In the beginning, antivirus software fought viruses and worms, and antispyware software fought spyware and adware. That clean distinction has largely disappeared. The decline of the macro virus and the e-mail worm sent antivirus companies looking for something else to fight, and the complexity of spyware makes it a formidable foe. (See "The Italian Job," for an example of how sneaky spyware can get.)
As we discussed in our recent antivirus roundup, "Virus Stoppers," several antivirus products are effective at fighting Trojan horses and backdoor programs--typically classified as spyware--as well as adware. So the question arises: Are specialized antispyware tools particularly effective at fighting today's threats?
To find out, we looked at six well-known programs. We tested five--Grisoft's AVG Anti-Spyware 7.5, Microsoft's Windows Defender 1.1, PC Tools' Spyware Doctor 5.0, Safer Networking's Spybot Search & Destroy 1.4, and Webroot's Spy Sweeper 5.5--on Windows Vista systems.
The sixth program, Lavasoft's Ad-Aware 2007 Plus, wasn't available in a Vista version during our testing period, so we evaluated its performance on a Windows XP SP2 PC; for this reason, its results are not directly comparable with those for the other apps.
German research company AV-Test.org conducted the malware portion of our tests, bombarding the applications with samples of current adware and spyware. AV-Test.org gauged the products' ability to recognize about 110,000 inactive adware, spyware, and rootkit samples. An inactive sample is like an application you've downloaded and haven't yet installed. You'll want your antispyware product to recognize it--based on a match to a signature database of known threats--before the sample unpacks itself and activates in various areas of your PC.
To learn how the tools would react in such a case, AV-Test also measured each product's ability to recognize the behavior of and subsequently clean up 20 active pieces of adware and spyware. Since each threat can break down into more than 100 components, disinfection can be a tough job. We looked for the programs to clean up major file and Registry changes.
We also looked at the programs' behavior-based capabilities for detecting and blocking changes to key areas of an infected system without having to recognize anything about a specific invader. Spyware writers are continually releasing new threats, and security companies typically take some time to release signatures to catch those threats. An antispyware product's behavior-based detection protects the user during this critical window. We also tested for false positives and for speed; and we evaluated each software's design, price, and ease of use.
PC Tools' Spyware Doctor 5.0 outperformed its Vista competitors. Grisoft's AVG Anti-Spyware 7.5 and Webroot's Spy Sweeper 5.5 finished some distance behind. Neither Spybot Search & Destroy nor Windows Defender adequately protects against today's threats. And on Windows XP, Lavasoft Ad-Aware, in several performance areas, did not impress us.