When spyware first arrived on the scene, there was a clear difference between spyware threats and virus threats.
But now the lines have become blurred. Malware threats are carrying Trojan payloads, keyloggers and even rootkits. It's hardly a surprise that many anti-spyware developers are making the shift to detecting all threats using combined anti-virus and anti-spyware products.
In the interest of fairness, we didn't use of these combined products in this group test, but more on that decision shortly.
We were a little taken back by how easy it was to infest our test PC with threats of all sorts. We started with a clean Windows XP installation armed with SP2, but lacking anti-spyware and anti-virus software.
We visited some dangerous Web sites (thereby acquiring infections by drive-by download), managed to pick up a browser hijack and DNS-altering Trojan, installed a few "free" programs (ones laden with adware and spyware), and installed two keyloggers.
Unlike in the past, when we'd find Internet Explorer loaded with toolbars and add-ons, only a few desktop shortcuts, some strange browser behaviour and overall system performance problems gave any indication that something might be amiss.
Unwanted optional extras
What irked us most while infecting our test system was the brazen manner in which supposedly legitimate programs would add adware and other addons as selected "options" during the installation or deep within the licensing agreement.
While a savvy user might give these some thought, we can see how less-experienced users might not pay them any heed at all. As part of our pre-test process we also took what we would consider normal steps that the average user might attempt in trying to fix a slow or infected system.
Specifically, we attempted to reset the IE home page and uninstalled every program that we had downloaded from the Web. Lo and behold, the programs did appear to uninstall, but left both complete threats and remnants thereof conveniently behind.
This being a group test, we were also tasked with choosing eight competitors for the anti-spyware solution crown. As spyware and the industry matures, this part of the job becomes harder and harder. Do we limit our tests to full versions only, or should we include free tools as well?
In the interest of fairness - and the fact that so many people use some combination of both options - we decided to include four free offerings and four subscription-based tools. We also decided that we would only include base versions of programs in our test.
So, we included Webroot SpySweeper 5.3, but not the version with integrated anti-virus support. The same went for Spyware Doctor 5.0, the AVG product (which is also available in a combined anti-malware version), and Spyware Terminator 1.9 (it allows integration with Clam AV).
As for how we judged the group test, heavy emphasis was placed on a program's ability to detect and remove existing threats. It's not that real-time protection isn't important.
It's just that most of the anti-spyware programs that offer real-time protection do an excellent job of it, making things hard to compare.
While we ran every program through its real-time protection paces (using a spyware-free installation rather than our infected system), we really wanted to see how good a job these programs would do when faced with a major problem.
We also placed some stock into whether a program supported Vista, the support options they offered, interface design and the little features that gave users extra value beyond the core capabilities of the anti-spyware product.
Some offerings disappointed us a little, while others are clearly making an effort to win over new users or better still, new converts. The release of IE7 and new security features in Vista make infecting your system a tougher task, but trust us when we say that spyware developers are up to the challenge.