We first tested how effectively a program could remove the spyware's active components; we then looked at each app's real-time protection, for preventing the installations in the first place.
Sunbelt Software's CounterSpy proved the most capable of the bunch, finding and stopping 93 percent of all the running processes created by our 45 test programs. CounterSpy was the only product in our tests that was able to shut down and remove the tenacious WinTools from our system. Webroot Software's Spy Sweeper came in a close second, clearing 89 percent of the active processes (but leaving behind elements associated with both WinTools and Slotchbar). The least effective were McAfee's AntiSpyware and Allume Systems' Internet Cleanup, at a removal rate of 33 percent and 11 percent, respectively.
Spyware often hijacks the user's browser home page and search pages so that attempts to access or search the Internet are redirected to pornography and other unwanted Web sites. What's worse, reversing the automatic redirections can be hard when they're being monitored and restored by active processes. Browser home- and search-page modifications proved quite difficult for these utilities to fix. Internet Cleanup, McAfee AntiSpyware, Computer Associates' ETrust PestPatrol Anti-Spyware, and InterMute's SpySubtract Pro failed to detect any of these changes, and Aluria Software's Spyware Eliminator fixed only 7 percent. CounterSpy once again led the way--but with just a 53 percent success rate.
Browser Helper Objects, or BHOs, are programs that customize Internet Explorer and other browsers, usually for legitimate reasons. The Google Toolbar, for example, is a BHO. But spyware and adware developers also use BHOs to write toolbar components that load with Internet Explorer, and they exploit ActiveX controls to download and install BHOs to your PC. It's an easy way for miscreants to create often unwanted toolbars that escape the notice of permission-based firewalls and gain access to the Internet.
When we tested the anti-spyware programs' detection of potentially unwanted BHOs, both CounterSpy and Spy Sweeper caught 100 percent. Ad-Aware, eTrust PestPatrol Anti-Spyware, Spybot, and SpySubtract all managed 62 percent, compared with McAfee AntiSpyware and Spyware Eliminator, at 31 percent. Internet Cleanup detected none of the BHOs and toolbars.
Windows Registry run keys and system startup folders are also favorite launching pads for adware and spyware. Items added to these critical areas will launch each time Windows starts. Unfortunately, the anti-spyware scanners produced less-than-stellar results in this category. CounterSpy detected the most at 86 percent, followed by Spy Sweeper at 82 percent and Ad-Aware at 77 percent. Internet Cleanup found only 5 percent.
We also tested the scanners' detection of additions to a browser's menus. Such changes do not automatically load spyware, but if a user selects the added menu item, an infection can start. CounterSpy and Spy Sweeper had 100 percent detection rates for these buttons and menu items. SpySubtract Pro and Ad-Aware managed to detect 75 percent. Internet Cleanup, ETrust PestPatrol, and McAfee AntiSpyware each had a hit rate of zero in this category.