Security

10 things to look for in an anti-spyware application


This information is also available as a PDF download.

Spyware has quickly outpaced viruses as a scourge to businesses. A 2005 FBI study revealed 79 percent of enterprise PCs in the United States are infected with spyware. Worse, according to a 2006 report by Radicati Group, each infestation costs businesses approximately $265 when downtime and repair are factored in.

By deploying and maintaining effective anti-spyware tools, organizations can protect themselves from lost productivity and potential data loss resulting from spyware infestation. Here are 10 things to look for when selecting an anti-spyware platform.

#1: A potent anti-spyware engine

An anti-spyware application is only as good as its signatures database. The application’s underlying anti-spyware engine must be comprehensive. Offerings from leading vendors track as many as three-quarters of a million potential infections, so it’s critical that the application you select has a sizable and potent anti-spyware database.

#2: Automatic updates

You should also ensure that the anti-spyware application you select updates automatically. New spyware and other forms of malicious software are released into the wild almost daily. Quality anti-spyware manufacturers continually update their code. Without those updates, anti-spyware applications quickly become outdated and, subsequently, ineffective.

The best anti-spyware programs support downloading updates automatically.

Most every anti-spyware program includes access to updates. Some, however, require that users manually download and apply them. In busy organizations, users have other responsibilities. Unless the employee is an IT staff member, maintaining a PC’s anti-spyware database isn’t included in their job description. So anti-spyware programs aren’t likely to remain current unless the feature’s built into the software application itself. Insist on an anti-spyware application featuring automated updates.

#3: Active protection

Some anti-spyware applications remove spyware infestations found only while conducting manual scans. To best prevent spyware from infecting a system in the first place, seek an anti-spyware program that includes active protection. By actively monitoring system, process, and network activity, a capable anti-spyware application can block malicious software from installing in the first place.

There’s no sense in waiting for a manually triggered scan to identify performance-robbing spyware and then have to remove it. Preventing the infection via active monitoring processes is by far the preferred option.

#4: Customizable scans

Look for an anti-spyware program that lets you schedule customizable scans. Different workstations are used for different purposes. Based on their intended use, some systems will benefit from more thorough anti-spyware scans. However, the anti-spyware program must support creating the customizable scans.

For example, systems frequently used for Internet browsing may well benefit from daily scheduled anti-spyware scans that check active memory, the Windows registry, the Windows directory, cookie folders, and all hard drives for infestation. On the other hand, systems rarely used for Internet browsing may require only weekly scans of their hard drives.

Seek an anti-spyware program that includes such flexible scanning features.

#5: Unattended capabilities

Standardize on an anti-spyware utility that permits unattended maintenance and administration. The ability to schedule unattended updates and scans ensures that the program you deploy provides effective coverage and protection.

Users typically require access to their desktops throughout the entire business day. So there’s little time for technical support staff to interrupt users' work for purposes of updating and scanning systems, especially when a thorough scan of a large hard drive can require more than an hour to complete. Neither do IT staffs have time to visit each workstation within the organization to manually configure updates or execute anti-spyware scans.

Good anti-spyware programs can schedule unattended anti-spyware scans (during off hours). Here you can see that AVG Anti-Spyware 7.5 offers scheduling tools as part of its feature set.

Scheduling unattended updates and thorough system scans during off hours, when no staff are present, helps optimize administrative time and productivity.

#6: Effective quarantining/containment

When unattended scans are configured, it’s critical that the anti-spyware application effectively quarantine infections that are found without requiring user interaction. Unless the anti-spyware program can contain active spyware and remove infections automatically, the application will essentially prove useless in business environments.

#7: Process monitoring

Spyware and adware programs exist in so many iterations and derivatives that it’s often difficult for even the best-built anti-spyware programs to catch every form of malicious software. However, anti-spyware tools can go a long way toward helping technology administrators track down and eliminate malicious software not yet identified or recognized as spyware.

AVG’s Anti-Spyware 7.5 includes a potent process monitoring menu from which administrators can terminate unwanted processes.

By including a process monitoring utility within the anti-spyware application, software manufacturers can simplify the task of identifying and eliminating unwanted software. Although many spyware programs hide themselves from Windows Task Manager, better anti-spyware programs include process monitoring features enabling support staff to track and eliminate malicious software Windows itself doesn’t see.

#8: Autostart monitoring

Along with providing support for monitoring active processes, anti-spyware applications should monitor programs that start automatically when Windows loads.

Spyware programs have become fairly sophisticated. Few appear within Control Panel’s Add/Remove Programs applet, and fewer still install within the Start | All Programs menu’s Startup folder. Thus, administrators require a potent anti-spyware program capable of monitoring programs that load automatically at Windows startup. Look for an anti-spyware program that includes autostart monitoring, thereby simplifying the process of removing unwanted software and blocking spyware from loading when Windows starts.

#9: Centralized administration

As mentioned in #5, technology administrators (particularly those in larger organizations) don’t have time to manually administer or support each individual workstation. It’s impractical for many technology staffs to attempt visiting each workstation in person to ensure anti-spyware engine updates are in place, scans are completing as scheduled, and infestations are being quarantined properly.

Webroot’s Spy Sweeper Enterprise has a wide range of centralized administration features. In addition to installing the anti-spyware software on systems throughout the organization, Spy Sweeper Enterprise enables remotely tracking errors, conducting sweeps (or scans), configuring updates and more.

In larger organizations, look for an anti-spyware application that includes a centralized administration console. Such products are often exponentially more expensive than their non-centralized administration-capable counterparts, but the time saved will more than make up the difference within busy IT departments.

#10: Quality reporting

Anti-spyware applications must include effective reporting capabilities. In addition to listing whether scans complete properly, good anti-spyware programs will track infestations that are found, the results of quarantine efforts, and confirmation that updates were downloaded and applied properly.

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

22 comments
Mond0
Mond0

We have a protocol in our shop called "BER" (Beyond Economical Repair). This means that at some point, usually 50% of replacement cost, you're better off wiping the drive and re-installing.

gm
gm

I would take #1, #3, #5, #2 as my priorities for selection of Anti-Spyware. Virus infection can be time consuming, but it is more tedious to repair a spyware infestation than a viral attack. I go for a product that performs very similar to an anti-virus product. Engine, unattended scans, active protection, automatic database updates.

mgraceaug5
mgraceaug5

cool info thanks! and I suggest the product of Trend Micro :)

BALTHOR
BALTHOR

If your computer still runs crummy after exhaustive spyware scanning you might try a Windows Repair.Boot to your Win XP CD>do not choose Recovery Console,press ENTER at this screen>you will see the Microsoft EULA,press F8>this next screen has REPAIR press R.I never register.You might have to adjust the Display Properties POWER for no display shut off after 20 min---choose NEVER>APPLY>OK.This method of repair leaves all of your installed programs in tact.You do not have to reinstall the drivers.I use this method even after a backup restore.I suspect that all of the XP files are erased and replaced.

shanthar
shanthar

anti spyware application is good as your files are protected and cannot be accessed by anyone. In all offices and department stores the anti spyware applications to be installed in the computers and so nobody can access their files.Business centres and commercial houses should make a note of ltand recommend to the authority concerned.

jmrwalker
jmrwalker

I've never had a virus infection for years, the spam I get is minimal and well signposted. How do I do it: AVG anti-virus free version Windows Defender Spyware Doctor In addition I run: Microsoft's old Registry Mechanic regularly PC World's RegClean which monitors full time. DEfender, Spyware Doctor and RegClean update themselves daily and I must say it's cost me next to nothing and no headaches. Try it. John Walker

lstell
lstell

Anti-spyware that is really spyware. How do you know when anti-spyware is really just more spy-ware?

Ontario Canada
Ontario Canada

Great article. So, who has an opinion on a product that meets these criteria? And - it's one thing to find spyware, but at what cost to ongoing system performance? And, the next challenge is to remove it without spending inordinate resources on the project. I've regularly used: Trend Antispyware (problematic in its early version), AVG (pretty good, but perhaps heavier resource usage), Defender (OK - but I've seen it let LOTS of stuff through). I hear good things about the Symantec product - but their support sucks.

nikitac
nikitac

This sounds so good & I have tried doing this but nothing happens. Do you just press R or is there more to it & I'm taking it too literal?

stbr25483
stbr25483

Hi, spywarewarrior.com has an extensive list of anti-spyware/virus applications that it deems to be suspect and the reasons why it believes this to be so. How often this is updated I am that sure of, but some entries suggest it is fairly regularly. As an aside it is possible to do a 'WhoIs' search on the URL given for suspect software peddlars and add the IP addreses to a list of blocked web sites. In addition, or alternatively, it is possible to go to mvps.com (please this check the link as it is from memory and may be wrong) and download a list of suspect web sites, which includes many of the peddlars of suspect software. Instructions on how to use the list are included on the web site. Hope this helps ST

CaptBilly1Eye
CaptBilly1Eye

Never download or use 'free scans' simply based on a pop-up or internet advertisement. Before trying out a new program (of any kind), it's always a good idea to do some research. I find good sources for product reviews are ZDNet & CNet. Other people have their favorites. http://review.zdnet.com/ http://www.cnet.com/

m.dupont
m.dupont

I clean home computer for a living: Recently i have needed up to 5 antivirus and as many antispyware programs. Each one find something that the other ones missed. And dont get me started on f.. rootkits. :)

link470
link470

I use Norton Systemworks 2007 Premium. Love the program for antivirus, I'm not a huge fan of Norton Internet Security, but Systemworks Professional/Premium is the way to go, works well for me. Then for anti-spyware I use a few different tools. Spybot Search and Destroy: Excellent immunization feature and a lightweight but powerful removal program. Ad-Aware 2007: Lavasoft's latest, the functionality of the program definitely seems to have improved, it's finding more in depth things including checking rootkitted files and files not indexed by Windows *cough Sony|BMG*. :) Windows Defender: While one of the posters above was completely right in that quite a bit does get past it, I still like having it chillin in my System Tray. Nothing like a giant brick wall with a check mark on it to make your day safer. ++Warm and Fuzzy Points Spyware Blaster: Hey, this program may not specialize in removing. But if I only have to run it once a week or so and immunize, why not have those extra entry points blocked. There you have it. Everyones preferences are different. People use Webroot Spysweeper, AVG AntiSpyware [which looks excellent as well] and various other programs, and heck, some even use spyware filled anti spyware programs from nice advertisements [morons] :D But now you know my line of defense.

CaptBilly1Eye
CaptBilly1Eye

Big Difference. Regardless, I haven't been able to find a single solution that does the 'perfect' job of blocking all spyware/adware/malware. For AV, I prefer AVG in conjunction with ZoneAlarm Pro. For AS, I use ZoneAlarm Pro's built-in AS, SpywareBlaster & SpywareGuard to block it, and then Ad-Aware and X-Cleaner Micro to remove what sneaks by. http://tinyurl.com/g1d9 http://tinyurl.com/3yj37 http://tinyurl.com/5kgsl http://tinyurl.com/357tuu SpywareBlaster does the best job of anything I've found in that it simply closes the Active-X doors in IE that known spyware peddlers use. The free version requires that you update it manually. I recommend you do that once every other week. It doesn't even use any system resources because it doesn't need to run in the background. SpywareGuard (also from Javacool) runs as a realtime blocker and uses the least amount of resources out of everything else I've tried. I also use ATF-Cleaner to empty the places where spyware/adware/malware typically hide after I do an extended surfing session or whenever I am suspicious before a reboot or shutdown. http://tinyurl.com/kqmvp

Mond0
Mond0

Pull the HD from the infected computer and attach it to a system with [b]commercial-level[/b] anti-virus, anti-spyware and root kit applications for full scanning. As for "how do I know it's bad?" Install McAfee's [i]free[/i] [url=http://www.siteadvisor.com/][b][u]SiteAdvisor[/u][/b][/url] and simply do a search for the application at Google. Along with the ad-blocking Hosts file from MVPS check out [url=http://hostsman.abelhadigital.com/][b][u]HostsMan[/u][/b][/url]. It can merge several good ad-blocking Hosts file replacements and keep yours updated automatically. HostsMan also contains HostsServer, which is a freeware local HTTP Server designed to speed up surfing when a custom hosts file is in use. It will display a message or an image when content is blocked and log blocked urls.

Ron_007
Ron_007

Research is the trick. Building a list of review sources you trust is a good idea. These will cover the higher profile packages. But in the end, your final check should be a net search tool like google or whatever your favorite it. Search for the name, and look for blog posts or discussion lists that comment on most current version. Make a point of confirming that the site is independent of the vendor. I've heard of malware vendors that put up seemingly separate sites with positive reviews. Don't forget, the "review" on the various download sites is usually provided by the vendor.

russgalleywood
russgalleywood

Thanks, ClamWin/ClamAV isn't bad if you want something simple and free for AntiVirus.

davidfacer
davidfacer

I have some 20 years experience with rogue code (virii and spyware) and hate it with a passion. I have seen spyware become a huge menace - not just to enterprises, but to the everyday SOHO user. I have seen newly loaded unprotected PC's become infected within 30 seconds of being online, without even opening any application or browser. There is no single product out that detects - either by regular scan or TSR watchdog - every bit of spyware current. I have used Lavasoft's Ad-Aware, only to find that AVG's product finds more spyware - then if I scan with Spy-Bot it finds more, only to find that XSoftSpySE finds even more! The same situation occurs if I reverse the order in which I scan. Then throw in ADS (Alternate Data Streams)on NTFS partitions - and lets face it - who doesnt use them and you have a nightmare heading at our end users like a runaway freight train. Should they have to purchase ALL these products just to have a clean machine? It seems the answer is a resounding "Yes", because spyware removal tools are not good enough to do the job that end-users want in a single package. Symantec tried to incorporate anti-virus, anti-spyware and other tools in one package, but it has really failed dismally in my opinion....but they had a good go at it. The problem lies that ani-spyware authors are always playing "catch-up" - it seems that spyware authors are always one step ahead of everyone else - but then, it keeps the anti-spyware authors going in a very lucrative market......is there a link there somewhere, u think? Because of jurisdictional problems in a global system, and actually having to catch people in the act of releasing rogue code, we may never face an end to that which once was such a simple problem - one that may ultimately spell the death knell for a lot of home Internet use. This problem of rogue code is as pervasive as international terrorism,and has broader implications than most people can envisage.The average Joe Blow doesn't have the money to regularly keep taking his computer back to a shop to get it cleaned out....but that is currently the case. I thank God daily for Microsoft providing the masses with such a poor O/S product - it needs re-loading so often, and its security is so poor that these basic problems keep me in business! Vista is not the saviour of the masses either....I have no idea what will, but things cant keep going along as they have been.....but "Big Business" will decide what happens in the future. Lol - enough of my ranting - I have no answer to the current rogue code crisis, but it has been steadily escalating since day 1 when the first virus was released...and I see no better future without change in the way we victims do things.

skip
skip

AVG does the job, if you want further protection try upgrading to the paid version.

Neon Samurai
Neon Samurai

I share files with Windows rigs so it's best to clean anything coming in for my own sake and anything going out for the recipient's sake. On my Win32 rigs I stick to AVG with ClamAV portable on USB when needed for fixing someone's machine. Both good stuff and Baud bless Clam for keeping the source visible.