Security

Lock IT Down: Uncover spyware on your systems with Spy Sweeper

See how Spy Sweeper can identify and remove spyware, and how it compares to other similar utilities.

Spy Sweeper from Webroot Software is one of many spyware-removal utilities on the market, and, according to Webroot, it offers you a "sophisticated database of spyware definitions, the power to disable spyware, and the knowledge you need to analyze your risks." Does it live up to these claims? Can it convince me to switch from my longtime spyware-removal favorite Ad-aware from Lavasoft? As an IT support pro, should I recommend this product to my users instead of Ad-aware 6 Personal? Let's find out.

Acquiring and installing Spy Sweeper
Spy Sweeper will run on Windows 98, NT4, Me, 2000, and XP. It requires a 150-MHz processor or better, 15 MB of free hard drive space, at least 32 MB of RAM, and a CD-ROM drive if you want to install it using a CD. It was easy to get my hands on a trial copy of Spy Sweeper by downloading the 1.33 MB installation file from Webroot's downloads page. Although the downloads page said the installation file was 2.2 MB, the file I retrieved was only 1.33 MB. I'm not sure why there was a difference, but the file I downloaded installed properly so I assumed the information on the Web site hadn't been updated.

This brought me to my next question: How long can I use my trial copy of Spy Sweeper? Webroot's download page simply stated that I could use my fully functional trial software for a "limited time." It never specified whether this meant 30 days (as is typical of many trial software periods) or 30 years. I even read through the Spy Sweeper License agreement and was unable to come up with an answer. That left me with only one option: Call Webroot for more information.

I spoke with a very helpful and pleasant individual in Webroot's sales department who told me that the trial version of Spy Sweeper would work indefinitely, but that neither the spyware definitions nor the program itself could be updated. To update the software, I'd need to purchase a subscription: $29.95 for one year and $39.95 for two years. With that question answered, I was ready to install the software.

Installing Spy Sweeper was quick and easy. I double-clicked the installation file and proceeded through the installation wizard. As with most installation wizards, this one asked me to choose a path for the installation, to accept the EULA, to choose a location for the program shortcut, and a few other standard questions. Near the end of the installation process, the wizard also asked me to activate my copy of Spy Sweeper by providing my e-mail address.

I assumed that this "activation" screen was merely used to collect e-mail addresses for marketing purposes, so I decided to skip it and finish the installation. Once the installation finished, I closed the wizard and ran Spy Sweeper by clicking its icon from the Start menu. Being that this was the first time I had run Spy Sweeper, I was asked to update my spyware definitions, as shown in Figure A. I clicked Yes, and the updating process proceeded normally. This would be the only time I'd be able to update the spyware definitions. When I tried to do so at a later date, I was prompted to purchase a subscription, as the sales representative said I would be.

Figure A
When you run Spy Sweeper for the first time, it automatically updates your spyware definitions.


Updating the spyware definitions took only a few moments, and once that process was complete, Spy Sweeper's main screen, shown in Figure B, appeared.

Figure B
Spy Sweeper's main screen allows you to take a variety of spyware-removal actions and easily access program options.


While looking over Spy Sweeper's main screen, I quickly noticed the subscription service status indicator in the top right-hand corner, as shown in Figure B. You can see that it says Subscription Service: Not Activated. This started me thinking about that "activation" screen I had seen during the installation. I began to wonder if I should have activated the software or if activation was the same as purchasing a subscription or something different. If I activated the software, but didn't purchase a subscription, could I update the spyware definitions and program? Again I turned to my Webroot sales representative. Although he said he hadn't seen this screen personally, he believed my original assumption was correct. This activation screen was used to collect marketing data and was completely unrelated to Spy Sweeper's subscription offerings.

The next confusing item I noticed about Spy Sweeper was its version number. The download page said the installation file was for Spy Sweeper version 2.1, but once the installation was complete, Spy Sweeper reported being version 1.5.0 (Build 6). I was a little concerned by this discrepancy but continued with the assumption that I had the latest trial version and that the download site was simply mislabeled using the version of the latest subscription product. Later, when testing Spy Sweeper, I was informed that a new version of the software, Spy Sweeper 2.0, was available. But I was unable to update to this version because I didn't have a subscription.

Using Spy Sweeper
With my spyware definitions updated and my questions answered, I was finally ready to begin using Spy Sweeper. Before performing my first scan, I checked out the program's Options screen, shown in Figure C.

Figure C
From the Options screen, you can configure Spy Sweeper's scanning process, schedule routine scans, and set up IE protection options.


For simplicity's sake, I decided to leave the default options in place and perform a Full Sweep on my Windows XP, 1-GHz Athlon test machine. I clicked the Full Sweep button and then clicked Start.

Full Sweep vs. Quick Sweep
Spy Sweeper offers two spyware scanning options: Full Sweep and Quick Sweep. Like its name implies, a Full Sweep scans all items loaded into the computer's memory, the Windows registry, files, and folders on the machine's hard drives. During a Quick Sweep, Spy Sweeper scans the memory items and the Windows registry, but only a very limited number of files and folders on the machine's hard drives. The Quick Sweep takes around 2 1/2 minutes compared to the Full Sweep's 10 minutes or more (the file and folder scanning takes longer).

When the sweep finished about 10 minutes later, Spy Sweeper reported finding 24 spyware items and 33 associated traces, as shown in Figure D. A single piece of spyware can manifest itself in multiple ways; the term traces is used to define individual instances of spyware.

Figure D
A Full Sweep took around 10 minutes on my 1-GHz Athlon test machine running Windows XP.


I clicked Next, and Spy Sweeper displayed a list of each spyware item it found, as shown in Figure E.

Figure E
Once Spy Sweeper completes a sweep, you can select which items should be removed and placed in the Quarantine folder.


From this screen, I was able to select which items I wanted Spy Sweeper to remove and place in the Quarantine folder. Placing items in a Quarantine folder instead of removing them instantly allows you to restore the item in case the removal causes problems. I could also get more information about each spyware item by selecting the item and clicking the More Details button. Browsing through the list, I saw nothing I wanted to keep, so I clicked Select All and then clicked Next to continue. After the spyware items were removed and placed in the Quarantine folder, Spy Sweeper displayed a summary of the scanning and removal process, as shown in Figure F.

Figure F
Once Spy Sweeper has removed and quarantined the spyware items it finds, you're given a summary of the process.


With the scanning, removal, and quarantining processes complete, I decided to check out the quarantined items and remove them permanently. I clicked the Quarantined button from the left side of the Spy Sweeper screen and was presented a list of quarantined items, as shown in Figure G.

Figure G
Once Spy Sweeper has placed a piece of spyware in the Quarantine folder, you can easily remove or restore it from the Quarantine screen.


Normally, I would have removed all the quarantined items by clicking Select All and then Delete Selected, but I wanted to compare Spy Sweeper's scanning ability with that of Ad-aware 6 Personal, so I chose to restore the items by clicking Restore Selected.

Spy Sweeper vs. Ad-aware 6 Personal
Now that I had performed a Full Sweep with Spy Sweeper, it was time to put Ad-aware 6 Personal to the same test. I wanted to know whether Ad-aware would find more, less, or the same number of spyware items as Spy Sweeper.

I opened Ad-aware and made sure I had the latest updates. (I really like being able to update Ad-aware without a subscription.) I then started a scan using the default settings. Ad-aware has only one type of scan, but you can customize it to be more or less thorough. Using the default settings would scan memory items, the Windows registry, files, and folders on the hard drive. This would give me a similar scan to that of Spy Sweeper's Full Sweep.

The scan took about 6 1/2 minutes to complete, less than Spy Sweeper's 10 minutes. Ad-aware had found 29 spyware instances—fewer than Spy Sweeper's 33 instances; but as I compared the lists, it appeared that Spy Sweeper counted some items twice. Both products found the same two registry entries and multiple cookies—which was the most common form of spyware found. Ad-aware did, however, flag a Windows Media Player unique ID entry in the registry as spyware. Spy Sweeper did not. Like Spy Sweeper, Ad-aware will remove and place items in a Quarantine folder until you want to delete or restore them.

Final thoughts
Overall, Spy Sweeper did a good job of finding and removing spyware from my test PC. It installed without a flaw and ran without any problems. Spy Sweeper also offers a wide range of scanning options; plus, the staff—at least the sales rep I talked to—was polite and knowledgeable.

Despite these positives, I'm sticking with Ad-aware 6 Personal for now. Although both performed scans equally well, Ad-aware offers several benefits. First, and most important, I can update both the Ad-aware application and the definition file without spending $29.95 for a yearly subscription. Second, Ad-aware lacks the ever-present advertising that I found in Spy Sweeper's trial version. While I understand that the version I evaluated was only a trial version and that Webroot needs to sell its products, ads were a little too prevalent for my taste, and there are other free alternatives without such advertising. Third, Webroot should change the "activation" screen that asks for your e-mail address during installation to a "registration" screen. This would avoid any confusion about what this information is being used for.

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

0 comments

Editor's Picks