Five Anti-Spyware Programs Reviewed

The Threat from Within

Welcome to the first in a multi-part series of articles regarding computer security. I've been using PCs for longer than I really care to admit, and in that timespan I've seen the nature of computer security change a great deal. If you had told me 12 years ago that today I'd be longing for the bygone era when the worst concern I might face would be a simple virus, I'd probably have laughed at you.

Nevertheless, the fact remains that today's security threats are more dangerous, and more capable than anything we faced back then. And new threats arise almost daily with even more diverse methods of attack. Today's article will focus on what could arguably be the worst security problem for home users and corporations alike, spyware. While it's true that spyware usually does not cause the same level of damage or data loss that the average virus does, it often robs you of valuable computer performance. Or worse still, it may cause your PC to leak sensitive personal information to unscrupulous persons on-line.

Usably, privacy, stability, all are casualties of spyware infection. Today we'll be looking at a selection of popular applications that claim to remove or protect you from spyware threats you may encounter. Much like spyware itself, these applications are greatly varied in price, functionality, and features. While there may be no absolute best application for every circumstance, we hope that this article will at least help our members to make informed decisions about how to protect their data. Even if you seldom use the Internet, run full-time virus protection, and are certain you have no infections, you are encouraged to try one of the mentioned application. You never know what might be lurking undetected on your PC. And knowing is half the battle....

Anti-Spyware utilities fall into three main categories: Immunizers, Protectors, and Scanners. Immunizers seek to protect a PC's sensitive configuration files and block spyware installations in advance of an infection attempt by securing target areas of the system from modification or disabling a user's ability to download or run known threats. Protectors generally run in the background at all times, monitoring a PC's usage actively and looking for any signs of known threats that might be attempting to load, change settings, or be downloaded into the PC. Lastly, scanners simply analyze the PC and find files, registry keys, and processes that are known to belong to spyware and eliminate them.

As the saying goes, an ounce of prevention is worth a pound of cure. As such we'll be addressing immunizers first. The benefit of immunizers, is that they generally do not require any program to be loaded into memory to function after the initial run. This means that a user will not lose any system resources (memory or CPU time) as a result of using them. This is an important concern for users with older PCs, as even faster machines can easily be bogged down by bloated virus or spyware scanners that remain resident to function.

The down-side of immunizers is that they generally don't offer very good protection. While it's definitely better than nothing, and will no doubt protect you from several older, or basic system attacks, current threats change and are introduced so quickly, that it's very ineffective as a sole protection method. That said, there is no reason to not run such utilities as it's simply giving you one more layer of protection. And any IT professional worth their salt will tell you that layers of protection are the key to effective security.

For this review, we'll be focusing on 5 popular applications for spyware defense: Spybot Search & Destroy, ZeroSpyware, Counterspy, SpywareBlaster, and Ad-Aware. Unfortunately we were not able to contact Lavasoft (makers of Ad-Aware) in time to receive a review copy of their software for evaluation. As such, we'll be using the freeware version, making evaluation of it's immunization and protection capabilities impossible. We hope to perform a more thorough analysis on this software in the near future.

SpywareBlaster

First on the list is SpywareBlaster. Unlike most of the other utilities we'll be discussing, SpywareBlaster is exclusively an immunizer, providing no active protection or scanning ability. Despite it's specialized focus, it's a very capable immunizer that is updated very frequently. It is also a freeware application with no paid or commercial version. However donations are encouraged, and one can opt to pay a fee of $9.95 to enable access to their auto-update feature. This allows the program to search for and apply new updates automatically and without user-intervention for 1 full year. The manual updating feature within the program is completely free.

SpywareBlaster is created by Javacool Software LLC. Unfortunately the Javacool software website is sparse with information about the company itself. It would seem to be a smaller company of a few individuals. Support for SpywareBlaster is offered in the form of an online knowledge base and user's forum. Additionally, email support is provided for subscribers to the auto-update feature. No telephone support is provided.

First, installation. SpywareBlaster can be freely downloaded from the Javacool website located here. Simply run the executable file you've downloaded to begin the installation. On the first run you are presented with a short wizard that provides some basic information about the program usage and helps you to set up the program for use.

The program's main interface is very simple and plainly laid-out. Along the left side are links that provide access to the software's main functionality, including the configuration of protection settings, creating a backup point prior to making changes, updating the software, and a selection of other handy tools. Clicking on any section on the left presents the relevent information on the right side of the window, with subsections along the top.

As with any security application it's usefulness is only as good as it's updated definitions. So with any newly installed application, it's a good idea to update it immediately and if available, enable any automatic updating features. Clicking on the Updates section of the SpywareBlaster interface presents it's built-on update controls.

The options button allows for configuring of any proxies required to access the internet. For most users, all that's required is a simple click of the “Check for Updates” button. The software will automatically connect, check for, and install any needed updates.

The tools page, gives you options for modifying your browser's start and search pages, which is useful when spyware hijackers infect your system. Hijackers (as the name implies) hijack your web-browsers setting, not only forcing your search to go through the search engines or fraudulent sites they choose, but also preventing you from changing your settings back. SpywareBlaster, as well as most of the other tools we'll be discussing, provide tools to repair such modifications. Other tools allow you to set custom blocking options for ActiveX controls, kill Macromedia Flash based web content, and make protecte copies of your windows hosts file.

The main program functionality lies on the Protection tab. Here you are presented with a summary of the currently enabled protections, simple links to enable or disable all protections, and a selection of buttons at the top of the interface to fine tune your protection options. Also, you are given the option to have SpywareBlaster scan your current Internet Explorer security settings and infrom you of any unsafe settings.

The recommended course of action is to simple press the link marked “Enable all Protection.” This will enable the full immunizations, blocking known harmful URLs, ActiveX, and cookies. For those desiring more control over the protections enabled, the buttons at the top allow for very specific configuration and even custom filters.

Of all the products tested, SpywareBlaster is simply the easiest, and most straight-forward utility when it comes to pure immunization. Combine that with the frequent updates, and zero resource usage make it a winner, and a very easy application to recommend. On the subject of outright effectiveness, I was surprised to discover that the immunization effectiveness of all tested products (both those covered here and additional tools not mentioned) was nearly identical. During the testing it seemed to be more of a matter of when a new site or definition was added to a program's respective list, as opposed to if. This is not surprising given that the techniques utilized by each application are very similar. However, in cold numbers will show that Spybot Search and Destroy does include more definitions to immunization than SpywareBlaster. However, since each application counts file references slightly differently, this number can be misleading.

Spybot Search & Destroy

Another fan-favorite is Spybot Search & Destory. This side-project by Patrick Kolla has since evolved into a much larger beast with a dedicated team of volunteers that keep it up to date. While the project is a freeware, donation supported one, the website still offers support in the way of a threats database, compatibility database, FAQS, How tos, and a user forum.

The software can be downloaded from the official page here. Installation is very straight forward. On the initial launch, I was given the following error message. However, after acknowledging the message, the software continued to load and function properly throughout the testing period.

On first launch, you'll be presented with a wizard that walks you through updating the software, making a system restore point, and immunizing the PC. The main interface uses a similar methodology to SpywareBlaster, with tasks grouped together as tabs on the left side of the window, with usage and configuration controls in the right pane.

When browsing through the various tabs of the Spybot interface, it becomes very obvious that the author had customization in mind when crafting the application. Spybot not only supports many languages, but also skins to allow for a more aesthetically pleasing appearance. While it does not offer the same level of tweaking that SpywareBlaster does for immunization, it more than makes up for it by allowing you to tweak virtually every other aspect of the program. When checking for updates, for instance, you can selectively choose which updates you wish to install. Everything from scan scheduling, to rules regarding allowed, blocked, and ignored folders and applications, can be changed to suit your preferences.

The additional tools included far outclass those present in SpywareBlaster. Tools are present to allow for secure file deletion, locking of critical browser and system files, modification of processes that launch automatically at windows boot time, a registry checker, and options for the Spybot's two resident blockers. Strangely absent however, are options for changing or removing modified start and search pages from Internet Explorer. Nearly every other tested application has this functionality, and I feel it's a great oversight with this package.

Spybot is a multi-function utility, providing aspects of all three types of anti-spyware. It's immunization features were apt as any we tested, and were updated with more than adequate frequency. Interestingly enough, while SpywareBlaster supports blocking within Internet Explorer and Mozilla/Firefox based browsers, Spybot supports Internet Explorer and Opera, seemingly providing no direct immunization support for Firefox.

Additionally, we found it odd that controls for the memory resident protection aspects of Spybot are not present in the settings tab, but instead appear in the tools section. Although the immunization tab does reference one of the two, SD-Helper.

Spybot provides it's active protection through the use of two additional helper applications. The first, SD-Helper is an ActiveX add-on for Internet Explorer that can selectively bock bad websites and files form loading. The second is the “tea-timer” application. It runs resident in the system tray and can selectively block bad processes and registry changes before they can be executed. While I generally prefer all functions of a program to be self-contained for the sake of simplicity, there's no doubt that using this separatist method insures that the resident software uses a very small amount of system resources. This is true because the IE add-on only functions while IE is in use, and the Tea-timer application can avoid the overhead memory usage that Spybot itself demands to run. Tea-timer's own memory usage came in at a slender 8.5MB and used only nominal CPU time. Additionally, tea-timer's settings can be adjusted outside of the main Spybot interface, by right-clicking on it's system tray icon.

But how does it perform? In our tests, Spybot allowed most files containing spyware installers to be downloaded and executed. However, did manage to catch many of the threat files themselves as they were executed, and managed to stop several changes to the registry. However, our analysis shows that many of the files went undetected and were able to make unauthorized contact with external servers on the internet due to Spybot's inability to stop them.

Scan time was average, coming in at 11 minutes to do a full system scan on our test machine. When results were returned, we were quite impressed with the excessive level of information provided about detected files. Information on the threat level, source, and functions of located spyware are displayed in a retractable bar on the right of the window, while a file tree shows the located threat, and the files related to it.

Cleaning the files is easy enough, requiring the user to only place a check in the box beside any detected spyware he wishes to remove (or simply selecting them all) and pressing the “Fix Problems” button. Cleaning was fast, and fairly effective on many of the Spyware threats we attempted to infec the machine with. However, newer varieties did escape detection.

While effective at blocking some system changes attempted by Spyware, Spybot's active protection left a lot to be desired in the realm of features and outright success. When removing preexisting spyware, it performed the worst in all our tests of Scanners. On the other hand, it's freeware nature ard fairly complete feature set make it a strong program in it's own right. And it easily gets our recommendation as a capable freeware scanner. However, we'd strongly urge you to run it in conjunction with other scanners to help improve the overall detection rate.

Ad-Aware

Today it's virtually impossible to mention spyware without Lavasoft's Ad-Aware coming up. Considered by many to be the “granddaddy” of anti-spyware applications, Ad-Aware has been around a long time, and with good reason.

Lavasoft themselves don't seem to have much of a community presence. Compared to some of the other companies who's products we've reviewed, Lavasoft seems to have the most traditionally cold corporate exterior, not even bothering to give a history of the company, or including any personal touches or references to staff on their website. Contrasted with the warm, and open nature of the people behind Counterspy, this is disappointing. However, this German company offers up a good amount of information on it's website related to program usage, and even includes an ongoing blog by their research department, a threat database, and summaries of spyware itself. Unfortunately, these (predominantly static) pages are the home user's only means of support unless you purchase a commercial version of the software. Ad-Aware comes not only in a freeware version, but also in Plus, Professional, and Enterprise varieties.

The website itself doesn't seem to provide much information for the user trying to compare versions, however the primary differential seems to be that the freeware version scans and removes only, the Plus version includes active protection features and greater configurability, and the Professional version features advanced options for scheduling and heuristics (a method of stopping new threats without preexisting definitions). As mentioned earlier, we will only be testing the freeware version today. As such, we'll only be focusing on the Scanner properties of the package. In a future article, we hope to address the extended functionality of the product. You can download the freeware version from the Lavasoft website, here.

Installation is no more difficult than with the other applications we've reviewed today. Although it does give you the option to restrict the program's access to only the person installing it, or everyone with accounts on the computer.

During the initial run, Ad-Aware will automatically request that you update the spyware definitions, which is very quick and painless. Requiring only two mouse-clicks. You will then be presented with the main screen.

The Ad-Aware interface, wile still simple to use does have a few oddities. As with other's we've reviews it used a series of buttons on the left and along the top to provide access to program features. However, in Ad-Aware, the groups of related tasks is along the top, while fine controls are along the left, the reverse of what were exprieinced in most other tested software. An additional annoyance is that the buttons at the top are not labeled, and bear icons that do not clearly indicate their purpose. Hovering over the buttons does provide a more informative tooltip however. Another minor annoyance with the freeware version (as is the case with many shareware applications) is that functionality that isn't enabled still has it's buttons and options present in the interface. This means that while navigating Ad-Aware, you are likely to get frequent messages along the lines of “Sorry, but you can't use this feature without paying.” It may be necessary to prompt users into upgrading, but is irritating nonetheless, and probably doubly-so if your in the middle of dealing with a spyware infection. One thing that is either a blessing or a curse about the freeware version, is that it's much easier to configure advanced options. Not so much because they are more plainly described, but simply because the freeware version doesn't provide many. ^_^

It also doesn't offer much in the way of addition tools, as many of the other utilities do, but does have the option to change start and search pages that may have been modified. So lets see how the scanner performs.

In our tests, Ad-Aware did an admirable job of locating known spyware, easily eclipsing the number of maliciously created files and registry keys found by Spybot. In addition, it found more minimal threats, such as usage tracks. Total scanning time was also significantly faster for a full custom scan. That said, it did fail to recognize some registry keys identified by Spybot. I feel more than comfortable recommending Ad-Aware as the best freeware scanner available, however it's lack of advanced tools and options make it an incomplete product without purchase. And without the ability to review it's protection features, I cannot vouch for it's effectiveness at preemptively stopping spyware installations.

CounterSpy

The next on the review table today is Sunbelt Software's Counterspy. Sunbelt seems to be among the more community oriented companies who's products we've been reviewing. In addition to the basic support information provided through FAQs, online manuals, support tickets, knowledge bases, and email, the site has a plethora of contact numbers for voice and fax. There are also automated forms for retrieving a lost registration key.

The site also offers frequent press releases, and mailing lists on variety of topics. One of the particularly interesting things about Sunbelt is that they have a very frequently updated and informative blog spearheaded by the company's president. Likewise they run alternate websites covering spyware related news stories and happenings within the compnay, including pictures and videos of company staff. Beta testing is a fairly open propasition for those interested. Sunbelt also operates all their own support staff from a single location within the United States, so it's a nice option for those who dislike the notion of outsourcing. Despite these benefits, an email to the support staff regarding a configuration question took days to be returned, and another email to the press department requesting information on upcoming releases went completely unanswered.

But the proof, as they say, is in the pudding. So let's test this software's prowess. CounterSpy's trial version can be found at the SunBelt website here. Installation is quick and painless, and is followed by a simple settings wizard that is similar to that of Spybot. The main screen allows fairly direct access to the program's various functions. On the right, the user is presented with program usage statistics as well as a brief overview of current settings. The left side provides linking buttons to the three main features of the software. Additionally, if the PC currently has the automatic update feature of Windows disabled, a warning is presented along with the option of enabling it.

Clicking on any one of the three links will bring up the dialog for that feature, as well as displaying more links at the top of the window for accessing more varied options. The interface itself is clean and functional, but it would be nice to have the full option set at the top of the window at all times. As with each of the utilities, we immediately attempted to update the software. This is even simpler in Counterspy as it's a single-click proposition. Simply clicking on the Updates button at the top of the windows, selecting Update from the system tray icon, or from the file menu will launch the updater, and install any newer versions of the software and it's definitions. Interestingly, it seems to take far longer for the software to install it's updates when compared to the other application we've reviewed. But even so it only take a few moments.

Counterspy provides an excellent set of supplemental tools within the program to manage your system. A subset of these tools is the “My PC Explorers.” The explorers allow you to have a high degree of control over items that auto-launch with windows, installed web browser plug-ins, ActiveX controls, start and search page settings, active processes, and WinSock details.

Also included is a History Cleaner to remove usage tracks from common windows utilities, a secure file deleter, and a utility to scan for system vulnerabilities and setting issues. This last feature is the closest equivalent Counterspy has to immunization. However, the items protected against by running this tool and correcting the items, while useful, do not hold a candle to the enhanced protection offered by our other tested applications. A more thorough immunization would be a fine addition to future Counterspy versions.

The general program settings are rather few, but allow for the important concerns such as alert frequency, automatic updates, and active protection status. More fine-tuned controls can be accessed within the program's main function screens. For example setting and managing a schedule for automatic spyware scans can be performed on the Spyware Scan area, and specific types of active protection can be set from (ironically enough) the Active Protections page.

Speaking of protection, Counterspy certainly offers a mixed bag. While it did allow many forms of spyware to be installed, it did recognize and disable or delete them as soon as they attempted to run. The various browser-helper objects and attempted registry changes and startup options were nearly always defeated before they could be executed. Unfortunately the alerts to these changes, requesting what course of action to take seemed be be somewhat delayed. A change would be attempted or completed several moments before CounterSpy alerted us to the issue. While this isn't a terribly large concern, it does mean that more vicious self-replicating pieces of spyware may be able to out pace CounterSpy's ability to recognize and remove them. And unfortunately, even after CounterSpy long stopped alerting us to intrusions, several unknown and unauthorized applications continued to access the internet without hindrance.

Also of note is the resource usage of CounterSpy. With all forms of active protection enabled, CPU usage seemed unreasonably high. Frequent spikes of 90+ CPU usage were common during normal office tasks. Note that disabling some of the unneeded types of protection within the settings can help this problem, but we feel that this is a poor compromise for a commercial application who's primary focus is security. Even more oddly, is that on windows load (whether active protection is enabled or not) CounterSpy loads two active services that were using a combined total of 60MB of RAM. Disabling these services from executing at startup (or even disabling CounterSpy at load) is impossible from within the main program, requiring manual registry editing or 3rd party tools to stop. The only option to the less-tech savvy users who's system might be bogged down by such resource usage is to uninstall CounterSpy altogether. While shutting down CounterSpy after load from the system tray icon should in theory unload these services, on one of our test machines, it did not, leaving them resident in memory with no purpose.

Based on these issues, despite CounterSpy's relatively good protection features, we can't endorse it for active protection, nor as a suitable immunizer. But let's move on to actual scanning and removal.

This is where CounterSpy really shines! Although the time to complete a full system scan was far slower than any other application, it is paid for in the area of accuracy. CounterSpy found far more spyware components by a huge margin compared to Ad-Aware and Spybot. While the gap between CounterSpy and ZeroSpyware was much narrower, CounterSpy still managed to successfully elliminate more threats in our tests. Scan reports are very thorough, providing detailed information about the threat located and a suggested course of action. Furthermore, in speaking with long term users of CounterSpy, we were told that the information provided in these reports is also updated with reasonable frequency.

While our testing shows that CounterSpy falters in the area of preventing spyware infection, it's the undisputed king of exterminating spyware threats with extreme prejudice. Also of note, while doing research for this article, we encountered a number of people making allusions to CounterSpy's technological heritage. The argument goes that since CounterSpy's basic scanning engine is based the same technology as Microsoft's own freely available Anti-Spyware application, that there is no need to pay for CounterSpy. However, we've discovered a number of falsehoods with this mindset. As of the most recent version of CounterSpy (1.5), Sunbelt has switched to using it's own proprietary scanning engine. Also, Sunbelt has it's own in-house team writing and updating the definition files, but also uses Microsoft's definition base, providing enhanced protection. Many of the extra supplemental tools found in the CounterSpy software are also sadly missing form the equivilent Microsoft product. Also a point of note is a new technology incorporated into Counterspy called “DNR” or “Do Not Resuscitate.”

Resuscitators are the bane of anti-spyware. In a nutshell, resuscitators are spyware objects that can restore themselves after having been removed with anti-spyware utilities. DNR, in theory, makes it far more difficult for such methods to function, making sure that terminated spyware, stays that way. In our testing, CounterSpy did seem to have a slight advantage in keeping respawning threats from cropping back up, and I look forward to seeing how this technology evolves in future versions.

ZeroSpyware

The last application we'll be tinkering with, is certainly not the least by a long shot. FBM Software's ZeroSpyware has grown to become known around the office as “the little security app that could.” ZeroSpyware is not the most well-known or well circulated application, but has demonstrated a surprising level of effectiveness when compared to it's more more popular brethren.

FBM Software, at first glance isn't the most community-driven company around. While it lacks the “down-home” feel of some of the freeware options, and doesn't strive as hard to put a human face on it's company like SunBelt, what FBM lacks in personality it more than makes up for with support.

FBM refers to it's level of customer service as “Extreme Support,” and after using it, it's hard to argue. In addition to the FAQs and knowledge base information available on it's website, they also provide email support, and 24/7 Live chat support. You can get help at any time via chat on the FBM website, or directly through the ZeroSpyware application itself. During testing, I utilized this embedded chat feature on three separate occasions Once in the morning, again in the evening, and once in the middle of the night. Each time, I was speaking with a technician within seconds. You can literally be getting help in less time than it would normally take to call a tech-support line, let alone sift through automated prompts and hold time. But the support isn't just fast, it's effective. The technicians are friendly, knowledgeable, and do not talk down to you.

The ZeroSpyware application also contains tools for generating detailed system information to help the support team troubleshoot any issue you may have. But by far the most impressive jewel in the FBM support crown is a feature known as “Remote Restore.” Whenever ZeroSpyware fails to properly remove a given spyware threat or when other problems arise related to the software, this feature can be utilized to let a support technician diagnose and repair infected system areas remotely. Simply put it's the most effective interactive support option I've ever seen, and I certainly hope that other companies will take note, and provide similar functionality in the future.

But all the support in the world can't save a flawed product, so how does ZeroSpyware stack up against the rest of our test subjects? Let's find out.

The ZeroSpyware application is a commercial one, with no freeware equivalent However like CounterSpy a free 15-day trial version is available on the FBM website, located here.

The installation is simple. Download and run the installer from the FBM site, which in turn downloads the needed resource files and installs the application. The first thing you'll notice, from the moment you execute ZeroSpyware is that it's easily the most attractive looking application of the bunch. It's entire interface is built on Macromedia Flash technology which lends itself well to scaling at higher resolutions and allows for smooth and beautiful animated effects within the program itself. many people claim that this is distracting and makes the program difficult to use, but I found the layout of the interface to be very intuitive. I even turned my wife loose on it with no prior experience and she was able to carry out a number of operations at my request with no trouble.

On the first launch, your presented with a wizard that allows you to use FBM's recommended default settings or customize your own. Should you choose to customize your options, it walks you through some of the more important settings and provides clear information to help you make the proper selections. The final step of the wizard, allows you to launch a full Spyware scan immediately.

ZeroSpyware provides a number of supplemental tools to help deal with threats. Firstly, it allows you to browse through currently running processes, active browser plug-ins, and cookies. It will provide you with information about each, and allow you to automatically search Google for addition information, or send suspicion files to FBM for analysis. From within the settings tab, you can revert previously unauthorized start-page changes, and you can set controls to block auto-complete functionality.

ZeroSpyware does support immunization functionality, and fairly good functionality at that. While is isn't quite as comprehensive as some other utilities, it did help prevent infection from common spyware installers, and is a nice addition to the package. In addition it supports a “Vulnerability Scan” which is similar in nature to the “PC Checkup” function of CounterSpy. It takes the original idea though and improves upon it a great deal, scanning all files on the PC looking for out-of-date software, and unpatched OS files that could pose a potential security risk. At-risk files are displayed and information provide about the nature of the risk, as well as links to needed patches for correction.

ZeroSpyware generally has a good reputation for it's active protection capabilities, and with good reason. In our tests, ZeroSpyware was able to block practically everything we threw at it. Whenever a known piece of spyware attempted to execute, ZeroSpyware alerted us and allowed us to block it. More importantly, unlike CounterSpy, it did so almost instantly, and prevented most spyware from accessing the external network at all before being removed.

Also interesting to note, is that even with all active protections enabled, ZeroSpyware's CPU usage never came close to that of CounterSpy and used far less RAM during an active scan with protection enabled, than CounterSpy did during idle. In all tests ZeroSpyware managed to consistently block more software than any other application with substantially less resource usage. This is a very important consideration for users of older PCs. With the average computer sporting no more than 512MB of RAM, and Windows XP using a hefty share of that, streamlined applications are critical to a smoothly operating system.

System scans were equally impressive. A full system scan performed with ZeroSpyware took less time to complete than the equivalent scan with CounterSpy and came far closer than other applications to finding an equal amount of infected files. That said, Counterspy does have the advantage in scanning and removal. We had better luck in finding and successfully eliminating more threats using CounterSpy than we did with ZeroSpyware. Furthermore, CounterSpy did manage to suppress one instance of spyware that attempted to revive itself, while ZeroSpyware was unable to. In real-world usage, the discrepancy could well be negligible. However, if you tend to get frequent spyware infections, or are as anal about security as I am, you'd no doubt be glad to have that spyware detection advantage.

One interesting facet of ZeroSpyware is that in addition to assigning a threat level to detected intrusions, it also categorizes threats into two groups, spyware and “Greyware.” Greyware is the term it uses to identify common applications and utilities that can contain spyware, but are so commonly used that most people willingly install them. It's a good added measure to allow persons who use peer-2-peer software (which are common greyware items) to keep the applications they want at a glance without sifting through each result in a spyware scan. I would personally love to see other developers adopt this two tiered report system.

One last item of note regarding ZeroSpyware, frequently during testing we could not get it to keep our scheduling settings between sessions. No matter what we did, after rebooting the system, ZeroSpyware would reset our scheduled spyware scans to their default times. While a minor issue at best, it is terribly annoying. As of the time of this writing, the support team was unable to provide an adequate solution to this issue. It is perhaps an amusing coincidence, however, that the previous version of CounterSpy exhibited an almost identical bug in which custom scan settings were never saved and often ignored.

Recommendations

So there you have it. Almost half a dozen of the most popular and trusted Anti-Spyware applications put through he ringer for your amusement. If nothing else, this review has proven that all utilities are unique both in features, performance, and history. We've also shown that yet again, no single utility is perfect. Each piece of software tested had it's own unique flaws, and it's own strengths and weaknesses. On the bright side however, in the world of software things are ever improving, and I expect to see great strides by all of the companies we've covered today in terms of innovation.

So which software should you choose? The answer greatly depends on a number of factors.

If money is no object:

-I would strongly recommend running SpywareBlaster regularly.
-I would regularly immunize using Spybot Search & Destroy but use it for no other purpose.
-I would purchase and use ZeroSpyware 2005 around the clock for active defense.
-I would purchase and use CounterSpy for regular system scans and removal but not enable active protection.

If money is limited:

ZeroSpyware's low resource requirements, fantastic active protection and decent scanning make it the best balance of power for those on a budget. Combined with it's fanatical support, it's easily the best value for the money.

If money is even more limited:

-I would strongly recommend running SpywareBlaster regularly.
-I would regularly immunize using Spybot Search & Destroy but use it for no other purpose.
-I would purchase and use CounterSpy for regular system scans and removal as well as protection.

While counterspy has it's flaws in the area of prevention, it is slightly cheaper than ZeroSpyware. Also, most of the infections that past it's active protection can be removed after the fact, at the cost of time and a lengthy scan.

If you have no money:

-I would strongly recommend running SpywareBlaster regularly.
-I would regularly immunize using Spybot Search & Destroy, as well as using it's resident protections and scans.
-I would use Ad-Aware to scan after a Spybot scan for a 2-point attack on malicious code.

Note that although I feel the information presented above are sound advice, choice of software is largely a matter of taste. Since all the mentioned applications can be freely downloaded and tested, I encourage you to try each before making a purchase. Also note that although through official websites, prices vary, using tools such as Froogle, one can usually find such software at a sizable discount making the cost of the package less important that the package's feature set.

Lastly, I want to extend my gratitude to FBM software from providing a review copy of their software to make this article possible. They've been very generous with their time and resources, and it's always good to deal with a company that supports the community and has enough faith in their product to put it in the spotlight.

I also wish to thank our own RichardM for his moral support during the lengthy testing process. And I want to thank my lovely wife Ashley for tolerating my use of her as a GUI guinea pig.