Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

I run Anti-Spyware software, why do I still get infected?

Someone commented on my prior article about:blank hijacked my
homepage – how do I fix it?

After spending about $29.00 a shot for 5 or 6 different spyware
removers … I have decided to wack my hard drive and start over … it’s
easier. None of the commercial things work … and what’s more frustrating is
… how did I get this? … with firewalls, Norton, Spysweeper and other things
running … how do you prevent this from coming back?

It is frustrating. But there are several possible reasons you’d get

It’s not necessarily a losing battle, but it is a constant one.

Become a Patron of Ask Leo! and go ad-free!

Tip #1: Don’t spend any money on anti-spyware. It’s
currently not worth it.

For what it’s worth, I’ve never spent a dime on spyware removers/checkers
and actually don’t recommend that anyone do so. The free packages seem to be
the best right now anyway even if none of them get you 100% coverage.

Tip #2: Run the right tools for the job.

Now, to the list of tools you mention that you’re running, you should be
aware that firewalls and most anti-virus programs give you no protection
against spyware. None. So the fact that you’re running with a firewall and are
running Norton (Anti-Virus, I assume) is great, but for other

The only tool you’ve mentioned that would apply is Spysweeper by Webroot.
The good news there is that it has a fairly good reputation.

Tip #3: Keep your tools up to date.

Even the right tool will not work properly if it doesn’t have the
latest and greatest definition of what spyware is. Spyware, like
viruses, is a race. New spyware is being generated every day, and that means
all the spyware scanners need to be updated regularly. Usually that’s as simple
as telling the scanner to update itself. Microsoft’s even automates that

Tip #4: Use the tool’s advanced features.

Spybot Search and Destroy and Microsoft’s Anti-Spyware both have a feature
called “inoculation” or “immunization”. Other tools may have something similar.
These features cause the tools to monitor for spyware-like behavior and either
prevent it, or at least ask you about it, before it takes place. For
example with either, you can prevent your Internet Explorer homepage from being
changed by anyone. Hence, homepage hijacking is a thing of the past. Both keep
an eye on registry changes as well. Look for these features in whatever
anti-spyware program you choose, and turn these features on.

Tip #5: Don’t be part of the problem.

All the protection in the world won’t help if you engage in risky behavior.
Download and install software only from places you trust. One of the
largest sources of spyware anywhere are the peer-to-peer file sharing
programs like Kazaa. They come loaded with spyware. Check out the reputation of
a package before you install it. Don’t open email attachments unless you
know it’s safe and legitimate.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

10 comments on “I run Anti-Spyware software, why do I still get infected?”

  1. Leo- It seems that if this guy is really getting sick of the Spyware he should consider a Mac. Right? (I understand that you were just answering his question. You do a great job in helping people.)

  2. Leo,

    Your advice is very good, but I didn’t see any mention of going to and downloading all of the latest security updates for Internet Explorer. To the best of my knowledge, most if not all of these browser hijackers exploit known vulnerabilities in IE that can easily be patched.

    I especially like your “risky behavior” tip, but I think you should have mentioned that a primary source of these nasties is “questionable” sites, such as porn, warez (pirated software for those who don’t know), hacking, etc. I’ve visited my fair share of these sites in IE and I didn’t catch anything because I had IE updated.

    Finally, I think it’s fair to mention that the easiest way to avoid catching malware from malicious websites is to use a different, often more secure browser, such as Mozilla Firefox:

    I’ve been using Firefox instead of IE since last summer, and in my experience very few sites don’t work properly with it.

  3. Statistically today an unprotected PC with a fast (ADSL/T1/cable connection to the Internet will be hit with Malware within 40 seconds, an unorotected PC on Dial-up will be hit within 5 minutes of being on the Internet.
    I believe that today you DO need good Security Software, and some are much better than others.
    Good Free Security software I recommend:
    1. Microsoft Antispyware Beta (ex Giant)24/7 + daily scan
    2. Spyware Blaster (Javacool) 24/7
    3. Spyware Guard (Javacool) 24/7
    4. Spybot S & D (Kolla) weekly scan
    5. Spybot S & D TeaTimer = part 4.above(Kolla)24/7 = weekly scan
    6. Adaware SE Personal (Lavasoft) weekly scan
    7. AVG Free v7 +++Antivirus (Grisoft) 24/7 + daily scan
    8. System Security Suite (> weekly scan
    9. ZoneAlarm Free Firewall(ZoneAlarm)24/7
    10. Internet Sweeper (Emory) 24/7 autosweep
    11. Pegasus Email as Email Client( (don’t use Outlook or Outlook Express)
    I have tested most Free security applications and these appear to be a very good combination.
    PAID (Registered versions):
    If you can afford it, the following are all really good, when used in combination:
    1. Norton Antivirus (Symantec) 24/7 + daily scan
    2. Trojan Hunter (Mischel) 24/7 + weekly scan
    3. a-squared guard/scanner (Emsisoft) 24/7 + weekly scan
    4. ZoneAlarmPro – replaces free ZA (Zonelabs) 24/7
    5. Spyblocker (Kurland) 24/7
    6. Digital Patrol (Protoantivirus) weekly scan
    7. Spyware Doctor (PC Tools) 24/7 + daily scan
    8. MailwasherPro + First Alert (FireTrust) 24/7
    9. Evidence Eliminator (Robin Hood) weekly
    10. Anon2004 (Anonymizer) on Internet

    Update daily all above (takes around 15 minutes)
    You might think that there is a lot running simultaneously, but at leat the PC is as secure as possible.

    I have a special interest in Computer Security

  4. Wow. That seems WAY overkill. IMO: a hardware firewall (router) + a good spyware and a good av program, run *and updated* regularly, + windows update either auromatically or regularly, + some common sense (don’t open attachments you aren’t 100% certain of) is the best combination.

  5. In response to Lofty’s post: I am an Internet security researcher, and in my opinion Lofty’s list is only slight overkill, and Leo’s list is slight underkill.

    #1) Leo, the short answer is that I would add a two-way, application level software firewall like Zone Alarm to your list. Lofty is right about this: An adequate firewall of some sort is an absolute necessity for any computer connected to the Internet and is the first level of protection. I don’t consider a basic NAT router to be an adequate firewall.

    As to why, well, that gets a little involved, so I posted it to my blog at:

    2) Leo, I also think it is wise to have a backup anti-spyware application or two, because none find and clean all of the huge amount of malware that is out there. I will put in a specific recommendation for MS Antispyware or it’s cousin, Sunbelt Antispyware as the primary means of protection from spyware. These applications are very good, especially if Real-Time protection is enabled. I would add the immunization features of Spybot and Spyware Blaster, and occasional scans with Spybot. Ad-Aware is also a good antispyware application for use as a backup scanner, but it lacks real-time protection and immunization features.

    Lofty is offering a pretty comprehensive solution. He doesn’t explain all the reasons why feels all that protection is important, but I thinks he probably has some good reasons.

    I would add the following to Lofty’s list for certain users: A good, workable encryption system for any documents and information the user would prefer to keep private, like tax and other financial records and confidential letters and such.

  6. I would recommend using Mozilla Firefox as your browser rather than frequently updating IE for browser exploit patches. I admit Firefox isn’t bulletproof, but at least the majority of internet attacks that specifically exploit a vulnerability in IE won’t affect you. Adjusting your preferences (“trusted sites”, disabling cookies, etc.) in Firefox has kept my system clean.

    Coupled with Adaware and Spybot weekly updates and scans, the only other precaution you need to follow is Tip #5 – use your head!

  7. I totally agree with what you’re saying. I wish more people felt this way and took the time to express themselves.
    Keep up the great work.

    David Jefferson


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.