-
Where is the Super AntiSpyware love??
Posted on February 6th, 2010 15 commentsWe are all entitled to our opinions. I swear by Kaspersky and we sell it at the shop I work at, while others like Eset, AVG, and others.
One trend that bothers me a little is how opinions shift. We maybe that is not the right way to word it but my brain is a little frozen still from shoveling myself out of my driveway. We finally had a decent snow storm yesterday and I had to fire up the snow blower at work!! Fun stuff. Years ago the big names were AdAware and Spy Bot. They both did a pretty good job and still continue to do so to a degree. A few years ago Super AntiSpyware appeared and everyone fell in love with it. It was recommended everywhere!! Then Malware Bytes AntiMalware came out and it has turned into the AdAware/Spy Bot battle. Who is better? I honestly do not know. I use both at work and it is just like the old days, one finds stuff the other doesn’t find and vice versa. I have personally dealt with both companies and quite honestly have to side with Super AntiSpyware. The people at MBAM are very rude and cocky. Dealing with SAS is much better and their people seem to actually care a little. Now I will mention that I do sell SAS on my Burrows Solutions website and at work, so you could think I am bias. I really do not feel that I am. Like I mentioned, I’ve dealt with both and SAS is just more pleasant to deal with. Both software titles will have their ups and downs, catch something new before the other does, and so on. My backing though is with SAS.
So where is the SAS love at?? Why is everyone only recommending MBAM anymore? I think it is really important to at least use both of them but I trust my real-time scanning to SAS. What is your opinion?
15 responses to “Where is the Super AntiSpyware love??”
-
I’m the malware cleanup guru at the shop I work at and I’ve been using Spybot & Malwarebytes for a while. I’ve seen all the review of SAS but had yet to use it until this past week when I had a remote user that there was no way I was going to be able to cleanup while I was on the road. SAS’s new “portable” version seemed to work like a charm and with the fact that randomly change the name of the executable to keep from being blocked directly helped me get the user up and running much quicker than I had expected.
While i do use UBCD4WIN to manually cleanup most of these fake antivirus malware infections, once I’m back into a working windows, I do need as many tools as possible to ensure the system is clean and prove it to the clients. I think I’m probably going to be testing out the full install of SAS + hiding the portable version away in my “tools” folder on new systems in order to have it just in case.
Just my 2 cents!
Alex
-
lately to clean up computers I boot to UBCD4win and run SAS and spybot
then I boot to windows install SEP and run SAS spybot and malware, it does not make a difference what order I run them in each picks up things the others miss!!! this drives me nuts. Of course if I can I rather backup and format and reinstall, it does help that have automated the entire process, all I do is boot to ubcd attach to a network drive and run a cmd file for that type of computer I come back a few hours later all programs are installed -
Spencer Selander February 7th, 2010 at 08:44
I have the free versions of both SAS and MBAM installed on this computer. I think both are excellent programs.
-
Ben Boatwright February 7th, 2010 at 18:12
I use several AV programs when dealing with rojans/spyware and such. The UBCD4WIN is a great tool, because the PE keeps the viruses from starting, so the programs can better get rid of them. After the UBCD4WIN gets rid of the bulk, I go into Windows and run Malwarebytes, Spyware Terminator and SAS. I follow up with Antivir and Hijack This. It is a long process, but I feel that when I take viruses off, there is little chance of reinfection. When it comes to the really nasty ones like Internet Security 2010, which infects the userinit file, extra steps must be taken to prevent the necessity for a complete backup/wipe/reload. I try to avoid that when I can.
Basically, SAS is a great tool, but cannot be relied on alone.
-
My typical run – Combofix, but only the most recent version, followed by a full MBAM scan after update and then a full Comodo scan. After that, I run MBAM one more time. Finally I let the end user what to look for, and show them how to run MBAM with intructions for 2x per month.
That being said, it’s not really about what tools we use, but more so how we educate our clients. An educated client is overall happier and less likely to repeat the same mistake… in my experience anyway. As long as the tools we use get the job done the first time, then it doesn’t matter what utilities we use — tomato tomahto.
-
Ben Boatwright February 8th, 2010 at 19:05
Doug, your intentions are noble, but some people are just living in the past. They think that they can only be infected through email attachments and surfing porn sites. You try to tell them that some of the rogue antivirus scareware that is out there can come from a perfectly reputable source, but they come back a month later after being infected again.
I get tired of dealing with people who just do not listen. Sometimes they look at the technician as the culprit, thinking that he or she did not do a good enough job. This is the case sometimes, but very infrequently.
Doug, I agree with your statement about the tools we use. I was not trying to sound like my way is the only way. Whatever gets the job done with the least headache.
-
this is why I hate dealing with home users. Give me corporate clients where I lock down the user right and the dns. worst case I rename the profile and have the profile recreated and no more infection.
-
We typically use SAS and MBAM, but the annoying thing about MBAM is that it only scans in the current user profile, so running it from UBCD4WIN is basically useless. When I called them about it, they said “Yup, it only scans the current profile”, and I didn’t get the impression that they were going to change it.
-
Benjamin Burrows February 9th, 2010 at 09:29
@Mike- exactly!
That is the attitude that I’m talking about. When we had it working in UBCD4Win about a year ago it was mentioned on their forum. Their response, “looks like we are going to have to break it.” They don’t want it to work in UBCD4Win because they do not condone it or have it working properly for that type of environment. They have the attitude that their software can fix everything and fix it in normal mode. They are dead wrong on that! In my conversation with them they basically did not see any merit in cleaning up a system with UBCD4Win, well until we talked to them. Their biggest worry was honestly money. Money is all that they are worried about and they do not want us fixing computers with their software unless we pay them. That is fine I guess but I want the chance to test the software and make sure I am paying for something that will work. They are just too worried that techs will use it in UBCD4Win for free and they won’t get their money for a tech license.
They have the belief and attitude that they can fix anything in normal Windows. They don’t even recommend you use it in Safe Mode. That is a horrible model and they need to wake up and realize that systems need cleaned up in different ways. I guess they aren’t really trying to be a clean up tool, they are just a prevention tool?? Either way in my honest opinion, they can FOAD. -
Johnny2bad February 10th, 2010 at 02:45
MBAM is a decent tool. It is quick as long as you have dumped all the temp files on the system. It is not necessarily very good at handling some variants of the Vundo virus however, nor is it particularly useful when some rootkits are present that will identify MBAM in memory and kill the process. For cleanups of these completely retarded and unoriginal rogue a/v programs that seem to be freakin EVERYWHERE it works mostly fine. SAS is an excellent tool that is exceptional against vundo but again a little weak on some of the rootkits, unless it is ran on UBCD4WIN where it can’t hide itself. It tends to take about 40-50% longer to scan than MBAM which is the biggest downside to it. If I am on the road with someone breathing over my shoulder I am more inclined to use MBAM but is does not necessarily mean I prefer it, it is just quicker for most jobs. I did try the standalone SAS just today and was very pleased with it. I am going to run a time trial on one of my honeypots and see how it does vs MBAM. The thing that must be remembered is over time the mice (i.e. the malicious software) will always be a step ahead of the mousetraps (i.e. your mbam SAS spybot S&D etc.) I am sure there will be another tool that will come out sooner rather than later that could possibly even make us forget about either one. I think in general it is foolish to become emotionally attached to any particular software program. Frankly I am shocked to see anyone even use spybot or adaware anymore because both have become mostly useless againt the new generation of malware. I will always install Threatfire over SS&D’s teatimer anyday. It uses less memory and is awesome for zero day threats.
Combofix is an excellent utility however it is not perfect. More often than not I find the log file combofix creates much more useful than the “cleanup” the program does. Combofix also was bricking xp machines back around Christmas and so blindly trusting that software is not particularly wise. sUBs who created and maintains combofix has made a very nice tool, and he should be commended for his hard work on releasing something so useful and free to the public. However he is human and if you wax your machine because of a little bit of buggy code on the latest update maybe it is time for you to actually learn to clean a virus manually. There are multiple warnings that Combofix is not guaranteed and should not be run unless you are elite or told to do so by a malware forum moderator. That is not to say that you shouldn’t use it but if something goes wrong you will almost certainly need UBCD4Win to save your ass.
Hijack this is an excellent tool and it is ALWAYS the first thing I run on a machine I suspect is infected. Often you can disable a good chunk of the malicious software with Hijackthis before you even attempt to run a scan. Some of these lamer rogues will pop up and say “HijackThis.exe is infected and cannot run” All you have to do is rename the file to iexplore.exe (for hopefully an obvious reason) and boom your in business.Educating clients….lmfao Stupid is as stupid does. It is a noble idea but difficult to implement. Too many people that still think computers are like magic. Setting up a good protection package is the best thing you can do. There is no one correct answer as far what is the best, and nothing is 100% effective. Generally it depends on the customer, their surfing habits, their technical expertise(or lack therefore of), how easily annoyed by warnings/possible false detects they are etc. etc. Comodo, and threatfire are two of my personal free favorites for proactive defense(But not both on the same machine!) Couple that with whatever A/V you want none of them are really worth a damn anymore IMHO anyway.
@Ben f*** those MBAM developers, god forbid they try to make their product work on the best “windows” PE boot disk there is. MBAM is shareware but who in the hell really ever pays for it?!? The full “live” version sucks! They use a cookie cutter memory module that is not particularly difficult for malware to circumvent. I think UBCD4Win does just fine without it anyway. I could understand them wanting to get paid if you charged money for your product, alas you do not. Blood from a stone. I figured they were in the business of fighting malware, by any means necessary. I guess it is only if it is 100% convenient for them.
SAS is easily my favorite baddy removal utility on UBCD4win so there is some love for it. Pardon my rambling, I had several red bulls today
-
Peter Trinh February 10th, 2010 at 13:34
Thanks for letting me know about SAS standalone, Ben! I agree with Johnny2Bad in his assessment of various tools. I like SAS much more, but its downside is its scanning time. I will have to give the standalone version a shot and see where it puts them. I will run SAS if I have time flexibility, otherwise I have to rely on MBAM to get rid of most of the nasty malware. I also run HJT before anything else, with the exception of rkill (if i suspect there are counteractive malware processes running). I actually still use SD&D last, since it mops up the remaining minor ones that could be spawn points for nastier reinfections.
Lately, I have been putting Microsoft Security Essentials on the machines afterwards as an all-in-one protection for non-saavy clients. It is far from being 100%, but it is currently better than any other single all-in-one free packages out there.
-
I’m with you, really. SAS and MBAM both detect and remove stuff the other doesn’t. I trade-off as to which I try first. Tuesday, I had one that SAS detected but couldn’t remove. While MBAM was scanning, I downloaded combofix because the last time I dealt with one of these variants, combofix was the only thing that could remove it. This time MBAM got it on the first try. I was pleasantly surprised and MBAM has had its rating improved and will probably be tried before SAS next time. I probably will buy neither because neither have been reliable enough at removing the infections I need to remove. MBAM is around 40%, while SAS is more like 25%. SAS may score higher if I used it first more often, but it still doesn’t get everything.
-
Tony Vickers February 11th, 2010 at 09:16
I have been using UBCD4Windows for quite some time now. I will run SAS first after updating it if my build is more than a few days old and then run MBAM. I follow up with Kaspersky AVRT and usually the system is clean. Reboot into the native Windows and install SAS & MBAM and rerun. As someone else mentioned, scan times do improve when temp files are deleted before starting any scans. I will also delete the pagefile and hiberfil as part of the process under UBCD4Windows. Once the machine is clean, and I give it back tot he customer, I make a recommendation to scan with SAS & MBAM at least once a week plus any other AV & AS software they have installed after updating first. Keeping the programs updated is very important.
-
Both products are great. I have been cleaning since adware/spybot were your best options. I think SAS is great. MBAM is good to. But just like anything else there is no one piece of software that’s going to get rid of it all. I have seen SAS and MBAM not detect things yet sophos has a little rootkit remover that did wonders. I have had systems where it would take hours from starting with UBCD4WIN with SAS,MBAM then once you get booted up spyware doctor/spyware sweeper/Hitman. The best is when you get a PC with over 300,000 files on the hard drive, Yeah the quick and easy thing to do sometimes is format. However Im stubborn. For me I enjoy the challenge to beat them while improving my abilities. Sometimes when these tools fail then im using process explorer to see what’s going on in winlogon. No matter what product UBCD4WIN makes all this come together. When you can’t remove something with these products and you know the name of it you can research manually and use ubcd4win to delete these files. My favorite is when you have locked permissions on registry keys. So I think UBCD4WIN is the best app.
-
As the viruses change so does our MO. My (attempted) steps are:
1. Totally hosed “no boot” BSOD systems > UBCD4Win – THANK YOU BENJAMIN !
2. Safe Mode: attempt cCleaner install & run (temp files, registry “rewire”)
3. Safe Mode: attempt Glary Utilities install & run (one “type” of tool is never enough)
4. Revo Uninstaller: attempt install & run: dump tool bars, coupon scams, crapware
5. Safe Mode SAS portable D/L’ed Quick scan – great toolOnce [ any of ] this works, we attempt to boot a normal Win 32 bit environment… run
portable SAS [ again ] in Quick mode – verify no memory or registry entries. Once
that happens we’ve crippled the bad stuff so much that we can load and run MBAM
which is otherwise useless. I predict MBAM’s “DiCaprio” decent into oblivion in the
not too distant future. Good tool – just too proprietary to last in this marketplace of
ideas. It may take up residence on shelf systems across the globe next to Spybot.The one area we’ve avoided: formatting and reinstalling. Now because of the sheer
quantity of jobs and the need for speed we may head in this direction.Bill Trail
Penny Systems, Inc.
Macon, GA
Leave a reply
-
