|
|
Written by
Dave
5 Star Support Security Specialist
02.19.06
After reviewing Anti-Virus programs in another paper for the 5 Star
Support Security Center, I promised a future paper for adware and
spyware programs. Here it is.
Spyware and Adware threats have, over the past two years, become so
numerous, and so sophisticated that they are overtaking Viruses, Worms
and Trojans as the number one threat to security faced by IT security
professionals on a global basis. January 2006 saw the total output of
malware writers released into the wild totaling in excess of 2,300 new
threats. Spyware is also the leading cause of online identity theft. If
you are going to combat all of this, trust me, you can’t do it alone.
You are going to need some first class help.
In this paper, I will share with you my opinions of the current readily
available Anti-Spyware/Anti-Adware programs that I have personally used
and tested as of this writing, and how I would rank them.
The programs were all installed and run in test machines against some
known spyware threats also installed in the test box, along with some
deliberately changed settings in Internet Explorer, and some test
viruses. Some of the settings and specialty software installed in the
machine were also used to see if the program being tested would cause
conflicts or display any false positives, and the program would
recommend changes or removal of the ‘threat’. Fully functional
evaluation versions of the programs were used wherever possible to
reduce personal costs.
<>Ad-Aware SE
Ad-Aware SE Personal is a basic program available in a free version to
SOHO users at no cost. I have used both the free and paid ‘Pro’ versions
of the program. The Pro version, not cheap, will add some ‘bells and
whistles’ not available in the free version, of which Ad-Watch and
pre-set scans are probably the most beneficial and useful. There are
also a number of plug-ins available for the program that I believe
advanced users will find useful. I have heard from some users that they
have experienced problems with installing or using the program, but I
have never had any difficulties at all.
The current free version of the program is v 1.06r1 and new versions are
released periodically. The program will alert you when a newer version
is available. Updates to the database are usually available weekly, and
are very easy to install from within the program. System scans are very
fast and efficient, and the program is easy on system resources. Threats
discovered by the program are easily quarantined, and can be removes
either manually or automatically after a set time period.
I feel that the program is better than average at finding hidden
components and traces, and is a good overall basic choice for many
users. I’m not sure the average user will find all the features of the
pro version useful enough to warrant the expense of purchasing the
program however. The included pop-up blocker does not seem to work as
well as I would like, and technical support is virtually non-existent.
The built in help section of the program is your best bet. If it were up
to me, I would stick to the personal edition. I recommend the free
version of the program from this standpoint, but also recommend you have
more than just one program in your arsenal. You should keep in mind that
this product scans for spyware and adware after the fact. It does not
work in real time to prevent installation, and does not warn you if
suspect malware is encountered while you are on line. It does, however,
do a good job of removing what it finds.
<>AntiSpy
This product does a good job of removal, and searches for spyware in
real-time. It monitors your system and will alert you if it finds any
malware or malware attempting to be installed in your system. The
database is updated regularly, but is not as large as some other
products on the market. Updates can be set for automatic or manual.
Scan types are customizable, a nice feature, and can be set for both
what to scan, and when to scan on a schedule convenient to you. The
program is very easy to set up and use. Support is available via email.
The one feature I felt was missing from the program is a restore
capability. The program removes what it finds, rather than putting it in
quarantine for removal later. Although this is good for actual spyware
or adware, it means you cannot restore what you decided to remove. This
can be somewhat problematical for you if the program displays a false
positive and you remove something you find later that you want or need.
Simple interfaces and ease of use are strong points for this product, as
well as the reasonable cost.
<>CounterSpy
This is a very effective product that comes with a number of good
features including color coded descriptions of what it finds so the
severity of the threat is easy to understand for the average user. I
found the program to be easy to install, set up, and use from all
standpoints. The interface is intuitive, and will be easy to customize
for even novice users.
Although the threats found by the program are not divided into
categories, such as adware, spyware and cookies, it is none-the-less
very good at finding threats and removing them. It easily found almost
all the threats planted in my test machine.
Customer support is really great, and you can choose from the built-in
help section, email, or even a toll-free technical support number. This
is a big bonus for novice users who don’t have a good grasp of threats
yet, and may get confused about what to do. Add this to a purchase price
of only $19.95, and you have a winner here.
<>McAfee AntiSpyware
This offering comes from a familiar and well-known company. It offers
ease of use for the novice, and has acceptable customer support
available via a FAQ page, email, or on-line live chat.
Although simple to use for a novice, and offering live tracking, I found
the program lacking in customizable features and not particularly easy
to install (three re-starts were required). I was also disappointed at
the programs’ ability to find and remove threats. It actually missed a
number of items that were discovered and removed by some of the programs
available for free.
To summarize, if you are a novice, don’t expect much, and are willing to
pay the $29.95 price, it might be something to consider, but I can’t
recommend it highly.
<>NoAdware
This is one of the oldest programs on the market, and has one of the
better reputations for spyware removal. They offer a free download of
the program, and free scans to check your computer for infections. The
interface is very simple to use, and is definitely one of the easiest to
use programs on the market today. Updates are frequent, and the program
is very good at removing what it finds. Its removal capabilities are, in
fact, the strongest point of the program. The purchase price of $29.95
may make it worth considering if you are looking for a good basic
product that is simple and effective.
<>PestPatrol
This is another simple; no frills program that features ease of use and
real time tracking. I found a few things lacking, such as severity
rating of threats found, and no descriptions of the malware without
connection to a page on the Internet. A simple interface and ease of use
are definitely the strong points of the program, but it did miss a
number of threats on my test machine.
If you want a simple program featuring ease of use, it may be worth the
$29.95 price to you, but I found it to be no more effective than some
other programs available for free.
<>Spybot Search and Destroy
This is another free program readily available for download that has
been around for quite a while. The program is easy to download and
install, and easy to use in its basic form and default settings. Once
you get used to using it and manually updating it (I recommend checking
for updates weekly) you may want to explore the advanced settings and
features.
The advanced sections reveal how powerful a program this really is. If
you also downloaded and installed the available Tea Timer, you are
alerted and protected from any registry changes. As this program
involves the registry of your operating system, be very careful when
using it, and be sure you understand what you are doing.
Scans are fairly quick and extensive, can be set on a convenient
schedule, and scan results display the threats found along with
available information. Removed threats are quarantined and can be either
removed permanently or restored at your choosing. The list of features
and settings available in the advanced section is quite impressive to
the point of being hard to believe for a free (for SOHO users) program.
Overall, this is an effective program for your arsenal that I would not
be without.
<>SpywareBlaster
This is another readily available for download free program. Although
basic protection from spyware that it recognizes being blocked from
installation is all that is offered, the program is free, and updated
weekly. No scanning or customer support is available. If you currently
use nothing, and cannot afford to spend anything on a piece of software,
you should get this and install it right away. The program is quick to
download, a snap to install, and easy to update. There is a paid version
that features automatic updates, but I don’t feel it ranks high enough
against the other programs in my tests to warrant purchase.
<>SpywareDetector
This is a full-featured program offering one of the largest databases
around. The real-time monitoring feature will help prevent many threats
from being installed in the first place, and there are many customizable
features as well. The program is very effective at removing what it
finds, and did not give me any false positives during testing. To me
this is important because removing a false positive on your machine can
cause other problems, or even prevent a legitimate program from running.
Although the program did miss a few things found by other programs
tested, the scans were fast and removal was simple and effective.
Customer support is also very good on this product, and one of only two
I tested that has the advanced feature of allowing you to send infected
files to the company for analysis.
There is plenty to like about this program. It comes loaded with both
features and flexibility, and very good performance in all respects. The
self-help section is very good and will help even new users get through
the program options and settings without confusion or difficulty. With a
purchase price of $29.95 I feel it is a very strong contender that
should be seriously considered by any level of user.
<>Spyware Doctor
This offering represents a good, solid basic spyware program with
effective removal capabilities. The features include effective real-time
scanning and blocking for your system, color coded severity ratings, and
an easy to use interface. The program detected most of the spyware and
adware I had loaded into the test machine.
Download and installation of the program is a snap and comes with an
on-screen step-by-step installation and set-up guide. Nice feature. The
whole process was completed in just over 2 minutes on my test machine.
The program features are well designed and easy to navigate through.
Support is via built in help and email.
I only had a few concerns with the program. First on the list were
false-positives, and missed threats. The program miss-interpreted my
‘Hosts’ file and wanted to remove some items that would have led to
problems with other programs. It also did not catch all the threats
loaded into the test box. Second is the fact that threat descriptions
are cut off on the right side of the window making reading all the
information a pain. Last on the list is the restore feature. Although
any user can update the program or run scans, the restore feature for
removed items in quarantine can only be run when logged on as an
administrator. Not overly convenient.
In summary, this is a good basic product, but at $29.95 and no phone
support available, I feel you can do better.
<>Spy Sweeper
This program, to me, represents the king of spyware/adware programs,
offering unsurpassed protection, first-rate support, the largest
database in existence, ease of use, great and frequent automatic
updates, and a host of easy-to-set-up and use features. The current
database has over 124,000 entries. Nobody else even comes close.
The program is capable of protecting you from installation of just about
anything, and the shields cover all the bases. Although my boot times
were measurably slightly longer with the program installed, once
everything was up and running, it was not to heavy on system resource
usage. The shields were extremely effective, especially for BHO’s
(Browser Helper Objects) and ActiveX components, something no other
program I tested was truly effective on. Absolutely nothing, including
additions to your browsers’ favorites, is allowed without your consent.
The scans are fully customizable, run very fast and very deep, and the
latest versions even look for a number of viruses and root kits. This
was the only program I tested with these capabilities. One of the
threats loaded in the test box was a virus called Lithium that is not
only hard to detect (it is missed by many anti-virus programs), but hard
to remove. It was the only program able to find Lithium, and it removed
it easily. Scan results are displayed in color-coded form and listen in
order of threat severity, and covered in great detail. Found threats can
be kept, removed, or are sent to quarantine, and can be reviewed at your
leisure. It is user’s choice as to what action the program takes. In the
rare case you might want to reinstall something that was removed, the
restore feature makes it easy to accomplish as well. This was the only
program tested that found 100% of the threats installed in the test
machine. It is also the only one I found able to remove absolutely all
traces of Cool Web Search and its variants.
Customer support for this software is also the best I have seen. An
interesting advanced feature is the ability to send suspect files to the
pros at Web Root for analysis, and believe me they will get back to you
with the results of their analysis. Support via email is very fast and
concise if you choose this route. If you have a real big problem, there
is even an 800 toll free number that is manned by real people that know
what they are doing. I found their phone support to be even better than
that offered by most computer manufacturers.
To sum it all up, Spy Sweeper is simply the best there is in all
respects, and at $29.95 I believe it to be a must-have piece of software
for any machine used on the Internet by any connection means.
Before leaving Spy Sweeper by Web Root, I am compelled to mention one
other program offering for those concerned with privacy. The program is
called Window Washer, and it is to Internet privacy what Spy Sweeper is
to spyware and adware – simply the best. It cleans out all of your
surfing tracks very quickly and effectively, is simple and easy to use,
and does just what it says it will do. It will delete your Internet
browser cache, Internet browser history, Windows search history, Temp
files, Windows run history, Windows document history, Recycle bin
history, and others with just one simple click or setting. Customer
support is also offered for this product, and is first-class as well. It
is also available for $29.95, but comes bundled free with Spy Sweeper
from a number of vendors. What a 1-2 punch this makes for you. This is
easily one of the best values I have ever seen for keeping you safe,
secure, and private as well.
<>Trend Micro Anti-Spyware
This is another program loaded with options for finding and removing
adware and spyware as well as the capability of erasing your PC activity
tracks. It also includes an effective restore feature, and intuitive,
easy to use interface, and fast scans that are easy on system resources.
Think of the program as a combination of both programs offered by Web
Root above (Spy Sweeper and Window Washer) rolled into one.
Installation and set-up were both quick and easy to accomplish, and I
had the program up and running in less than 5 minutes. I found the
settings and customization features ample, if not a bit confusing at
first. If you have a problem in this area, there is an extensive on-line
FAQ area available on their web site to help you with this.
Scans are quite fast and complete quickly with minimal impact on system
resources. The scan results are easy to understand, but not as detailed
as some of the other programs tested. It does, however, offer a sleuth
function that enables you to discover where the spyware threats
discovered were downloaded from, and what may have come along with them.
This is a nice feature and can help you decide what web sites to avoid
in the future.
Support is available from a basic help section in the program, or
available through an on-line forum where you can pose your questions.
Priced at $29.95 I feel this is an effective, reliable all-in-one
solution if that is what you are looking for.
The only down side of this program for me was that some of the threats
and traces installed in the test machine were not detected. Then again,
no one program will always find everything.
<>Windows Defender
If you haven’t been keeping up with the latest news from Microsoft, yes
Microsoft, this is their latest offering. It started shortly after
Microsoft acquired Giant Company in 2004. Giant was, at that time, one
of the leaders in spyware/adware technology. Shortly after the
acquisition, Microsoft released Anti-Spyware beta as a free program for
Microsoft users. Then came the release of Anti-Spyware Beta 1 in 2005,
and it was available to users of Genuine Microsoft Windows with user
authentication required. Windows Defender is the latest release, and is
also known as Beta 2. Genuine product verification is required for
downloading the program.
This latest version of the program offers a new interface that looks
just like normal Windows XP screens. I found program installation and
set-up to be very easy, and I believe users at any level of experience
will be able to use it effectively. It is greatly improved, has faster
scans, more flexibility, is easier on resources, and doesn’t have the
constant, annoying pop-up screens every time the program does something.
It also offers real time protection and a number of shields to protect
you from browser hijacks, BHO’s, AxtiveX controls, and home page resets.
The database is acceptably large and is updated frequently and
automatically if you have the feature turned on. Scan results are easy
to understand and are color-coded based on severity. Threats can be
ignored, removed or quarantined. Items in quarantine can be manually
removed, automatically removed after a set time, or restored easily.
One word of caution I feel I need to make here. If you are an advanced
user that has made deliberate changes to your browser settings needed by
other programs, or changes to your hosts file, Windows Defender will
find these and recommend reverting them or removing them. If you set the
program to handle threats automatically, these changes will happen
without your control and can cause problems with other programs you have
set up. I feel this represents false positives to a certain extent, but
remember it is still a beta work in progress.
Overall, Microsoft has come a long way with this program, and if you are
a Windows user, it should be definitely considered. It represents a very
powerful and complete solution. And, after all, the price of $0.00
definitely won’t hurt you.
<>XoftSpy
This program represents a solid program with good accuracy, and few
false positives to report. Database updates are frequent, but the size
of the database is one area of concern to me. The program is very easy
to install, set up and use. The interface was recently improved and
makes accessing the available features easy for even novice users.
Scans were quick and easy on resources, and the program was effective at
removing whatever it found. The features include an automatic scan set
on a schedule convenient to you, and your system is monitored in
real-time.
Customer support is accomplished with an on-line knowledge base that is
quite extensive and allows you to search by either topic or keyword.
Down sides for me were the threats in the test box that were missed, and
the $39.95 price tag is higher than other programs that will easily
out-perform it.
<>Summary
Below is a chart displaying how I would rank the programs tested in this
project. Because AdAware SE, Spybot Search and Destroy, and Spyware
Blaster are available as free programs to the SOHO user, I have not
included them in all aspects of this ranking, but it does not mean you
should not consider using them in your computer. On the contrary, you
can use one or more of them in addition to the other programs listed
below.
Programs are rated on a 1 to 10 scale with 10 being the best. Effective
and Features ratings include database, threats able to be found, and
threat removal as well as false positives.
|
Program |
Price |
Overall Rating |
Effective
|
Features |
Ease/Use |
Notes |
|
SpySweeper |
$29.95 |
10 |
10 |
10 |
9 |
Top Ranked |
|
Spyware
Detector |
$29.95 |
9 |
9 |
9 |
9 |
Great Program |
|
CounterSpy |
$19.95 |
8 |
9 |
8 |
9 |
Great Value |
|
TrendMicro
AntiSpyware |
$29.95 |
7 |
8 |
7 |
8 |
|
|
Anti-Spy |
$29.95 |
6 |
7 |
7 |
8 |
|
|
Windows Defender |
$0.00 |
6 |
7 |
8 |
8 |
Beta Program |
|
Spyware
Doctor |
$29.95 |
5 |
7 |
6 |
7 |
|
|
Pest Patrol |
$29.95 |
4 |
6 |
6 |
7 |
Poor Support |
|
NoAdware |
$29.95 |
3 |
5 |
5 |
7 |
Poor Support |
|
McAfee AntiSpyware |
$29.95 |
2 |
5 |
5 |
6 |
Poor Support |
|
XoftSpy |
$39.95 |
1 |
4 |
4 |
8 |
Poor Support |
|
Adaware
SE |
$0.00 |
|
4 |
4 |
9 |
Free Program |
|
SpyBot
S & D |
$0.00 |
|
5 |
5 |
6 |
Free Program |
|
Spyware
Blaster |
$0.00 |
|
3 |
3 |
10 |
Free Program |
If you are
wondering what I use in my personal machines, I’ll tell you. It is based
on 8 years of study and testing, and finding things out the hard way. My
main line of defense at this time is SpySweeper from Web Root. It just
can’t be beat. I have used Window Washer as well since its release. I
also use Windows Defender (out for just a couple of weeks now, but beta
testing is very, very promising and the program already does a good
job), AdAware SE, and Spybot Search & Destroy. I will also be willing to
bet that Windows Defender will move up a few notches in rank when the
final release version becomes available. Why multiple programs? You
never know what might come at you next, and no one database has
absolutely everything. I suggest you consider doing the same.
It is my sincere hope this paper helps you decide what to do about the
threats you face from spyware and adware every time you connect to the
Internet. I also help it keeps you safe from them as well.
Best Regards,
Dave
[Top]
|
|
