Spyware Terminator 2.0
by Mark Woodstone - Friday, 14 September 2007.
In recent years, a multitude of malware types became a large threat for Internet users. By placing its files in your system registry, modifying local files, changing the look of your browser, you never know what kind of data your computer is leaking, why pop-up advertisements are constantly opening in the corners of your computer screen and why your system became so annoyingly slow. Over the years, almost hundreds of anti malware applications started popping out on the Internet, but only the best prevailed. Today I am taking a closer look at a promising free application - Spyware Terminator 2.0 (HNS mirror).

Installation

While installing Spyware Terminator the process will opt for the possibility of installing the Crawler Web Security Guard. I will talk about this browser addon later in the review, but one of the "advanced features" of the initial configuration process really bugged me. I am talking about an option, checked by default, which wants to install Crawler.com as your default search engine. This way, searches performed through your Internet browser's search box or typed into the Address Bar will be generated through Crawler.com. While it uses multiple search engines such as Yahoo! and MSN, an anti spyware tool with this kind of “feature” could generate some skepticism among more advanced users. My suggestion is to tick this checkbox off and leave your browser’s default search engine as it is.

The final part of the process is downloading a 4.4 MB Web Security Guard database file that contains the latest updates for this Spyware Terminator addon. The entire software installation process takes a few minutes.


The user interface

After starting Spyware Terminator, you are greeted with a setup assistant window which offers three different types of program usage. The one selected by default is "Protect against spyware" which installs the Real-time Shield continuous system protection. The other two include scanning the system for spyware and a modification of the default setting, this time installation of the Real-time Shield integrated with ClamAV open source (GPL) anti virus toolkit.


FYI, in August 2007, the ClamAV project was acquired by Snort creator Sourcefire, so it’s possible to expect some changes in this kind of third party product integrations.

The user interface deploys the English language by default, but the software also sports 14 different language customizations. All the main European lanuages are fully supported, but some such as Turkish or Serbian don't have all the translations so the interface text will be semi translated.

Malware scanning

My user experience started with the default step of setting up the Real-time Shield. In the first configuration step, you can select the option to send anonymous information about unknown applications detected on your computer to Crawler Spyware Central.

As this is a free product I am all for sharing the information for building a better quality detection capabilities, but maybe it is better you leave this option unchecked for now. We all have a bit of "cyber paranoia" in our hands, so there can be situation where legitimate, potential very private (intellectual property, internal) applications can be detected as unknown, so there is no need for sharing any kind of info on them. This is not very likely, but it can happen. Spyware Terminator is smart enough to have the manual version of this "file reporting" function available, so when you scans are done, you can manually choose the files you want to share information on.


For the process of doing this review I took a fresh Windows XP installation and used the default Internet Explorer to browse the web for 8 minutes. In this period of time, I opened some random "potentially malware ridden" web sites (topics included software cracks, phishing, a MySpace profile and a "let's pretend we offer anti spyware downloads" web site). Via these sites I downloaded and installed two software applications - a screensaver and a simple scrabble game.

I was eager to discover what kind of computer scum you can get in these 8 minutes, so I eagerly waited for Spyware Terminator to do his job. The scanning procedure is fast, but I’ve been using mainly Ad-Aware and Spybot, so I cannot do factual comparisons. From the user point of view, I liked Spyware Terminator much more than the mentioned anti spyware alternatives.


As you can see from the image above, the software found 11 instances of malware. OK let's say 10, as a web cookie isn’t malware in my book. Backdoors, hijackers, spyware tools - I got a whole bunch of them. Thanks to the Spyware Terminator specimen database, clicking on a detected threat shows you its details.

Spyware Terminator gives you various options such as moving the files into quarantine, removing them altogether, reporting potential false positives and a manual way of sending some specific threats to the Crawler Spyware Central (via the Send to support button).


In the quite intuitive scan results window, you can also check some further details on your computer including the list of safe programs (with process names and file locations), unknown applications (potentially harmful, but in my case they weren't) and a detailed textual scan report which shows you helpful information.


Real-Time Protection

A portion of Spyware Terminator will sit in your system tray (unless you explicitly deactivate it) and will actively listen for potential security risks to your computer.


The software sports an extremely detailed set of application and system security settings, so you can add a specific set of applications and services into different "shields". Each of the shields will take care of potentially harmful applications that can run on a system startup or the ones that are trying to register as system services in your system registry.


Besides this Application "family" of shields, there is a "System Guard" that monitors the classic malware targets such as system.ini and win.ini files, as well as changes to the hosts file which is THE place for various hijackers.

"Internet Guard" provides a must-have functionality that will stop malware applications of infesting your browser toolbar, as well as mangle with different Browser Helper Objects that can be abused by spyware programs. As Internet Explorer still has a large share of the browser market, one of the options in the "Internet Guard" is specifically developed for watching out for changes in this browser, such as different settings and homepage locations.


Web Security Guard

I mentioned earlier that along with Spyware Terminator I agreed upon the Web Security Guard installation. This also absolutely cost free application is intended to increase your security awareness by integrating with your preferred browser and with Spyware Terminator to improve your awareness of the cookies and favorites stored on your computer.


Unfortunately, there’s a catch with this installation. I got more than I bargained for - I didn't get just Web Security Guard, but a Crawler.com (developer of Spyware Terminator) browser toolbar with Web Security Guard. The difference was rather big - I wanted this free application that is suppose to increase my security awareness, but unfortunately it contained links and installation options for stuff like maps, radio, screensavers, e-cards etc. Basically these are “features” that an advanced Internet user will find annoying.

Just to make sure, I uninstalled the Crawler toolbar and Spyware Terminator and went on with the installation again. I was just curious if I missed some reference to the Crawler toolbar and Web Security Guard integration, but there is no mention of anything except the Web Security Guard tool. While there isn’t any textual notion, if you look at the following image more closely, you can see the toolbar “sneak peak” screenshot. This surely isn’t enough to inform the user before this extra installation.


The "Internet Protection" sub-menu of Spyware Terminator now says that I don't have Web Security Guard installed, which is normal as this time I didn't opt for its installation. I went to websecurityguard.com to download it manually.

After the installation, the "shocking" conclusion is - Web Security Guard, the tool that should be a powerful addition to my system by default comes within the Crawler toolbar. This is really a shame, as I tried surfing with an active Web Security Guard and it really works flawlessly. Because of this integration, I would definitely uninstall "Crawler Toolbar With Web Security Guard" as it is titled in the Add/Remove section of your control panel.

For those of you that don’t mind the extras in the toolbar, I will guide you through the usage of the Web Security Guard. This application uses a simple system of colors to indicate the associated risk with websites: green for safe, yellow for risky, and red for unsafe. Ratings are displayed in the Web Security Guard toolbar when visiting website, and are also displayed beside each search result while searching your preferred search engine (currently only working in Ask.com, Google, Yahoo! and MSN).


The system works very good and from my experience all the sites that were blocked were potentially malicious.


From inside the Spyware Terminator I now could use two new scanning options - cookies and favorites scan. The scanning is once again very fast and it shows detailed results on the sites found on your computer. They are also categorized and labeled with different colors so you can know if they are potentially malicious.


Detailed settings and ClamAV integration

Spyware Terminator is fully customizable, so you can play a bit with almost every aspect of the scanning or real time protection functions. Scheduled scans worked like a charm. The final thing I wanted to check within Spyware Terminator was its integration with ClamAV. For activating this option you need to find the appropriate menu inside the Settings window.


After agreeing with the terms, the application will download approx. 10 MB ClamAV file, as well as a 600kb integration program. I activated ClamAV into Realtime shield and tried to open a couple of TXT files with some VBS virus/worm code. I didn't get any alerts this way, but the anti virus found other planted .exe virus infections.


Final thoughts

As you can see from my rather lengthy report, I had some mixed feelings about Spyware Terminator when coming together with Web Security Guard. If not taking into consideration the "strange" Web Security Guard concept, Spyware Terminator is an effective anti malware application. It sports a number of great functions you cannot find within its competitors and I must say that the application itself is fantastic.

Almost every aspect of it worked flawlessly, the user interface looks great, if only the developers removed the Crawler toolbar out of the picture it would be perfect. The application is free and I understand that the toolbar probably provides some kind of a revenue stream, but "silently" installing it with a security application is surely not a good step.



Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //