Posted: 27 January 2005 at 9:12pm | IP Logged
Anti-adware misses most malware
Now that 80% of home PCs in the U.S. are infected with
adware and spyware, according to one ,
it turns out that nearly every anti-adware application on the market catches
less than half of the bad stuff.
That's the conclusion of a
remarkably comprehensive series of anti-adware tests conducted recently by Eric
Howes, an instructor at the University of Illinois.
Howes, a well-known
researcher among PC security professionals, collected 20 different anti-adware
applications. He then infected a fresh install of Windows 2000 SP4 and Office
2000 SP3 with several dozen adware programs in separate stages. Finally, he
counted how many active adware components were removed by each anti-adware
(Note: I use the single term "adware" in this article to refer
to both "adware" and "spyware." Since it's not necessary for a spyware program
to "call home" to be disruptive, the distinction between adware and spyware is
meaningless. All such programs display ads or generate revenue for the adware
maker in some other way. )
Howes's tests were conducted over a period of
weeks in October 2004. His results were mentioned at the time in several places,
Unbelievably, however, none of these commentators bothered to print a
simple chart showing which anti-adware application did the best job at removing
the unwanted components. Even Howes himself hasn't posted such a summary. In a
telephone interview, Howes exhibited both modesty and perfectionism, implying
that his work wasn't yet done to his satisfaction — despite the fact that his
tests are some of the most extensive I've ever seen.
Howes's test results
sprawl over six long Web pages, with no overall totals or summary of the
figures. It's a daunting body of data, but its bottom line is explosive. Adware
seems to be evolving much faster than anti-adware, and the battle is so far
being won by the adware side.
For this issue of the Windows Secrets
Newsletter, therefore, I've complied Howes's figures into a straightforward
chart, shown below. I removed five products that didn't complete all of Howes's
tests for a variety of reasons. What's left is a revealing rating, from the top
to the bottom of the anti-adware heap.
Each anti-adware application,
according to Howe, removed a certain percentage of "critical" adware components.
These are executable .exe and .com files, dynamic link library (.dll) files, and
Windows Registry entries (autorun commands and the like).
Almost all the
anti-adware programs that were tested removed fewer than half of the hundreds of
adware components Howes cataloged. The best at removing adware was Giant
AntiSpyware, but even that program removed less than two-thirds of a PC's