better safe guards. – vbNewbie Jun 09 '11 at 14:16
  • Both actually, the POSIX system is very hard to write a virus for that can do substantial damage, but that is not to say it is immune. Eg, MACs are NOT immute to viruses, but much less likely to be infected by one. –  Jun 09 '11 at 14:21
  • Not as true as it used to be. With the growing popularity of MACs and Linux, there is a growing field of viruses and spyware for these systems. But agreed, compared to Windows it's still very small. – BBlake Jun 09 '11 at 14:39
2

I am not sure on Spybot and other but Symantec Endpoint Protection specifically detects keyloggers and will log, terminate, ignore or quarantine as directed in setup. While it mentions commercial keyloggers, it has also detected some malware keyloggers as well. Making users of a system a "user" rather than an administrator can help but is only one layer of protection.

Some retail AV products like Norton 360 can help as they are oftem more agressive and add additional layers around web sites and so on. Some earlier versions add a big performance hit while the latest version seems to have a minimal impact.

As noted, Linix and Mac are becoming a bigger target simply because they are growing in popularity and make a more lucrative target.

slhck
  • 228,104
Dave M
  • 13,200