Security

SolutionBase: AVG moves into the spyware battle with AVG Anti-Spyware

Battling spyware is an ongoing fight for network administrators. In this article Erik Eckel introduces you to a new weapon you can use in the battle -- the latest anti-spyware program from AVG.

This article is also available as a TechRepublic download.

Spyware may well have become IT professionals' worst nightmare. From corrupted Winsock interfaces to hijacked browsers, Trojan keystroke loggers and more, spyware infestations often prove to be the most difficult infections from which to recover.

In fact, most computer professionals I know simply recommend reinstalling Windows when more than a handful of spyware infections plague a system. Reinstalling the OS, reloading drivers and recovering data from a backup typically proves much more efficient (and faster) than painstakingly searching a system's registry and Windows system folders for wayward or corrupted files.

Deploying a strong antispyware program, combined with user education, constitutes the best method of preventing spyware issues. Of course, that's not always possible. Often computer professionals inherit infected systems, users circumvent controls or organizations haven't had the opportunity or resources to properly implement an antispyware strategy.

Once systems are infected, and it doesn't take much, administrators are at a distinct disadvantage. I'm yet to meet an IT professional who doesn't recommend running at least a pair of antispyware programs on every system at any given time. Spybot S&D, Lavasoft's Ad-aware, Webroot's Spy Sweeper and CA's PestPatrol are among some of the most commonly deployed solutions. Even Symantec's added an antispyware component to its leading antivirus program.

My personal experience, supporting more than 40 different clients and small businesses in the past six months, reveals to me that many of those programs just don't catch or prevent all spyware infections, however. One solution might catch infections another program missed, but no single program appeared to effectively eliminate problematic spyware infections or prevent future infestation.

This summer, at a technology trade show, I learned about the ewido antispyware engine for the first time. I pride myself on keeping current with the latest solutions and technologies, but a single seminar proved quite rewarding. In one single hour-long session, I learned the benefits of the (at least to me) relatively unknown ewido antispyware program.

At the time, Grisoft (maker of the popular and very effective AVG Anti-Virus program) had just acquired ewido, and the company's now remaking the surprisingly powerful antispyware program as AVG Anti-Spyware. While my consulting business doesn't present a statistically valid sample, I've found clients running ewido experience fewer spyware disruptions (and encounter quicker recovery when spyware is present at installation).

Author's Note

Before anyone suggests I receive a kickback or profit from AVG sales, it should be known that I sell my clients Grisoft (and other) software at the price I pay. In other words, I don't make money selling software. My business model's always been to provide the best small business services I can, and I've found the AVG products consistently simplify my job.

ewido/AVG Anti-Spyware

Just as with AVG Anti-Virus, Grisoft offers users an opportunity to sample its new AVG Anti-Spyware program free. Trial 30-day versions can be downloaded directly from the manufacturer's Web site.

Straight up, a two-year license for a single computer costs $39.95, although available volume licensing reduces the cost considerably. Better yet, I'm told Grisoft is at work preparing special pricing for a combined AVG Anti-Virus and AVG Anti-Spyware bundle (working directly with Grisoft's sales team, I've already deployed such a suite for several clients).

That said, here's what you need to know to install and configure AVG Anti-Spyware.

Installing AVG Anti-Spyware

The AVG Anti-Spyware program is freely available. AVG Anti-Spyware 7.5, the most current version, can be downloaded by anyone at Grisoft's Web site. Grisoft gets paid, of course, when you purchase client licenses (the copy you download only works for 30 days if no license is supplied).

In my case, I carry the avgas-setup-7.5.0.47.exe file on a thumbdrive. Those inclined can also download a copy of the product's User Manual, too.

When working on client sites, I simply load the program from the USB thumbdrive, purchase licenses online, which I receive via e-mail on my Treo cell phone, and enter the license to validate the installation. Once loaded, I run an update and then configure the program's scanning schedule. I also always run a complete system scan at installation.

Here's how it works.

Once you have downloaded the setup program (which is a little over 6MB in size), you need to copy it to the system on which you wish to install it. As is common, double-clicking the avgas-setup program triggers the installation program.

Windows XP responds immediately with its traditional warning message that the file you're opening could be harmful. Click Run to proceed. Specify the language you wish the installer to use (English is the default) and click OK.

The Welcome To The AVG Anti-Spyware 7.5 Wizard will appear. Click Next to proceed with the installation.

Click I Agree to accept the license agreement. Next you'll have to specify the installation location. Once the location is specified, click Next. You'll be prompted to specify a Startup Menu Folder. Click Install to accept the default AVG Anti-Spyware 7.5 folder.

Once you've clicked the Install button, the AVG setup program will execute. When it completes, you'll see a confirmation window stating the installation has finished successfully. Click Finish to complete the install. The AVG Anti-Spyware application window will appear.

Click the Enter License Code link (in the bottom-right of the window) and click the OK button to validate the software. Unless you provide a valid license, the software will stop operating after 30 days. If you still need to obtain a license, you can use the Buy Now button to complete the transaction.

And, you need not worry about forfeiting the free 30-day trial if you license the product immediately. In tests I've conducted, whenever I've licensed the antispyware program immediately upon installation, the license has proven good for 395 days (even though I purchased a one-year license for $29.95).

Once you get it up and running, you'll see the clean, simple interface shown in Figure A.

Figure A

AVG Anti-Spyware provides a clean but powerful interface for combating problematic adware, spyware and malware programs.

Configuring AVG Anti-Spyware

The first action I recommend taking, upon completing the AVG Anti-Spyware installation, is updating the application. AVG Anti-Spyware, by default (and unlike some antispyware programs) is set to automatically download and apply updates periodically as seen in Figure B.

Figure B

AVG Anti-Spyware's Update menu enables forcing and automating updates. The Update menu also can be used to configure a proxy connection.


To force an update, though, click the Update icon from the toolbar that runs across the top of the application's window. From the Manual Update section, click the Start Update button. AVG Anti-Spyware will check for an update and apply any updates it finds. Or, you can simply click the Update Now link found on the application's main Status page (from within the Your Computer's Security section of the Status page).

In addition to displaying how many days remain in the current subscriber license, the Status menu also lists a rundown of files in quarantine and the number of malware programs detected since the program was installed.

Disabling the program is straightforward. Just open the application and click the ResidentShieldChangeState link (also found on the Status page). Disabling updates is equally simple. Just click the Automatic Updates' ChangeState link from the Status menu.

To scan a system, click the Scan Now button (found on the main Status page shown in Figure C). Or, you can click the Scanner icon and customize a scan by specifying what should be scanned (options include the complete system, a fast system scan, a registry-only scan, a memory-only scan or some combination you select). Other options that can be set using the Settings tab include scanning inside archive (Zip) files, checking for adware, tracking cookies, riskware and dialer programs, and more.

Figure C

Five scan options are available, including everything from a complete system scan to a custom scan.

Once you've specified the settings you wish to use for a scan, click the Scan Now button to execute the spyware check. The program will list the threats it finds within the Objects Found window. To accept the application's default removal recommendations, click the Apply All Actions button. When the removal is complete, AVG Anti-Spyware will display a confirmation message stating all actions have been applied within the Information section of the Scanner menu. You can see this in Figure D

Figure D

AVG Anti-Spyware lists the threats it identifies within a preview window. As is standard, the application also tracks the number of objects scanned, the length of time that's elapsed and the object currently being scanned, among other information.

To schedule a regular scan, click the Scanner button and select the Scheduler tab. Select the Click Here To Create A Custom Scan Profile link. Click the Add Profile button. Add the Registry and Memory to the scan by clicking their respective buttons, then click the Add File/Folder button and specify the files and folders to be scanned, then click the Schedule This Profile button. Specify a fixed time of day (or a specific amount of time after the system starts up, set the period (daily is the default) and the process is complete.

Use the Shield icon to access active protections, such as preventing AVG Anti-Spyware from being terminated. The Infections icon list any objects in quarantine, while Reports lists the results of previous scans and actions.

AVG Anti-Spyware's Analysis icon lists five separate menus to help administrators track active processes, connections, programs that load at startup, browser plugins and layered service providers to simplify identification and removal of spyware, adware and other problematic malware programs. You can see affected processes in the Processes tab shown in Figure E.

Figure E

The Analysis tabs reveal critical information regarding active processes, files that load at startup and more.

The Tools menu, meanwhile, provides access to an Antispy application and Shredder utility. The Antispy utility helps you block error reporting, prevent infection reporting to Microsoft and other actions, while the Shredder utility enables securely deleting sensitive files and information.

Summary

Spyware infestations present numerous challenges to overworked administrators. AVG's reworked ewido antispyware application provides a simple but powerful tool for effectively battling the persistent spyware nuisance.

Editor's Picks

Free Newsletters, In your Inbox