Freeware anti-malware software.

Home My Programs Freeware Game Maker Articles Links Misc Contact

Freeware Menu >> Anti-Malware

Note: What is malware? Basically any malicious program that is not covered by your anti-virus software. It could be spyware, adware, or trojans, a malware scanner can be run alongside your anti-virus.
Additional note: I don't list download sizes for most security software, as the files tend to increase in size quite rapidly as the software is developed.

Spybot Search & Destroy v1.5.2

Spybot S&D is one of the longest established anti-spyware programs. It has two modes, default and advanced and I would advise using advanced mode, as it has lots of useful extras.
The main feature is a manual drive scanner which scans for and (hopefully) fixes spyware problems. The results window can be split in two, so that the right hand pane shows additional information on any possible threats.

Spybot S&D, scanning for problems.

The immunize feature adds potentially dangerous web sites, to the restricted zone in Internet Explorer, preventing them from running possibly malicious code, through IE. Known tracking cookies are also blocked. Immunize also helps to protect the Opera browser, from bad plugins and cookies.

Spybot has a good selection of tools, the most useful being the Secure Shredder and System Startup, which lists all the programs that start with Windows. System Startup often gives a description of the program, but I would advise double checking an item using Google, before disabling or deleting it.

Spybot has some real time (resident) protection, in the form of SDHelper for Internet Explorer, which blocks bad downloads and TeaTimer which monitors the processes that your computer runs and keeps a watch over some sections of the registry.
I use SDHelper, but not TeaTimer, as RegProt protects my registry and I'm not convinced that continuously monitoring running processes for spyware is necessary (depends how paranoid you are ).

Updating is straightforward and you can select which items you wish to download. Note that if you update the immunize database, you have to manually immunize again, never really understood why it isn't automatic.
Spybot used to have a problem with updates failing, but since its recent major overhaul, it seems to be better and I've had no recent problems. If the update does fail, just select a different update location and try again.

Spybot is my favorite anti-spyware software and the only anti-spyware application that I always keep on my computer. Its reliability, reasonably accurate detections, useful selection of tools and comprehensive help file, combine to make it an excellent program.

Freeware -- Win 95, 98, ME, NT, 2000, XP, 2003, Vista.

Note: Spybot also has an "easter egg" (a good one for a change), you can read about it here: misc.htm

http://www.safer-networking.org/en/index.html

Comodo BOClean v4.25.

It's a very common practice with anti-malware scanners, for the freeware version to have a manual drive scanner and the paid for "pro" version, to add a background scanner, which checks files as you use them.
Comodo BOClean takes a different route, by only having a background scanner and not using a drive scanner at all. The theory being, that BOClean is more likely to catch malicious software as it tries to run, rather than when a trojan is disguised and hiding on your hard drive.

BOClean menu. Installation is straightforward and once installed, the only sign of BOClean, is an icon in the system tray. Right clicking on the icon produces a simple menu, which allows you to configure, update and shutdown BOClean.
I did find a small bug, clicking the "Covered Malware" button on the menu, froze BOClean and I had to use Windows Task Manager to close it.
Note: The malware (50,000+ unique items) that BOClean protects against, is also listed on the web site.
It is essential that you read the online help, BEFORE altering any of the configuration options, as it is possible to permanently mess up the settings, if you don't understand an option. Apart from setting updates to manual, I stuck with the suggested defaults.

In use you hardly notice BOClean, it's very well behaved and plays nicely with other security software, just flashing its icon occasionally. Updates are reasonably quick, even on dialup.
How much protection it gives you is hard to assess. I tried my usual (fairly basic) testing methods and couldn't get a squeak out of it.
Looking on the internet, I found a few comments from users, saying BOClean had blocked possible infections for them. But I could only find one test report:
Tech Support Alert -- security test Comodo BOClean v4.23

The test results aren't very impressive, with an awful lot of fails and very few passes. But detecting malware in the real world, isn't quite the same as stopping test software and looking at the test results for other security programs on the same site, show that most software struggles in the tests.

I quite like BOClean, it's a small download and has a very comprehensive online help file. It works with all versions of Windows and is almost no trouble, although it does seem to make a few action games "stutter" very slightly.
I suspect that BOClean gives more protection than software with just a manual scanner, as by the time a trojan has taken up residence on your hard drive, it has probably already performed its dastardly deeds.
As a hassle free addition to your antivirus software, BOClean must help to increase your protection.

Freeware -- Download size 1.47MB -- Win (all)

http://www.comodo.com/boclean/boclean.html

ThreatFire free edition v3.0.13.

Most real time security scanners use virus/malware definition lists, to identify threats to your computer. ThreatFire employs a different system, using behavioral analysis to detect files that are engaged in nefarious activities, that are common to most malware. Such as writing to certain sections of the registry, or changing system settings.
If ThreatFire detects suspicous activity, it suspends the action of the suspect file and alerts you. Depending on the type of threat, you may get a choice of action, or ThreatFire may immediately quarantine the threat.

ThreatFire, security software.

I have reviewed ThreatFire previously, when it was known as CyberHawk, which I wasn't very impressed with, as CyberHawk wasn't very good at detecting even simple threats.
I'm pleased to say that ThreatFire seems to be considerably better. It successfully detected almost all my simple threat tests, although it did get confused at one point, quarantining the shortcut of the suspect file, rather than the exe.
ThreatFire also incorporates a manual scanner, that checks your registry and drive, for rootkits (what are rootkits?).
If you purchase ThreatFire Pro, you gain the option of running a threat scan, which works in the same manner as standard virus scanners, using an updatable virus definition list to check for threats.

ThreatFire is easy to use and comes with a good help file and a reasonably good tutorial. Ideally it should be used alongside your existing antivirus software, where it should provide some extra protection.

Free -- Win XP, 2000, 2003, Vista(32bit)

http://www.threatfire.com/about/

Hazard Shield v1.7.0.3.

Hazard Shield combines a malware scanner with a real time monitor and some useful security tools. It appears to be a fairly new program and still undergoing rapid development and there isn't much mention of it on search engines. But it is quite interesting and security buffs will enjoy playing with it.

Hazard Shield has a very nice looking interface and is extremely easy to use, which is just as well, as the online help link takes you to an empty page!

Hazard Shield tools window.

The malware scanner gives you the option of a quick, full, or custom scan, with the option to scan the registry as well.
Scanning speed is reasonably quick, but there is no cancel button, so be sure you want to run a scan. It has yet to find anything on my computer, not even a naughty cookie, so I have yet to see what happens when there is a detection.

Hazard Shield has a real time monitor to detect threats immediately, this shows as a shield icon in the system tray and seems to be well behaved, although sometimes it does forget to show its icon.

The updater will update the program and database, neither of which take very long, even on a dialup connection. Hazard Shield is still being actively developed, so program updates are very frequent, I've had three during testing.

Some of the best features of Hazard Shield, are its tools. There is a useful file killer, for deleting locked files and a temporary file cleaner. You can also uninstall software and keep track of system services and cookies.

Hazard Shield is an interesting new program, I'm not sure how good it is at detecting malware, as the number of definitions in its database is very small in comparison to more established scanners, such as Ad-Aware. But if you like testing security software, it's worth a look.

Freeware -- Win XP, Vista -- Note: If running XP .NET framework 2 may be required

Important Notice.
If you decide to uninstall Hazard Shield, you must first stop the real time protection feature and then press the "Uninstall Realtime" button. You can then uninstall Hazard Shield in the normal way.

http://www.orbitech.org/hazardshield.html

WinCleaner AntiSpyware.

WinCleaner AntiSpyware protects your computer against spyware and malware, featuring a scanner to detect infections, using updatable spyware definitions and real time shields, to protect against registry and important system file changes.

The first thing that strikes you about WinCleaner AntiSpyware, is the garish program interface, it's certainly eye catching. But despite the rather overpowering colours, the interface is laid out well and quite intuitive, with mouse over hints for extra information.
There is a very basic help on the welcome page and a slightly more informative help page is available online, as well as a forum.

Wincleaner Antispyware main window.

Running a scan is straightforward, you have a choice of a quick scan (took about two minutes on my computer), that checks the registry and known locations used by spyware, or a full scan that performs a more in depth check, but takes considerably longer. The program currently checks for over 73,000 spyware signatures (march 2007) and the definition database can be updated.
Note: Definition updates are not very regular.

The real time shields protect against changes to vulnerable sections of the registry, such as the start up section and important system files such as the hosts file. The home and search pages of Internet Explorer are also protected from change.
A novel feature of the program is the ability to add registry entries to the shields list and extend your protection, but only do this if you know what you are doing!

In my tests, I found that the shields worked well, responding immediately to threats and blocking quite a wide range of attacks.
Unfortunately WinCleaner AntiSpyware did have a tendency to crash occasionally when dealing with an alert, it still alerted you, but closed without taking any action. Looking on the forum and Google, there are several reports of crashes, it is only occasional, but something to be aware of.

Overall, despite a slight instability problem, WinCleaner AntiSpyware seems to perform well, it didn't cause any noticable slow down to my computer and was easy to use. If you don't currently have any registry monitoring software it could be a reasonably sound choice.

Freeware -- Win 98, 2000, XP, 2003.

http://www.wincleaneras.com/

SuperAntiSpyware.

SuperAntiSpyware comes in two versions, a basic freeware scanner, or a registered version, with extra features, such as a real time scanner and scheduled scans. I shall be concentrating on the freeware version (no surprise there then! ).

The freeware version is basically just a manual scanner, you can choose between quick, full and custom scans. Scanning speed isn't particularly quick, but the program doesn't hog the system resources, so you can carry on working, while the program scans.

SuperAntiSpyware can start with Windows and run constantly, but since the only real time protection in the free version, is protection of your IE home and search pages, it is best, in my opinion, to disable the auto startup.
Downloads are performed manually and take a couple of minutes on a 56k connection.
SuperAntiSpyware comes with a handy extra feature called BootSafe, which allows you to easily reboot the computer into Safe Mode, which can be useful when removing stubborn spyware.

Overall I thought that the freeware version of SuperAntiSpyware was quite good as a basic scanner. The program interfaces are very easy to use, with good descriptions and there is a useful help file.

If you are wealthy, you can spend $29.95 and buy the Professional version. This gives you quite a lot of extra features, including, a real time scanner, which checks for spyware, as you use your computer, registry protection, scheduled scans, automatic updates and a settings repair feature.
Note: there is a 15 day free trial of the Professional version.

Freeware or paid for version $29.95 -- Win 98, ME, 2000, 2003, XP, Vista

http://www.superantispyware.com

AVG Anti-Spyware v7.5.

AVG Anti-Spyware comes in both free and paid for versions, if you pay your money, you get the added benefits of a real time monitor, scheduled scans, and automatic updates.
When you download the program, you initially get the fully functioning program, which after a thirty day trial reverts to the basic free version. I will be concentrating mainly on the freeware version.

AVG Anti-Spyware, scanning window.

The freeware version is primarily just a scanner, you have a choice of five scan types. Ranging from a fast memory scan, that checks for active threats, to the complete system scan, that checks the memory, registry and all hard drives.
In the settings you can alter what is scanned for, so that you are not scanning relatively harmless items such as cookies. You can also alter how you scan and what reports of the scan are kept.
I found the scan to be fairly fast on the 20GB occupied section of my drive. The only suspected malware AVG found turned out to be a false positive, this is probably due to the program using heuristics (in addition to malware definitions), which are never 100% accurate.
However you are given the option to quarantine any suspicious items, so you can investigate them and restore them later, if they turn out to be harmless.

As well as the scanner, in the Tools section you can disable a few vulnerabilities in Windows and there is also a very nice secure file shredder, providing three levels of shredding.
Database updates are performed manually in the free version and were reasonably fast over my 56k connection.
The program is easy to use, with most functions being obvious and an excellent help file is provided.

If you don't have any spyware protection, the freeware version of AVG Anti-Spyware could be a useful addition to your computers security. Although Spybot is possibly a better choice, with its immunise function and a better selection of tools.

Freeware and a paid for version -- Win XP, 2000, Vista

http://free.grisoft.com/doc/20/us/frt/0

Security software -- Arovax Shield.

Arovax Shield is a real time monitor, that is designed to protect your computer against spyware, trojans and other malware. It blocks attempts to add startup items to the registry, or startup folder, a common trick employed by malware, to enable it to start with Windows.
It also protects the Internet Explorer homepage and search page from change and blocks the installation of IE browser extensions, while also blocking tracking cookies in IE and Firefox.
The Hosts file is also protected, to prevent you from being sneakily redirected to a malicious web site.

Main interface of Avorax security software.

Arovax Shield installed easily enough, but did throw up an error message about not being able to find Firefox, it then put up the same error message when restarted. This seems to be because I don't have firefox installed, but going to the Protection tab and turning the Firefox cookies option on and off and pressing Apply settings cured the problem.
Apart from those initial hiccups, the program has run very quietly and reliably with no problems, apart from a tendency to throw up alerts, when I use IE offline.

Arovax is designed to start with Windows and runs as an icon in the system tray, consuming a smallish amount of ram.
Opening the program window displays a very simple interface, with just a few settings and an on/off switch for the shield. Unlike many anti-malware programs, it is remarkably easy to use and all the features are easily understandable, a comprehensive help file is also included.

I tested Arovax using the Spycar tests and the Scoundrel Simulator, both sets of tests simulate the type of changes that viruses, trojans and spyware, might make to your system.
Arovax managed to block six of the seventeen Spycar tests and three of the five Scoundrel Simulator tests, a reasonable result, although it was weaker at protecting the registry than I hoped.
When detecting problems Arovax can be set to block them automatically, or to prompt the user for action with an alert. The user can also choose to set a rule for a particular problem.
A detailed log file is kept, listing programs and paths of any possible threats.

Overall I was quite impressed by Avorax Shield, its great strength is its simplicity, even the most timorous computer user will not be intimidated by its interface and it is fairly light on resources, causing no slow down on my modest specification computer.
Threat detection isn't great, but it does offer a basic level of protection for the startup section of the registry and IE settings.
Avorax is worthwhile as a second line of defence and will run happily alongside your antivirus and firewall.

Freeware -- Win 98, Me, 2000, NT 4.0, XP, Vista

http://www.arovaxshield.com/

A2 Scanner.

This useful program scans for trojans, dialers, worms and spyware.
The A2 scanner comes in two versions, the free version and the personal version that has quite a few more features ( A background guard, analysis tools and automatic updater. ) but you do have to pay.
You have a choice of fast, or full scans and you can also set the parameters for your own custom scan.
I tested it with the Eicar virus test file, it detected it immediately and then deleted it when told to, you are given the option of saving a HTML report and sending it to the A2 web site.

In conclusion, although you will still need an antivirus program, A2 would make good secondary scanner, it's simple to use and update and the web site is very straightforward with some interesting articles, a forum and newsletter.

Note: Updates can be rather large on occasions, so I do not recommend A2 if you have a dialup connection, unless you have a lot of patience.

Freeware and paid for version -- Win 95, 98, ME, NT4, 2000 and XP.

http://www.emsisoft.com/en/software/free/

Rob Goldfish Web Site