Problems? See this thread at archive.org.
A Comprehensive Guide to Antispyware Software
By Omneus
Last Updated: June 29 2006
*Note: This guide is an informative overview of antispyware software. I have already posted a similarly designed guide on antivirus software. If you wish to, please go here: http://forum.notebookreview.com/showthread.php?t=61129 and read it.
Introduction
Spyware is everywhere. Without some sort of protection, it is almost guaranteed that you will eventually experience very irritating problems later. Spyware is designed for many purposes. Sometimes, it monitors the computer in the hopes of gaining access to secure private information. Other times, it causes annoying advertisements to constantly pop-up. There are many different utilities that can be downloaded to try to fix this problem, but one thing you should realize is that no single utility is perfect. New spyware is being released, redesigned, and implemented every day, and even if you spend money on the best spyware defence, no single application will offer perfect protection. Do to the nature of the threat, the best defence is knowledge, common-sense, and multiple antispyware utilities.
There are three main techniques used to stop spyware. The first is the immunization technique. Spyware is generally acquired through specific cookies, scripts, sites, or other objects. Basically, this technique involves preventing these objects from infecting your computer by simply blocking them using a restricted sites list. Assuming that the threat is on the list, the threat will simply not be downloaded at all, and so your computer will remain safe. The main drawback of course, is that even the best block lists there are will only block a fraction of the potential threats, and without other forms of protection, this technique would be fairly ineffective. The second technique is the signature technique. Basically, antispyware companies analyze the particular threat and create a definition or signature. The software then scans using that signature to find that threat. Theoretically, if you had a complete list of every threat and its corresponding signature, you would be completely protected. Unfortunately even the most thorough databases of definitions can only detect a decent percentage of threats, and you will still probably get infected even if you use a single signature scanner. The final technique is the heuristic approach. Heuristic programs look for spyware by its behaviour, and so are accurate at identifying them when they activate. Unfortunately, heuristic scanners are generally less effective than good signature scanners, and although they are useful to have, against spyware they arent usually that useful.
Antispyware software is fairly excellent when multiple products are used. Unlike AV software, no individual product has overwhelmingly high detection rates or support, and there are no real sources of testing or reviews which could be used to distinguish how effective products actually are. There are many reviews that say products like Spy Sweeper are the best, but their inferior testing, somewhat biased opinions, and lack of resources prevent them from being very conclusive. The only way to protect yourself would be to download and use some, if not all or the free utilities you can; specifically ones which operate using different techniques to stop spyware. If you have a spyware problem, the best way to fix it is simply to download and use lots of scanners to try to find and neutralize the threat. In extreme cases, this technique will fail, but for almost all cases, that is the best solution.
The Software
The utilities I analyzed were Ad-Aware SE Personal, Spybot Search and Destroy, Windows Defender Beta 2, Hijackthis, Spy Sweeper, CounterSpy, Spyware Blaster, IE-SPYAD, Prevx1, and Spyware Guard. I used the free trials of Spy Sweeper and CounterSpy, and the free versions of everything else. I read and analyzed every recent review/article I could find on any/all of these products, and tested them myself as well. Although they arent necessarily the best, Ad-Aware SE Personal, Spybot SD and Hijackthis are the most common utilities used to detect and remove spyware.
The Immunization Tools Of these utilities, IE-SPYAD, Spyware Blaster, and to some extent Spybot SD are the only ones which use some form of immunization. Spybot SD uses a ban list of sites to help to immunize IE, while Spyware Blaster also immunizes IE against various ActiveX scripts and BHOs as well. IE-SPYAD was created and maintained unofficially, and performs roughly the same action. Do to the overlap between their restrictions; it is difficult to determine which is better. Spybot is the only one which can perform other scanning functions as well, whereas Spyware Blaster is the best at immunizing against scripts or BHOs. Using any or all of these utilities would be highly recommended, and would be fairly useful in protecting against spyware.
The Heuristic Tools Of these utilities, Hijackthis, Spyware Guard, and Prevx1 are the only ones which utilize some form of heuristic detection. These utilities are all somewhat unique, and are all fairly equal in effectiveness. Hijackthis is a generic antispyware utility. If performs a scan which reveals information which could be used to determine if there is an infection. Rather than trying to find and eliminate it, Hijackthis is designed to simply tell you if there is an infection. The tool will be able to reveal most infections, and with the help of various support forums or other antispyware tools, is an effective tool. Spyware Guard and Prevx1 offer real-time protection. They monitor the computer, and whenever an action that could be identified with spyware occurs, they alert you, try to prevent it, and could be used to neutralize the threat. Prevx1 is probably slightly more powerful than Spyware Guard, and Hijackthis is probably the most useful in determining if you are already infected with spyware. Spyware is difficult to combat using heuristic software. Generally, powerful signature scanners will be more accurate and effective at protecting you than heuristic detection, but as a failsafe, heuristic detection is the best choice. The best way to protect against yourself against spyware is to use multiple antipspyware tools. If would be highly beneficial if one of those tools was heuristic; since it could protect you when the other tools fail.
The Signature Tools Ad-Aware SE Personal, Spybot SD, and Windows Defender are the signature-based utilities. Their corresponding developers compiled databases of all the different spyware threats, and use signatures to detect them. Since these are all free products, the developers generally dont have the resources to create massive signature databases. Spybot for instance is a good program. It is very fast and efficient at finding and detecting whatever threats it has signatures. However, its signature database isnt that good, and it will only be able to find the fairly common mainstream threats; not necessarily the obscure threat you may actually have. The same goes for Ad-Aware and Windows Defender. Ad-Aware is slightly slower and less efficient than Spybot. It may not find all the threats that Spybot does, but it will probably be able to find other threats which Spybot cant. Ad-Aware also has the ability to find ADS; a somewhat useful function which Spybot doesnt have. ADS isnt directly a threat to you, but could theoretically be used by hackers or particularly malicious threats to harm you. Windows Defender is the weakest of these three. Because its still in Beta 2, it still has bugs and flaws which havent been resolved. Microsoft, although a decent company overall, is simply to busy with the XBOX 360 and Windows Vista to devote full effort into a program like this. Although it is a decent tool, it isnt really any better than most other freeware tools. Overall, these tools are weak individually; however in combinations, they provide excellent protection.
The Professionals Other than free trials, Spy Sweeper and CounterSpy are considered the professionals, since you have to spend money to use them. Both products are developed by good companies, and employ relatively standardized signature-based approaches to preventing spyware. Both have large signature databases, and are much more thorough individually than freeware products like Spybot SD. They offer much better real-time protection, and are actually worth spending money on (if you are planning to anyway). Spy Sweeper is slightly better for real-time protection than CounterSpy, but CounterSpy is slightly more efficient, and runs better. Spy Sweeper and CounterSpy are pretty much the best of the professional products. There are fairly good alternative products, like Spy Doctor, but based of professional review, general consensus, testing, etc these products are the best. If you choose to use a large arsenal of freeware utilities, you will have an excellent defence. If your arsenal is made up of these products, you will also have an excellent defence. As far as individual programs, these are among the absolute best. The more utilities you use, the better defence you have, and using these in combination with other tools like Hijackthis would be the optimal choice.
Summary
Spyware is a prevalent and highly irritating threat. It can corrupt your computer, cause irritating pop-ups, redirect your browser, or perform other somewhat damaging but mostly inconvenient results. Using common-sense, avoiding bad sites, and not downloading spyware-infected BHOs can significantly reduce the threat, but without actual protection, you are still vulnerable. The best defence against spyware is a multi-layered one. By using multiple different utilities; hopefully combinations of heuristic, signature-based, or immunization-based utilities; you can make yourself virtually immune to spyware. The more products you use, the better protected you will be. Individually, the best products are generally the paid-professional products, but a good defence isnt dependant on having one. Free tools like Ad-Aware SE Personal, Spybot SD, and Hijackthis should be staples in almost any spyware arsenal. As well, programs like Spyware Blaster and Spyware Guard could significantly enhance the level of protection, as could products like Spy Sweeper. Most people will tell you that the best defence would be if you used Ad-Aware, and Spybot SD. Some would add Hijackthis, or Spyware Blaster to the list, and other would say that Spy Sweeper is the best. There is no best antispyware program; simply good and better programs which can help protect your computer. Since most of the utilities are free, the best solution would be to download and try all the utilities yourself, and to pick the programs which you like the best. By using a variety of different tools, hopefully you can detect and prevent the threats so that the never occur again.
Thanks for Reading!
-
-
Great guide!! Should be very helpful to a lot of people!!
-
Very nice guide
-
Can someone please explain to me how to use spyware blaster? What settings should I use? It makes no sense to me.
Is there a way to scan things?
-
-
o sorry i didn't mention that.. been using comodo pro for a long time.... always wanted to test online armour though.. but it hasn't come out for vista yet..
A Comprehensive Guide to AntiSpyware Software
Discussion in 'Security and Anti-Virus Software' started by Omneus, Jun 29, 2006.
