Best Defenders

Preventing Unidentified Spyware from Installing Isn't Easy (chart)

Some programs not only clean up known forms of spyware but also prevent as yet unidentified threats from reaching your system. They do this by monitoring certain areas of your system for suspicious activities. We created an application to perform several actions typical of spyware and adware installations, including adding Registry run keys, dropping a file in the Windows startup folder, changing the browser start and search pages, and overwriting the Hosts file. Here's how well the anti-spyware programs we tested detected these behaviors.

Paid Stand-Alone Programs Prevents changes to Registry run keys Prevents additions to startup folder Prevents changes to current home and start pages Prevents changes to default start and search pages Prevents overwriting of the HOSTS file Alerts and/or blocks Messenger Service
Webroot Software Spy Sweeper 4.0
$30
Yes Yes Yes No 1 Yes
McAfee AntiSpyware 2006
$30
No No No No No No
PC Tools Spyware Doctor 3.2
$30
No No No No No No
Sunbelt Software CounterSpy 1.029
$20
Yes No Yes Yes 2 Yes
Trend Micro Anti-Spyware 3.0
$30
No No No No No No
Free Stand-Alone Programs
Microsoft Windows AntiSpyware Beta 1.0.615
Free
Yes No Yes Yes 2 Yes
Lavasoft Ad-Aware SE Personal Edition 1.06
Free
No No No No No No
Safer Networking Spybot Search & Destroy 1.4
Free
3 No Yes Yes Yes No
Internet Security Suites
Panda Platinum Internet Security 2005
$50
No No No No No No
Symantec Norton Internet Security 2005 Anti-Spyware Edition
$80
No No No No No No
Zone Labs Internet Security Suite 6.0
$70
Yes No No No No No
FOOTNOTES:
1 Spy Sweeper continually reported a read error when encountering a Hosts file that had been altered, allowing the modifications to occur without intervention from Spy Sweeper.
2 Microsoft Windows AntiSpyware and Counter Spy alerted only on the last line involved in a Hosts file overwrite. For example, if the Hosts file is overwritten with another Hosts file containing eight redirects, only the eighth redirect on the list would be alerted on and blocked.
3 Spybot produced a misaligned dialog box, which prevented the user from allowing changes resulting from legitimate software installs. Safer Networking says that it will fix this bug with an upcoming software update.

How We Test: We performed testing on a 2.93-GHz Pentium 4 Acer Power FV computer running Windows XP Professional, Service Pack 1. (We used this version of Windows instead of Windows XP Professional, Service Pack 2, because the latter impacted the speed of our tests without making any changes to the protection offered by the anti-spyware products tested.) We collected dozens of spyware programs for our tests. These programs created 73 key components in our tests. The spyware components break down into processes that run actively in memory, modify Internet Explorer search and home pages, add toolbars and browser helper objects (BHOs), and alter Registry run keys and Windows services. We challenged the anti-spyware applications' ability to detect the components and processes and clean them up.

To get an idea of how well the anti-spyware programs deal with new and unknown spyware attacks, we also checked to see how they would deal with spyware-like behavior. We created an application to perform several actions typical of spyware and adware installations, including adding Registry run keys, dropping a file in the Windows startup folder, changing the browser start and search pages, and overwriting the Hosts file. We checked each anti-spyware application's ability to detect and block these activities.

See the Complete Special Report

The New Security War: In this Special Package
Best Defenders and Spy Sweeper Leads the Field (chart)
The Hidden Money Trail
Privacy in Peril
Is the Net Doomed?
Threat Alert: Spear Phishing
Threat Alert: Antivirus Killers
Threat Alert: Instant Messaging Attacks
10-Step Security
Security by the Numbers
More Security Resources on the Web

Also See Our In-Depth Online Series
Web of Crime

Mary Landesman researches spyware and viruses. She is About.com's antivirus guide.

Subscribe to the Security Watch Newsletter

Comments