10 things to look for in an anti-spyware application

This information is also available as a PDF download.

Spyware has quickly outpaced viruses as a scourge to businesses. A 2005 FBI study revealed 79 percent of enterprise PCs in the United States are infected with spyware. Worse, according to a 2006 report by Radicati Group, each infestation costs businesses approximately $265 when downtime and repair are factored in.

By deploying and maintaining effective anti-spyware tools, organizations can protect themselves from lost productivity and potential data loss resulting from spyware infestation. Here are 10 things to look for when selecting an anti-spyware platform.

#1: A potent anti-spyware engine

An anti-spyware application is only as good as its signatures database. The application's underlying anti-spyware engine must be comprehensive. Offerings from leading vendors track as many as three-quarters of a million potential infections, so it's critical that the application you select has a sizable and potent anti-spyware database.

#2: Automatic updates

You should also ensure that the anti-spyware application you select updates automatically. New spyware and other forms of malicious software are released into the wild almost daily. Quality anti-spyware manufacturers continually update their code. Without those updates, anti-spyware applications quickly become outdated and, subsequently, ineffective.

The best anti-spyware programs support downloading updates automatically.

Most every anti-spyware program includes access to updates. Some, however, require that users manually download and apply them. In busy organizations, users have other responsibilities. Unless the employee is an IT staff member, maintaining a PC's anti-spyware database isn't included in their job description. So anti-spyware programs aren't likely to remain current unless the feature's built into the software application itself. Insist on an anti-spyware application featuring automated updates.

#3: Active protection

Some anti-spyware applications remove spyware infestations found only while conducting manual scans. To best prevent spyware from infecting a system in the first place, seek an anti-spyware program that includes active protection. By actively monitoring system, process, and network activity, a capable anti-spyware application can block malicious software from installing in the first place.

There's no sense in waiting for a manually triggered scan to identify performance-robbing spyware and then have to remove it. Preventing the infection via active monitoring processes is by far the preferred option.

#4: Customizable scans

Look for an anti-spyware program that lets you schedule customizable scans. Different workstations are used for different purposes. Based on their intended use, some systems will benefit from more thorough anti-spyware scans. However, the anti-spyware program must support creating the customizable scans.

For example, systems frequently used for Internet browsing may well benefit from daily scheduled anti-spyware scans that check active memory, the Windows registry, the Windows directory, cookie folders, and all hard drives for infestation. On the other hand, systems rarely used for Internet browsing may require only weekly scans of their hard drives.

Seek an anti-spyware program that includes such flexible scanning features.

#5: Unattended capabilities

Standardize on an anti-spyware utility that permits unattended maintenance and administration. The ability to schedule unattended updates and scans ensures that the program you deploy provides effective coverage and protection.

Users typically require access to their desktops throughout the entire business day. So there's little time for technical support staff to interrupt users' work for purposes of updating and scanning systems, especially when a thorough scan of a large hard drive can require more than an hour to complete. Neither do IT staffs have time to visit each workstation within the organization to manually configure updates or execute anti-spyware scans.

Good anti-spyware programs can schedule unattended anti-spyware scans (during off hours). Here you can see that AVG Anti-Spyware 7.5 offers scheduling tools as part of its feature set.

Scheduling unattended updates and thorough system scans during off hours, when no staff are present, helps optimize administrative time and productivity.

#6: Effective quarantining/containment

When unattended scans are configured, it's critical that the anti-spyware application effectively quarantine infections that are found without requiring user interaction. Unless the anti-spyware program can contain active spyware and remove infections automatically, the application will essentially prove useless in business environments.

#7: Process monitoring

Spyware and adware programs exist in so many iterations and derivatives that it's often difficult for even the best-built anti-spyware programs to catch every form of malicious software. However, anti-spyware tools can go a long way toward helping technology administrators track down and eliminate malicious software not yet identified or recognized as spyware.

AVG's Anti-Spyware 7.5 includes a potent process monitoring menu from which administrators can terminate unwanted processes.

By including a process monitoring utility within the anti-spyware application, software manufacturers can simplify the task of identifying and eliminating unwanted software. Although many spyware programs hide themselves from Windows Task Manager, better anti-spyware programs include process monitoring features enabling support staff to track and eliminate malicious software Windows itself doesn't see.

#8: Autostart monitoring

Along with providing support for monitoring active processes, anti-spyware applications should monitor programs that start automatically when Windows loads.

Spyware programs have become fairly sophisticated. Few appear within Control Panel's Add/Remove Programs applet, and fewer still install within the Start | All Programs menu's Startup folder. Thus, administrators require a potent anti-spyware program capable of monitoring programs that load automatically at Windows startup. Look for an anti-spyware program that includes autostart monitoring, thereby simplifying the process of removing unwanted software and blocking spyware from loading when Windows starts.

#9: Centralized administration

As mentioned in #5, technology administrators (particularly those in larger organizations) don't have time to manually administer or support each individual workstation. It's impractical for many technology staffs to attempt visiting each workstation in person to ensure anti-spyware engine updates are in place, scans are completing as scheduled, and infestations are being quarantined properly.

Webroot's Spy Sweeper Enterprise has a wide range of centralized administration features. In addition to installing the anti-spyware software on systems throughout the organization, Spy Sweeper Enterprise enables remotely tracking errors, conducting sweeps (or scans), configuring updates and more.

In larger organizations, look for an anti-spyware application that includes a centralized administration console. Such products are often exponentially more expensive than their non-centralized administration-capable counterparts, but the time saved will more than make up the difference within busy IT departments.

#10: Quality reporting

Anti-spyware applications must include effective reporting capabilities. In addition to listing whether scans complete properly, good anti-spyware programs will track infestations that are found, the results of quarantine efforts, and confirmation that updates were downloaded and applied properly.


Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

Editor's Picks