Product Group Tests

Anti-spyware 2007

Group Summary

The bottom line on choosing an anti-spyware product for your enterprise is to understand your environment clearly and have an overarching anti-malware strategy into which the anti-spyware product fits.

How we built the anti-virus and anti-spyware matrices

The anti-virus and anti-spyware matrices are a subset of the far larger product descriptions used by West Coast Labs in their certification testing. We analyzed these matrices and selected the features that, first, show differentiation between products and, second, provide a good picture of the product and its capabilities. We then verified the contents of those matrices with the vendors. All of the data in the matrices is supplied by the product vendors and we believe it to be an accurate and fair representation of the product’s capabilities.

Verification was done by West Coast Labs and we want to thank them for their support in this special issue.

Scroll To Full Group Summary Below

Full Group Summary

Back in the day, spyware was an annoying little beastie that got buried in your computer and told DoubleClick how many times you bought faucets at Sears. If you bought a lot, soon you would start getting mysterious spam from plumbers. You would ask yourself how the plumber found out you were remodeling, only to find out that your buying activity had been tracked and your email harvested. That, sadly, still happens.

Paste this URL into your browser to view the group test: http://offlinehbpl.hbpl.co.uk/misc/UCX/MiscFiles/GT%202%20matrix.pdf

However, today the threat from spyware is much more insidious and much more dangerous. Not only does spyware track your buying habits, it offers pop-ups to such undesirable places as pornography sites, not to mention other, more palatable but no less annoying sites. The legal and law enforcement communities are struggling with how to handle apparent cases of child pornography when the defense is unstoppable pop-ups.

Take, for example, the case of Julie Amaro, a substitute teacher in Connecticut. During a class, the computer being used started spewing pornography site pop-ups and Ms. Amaro claims, with credibility, that she could not stop them. Since she had been told not to turn off the computer, she stood in front of the PC to shield the children in her class from exposure to the porn.

Nonetheless, four children in the classroom got a glimpse and the teacher was tried and convicted of four counts of child endangerment. Her sentence could be up to 40 years in prison (10 years for each of four counts). This case is likely to go to appeal for a lot of reasons, but the point is that Ms. Amaro experienced a pop-up storm caused by, as forensic experts found, an infestation of spyware. The school’s computer had no current copy of an anti-spyware product.

Worse, spyware can steal from your computer. It can steal company secrets, your credit card or bank information, your identity, and it can crash your computer. Spyware infestations can clog processes and make your computer slow to a crawl before it crashes completely. Some spyware programs are extremely hard to remove. At least one alters a kernel file in MS XP Professional that is created during installation. Since it is unique to the computer, it cannot easily be cleaned or replaced. The spyware is, essentially, unremovable even using instructions from various anti-virus or a-s vendors.

The bottom line is that you need an AS product that interdicts these internet nasties before they burrow deep into the operating environment. If you do not have a prevention program in place, you will become infected, no matter how well your computer is otherwise protected. Spyware infestations are dangerous to organizational networks because they spread very easily.

There is another, far more threatening use of spyware, industrial espionage. Spyware programs, written specially for the purpose, infect organizational computers and steal from them. What they steal could be trade secrets, logon information or other important organizational information assets. Finally, spyware can steal your identity. There was a recent case of a spyware program emailing personal information on thousands of users to a site in China.

There are many different types of spyware, such as remote access trojans (RATs), backdoors, financials, password stealers and crackers, proxys, keyloggers, downloaders and hijackers.

What to buy

We, with the help of West Coast Labs and the Checkmark Certification system, evaluated most of the leading anti-spyware products in the market. Our protocol was the same one that we used for the anti-virus evaluation (see pg. 57). The products, all with good catch rates, are laid out in a features matrix to make it easy to compare products and features.

When buying an anti-spyware product, look for one that meets your specific needs. Are you an individual or are you buying for an organization. If an organization, you may want a product that is part of an anti-malware suite. In either case, AS products that are being updated regularly and have the ability to catch unknown spyware are at the top of the buy list.

In an organizational environment, the most dangerous spyware never hits the street. It was custom made just for you. While that sort of thing is, today anyway, rare, it

is the toughest catch for an anti-spyware product. As always, fit your purchase to your need. However, in the case of spyware, assessing that need is very important and, in some cases, not easy.

- Mike Stephenson contributed to this Group Test.

All Products In This Group Test