spywarewarrior.com/asw-test-guide.htm
adware" has escalated over th e past few years, the number of "anti-spyware" scanners available on the Net has grown equally fast. At present there are over 100 anti-spyware scanners available for download -- some for free, some for pay. Spyware and adware are themselves complex enough to prove bewildering to most av erage users, however. So confusing in fact is the threat of spyware and adware that users often have trouble distinguishing effective anti-spywa re scanners from less effective ones. Although a number of "tests" of an ti-spyware scanners have been reported on the Net, many if not most of t hose tests are of limited value because the design, methodology, and exe cution of the tests is not fully and publicly documented, leaving even e xperienced users and experts to wonder just how meaningful those tests r eally are. Still worse, some of those "tests" are touted by webmasters w ho are affiliates for the companies whose products were "tested." The tests documented on these pages are intended to partially remedy thes e several problems with our knowledge of anti-spyware scanners and how w ell they perform. At present, there are three groups of tests documented here.
Results Page # 4 Two substitutions were made in the anti-spyware scanners used for the sec ond group or round of tests. First, SpyBouncer was substituted for Spywa reNuker 2004. SpywareNuker 2004 requires users to activate the product o nline. As SpywareNuker 2004 was uninstalled after the first round of tes ts, it had to be reactivated when it was reinstalled. TrekBlue's server refused to activate, indicating that the registration number had already been used to activate a copy of SpywareNuker 2004. At that point, SpyBo uncer was substituted for SpywareNuker 2004 for the second round of test s Second, as BPS Spyware & Adware Remover crashed at the beginning of remov als during the test, Tenebril SpyCatcher was tested on Oct.
As before, the installed spyware and adware was broken d own into "critical detections," 138 total for this third round. The anti -spyware scanners were then unleashed on the PC to find and remove whate ver spyware and adware they could.
Results Page # 6 One substitution was made in the anti-spyware scanners used for the third group of tests. As ZeroSpyware 2004 froze at the outset of removals dur ing the test, Tenebril SpyCatcher was tested instead and substituted for ZeroSpyware 2004. Notes Before moving to the test results pages, please read the information belo w about the tests themselves, esp.
Top 25 Spyware and Adware" list, which is upd ated regularly. The three tests documented here include all of the top 1 0 spyware/adware applications on the PC Pitstop list (as of Oct. The Tests: Design & Methodology The same testing process was used for both rounds of tests. Installation Before testing, all "anti-malware" protections were disabled, including a ll resident "anti-malware" scanners, spyware "immunizations," custom bro wser security settings, and other system configurations designed to bloc k the installation or execution of "malware." The spyware and adware was then installed from the internet.
com, where a flurry of ActiveX Warning boxes was encountered for automated installations of spyware and adware. No less than 7 different boxes were clicked through, initiating installation processes for around 25 different adware and spyware applications.
Although only 5 boxes were clicked through, 23 different adware and spyware programs were installed on the test PC as a result. After all significant hard drive and network activity had ceased, the PC was rebooted to allow the various installers to finish setup activity. O nce that activity had completed and the installed software components we re in a relatively "stable" state, the personal firewall installed on th e computer was configured to block all network traffic to prevent furthe r installations or changes.
"Critical" Detections From those logs as well as from information gleaned by manual inspection of the hard drive and Registry, a list of "critical" detections was gene rated, with each detection being assigned a unique ID (see below for det ails). DLL) * BHO-related Registry entries * toolbar-related Registry entries * browser setting-related Registry entries * browser extension-related Registry entries * auto-start Registry entries These "critical" detections comprise only a subset of the complete collec tion of files and Registry entries added to the test PC by the installed spyware and adware. As such, the test results reported here do not prov ide a complete picture of the performance of the anti-spyware applicatio ns tested. Nonetheless, these detections are "critical" because they constitute the most important files and Registry entries installed by the spyware and a dware applications that accompanied Grokster. These detections represent the changes that would most visible and/or important to users. Any good anti-spyware application would necessarily have to succeed at detecting and removing a significant number of these files and Registry entries i n order to be considered useful or effective, even if it left a signific ant number of less important files and Registry keys -- that is to say, inert "junk" -- behind. Moreover, these "critical" detections do provide a useful measure of the performance of these anti-spyware applications because they test how wel l the programs: * find and remove files on the hard drive * kill running processes and remove the associated files * correctly uninstall BHOs, browser toolbars, and other browser extensi ons * find and remove Registry entries critical to the functioning of the s pyware and adware applications One significant aspect of these applications that was tested only in the third round of tests, however, was how well the applications remove Wins ock LSP hijacks (if removed incorrectly, the network connection of the P C may be broken). It should also be noted that not all applications installed by the Grokst er setup program are represented in the detections for the first group o f tests. com are represented in the detections for the second group of tests. The same holds true for t he programs installed during the third group of tests. Along with the list of "critical" detections, a full Registry backup and copy of all newly installed or changed files was archived. This Registry backup, combined with the archived files, was used to restore the test PC to a "newly installed" state before each anti-spyware scanner test. Scanning & Removal After the test PC had been restored to a "newly installed" state, each an ti-spyware application was allowed to scan and remove every instance of spyware and adware that it could find. Where possible, each scanner was configured to scan only the C-drive and the L-drive (containing the Temp orary Internet Files directory and main TEMP directory) on the test PC. Each scanner was also configured to perform a "full" or "deep" scan of t he Registry. If the anti-spyware application requested a system reboot t o complete the detection and removal process, a reboot was performed. In all cases the latest definitions databases available for the applicatio ns were used. Scan logs were archived when possible, though this was not always feasible. To check the performance of each anti-spyware scanner, a custom-built bat ch file was executed. This batch file generated a list of the "critical" files and Registry entries that were not removed by the anti-spyware sc anner. In some cases anti-spyware scanners may have detected and attempt ed to remove certain files and Registry entries only to fail. As the bat ch file checked for "critical" detections actually left in place at the conclusion of a scan, the test results reported here reflect only actual removals, not mere detections or attempted removals. Finally, false pos itives were noted and reported when they were generated. Readers should be aware that in some cases anti-spyware applications may not have removed the files and Registry entries for particular adware or spyware programs because of deliberate policy decisions by the vendors not to target those progr...
|
http://csua.com/feed/