Spyware Stoppers

Real-Time Monitoring

The ability to remove spyware threats after a machine is infected is vital, but preventing an infection in the first place is even more desirable. One of the most effective tools in this respect was Spybot. Using the included add-on Resident TeaTimer, the utility warned us when any program attempted to make changes to critical areas of the system Registry. Even the spyware processes that were able to load themselves into memory were prevented from changing the Registry and thus were quickly squashed with a simple reboot of the system.

Spybot also includes a feature to protect the Hosts file from modification. The Hosts file provides a sort of road map for the browser; each entry consists of a Web site address and the corresponding IP address to which it is to be redirected. Malicious software creators frequently exploit the file to prevent users from visiting security-oriented pages such as those on antivirus companies' sites.

CounterSpy and Spy Sweeper also blocked attempts to modify the Hosts file, stopped edits to the system Registry, prevented our browser home page and search pages from being changed, and detected suspicious processes in memory.

Ad-Aware SE Personal does not include real-time protection, although you can set it to block edits to the Hosts file. The paid versions of Ad-Aware--SE Plus and SE Professional ($27 and $40, respectively)--include Ad-Watch, which has features similar to CounterSpy's and Spy Sweeper's. ETrust PestPatrol Anti-Spyware was able to detect suspicious processes in memory, but it failed to alert us when changes were made to critical system settings. SpySubtract Pro warned us when changes were made to our browser home and search pages, and it detected suspicious processes in memory. McAfee AntiSpyware includes real-time protection, but its low recognition rates diminished its effectiveness.

Neither Spyware Eliminator nor Internet Cleanup provided much in the way of real-time protection. Spyware Eliminator only blacklisted suspect Web sites and ActiveX controls, though this unique blacklist of offending sites and controls is a very nice feature. Like Spyware Eliminator, Internet Cleanup ignored home-page and search-page changes, failed to detect suspicious processes, and lacked Hosts file protection. It did, however, block pop-ups and provide a personal-information blocker to prevent inadvertent disclosure of sensitive data.

Ease of Use

Once you move past Ad-Aware's obscure opening icons, the program's interface is easy to understand.
Once you move past Ad-Aware's obscure opening icons, the program's interface is easy to understand.
CounterSpy's interface is attractive and simple to use. The Scan Now button appears prominently on the welcome screen, menus are easy to traverse, and shutting down the program does not result in a loss of real-time protection. Ad-Aware's interface is equally attractive, but the program's menus are hidden behind unlabeled icons and require a bit of guesswork to find. Spybot requires the user to first switch to Advanced mode and then sort through various categories to find the most useful settings and tools options. Both Ad-Aware and CounterSpy provided reports that were easy to understand, but Ad-Aware listed a few cookies as "critical" objects--giving the impression that some benign cookies are a high-risk threat.

HijackThis's simple text-based interface presents options well, and the program is exceptionally easy to use--though the results it reports may require an advanced user to decipher.

Spyware Eliminator provides a clean interface with clear menus, but the tool was slow to load. We found Internet Cleanup's interface cluttered and difficult to use. The menus were context-sensitive--they changed depending on the section we were in; and inconveniently, our only recourse when we got in too deep was to click the Home button and start over.

Though easy to navigate, ETrust PestPatrol Anti-Spyware's interface appeared barren and unattractive. It was also a tad confusing initially: The Enter License Key button was the most prominent feature on the welcome screen. Only by reading the fine print were we assured that we had properly registered our copy.

Spy Sweeper's interface was intuitive, but we could not close the main program without also closing real-time protection. As a result, we endured numerous prompts asking if we really wanted to shut down protection or simply minimize the program. At the other extreme, McAfee AntiSpyware installed the McAfee Security Center icon in our system tray, but the Security Center gave no options for--or access to--the anti-spyware component.

Our Picks

You can get an anti-spyware utility for free, but this is one area where going cheap isn't worth the savings. The no-cost Spybot Search & Destroy offers an overall detection rate of 54 percent and provides effective real-time scanning. Keeping on the free path, you could combine Spybot with Ad-Aware SE Personal, whose detection rate for active infections was slightly higher than Spybot's in most categories. However, even when combining Ad-Aware, Spybot, and the free HijackThis, we were unable to remove 100 percent of the infections on our test system.

Sunbelt Software's CounterSpy, our new Best Buy, proved the most capable of the products we tested, with the highest detection rates, cleanest interface, and fastest scan speeds. And its $20 price for a year of updates and tech support is a bargain. You also won't be disappointed by Webroot's Spy Sweeper, which was almost as effective as CounterSpy, scans quickly, and is easy to use. Combining either product with HijackThis--and reasonable caution when installing dubious goodies--you should be able to keep your system pretty well spyware-free.

Subscribe to the Security Watch Newsletter

Comments