How Does Antispyware Work?
Antispyware programs are a lot like antivirus applications:
• Both essentially consist of a scanning engine that relies on signatures files (also known as definitions or fingerprints) to detect spyware and adware.
• Once a scan detects potentially harmful files, the antivirus or antispyware software will either ask you how it should handle the detections or remove or quarantine them automatically.
• More comprehensive antispyware applications offer real-time protection akin to what antivirus programs offer. Real-time protection monitors critical checkpoints in Windows. Antispyware software is designed to prevent the installation of both spyware and adware, in a manner similar to how antivirus protection blocks viruses, worms, and Trojans from installing.
• Your antivirus and antispyware software - and by extension, the protection they offer - is only as good as their latest definitions. These types of programs need constant updating. The frequency of new signature (and software) updates varies with the manufacturer, but it can be as often as every few days for antispyware signatures.
• Like antivirus software, some of the more comprehensive antispyware scanning engines use heuristic (rules-based) technology to detect new and unknown threats for which signatures are yet to be released.
• Free versions of well-regarded programs are available. However, these usually have less features and/or limited capabilities than their for-sale counterparts.
• Antivirus and antispyware applications are now commonly bundled with firewalls and other privacy tools as part of security suites.
• Both antispyware and antivirus software are relatively simple to use.
There is one HUGE difference between antivirus and antispyware software (at least for the purpose of this discussion):
• Antispyware software, as a group, does not come close to matching the performance and track record of antivirus applications. For instance, venerable products like Norton Antivirus and McAfee Viruscan block and/or remove nearly every virus they are expected to protect against. (And their heuristic technology help protect against unknown quantities!). By contrast, the best antispyware programs have a success rate of approximately 75%. That means they still allow an awful lot of nasties to get through!
The mediocre performance is a testament to the creativity and persistence of the folks creating spyware. But it also betrays the absence of reference standards that can be applied across the board, facilitating the comparison of products from different manufacturers and the creation of an unified front in the war against spyware.
Because even the best antispyware program only protects against roughly three-quarters of known threats, many security experts recommend installing two or three antispyware applications, with one of them providing real-time protection. The thinking behind this strategy is that spyware "getting by" one application might be detected by the other.
Fortunately, this is another area where antivirus and antispyware software differ: While running more than one antivirus (or firewall) program at a time is a recipe for trouble, the same is not true for antispyware applications. In my experience, you can run multiple programs with real-time protection without conflict, or even a noticeable degradation in your computer's performance.
So which antispyware programs should you consider? I strongly recommend the following three:
1. Spybot Search & Destroy
Well-respected, user-friendly program. Spybot S&D features a built-in tutorial that is a godsend for anyone new to the antispyware game. You can also configure it to check for updates automatically. Real-time protection is available through its Immunize function. New signatures usually released every Friday. Free download.
2. Ad-Aware SE Personal
Another free download. Excellent in detecting and removing tracking cookies. A post-scan summary provides descriptions of threats found, their location in your computer, and their relative risk rating. Like Spybot S&D, Ad-Aware SE boasts an excellent help file that gets you up to speed in no time. On the down side, real-time protection and automatic updates require upgrading to Ad-Aware Plus, which costs $27. (But you can always configure the free version of Ad-Aware to remind you to check for updates manually!) Lavasoft releases new signatures frequently, often every few days.
3. Windows Defender (Beta 2)
The folks in Redmond decided to show Windows users some love by releasing this new and updated version of Windows AntiSpyware Beta 2 on Valentine's Day. (Easier than sending boxes of chocolates via Automatic Updates, I suppose.)
Like Spybot S&D, Windows Defender offers real-time protection and automatic updates. In its present incarnation, this program does not scan for tracking cookies, though the capability will be added later on. (Beta programs are "works in progress," and as such might have some bugs and odd features. Overall, Windows Defender is stable enough to be recommended even in its beta stage.)
Windows Defender excels in recognizing and blocking program attempts to change settings, edit the Windows registry, or add items to startup. As such, it complements Spybot S&D and Ad-Aware SE quite well.
You undoubtedly realized that all three of my suggestions are free programs. There are other worthy antispyware utilities available, and most of them cost about $30 a year. The latest issue of PC Magazine reviews nine of them. If you are interested, you can read their findings on their website:
But before you part with your money, consider the following:
1. Given the lackluster performance of antispyware programs as a group, there is little reason to pay for something that will offer little or no extra protection relative to the free utilities. The $30 might buy you speedier scans and improved aesthetics, but hardly any more security. Even PC Magazine recommends that you back up your premium antispyware utility with a freebie, often Spybot S&D;
2. In my experience, the pricier software tends to yield more false positives (items that are not truly spyware) - and even some questionable detections. For example, files identified as "key loggers" might actually be legitimate components that allow you to open a program by clicking on its desktop or taskbar icon. This aggressive scanning might be built in by design, probably to give the impression of better protection. Because the files in question often have obscure names, it can be challenging to find out their identity, and even quarantining them can lead to problems;
3. As previously mentioned, Spybot S&D, Ad-Aware Plus, and Windows Defender complement each other quite nicely, and without slowing things down or software conflicts.
4. Once you become comfortable with antispyware software, you can always explore other titles to see what suits your needs best.
I should also mention that antispyware software available as part of security suites, personal firewalls (e.g., ZoneAlarm Pro 6) or antivirus software tend to be significantly weaker than their stand-alone counterparts - even the free versions.
Now that you know which programs to consider, you are ready to install them. Fortunately, installing antispyware programs is a breeze.
The first thing to do is to go to the websites listed above (or to that of any software that interests you) and download the installers (also known as setup programs). Alternatively, you can visit Download.com (http://www.download.com/), enter the appropriate program name in the Search Box, and you will be taken to a page from which you can download its installer. The download pages invariably include downloading and installation instructions, tips, and troubleshooting sections or links. The same information can often be found in the Help and Support or FAQ's sections of the manufacturers' websites.
Once the download is complete, close all Windows applications (e.g., Internet Explorer and/or Firefox windows, instant messengers, etc, but NOT your firewall or your antivirus), and run the installer. A wizard will guide you through the installation and configuration process, and your antispyware program will be up and running in no time. (If you can point and click, you can install virtually any software!) Install one program at a time, and restart your computer before installing the next one.
(You can always download and save several installers to your desktop, then run them one by one at your convenience. You need not install all three programs right away. Installing one program at a time facilitates troubleshooting in case problems arise from a bad installation or corrupted files. If something doesn't seem right, uninstall the program using the Windows Add or Remove Programs utility found within your Control Panel, download a fresh copy of the installer, and repeat the installation.)
It is imperative that you check for the latest updates immediately after installing an antispyware program. In all likelihood, the installation wizard will ask you to do so, and will also ask you to perform an initial scan of your computer. At this point in time, a "deep" scan is preferable to a "quick" one, though you can always run the more comprehensive scan at your convenience. Realize, however, that a deep scan might take considerable time - often an hour or longer. (Windows Defender's "quick scan" is anything but!)
While the scan is running, read the section in the help files (or tutorial) that discusses your first scan and the interpretation of its results. Make sure you understand what the results of a scan mean before deleting anything.
Understand, the information provided by scan summaries sometimes makes it very hard to make informed decisions about removal of cryptically named files. When in doubt, quarantine rather than delete, even if the recommended or default action is to remove the file. This will allow you to restore any files that might have been incorrectly identified as spyware. You can always use Google to find out more about mysterious detections, or check the antispyware program's website for more detailed information. With time, you will recognize the type of detections that truly require immediate attention.
Once the initial scan is completed, go over the program's settings (if you didn't do so during setup) to set preferences, schedule automated scans and update checks, if applicable. You're done!
It is a good idea to scan your computer for spyware a few times a week. My personal preference is to let Spybot S&D and Windows Defender handle real-time protection silently, and run Ad-Aware Plus manually a few times a week to remove tracking cookies. And whenever new signature files are installed for a program, I run a quick scan.
It won't hurt to perform a more thorough scan from time to time, or if you suspect your computer to have been at a higher risk for spyware exposure (e.g., P2P downloads, downloading free screen savers, someone navigating to casino websites or "adult" areas of the web.)
Lastly, if you notice that a program's signatures have not been updated for a relatively long time, check the program's website for a new version of the software. One thing I have noticed with antispyware programs is that their automatic updates feature often fail to detect program upgrades. It will keep telling you that your definitions are up to date or that there are no new ones available. In the case of Ad-Aware, the Checking for Updates dialog box will alert you of a new program version in the "News" section, but the alert is easy to miss.