Monday 04 October 2004

Guide to Testing Anti-Spyware Tools

Eric L Howes, the guy who gave us a list of Rogue/Suspect Anti-Spyware products has been busy testing various Anti-spyware tools against a collection of spyware and adware programs (except CoolWebSearch).

Each anti-spyware tool were tested to detect the following:

  • executable files (.EXE / .COM)
  • dynamic link libraries (.DLL)
  • BHO-related Registry entries
  • toolbar-related Registry entries
  • browser setting-related Registry entries
  • browser extension-related Registry entries
  • auto-start Registry entries

They were also required to do the following:

  • find and remove files on the hard drive
  • kill running processes and remove the associated files
  • correctly uninstall BHOs, browser toolbars, and other browser extensions
  • find and remove Registry entries critical to the functioning of the spyware and adware applications

Here are his results:

It is perhaps note-worthy that Spybot Search and Destroy performed poorly though Ad-aware performed well. In my opinion, development of Spybot Search and Destroy seemed to have stagnated since version 1.3 was released and more importantly, definitions have been quite infrequent lately. On the other hand, Ad-aware development has been growing in leaps and bounds with frequent updates in definitions. I mention those two before they are the only anti-spyware tools I am familiar with though I shall have to start monitoring development in other anti-spyware tools from now on.

Eric draws the following general conclusions:

  • Spyware and adware can prove quite difficult to remove, even for dedicated anti-spyware scanners.
  • No single anti-spyware scanner removes everything. Even the best-performing anti-spyware scanner in these tests missed fully one quarter of the "critical" files and Registry entries.
  • It is better to use two or more anti-spyware scanners in combination, as one will often detect and remove things that others do not.
  • Where possible, users should become familiar with the use of HijackThis! in order to remove stubborn spyware and adware that standard anti-spyware scanners fail to remove. Less experienced users should know how to get help from the expert volunteers who provide free HijackThis! log advice and analysis at major anti-spyware forums.
  • [...]

Via Donna Buenaventura

Note:Internet Explorer users may notice that this article displays weird in their browser; it displays fine in all my other browsers and I am too stressed out to do anything about this tonight.

Related Reading