Security

Best Defenders

Preventing Unidentified Spyware from Installing Isn't Easy (chart)

Some programs not only clean up known forms of spyware but also prevent as yet unidentified threats from reaching your system. They do this by monitoring certain areas of your system for suspicious activities. We created an application to perform several actions typical of spyware and adware installations, including adding Registry run keys, dropping a file in the Windows startup folder, changing the browser start and search pages, and overwriting the Hosts file. Here's how well the anti-spyware programs we tested detected these behaviors.

Paid Stand-Alone Programs	Prevents changes to Registry run keys	Prevents additions to startup folder	Prevents changes to current home and start pages	Prevents changes to default start and search pages	Prevents overwriting of the HOSTS file	Alerts and/or blocks Messenger Service
Webroot Software Spy Sweeper 4.0 $30	Yes	Yes	Yes	No	1	Yes
McAfee AntiSpyware 2006 $30	No	No	No	No	No	No
PC Tools Spyware Doctor 3.2 $30	No	No	No	No	No	No
Sunbelt Software CounterSpy 1.029 $20	Yes	No	Yes	Yes	2	Yes
Trend Micro Anti-Spyware 3.0 $30	No	No	No	No	No	No
Free Stand-Alone Programs
Microsoft Windows AntiSpyware Beta 1.0.615 Free	Yes	No	Yes	Yes	2	Yes
Lavasoft Ad-Aware SE Personal Edition 1.06 Free	No	No	No	No	No	No
Safer Networking Spybot Search & Destroy 1.4 Free	3	No	Yes	Yes	Yes	No
Internet Security Suites
Panda Platinum Internet Security 2005 $50	No	No	No	No	No	No
Symantec Norton Internet Security 2005 Anti-Spyware Edition $80	No	No	No	No	No	No
Zone Labs Internet Security Suite 6.0 $70	Yes	No	No	No	No	No
FOOTNOTES:
1 Spy Sweeper continually reported a read error when encountering a Hosts file that had been altered, allowing the modifications to occur without intervention from Spy Sweeper.
2 Microsoft Windows AntiSpyware and Counter Spy alerted only on the last line involved in a Hosts file overwrite. For example, if the Hosts file is overwritten with another Hosts file containing eight redirects, only the eighth redirect on the list would be alerted on and blocked.
3 Spybot produced a misaligned dialog box, which prevented the user from allowing changes resulting from legitimate software installs. Safer Networking says that it will fix this bug with an upcoming software update.

How We Test: We performed testing on a 2.93-GHz Pentium 4 Acer Power FV computer running Windows XP Professional, Service Pack 1. (We used this version of Windows instead of Windows XP Professional, Service Pack 2, because the latter impacted the speed of our tests without making any changes to the protection offered by the anti-spyware products tested.) We collected dozens of spyware programs for our tests. These programs created 73 key components in our tests. The spyware components break down into processes that run actively in memory, modify Internet Explorer search and home pages, add toolbars and browser helper objects (BHOs), and alter Registry run keys and Windows services. We challenged the anti-spyware applications' ability to detect the components and processes and clean them up.

To get an idea of how well the anti-spyware programs deal with new and unknown spyware attacks, we also checked to see how they would deal with spyware-like behavior. We created an application to perform several actions typical of spyware and adware installations, including adding Registry run keys, dropping a file in the Windows startup folder, changing the browser start and search pages, and overwriting the Hosts file. We checked each anti-spyware application's ability to detect and block these activities.

See the Complete Special Report