Ad-Aware

Topic

New Reply

I have read in a recent technical type newsletter, that there might be a wave of anti Ad-Adware sentiment going around. While I have had and used Ad-Aware for some time, there is some sense to these opinions. The major objection seems to be LavaSoft’s unwillingnes to supply updated reference files for the basic program. Version 5.83 is the latest build and this came out in June 2002 and they are “apparently” working on V6.0 due for release when ???

The writers opinion is “would you use an anti-virus program with 6 month old .dat files and expect to get reasonable protection?” Then why use a spy detect program with un-updated reference files? They go on to recommend something like Spy-Bot to replace Ad-Adware.

What are some of the Lounger’s thoughts on this?

Bob

Reply | Quote

Replies

I just looked at their website http://www.lavasoftusa.com[/url%5D and the have an updated reference file dated Sep 24, 2002.

So the engine was last updated in June, but the “dat” file was updated at the end of September.

I think its comparing apples to oranges, in this case. New Virii, and differnt strains of old ones, come out almost daily. Where as, Spyware doesn’t have this kind of quick introduction.

I have both Spy-Bot and AdAware, and I find AdAware, SO much easier to use.

So, I’m stick with AdAware as my primary spyware removal tool, but Spy-Bot will still have it’s place on my PC.

Just Like, Notepad, WOrdPad, Programmers Notepad and Word all have their place on my PC. Different tools, for different jobs.

Just my CAD.

Reply | Quote

Last night, after I posted this, I decided to do quick and unscientific test.

I ran AdAware, with the latest RefUpdate, and it found, 23 nasties, IIRC. Most were cookies.

I then ran SpyBot with IT’S latest definitions. It found only 1 cookie that AdAware didn’t.

All that I want to say about this is that AdAware is still run almost daily, while SpyBot is run less frequently, maybe once a month.

Reply | Quote

I have a question for you guys. I don’t run AdAware but about once a month (or so) and usually the only thing it “finds” is one (or a few) cookies that it suggests deleting. Chief among those is always something called FASTCLICK. From looking at their web site, I can’t really tell diddly about whether one should be deleting their cookies or not. I have no idea where I’m browsing or buying from that keeps putting the Fastclick cookies back on my system. Are they really someone we should be concerned with?

Reply | Quote

I don’t know much about Fastclick, but IIRC, it’s an Ad server.

The cookies are sent by websites that have Fastclick Ad banners on them. I’m pretty sure it’s the same idea as doubleclick and the rest of that ilk.

I typically delete anything that AdAware comes up with.

Another CAD

Reply | Quote

From Gibson’s site…can’t remember where exactly, but I had downloaded ” nasties.reg ” …which, when merged in the Registry, will have the listing of all the ‘nono ad sites’ in the IE>Tools>Privacy tab…which then will never leave a cookie on your system.

As to safe surfing practices…I never go to sites where I might get spyware installed…just 21 forums, 5 games sites…that’s my daily routine…plus MSKBase. I run Ad-aware every evening and the only thing it ever found was Alexa when I did an IE Repair…never anything else

Reply | Quote

Lonnie, thanks for digging up that old gem. It’s located here: http://ww.grc.com/cb-faq.htm%5B/url%5D I’ve modified the downloadable version to include some of my un-favorite places.

Reading the FAQ on that page is a long process – but there’s some excellent information, including a method to stealth all ports on a Linksys firewall (a popular item around here – and elsewhere). Good stuff.

Reply | Quote

I block ad banner cookies by setting “prompt” for persistent cookies (yes, it is annoying!) and adding their domains to my Restricted Zone as they reach out to touch me. I currently have *.fastclick.net in there, along with many others…

Reply | Quote

Hi Jefferson
I was going to post a query about cookies which are getting on my nerves, particularly spyware, when I thought of searching the lounge for the keyword cookies, and so found this thread. I know tech columns tell people not to worry unduly about them, but the principle offends me. I don’t see why I have to put up with some organisation dumping unwanted things on my PC and then, have them send info (what info?) back to base. So I’ve set IE to prompt before accepting cookies. This is working OK as I can allow only trusted sites – like wopr.com – to get through. But boy, is it a pain! Sometimes, there is no time to do anything except click NO to the prompt. As soon as one disappears, another arrives. And then, when they do ‘stop’, just as I click on something, another prompt arrives so the mouse click acts on ‘YES – accept cookie’ instead of the link I was pointing at.

What I wanted to ask was how does one set up a system to [indent]

---

block ad banner cookies by setting “prompt” for persistent cookies (yes, it is annoying!) and adding their domains to my Restricted Zone as they reach out to touch me

---

[/indent]? Can I have a set up whereby trusted sites are allowed cookies and all others are blocked? And are there any other side effects of blocking cookies? I’m not sure but pretty certain that, after blocking a cookie from a website, other things start failing, like links on the page, or downloads fail etc. Is that possible if cookies are so benign?
Any pointers gratefully received.
Thanks

Reply | Quote

The ways to deal with cookies are browser-dependent. In IE, you can define 3 zones other than My Computer and Intranet: Internet, Trusted, and Restricted. I have various sites in my Trusted zone, including the Lounge. In this zone, I let the site place cookies at will without any prompting. I also have many sites in my Restricted zone, particularly ad-banner-serving sites. Sites in the Restricted Zone are disabled from doing most anything but serving me pure HTML. The list is lengthy, and I add them as new ones come to my attention, since in my generic Internet zone, I prompt for persistent cookies. Adding sites to different zones usually requires a trip to:

Tools | Internet Options… | Security tab | [click zone icon] | Sites…

Rick Rucker once posted a link to a utility that adds toolbar buttons to automate this, but I haven’t tried it myself.

Customizing the cookie settings for each zone (I think I’ve listed ALL my restricted zone settings in a thread on Outlook security, since Outlook can be set to apply Restricted zone settings to messages, but I’m not sure…), you visit:

Tools | Internet Options… | Security tab | [click zone icon] | Custom Level…

I recommend the attached. As you’ll see, I’m lenient with Session cookies in the Internet zone so that ASP-based sites will work. Even if they know I’ve been there for an hour, with a session cookie, they won’t know I was there yesterday.

Reply | Quote

Thanks for your help, Jefferson.
I now understand more about cookies and have set my Internet Options as you suggest. I can now log in to the Lounge without having to answer prompts (I knew that cookies had to be enabled but decided it was worth the hassle).
This lounge is great

Reply | Quote

Jefferson,

I block 3rd party cookies using ZoneAlarm Pro, which means that I can’t order from some sites because they play host to 3rd party adware that I won’t allow on my machine. Those sites are few and far between, so it doesn’t inconvenience me too much, and I complain to their webmaster when it occurs. It doesn’t block my normal cookies, though.

I also run PestPatrol, from http://pestpatrol.com/%5B/url%5D, rather than Ad-Aware, because I’ve found it to be more thorough than the Lavasoft product. I had run Ad-Aware for years, but even with the latest ref files, it failed to find some key loggers and trojans on my system that PestPatrol found and eliminated. They regularly update their lists and files so it isn’t hard to keep the product current.

Reply | Quote

Hi Charlotte:
For what it’s worth, I run both products, too. Lavasoft has announced that it’s completely revamping their products & the new version (6) is due out either this month or the beginning of next month. They’ve announced that that is the reason they haven’t updated their ref files since September. While this has angered some users, I can wait–depends what they charge previous customers for the update.

Reply | Quote

Hi Jefferson:
I just tried to look at my settings to compare with yours. I have IE6 with SP1 update, but under the security tab, I could find no place to deal with cookies. Are you using a different version?

Reply | Quote

Actually, yes, I’m still running 5.5. Try the new privacy tab:

I have no idea what those slider settings mean, or what the buttons empower you to do. This graphic was on MSDN so I just linked it in.

Reply | Quote

At the risk of contributing to the hijacking of this thread, I’ll also comment on the more philosophical aspect of using cookies. I am happy they exist when I want to return to my shopping cart from three days ago; what a hassle it would be to get all those items again or go through an involved saving process. I am much less happy when they are used to profile me to serve (poorly) targeted ads as I roam a single site or, in the worst case scenario, around the ‘net.

In many cases, the desire to set a persistent cookie reflects either poor site design (people don’t need to do it, but they write code to do it anyway) or a kind of “electronic survey” of how the site is used so that it can be improved (i.e., so they can make more money). I am ambivalent about these not-functionally-necessary cookies, and okay them on a case-by-base basis. Using online stores to learn about products and compare prices is free to me and costs them money, so if they want to know I’ve been there a few times, I think that’s okay. If I visit often but never purchase, maybe they’ll learn something from that, and maybe not. Of course, if they want to set 12 cookies that I have to individually approve, I might never return!

There is also a risk that IE will turn out to have cookie-revealing vulnerabilities; I think that has happened in the past. Thus, by accepting the convenience of cookies, I am exposing myself to the possibility that someone else will get my New York Times logon or my Amazon.com shopping cart. I’m not sure whether these kinds of breaches would seriously affect my life. I hope not!

Reply | Quote

Another useful program can be found at SpySites This will load a whole list of spy sites into your restricted zone for you.

Peter

Reply | Quote

Thanks, Bat boy!
I have downloaded the sites and they are now safely tucked up in the restricted sites zone of my IE.
Thanks for that – and for enabling me to find all the other interesting looking stuff at that website.

Reply | Quote

Bryan took the words right out of my mouth.

Reply | Quote

I have Ad-aware…never any problems. I tried SSD…too hard for me to configure.
I will be keeping Ad-aware

Reply | Quote

I too have both Ad-Aware and Spybot, and am a completely satisfied ‘customer’. I do a daily (or so) sweep with AA, and a more infrequent sweep with Spybot for its more aggressive scanning. I don’t believe the infrequent reference file updates for AA are any real detriment, due to their slow rate of introduction & evolution – especially when compared to viruses.

I think the best defense against spyware though is to develop good browsing and downloading habits – trust only known sites, mistrust most others, research before downloading, and don’t let just any site drop cookies or install ‘helpful’ programs. Pretty soon, regardless of the cleanup program you use, you’ll find there’s not much for them to actually clean up.

Reply | Quote

There have been some good comments in the replies to this thread. I generally agree with them, at least in the frequency of running each check. I do have and use both Ad-Aware and SpyBot also.
I still think that LavaSoft should be more available for updates of it’s own software (from It’s own site) and not make you use RefUpdate, which is as the name implies, just a referral to a mirror site. Small potatoes, maybe.

Bob

Reply | Quote

Hi Bob

My take on refupdate is that it refers to Reference File Update, which is no different than updating your virus scanner reference files.
The multiple mirror sites simply allow you to select a site that provides you with a fast link.

As for Lavasoft’s frequency of issuing new updates, I am nervous about the infrequency, but still believe the program is well worthwhile.

Have a Great day!!!
Ken

Reply | Quote

Just a little more going around regarding Ad-Aware by LavaSoft.
This from Fred Langa & his Langa List letter.
——————————————————————————————————–
3) Ad-Aware Takes A Dive?

There’s more trouble with Ad-Aware (the free anti-spyware tool from
Lavasoft). For months now, it’s been suffering from slow or missing
updates, download sites dying, etc. But it’s gotten worse. A number of
readers— first among them CptSiskoX and Jeff Rankin-Lowe— pointed to
a disturbing article at
http://www.spywareinfo.com/newsletter/arch…02/12252002.php
that argues that it’s time to stop using Ad-Aware.

Sadly, I must agree. Although my own experience producing the free
version of this newsletter makes me have great sympathy for anyone who
tries to offer a free product to the public, Lavasoft seems to have
effectively abandoned the free version of Ad-Aware. As of this writing,
there have been no updates for almost four months. That’s reason enough
to walk away: An outdated spyware tool is all but useless.

The folks at Spywareinfo recommend four alternative tools: the free
Spybot Search-and-Destroy ( http://security.kolla.de/ or
http://ejrs.com/spybot/ )
——————————————————————————————————-

I’m not really trying to flame Ad-Aware. I still use it along with SpyBot, although with less confidence in it’s abilities. But I think if they are going to phase out, they should announce it and stop beating around the bush.

Any other thoughts?

Bob

Reply | Quote

You’re absolutely right, ‘king – there should be some mention of the progz intentions one way or the other. Although I use both SpyBot and Ad-aware, I have come to depend on Ad-aware to a certain extent that without regular updates, one might be lulled into a false sense of security that could very well come back to bite you in the hinder.

That alone should be a shot across the bow to really never let your guard down and become too complacent with any app centered around security.

Reply | Quote

Bruce, Here’s a comment posted 2002/12/25 on the Lavasoft site in the forum:
‘To all,
It has become apparent that many people are concerned with the lack of updates for Ad-aware 5.83. We acknowledge this and apologize for any inconvenience this may have caused. The reasons for this are as follows:
1) The 5x engine is old and to keep ahead of our target base needs to be replaced. Are we saying it is bad or ineffective? No. But to effectively and safely remove many new targets and those older ones, which have changed/mutated, we would need to do a major upgrade of 5.83 and it

--Joe

Reply | Quote

Joe ~

Thank you for that. I breathe a light sigh of relief knowing that it won’t be falling by the wayside. If it is light years ahead of what they have now, we certainly have something with which to look forward.

Reply | Quote