- — 26 October, 2007 16:20
- What is spyware?
- How anti-spyware works
- What to look for in an anti-spyware package?
- Spyware removal
- Scanning options
- Proactive prevention
How anti-spyware works
The techniques that anti-spyware software uses to find and remove spyware are many and varied, but they are generally similar to the systems used to detect and remove viruses.
Some methods of detecting spyware fingerprints include:
- Hard disk scans. The anti-spyware software checks all the files on the PC's hard disk against a database of known spyware packages. The best solutions use a mathematical process called a checksum or hash algorithm to ensure that the files on the hard disk are exactly the same as those noted in the database. The worst anti-spyware uses file and directory names as a detection method, which is a very good way to get false positives and miss spyware that changes names.
- Registry scans. The software looks for modifications made by spyware to Windows configuration files.
- Memory scans. The anti-spyware checks currently running processes for any that match known spyware.
- URL monitoring. The software keeps track of visited Web sites and monitors cookies and executed ActiveX controls, and compares the sites and controls to its internal database of known spyware networks.
If there's a match, the package will be noted and the user given the option to remove the offending software when the scan is completed. If the user chooses to do so, the files, directories and Windows Registry keys will be removed.
Anti-spyware comparison databases need to be updated regularly as new spyware software comes online -- much like antivirus packages have to periodically download new virus definitions. For this reason, paid anti-spyware packages often work on a subscription basis. A subscription to the service gives you the right to update the spyware database when you need to.