Web Buyer's Guide: Spy Sweeper 5.0

Contact Us

Security Buyer's Guide

Spy Sweeper 5.0

By Neil J. Rubenking - PC Magazine

Spy Sweeper has received a number of Editors' Choice awards (an honor that Spyware Doctor shares) for spyware protection. Now Webroot has simplified the program's configuration settings and, for clarity as well as ease of use, completely revamped its interface. According to the company, the software should issue fewer pop-up warnings and has additional layers of protection specifically targeting devious keylogger utilities and malicious programs that use rootkit techniques to hide. The near-final beta version I evaluated worked very well.

Spy Sweeper's extreme makeover starts with a restyled Home tab that highlights what's most important—getting rid of spyware and shielding against attack. The Sweep pane shows when you last scanned for spyware and when the next scan is scheduled. One click on the prominent Start Sweep button launches an immediate sweep. The Shields pane reports status for the product's numerous real-time protection features, with a link to correct any problems. Secondary facts like subscription status and the number of spyware signatures are displayed less prominently.

The Sweep tab is likewise streamlined. It shows the current sweep options, with a link to change them, and reports whether spyware definitions are up to date. Here, too, a prominent Start Sweep button launches a full system scan. The process moves through the three steps of sweeping, quarantine, and summary in a clear and simple fashion. And Spy Sweeper provides a veritable biography for any malware found—a risk-level rating, a list of file and Registry traces associated with the threat, a detailed description, and a link to more info online.

When you click Quarantine Selected, Spy Sweeper neutralizes offending items and moves them into quarantine storage. Finally, it displays a summary of just what it removed. If necessary, its Early File Remover can whack especially tenacious malware early in the boot process. Spy Sweeper scans using direct disk access, below the file-system level, so it isn't fooled by rootkits.

Raise Shields!

Spy Sweeper's various "shields" provide active protection to keep spyware from invading a clean system—there are so many it could get confusing. This version breaks down the growing collection of shields into critical, recommended, and optional. Turn off one of the 13 recommended shields and your overall shield status drops to Partially Protected (yellow). Turn off one of the five critical shields and it plummets to Vulnerable (red). New in this version is the Keylogger Shield, which detects programs that monitor and record your passwords and other keystrokes.

Also welcome is a new option to rein in the overzealous Startup Shield so that it is triggered only when known or suspected spyware tries to configure itself for automatic startup. When a shield takes action, it now alerts you with a small tray-area pop-up by default, rather than opening the main window. Webroot had planned to add an e-mail shield that would scan the incoming POP3 data stream and remove malware attachments before they ever hit the Inbox. This feature didn't quite make the cut, but it's still planned for a future version. In any case, other shields will smack down an incoming malware attachment when the user tries to save or launch it.

Program options have been streamlined and reorganized somewhat. The redundant Always Keep and Always Remove tabs have merged into a single Always Apply tab. This tab lists all the items Spy Sweeper has ever found and lets you tell Spy Sweeper how to handle them if they show up again—in particular, you can tell it to ignore an item that you don't want removed. The other big bonus is a new throttle in the Sweep settings. A slider controls whether Spy Sweeper emphasizes sweeping quickly, conserving CPU power, or something in between.

I tested the product's ability to remove a collection of commercial keyloggers and spyware. (For information on how I test antispyware, see Spy Versus Antispy.) On one test system, the malware actively attacked Spy Sweeper, damaging its installation. I reinstalled and scanned in Safe Mode, which at least allowed Spy Sweeper to finish, but it still couldn't remove the mad-dog malware application that had attacked it. Out of eight commercial keyloggers it removed six, missed one completely and tried but failed to remove another. It did better against sixteen spyware threats, successfully removing thirteen of them. It recognized two others but couldn't entirely remove them, and completely missed just one—a very good record against a very nasty collection of malware.

When it came to blocking malware installation, the app's many layers of protection really showed their power. I tried to install a total of 28 items, including commercial keyloggers, spyware, and some "rogue antispyware" programs. Spy Sweeper prevented six of eight keyloggers from installing, missed one completely, and failed to block another—the last two managed to log keystrokes despite Spy Sweeper's Keylogger Shield. Out of sixteen spyware samples, it ignored one Trojan horse and failed to block one rootkit, but successfully blocked the other fourteen—again, a very good record.

Giving the Malware an Edge

The Spy Communication Shield blocked access to the Web sites hosting eight of the threats; I had to override it to continue testing. Fully half the items were quarantined the instant I copied them to disk. To continue, I had to transfer my samples onto the test system with Spy Sweeper turned off. Even then, the Spy Installation Shield killed half the install programs as soon as they launched.

I wondered what would happen if that shield failed to recognize a particular installer. To check it out, I renamed copies of the blocked installers and changed one nonessential byte in the copy. That disguise was sufficient to get them past the Spy Installation Shield, but other protective elements killed off all but one of them. This multilayered approach really works! Other installs were derailed by the ActiveX Shield and the BHO Shield, and the Spy Communication Shield jumped in to halt malware installations that required a connection to their home base.

For a sanity check, I ran the same tests on Spyware Doctor 3.8. The results were roughly comparable, though Spyware Doctor fared slightly better against keyloggers and Spy Sweeper did better against actual spyware. We'll see if this changes with the release of Spyware Doctor 4.0, which I'm testing right now.

According to Webroot product manager Sarah Mood, Spy Sweeper will soon offer another improvement. This version still has to reboot your system in order to install or upgrade. But future versions, she says, will be able to "hot swap," letting you upgrade without rebooting. Spy Sweeper already handles definition updates silently. That's a trick Spyware Doctor should learn—to update Spyware Doctor, you have to click here and there, wait for updates, and click some more.

The new face of Spy Sweeper is definitely attractive, and it remains a powerful tool for removing entrenched spyware and keeping new spyware off your system. It doesn't catch every piece of malware in our test set, but, along with Spyware Doctor, it's miles ahead of the competition. This, combined with its updated, improved interface, makes Spy Sweeper 5 an antispyware Editors' Choice.

7/17/2006

Related Links:

Related stories on this topic

Related stories in this industy

Featured White Paper

Building a Virtual Infrastructure from Servers to Storage by NetApp

The Advantages of a Hosted Messaging Security Solution by Microsoft

Achieving Sales Success with Tablet PCs by Toshiba

What's Missing from SEM? by NetIQ

5 Essentials of Customer Experience Management by Tealeaf

The CIO’s Guide to Mobile Security by Research in Motion

On-Demand Versus On-Premise CRM: Are There Performance Differences? by Business Objects

Overcoming Data Protection Challenges of the Modern Distributed Business by Adaptec

Small and Medium Business Security Solutions by Trend Micro

Is Daily Defragmentation Needed in Today’s Environment? by Diskeeper

Performance Management: New “Hybrids” Combine Agent and Agentless Technology by BMC

A Proven WAN Optimization Approach by Riverbed

Mitigating Fire Risks in Mission Critical Facilities by APC

Architectural Considerations for Archive and Compliance Solutions by Network Appliance

Storage Virtualization: An Overview of Key Technologies and their Capabilities by Datalink

The World of IT has taken a Quantum Leap by Everdream

Fighting the Hidden Dangers of Internet Access by St. Bernard

Secure Optimized Data Protection for Remote Offices by Symantec

Workday Redefines Software by Workday

Simplify & Improve Enterprise Desktop Management by VMware

Spam Filtering: Building a More Accurate Filter by St. Bernard

Intel Energy-Efficient Performance by Dell

Business-Class Security and Compliance for On-Demand Instant Messaging by WebEx

Reducing the Risks of 64-bit Application Porting with Parasoft C++ Test and Parasoft Insure ++ by Parasoft

Reduce IT Costs and Complexity with Effective Application Problem Management by Identify

Understanding E-Mail Hygiene by Mirapoint

Automated Deployment by Dell Managed Services by Dell

From Crisis to Cruise Control: Creating a High-Performance IT Organization by Tripwire

Affordable Data Protection Without the Compromise by EMC

Breaking New Ground: The Evolution of Linux Clustering by Penguin

Preventing Insider Threat with Identity Compliance by Sailpoint

Backup Strategies Re-Examined In Wake of Natural Disasters by CDW

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright © 1996-2007 Ziff Davis Enterprise Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.