Friday, February 02, 2007

Programs to avoid

We hammer readers with the importance of keeping their PCs up to date with Windows critical patches as well as reputable spyware scanners, antivirus programs and other security software. Harangue, scold, lecture or preach… you pick the term but the admonishments are all but constant.

Something that dawns on me is that through the unending badgering, we’ve never pointed out what security programs to avoid. That’s a glaring oversight given that there are more misleading and downright evil programs out there that purport to keep you safe than there are legitimate security tools.

First, let’s hit on some of the basics of keeping this crap far away from your PC, as well as your wallet.

Antivirus programs will generally warn that they’ve found or blocked something with a pop-up in the lower right corner of the screen. If the program needs input the options are usually along the lines of “Delete”, “Quarantine”, “Block” or “Ignore”. It might ask you to do a full system scan but never will you see the phrase “click here for a free scan”.

That “free scan” is the key to identifying bogus malware scanners exploiting pop-ups in the center of the screen telling you that you’re infected with something specific, and that you can click a hyper link for a free scan. Some pop-ups are more generic and say something akin to “Your computer may be infected, click here for a free scan”.

This warning applies to antivirus programs as well as spyware scanners. The free scanners we recommend, like Ad-Aware and Spybot, are passive programs and will never automatically detect anything anyway. If something pops up that clams to be a warning from one of those programs, I can assure you it isn’t.

Many of these pop-ups appear to be warnings from XP Security Center offering a link to a list of spyware scanners recommended by Microsoft (they aren’t), while other masquerade as HTML “Page not found” type messages claiming that your IP address is under investigation due to material you’ve been viewing.

That last one is especially nefarious because it uses information commonly sent by your system to list your IP address, ISP and browser version, making it seem that much more legitimate.

These security scams generally depend on scare tactics to lure unsuspecting users to their websites, where they appear to be offering perfectly legitimate malware scans for free. Once you start scanning the sites will either start finding what they claim are dangerous files on your PC, which are usually just innocent first party cookies or non-existent registry entries, or they will actually plant spyware on your PC.

Once the scan is finished, you’ll be offered a chance to clean the “offensive files” for a price, usually $39-49 dollars.

Some companies pushing bogus programs like Spyware Assassin, SpyKiller and SpyBlast (note the similarity to the legitimate program Spyware Blaster) have recently suffered the wrath of the FTC, but many others are still out there with names like SpySheriff, WinAntivirus and PurityScan.

Basically, never purchase anything from a message that just appears on your screen and, before buying something you’ve never heard of, it’s best to check it out. Ask your IT department at work if you have one, ask us through our webform at or check it for yourself at

Written by:
Kevin Mefford

No comments: