 |
 Spyware Doctor
March 25, 2005 - Part I
by Andrew Cooper
Foreword
Spyware programs are on the rise, and today they represent an even more serious threat to an ordinary PC user than viruses do. Additionally, traditional antivirus programs are unable to resist the spyware, as spyware is not exactly a virus, but a destructive program that spies on its user who has inadvertently placed it on his/her machine.
As new programs designed to combat spyware emerge, it's interesting to see what they can offer folks who've decided to get rid of possible parasites lurking in their computers.
We have already reviewed a couple of antispyware programs in previous issues, and in today's review we will have Spyware Doctor, v. 3.1.0.312, show us its skills.
Installation, first run, interface
This program is quite compact, and with a size of 3.8 Mbs can easily fit any user's bandwidth capabilities.
When a program is first started, it offers to turn on the automatic threat protection it calls OnGuard, but I decided not to, and opted to take the full system scan instead. Before taking the full system scan for spyware and adware, I urge everyone to update the program's threat database, which makes the discovery and identification of new threats easier.
The main window of the program is provided in a snapshot below. It has a very precise, yet nicely-looking interface. It is quite simple and every feature of the program is easily accessible.
Spyware scan no. 1
I immediately pressed the "Start Full Scan" link and the program began to scan my system for spyware.
The scan it was performing was one of the most intelligent I've ever seen. Instead of looking in remote places less likely to contain the spyware, the program went straight to checking memory, registry, Windows and Program Files folders.
While the scan was in progress, every place the program was performing a scan was displayed in the "scan window". The full scan was completed in less than just three minutes, and following the scan the program brought up this summary:
Let's concentrate a bit on the above picture. It reports that the program has found 52 infections on my PC, most of which were tracking cookies. Those files are not exactly infections, but are simple tiny text files used by websites to personalize the display of information. Some people argue that cookie files serve no other purpose than to deliver targeted advertising, but the fact is that some sites simply won't work without cookies. Cookies alone can't cause much trouble, and that's probably why the program has assigned them only a medium-level threat.
Within the found threats window, double-clicking on a threat item would display its specifics:
This can be helpful, but not so in my case; the program doesn't give information on the exact details of a found threat such as the executable's location, its ID, etc. Instead of a comprehensive analysis of an executable in memory, the program takes its name, compares it to a database of known threats, and makes a judgment based on this comparison, not on its patterns of behavior. As a result, it labeled as a "threat" a legitimate PowerStrip program that helps tweak the performance of a computer monitor. Nowhere was I able to find out what the Spyware Doctor would do to this program, had I pressed the "Fix Checked" button. My guess was it would simply delete it, but I certainly didn't want to experiment.
Added to the above threats found on my computer was the Zango search assistant, a setting in Windows registry that changes the address of a default search page to Zango's. I decided not to remove it though, because I don't believe there's anything wrong with it and because I don't use the default search engine (provided by Microsoft) anyway.
By clicking the "View Log" link at the bottom of the window a user can get more advanced information on the completed scan, which will open in a new Internet Explorer window. As reported, the program used the following search options when it ran the test: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner. Quite powerful!
Moving on, I chose to remove only tracking cookies and all other cookies. I didn't want to place them onto the quarantine list, but rather, to have them removed instantly. I am an experienced user, and beginners should make such moves only through the quarantine folder.
I ran a re-scan for spyware, and the program didn't find any additional threats, other than those it had already found.
Why did I take a repeat scan? I had to reassure myself that the items I selected for deletion had actually been deleted. It sometimes happens in a program that after it has reportedly deleted all the selected items, they again resurface on a subsequent scan, casting reasonable doubt about the previous operation the scanner has performed (those threats might actually still be present).
Read next:
Continue to Part II
|
|
