Anti-adware misses most malware
By Brian Livingston
Now that 80% of home PCs in the U.S. are infected with adware and spyware, according to one study, it turns out that nearly every anti-adware application on the market catches less than half of the bad stuff.
That's the conclusion of a remarkably comprehensive series of anti-adware tests conducted recently by Eric Howes, an instructor at the University of Illinois.
Howes, a well-known researcher among PC security professionals, collected 20 different anti-adware applications. He then infected a fresh install of Windows 2000 SP4 and Office 2000 SP3 with several dozen adware programs in separate stages. Finally, he counted how many active adware components were removed by each anti-adware product.
(Note: I use the single term "adware" in this article to refer to both "adware" and "spyware." Since it's not necessary for a spyware program to "call home" to be disruptive, the distinction between adware and spyware is meaningless. All such programs display ads or generate revenue for the adware maker in some other way. )
Howes's tests were conducted over a period of weeks in October 2004. His results were mentioned at the time in several places, including Slashdot and eWeek.
Unbelievably, however, none of these commentators bothered to print a simple chart showing which anti-adware application did the best job at removing the unwanted components. Even Howes himself hasn't posted such a summary. In a telephone interview, Howes exhibited both modesty and perfectionism, implying that his work wasn't yet done to his satisfaction — despite the fact that his tests are some of the most extensive I've ever seen.
Howes's test results sprawl over six long Web pages, with no overall totals or summary of the figures. It's a daunting body of data, but its bottom line is explosive. Adware seems to be evolving much faster than anti-adware, and the battle is so far being won by the adware side.
For this issue of the Windows Secrets Newsletter, therefore, I've complied Howes's figures into a straightforward chart, shown below. I removed five products that didn't complete all of Howes's tests for a variety of reasons. What's left is a revealing rating, from the top to the bottom of the anti-adware heap.
Each anti-adware application, according to Howe, removed a certain percentage of "critical" adware components. These are executable .exe and .com files, dynamic link library (.dll) files, and Windows Registry entries (autorun commands and the like).
Almost all the anti-adware programs that were tested removed fewer than half of the hundreds of adware components Howes cataloged. The best at removing adware was Giant AntiSpyware, but even that program removed less than two-thirds of a PC's unwanted guests.