_From cnet by suchenfz


									(From cnet.com:

Back to: CNET forums | Community Newsletter: Q&A forum

Community Newsletter: Q&A forum
Message 1 of 48
                                                                                                        Next message

2/17/06 How does antispyware work?

Hey, CNET members! I am completely new to antispyware programs, and I would like to install one. However, I have
no idea how these programs work. Do they work like my antivirus app? How do they know which files are good and
which ones are bad? Do the programs need updating? I'd also like to know how to install these programs, if possible.
Thank you very much.

Submitted by: Silvana L.




Antispyware programs are a lot like antivirus applications:

• Both essentially consist of a scanning engine that relies on signatures files (also known as definitions or
fingerprints) to detect spyware and adware.
• Once a scan detects potentially harmful files, the antivirus or antispyware software will either ask you how it should
handle the detections or remove or quarantine them automatically.
• More comprehensive antispyware applications offer real-time protection akin to what antivirus programs offer. Real-
time protection monitors critical checkpoints in Windows. Antispyware software is designed to prevent the installation
of both spyware and adware, in a manner similar to how antivirus protection blocks viruses, worms, and Trojans from
• Your antivirus and antispyware software - and by extension, the protection they offer - is only as good as their
latest definitions. These types of programs need constant updating. The frequency of new signature (and software)
updates varies with the manufacturer, but it can be as often as every few days for antispyware signatures.
• Like antivirus software, some of the more comprehensive antispyware scanning engines use heuristic (rules-based)
technology to detect new and unknown threats for which signatures are yet to be released.
• Free versions of well-regarded programs are available. However, these usually have less features and/or limited
capabilities than their for-sale counterparts.
• Antivirus and antispyware applications are now commonly bundled with firewalls and other privacy tools as part of
security suites.
• Both antispyware and antivirus software are relatively simple to use.

There is one HUGE difference between antivirus and antispyware software (at least for the purpose of this discussion):

• Antispyware software, as a group, does not come close to matching the performance and track record of antivirus
applications. For instance, venerable products like Norton Antivirus and McAfee Viruscan block and/or remove nearly
every virus they are expected to protect against. (And their heuristic technology help protect against unknown
quantities!). By contrast, the best antispyware programs have a success rate of approximately 75%. That means they
still allow an awful lot of nasties to get through!

The mediocre performance is a testament to the creativity and persistence of the folks creating spyware. But it also
betrays the absence of reference standards that can be applied across the board, facilitating the comparison of
products from different manufacturers and the creation of an unified front in the war against spyware.

Because even the best antispyware program only protects against roughly three-quarters of known threats, many
security experts recommend installing two or three antispyware applications, with one of them providing real-
time protection. The thinking behind this strategy is that spyware "getting by" one application might be detected by
the other.

Fortunately, this is another area where antivirus and antispyware software differ: While running more than one
antivirus (or firewall) program at a time is a recipe for trouble, the same is not true for antispyware applications. In my
experience, you can run multiple programs with real-time protection without conflict, or even a noticeable degradation
in your computer's performance.

So which antispyware programs should you consider? I strongly recommend the following three:

1. Spybot Search & Destroy (http://www.safer-networking.org/en/index.html)

Well-respected, user-friendly program. Spybot S&D features a built-in tutorial that is a godsend for anyone new to the
antispyware game. You can also configure it to check for updates automatically. Real-time protection is available
through its Immunize function. New signatures usually released every Friday. Free download.

2. Ad-Aware SE Personal (http://www.lavasoftusa.com/software/adaware/)

Another free download. Excellent in detecting and removing tracking cookies. A post-scan summary provides
descriptions of threats found, their location in your computer, and their relative risk rating. Like Spybot S&D, Ad-Aware
SE boasts an excellent help file that gets you up to speed in no time. On the down side, real-time protection and
automatic updates require upgrading to Ad-Aware Plus, which costs $27. (But you can always configure the free
version of Ad-Aware to remind you to check for updates manually!) Lavasoft releases new signatures frequently, often
every few days.

3. Windows Defender (Beta 2) (http://www.microsoft.com/athome/security/spyware/software/default.mspx)

The folks in Redmond decided to show Windows users some love by releasing this new and updated version of
Windows AntiSpyware Beta 2 on Valentine's Day. (Easier than sending boxes of chocolates via Automatic Updates, I

Like Spybot S&D, Windows Defender offers real-time protection and automatic updates. In its present incarnation, this
program does not scan for tracking cookies, though the capability will be added later on. (Beta programs are "works in
progress," and as such might have some bugs and odd features. Overall, Windows Defender is stable enough to be
recommended even in its beta stage.)

Windows Defender excels in recognizing and blocking program attempts to change settings, edit the Windows registry,
or add items to startup. As such, it complements Spybot S&D and Ad-Aware SE quite well.

You undoubtedly realized that all three of my suggestions are free programs. There are other worthy antispyware
utilities available, and most of them cost about $30 a year. The latest issue of PC Magazine reviews nine of them. If
you are interested, you can read their findings on their website:


But before you part with your money, consider the following:

1. Given the lackluster performance of antispyware programs as a group, there is little reason to pay for something that
will offer little or no extra protection relative to the free utilities. The $30 might buy you speedier scans and improved
aesthetics, but hardly any more security. Even PC Magazine recommends that you back up your premium antispyware
utility with a freebie, often Spybot S&D;
2. In my experience, the pricier software tends to yield more false positives (items that are not truly spyware) - and
even some questionable detections. For example, files identified as "key loggers" might actually be legitimate
components that allow you to open a program by clicking on its desktop or taskbar icon. This aggressive scanning
might be built in by design, probably to give the impression of better protection. Because the files in question often
have obscure names, it can be challenging to find out their identity, and even quarantining them can lead to problems;
3. As previously mentioned, Spybot S&D, Ad-Aware Plus, and Windows Defender complement each other quite nicely,
and without slowing things down or software conflicts.
4. Once you become comfortable with antispyware software, you can always explore other titles to see what suits your
needs best.

I should also mention that antispyware software available as part of security suites, personal firewalls (e.g., ZoneAlarm
Pro 6) or antivirus software tend to be significantly weaker than their stand-alone counterparts - even the free versions.

Now that you know which programs to consider, you are ready to install them. Fortunately, installing antispyware
programs is a breeze.

The first thing to do is to go to the websites listed above (or to that of any software that interests you) and download
the installers (also known as setup programs). Alternatively, you can visit Download.com (http://www.download.com/),
enter the appropriate program name in the Search Box, and you will be taken to a page from which you can download
its installer. The download pages invariably include downloading and installation instructions, tips, and troubleshooting
sections or links. The same information can often be found in the Help and Support or FAQ's sections of the
manufacturers' websites.

Once the download is complete, close all Windows applications (e.g., Internet Explorer and/or Firefox windows, instant
messengers, etc, but NOT your firewall or your antivirus), and run the installer. A wizard will guide you through the
installation and configuration process, and your antispyware program will be up and running in no time. (If you can
point and click, you can install virtually any software!) Install one program at a time, and restart your computer before
installing the next one.

(You can always download and save several installers to your desktop, then run them one by one at your convenience.
You need not install all three programs right away. Installing one program at a time facilitates troubleshooting in case
problems arise from a bad installation or corrupted files. If something doesn't seem right, uninstall the program using
the Windows Add or Remove Programs utility found within your Control Panel, download a fresh copy of the installer,
and repeat the installation.)

It is imperative that you check for the latest updates immediately after installing an antispyware program. In all
likelihood, the installation wizard will ask you to do so, and will also ask you to perform an initial scan of your computer.
At this point in time, a "deep" scan is preferable to a "quick" one, though you can always run the more comprehensive
scan at your convenience. Realize, however, that a deep scan might take considerable time - often an hour or longer.
(Windows Defender's "quick scan" is anything but!)

While the scan is running, read the section in the help files (or tutorial) that discusses your first scan and the
interpretation of its results. Make sure you understand what the results of a scan mean before deleting anything.

Understand, the information provided by scan summaries sometimes makes it very hard to make informed decisions
about removal of cryptically named files. When in doubt, quarantine rather than delete, even if the recommended
or default action is to remove the file. This will allow you to restore any files that might have been incorrectly
identified as spyware. You can always use Google to find out more about mysterious detections, or check the
antispyware program's website for more detailed information. With time, you will recognize the type of detections that
truly require immediate attention.

Once the initial scan is completed, go over the program's settings (if you didn't do so during setup) to set preferences,
schedule automated scans and update checks, if applicable. You're done!

It is a good idea to scan your computer for spyware a few times a week. My personal preference is to let Spybot S&D
and Windows Defender handle real-time protection silently, and run Ad-Aware Plus manually a few times a week to
remove tracking cookies. And whenever new signature files are installed for a program, I run a quick scan.

It won't hurt to perform a more thorough scan from time to time, or if you suspect your computer to have been at a
higher risk for spyware exposure (e.g., P2P downloads, downloading free screen savers, someone navigating to
casino websites or "adult" areas of the web.)
Lastly, if you notice that a program's signatures have not been updated for a relatively long time, check the
program's website for a new version of the software. One thing I have noticed with antispyware programs is that
their automatic updates feature often fail to detect program upgrades. It will keep telling you that your definitions are up
to date or that there are no new ones available. In the case of Ad-Aware, the Checking for Updates dialog box will alert
you of a new program version in the "News" section, but the alert is easy to miss.

Hope this helps!

Miguel K.

P.S.: Another free antispyware program worth checking out is Tenebril's SpyCatcher Express
(http://www.tenebril.com/) SpyCatcher looks very promising, but in its default configuration it tends to quarantine a few
files that might cause your computer to freeze during startup. The description of the nature and location of detections is
somewhat incomplete, making restoring the right file a challenge. For these reasons, SpyCatcher is not a good choice
for someone unfamiliar with antispyware programs. For more experienced users, it is worth a try.

Submitted by: Miguel K. of Columbus, OH

To top