Mike at Techdirt has a perceptive rant on the current state of anti-spyware software:
As spyware becomes a bigger and bigger issue for users, it’s
becoming clear that the current crop of anti-spyware tools is, in no
way, keeping up with the spyware writers. A test of a variety of
different anti-spyware tools shows that none of them work particularly well,
and most do an awful job protecting your computer. In fact, it appears
that some of the fee-based anti-spyware tools do even worse than the
free ones. Still, even the best tool missed quite a bit. Considering
the amount of spyware out there, and the overwhelming nuisance it
causes, it’s about time someone tried to take a much more holistic
approach to stopping spyware, rather than simply trying to solve each
case on a one-by-one basis.
He’s absolutely right.
Problem #1: No one seems to quite agree on what spyware is. Some zealots insist that cookies are spyware. Others want to label as “spyware” programs that I think are completely legitimate and desirable.
Problem #2: Makers of anti-spyware software have a vested interest in making you believe the problem is bad and getting worse. So when you scan your system, you’re certain to find something, thus fulfilling their prophecy.
Problem #3: The people who make hostile software go to great lengths to make it hard to detect and remove, raising the ante dramatically for anyone who wants to fight it.
I’ll have more thoughts in a follow-up post.
Ed Bott 
Disgusting Spyware! Disgusting Anti-spyware methods!DiamondCS is a reputable software firm that developed one of the best Anti-tojan applications I have seen, TDS-3. Unfortunately, DCS employs a hardcode technique that redirects the user to its site with numeric IP 64.91.255.87 upon pressing the F5 function key. Of course there is nothing wrong with this process. This fact could have remained unnoticed had it not been for a spate of really nasty IGN/CWS infections that showed the DCS redirects along with the nasties in hijacked Host files and shown below:
O1 – Hosts: 69.20.16.183 auto.search.msn.com
O1 – Hosts: 69.20.16.183 search.netscape.com
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 64.91.255.87 http://www.dcsresearch.com
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
A quick google search of “O1 – Hosts: 64.91.255.87 http://www.dcsresearch.com” will provide at least 1,500 links (Yup! that many!). It should be noted that an HJT 01 entry will only appear if a Hostfile hijack is involved. Redirecting to the local host to will not appear in the HJT log. When asked about this, representatives of DCS at Wilders Security Forum replied that this is perfectly normal since it simply redirects from an alleged “bad site” to the legitimate DCS IP.
If such were the intention, a simple redirect to the local host would have sufficed as this blocking technique is acceptable. However, redirecting to a preferred website is in any laguage, a hijack. This type of redirect is the method used by hijackers with the same objectives: redirecting to the chosen website. DCS cannot claim that since they are reputable, a redirect to their site is acceptable. No one has nor can given them that status. A hijack is a hijack is a hijack…. The method is absolutely wrong!
Now comes an interesting scenario.
Quote:
“Its becoming such a sizeable problem in the US that the Government voted unanimously in Spring 2004 to approve the first-ever anti-spyware bill. The Securely Protect Yourself Against Cyber Trespass (Spy Act), approved by the US House of Representatives, would levy fines up to $3 million for those who illegally collect personal information, change a browser’s default home page or bookmarks, log keystrokes, or steal identities ”
Quoted from http://www.net-security.org/article.php?id=746
Do you realize that if I invested in TDS3, bookmarked http://www.dcsresearch.com or set my homepage to http://www.dcsresearch.com, the chances are I will be redirected to DiamondCS? This can be documented and I can then sue DCS for illegally redirecting my browser, right? And all because DiamondCS has chosen to adopt a Trojan method instead of a Hostfile block or Help update? Think about it.
Too, what are the chances of a crazy picking up this post and doing exactly the above? This is a possibility they brought upon themselves for insisting that what they were doing was simply protecting their interests. They chose the expedient/easier route now they are susceptible to para-legal issues…. Sooner or later, this will happen….
Your thoughts?
The main problem is that usually antispyware software developers fails to be up to date with spyware parasites. usually its better to clean system manually for free. There are some resources like kephyr.com, spywareguide.com, 2-spyware.com where removal instructions are written, and advanced user can clean up the system easily.
In addition to the post above I mostly use http://www.processlibrary.com