Antispyware products put to a test
There is no doubt that spyware is a problem, but when a vendor of anti-spyware software claims 87% of pcs have on average 34 pieces of spyware per machine installed…… you do have to wonder. And when they claim that in part on FREE anti-spyware software…..
“Security analysts blame this increasing infection rate on the adoption of free anti-spyware programs that use outdated technology and don’t provide immediate threat definitions to combat against new and emerging threats. To guard against new spyware programs, home computer users must use an anti-spyware program with frequent definition updates and engines that are capable of removing the toughest spyware from deep within the operating system. Unfortunately, users who only install free anti-spyware programs do not get access to frequently updated definitions and versions.”
Security Fix writer Brian Krebs decided to put a few tools to the test, including that of the company that released the report that the above snipet comes from. (Webroot) Apparently (for starters) tracking cookies were used to make up the # of infections per pc number above. Well, truth is, most web browsers mac/linux/windows probably have a tracking cookie from SOMEPLACE that SOME company considers to be spyware. (Unless they reject cookies entirely) I remember seeing one antispyware tool complain about doubleclick cookies.
Anyway, Brian tested out a couple of free tools against Webroot’s Spysweeper. (Windows defender, ad-aware and spywareblaster were tested.) They were all tested against spycar which is …
Spycar is a suite of tools designed to mimic spyware-like behavior, but in a benign form. Intelguardians created Spycar so anyone could test the behavior-based defenses of an anti-spyware tool.
The bottom line is none of the tools prevented all the attacks. It does sound as though SpySweeper did perform better than the other tools in some areas. SpywareBlaster and Ad-Aware didn’t prevent any of the attacks, although with regards to Ad-Aware he notes…
(in hindsight, including it was kind of a silly thing to do because the free program doesn’t come with real-time detection — just on-demand scanning. In fairness, it found all of Spycar’s registry changes in a subsequent on-demand scan.)
It would be interesting to see how Spybot-Search and destroy would have fared in the real time detection, but… given that these were attacks instead of specific spyware… I really wonder.
Windows Defender prevented one registry change attempt, but allowed others and sat idly as internet option tabs vanished as the spycar ran through it’s tricks. (Defender also let spycar change the hosts file…)
Spysweeper did come out on top in the frequency of updates area (which in anti-spyware software is the key these days.) With 13 updates in the last month compared to 7 for Defender and Ad-aware and 2 for spywareblaster. (Again I wonder about spybot s&d…)
One comment on the article mentions pctools product Spyware Doctor as being very good, obviously not free, but very good. That reminds me there are a few pctools tests that I’ve been meaning to get around to looking at. Thanks for your testing Brian…