Now that 80% of home PCs in the U.S. are infected with adware and spyware, according to one study, it turns out that nearly every anti-adware application on the market catches less than half of the bad stuff.
That's the conclusion of a remarkably comprehensive series of anti-adware tests conducted recently by Eric Howes, an instructor at the University of Illinois.
Howes, a well-known researcher among PC security professionals, collected 20 different anti-adware applications. He then infected a fresh install of Windows 2000 SP4 and Office 2000 SP3 with several dozen adware programs in separatestages. Finally, he counted how many active adware components were removed by each anti-adware product.
(Note: I use the single term "adware" in this article to refer to both "adware" and "spyware." Since it's not necessary for a spyware program to "call home" to be disruptive, the distinction between adware and spyware is meaningless. All such programs display ads or generate revenue for the adware maker in some other way. )
Howes's tests were conducted over a period of weeks in October 2004. His results were mentioned at the time in several places, including Slashdot and eWeek.
[skip]
Howes's test results sprawl over six long Web pages, with no overall totals or summary of the figures. It's a daunting body of data, but its bottom line is explosive. Adware seems to be evolving much faster than anti-adware, and the battle is so far being won by the adware side.
Each anti-adware application, according to Howe, removed a certain percentage of "critical" adware components. These are executable .exe and .com files, dynamic link library (.dll) files, and Windows Registry entries (autorun commands and the like).
Almost all the anti-adware programs that were tested removed fewer than half of the hundreds of adware components Howes cataloged. The best at removing adware was Giant AntiSpyware, but even that program removed less than two-thirds of a PC's unwanted guests.
Howes's tests were conducted before the Microsoft Corp. announced in December that it was purchasing Giant Company Software outright. For that reason, the tests use the version of Giant AntiSpyware that was available in October and not the newer Microsoft beta version that's currently available.
Even so, with Giant's application removing 63% of a PC's adware components, and its nearest competitor, Webroot Spy Sweeper, removing less than 50%, it's clear that Microsoft has a potential winner on its hands.
How to defend yourself against adware
First, let me make my opinion clear: The installation of adware should be illegal and harshly punished. Adware has exploded because it offers big economic incentives for its sponsors. They'll never adequately inform PC users about their software before it's installed. This troubling aspect of adware will never be wished away.
Only software that a PC user specifically consents to should legally be able to install — and "end-user license agreements" that stretch off the screen should never be counted as consent. (This isn't a knock on "ad-supported software," such as the Opera browser. Such legitimate software is clearly integrated with its advertising and makes it easy to shut off the ads by registering.)
In reality, today's tech-illiterate legislatures will never ban adware — if they could even think of an effective legal approach to do so. We need to engage the battle on a technical level instead.
To understand adware, you first need to know how PCs get it. The ways that Howes obtained the adware he used in his tests provide us with some perfect examples:
Software downloads. For one group of tests, Howes downloaded and installed Grokster, a popular peer-to-peer file-sharing program, from CNET Download.com. Installing Grokster and clicking OK in its subsequent dialog boxes loaded 15 separate adware programs, containing 134 "critical" executable components, by Howes's count. This source of infection would compromise even Windows XP with its new Service Pack 2 (SP2).
Drive-by downloads. To set up another group of tests, Howes used Internet Explorer to visit the following Web locations: 007 Arcade Games (a games site), LyricsDomain (a song lyrics site), and Innovators of Wrestling (yup, a wrestling site). This resulted in 23 different adware programs being installed, carrying 138 components, Howes says. Drive-by downloads such as these are now less of a problem for users who've installed XP SP2.
You can't step into the same river twice. For yet another test, Howes visited the wrestling site again, but on a different date. The makers of adware must have signed a lot of distribution contracts with the site in the interim. Howes says his PC picked up 25 adware programs and 153 components on that one visit alone. (You'll notice that I didn't link to the examples I cited above, and I strongly recommend that you avoid trying any of them.)
It's not enough to say "PC users should be more careful." Computer professionals, instead, have a duty and an obligation to prevent adware from infecting their PCs or anyone else's.
Introducing the Windows Secrets security baseline
Every PC needs the following six components for protection against hacker attacks, both from the Internet and from within your company or home. In each issue, starting today, this new section will summarize the top-rated products top-rated by trusted reviewers.
1. Hardware firewall. For wired home and small-office networking, the 8-port Linksys BEFSR81 router ($80 USD) is rated "the best of our testing" by Extreme Tech. For wireless networking, the new Belkin Wireless Pre-N router ($150) is currently highest-rated at CNET.
2. Software firewall. Often called a "personal firewall," ZoneAlarm Pro ($40) is number one according to several testers, including TopTenReviews.com and PC World's Best of 2004.
3. Antivirus. Trend Micro's PC-cillin Internet Security 2005 antivirus suite ($50), which includes a personal firewall, recently won head-to-head comparisons in PC World and CNET.
4. Antispam. Cloudmark Safetybar ($40, formerly SpamNet) is rated a Best Buy by PC World and Editors' Choice by PC Magazine.
6. Update management. Without naming a winner (because update software is highly related to your network's size), a wide-ranging buyer's guide to patch-management software was published in the Oct. 2004 Windows IT Pro magazine.
FORWARDING INSTRUCTIONS — news gains value when it's shared
Please share this information with your friends You're encouraged to refer your friends and colleagues to this free newsletter. Because most e-mail programs don't correctly display a formatted message that's been forwarded, simply call people's attention to the permanent Web address of this issue: WindowsSecrets.com/050127.
Now that 80% of home PCs in the U.S. are infected with adware and spyware, according to one 
