Every user who spends a considerable amount of time online,
surfing and downloading is susceptible to receive malware on their computers.
This is aside from regular viruses and worms. One big menace is what is called
'adware'. Adware can be in many forms on your computer. They can be
essential parts of otherwise perfectly useful software (like with Real Player)
or they can form piggy-backed add-ons to software you don't really need, like
screensavers. We have not declared a winner in this shootout.
Adware or Spyware?
Actually at the moment, there's a blur in the line between what can be
classified as 'adware' and what as 'spyware', since adware essentially
spyware too, since it needs to log and track personal information like what you
do and where you go on the Internet in order to be able to serve appropriate
advertisements. Purely spyware components however may have absolutely no
visibility aside from the fact that your computer causes a lot more network
traffic than needed or becomes so very slow nothing is usable anymore. In this
shootout, we decided to walk on the fence and evaluate products that helped you
control both adware and spyware on your PC.
A number of commonly available antivirus software has the
capability to detect and remove spyware/adware. There are also software that are
specifically made (even by antivirus vendors) for this purpose. In this
shootout, we are comparing such dedicated anti-adware products against one
another. Before we go on to the actual product reviews and see how they fared,
let us explain how we did this comparative.
Test bed
To refrain from using time consuming procedures that involved installing
fresh copies of the OS and reloading it with spyware, we decided to take an
easier route (with one disadvantage explained later) using virtualization.
First, we installed a copy of Win XP SP2 in a Virtual PC instance and updated it
with the latest patches and disabled automatic updates. Then, we loaded it with
the spyware from our secret test collection. Then we shutdown this virtual
machine and made a replica of its hard disk (VHD) file. Each anti-adware product
was installed on a separate copy of the VHD file and put through its paces. This
way, we also got to go back and recheck something when needed without having to
keep a large number of hard disks or systems frozen. In the interest of
fairness, these systems had no antivirus or firewall (except the default Windows
Firewall) installed.
Deciding factors
One thing we couldn't really measure was the anti-adware product's raw
performance requirements since this is not very easy to do in a virtual
environment. However, we did tabulate the figures and compared them against one
another. This included factors like memory consumption, CPU cycles during a scan
with our test collection of spyware agents.
We also looked at the UI of the product and checked its
usability. We rated this on intuitiveness and the amount of help the product
provided. Most spyware will impair your ability to properly use the Net.
Therefore, we gave a lower score to products that had online help instead of
on-disk. We also looked for ability to schedule a scan, customize scans to
certain areas, how the interface proceeded after it found malware, ability to
rollback changes and finally if it allowed you to pick what agents to remove.
Types of spyware
Although most of us don't realize it, quite a lot of stuff we end up
installing on our PCs today has the potential to be or are actually spyware.
Some examples are:
-
Toolbars
-
Search helpers
-
Browser plug ins
-
Screensavers
-
Packs that let you download
emoticons and wallpapers -
MP3 search/download tools
-
Warez clients
-
P2P clients
-
Instant messengers
-
Dialers
-
ActiveX components
-
Java applets
Unlike what quite a lot of users believe, Flash movies
although in binary form and cookies cannot be 'spyware'. This is because a
Flash movie (on an Internet Webpage) can only operate on files on the Website
from which it is being served and not on your hard disk-it can operate on
local files only when you're running it off your hard disk or a CDROM.
Cookies are not spyware
Cookies are plain text files. You can drag-drop this into a Notepad window
and view its content. Some cookies may appear to contain binary-like strings but
this is just encrypted text.
Cookies cannot do anything by themselves-they are simply
sent back and forth between your browser and the particular Web site when and if
you visit that website.
So, if you have a cookie from pcquest.com
but never
actually go there, that cookie can do you no harm. The only reason why cookies
figure in spyware discussions is because it forms the store for the personal
information spyware transmits. So, when you delete a cookie, you erase that
information and protect yourself.
Lavasoft Ad Aware SE Personal Edition
We reviewed version 1.06r1, with def update SE1R87. Ad Aware has a nice and
clean interface that is intuitive to use. Built-in help is provided for all its
features. A small minus is that it does not have scheduled scans. It can scan
the NTFS alternate data streams for malware that hijack that space. The program
loads the computer averagely during a scan, utilizing 35% CPU resources and
roughly 22 MB RAM.
It detected 195 objects in a smart scan and 208 of them in
full scan. These figures are combined totals of registry, file and other entries
of objects found. After a scan, Ad Aware will display a list of detected malware
agents. These can be cookies, executables or attempts to hijack the Web browser.
Before it will delete selected spyware, Ad Aware
automatically backs the relevant files and settings into quarantine. There is a
Quarantine Manager to manage such items.
Ewido Anti-Malware 3.5
This was a 14-day trial copy of the tool, updated with def package 1668. The
interface is clean and clutter-free, offering lots of options. Scan options
include checking just the RAM and registry besides the usual full, fast and
custom options. What is missing were built-in help and the absence of scheduled
scannig.
There is a very useful 'Analysis' screen in the
interface where it shows you the different startup and active processes as well
as network connections that have been opened, along with what's using them.
Network analysis is similar to NETSTAT command
plus you can terminate connections. The process analysis screens go deeper,
letting see how it started (particular registry key or folder it auto-launched
from).
CPU load is 86% and RAM 19 MB while scanning. Like Ad
Aware, we got only consolidated figures-170 for fast scan and 326 for a full
scan. Both scans are equally fast.
Microsoft AntiSpyware Beta 1
MS AntiSpyware gives you only two options to scan-intelligent (quick mode)
and full. It has good integrated help and scheduled scanning. The UI is simple
and straight-forward and quite intuitive to even people used to other tools.
What we did not like was its insistence to abort a scan when you clicked on some
option. We used build 9.0.333.0 with def update 5797.
Performance was not all that impressive: it loaded the CPU by 60% and
used 28 MB of memory. It also took the maximum time to scan, even in quick mode
(10 mins 27 secs) and even more (17 mins) in full scan mode. In all, it detected
13 bad products (both full and quick), the figures did change for the memory and
registry counts in both scans. The number went up from 1,050 registry
corruptions detected in intelligent scan to 1,123 in full mode.
MS AntiSpyware can create restore points and has agents for
guarding IE, system settings and blocks application.
PC Tools Spyware Doctor
This product is looks impressive with its neat screen which still manages to
offer so many options. Some options are hidden away and you might want to go
feature-exploring a bit. There is no scheduler and help is limited to a quick
start guide. Scan options include quick, full and custom scan. But, the scan
operation starts as soon as you select the scan link on the navigation pane,
without first letting you choose the scan type. So, you need to stop that scan,
click a button and then select the scan type. This is very irritating. Our copy
was version 3.5 of the product, which was a trial version needing you to
register the copy before it will clean. We updated the definitions to 3.03910.
It takes a lot longer than Ad Aware to scan at around 5 mins in both quick and
full scan modes, it does show up a lot of detected malware. Its totals were at
1,396 in quick and 1,478 in full scan.
Spybot Search & Destroy
Version 1.4 of the product has so many options and features. Each screen
features descriptions right there, as well as a built-in help file to guide you
around. This is an ambitious program aiming to give you everything under one
roof and ends up stuffing it to capacity. No wonder then that it needs 85% of
your processor and nearly 28 MB of memory to run.
Spybot has two scan methods: 'Check for problems' and
'Immunize'. The first one has just a progress bar that runs from end to end
and a button lets you fix what it found wrong.
The 'problems' are the spyware on your system. The Immunize option
lets you scan the system for 'possible things' it can protect you against
(8556 for us). 'Secure Shredder' files, tweaker for IE, registry
checker, system startup manager, uninstaller are some features it has. You need
to 'update' as well as restart the program before you start scanning.
Spyware Blaster
This is an anti-spyware tool that has no visible options for scanning. This
is a little confusing. There are also no buttons to start a scan! It
automatically protects your browser and system against spyware, functioning much
like one of those Internet firewall products. There are no features for
scheduling either. Help is built-in. We have used version 3.5.1 of the product,
updated with the Jan 10th definition file.
You can create snapshots of important browser settings. It
lets you manage IE settings such as homepage, various IE specific pages (like
about:blank, search URL), the hosts file, the title bar of the browser, ActiveX
and Flash content. This is one of the few tools around that considers Flash
content as spyware capable and lets the user block it. You can also add ActiveX
objects to its ban list using their “CLSID” if you know what these values
are.
There were options on various screens to enable features in
Firefox, which was not part of our test.
Webroot Spysweeper
This anti-spyware tool from Webroot is an interesting tool. We have tested
its 4.5.7 (build 642) def updated to v604. Spysweeper detected 22 items in all,
with a total item score of 1,826. This makes it the tool with the maximum number
of detections in this shootout. It is very light weight at run time, using a
mere 8% processor and 14 MB memory resources. There is a scheduled scan feature,
but this is cleverly offloaded onto Windows Scheduled Tasks. This version
requires an active subscription for removal of detected items.
It disables the Windows Messenger service (not the IM). It
can protect IE, startup objects, hosts file, add-ons, ActiveX and NTFS alternate
data streams. Scans can be paused and resumed at will, but options get disabled
during a scan or update. A context-menu can be added to Explorer to launch scans
of specific folders or drives (option disabled until you subscribe).
Trend Micro AntiSpyware
We are not really considering this product in this shootout for one
reason-the product is not available in India. We have tested the US version of
the product in this review. Using around 77% CPU and 17 MB memory, it scans
cookies, memory, registry, URL and file areas for spyware. The tool has a
specific disliking to CoolWebSearch for which there are special options to scan.
It further has a 'CWShredder' component that removes the CWS elements if
found. You'll need to go around searching for the update button, which is well
hidden inside the 'About' tab! This anti-spyware has black and white list
feature for applications. It features built-in documentation and options to scan
in quick, full or custom modes. We updated the version 3.11 build 30123 of the
product with the version 2.78 definition file. In quick scan, it detected 350
total elements and 966 elements in full scan.