Neat Net Tricks Software Reviews

SpyCatcher

What's It Do?

It detects, blocks, and removes spyware.

Does it do what it promises?

Reviewer 1: Spycatcher’s most unique claim to fame is stated on their website as” Spycatcher is the only antispyware title to stay ahead of spyware evolution by using contextual intelligence and behavioral analysis that provide preemptive blocking techniques”. In my experience it does this. This is in my opinion its greatest strength and weakness as I will discuss in sections below. It does seem to perform as it promises.

Reviewer 2: Yes, insomuch that it detects and removes spyware. I would suggest, however, that many of its claims are hyperbole, simply inaccurate, and in some instances not provable. I had very high hopes for this product, most of which were simply not born out.

Reviewer 3: For the most part, yes. I did run into one nefarious nasty (QuickTime Task Bar) which Spycatcher couldn't seem to prevent from inserting itself repeatedly into my startups. There is also a cost to its thorough approach – I found myself repeatedly wrestling with Spycatcher when various good and trusted applications “broke.” Sometimes it was easy to recognize the “suspicious file” that Spycatcher had quarantined, set that file to 'Allow,' and continue with my activities. It was not always so easy, and I've been working with computers for more years than many readers have been alive! When the essential “suspicious file” was a DLL with a cryptic name located in a Windows directory, identifying it became very challenging!

Reviewer 4: I don’t know if my AntiVirus or firewall programs are the best there is, but Spycatcher has caught a few suspicious programs. Now, this is not to say I don’t venture into “suspicious” Internet territory as I do quite a bit. Spycatcher updates automatically to provide state-of-the-art protection. Spycatcher is the only antispyware product with a Reinstall Shield to defend against aggressive spyware programs which silently reinstall after deletion. Spycatcher's Protector watches your PC for running spyware and alerts you before new spyware is installed.

Reviewer 5: No, it doesn't even come close, even with experienced users.

Reviewer 6: No. Please do not go there. For the first time as a member of this Panel, I am making a recommendation that you do not buy, do not even try, this program in its current form. From the beginning, it caused me many difficulties, and played havoc with my computer. Were it not for some protective software that allows me to restore my computer to a previous condition, I would not be able to write this review on this, my essential working computer.

Was it easy to install?

Reviewer 1: Installation was quick and simple. As part of the installation process the company displayed one of the more “legalistic” license agreements I have come across.

Reviewer 2: Yes, although, it is a sizable 10.3MB download. It has a self-contained wizard to guide you through installation and setup.

Reviewer 3: Yes, very straightforward. As with most anti-spyware and antivirus applications, it is advisable to first disable any existing antivirus or antispyware applications. In order to do their job, these programs need to hook themselves deeply into your system, and they need to be stealthy about it. (The first thing many malevolent applications do when they settle down in your system is to seek and disable any antivirus and antispyware tools that may threaten their functionality!) So when you install Spycatcher or other such programs, if your protection is in place it will respond with repeated alerts to suspicious actions, and may even disable essential components invisibly. If you trust the vendor and obtained the software directly from a trusted site, disabling your security will ensure a clean installation. If you don't trust the vendor or obtained the software illegally or from a file-sharing network, you definitely don't want to disable your existing security, and would be wise NOT to install the product!

Reviewer 4: It was very easy to install, simply select the executable and the program will prompt you for the installation folder, which you can change if you wish. After the installation the program will perform a quick scan and upon completion it will suggest a Deep Scan. For those of you who trend into dangerous waters, this is probably an option you will want to perform.

Reviewer 5: Yes, it installed easily and quickly. Its Configuration Wizard was fast, thorough, and helpful, but from that point on it provided very little guidance to the user and launched off into a preliminary run without a clue as to whether the user had provided relevant parameters or was ready for an initial run. Also, the End User License Agreement (EULA) is neither copyable nor printable from the start-up dialogue, leaving the user without any record of what was agreed to. Moreover, the phone support offered at $9.95/yr is virtually required since Subscription Support Services, specifically the Threats DB, is necessary for reasonable protection. Also, its trial use period of 15 days is not really enough time to learn its user interface and/or assess its analytical effectiveness.

Reviewer 6: The installation seemed to go quite normally. I was asked where I wanted icons to be placed and whether it could add programs to the startup process. This is normal, as it wants to be running its “Protector” to make sure that spyware does not sneak onto your computer while you are using it. However, I was unable to do the required reboot when it wanted me to. Then I began to have difficulties when I returned to work on my computer. The computer would freeze on boot up, so that I could not even begin. After several attempts I had to rely on the restorative software to get myself out of that jam. When I looked at the logs, it seemed that the “Protector” was much more evident than it should have been. After this initial hassle and a new install, the program seemed to settle down and behave.

Good points?

Reviewer 1: Spycatcher compares the programs running on your system against a database of known malware programs to identify problematic programs.. It also analyzes the behavior of unknown programs to identify risky behavior. When it detects this, it displays a pop-up box identifying the program and its analysis. You are given the final decision of whether to allow the program is o continue to run.

Reviewer 2: While the number of antispyware applications is becoming nearly as ubiquitous as the spyware they are designed to detect and remove, Spycatcher 2006 does offer—or at least portends to offer—some new tools that may set it apart from the rest. In addition to a standard “signature file” data base—what Spycatcher 2006 calls “fingerprints”—to detect and remove various forms of spyware, Spycatcher employs something it calls “contextual analysis” to, in the software developer Tenebril’s words, shield PCs from next generation, mutating spyware. It allows most if not all spyware to install itself on your computer (!) and then, based on its behavior, quarantines it. This is an innovative approach; but not without its drawbacks (see below). There is an easy to use Configuration Wizard which allows the user to determine the depth of a scan, what level of protection to set, automatic scan scheduling, and so on. Pay close attention to the recommended settings as Spycatcher is a powerful tool that can damage your computer if let to go unbridled. One of the most innovative functions is what Spycatcher calls The Parachute. This feature is designed to prevent spyware from reinstalling itself or re-activating itself from within the operating system when Windows starts up. Spycatcher anticipates this behavior by actually insinuating itself ahead of the computer’s boot routine. If it detects spyware loading at startup it boots your computer into Safe Mode , deletes the spyware, then reboots your computer. Spycatcher does monitor every part of your computer, including memory, the registry, network drives as well as removable and optical drives. There is an addition feature called The Protector , in part an anti-phishing tool. Unlike most other anti-phishing tools on the market, however, Spycatcher does not use a blacklist but a patent-pending method of comparing the content of a page visited to the content of the actual or “real” Web page using the concealed but true URL. Additionally, Spycatcher protects the Hosts File and, through an Explorer-like interface, and protects against homepage high jacking, Active X components, installed plug-ins, startup items, and the above mentioned Hosts Files analysis. One additional item worth mentioning: Spycatcher 2006 allows the purchaser to install the program on one additional computer, something that is becoming rarer at a time when more and more users have more than one PC in their homes. There really are many innovative and attractive features to separate Spycatcher 2006 from the rest of the pack; unfortunately, not all work as accurately as one would expect. Furthermore, there are some serious glitches that affect not only the attractiveness, but more seriously, the usability of this software.

Reviewer 3. The online database is an excellent concept. It may grow more useful if customers report the spyware they find and add comments to existing entries they have information about. In the meantime, from the database you can directly Google the file, potentially providing much more information. Searching for suspicious characteristics is a strong feature of Spycatcher. If a new threat has not yet been identified, or if your signature files have become out of date, Spycatcher may still recognize and respond to the threat. In addition, Spycatcher offers several useful tools to help you monitor your computer: System Explorer reports the processes running on your computer, identifying processes in memory, those in your Startup and Registry starts, Internet Explorer plug-ins, Embedded Network Components (LSP's), and ActiveX Components. For each item, you can review the file information and you can Google for more information; a Hosts File Analyzer provides an immediate look at the items in your HOSTS file (that malware commonly modifies), and a one-click method of removing invalid entries. A form is provided to report suspected spyware, which presumably will lead to additional entries in the online database.
I contacted Support regarding some issues, and received a prompt, informative, and helpful response. With most applications I never need technical support. When I do, nothing annoys me more than waiting interminably for a response, only to find it's a robotic (or, worse yet, human) effort to provide a pre-written response based on keywords in my support request. And nothing pleases me more than to have a person who has clearly read my entire request, and thought about it, provide useful suggestions to help me try to resolve the issue. This is what Technical Support is supposed to do! This was my experience with Tenebril support. Two items that I'd planned to include under “Weak Points” move into “Good Points” because after I brought them to the attention of the Support people, both issues were resolved in a later release of the product. For the sake of maintaining my ego, I will presume my feedback led directly to these changes:

While the concept of the online spyware database is a good one, I was unable to find any way to add my own comments to it (e.g. for a file I have useful information about). I'm not advocating a Wikipedia approach, but certainly if users could offer additional information, Tenebril could review such comments and add verifiable information to their database. That would only strengthen one of the better features of Spycatcher! [Indeed “Post a Comment” is now an option, either anonymously or otherwise, and your comments are posted immediately. While an individual comment won't be trustworthy, with user participation the database could become a very useful tool!]

I found it immensely annoying that when reviewing the “Your Spyware” listing, your position in the list isn't remembered – if you change the action for a file, or look the file up in their database, when you return to the list you are returned to the top of the list, and have to scroll back down to where you were. [Now your position in the list is remembered, even if you leave the list entirely and then return to it! THANK YOU!]

Tenebril's responsiveness to user feedback has given me an entirely new, and far more positive, perspective on Spycatcher!

Reviewer 4: The update feature is fluid and happens behind the scenes The actual scanning does not really have an impact on my system as it performs its scans. The main user interface is very straight forward and intuitive. It will show you the status of the program and your system; how long your license if valid for; options to perform three different scans; what level of protection you want; how to configure the automatic updates; how to prompt you when the program does identify spyware; options to set a scan schedule; and, tools covering system explorer to a cookie manager.

Reviewer 5: Tech Support (George in India) was rapidly responsive by telephone and my SOS was answered in less than 1 minute. Although my system had been corrupted and nearly paralyzed by Spycatcher's initial run, I was refused telephone support unless I subscribed to the $9.95/yr offering (which I rejected). Nonetheless, George promised priority remote support on the problem, a response within three hours, which I did indeed receive. Conflicts with other installed spyware programs (CounterSpy, SpySweeper, Ewido) proved to be a major portion of the issue. When all (including Spycatcher) were uninstalled and only Spycatcher reinstalled alone, it seemed to work more or less as expected. Detailed, thorough “How To” instructions were included in the Tech Support response, excellent work. Spycatcher's price of $29.95/yr ($49.95/2yr) is very reasonable and in line with other spyware programs. However, its delivered functionality (user interface and detection results) and detection results) are noticeably inferior.

Reviewer 6: When Spycatcher does its full scan, it does so aggressively. I agree with this approach, as I would rather spend some time looking at the list it provides me with, and finding that most of them are actually harmless, than having one of those nasty beasts slipping through and establishing itself on my system. The first scan that it ran for me found over 60 files flagged as “suspicious” files of one sort or another. Several were identified as ones that were dangerous, and should be quarantined. About one-third of the files it had tagged as suspicious were not – they were completely legitimate files that I know. In several cases, I felt that Spycatcher should also have known, and not flagged them. The next step is an interesting one, as you can examine each file one by one. If you click on a filename, it brings you to the Tenebril site, with information about that particular file. Comments by other users are listed there. If you wish, clicking on another link will produce a Google search for that file by its name. Sometimes this is helpful; sometimes it is not. Quite frequently, it turns up nothing at all. However, I like the concept. As you go through the list, you can decide to quarantine it, or you can allow it, which means that it will not be flagged again. Or, you can leave it in limbo, so that the next time that it is called into action, you will be asked if you wish to let it run.

Weak Points

Reviewer 1: It reported that it stopped the program appoint.exe from recording my keystrokes. This is a normal program on Dell laptops to control the “mouse touchpad”. Upon installation of another program, VersionTracker Pro, Spycatcher launched its “suspicious File Wizard”. It indicated that it did not have the file StarTechTracker.dll in its records but that it exhibited suspicious behavior. It displayed the information it had about the company, product description, internal name and original name (all unknown) and asked whether I recognize this information and trust this file. I replied yes and it proceeded to recommend allowing the program to run. Many other normal programs were flagged as potential spyware. As an experienced user, I was able to determine that these were allowable programs – either by the knowledge that I had just begun to run a trusted program, or by doing a Web search on the program in question. A less experienced user may have chosen to block these programs that they would have wanted to run on their system.

Reviewer 2: Unfortunately, and, disappointingly, there are many, some of which are very serious. It is worth mentioning here, only because there have been so many reports, that Spycatcher has been reputed to lock up computers. While this reviewer did not experience this problem, I feel the problem has been widespread enough to warrant caution when using this program. First, let’s look at some of what I felt to be the most serious flaws and/or weaknesses in the software program. As mentioned above, the program uses a behavioral or “contextual” approach to identifying spyware. [Note! I am using this term here to include all of those various terms we have grown accustomed to: malware, keyloggers, trojans, keyloggers, and so on.) The problem with this approach is that by using such a wide net, it catches much more than spyware. It does offer a feature which allows one-click access to Tenebril’s online spyware database to make decisions regarding whether or not what has been flagged is indeed spyware. Unfortunately, you will find far too many “Unknowns” and/or “There is no data on this file currently,” to be able to rely on this help much. Thus, the user is constantly faced with making his or her own decision and, considering the high number of false/positives, this is more than just a bit risky. One such example is Viewpoint. Because Viewpoint—a relatively well known and safe media player—is often installed as a part of other applications without notification, it is flagged as spyware. In fact, it has been a part of the AOL program since version 9.0 and unless you are aware of this, you can seriously cripple your AOL program. You will have no reason as to why because all you will get will be obscure warnings regarding missing dlls, needed components, and so on. Additionally, Spycatcher identified as spyware on my computer a harmless printer sharing file, three files associated with my HP all-in-one, some program updating executables, an OCX file from the Windows registry, and four small and known to be harmless programs. On the next reboot, my monitor was flooded with numerous messages about configuration errors, missing components, and the like. WinPatrol was simply dead due to the aforementioned OCX file. It took me hours to reinstall and reconfigure the damage done—in part by my not paying closer attention to Spycatcher’s results. The bottom line: use this scanner with caution because it packs a big punch against files it decides are suspicious. Next, and this may be in part a reason for some system lock-ups, Spycatcher integrates and insinuates itself into every part of, not only your OS but your entire PC. Not only did it reset my monitor configuration at one point, but it triggered many parts of my multi-layered intrusion detection software that other programs had not. Spycatcher really tends to dominate your entire system. On a less serious note but still of concern, there are several weaknesses with this program: It leaves a very large footprint and uses a lot of system resources. It loads slowly (Tenebril says this is due to its need to a large signature (“fingerprint”) file. The signature file is actually one of the smallest I have encountered with only approximately 80,000 signatures/fingerprints as opposed to the free EWIDO which at latest count contained 275,000 signatures. Spycatcher was adding an average of five new definitions a day through its automatic update while most other applications I have encountered are adding as many as fifty to 75 per day. The scanning engine is much slower than most, taking over 19 minutes to scan my system. The number of files scanned on my system was 87,653 as compared to the 173,219 scanned by competing products. There is no trial version available. You can download the free “Express” version but many of the features of the full version are disabled. While I had no particular need to use the normal technical support availability, I noticed that the only support available is through email and there is no commitment as to a turn-around time for answering support requests. In fact, there is only the very unsatisfactory statement of “response times may vary.” I found the GUI (layout) to be very difficult to navigate. It was rather a difficult search to find specific features/functions easily. I could not shut down program completely to use it just for manual spyware scans. It seems to need an Internet connection frequently and also wanted to override some of my other system protection programs. As is said earlier, there is much to like about Spycatcher and even more to want to like, but at present there is just too much not to like to allow a wholehearted recommendation.

Reviewer 3: Even this last point has apparently been worked on. Because Spycatcher seeks suspicious characteristics and behaviors, many perfectly benign programs may be flagged as suspicious. If you have Spycatcher set to Quarantine suspicious files, or if you manually Quarantine or Remove the file mistakenly, such a program may begin to report strange error messages, or fail to work at all. After running Spycatcher for some time, I felt I was wasting too much time correcting such issues, and uninstalled it. Recently, in preparation for this review, I downloaded and installed the latest release, and found that much of what I'd already written was no longer valid!

Reviewer 4: I have a couple of games installed and it seems Spycatcher identified them as spyware and deleted some of the files needed to run the program. I attribute my problems to Spycatcher as this was the last application I had installed. I do believe more work from the company is needed before I use this without reservations.

Reviewer 5: Unfortunately, significant side effects persisted after Tech Support’s assistance and these affected other system and user application programs to the point that the system remained barely usable. Moreover, nowhere in the documentation (what little there is of it) was there any
Caution against conflicts with other spyware programs. I believe that we need to run multiple spyware programs to provide adequate protection, which apparently cannot be done with Spycatcher. Spycatcher could not be uninstalled either via Start|Spycatcher|UninstallSpycatcher nor via Start| Control Panel| AddRemovePrograms. I could only remove it using Safe Mode. Its full system Scan required in excess of 8.5 hours CPU time, significantly longer than CounterSpy and Ewido, which require 6 hours. Spycatcher fails to report its run time and must be clocked manually. After much searching for the scan results, all I could find was "last run was today; QuickScan;15Applications;19Traces" with no explanation, and I was unable to access to the results so that that I could review them or take action on them. Its second full system scan finally quarantined four files, CWS HomeSearch Assistant, PC Activity Monitor, SpyTech, SpyAgent. While it is running, there is no was to suspend Spycatcher and the only option is to cancel it and start over. Other essential programs ( (IExplorer, EMail, etc.) cannot be used concurrently; at least, I couldn't on my 2.8GHz CPU. 2) Crippling side effects: while uninstalling all spyware programs (including Spycatcher) and reinstalling Spycatcher alone did permit Spycatcher to do system scans, most other significant production programs (MSWord, Print ,NoteTab, Paperport, Eudora, XnView, Excel, TaskInfo, Norton System Doctor) refused to execute more than half the time. Admittedly, this may have been a side effect of the multiple-spyware program conflicts, but it was NOT present during Spycatcher's interim uninstallation period, and it WAS present after Spycatcher alone was reinstalled. The documentation consists only of help screens. The contents of these are reasonably good, but I never succeeded in getting them to print before or after reinstallation, despite numerous and continued efforts to do so. Spycatcher's popup advisory windows came and went so fast that you'd miss them entirely if you happened to blink at the wrong time. No record, no consideration time, no user interaction/intervention were provided for nor invited. On occasion, Spycatcher would claim a detection but would neither indicate what it was nor how the user could find this information. Once, it produced a rootkit alert when my system was starting up. This could have been very helpful, but the warning tile was not copyable, nor were any specifics provided for followup.

Reviewer 6: After the initial problems with the installation, the program seemed to run, more or less properly for several weeks. However, as I had some problems at the beginning, I did not want to let it be my first-line spyware defense product. So I continued to use Counter Spy as my main defensive line, but did uninstall my usual second-line product: Zero Spyware. Over time (and I used it for about three months), I noticed that I would run into difficulties as I was carrying on my usual work. Programs would misbehave, or run very slowly. I did the usual checks, and cleanups, but continued to run into difficulties. I began to suspect Spycatcher when on a number of occasions, I found that the “Protector” was kicking in at unscheduled times, and was the one responsible for taking up large amounts of my system resources. So I would turn it off, and my computer would return to normal. However, the Protector would return at the next bootup. Again, my system would start running into difficulties, It would slow down, and a number of running programs would freeze or refuse to work. On several occasions, I tried to turn off the program completely by removing it from my startup processes. This would work for a day or so, but then I would find that it was back in operation. Recently, I began to have serious difficulties. The computer would bootup , then freeze completely. I could only shut if off with the power switch. Eventually, I could not get it to startup at all. If I got to my desktop, the system clock would be frozen. Even Safe Mode froze. With a sinking feeling, I could envision spending the next few days rebuilding my whole system from scratch. Fortunately, my restore program came to my rescue. I went back more than a complete day, to a time when the computer had been more or less working. I studied the logs, and found that the Protector had run rampant, continually writing and rewriting files, and preventing any other program at all from doing anything. It had taken over completely. It took me about two hours to get my computer to work again. It was very difficult indeed to uninstall Spycatcher. The Control Panel was helpless. But with other tools I was finally able to get rid of it. I will be clearing up its traces for some time, I think.

Other comments.

Reviewer 1: I run other malware detection programs on my system and do not engage in overly risky Web browsing with my system. As a consequence of this, I presume, Spycatcher did not detect a single incidence of spyware running on my system during the time of it being installed on my system. Other than the false-positive alerts to suspicious behavior, it ran quietly and well behaved in the background on my system.

Reviewer 2: Spycatcher depends and relies more on the user’s judgment than is, I think, appropriate for any but the most advanced PC user. It requires your undivided attention. It does seem to scan deeper than other competing products but that very fact poses serious or potential dangers for all but the advanced user. This is not a program for the novice. And since there are many competing programs on the market—many of them free—that will do essentially all that Spycatcher does without the risk, the risk with Spycatcher is too great for me to recommend without caution. I think Tenebril may be on the right track with its “contextual analysis” and other innovative features, but at the moment its Spycatcher is just not ready for primetime.

Reviewer 3: When I first installed Spycatcher, it reported some 50 to 60 'suspicious' files, and quarantined many of them. Reviewing the list and manually adjusting actions was tedious and time-consuming. I was spending so much time fixing problems caused by Spycatcher that I uninstalled it. I'm now running version 4.0.3 (Build 3), and it only has 27 suspicious files listed in “Your Spyware,” and only two of them were automatically quarantined. It would appear that they've toned down the aggressiveness of their scans, or are recognizing more previously 'suspicious' files as being valid components of trustworthy applications.

Reviewer 4: The idea is good, the behind the scenes work well, but it needs work identifying what is spyware and what is not.

Reviewer 5: Not only did Spycatcher fail to produce any useful results for me, it left my system so damaged that it is virtually unusable and must be completely restored. For the problems that it claimed it found, it offered such shallow analysis and results that little benefit would likely be realized even if it were working correctly. It reported SLEE11.exe, a WinXP system service function, as 'Possible Spyware'. Spycatcher failed to autostart when scheduled on one occasion, possibly for legitimate reasons, but no flag/warning of the fact was given.

Reviewer 6: In spite of my difficulties, I would like to look at this program again, when the “Protector” can be brought under control. But until then, I cannot recommend it.

Will you continue to use it?

Reviewer 1: Yes.

Reviewer 2: Possibly the “Express” version of this program, but only guardedly and only as an occasional scanner if there seems to be something malicious installed that is not being found by my other antispyware programs.

Reviewer 3: The answer a month ago was NO! The answer now is a conditional YES! So far, the problems I experienced with the original installation have not resurfaced. It appears Tenebril has done a lot of work on Spycatcher, resulting in a more acceptable balance between protection and inconvenience. As long as that balance continues, I'll keep using it. Having seen how malware can completely cripple a computer, I'd rather have multiple protections and deal with the occasional issue resulting from overzealous anti-malware tools. If Spycatcher becomes a continuing source of these issues (as it did in the original installation), I'll be done with it. Meanwhile, it's one more tool to help me keep my system healthy!

Reviewer 4: No, I will not use it until more development has gone into the program, especially in identifying and removing files

Reviewer 5: No.

Reviewer 6: No, I will not.

OPERATING SYSTEMS USED IN THIS REVIEW
Windows XP Pro, XP Home

Back