Early anti-spyware solutions operated only when the user manually initiated a scan. Recently, however, anti-spyware has begun incorporating real time monitors that can detect spyware the moment it accesses your system.
We recommend looking for anti-spyware that includes an active agent that monitors your PC at all times for spyware intrusions. It should, at the very least, monitor processes currently in memory and watch for changes to the registry and the HOSTS file.
Anti-spyware should also have a scheduling agent that will automatically run full scans at set intervals. If the anti-spyware requires manual scanning, it may end up being too long between scans. Some anti-spyware allows you to schedule a scan on system startup.
It has become more common for anti-spyware to integrate proactive prevention in its routines. Pro-active prevention involves immunising Internet Explorer, in particular, by adding the sites of known spyware purveyors to the banned URL list, blocking known spyware ActiveX Controls from running, and potentially re-configuring the Internet Explorer security settings to prevent spyware applications from running. The software should also contain diagnostic tools that examine installed browser helper objects and ActiveX controls for problems.
Alternatively, home users also have the option of switching to another, more secure browser, such as Mozilla's Firefox, which offers tabbed browsing, popup protection and increased spyware defences. Many infected users will find that the spyware was installed without even downloading a file, rather, it was hidden on the system by a malicious Web site. By protecting yourself while browsing, and being aware of the signs that a Web site is trying to install unauthorised content (such as popup boxes encouraging you to tick "yes") you can go a long way to stopping the spyware threat to your system.
Some key questions to ask in regards to proactive prevention include:
- Does the anti-spyware patch common vulnerabilities?
- Does it block spyware memory processes from initiating?
- Does it block modifications to the startup settings?
- Does it restrict access to (or at least warn about) known dangerous Web sites?
- Does it block dangerous ActiveX controls by setting ActiveX kill bits for known spyware?