Anti Adware Solutions miss most disruptive Malware
By Brian Livingston
Now that 80% of home PCs in the U.S. are infected with Adware and Spy-ware, according to one study; it turns out that nearly every anti-Adware application on the market catches less than half of the bad stuff.
ware tests conducted recently by Eric Howes, an instructor at the AdThat's the conclusion of a remarkably comprehensive series of anti
Howes, a well-known researcher among PC security professionals, collected 20 different anti Adware applications. He then infected a fresh install of Windows 2000 SP4 and Office 2000 SP3 with several dozen Adware programs in separate stages. Finally, he counted how many active Ad-ware components were removed by each anti Adware product.
(Note: I use the single term "Adware" in this article to refer to both "Adware" and "Spyware." Since it's not necessary for a Spyware program to "call home" to be disruptive, the distinction between Adware and Spyware is meaningless. All such programs display ads or generate revenue for the Adware maker in some other way. )
Unbelievably, however, none of these commentators bothered to print a simple chart showing which anti Adware application did the best job at removing the unwanted components. Even Howes himself hasn't posted such a summary. In a telephone interview, Howes exhibited both modesty and perfectionism, implying that his work wasn't yet done to his satisfaction — despite the fact that his tests are some of the most extensive I've ever seen.
The test results sprawl over six long Web pages, with no overall totals or summary of the figures. It's a daunting body of data, but its bottom line is explosive. Ad-ware seems to be evolving much faster than anti Adware, and the battle is so far being won by the Adware side.
For this issue of the Windows Secrets Newsletter, therefore, I've complied Howes's figures into a straightforward chart, shown below. I removed five products that didn't complete all of Howes's tests for a variety of reasons. What's left is a revealing rating, from the top to the bottom of the anti-Ad-ware heap.
Each anti-Adware application, according to Howe, removed a certain percentage of "critical" Adware components. These are executable .exe and .com files, dynamic link library (.dll) files, and Windows Registry entries (autorun commands and the like).
Almost all the anti-Ad-ware programs that were tested removed fewer than half of the hundreds of Adware components Howes cataloged.
How to defend Yourself against Adware
First, let me make my opinion clear: The installation of Adware should be illegal and harshly punished. Ad-ware has exploded because it offers big economic incentives for its sponsors. They'll never adequately inform PC users about their software before it's installed. This troubling aspect of Adware will never be wished away.
Only software that a PC user specifically consents to should legally be able to install — and "end-user license agreements" that stretch off the screen should never be counted as consent. (This isn't a knock on "ad-supported software," such as the Opera browser. Such legitimate software is clearly integrated with its advertising and makes it easy to shut off the ads by registering.)
In reality, today's tech-illiterate legislatures will never ban Adware — if they could even think of an effective legal approach to do so. We need to engage the battle on a technical level instead.